Skip to content

jsandov/cisco-router-tf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

1 Commit
.claude
.claude
Β 
Β 
components
components
Β 
Β 
environments
environments
Β 
Β 
ports
ports
Β 
Β 
shared
shared
Β 
Β 
vlans
vlans
Β 
Β 
ENVIRONMENT-MANAGEMENT-GUIDE.md
ENVIRONMENT-MANAGEMENT-GUIDE.md
Β 
Β 
ISOLATED-PORTS-GUIDE.md
ISOLATED-PORTS-GUIDE.md
Β 
Β 
README-NEW-STRUCTURE.md
README-NEW-STRUCTURE.md
Β 
Β 
README.md
README.md
Β 
Β 
VLAN-TRUNK-GUIDE.md
VLAN-TRUNK-GUIDE.md
Β 
Β 
deploy-modular.sh
deploy-modular.sh
Β 
Β 
deploy-ports.sh
deploy-ports.sh
Β 
Β 
deploy-trunks.sh
deploy-trunks.sh
Β 
Β 
deploy-vlans.sh
deploy-vlans.sh
Β 
Β 
main.tf
main.tf
Β 
Β 
outputs.tf
outputs.tf
Β 
Β 
ports.tf
ports.tf
Β 
Β 
providers.tf
providers.tf
Β 
Β 
terraform.tfvars
terraform.tfvars
Β 
Β 
terraform.tfvars.example
terraform.tfvars.example
Β 
Β 
trunks.tf
trunks.tf
Β 
Β 
variables.tf
variables.tf
Β 
Β 
vlans.tf
vlans.tf
Β 
Β 

Repository files navigation

Cisco Router Terraform Configuration

Infrastructure as Code for Cisco IOS XE devices using reusable components

This project provides a modular Terraform configuration for managing Cisco routers via RESTCONF API. Configure VLANs, interfaces, and network segments with validated, reusable components.

πŸš€ Quick Start

1. Prerequisites

  • Cisco IOS XE device with RESTCONF enabled
  • Network connectivity to device management interface
  • Valid admin credentials
  • Terraform >= 1.0 installed

2. Device Setup

Enable RESTCONF on your Cisco device:

configure terminal
restconf
interface GigabitEthernet0/0/1
  ip address 192.168.1.1 255.255.255.0
  no shutdown
exit
ip http server
ip http secure-server
username admin privilege 15 secret cisco123

3. Project Setup

git clone <your-repo>
cd cisco_terraform
cp terraform.tfvars.example terraform.tfvars
# Edit terraform.tfvars with your device credentials

πŸ“‹ How to Make Changes to Your Router

Option 1: Quick Configuration (Recommended for beginners)

Use the main configuration file for simple setups:

# 1. Configure your credentials
nano terraform.tfvars

# 2. Plan and apply changes
terraform init
terraform plan
terraform apply

Option 2: Port-by-Port Configuration (Recommended for production)

Configure individual ports for isolated, reliable deployments:

# 1. Choose a port to configure
cd ports/port-gi0-1-0  # Internal LAN example

# 2. Review and edit configuration
nano terraform.tfvars  # Edit VLAN, IP addresses, etc.

# 3. Deploy the port
terraform init
terraform plan
terraform apply

Option 3: Parallel Deployment

Configure multiple ports simultaneously:

# Deploy all LAN ports in parallel
cd ports
for port in port-gi0-1-*; do
  (cd "$port" && terraform apply -auto-approve) &
done
wait

πŸ—οΈ Project Architecture

graph TB
    subgraph "Project Structure"
        A[main.tf<br/>Complete Router Config]
        B[components/<br/>Reusable Components]
        C[ports/<br/>Individual Port Configs]
        D[shared/<br/>Common Configuration]
    end
    
    subgraph "Components"
        B --> E[interface/]
        B --> F[vlan/]
        B --> G[network/]
        B --> H[port-config/]
        B --> I[provider/]
    end
    
    subgraph "Port Configurations"
        C --> J[port-gi0-1-0/<br/>Internal LAN]
        C --> K[port-gi0-1-1/<br/>DMZ]
        C --> L[port-gi0-1-2/<br/>Guest Network]
        C --> M[port-gi0-1-3/<br/>Server Network]
    end
    
    A --> B
    C --> B
    C --> D
    
    style A fill:#e1f5fe
    style B fill:#f3e5f5
    style C fill:#e8f5e8
    style D fill:#fff3e0
Loading

πŸ”§ Configuration Workflow

flowchart TD
    A[Start: Need to Configure Router] --> B{What type of change?}
    
    B -->|Simple/Learning| C[Use main.tf]
    B -->|Production/Complex| D[Use port-specific configs]
    B -->|New Component| E[Create custom component]
    
    C --> F[Edit terraform.tfvars]
    D --> G[Choose port directory]
    E --> H[Use components/ templates]
    
    F --> I[terraform plan]
    G --> J[Edit port terraform.tfvars]
    H --> K[Test component]
    
    J --> L[terraform plan for port]
    I --> M{Plan looks good?}
    L --> N{Port plan looks good?}
    K --> O{Component works?}
    
    M -->|No| F
    M -->|Yes| P[terraform apply]
    N -->|No| J
    N -->|Yes| Q[terraform apply for port]
    O -->|No| H
    O -->|Yes| R[Document and share]
    
    P --> S[βœ… Router Configured]
    Q --> T[βœ… Port Configured]
    R --> U[βœ… Component Ready]
    
    style A fill:#e3f2fd
    style S fill:#c8e6c9
    style T fill:#c8e6c9
    style U fill:#c8e6c9
Loading

