我有一台带有四个 SFP+ 端口的 Cisco/Meraki MS225 交换机。其中一个端口上有一个光纤模块。所有五个 DOM 值都显示为处于临界状态。我怀疑阈值设置不正确,这至少是问题的一部分。
在弹出窗口中,将鼠标悬停在图表上时,您可以看到它显示零度的高警告和 3.1 度的高警报。
在思科网站(https://documentation.meraki.com/MS/Monitoring_and_Reporting/MS_Temperature_Thresholds)上,我发现临界温度远高于模块当前的 57 度。
这让我对所有其他阈值产生了疑问(尽管我还不知道这些参数的真正相关值是什么)。其他阈值也有类似的奇数值。
例如发射功率:
和Low Warn是High Alarm相同的值, 和Low Alarm是High Warn相同的值。 似乎有些地方出了问题,除非这只是 Meraki 仪表板中的 UI 错误。
因此,有两个问题:
我的任务是备份我们所有的网络设备,所以我很自然地选择了 ansible。我不是专家,但我确实需要这方面的帮助!我已经在月下尝试了一切,但无法弄清楚,chat-gpt 也没有。ansible ping 模块成功运行,调试输出显示它从“sh run”获取了一些数据,但它仍然失败。我可以手动登录并运行这两个命令而不会出现错误。我使用的两个命令是'terminal pager 0' 和'sh run' 我正在使用cisco.asa.asa 模块。我也尝试过使用 wait for 指令,但也许我做错了。这是我的 yaml 文件,其中包含 cfg、调试输出等更多详细信息。Yamllint 和 --sytax-check 未显示任何错误。谢谢你!非常感激!!
Errors:
[root@ho-lx-ansible01 networking]# play -vvvv mynewtest.zz.yml > .out 2>&1
ansible-playbook [core 2.13.3]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.9/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible-playbook
python version = 3.9.13 (main, Nov 16 2022, 15:11:16) [GCC 8.5.0 20210514 (Red Hat 8.5.0-15.0.1)]
jinja version = 3.1.2
libyaml = True
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading collection cisco.asa from /root/.ansible/collections/ansible_collections/cisco/asa
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
Loading collection ansible.netcommon from /root/.ansible/collections/ansible_collections/ansible/netcommon
redirecting (type: callback) ansible.builtin.yaml to community.general.yaml
Loading collection community.general from /usr/share/ansible/collections/ansible_collections/community/general
redirecting (type: callback) ansible.builtin.yaml to community.general.yaml
Loading callback plugin community.general.yaml of type stdout, v2.0 from /usr/share/ansible/collections/ansible_collections/community/general/plugins/callback/yaml.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: mynewtest.zz.yml *****************************************************
Positional arguments: mynewtest.zz.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/etc/ansible/hosts',)
forks: 10
1 plays in mynewtest.zz.yml
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
PLAY [Backup ASA Configuration] ************************************************
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
META: ran handlers
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
TASK [Show running config] *****************************************************
task path: /etc/ansible/playbooks/networking/mynewtest.zz.yml:21
redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
Loading collection ansible.utils from /root/.ansible/collections/ansible_collections/ansible/utils
<zzasaXXX.ad.XXX.com> attempting to start connection
<zzasaXXX.ad.XXX.com> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /usr/bin/ansible-connection
<zzasaXXX.ad.XXX.com> local domain socket does not exist, starting it
<zzasaXXX.ad.XXX.com> control socket path is /root/.ansible/pc/f2e7921f36
<zzasaXXX.ad.XXX.com> redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
<zzasaXXX.ad.XXX.com> Loading collection ansible.netcommon from /root/.ansible/collections/ansible_collections/ansible/netcommon
<zzasaXXX.ad.XXX.com> Loading collection ansible.utils from /root/.ansible/collections/ansible_collections/ansible/utils
<zzasaXXX.ad.XXX.com> Loading collection cisco.asa from /root/.ansible/collections/ansible_collections/cisco/asa
<zzasaXXX.ad.XXX.com> local domain socket listeners started successfully
<zzasaXXX.ad.XXX.com> loaded cliconf plugin ansible_collections.cisco.asa.plugins.cliconf.asa from path /root/.ansible/collections/ansible_collections/cisco/asa/plugins/cliconf/asa.py for network_os cisco.asa.asa
<zzasaXXX.ad.XXX.com> ssh type is set to libssh
<zzasaXXX.ad.XXX.com>
<zzasaXXX.ad.XXX.com> local domain socket path is /root/.ansible/pc/f2e7921f36
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
redirecting (type: action) cisco.asa.asa_facts to cisco.asa.asa
<zzasaXXX.ad.XXX.com> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<zzasaXXX.ad.XXX.com> ANSIBLE_NETWORK_IMPORT_MODULES: found cisco.asa.asa_facts at /root/.ansible/collections/ansible_collections/cisco/asa/plugins/modules/asa_facts.py
<zzasaXXX.ad.XXX.com> ANSIBLE_NETWORK_IMPORT_MODULES: running cisco.asa.asa_facts
<zzasaXXX.ad.XXX.com> ANSIBLE_NETWORK_IMPORT_MODULES: complete
ok: [zzasaXXX] => changed=false
ansible_facts:
ansible_net_api: cliconf
ansible_net_asatype: null
ansible_net_config: |2-
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual
This platform has a Base license.
Serial Number: JAD203707VN
Running Permanent Activation Key: 0xd221e25c 0x985012a5 0xa44219b4 0xb740ccb0 0x013303a6
Configuration register is 0x1
FPGA UPGRADE Version : 3.0
FPGA GOLDEN Version : 3.0
ROMMON Version : 1.1.18
Image type : Release
Key Version : A
Configuration last modified by XXX\alamonda at 11:24:47.301 EDT Wed May 3 2023
ZZASAP01# running-config
^
ERROR: % Invalid input detected at '^' marker.
ZZASAP01#
ansible_net_device_mgr_version: 7.19(1)90
ansible_net_gather_network_resources: []
ansible_net_gather_subset:
- default
- config
ansible_net_hostname: ZZASAP01
ansible_net_image: disk0:/asa9-16-3-23-lfbff-k8.SPA
ansible_net_python_version: 3.9.13
ansible_net_serialnum: null
ansible_net_system: asa
ansible_net_version: 9.16(3)23
ansible_network_resources: {}
invocation:
module_args:
context: null
gather_network_resources: null
gather_subset:
- config
passwords: null
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
TASK [show output] *************************************************************
task path: /etc/ansible/playbooks/networking/mynewtest.zz.yml:27
redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
Loading collection ansible.utils from /root/.ansible/collections/ansible_collections/ansible/utils
<zzasaXXX.ad.XXX.com> attempting to start connection
<zzasaXXX.ad.XXX.com> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /usr/bin/ansible-connection
<zzasaXXX.ad.XXX.com> found existing local domain socket, using it!
<zzasaXXX.ad.XXX.com> invoked shell using ssh_type: libssh
<zzasaXXX.ad.XXX.com> ssh connection done, setting terminal
<zzasaXXX.ad.XXX.com> loaded terminal plugin for network_os cisco.asa.asa
<zzasaXXX.ad.XXX.com> firing event: on_open_shell()
[WARNING]: on_open_shell: failed to set terminal parameters
<zzasaXXX.ad.XXX.com> ssh connection has completed successfully
<zzasaXXX.ad.XXX.com> updating play_context for connection
<zzasaXXX.ad.XXX.com>
<zzasaXXX.ad.XXX.com> local domain socket path is /root/.ansible/pc/f2e7921f36
ok: [zzasaXXX] =>
ansible_net_config:
ansible_facts:
ansible_net_api: cliconf
ansible_net_asatype: null
ansible_net_config: |2-
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual
This platform has a Base license.
Serial Number: JAD203707VN
Running Permanent Activation Key: 0xd221e25c 0x985012a5 0xa44219b4 0xb740ccb0 0x013303a6
Configuration register is 0x1
FPGA UPGRADE Version : 3.0
FPGA GOLDEN Version : 3.0
ROMMON Version : 1.1.18
Image type : Release
Key Version : A
Configuration last modified by XXX\alamonda at 11:24:47.301 EDT Wed May 3 2023
ZZASAP01# running-config
^
ERROR: % Invalid input detected at '^' marker.
ZZASAP01#
ansible_net_device_mgr_version: 7.19(1)90
ansible_net_gather_network_resources: []
ansible_net_gather_subset:
- default
- config
ansible_net_hostname: ZZASAP01
ansible_net_image: disk0:/asa9-16-3-23-lfbff-k8.SPA
ansible_net_python_version: 3.9.13
ansible_net_serialnum: null
ansible_net_system: asa
ansible_net_version: 9.16(3)23
ansible_network_resources: {}
changed: false
failed: false
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
TASK [Save running config to a file] *******************************************
task path: /etc/ansible/playbooks/networking/mynewtest.zz.yml:31
redirecting (type: connection) ansible.builtin.network_cli to ansible.netcommon.network_cli
Loading collection ansible.utils from /root/.ansible/collections/ansible_collections/ansible/utils
<zzasaXXX.ad.XXX.com> attempting to start connection
<zzasaXXX.ad.XXX.com> using connection plugin ansible.netcommon.network_cli
Found ansible-connection at path /usr/bin/ansible-connection
<zzasaXXX.ad.XXX.com> found existing local domain socket, using it!
<zzasaXXX.ad.XXX.com> updating play_context for connection
<zzasaXXX.ad.XXX.com>
<zzasaXXX.ad.XXX.com> local domain socket path is /root/.ansible/pc/f2e7921f36
<zzasaXXX.ad.XXX.com> ESTABLISH LOCAL CONNECTION FOR USER: root
<zzasaXXX.ad.XXX.com> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-4699c2_f7d2s `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680 `" && echo ansible-tmp-1683226209.4103367-4714-216689891930680="` echo /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680 `" ) && sleep 0'
Using module file /usr/lib/python3.9/site-packages/ansible/modules/stat.py
<zzasaXXX.ad.XXX.com> PUT /root/.ansible/tmp/ansible-local-4699c2_f7d2s/tmppq9q72rm TO /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/AnsiballZ_stat.py
<zzasaXXX.ad.XXX.com> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/ /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/AnsiballZ_stat.py && sleep 0'
<zzasaXXX.ad.XXX.com> EXEC /bin/sh -c '/usr/bin/python3.9 /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/AnsiballZ_stat.py && sleep 0'
Using module file /usr/lib/python3.9/site-packages/ansible/modules/file.py
<zzasaXXX.ad.XXX.com> PUT /root/.ansible/tmp/ansible-local-4699c2_f7d2s/tmpkjnfx3s1 TO /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/AnsiballZ_file.py
<zzasaXXX.ad.XXX.com> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/ /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/AnsiballZ_file.py && sleep 0'
<zzasaXXX.ad.XXX.com> EXEC /bin/sh -c '/usr/bin/python3.9 /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/AnsiballZ_file.py && sleep 0'
<zzasaXXX.ad.XXX.com> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-4699c2_f7d2s/ansible-tmp-1683226209.4103367-4714-216689891930680/ > /dev/null 2>&1 && sleep 0'
ok: [zzasaXXX] => changed=false
checksum: 5a6e3d377742ec32c0bb911561b81ade44373e96
dest: /mnt/zzasaXXX.runcfg
diff:
after:
path: /mnt/zzasaXXX.runcfg
before:
path: /mnt/zzasaXXX.runcfg
gid: 0
group: root
invocation:
module_args:
_diff_peek: null
_original_basename: tmpv40dwe82
access_time: null
access_time_format: '%Y%m%d%H%M.%S'
attributes: null
dest: /mnt/zzasaXXX.runcfg
follow: true
force: false
group: null
mode: null
modification_time: null
modification_time_format: '%Y%m%d%H%M.%S'
owner: null
path: /mnt/zzasaXXX.runcfg
recurse: false
selevel: null
serole: null
setype: null
seuser: null
src: null
state: file
unsafe_writes: false
mode: '0644'
owner: root
path: /mnt/zzasaXXX.runcfg
secontext: system_u:object_r:nfs_t:s0
size: 1326
state: file
uid: 0
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
META: ran handlers
Trying secret FileVaultSecret(filename='/etc/ansible/group_vars/.vltfile.yml') for vault_id=default
Read vars_file '/etc/ansible/group_vars/vault.yml'
META: ran handlers
PLAY RECAP *********************************************************************
zzasaXXX : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
############
YAML and CFG:
---
- name: Backup ASA Configuration
hosts: zzasaXXX
gather_facts: false
collections:
- cisco.asa
- cisco.asa.asa_facts
- ansible.netcommon.net_get
vars:
# Encrypted variables
ansible_user: "{{ vault_net_user }}"
ansible_password: "{{ vault_net_pass }}"
vars_files:
- '/etc/ansible/group_vars/vault.yml'
tasks:
- name: Show running config
cisco.asa.asa_facts:
gather_subset:
- config
register: ansible_net_config
- name: show output
debug:
var: ansible_net_config
- name: Save running config to a file
copy:
content: "{{ ansible_net_config }}"
dest: "/mnt/{{ inventory_hostname }}.runcfg"
...
[root@ho-lx-ansible01 networking]# ls -al /mnt
total 76
drwxrwxrwx. 1 root root 72 May 4 14:49 .
dr-xr-xr-x. 18 root root 235 May 2 13:10 ..
-rwxrwxrwx. 1 root root 67434 May 4 14:19 foo
-rw-r--r--. 1 root root 1326 May 4 14:49 zzasap01.runcfg
###
SHOW VERSIONS on ASA
###
ZZASAP01# show version
Cisco Adaptive Security Appliance Software Version 9.16(3)23
SSP Operating System Version 2.10(1.214)
Device Manager Version 7.19(1)90
Compiled on Fri 09-Sep-22 18:14 GMT by builders
System image file is "disk0:/asa9-16-3-23-lfbff-k8.SPA"
Config file at boot was "startup-config"
ZZASAP01 up 82 days 23 hours
Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
Internal ATA Compact Flash, 8000MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Number of accelerators: 1
1: Ext: GigabitEthernet1/1 : address is 00a2.eef9.d683, irq 255
2: Ext: GigabitEthernet1/2 : address is 00a2.eef9.d684, irq 255
3: Ext: GigabitEthernet1/3 : address is 00a2.eef9.d685, irq 255
4: Ext: GigabitEthernet1/4 : address is 00a2.eef9.d686, irq 255
5: Ext: GigabitEthernet1/5 : address is 00a2.eef9.d687, irq 255
6: Ext: GigabitEthernet1/6 : address is 00a2.eef9.d688, irq 255
7: Ext: GigabitEthernet1/7 : address is 00a2.eef9.d689, irq 255
8: Ext: GigabitEthernet1/8 : address is 00a2.eef9.d68a, irq 255
9: Int: Internal-Data1/1 : address is 00a2.eef9.d682, irq 255
10: Int: Internal-Data1/2 : address is 0000.0001.0002, irq 0
11: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0
12: Int: Internal-Data1/3 : address is 0000.0001.0003, irq 0
13: Ext: Management1/1 : address is 00a2.eef9.d682, irq 0
14: Int: Internal-Data1/4 : address is 0000.0100.0001, irq 0
The Running Activation Key feature: 2 security contexts exceed the limit on the platform, reduced to 0 security contexts.
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 5 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual
This platform has a Base license.
Serial Number: JAXXXXX
Running Permanent Activation Key XXXXXXXXXXXXXXX
Configuration register is 0x1
FPGA UPGRADE Version : 3.0
FPGA GOLDEN Version : 3.0
ROMMON Version : 1.1.18
Image type : Release
Key Version : A
Configuration last modified by mei\alamonda at 11:24:47.301 EDT Wed May 3 2023
ZZASAP01#
我正在尝试构建一个简单的 POC ansible 剧本,用于登录 Cisco 路由器并提取配置。关于我的环境:
根据我的研究(此处和此处),我非常确定我需要使用该cisco.ios.ios_facts模块。我也很确定该模块已安装在我的 Ansible 服务器上:
me@ubuntu01:~$
me@ubuntu01:~$ ansible-galaxy collection list | grep cisco.ios
cisco.ios 1.3.0
cisco.iosxr 1.2.1
me@ubuntu01:~$
好的,这是我的库存文件:
[myrouters]
10.10.10.101
[myrouters:vars]
ansible_connection=ansible.netcommon.network_cli
ansible_network_os=cisco.ios.ios
ansible_ssh_user=user101
ansible_ssh_password=password101
ansible_become=no
很简单。我注意到当我ansible-playbook以三重详细模式 (-vvv) 运行时,清单文件已成功解析。所以这是成功的一半。
这是我的剧本(“CiscoPlaybook.yml”),主要是从这个例子中复制的:
---
- name: "test baby test"
hosts: myrouters
gather_facts: yes
- tasks:
- name: Gather only the config and default facts
cisco.ios.ios_facts:
gather_subset:
- config
我想让 Ansible 做的就是通过 SSH 连接到路由器并获取设备的配置。当我ansible-playbook用这个命令运行时......
ansible-playbook CiscoPlaybook.yml -i /home/me/inventory.txt -vvv
...我得到了大量的输出。就像我说的那样,库存文件已成功解析。但是当剧本付诸实施时,事情就偏离了轨道。我将在下面发布较长的错误消息,但输出中的这条消息引起了我的注意:
<10.10.10.101> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
好的,这是否意味着 Ansible SSH 连接到路由器并尝试发出“ /bin/sh -c '/usr/bin/python && sleep 0'”命令?它为什么要这样做?我正在指示它使用该cisco.ios.ios_facts模块。我认为这个模块告诉 Ansible 如何期待 Cisco 设备并与之交互。
如果我不使用该cisco.ios.ios_facts模块,有人可以指出我哪里出错了吗?
运行剧本的整个小说长度输出如下,仅供参考。谢谢。
me@ubuntu01:~$
me@ubuntu01:~$
me@ubuntu01:~$ ansible-playbook CiscoPlaybook.yml -i /home/me/inventory.txt -vvv
ansible-playbook 2.10.7
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/me/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.6/dist-packages/ansible
executable location = /usr/local/bin/ansible-playbook
python version = 3.6.9 (default, Jan 26 2021, 15:33:00) [GCC 8.4.0]
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /home/me/inventory.txt as it did not pass its verify_file() method
script declined parsing /home/me/inventory.txt as it did not pass its verify_file() method
auto declined parsing /home/me/inventory.txt as it did not pass its verify_file() method
yaml declined parsing /home/me/inventory.txt as it did not pass its verify_file() method
Parsed /home/me/inventory.txt inventory source with ini plugin
redirecting (type: action) cisco.ios.ios_facts to cisco.ios.ios
redirecting (type: callback) ansible.builtin.yaml to community.general.yaml
redirecting (type: callback) ansible.builtin.yaml to community.general.yaml
redirecting (type: callback) ansible.builtin.timer to ansible.posix.timer
redirecting (type: callback) ansible.builtin.profile_tasks to ansible.posix.profile_tasks
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: CiscoPlaybook.yml *************************************************************************************************
2 plays in CiscoPlaybook.yml
PLAY [test baby test] *********************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************
task path: /data/home/me/CiscoPlaybook.yml:2
Wednesday 12 April 2023 17:04:13 +0000 (0:00:00.076) 0:00:00.076 *******
[WARNING]: Ignoring timeout(10) for cisco.ios.ios_facts
<135.25.133.135> Attempting python interpreter discovery
<135.25.133.135> ESTABLISH LOCAL CONNECTION FOR USER: me
<135.25.133.135> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'python2.7'"'"'; command -v '"'"'python2.6'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && sleep 0'
<135.25.133.135> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
Using module file /usr/local/lib/python3.6/dist-packages/ansible_collections/cisco/ios/plugins/modules/ios_facts.py
Pipelining is enabled.
