ios_vrf – Manage the collection of VRF definitions on Cisco IOS devices¶
Synopsis¶
- This module provides declarative management of VRF definitions on Cisco IOS devices. It allows playbooks to manage individual or the entire VRF collection. It also supports purging VRF definitions from the configuration that are not explicitly defined.
Parameters¶
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| associated_interfaces 
                    -
                                                                 added in 2.5 | This is a intent option and checks the operational state of the for given vrf  namefor associated interfaces. If the value in theassociated_interfacesdoes not match with the operational state of vrf interfaces on device it will result in failure. | ||
| auth_pass 
                    string
                                                                 | Deprecated Starting with Ansible 2.5 we recommend using  connection: network_cliandbecome: yeswithbecome_pass.For more information please see the IOS Platform Options guide. Specifies the password to use if required to enter privileged mode on the remote device.  If authorize is false, then this argument does nothing. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_AUTH_PASSwill be used instead. | ||
| authorize 
                    boolean
                                                                 | 
 | Deprecated Starting with Ansible 2.5 we recommend using  connection: network_cliandbecome: yes.For more information please see the IOS Platform Options guide. Instructs the module to enter privileged mode on the remote device before sending any commands.  If not specified, the device will attempt to execute all commands in non-privileged mode. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_AUTHORIZEwill be used instead. | |
| delay 
                    -
                                                                 added in 2.4 | Default: 10 | Time in seconds to wait before checking for the operational state on remote device. | |
| description 
                    -
                                                                 | Provides a short description of the VRF definition in the current active configuration.  The VRF definition value accepts alphanumeric characters used to provide additional information about the VRF. | ||
| interfaces 
                    -
                                                                 | Identifies the set of interfaces that should be configured in the VRF.  Interfaces must be routed interfaces in order to be placed into a VRF. | ||
| name 
                    -
                                                                 | The name of the VRF definition to be managed on the remote IOS device.  The VRF definition name is an ASCII string name used to uniquely identify the VRF.  This argument is mutually exclusive with the  vrfsargument | ||
| provider 
                    dictionary
                                                                 | Deprecated Starting with Ansible 2.5 we recommend using  connection: network_cli.For more information please see the IOS Platform Options guide. A dict object containing connection details. | ||
| auth_pass 
                    string
                                                                 | Specifies the password to use if required to enter privileged mode on the remote device.  If authorize is false, then this argument does nothing. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_AUTH_PASSwill be used instead. | ||
| authorize 
                    boolean
                                                                 | 
 | Instructs the module to enter privileged mode on the remote device before sending any commands.  If not specified, the device will attempt to execute all commands in non-privileged mode. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_AUTHORIZEwill be used instead. | |
| host 
                    string
                                             / required                     | Specifies the DNS host name or address for connecting to the remote device over the specified transport.  The value of host is used as the destination address for the transport. | ||
| password 
                    string
                                                                 | Specifies the password to use to authenticate the connection to the remote device.   This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_PASSWORDwill be used instead. | ||
| port 
                    integer
                                                                 | Default: 22 | Specifies the port to use when building the connection to the remote device. | |
| ssh_keyfile 
                    path
                                                                 | Specifies the SSH key to use to authenticate the connection to the remote device.   This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_SSH_KEYFILEwill be used instead. | ||
| timeout 
                    integer
                                                                 | Default: 10 | Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands.  If the timeout is exceeded before the operation is completed, the module will error. | |
| username 
                    string
                                                                 | Configures the username to use to authenticate the connection to the remote device.  This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable  ANSIBLE_NET_USERNAMEwill be used instead. | ||
| purge 
                    boolean
                                                                 | 
 | Instructs the module to consider the VRF definition absolute.  It will remove any previously configured VRFs on the device. | |
| rd 
                    -
                                                                 | The router-distinguisher value uniquely identifies the VRF to routing processes on the remote IOS system.  The RD value takes the form of  A:BwhereAandBare both numeric values. | ||
| route_both 
                    -
                                                                 added in 2.5 | Adds an export and import list of extended route target communities to the VRF. | ||
| route_both_ipv4 
                    -
                                                                 added in 2.7 | Adds an export and import list of extended route target communities in address-family configuration submode to the VRF. | ||
| route_both_ipv6 
                    -
                                                                 added in 2.7 | Adds an export and import list of extended route target communities in address-family configuration submode to the VRF. | ||
| route_export 
                    -
                                                                 added in 2.5 | Adds an export list of extended route target communities to the VRF. | ||
| route_export_ipv4 
                    -
                                                                 added in 2.7 | Adds an export list of extended route target communities in address-family configuration submode to the VRF. | ||
| route_export_ipv6 
                    -
                                                                 added in 2.7 | Adds an export list of extended route target communities in address-family configuration submode to the VRF. | ||
| route_import 
                    -
                                                                 added in 2.5 | Adds an import list of extended route target communities to the VRF. | ||
| route_import_ipv4 
                    -
                                                                 added in 2.7 | Adds an import list of extended route target communities in address-family configuration submode to the VRF. | ||
| route_import_ipv6 
                    -
                                                                 added in 2.7 | Adds an import list of extended route target communities in address-family configuration submode to the VRF. | ||
| state 
                    -
                                                                 | 
 | Configures the state of the VRF definition as it relates to the device operational configuration.  When set to present, the VRF should be configured in the device active configuration and when set to absent the VRF should not be in the device active configuration | |
| vrfs 
                    -
                                                                 | The set of VRF definition objects to be configured on the remote IOS device.  Ths list entries can either be the VRF name or a hash of VRF definitions and attributes.  This argument is mutually exclusive with the  nameargument. | ||
Notes¶
Note
- Tested against IOS 15.6
- For more information on using Ansible to manage network devices see the Ansible Network Guide
- For more information on using Ansible to manage Cisco devices see the Cisco integration page.
Examples¶
- name: configure a vrf named management
  ios_vrf:
    name: management
    description: oob mgmt vrf
    interfaces:
      - Management1
- name: remove a vrf named test
  ios_vrf:
    name: test
    state: absent
- name: configure set of VRFs and purge any others
  ios_vrf:
    vrfs:
      - red
      - blue
      - green
    purge: yes
- name: Creates a list of import RTs for the VRF with the same parameters
  ios_vrf:
    name: test_import
    rd: 1:100
    route_import:
      - 1:100
      - 3:100
- name: Creates a list of import RTs in address-family configuration submode for the VRF with the same parameters
  ios_vrf:
    name: test_import_ipv4
    rd: 1:100
    route_import_ipv4:
      - 1:100
      - 3:100
- name: Creates a list of import RTs in address-family configuration submode for the VRF with the same parameters
  ios_vrf:
    name: test_import_ipv6
    rd: 1:100
    route_import_ipv6:
      - 1:100
      - 3:100
- name: Creates a list of export RTs for the VRF with the same parameters
  ios_vrf:
    name: test_export
    rd: 1:100
    route_export:
      - 1:100
      - 3:100
- name: Creates a list of export RTs in address-family configuration submode for the VRF with the same parameters
  ios_vrf:
    name: test_export_ipv4
    rd: 1:100
    route_export_ipv4:
      - 1:100
      - 3:100
- name: Creates a list of export RTs in address-family configuration submode for the VRF with the same parameters
  ios_vrf:
    name: test_export_ipv6
    rd: 1:100
    route_export_ipv6:
      - 1:100
      - 3:100
- name: Creates a list of import and export route targets for the VRF with the same parameters
  ios_vrf:
    name: test_both
    rd: 1:100
    route_both:
      - 1:100
      - 3:100
- name: Creates a list of import and export route targets in address-family configuration submode for the VRF with the same parameters
  ios_vrf:
    name: test_both_ipv4
    rd: 1:100
    route_both_ipv4:
      - 1:100
      - 3:100
- name: Creates a list of import and export route targets in address-family configuration submode for the VRF with the same parameters
  ios_vrf:
    name: test_both_ipv6
    rd: 1:100
    route_both_ipv6:
      - 1:100
      - 3:100
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Network Team. [network]
Red Hat Support¶
More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.
Authors¶
- Peter Sprygada (@privateip)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
