[WARNING]: Could not match supplied host pattern, ignoring: unprovisioned PLAY [Deploy initial device configuration] ************************************* TASK [Set variables that cannot be set with VARS] ****************************** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [s2] ok: [h6] ok: [s1] TASK [Find device readiness script] ******************************************** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [s2] ok: [h6] ok: [s1] TASK [Wait for device to become ready] ***************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] included: /home/pipi/net101/tools/netsim/ansible/tasks/readiness-check/eos-clab.yml for s2 included: /home/pipi/net101/tools/netsim/ansible/tasks/readiness-check/ioll2-clab.yml for s1 TASK [Wait for cEOS SSH daemon to start] *************************************** ok: [s2] TASK [Check if 'sshpass' is installed] ***************************************** ok: [s1 -> localhost] TASK [Check for 'timeout' command] ********************************************* ok: [s1 -> localhost] TASK [Execute local ssh command to check ioll2 readiness] ********************** ok: [s1 -> localhost] TASK [Confirm s1 SSH server works] ********************************************* ok: [s1] => msg: Node s1 is ready. TASK [Normalize config on bridge-like devices] ********************************* included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-module.yml for s2, h1, h2, h3, h4, h5, h6, s1 TASK [Figure out whether to deploy the module normalize on current device] ***** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [s2] ok: [h6] ok: [s1] TASK [Find configuration template for normalize] ******************************* ok: [h1] ok: [h2] ok: [h3] ok: [h5] ok: [h4] ok: [s2] ok: [h6] ok: [s1] TASK [fail] ******************************************************************** skipping: [s2] skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] ok: [s2] => msg: |- normalize configuration for s2 ========================================= ! interface Ethernet1 shutdown mac-address 52dc.cafe.0801 ! interface Ethernet2 shutdown mac-address 52dc.cafe.0802 ! interface Ethernet3 shutdown mac-address 52dc.cafe.0803 ! interface Ethernet4 shutdown mac-address 52dc.cafe.0804 ok: [s1] => msg: |- normalize configuration for s1 ========================================= ! interface Ethernet0/1 shutdown mac-address 52dc.cafe.0701 ! interface Ethernet0/2 shutdown mac-address 52dc.cafe.0702 ! interface Ethernet0/3 shutdown mac-address 52dc.cafe.0703 ! interface Ethernet1/0 shutdown mac-address 52dc.cafe.0704 TASK [Find configuration deployment deploy_script for normalize] *************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] ok: [s2] ok: [s1] TASK [Deploy normalize configuration] ****************************************** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-config/eos.yml for s2 included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-config/ios.yml for s1 TASK [eos_config: deploying normalize from /home/pipi/net101/tools/netsim/ansible/templates/normalize/eos.j2] *** [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device including the indentation changed: [s2] TASK [ios_config: deploying normalize from /home/pipi/net101/tools/netsim/ansible/templates/normalize/ioll2.j2] *** changed: [s1] TASK [Deploy initial configuration] ******************************************** included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-module.yml for s2, h1, h2, h3, h4, h5, h6, s1 TASK [Figure out whether to deploy the module initial on current device] ******* ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [h6] ok: [s2] ok: [s1] TASK [Find configuration template for initial] ********************************* ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h6] ok: [h5] ok: [s2] ok: [s1] TASK [fail] ******************************************************************** skipping: [s2] skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] skipping: [s1] TASK [Print deployed configuration when running in verbose mode] *************** ok: [h1] => msg: |- initial configuration for h1 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.31.1.1/24 dev eth1 2>/dev/null set -e ip addr add 172.31.1.1/24 dev eth1 ip link set dev eth1 mtu 1500 # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # Print the final routing table ip route ok: [h2] => msg: |- initial configuration for h2 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.31.1.2/24 dev eth1 2>/dev/null set -e ip addr add 172.31.1.2/24 dev eth1 ip link set dev eth1 mtu 1500 # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # Print the final routing table ip route ok: [h5] => msg: |- initial configuration for h5 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.31.1.5/24 dev eth1 2>/dev/null set -e ip addr add 172.31.1.5/24 dev eth1 ip