Image by: Rodnae Producktions - Pexels

Setting up the PoC

the poc Sep 9, 2022

A challenge for learning and enjoyment.

The challenge, test out configuring network equipment with three defined methods. (Python3, Ansible, Terraform)

Obviously all of them are closely related. But of course automation tools are there to make our IT jobs easier.

Thinking about this assignment already had me thinking about what I would use without hesitation. The intent of the challenge is to not be guided by experience, but by the tools themselves.

Obviously there will be chances to expand on it. For instance, with Python i would use Jinja, Nornir, Netmiko and more. With Ansible i'll most likely follow a tried and tested route of NetBox and AAP. Terraform is truly the new one here for me, so it will be nice to find out more about it.


But first we need to build a PoC environment and (re-)define the scope a bit more.

All of the tools require a few things beforehand, expanded it will consist of,

  • SSH access
  • Management IP's

So essentially a working network o_O with an inventory .. you see where this is going :)

I dont have a lot of networking equipment lying around, nor a bunch of (illegal) Cisco IOS versions. So instead of Physical Equipment, EVE-NG or GNS3, i decided that since it is meant for education to splurge on Cisco Modeling Labs instead. It's only 199us$ right ? ... (Yeah, turns out it wasn't.. Even personal it still required paying Taxes and aside from that the dollar is stronger than the Euro .. so the 200 became 252Euro's o_O )

Regardless, the tool is simple to use, no difficulties whatsoever. And we like it this way :) (path of least resistance)


The network design needs to touch on a few things.

  • Be accessible with SSH
  • Manageable
  • Have Switches, Hosts, Routers

So i came up with this:

Preliminary PoC network

The orange lines are the management links in

  • VLAN 2000 management

With which we will build the inventory.

Default config

The default config for all nodes is:

aaa new-model
service password encryption
service password-encryption
username cisco algorithm-type sha256 secret cisco
enable password 0 cisco
ip domain-name

crypto key generate rsa label SSH modulus 2048
ip ssh rsa keypair-name SSH
ip ssh version 2
ip ssh logging events

ip ssh time-out 60
ip ssh authentication-retries 5
line vty 0 4
transport input ssh
exec-timeout 30 0


vlan 2000
name management
! for Karen

int vlan 2000
ip address 192.168.4.XX
no shut

ip default-gateway
ip route


The network on the outside of the cloud. My physical network is in The network on the inside (of CML) is in Of which is the management LAN.

The 'edge-router' has to outside and to inside. On top of that a DHCP pool is added.

ip dhcp excluded-address
ip dhcp pool management
interface GigabitEthernet0/1.2000
 description management
 encapsulation dot1Q 2000
 ip address


  • The grey links will need to be configured.
  • A routing protocol needs to be added.
  • Switches will need to be configured.
  • Hosts will need to be able to ping/ssh each other.

So basically the PoC is defined. The time is now to head into the challenge :)

ansible@amane ~/ansible $ ip add | grep 192.168
    inet brd scope global noprefixroute ens192
ansible@amane ~/ansible $ fping -ga 2>/dev/null
ansible@amane ~/ansible $


Riccardo B.

Riccardo is an all round Linux Systems Engineer with over 20 years of experience and a knack for Automation. Favoring acronyms like NAO, IaC, SRE and more. Also hardly ever writes in third person :)