In this recipe, we will show how to configure access and trunk interfaces on Cisco IOS-based devices, and how to map interfaces to an access VLAN, as well as how to allow specific VLANs on the trunks.

Following our sample topology, we will configure the interfaces on the devices. As shown in this table, we are only showing the VLANs for access01 and core01— the other devices are exact replicas:

1. Create a new core.yml file under group_vars and include the following core_vlans definition:

core_vlans:
  - name: l3_core_vlan
    vlan_id: 200
    interface: Ethernet0/3

2. Update the pb_build_network.yml playbook with the following tasks to configure all trunk ports:

  - name: "Configure L2 Trunks"
    ios_l2_interface:
      name: "{{ item.name }}"
      mode: "{{ item.mode }}"
      trunk_allowed_vlans: "{{ vlans | map(attribute='vlan_id') | join(',') }}"
      state: present
    loop: "{{ interfaces[inventory_hostname] |
selectattr('mode','equalto','trunk') | list }}"
  - name: "Enable dot1q Trunks"
    ios_config:
      lines:
        - switchport trunk encapsulation dot1q
      parents: interface {{item.name}}
    loop: "{{ interfaces[inventory_hostname] |
selectattr('mode','equalto','trunk') | list }}"
    tags: dot1q

3. Update the playbook with the following task to configure all access ports:

  - name: "Configure Access Ports"
    ios_l2_interface:
      name: "{{ item.name }}"
      mode: "{{ item.mode}}"
      access_vlan: "{{ item.vlan }}"
      state: present
    loop: "{{ interfaces[inventory_hostname] |
selectattr('mode','equalto','access') | list }}"

We are using the same data structure in the lan.yml file that defines all the interfaces within the LAN network and describes their type (access/trunk). In the case of access ports, we define which access interface is part of which VLAN. We will reference this list data structure to configure the access and trunk ports on all the devices within the lan group.
The interfaces within our layer2 network are one of the following two options:

Access:

• We use ios_l2_interface with the access_vlan parameter to configure the correct access VLAN on the interface.
• We select only the access interfaces for each device using the selectattr jinja2 filter, and we match only one interface with a mode equal to access, and we loop over this list for each device.

Trunk:

• We use ios_l2_interface with the trunk_allowed_vlans parameter to add all the VLANs to the trunk ports, on both access and core switches.
• We create the permitted VLAN list using the Jinja2 map and join filters and we apply this filter to the vlans list data structure. This outputs a string similar to the following: 10,20,100.
• We select only the trunk ports using the selectattr Jinja2 filter from the interface's data structure per node.
• We need to configure these trunks as dot1q ports; however, this attribute is still not enabled on ios_l2_interface. Hence, we use another module, ios_config, to send the required Cisco IOS command to set up the dot1q trunks.

The following output outlines the configuration applied to the access01 device as an example for both access and trunk ports:

!
interface Ethernet0/3   >> Access Port
 description Data_vlan
 switchport access vlan 10
 switchport mode access
 
 !
interface Ethernet0/1    >> Trunk Port
 description core01_e0/1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10,20,100
 switchport mode trunk

For more information regarding ios_l2_interface and the different parameters supported by these modules, please consult the following URL:

https://docs.Ansible.com/Ansible/latest/modules/ios_l2_interface_module.html