Ansible Playbook for VLAN Configuration – Automate Smarter, Not Harder! [CCNP ENTERPRISE]

Today I’m excited to walk you through something that every network engineer aiming to embrace automation must learn — Ansible Playbook for VLAN Configuration.
I still remember those days when I’d log in to 10–20 switches one by one, just to create the same VLANs. It was frustrating, repetitive, and frankly… a waste of valuable time. If that sounds familiar, then trust me — this blog post will be a game-changer for you.

Let’s break the shackles of CLI dependency and get hands-on with Ansible, one of the most powerful automation tools for networking. By the end of this post, you’ll have a working VLAN automation lab in EVE-NG, sample playbooks, a troubleshooting guide, and even real-world examples.

---

Theory in Brief – What’s the Hype About Ansible + VLAN?

Before we dive into the configs and code, let’s understand what this is all about.

What is Ansible?

Ansible is an open-source automation engine used for configuration management, application deployment, and task automation. It’s agentless, meaning you don’t need to install any software on the target devices — just SSH access and Python support.

Why Automate VLANs?

VLANs (Virtual LANs) are used to segment broadcast domains on a switch. When configuring a large number of switches across branches or datacenters, manually creating VLANs can become unmanageable. This is where Ansible comes into play — it can automate VLAN creation across multiple devices in seconds.

What is an Ansible Playbook?

A playbook is a YAML file where you define tasks to be executed on remote devices. For VLAN configuration, you’ll typically use modules like ios_vlan to push VLAN settings to Cisco devices.

YAML + Templates = Reusability

By writing parameterized playbooks, you can reuse the same code for different VLANs, different devices, and even different vendors by switching modules. It’s all about scalability and efficiency.

---

Comparision – Pros, Cons & Key Comparison

Feature	Manual VLAN Configuration	Ansible VLAN Automation
Time to Deploy	High	Very Low
Human Error Risk	High	Minimal
Scalability	Poor	Excellent
Learning Curve	Low	Moderate (but worth it!)
Reusability	None	High (Templates + Variables)
Reporting	Manual (via show commands)	Automated (via output parsing)

---

Essential CLI Commands for VLAN Verification

Purpose	Command
Show VLANs	show vlan brief
Show VLAN database (some models)	show vlan
Debug VLAN configuration	debug vlan (on supported platforms)
Check VLAN Interface Status	show interfaces status
Save Configuration	write memory or copy run start

---

Real-World Use Case – Branch-Wise VLAN Rollout

Scenario	Details
Company Name	NetCorp Pvt. Ltd.
Requirement	Create VLANs 10, 20, 30 for Users, Voice, and Management on 50 switches
Manual Effort Estimate	~5 hours
Ansible Effort	< 5 minutes
Impact	Consistent, error-free config across sites
Business Benefit	Time-saving, reduced OPEX, increased reliability

---

SMALL EVE-NG LAB – VLAN Configuration via Ansible

Let’s build a simple lab to test this out:

LAB DIAGRAM:

---

INVENTORY FILE – hosts.ini

[cisco_switches]
switch1 ansible_host=192.168.100.10 ansible_user=student ansible_password=student ansible_network_os=ios ansible_connection=network_cli

---

PLAYBOOK – vlan_config.yml

---
- name: Configure VLANs on Cisco Switch
  hosts: cisco_switches
  gather_facts: no
  tasks:
    - name: Create VLANs
      cisco.ios.ios_vlan:
        vlan_id: "{{ item.id }}"
        name: "{{ item.name }}"
        state: present
      loop:
        - { id: 10, name: 'Users' }
        - { id: 20, name: 'Voice' }
        - { id: 30, name: 'Management' }

---

RUN THE PLAYBOOK

ansible-playbook -i hosts.ini vlan_config.yml

---

VERIFY ON SWITCH

Switch# show vlan brief

You should see VLANs 10, 20, and 30 configured with appropriate names.

---

Troubleshooting Tips

Problem	Possible Cause	Fix / Solution
SSH timeout or unreachable	IP/firewall/SSH not enabled	Check device IP, SSH status, and ACLs
Module not found	Ansible Collections not installed	Run ansible-galaxy collection install cisco.ios
Wrong credentials	Typo in user/pass in inventory	Double-check credentials
VLAN not showing after run	Configuration not saved	Ensure playbook has config save or do it manually
Unsupported IOS image	Using legacy Cisco IOS	Upgrade to IOS that supports NETCONF or SSH

---

Frequently Asked Questions (FAQ)

1. What is the purpose of using Ansible for VLAN configuration in network devices?

Answer:
Ansible helps automate the process of creating, modifying, and deleting VLANs on network devices like Cisco switches. Instead of logging into each device and manually configuring VLANs using CLI, you can define the desired state in a YAML-based playbook. This ensures consistency, reduces human error, speeds up deployment, and improves scalability across multiple devices.

