Skip to content

Instantly share code, notes, and snippets.

@joelwking

joelwking/sshport2222.md

Last active February 12, 2019 21:10
Show Gist options
  • Save joelwking/a6829d3ef1973f93c040f71a65ea2822 to your computer and use it in GitHub Desktop.
Save joelwking/a6829d3ef1973f93c040f71a65ea2822 to your computer and use it in GitHub Desktop.
Download ZIP
Verify Ansible connection method network_cli can use a non-standard SSH port to an IOS router
Raw
sshport2222.md

Using non-standard SSH port for IOS router

Verify Ansible playbook using non-standard SSH port to an IOS router.

Configure the router

csr1000v-1#config t

ip ssh port 2222 rotary 1

line vty 0 4
 login local
 rotary 1

exit

Enable debug

Verify the control host is using port 2222

csr1000v-1#debug ip tcp transactions port 2222

Configure Ansible inventory

Create a group or host with the following configuration:

    sshport2222:
      hosts:
        csr1000v-1.sandbox.wwtatc.local: {}
      vars:
        ansible_connection: network_cli
        ansible_network_os: ios
        ansible_become: yes
        ansible_become_method: enable
        ansible_ssh_user: admin
        ansible_port: 2222

Run a playbook

#!/usr/bin/ansible-playbook
---
#      Copyright (c) 2019 World Wide Technology, Inc.
#      All rights reserved.
#
#      author: @joelwking
#
#      Use connection method network_cli
#
- name: Test using ssh port other than 22
  hosts: sshport2222
  gather_facts: no

  vars_files:
    - "{{ playbook_dir }}/passwords.yml"
  vars:
    ansible_ssh_pass: "{{ ios.password }}"

  tasks:
  - name: Using the IOS module
    ios_facts:
      authorize: no
      gather_subset: all

  - debug:
      msg: "{{item.key}} {{item.value.type}} {{item.value.description}} {{item.value.lineprotocol}}/{{item.value.operstatus}}"
    with_dict: "{{ansible_net_interfaces}}"

Playbook output

$ ./ios_gather_facts.yml

PLAY [Test using ssh port other than 22] ************************************************************************************************

TASK [Using the IOS module] ****************************************************************************************************
ok: [csr1000v-1.sandbox.wwtatc.local]

TASK [debug] *******************************************************************************************************************
ok: [csr1000v-1.sandbox.wwtatc.local] => (item={'value': {u'macaddress': u'0050.56b9.b798', u'lineprotocol': u'up ', u'description': None, u'duplex': u'Full', u'mediatype': u'RJ45', u'mtu': 1500, u'operstatus': u'up', u'bandwidth': 1000000, u'ipv4': [{u'subnet': u'24', u'address': u'10.255.40.49'}], u'type': u'CSR vNIC'}, 'key': u'GigabitEthernet1'}) => {}

MSG:

GigabitEthernet1 CSR vNIC  up /up

ok: [csr1000v-1.sandbox.wwtatc.local] => (item={'value': {u'macaddress': u'0050.56b9.acf0', u'lineprotocol': u'up ', u'description': u'TEST-NET-2::OUTSIDE', u'duplex': u'Full', u'mediatype': u'RJ45', u'mtu': 1500, u'operstatus': u'up', u'bandwidth': 1000000, u'ipv4': [{u'subnet': u'24', u'address': u'198.51.100.1'}], u'type': u'CSR vNIC'}, 'key': u'GigabitEthernet2'}) => {}

MSG:

GigabitEthernet2 CSR vNIC TEST-NET-2::OUTSIDE up /up

ok: [csr1000v-1.sandbox.wwtatc.local] => (item={'value': {u'macaddress': u'0050.56b9.ce90', u'lineprotocol': u'up ', u'description': u'TEST-NET-3::INSIDE', u'duplex': u'Full', u'mediatype': u'RJ45', u'mtu': 1500, u'operstatus': u'up', u'bandwidth': 1000000, u'ipv4': [{u'subnet': u'24', u'address': u'203.0.113.1'}], u'type': u'CSR vNIC'}, 'key': u'GigabitEthernet3'}) => {}

MSG:

GigabitEthernet3 CSR vNIC TEST-NET-3::INSIDE up /up


PLAY RECAP *********************************************************************************************************************
csr1000v-1.sandbox.wwtatc.local : ok=2    changed=0    unreachable=0    failed=0

Debug output from router

csr1000v-1#
*Feb 12 19:57:45.571: TCP0: state was LISTEN -> SYNRCVD [2222 -> 172.31.1.186(55730)]
*Feb 12 19:57:45.571: TCP: tcb 7F035BC72500 connection to 172.31.1.186:55730, peer MSS 1000, MSS is 516
*Feb 12 19:57:45.571: TCP: Selective ack is disabled from the CLI
*Feb 12 19:57:45.571: TCP: sending SYN, seq 3727312790, ack 1555190096
*Feb 12 19:57:45.571: TCP0: Connection to 172.31.1.186:55730, advertising MSS 536
*Feb 12 19:57:45.631: TCP0: state was SYNRCVD -> ESTAB [2222 -> 172.31.1.186(55730)]
*Feb 12 19:57:45.631: TCB7F035BC72500 setting property TCP_TOS (11) 56422D35A97E
*Feb 12 19:57:45.631: TCB7F035BC72500 getting property TCP_COND_ACCEPT (1)
*Feb 12 19:57:45.631: TCB7F035BC72500 setting property TCP_MSG_NOTIFY (8) 7F03C40D6B64
*Feb 12 19:57:50.215: TCP1: FIN processed
*Feb 12 19:57:50.215: TCP1: state was ESTAB -> CLOSEWAIT [2222 -> 172.31.1.186(55730)]
*Feb 12 19:57:50.251: TCP1: state was CLOSEWAIT -> LASTACK [2222 -> 172.31.1.186(55730)]
*Feb 12 19:57:50.251: TCP1: sending FIN
*Feb 12 19:57:50.313: TCP1: Got ACK for our FIN
*Feb 12 19:57:50.313: TCP1: state was LASTACK -> CLOSED [2222 -> 172.31.1.186(55730)]

csr1000v-1#show ip int brief
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet1       10.255.40.49    YES NVRAM  up                    up
GigabitEthernet2       198.51.100.1    YES manual up                    up
GigabitEthernet3       203.0.113.1     YES manual up                    up

Author

joel.king@wwt.com 12 February 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment