Somewhere, Something Incredible Is Waiting To Be Known !!!

Tuesday, 26 March 2019

Ansible playbook to add and delete static route on cisco ASA

---
- name: modifyRoutes
gather_facts: no
connection: local
hosts: ASA

vars:
action: StaticRouteAddition
contextname: fw-automation-test
interfacename: ['interface port-channel 35.3102']
interfacename2: port-channel 35.3102
ip: 192.168.101.101
mask: 255.255.255.0
speedmode: auto
duplexmode: auto
securityinterfacename: inside
securitylevelnumber: 0
devicetype: ciscoASA
routeModificationType: addition
routeMode:
hostIPAddress: 192.168.101.101
hostIPMask: 255.255.255.0
nextHopIP: 192.168.102.102
adminDistance: 10
destIPAddress:
destIPMask:
destGatewayIPAddress:
distanceValue:
comments:

cli:
host:
username:
password:
auth_pass:
authorize: yes
timeout: 100

tasks:

- name: StaticRouteAddition
when: action == "StaticRouteAddition" and devicetype == "ciscoASA"
asa_config:
context: "{{contextname}}"
commands:
- "route {{interfacename2}} {{hostIPAddress}} {{hostIPMask}} {{nextHopIP}} {{adminDistance}}"
provider: "{{ cli }}"

- name: StaticRouteDeletion
when: action == "StaticRouteDeletion" and devicetype == "ciscoASA"
asa_config:
context: "{{contextname}}"
commands:
- "no route {{interfacename2}} {{hostIPAddress}} {{hostIPMask}} {{nextHopIP}} {{adminDistance}}"
provider: "{{ cli }}"

anisible playbook to manage paloalto interface

---
- name: PALOALTOInterfaceManagement
gather_facts: no
connection: local
hosts: PALOALTO

vars:
action: setIPAddress
vdomname: root
interfacename: ['interface port-channel 35.3102']
ip: 192.168.101.101
mask: 255.255.255.0
speedmode: auto
duplexmode: auto
securityinterfacename: inside
securitylevelnumber: 0
devicetype: fortigate
vlanNumber: 10
vrName: test
cli:
host:
username: admin
password: admin@123
timeout: 30

- name: setIPAddress
when: action == "setIPAddress" and devicetype == "paloalto"
panos_interface:
commands:
- "set network interface {{interfacename}} layer3 ip {{ip}}"

- name: unsetIPAddress
when: action == "unsetIPAddress" and devicetype == "paloalto"
panos_interface:
commands:
- "unset network interface {{interfacename}} layer3 ip {{ip}}"

- name: createSubinterface
when: action == "createSubinterface" and devicetype == "paloalto"
pnos_interface:
commands:
- "set network interface {{interfacename}} layer3 units 1 tag {{vlanNumber}}"
- "set network interface {{interfacename}} layer3 units 1 tag {{ip}}"

- name: addingInterfaceToARouter
when: action == "addingInterfaceToARouter" and devicetype == "paloalto"
pnos_interface:
commands:
- "set network virtual-router {{vrName}} interface{{interfacename}} layer3 units 1 tag {{ip}}"

ansible playbook to manage fortigate interface

---
- name: FORTGATEInterfaceManagement
gather_facts: no
connection: local
hosts: FORTTINET

vars:
action: enableinterface
vdomname: root
interfacename: ['interface port-channel 35.3102']
ip:
mask: 255.255.255.0
speedmode: auto
duplexmode: auto
securityinterfacename: inside
securitylevelnumber: 0
devicetype: fortigate
cli:
host:
username: admin
password: admin@123
timeout: 30

- name: setIPAddress
when: action == "setIPAddress" and devicetype == "fortinet"
fortios_config:
vdom: "{{vdom}}"
commands:
- config system interface
- edit "interfacename"
- set ip "ip" "mask"
provider: "{{ cli }}"

- name: unsetIPAddress
when: action == "unsetIPAddress" and devicetype == "fortinet"
fortios_config:
vdom: "{{vdom}}"
commands:
- config system interface
- "edit {{interfacename}}"
- "unset ip {{ip}} {{mask}}"
provider: "{{ cli }}"

- name: setSpeed
when: action == "setSpeed" and devicetype == "fortinet"
fortios_config:
vdom: "{{vdomname}}"
commands:
- config sys global
- set interface-switch-speed "{{speedmode}}"
provider: "{{ cli }}"

ansible playbook to mange cisco ASA Interface

---
- name: ASAInterfaceManagement
gather_facts: no
connection: local
hosts: ASA

vars:
action: showVersion1
contextname: fw-automation-test
interfacename: ['interface port-channel 35.3102']
ip:
mask:
speedmode: auto
duplexmode: auto
securityinterfacename: inside
securitylevelnumber: 0
devicetype: fortigate
cli:
host:
username:
password:
auth_pass:
timeout: 30

tasks:
- name: show version
when: action == "showVersion" and devicetype == "ciscoASA"
asa_command:
commands:
- show version
provider: "{{ cli }}"

- name: enable interface
when: action == "enableInterface" and devicetype == "ciscoASA"
asa_config:
context: "{{contextname}}"
commands:
- no shut
parents: "{{interfacename}}"
provider: "{{ cli }}"

- name: disable interface
when: action == "disableInterface" and devicetype == "ciscoASA"
asa_config:
context: "{{contextname}}"
commands:
- shut
parents: "{{interfacename}}"
provider: "{{ cli }}"

- name: setIPAddress
when: action == "setIPAddress" and devicetype == "ciscoASA"
asa_config:
context: "{{contextname}}"
commands:
- "ip address {{ip}} {{mask}}"
- no shut
parents: "{{interfacename}}"
provider: "{{ cli }}"

- name: unsetIPAddress
when: action == "unsetIPAddress" and devicetype == "ciscoASA"
asa_config:
context: "{{contextname}}"
commands:
- no ip address
parents: "{{interfacename}}"
provider: "{{ cli }}"

- name: setSpeed
when: action == "setSpeed" and devicetype == "ciscoASA"
asa_config:
context: "{{contextname}}"
commands:
- speed "{{speedmode}}"
parents: "{{interfacename}}"
provider: "{{ cli }}"

- name: setDuplex
when: action == "setDuplex" and devicetype == "ciscoASA"
asa_config:
context: "{{contextname}}"
commands:
- speed "{{duplexmode}}"
parents: "{{interfacename}}"
provider: "{{ cli }}"

- name: setSecurityLevel
when: action == "setSecurityLevel" and devicetype == "ciscoASA"
asa_config:
context: "{{contextname}}"
commands:
- nameif "{{securityinterfacename}}"
- security-level "{{securitylevelnumber}}"
parents: "{{interfacename}}"
provider: "{{ cli }}"

Friday, 15 March 2019

Perl script to GetSubnetAddressMaskIP ( receives the subnet mask in the format 192.168.1.0/24 and return in the format 192.168.1.0 255.255.255.0)

sub GetSubnetAddressMaskIP
{
my $subnet = trim(<input>);

if($subnet =~ m/^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\/([0-9]{1,2})$/ && ( $1 <= 255 && $2 <= 255 && $3 <= 255 && $4 <= 255 && $5 <= 32))
{
my $netbit=$5;
my ($subnetIP,$maskValue) = split('/',$subnet);

if($netbit <0 or $netbit >32)
{
return -1;
}

my $mask = (2 ** $netbit - 1) << (32 - $netbit);
my $netmask = join( '.', unpack( "C4", pack( "N", $mask ) ) );

if(ValidateIPAddress($netmask)==1)
{
return "$subnetIP $netmask";
}
else
{
return -1;
}

}
elsif($subnet =~ m/^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\s+(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)$/ && ( $1 <= 255 && $2 <= 255 && $3 <= 255 && $4 <= 255 && $5 <= 255 && $6 <= 255 && $7 <= 255 && $8 <= 255))
{
return $subnet;
}
else
{
return -1;
}
}

Perl Script to validate the Subnet mask

sub ValidateSubnetMask
{
my $ip=trim(<input>);

if($ip=~ m/^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\/([0-9]{1,2})$/ && ( $1 <= 255 && $2 <= 255 && $3 <= 255 && $4 <= 255 && $5 < 32))
{
return 1;
}
elsif($ip=~ m/^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\s+(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)$/ && ( $1 <= 255 && $2 <= 255 && $3 <= 255 && $4 <= 255 && $5 <= 255 && $6 <= 255 && $7 <= 255 && $8 < 255))
{
return 1;
}
else
{
return -1;
}
}

Perl Script to used to validate the IP address

sub ValidateIPAddress
{
my $ip=trim(<inputIP>);

if( $ip=~ m/^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)$/ && ( $1 <= 255 && $2 <= 255 && $3 <= 255 && $4 <= 255))
{
return 1;
}
elsif($ip=~ m/^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\s+(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)$/ && ( $1 <= 255 && $2 <= 255 && $3 <= 255 && $4 <= 255 && $5 == 255 && $6 == 255 && $7 == 255 && $8 == 255))
{
return 1;
}
elsif($ip=~ m/^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\/([0-9]{1,2})$/ && ( $1 <= 255 && $2 <= 255 && $3 <= 255 && $4 <= 255 && $5 == 32))
{
return 1;
}
else
{
return -1;
}
}