Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- - hosts: csr2_esxi
- gather_facts: no
- vars:
- ansible_connection: network_cli
- ansible_network_os: ios
- ansible_user: benny
- ansible_ssh_pass: <removed>
- tasks:
- - name: Set Hostname
- ios_config:
- lines:
- - hostname <removed>
- - name: Set management ACL
- ios_config:
- lines:
- - permit host 73.102.<removed>.<removed>
- - remark BDP_CMB_PNT_WAN
- - permit host 208.88.<removed>.<removed>
- - remark BDP_DIV_WAN1
- - permit host 208.88.<removed>.<removed>
- - remark BDP_DIV_WAN2
- - permit 10.0.1.0 0.0.0.255
- - remark BDP_DIV_LAN1
- - permit 10.0.16.0 0.0.0.255
- - remark BDP_DIV_LAN2
- - permit 10.0.2.128 0.0.0.127
- - remark BDP_CMB_PNT_LAN
- - permit 172.30.101.0 0.0.0.255
- - remark VPN_SUBNET
- parents:
- - ip access-list standard MGMT_ACL_VTY
- - name: Set housekeeping tasks
- ios_config:
- lines:
- - login delay 5
- - login on-failure log
- - login on-success log
- - login block-for 120 attempts 5 within 30
- - login quiet-mode access-class MGMT_ACL_VTY
- - logging buffered 16384 informational
- - name: CoPP ACL
- ios_config:
- lines:
- - permit udp any any eq snmp
- - permit tcp any any eq 22
- parents:
- ip access-list extended LIMIT_ACL
- - name: CoPP Class Map
- ios_config:
- lines:
- - match access-group name LIMIT_ACL
- parents:
- - class-map match-any LIMIT_CLASS
- - name: CoPP Policy Map
- ios_config:
- lines:
- - conform-action transmit
- - exceed-action drop
- parents:
- - policy-map LIMIT_POLICY
- - class LIMIT_CLASS
- - police rate 2048000
- - name: Apply Policy Map
- ios_config:
- lines:
- - service-policy input LIMIT_POLICY
- parents:
- - control-plane
- - name: Configure VTY lines
- ios_config:
- lines:
- - access-class MGMT_ACL_VTY in
- parents:
- - line vty 0 4
- - name: SNMPv3 Configurations
- ios_config:
- lines:
- - snmp-server group <removed> v3 priv
- - snmp-server user <removed> <removed> v3 auth sha <removed> priv aes 128 <removed>
- - snmp-server host 10.0.1.108 traps version 3 priv <removed>
- - snmp-server location <removed>
- - name: IKEv2 Proposal
- ios_config:
- lines:
- - encryption aes-cbc-256
- - integrity sha256
- - group 19
- parents:
- - crypto ikev2 proposal ikev2_proposal_dmvpn
- - name: IKEv2 Policy
- ios_config:
- lines:
- - proposal ikev2_proposal_dmvpn
- parents:
- - crypto ikev2 policy ikev2_policy_dmvpn
- - name: IKEv2 Keyring
- ios_config:
- lines:
- - address 0.0.0.0 0.0.0.0
- - pre-shared-key <removed>
- parents:
- - crypto ikev2 keyring ikev2_keyring_dmvpn
- - peer dmvpn
- - name: IKEv2 Profile
- ios_config:
- lines:
- - match identity remote any
- - authentication remote pre-share
- - authentication local pre-share
- - keyring local ikev2_keyring_dmvpn
- parents:
- - crypto ikev2 profile ikev2_profile_dmvpn
- - name: IPsec Profile
- ios_config:
- lines:
- - set pfs group19
- - set ikev2-profile ikev2_profile_dmvpn
- parents:
- - crypto ipsec profile ipsec_ikev2_dmvpn
- - name:
- ios_config:
- lines:
- - network 10.0.0.0 0.255.255.255
- - network 172.16.0.0 0.15.255.255
- - network 192.168.0.0 0.0.255.255
- parents:
- - router eigrp <removed>_EIGRP
- - address-family ipv4 unicast autonomous-system <removed>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement