-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcisco_policy_map_update.yml
executable file
·166 lines (134 loc) · 4.67 KB
/
cisco_policy_map_update.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
---
- name: POLICY MAP UPDATE
hosts: "{{ tower_inventory }}"
connection: network_cli
gather_facts: no
tasks:
- name: DISCOVER SHAPE AVERAGE
ios_command:
- show running | include shape average
register: shape_average_output
- set_fact:
shape_average: "{{ item.split()[2] }}"
with_items: "{{ shape_average_output.stdout_lines[0] }}"
- name: DISCOVER WAN INTERFACE
ios_command:
- show ip cef | in 0.0.0.0/0
register: wan_int_output
- set_fact:
wan_int: "{{ item.split()[2] }}"
with_items: "{{ wan_int_output.stdout_lines[0] }}"
- name: MAKE SURE OLD POLICY MAP IS REMOVED
ios_config:
lines:
- no class-map match-any old-BL
- no class-map match-any old-BH
- no class-map match-any old-BE
- no class-map match-any old-RT
- no policy-map old-input-mark
- no policy-map old-COS
- name: ADD class-map match-any VOICE
ios_config:
parents: class-map match-any VOICE
lines:
- match ip dscp ef
- match ip dscp cs5
- name: ADD class-map match-any INTERACTIVE-VIDEO
ios_config:
parents: class-map match-any INTERACTIVE-VIDEO
lines:
- match ip dscp af41
- match ip dscp af42
- match ip dscp af43
- name: ADD class-map match-any MISSION-CRITICAL-DATA
ios_config:
parents: class-map match-any MISSION-CRITICAL-DATA
lines:
- match ip dscp af31
- match ip dscp af32
- match ip dscp af33
- match protocol dns
- match protocol ldap
- match protocol secure-ldap
- match protocol sqlserver
- match protocol citrix
- match access-group name BURSTY-HI
- name: ADD class-map match-any MISSION-CRITICAL-DATA ms-wbt for 43xx
ios_config:
parents: class-map match-any MISSION-CRITICAL-DATA
lines:
- match protocol ms-wbt
when: ansible_net_model | regex_search("^CISCO43.*")
- name: ADD class-map match-any TRANSACTIONAL-DATA
ios_config:
parents: class-map match-any TRANSACTIONAL-DATA
lines:
- match ip dscp af21
- match ip dscp af22
- match protocol ftp
- match protocol exchange
- match access-group name BURSTY-LO
- name: ADD class-map match-any TRANSACTIONAL-DATA ftp-data for 43xx
ios_config:
parents: class-map match-any TRANSACTIONAL-DATA
lines:
- match protocol ftp-data
when: ansible_net_model | regex_search("^CISCO43.*")
- name: APPLY policy-map QOS-POLICY class VOICE
ios_config:
lines:
- priority percent 30
parents:
- policy-map QOS-POLICY
- class VOICE
- name: APPLY policy-map QOS-POLICY class INTERACTIVE-VIDEO
ios_config:
lines:
- priority percent 20
parents:
- policy-map QOS-POLICY
- class INTERACTIVE-VIDEO
- name: APPLY policy-map QOS-POLICY class MISSION-CRITICAL-DATA
ios_config:
lines:
- bandwidth percent 15
- random-detect
- set dscp af31
parents:
- policy-map QOS-POLICY
- class MISSION-CRITICAL-DATA
- name: APPLY policy-map QOS-POLICY class TRANSACTIONAL-DATA
ios_config:
lines:
- bandwidth percent 15
- random-detect
- set dscp af21
parents:
- policy-map QOS-POLICY
- class TRANSACTIONAL-DATA
- name: APPLY policy-map QOS-POLICY class class-default
ios_config:
lines:
- bandwidth percent 20
- random-detect
parents:
- policy-map QOS-POLICY
- class class-default
- name: APPLY policy-map CENTURYLINK-PARENT
ios_config:
lines:
- shape average {{ shape_average }}
- service-policy QOS-POLICY
parents:
- policy-map CENTURYLINK-PARENT
- class class-default
before: NO policy-map OLD-PARENT
- name: APPLY CENTURYLINK-PARENT TO WAN INTERFACE
ios_config:
lines:
- no service-policy output OLD-PARENT
- service-policy output CENTURYLINK-PARENT
parents: interface {{ wan_int }}
- name: save running to startup when modified
ios_config:
save_when: modified