<135.25.133.135> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
fatal: [135.25.133.135]: FAILED! => changed=false
ansible_facts: {}
failed_modules:
cisco.ios.ios_facts:
ansible_facts:
discovered_interpreter_python: /usr/bin/python
deprecations:
- msg: Distribution Ubuntu 18.04 on host 135.25.133.135 should use /usr/bin/python3, but is using /usr/bin/python for backward compatibility with prior Ansible releases. A future Ansible release will default to using the discovered platform python for this host. See https://docs.ansible.com/ansible/2.10/reference_appendices/interpreter_discovery.html for more information
version: '2.12'
exception: |-
WARNING: The below traceback may *not* be related to the actual failure.
File "/tmp/ansible_cisco.ios.ios_facts_payload_bEKSd8/ansible_cisco.ios.ios_facts_payload.zip/ansible_collections/ansible/netcommon/plugins/module_utils/network/common/network.py", line 251, in get_capabilities
capabilities = Connection(module._socket_path).get_capabilities()
File "/tmp/ansible_cisco.ios.ios_facts_payload_bEKSd8/ansible_cisco.ios.ios_facts_payload.zip/ansible/module_utils/connection.py", line 195, in __rpc__
raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
failed: true
invocation:
module_args:
gather_network_resources: null
gather_subset:
- '!config'
provider: null
msg: No authentication methods available
msg: |-
The following modules failed to execute: cisco.ios.ios_facts
PLAY RECAP ********************************************************************************************************************
135.25.133.135 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Playbook run took 0 days, 0 hours, 0 minutes, 2 seconds
Wednesday 12 April 2023 17:04:16 +0000 (0:00:02.521) 0:00:02.597 *******
===============================================================================
Gathering Facts -------------------------------------------------------------------------------------------------------- 2.52s
/data/home/me/CiscoPlaybook.yml:2 ----------------------------------------------------------------------------
me@ubuntu01:~$
我需要连接到 VPN,但我根本不是这方面的专家,所以如果有人可以帮助我,我将不胜感激。
我得到了以下数据,告诉我此信息用于“纯模式下的思科配置”。我将按字面意思粘贴电子邮件中的单词:
我正在使用 Kubuntu。有了这些数据,知道这件事的人,你应该在网络管理器中选择哪个VPN?
如果我选择Cisco AnyConnect Compatible VPN (openconnect),我可以填写Gateway、CA Certificate、Proxy、User Certificate、Private Key ... 但没有 PSK、没有组、没有用户、没有密码。
如果我选择Cisco Compatible VPN (vpnc),我可以填写Gateway,User name,User password,Group name,Group password(我没有给这个)...几乎,但没有PSK。
左边的 VPN 类型要求其他完全不同的字段。
我发现唯一能让我有机会填写 PSK 的 VPN 类型是第 2 层隧道协议 (L2TP),在其高级设置中,但我无法指定其他数据,例如组。
谁能给我一个关于如何做的线索?
我有一个带有 2 个端点(主要和次要)的 cisco ISR on-prem,我想通过一个连接将我的 Azure VPN 网关连接到两个端点(两个 IP 的本地地址空间相同)。
创建 Azure本地网络网关时,我只能输入 1 个公共 IP 地址,而不是 2 个。有没有办法从 Azure VPN 网关连接 2 个 IP?
谢谢
我有一个包含 json 的变量:
{
"ansible_facts": {
"ansible_network_resources": {
"interfaces": [
{
"description": "*** - LOCAL A - ***",
"enabled": true,
"name": "FastEthernet0"
},
{
"description": "*** - LOCAL B - ***",
"enabled": true,
"name": "GigabitEthernet1/0/1"
},
{
"description": "*** - LOCAL C - ***",
"enabled": true,
"name": "FastEthernet1"
}
]
}
}
}
当描述包含某个单词时,我需要用接口名称填充一个变量。
我正在从 VLAN1 上的单个 10.1.0.0/16 子网迁移到单独的 VLAN
在现有的 /16 子网中是我们的 Cisco Mail Security (ESA)。
在客户端的新 VLAN 段(10.101.10.0/24,VLAN6)中,除了访问 ESA 之外,我几乎可以做任何事情。没有 ping 也没有通过 HTTP(s) 访问。其他服务器和服务可以从 VLAN1 完全访问
思科支持人员表示 ESA 的配置没有问题。
网络完全是思科。
ESA 的网络/IP 接口设置:
10.1.30.188/16
我还尝试使用配置 10.101.10.250/24 添加单独的 NIC,但它没有解决任何问题
Coreswitch上的VLAN配置:
show run interface vlan 1
interface Vlan 1
ip address 10.1.0.253 255.255.0.0
end
show run interface vlan 6
!
interface Vlan 6
description LAN-Clients
ip address 10.101.10.253 255.255.255.0
ip helper-address 10.1.30.84
no ip route-cache
end
固件是 Cisco ASA 5508-X
该问题也适用于同一管理程序上的 VLAN8 测试虚拟机。Cisco ASA 的管理由外部管理。
这是 Coreswitch 的 ping 测试:
CiscoCORE#ping 10.1.30.188 键入转义序列以中止。
向 10.1.30.188 发送 5 个 100 字节的 ICMP Echo,超时为 2 秒:!!!!!!
成功率为 100% (5/5),往返 min/avg/max = 1/1/4 ms
CiscoCORE#ping 10.1.30.188 source vlan8 键入转义序列以中止。
向 10.1.30.188 发送 5 个 100 字节的 ICMP Echo,超时为 2 秒:发送的数据包源地址为 10.8.0.253 .....
成功率为 0% (0/5)
问题出在哪里?
更新:感谢@Tero Kilkanen 的评论,我添加了一些信息和测试。我还没有想到 ASA 方面可能存在的问题,但这可能是重点
更新:我终于做到了。 在重新检查 IP 接口后(我当然也在 VLAN6 中创建了一个带 IP 的接口)我尝试通过 SSH 创建它(使用相同的设置)
之后我可以从 Vlan6 访问它也许 IP 接口必须通过 SSH 而不是 Web GUI 创建。我没有设置任何不同的东西
我有一个互联网盒子,我可以在路由器模式或桥接模式下设置。然后我有一个 ASA 5550,我想将其用作 vpn 服务器(anyconnect)+ 稍后站点到站点连接到另一个 ASA 5550。
我认为我被困在 0 级。
我将调制解调器设置为桥接器,并作为 dmz 目标,我指定了 ASA 以太网端口 ip 之一(相同的掩码),我将调制解调器直接连接到该端口,然后......我不知道该怎么做。
如果这甚至可能,或者我应该将我的调制解调器保留为路由器,并将 VPN 功能所需的所有端口 NAT 到我的 ASA 吗?
谢谢
所以这是我们的设置
服务器:rsyslog 服务器 - CentOS 7
客户端:Cisco Catalyst C6880-X-LE
/etc/rsyslog.conf 从 CentOS 7 服务器:
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
$template TmplAuth, "/var/log/client_logs/%HOSTNAME%/%PROGRAMNAME%.log"
$template TmplMsg, "/var/log/client_logs/%HOSTNAME%/%PROGRAMNAME%.log"
authpriv.* ?TmplAuth
*.info;mail.none;authpriv.none;cron.none ?TmplMsg
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
由于文件夹中的某种原因,/var/log/client_logs每次在交换机上生成新的日志消息时,cisco 日志都会创建一个新的 .log 文件。这显然不理想,我希望 rsyslog 将所有日志放在一个文件中,并且我计划让 logrotate 处理每天创建一个新的日志文件。
这是我在/var/log/client_logs目录中看到的示例
-rw------- 1 root root 184 Oct 13 14:30 156598.log
-rw------- 1 root root 164 Oct 13 14:30 156599.log
-rw------- 1 root root 186 Oct 13 14:30 156600.log
-rw------- 1 root root 162 Oct 13 14:30 156601.log
-rw------- 1 root root 184 Oct 13 14:30 156602.log
-rw------- 1 root root 164 Oct 13 14:35 156603.log
-rw------- 1 root root 186 Oct 13 14:35 156604.log
-rw------- 1 root root 162 Oct 13 14:35 156605.log
-rw------- 1 root root 184 Oct 13 14:35 156606.log
-rw------- 1 root root 164 Oct 13 14:35 156607.log
-rw------- 1 root root 186 Oct 13 14:35 156608.log
-rw------- 1 root root 162 Oct 13 14:35 156609.log
-rw------- 1 root root 184 Oct 13 14:35 156610.log
-rw------- 1 root root 162 Oct 13 14:39 156611.log
-rw------- 1 root root 164 Oct 13 14:41 156612.log
-rw------- 1 root root 186 Oct 13 14:41 156613.log
-rw------- 1 root root 162 Oct 13 14:41 156614.log
-rw------- 1 root root 184 Oct 13 14:41 156615.log
考虑到它正在为从 Cisco 交换机发送的每条新消息创建一个 .log,这将永远持续下去。以下是这些日志文件之一的内容示例
2021-10-13T14:41:10.866435-07:00 X 156613: X-Switch: .Oct 13 13:40:44 PST: %LINEPROTO-SW1-5-UPDOWN: Line protocol on Interface GigabitEthernet195/1/0/11, changed state to down
我不确定问题出在 Cisco 交换机上的配置还是我的 rsyslog 配置上,但我之前已经这样做过,并且从未遇到过为发送到服务器的每条消息创建新的 .log 文件的任何问题。
这是 Cisco 交换机端的配置
Switch1#show run | include logging
logging userinfo
logging reload debugging
logging event link-status default
logging origin-id hostname
logging host 10.1.1.1
logging synchronous
logging synchronous
仅供参考,该logging host语句是 CentOS 7 rsyslog 服务器的 IP 地址。从其他主机捕获的所有其他日志都很好,并且不会为收到的每条消息创建新的 .log 文件,但是发送日志的其他系统不是 Cisco 交换机,它们都是各种 Linux 风格(主要是 CentOS 和 RHEL)。
知道为什么 rsyslog 会为它从这个 Cisco Catalyst 交换机收到的每条消息创建新的 .log 文件吗?
我们的政府发布了一份声明,所有视频/语音在线支持软件都需要使用 DNSSEC 进行所有地址转换,并且所有使用的 DNS 服务器都需要支持 DNSSEC。
我为“my_organization.webex.com”甚至“webex.com”尝试了几个 DNSSEC 检查器和分析器(https://dnssec-analyzer.verisignlabs.com/www.webex.com ),对我来说,这个域似乎没有'不使用/支持 DNSSEC。
我在 Cisco/Webex 网站上找不到任何相关信息。
我简直不敢相信 Cisco Webex 不会使用 DNSSEC,所以我的问题是:我错过了什么吗?还是有理由不使用它?
谢谢