Network Device Management

Introduction

It is possible to use the Cisco Identity Services Engine (ISE) to manage network devices.

Goal

The goals of this guide are:

1. Create / Read / Update / Delete networkdevicegroup
2. Create / Read / Update / Delete networkdevice

Pre-requisites

For this guide, it is needed that the engineer has basic knowledge of:

• Ansible Getting Started Guide

Network Device Group

Network Device Groups are managed using the network_device_group_info and network_device_group Ansible actions.

network_device_group_info

This module is used to retrieve Network Device Groups information. When the id parameter is passed, it will only retrieve one element, if not, then it will retrieve all the Network Device Groups.

The following example retrieves all policy sets and then just one identified by id 70e07b60-8bff-11e6-996c-525400b48521.

- name: Get all Network Device Group
  cisco.ise.network_device_group_info:
    ise_hostname: "{{ise_hostname}}"
    ise_username: "{{ise_username}}"
    ise_password: "{{ise_password}}"
    ise_verify: "{{ise_verify}}"
    page: 1
    size: 20
    sortasc: name
    filter: []
    filterType: AND

- name: Get all Network Device Group
  cisco.ise.network_device_group_info:
    ise_hostname: "{{ise_hostname}}"
    ise_username: "{{ise_username}}"
    ise_password: "{{ise_password}}"
    ise_verify: "{{ise_verify}}"
    id: 70e07b60-8bff-11e6-996c-525400b48521

network_device_group

This action is used to create, update or delete a Network Device Group, where the action depends on the state parameter. The absent parameter will delete a Network Device Group and the state present will create or update a Network Device Group, depending if the Network Device Group already existed based on the provided ID or name.

The following example creates a policy set and then deletes it.

- name: Create
  cisco.ise.network_device_group:
    ise_hostname: "{{ise_hostname}}"
    ise_username: "{{ise_username}}"
    ise_password: "{{ise_password}}"
    ise_verify: "{{ise_verify}}"
    state: present
    description: "..."
    name: Device Type#All Device Types#SDWAN
    othername: Device Type

- name: Delete by id
  cisco.ise.network_device_group:
    ise_hostname: "{{ise_hostname}}"
    ise_username: "{{ise_username}}"
    ise_password: "{{ise_password}}"
    ise_verify: "{{ise_verify}}"
    state: absent
    id: 6c4c3fd0-c95d-11eb-aee6-62e2dbfdcf7c

Network Device

Network Device are managed using the network_device_group_info and network_device_group Ansible actions.

network_device_info

This module is used to retrieve Network Devices information. When the id parameter is passed, it will only retrieve one element, if not, then it will retrieve all the Network Devices.

The following example retrieves all policy sets and then just one identified by id 70e07b60-8bff-11e6-996c-525400b48521.

- name: Get all Network Device Groups
  cisco.ise.network_device_info:
    ise_hostname: "{{ise_hostname}}"
    ise_username: "{{ise_username}}"
    ise_password: "{{ise_password}}"
    ise_verify: "{{ise_verify}}"
    page: 1
    size: 20
    sortasc: name
    filter: []
    filterType: AND

- name: Get Network Device Group
  cisco.ise.network_device_info:
    ise_hostname: "{{ise_hostname}}"
    ise_username: "{{ise_username}}"
    ise_password: "{{ise_password}}"
    ise_verify: "{{ise_verify}}"
    id: 70e07b60-8bff-11e6-996c-525400b48521

network_device

This action is used to create, update or delete a Network Device, where the action depends on the state parameter. The absent parameter will delete a Network Device and the state present will create or update a Network Device, depending if the Network Device Group already existed based on the provided ID or name.

The following example creates a policy set and then deletes it.

- name: Create Network Device
  cisco.ise.network_device:
    ise_hostname: "{{ise_hostname}}"
    ise_username: "{{ise_username}}"
    ise_password: "{{ise_password}}"
    ise_verify: "{{ise_verify}}"
    state: present
    NetworkDeviceGroupList:
      - Location#All Locations
    NetworkDeviceIPList:
      - ipaddress: 1.2.3.4
    mask: 32
    authenticationSettings:
    networkProtocol: RADIUS
    radiusSharedSecret: C1sco12345
    description: ""
    name: SJC-10
    tacacsSettings:
    connectModeOptions: "OFF"
    sharedSecret: C1sco12345

- name: Delete by name
  cisco.ise.network_device:
    ise_hostname: "{{ise_hostname}}"
    ise_username: "{{ise_username}}"
    ise_password: "{{ise_password}}"
    ise_verify: "{{ise_verify}}"
    state: absent
    name: SJC-10