🎯 Common Use Cases

Adding a New VLAN

# Using main.tf approach
nano main.tf  # Add new module block
terraform plan && terraform apply

# Using port-specific approach
cd ports/port-gi0-1-0
nano terraform.tfvars  # Change vlan_id and vlan_name
terraform plan && terraform apply

Changing IP Addresses

cd ports/port-gi0-1-1  # DMZ example
nano terraform.tfvars
# Edit physical_interface_ip and vlan_interface_ip
terraform plan && terraform apply

Creating a New Network Segment

# Copy existing port configuration
cp -r ports/port-gi0-1-0 ports/port-gi0-1-4
cd ports/port-gi0-1-4
nano terraform.tfvars  # Configure new values
terraform init && terraform apply

πŸ“Š Network Topology

graph LR
    subgraph "Cisco Router"
        A[GigE0/0/1<br/>Management<br/>192.168.1.1/24]
        
        subgraph "Data Ports"
            B[GigE0/1/0<br/>VLAN 10<br/>Internal LAN<br/>10.10.10.0/24]
            C[GigE0/1/1<br/>VLAN 20<br/>DMZ<br/>10.20.20.0/24]
            D[GigE0/1/2<br/>VLAN 30<br/>Guest<br/>10.30.30.0/24]
            E[GigE0/1/3<br/>VLAN 40<br/>Servers<br/>10.40.40.0/24]
        end
    end
    
    A --> F[Internet/WAN]
    B --> G[Corporate Network]
    C --> H[Public Services]
    D --> I[Guest Users]
    E --> J[Server Farm]
    
    style A fill:#ffeb3b
    style B fill:#4caf50
    style C fill:#ff9800
    style D fill:#2196f3
    style E fill:#9c27b0
Loading

πŸ“ Directory Structure

cisco_terraform/
β”œβ”€β”€ πŸ“„ main.tf                    # Complete router configuration
β”œβ”€β”€ πŸ“„ terraform.tfvars           # Main configuration values
β”œβ”€β”€ πŸ“ components/                # Reusable components (DRY)
β”‚   β”œβ”€β”€ πŸ“ interface/             # Physical interface configuration
β”‚   β”œβ”€β”€ πŸ“ vlan/                  # VLAN management
β”‚   β”œβ”€β”€ πŸ“ network/               # Complete network segments
β”‚   β”œβ”€β”€ πŸ“ port-config/           # High-level port abstraction
β”‚   └── πŸ“„ README.md              # Component documentation
β”œβ”€β”€ πŸ“ ports/                     # Individual port configurations
β”‚   β”œβ”€β”€ πŸ“ port-gi0-1-0/         # Internal LAN (VLAN 10)
β”‚   β”œβ”€β”€ πŸ“ port-gi0-1-1/         # DMZ (VLAN 20)
β”‚   β”œβ”€β”€ πŸ“ port-gi0-1-2/         # Guest Network (VLAN 30)
β”‚   └── πŸ“ port-gi0-1-3/         # Server Network (VLAN 40)
└── πŸ“ shared/                    # Common configuration files
    β”œβ”€β”€ πŸ“„ versions.tf            # Terraform version requirements
    β”œβ”€β”€ πŸ“„ provider.tf.template   # Provider configuration template
    └── πŸ“„ variables.tf           # Standard variables

πŸ” Configuration Examples

Basic Interface Configuration

module "new_interface" {
  source = "./components/interface"
  
  interface_type = "GigabitEthernet"
  interface_name = "0/2/0"
  description    = "New Interface"
  shutdown       = false
  ipv4_address   = "192.168.50.1"
}

Complete Network Segment

module "new_network" {
  source = "./components/network"
  
  vlan_id                = 50
  vlan_name              = "New_Network"
  interface_name         = "0/2/0"
  interface_description  = "New Network Segment"
  network_cidr           = "10.50.50.0/24"
  physical_interface_ip  = "10.50.50.1"
  vlan_interface_ip      = "10.50.50.254"
}

πŸ› οΈ Troubleshooting

Connection Issues

# Test device connectivity
ping 192.168.1.1

# Verify RESTCONF is enabled
curl -k https://192.168.1.1/restconf/data/ietf-yang-library:modules-state

Terraform Issues

# Check configuration syntax
terraform validate

# See detailed plan
terraform plan -detailed-exitcode

# Force refresh state
terraform refresh

# Clean and reinitialize
rm -rf .terraform terraform.tfstate*
terraform init

Configuration Conflicts

# Check current device configuration
terraform show

# Import existing resources
terraform import iosxe_vlan.example 10

# Remove resource from state (danger!)
terraform state rm iosxe_vlan.example

πŸ” Security Best Practices

  1. Never commit credentials to git
  2. Use environment variables for sensitive data: 
    export TF_VAR_esr_username="admin"
export TF_VAR_esr_password="your-password"
  3. Enable device logging for audit trails
  4. Use separate state files for production
  5. Test changes in development environment first

πŸ“š Component Reference

Component Purpose Use When
interface/ Configure physical interfaces Need basic interface setup
vlan/ Manage VLANs and VLAN interfaces Working with VLANs only
network/ Complete network segments Setting up full network segment
port-config/ High-level port configuration Want validation and safety

🀝 Contributing

  1. Adding new components: Follow the structure in components/
  2. Testing: Validate with terraform validate and terraform plan
  3. Documentation: Update this README and component docs
  4. Examples: Add working examples to help others

πŸ“ž Support

  • Documentation: Check components/README.md for component details
  • Examples: See working configurations in ports/ directory
  • Issues: Review terraform plan output for detailed error messages

πŸŽ‰ Ready to configure your router? Start with the Quick Start section above!

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages