Creating Device configuration snippets [CREATED] h1: initial,routing [CREATED] h2: initial,routing [CREATED] h3: initial,routing [CREATED] h4: initial,routing [CREATED] h5: initial,routing [CREATED] h6: initial,routing [CREATED] s1: normalize,initial,vlan [CREATED] s2: normalize,initial,vlan Checking Are lab devices ready to be configured? [INFO] Checking SSH server(s) on s1,s2 Config Deploying device configurations [INFO] Executing initial configuration for node h1 (namespace clab- ml-84-h1) [INFO] Executing initial configuration for node h2 (namespace clab- ml-84-h2) [INFO] Executing initial configuration for node h3 (namespace clab- ml-84-h3) [INFO] Executing initial configuration for node h4 (namespace clab- ml-84-h4) [INFO] Executing initial configuration for node h5 (namespace clab- ml-84-h5) [INFO] Executing initial configuration for node h6 (namespace clab- ml-84-h6) [INFO] Executing normalize configuration for node s2 [INFO] Executing routing configuration for node h1 (namespace clab- ml-84-h1) [INFO] Executing routing configuration for node h2 (namespace clab- ml-84-h2) [INFO] Executing routing configuration for node h3 (namespace clab- ml-84-h3) [INFO] Executing routing configuration for node h5 (namespace clab- ml-84-h5) [INFO] Executing routing configuration for node h6 (namespace clab- ml-84-h6) [INFO] Executing routing configuration for node h4 (namespace clab- ml-84-h4) [INFO] Executing initial configuration for node s2 [INFO] Executing vlan configuration for node s2 [INFO] Starting Ansible playbook to deploy the rest of the configurations [WARNING]: Found variable using reserved name: hosts PLAY [Deploy initial device configuration] ************************************* TASK [Set variables that cannot be set with VARS] ****************************** ok: [s1] TASK [Normalize config on bridge-like devices] ********************************* included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for s1 TASK [Figure out whether to deploy the module normalize on current device] ***** ok: [s1] TASK [Find configuration template for normalize] ******************************* ok: [s1] TASK [fail] ******************************************************************** skipping: [s1] TASK [Find configuration deployment deploy_script for normalize] *************** ok: [s1] TASK [Print deployed configuration when running in verbose mode] *************** ok: [s1] => { "msg": "normalize configuration for s1\n=========================================\n!\ninterface Ethernet0/1\n shutdown\n!\ninterface Ethernet0/2\n shutdown\n!\ninterface Ethernet0/3\n shutdown\n!\ninterface Ethernet1/0\n shutdown\n" } TASK [Deploy normalize configuration] ****************************************** included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/ios.yml for s1 TASK [ios_config: deploying normalize from /work/netlab_cicd/cisco_c/node_files/s1/normalize] *** [WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on device including the indentation changed: [s1] TASK [Deploy initial configuration] ******************************************** included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for s1 TASK [Figure out whether to deploy the module initial on current device] ******* ok: [s1] TASK [Find configuration template for initial] ********************************* ok: [s1] TASK [fail] ******************************************************************** skipping: [s1] TASK [Find configuration deployment deploy_script for initial] ***************** ok: [s1] TASK [Print deployed configuration when running in verbose mode] *************** ok: [s1] => { "msg": "initial configuration for s1\n=========================================\nhostname s1\n!\nno ip domain lookup\nlogging buffered 256000\n\n!\nlldp run\n!\nip host h1 172.31.1.1\nip host h2 172.31.1.2\nip host h3 172.31.1.3\nip host h4 172.31.1.4\nip host h5 172.31.1.5\nip host h6 172.31.1.6\nip host s2 10.0.0.8\n!\nip routing\n!\nno ipv6 unicast-routing\n!\nvlan 700\n name red\n!\nvlan 701\n name blue\n!\nvlan 1\n name untagged\n!\n\n!\n!\ninterface Loopback0\n ip address 10.0.0.7 255.255.255.255\n!\ninterface Ethernet0/0\n no lldp transmit\n no lldp receive\n!\ninterface Ethernet0/1\n no switchport\n description s1 -> s2\n mac-address caf0.0007.0001\n no shutdown\n!\ninterface Ethernet0/2\n no switchport\n description [Access VLAN red] s1 -> h1\n no shutdown\n!\ninterface Ethernet0/3\n no switchport\n description [Access VLAN blue] s1 -> h3\n no shutdown\n!\ninterface Ethernet1/0\n no switchport\n description [Access VLAN untagged] s1 -> h5\n no shutdown\n!\ninterface Vlan700\n description VLAN red (700) -> [h1,h2,s2]\n mac-address caf4.0007.0000\n no shutdown\n!\ninterface Vlan701\n description VLAN blue (701) -> [h3,h4,s2]\n mac-address caf4.0007.0001\n no shutdown\n!\ninterface Vlan1\n description VLAN untagged (1) -> [h5,h6,s2]\n mac-address caf4.0007.0002\n no shutdown\n!\n!\nline vty 0 4\n exec-timeout 0 0 \n!\nno banner exec\nno banner login\nno banner incoming\n" } TASK [Deploy initial configuration] ******************************************** included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/ios.yml for s1 TASK [ios_config: deploying initial from /work/netlab_cicd/cisco_c/node_files/s1/initial] *** changed: [s1] PLAY [Deploy module-specific configurations] *********************************** TASK [Set variables that cannot be set with VARS] ****************************** ok: [s1] TASK [Deploy individual configuration modules] ********************************* included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for s1 => (item=vlan) included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-module.yml for s1 => (item=routing) TASK [Figure out whether to deploy the module vlan on current device] ********** ok: [s1] TASK [Find configuration template for vlan] ************************************ ok: [s1] TASK [fail] ******************************************************************** skipping: [s1] TASK [Find configuration deployment deploy_script for vlan] ******************** ok: [s1] TASK [Print deployed configuration when running in verbose mode] *************** ok: [s1] => { "msg": "vlan configuration for s1\n=========================================\nvlan 700\n name red\n!\nvlan 701\n name blue\n!\nvlan 1\n name untagged\n!\n\n!\ninterface Ethernet0/1\n\n switchport\n switchport trunk encapsulation dot1q\n switchport mode trunk\n switchport trunk allowed vlan 700,701\n\n!\ninterface Ethernet0/2\n\n switchport\n switchport access vlan 700\n\n!\ninterface Ethernet0/3\n\n switchport\n switchport access vlan 701\n\n!\ninterface Ethernet1/0\n\n switchport\n switchport access vlan 1\n\n" } TASK [Deploy vlan configuration] *********************************************** included: /home/pipi/netlab_gh/netsim/ansible/tasks/deploy-config/ios.yml for s1 TASK [ios_config: deploying vlan from /work/netlab_cicd/cisco_c/node_files/s1/vlan] *** changed: [s1] TASK [Figure out whether to deploy the module routing on current device] ******* ok: [s1] TASK [Find configuration template for routing] ********************************* skipping: [s1] TASK [fail] ******************************************************************** skipping: [s1] TASK [Find configuration deployment deploy_script for routing] ***************** skipping: [s1] TASK [Print deployed configuration when running in verbose mode] *************** skipping: [s1] TASK [Deploy routing configuration] ******************************************** skipping: [s1] PLAY [Deploy custom deployment templates] ************************************** skipping: no hosts matched PLAY RECAP ********************************************************************* s1 : ok=25 changed=3 unreachable=0 failed=0 skipped=8 rescued=0 ignored=0 Results of configuration script deployments ================================================================================ h1 Script: initial,routing h2 Script: initial,routing h3 Script: initial,routing h4 Script: initial,routing h5 Script: initial,routing h6 Script: initial,routing s2 Script: normalize,initial,vlan The devices under test are simple bridges with a VLAN trunk between them. Both VLANs are using the same IP prefix to identify potential inter-VLAN leaking. * h1 and h2 should be able to ping each other * h3 and h4 should be able to ping each other * h1 should not be able to reach h3 * h5 should not be able to reach h6 over its untagged native vlan Please note it might take a while for the lab to work due to STP learning phase