link set dev eth1 mtu 1500 # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # Print the final routing table ip route ok: [h3] => msg: |- initial configuration for h3 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.31.1.3/24 dev eth1 2>/dev/null set -e ip addr add 172.31.1.3/24 dev eth1 ip link set dev eth1 mtu 1500 # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # Print the final routing table ip route ok: [h4] => msg: |- initial configuration for h4 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.31.1.4/24 dev eth1 2>/dev/null set -e ip addr add 172.31.1.4/24 dev eth1 ip link set dev eth1 mtu 1500 # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # Print the final routing table ip route ok: [h6] => msg: |- initial configuration for h6 ========================================= #!/bin/bash # # This script contains the 'ip' commands needed to set up container # interfaces and route table. It's executed within the container # network namespace on the container host. # # /etc/hosts file is generated as a clab bind. # set -e ### One-Shot configuration (non-Ubuntu VM or container) # # Disable IPv4 and IPv6 forwarding # sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.forwarding=0 # # Interface addressing, create any bond devices # ip link set dev eth1 up set +e ip addr del 172.31.1.6/24 dev eth1 2>/dev/null set -e ip addr add 172.31.1.6/24 dev eth1 ip link set dev eth1 mtu 1500 # # Add static routes (usually IPv4 routes pointing to the first usable gateway) # # # # # Print the final routing table ip route ok: [s2] => msg: |- initial configuration for s2 ========================================= hostname s2 ! logging monitor debugging aaa authorization exec default local ! lldp run ip routing ! ! ip host h1 172.31.1.1 ip host h2 172.31.1.2 ip host h3 172.31.1.3 ip host h4 172.31.1.4 ip host h5 172.31.1.5 ip host h6 172.31.1.6 ip host s1 10.0.0.7 ! interface Management0 no lldp transmit no lldp receive ! interface Loopback0 ip address 10.0.0.8/32 ! interface Ethernet1 no switchport description s2 -> s1 ! mac-address 52dc.cafe.0801 no shutdown ! interface Ethernet2 no switchport description [Access VLAN red] s2 -> h2 ! mac-address 52dc.cafe.0802 no shutdown ! interface Ethernet3 no switchport description [Access VLAN blue] s2 -> h4 ! mac-address 52dc.cafe.0803 no shutdown ! interface Ethernet4 no switchport description [Access VLAN untagged] s2 -> h6 ! mac-address 52dc.cafe.0804 no shutdown ! interface Vlan700 description VLAN red (700) -> [h1,s1,h2] ! interface Vlan701 description VLAN blue (701) -> [h3,s1,h4] ! interface Vlan1 description VLAN untagged (1) -> [h5,s1,h6] ! ok: [s1] => msg: |- initial configuration for s1 ========================================= hostname s1 ! no ip domain lookup ! lldp run ! ip host h1 172.31.1.1 ip host h2 172.31.1.2 ip host h3 172.31.1.3 ip host h4 172.31.1.4 ip host h5 172.31.1.5 ip host h6 172.31.1.6 ip host s2 10.0.0.8 ! ip routing ! vlan 701 name blue ! vlan 700 name red ! vlan 1 name untagged ! ! ! interface Loopback0 ip address 10.0.0.7 255.255.255.255 ! interface Ethernet0/0 no lldp transmit no lldp receive ! interface Ethernet0/1 no switchport description s1 -> s2 no shutdown ! interface Ethernet0/2 no switchport description [Access VLAN red] s1 -> h1 no shutdown ! interface Ethernet0/3 no switchport description [Access VLAN blue] s1 -> h3 no shutdown ! interface Ethernet1/0 no switchport description [Access VLAN untagged] s1 -> h5 no shutdown ! interface Vlan700 description VLAN red (700) -> [h1,s2,h2] mac-address 4001.cafe.0700 no shutdown ! interface Vlan701 description VLAN blue (701) -> [h3,s2,h4] mac-address 4001.cafe.0701 no shutdown ! interface Vlan1 description VLAN untagged (1) -> [h5,h6,s2] mac-address 4001.cafe.0702 no shutdown ! ! line vty 0 4 exec-timeout 0 0 ! no banner exec no banner login no banner incoming TASK [Find configuration deployment deploy_script for initial] ***************** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [s2] ok: [h5] ok: [h6] ok: [s1] TASK [Deploy initial configuration] ******************************************** included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-config/eos.yml for s2 included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-config/linux-clab.yml for h1, h2, h3, h4, h5, h6 included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-config/ios.yml for s1 TASK [eos_config: deploying initial from /home/pipi/net101/tools/netsim/ansible/templates/initial/eos.j2] *** changed: [s2] TASK [Define script filename and determine whether to execute in netns] ******** ok: [h1] ok: [h2] ok: [h3] ok: [h4] ok: [h5] ok: [h6] TASK [Create a temporary file for the rendered script] ************************* changed: [h4 -> localhost] changed: [h3 -> localhost] changed: [h1 -> localhost] changed: [h5 -> localhost] changed: [h6 -> localhost] changed: [h2 -> localhost] TASK [Create container setup script from /home/pipi/net101/tools/netsim/ansible/templates/initial/linux-clab.j2] *** changed: [h5 -> localhost] changed: [h2 -> localhost] changed: [h3 -> localhost] changed: [h6 -> localhost] changed: [h1 -> localhost] changed: [h4 -> localhost] TASK [Copy script into running container at /tmp/config-h1_initial.sh] ********* skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] TASK [Execute /tmp/config-h1_initial.sh to deploy initial config based on /home/pipi/net101/tools/netsim/ansible/templates/initial/linux-clab.j2] *** skipping: [h1] skipping: [h2] skipping: [h3] skipping: [h4] skipping: [h5] skipping: [h6] TASK [Container configuration for initial based on /home/pipi/net101/tools/netsim/ansible/templates/initial/linux-clab.j2 executed in netns] *** changed: [h1 -> localhost] changed: [h2 -> localhost] changed: [h3 -> localhost] changed: [h4 -> localhost] changed: [h5 -> localhost] changed: [h6 -> localhost] TASK [Remove temporary file /tmp/h1_initial-b7dfoyij.sh] *********************** changed: [h4 -> localhost] changed: [h1 -> localhost] changed: [h3 -> localhost] changed: [h5 -> localhost] changed: [h2 -> localhost] changed: [h6 -> localhost] TASK [ios_config: deploying initial from /home/pipi/net101/tools/netsim/ansible/templates/initial/ios.j2] *** changed: [s1] PLAY [Deploy module-specific configurations] *********************************** TASK [Set variables that cannot be set with VARS] ****************************** ok: [s1] ok: [s2] TASK [Deploy individual configuration modules] ********************************* included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-module.yml for s1, s2 => (item=vlan) TASK [Figure out whether to deploy the module vlan on current device] ********** ok: [s1] ok: [s2] TASK [Find configuration template for vlan] ************************************ ok: [s1] ok: [s2] TASK [fail] ******************************************************************** skipping: [s1] skipping: [s2] TASK [Print deployed configuration when running in verbose mode] *************** ok: [s1] => msg: |- vlan configuration for s1 ========================================= vlan 701 name blue ! vlan 700 name red ! vlan 1 name untagged ! ! interface Ethernet0/1 switchport switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 700,701 ! interface Ethernet0/2 switchport switchport access vlan 700 ! interface Ethernet0/3 switchport switchport access vlan 701 ! interface Ethernet1/0 switchport switchport access vlan 1 ok: [s2] => msg: |- vlan configuration for s2 ========================================= vlan 701 name blue ! vlan 700 name red ! vlan 1 name untagged ! ! interface Ethernet1 switchport switchport mode trunk switchport trunk allowed vlan 1,700,701 switchport trunk native vlan 1 ! interface Ethernet2 switchport switchport access vlan 700 ! interface Ethernet3 switchport switchport access vlan 701 ! interface Ethernet4 switchport switchport access vlan 1 ! interface Vlan700 ! interface Vlan701 ! interface Vlan1 TASK [Find configuration deployment deploy_script for vlan] ******************** ok: [s1] ok: [s2] TASK [Deploy vlan configuration] *********************************************** included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-config/ios.yml for s1 included: /home/pipi/net101/tools/netsim/ansible/tasks/deploy-config/eos.yml for s2 TASK [ios_config: deploying vlan from /home/pipi/net101/tools/netsim/ansible/templates/vlan/ioll2.j2] *** changed: [s1] TASK [eos_config: deploying vlan from /home/pipi/net101/tools/netsim/ansible/templates/vlan/eos.j2] *** changed: [s2] PLAY [Deploy custom deployment templates] ************************************** skipping: no hosts matched PLAY RECAP ********************************************************************* h1 : ok=16 changed=4 unreachable=0 failed=0 skipped=8 rescued=0 ignored=0 h2 : ok=16 changed=4 unreachable=0 failed=0 skipped=8 rescued=0 ignored=0 h3 : ok=16 changed=4 unreachable=0 failed=0 skipped=8 rescued=0 ignored=0 h4 : ok=16 changed=4 unreachable=0 failed=0 skipped=8 rescued=0 ignored=0 h5 : ok=16 changed=4 unreachable=0 failed=0 skipped=8 rescued=0 ignored=0 h6 : ok=16 changed=4 unreachable=0 failed=0 skipped=8 rescued=0 ignored=0 s1 : ok=29 changed=3 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 s2 : ok=26 changed=3 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 The devices under test are simple bridges with a VLAN trunk between them. Both VLANs are using the same IP prefix to identify potential inter-VLAN leaking. * h1 and h2 should be able to ping each other * h3 and h4 should be able to ping each other * h1 should not be able to reach h3 * h5 should not be able to reach h6 over its untagged native vlan Please note it might take a while for the lab to work due to STP learning phase