---

2. Do I need any special modules to configure VLANs using Ansible on Cisco devices?

Answer:
Yes, to configure VLANs on Cisco devices, you typically use modules like:

• ios_vlan – for VLAN configuration on Cisco IOS switches.
• ios_config – for pushing raw CLI commands.
  You also need to have ansible.netcommon and cisco.ios collections installed via Ansible Galaxy.

---

3. What does a basic Ansible playbook for VLAN configuration look like?

Answer:
Here’s a sample snippet:

name: Configure VLAN on Cisco Switch
  hosts: switches
  gather_facts: no
  connection: network_cli
  tasks:
    - name: Create VLAN 20
      cisco.ios.ios_vlan:
        vlan_id: 20
        name: HR_VLAN
        state: present

This playbook connects to devices in the switches group and ensures VLAN 20 exists with the name HR_VLAN.

---

4. How do I define hosts in my inventory for Ansible to manage network devices?

Answer:
You can define your switches in an inventory file like this:

[switches]
switch1 ansible_host=192.168.1.10 ansible_user=admin ansible_password=cisco ansible_network_os=ios

Make sure ansible_connection=network_cli or ansible_connection=ansible.netcommon.network_cli is specified globally or per host.

---

5. Is it possible to remove a VLAN using Ansible playbook?

Answer:
Yes. By setting the state parameter to absent in the ios_vlan module, you can remove the VLAN.

name: Delete VLAN 20
  cisco.ios.ios_vlan:
    vlan_id: 20
    state: absent

This ensures VLAN 20 is removed from the switch configuration.

---

6. How does Ansible handle idempotency in VLAN configuration?

Answer:
Ansible modules like ios_vlan are idempotent, meaning they only make changes when necessary. If the VLAN is already present and matches the desired configuration, Ansible will skip the task. This prevents unnecessary changes and keeps the playbook execution efficient and safe.

---

7. Can I apply VLANs across multiple switches simultaneously?

Answer:
Absolutely! That’s one of Ansible’s strongest features. When your inventory includes multiple switches, Ansible can configure all of them in parallel using a single playbook. This drastically reduces time and ensures uniform VLAN configurations across your network.

---

8. What are some best practices when writing Ansible playbooks for network automation?

Answer:

• Use variables for VLAN IDs and names to make the playbook reusable.
• Group similar devices in inventory files.
• Test on lab switches (e.g., EVE-NG, GNS3) before production.
• Use tags to run specific parts of the playbook.
• Add error handling using ignore_errors or conditionals when needed.
• Maintain backup configs before pushing major changes.

---

9. How do I troubleshoot when a VLAN playbook fails to run?

Answer:
Troubleshooting steps:

• Check connectivity to the device (ping/SSH).
• Ensure correct credentials and ansible_network_os are used.
• Use -vvv (verbosity) for detailed logs during playbook execution.
• Validate YAML syntax with online linters or ansible-lint.
• Ensure required collections are installed, like cisco.ios.

Install missing collection:

ansible-galaxy collection install cisco.ios

---

10. How does this knowledge help with CCNP/DevNet certification and real-world job roles?

Answer:
Understanding and using Ansible for VLAN configuration aligns perfectly with the DevNet and CCNP Enterprise exam topics on network programmability and automation. In real-world network operations, automation is increasingly essential for scaling configurations, compliance, and quick troubleshooting. Mastering tools like Ansible prepares you for roles such as Network Automation Engineer, Site Reliability Engineer (SRE), or DevNet Associate.

---

YouTube Video Link

Watch the Complete CCNP Enterprise: Ansible Playbook for VLAN Configuration – Automate Smarter, Not Harder! Lab Demo & Explanation on our channel:

---

Final Note

Understanding how to differentiate and implement Ansible Playbook for VLAN Configuration – Automate Smarter, Not Harder! is critical for anyone pursuing CCNP Enterprise (ENCOR) certification or working in enterprise network roles. Use this guide in your practice labs, real-world projects, and interviews to show a solid grasp of architectural planning and CLI-level configuration skills.

If you found this article helpful and want to take your skills to the next level, I invite you to join my Instructor-Led Weekend Batch for:

CCNP Enterprise to CCIE Enterprise – Covering ENCOR, ENARSI, SD-WAN, and more!

Get hands-on labs, real-world projects, and industry-grade training that strengthens your Routing & Switching foundations while preparing you for advanced certifications and job roles.

Email: info@networkjourney.com
WhatsApp / Call: +91 97395 21088

Upskill now and future-proof your networking career!

---