The module works against a broad range of IOS and IOS-XE based devices, but we don't test against all device types. We have continuous integration pipelines where we test against physical devices. Listed below are details of those device types. Please note that our initial development and testing has focussed on switches, with routers and firewalls to follow-on.
| Device Type | IOS Version |
|---|---|
| 2960 | Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 12.2(58)SE2, RELEASE SOFTWARE (fc1) |
| 3560 | Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(55)SE11, RELEASE SOFTWARE (fc3) |
| 3650 | Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.06.05.E RELEASE SOFTWARE (fc2) |
| 3750 | Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE10, RELEASE SOFTWARE (fc2) |
| 4503 | Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.07.03.E RELEASE SOFTWARE (fc3) |
| 4507r | Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I5K91S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) |
| 4948 | Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-ENTSERVICESK9-M), Version 12.2(37)SG1, RELEASE SOFTWARE (fc2) |
| 6503 | Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(33)SXJ10, RELEASE SOFTWARE (fc3) |
| Resource | 2960 | 3560 | 3650(IOS-XE) | 3750 | 4503(IOS-XE) | 4507r | 4948 | 6503 |
|---|---|---|---|---|---|---|---|---|
| banner | ok | ok | ok | ok | ok | ok | ok | ok |
| domain_name | use network_dns | use network_dns | use network_dns | use network_dns | use network_dns | use network_dns | use network_dns | use network_dns |
| ios_aaa_authentication | ok | ok | ok | ok | ok | ok | ok | ok |
| ios_acl | ok | ok | ok | ok | ok | ok | ok | ok |
| ios_additional_syslog_settings | ok | ok | ok | ok | ok | ok | ok* | ok |
| ios_config | ok | ok | ok | ok | ok | ok | ok | ok |
| ios_interface | ok* | ok | ok | ok | ok* | ok* | ok | ok* |
| ios_ntp_access_group | ok* | ok | ok | ok* | ok | ok* | ok* | ok* |
| ios_ntp_config | ok* | ok | ok* | ok* | ok | ok | ok* | ok |
| ios_radius_global | ok | ok | ok | ok | ok | ok | ok | ok |
| ios_stp_global | ok* | ok | ok* | ok* | ok* | ok* | ok* | ok |
| name_server | use network_dns | use network_dns | use network_dns | use network_dns | use network_dns | use network_dns | use network_dns | use network_dns |
| network_dns | ok | ok | ok | ok | ok | ok | ok | ok |
| network_interface | ok* | ok | ok* | ok* | ok | ok | ok | ok |
| network_snmp | ok | ok | ok | ok | ok | ok | ok | ok |
| network_trunk | ok* | ok | ok* | ok | ok* | ok | ok | ok |
| network_vlan | ok | ok | ok | ok | ok | ok | ok | ok |
| ntp_auth_key* | ok | ok | ok | ok | ok | ok | ok | ok |
| ntp_config | ok | ok | ok | ok | ok | ok | ok | ok |
| ntp_server | ok | ok* | ok | ok* | ok | ok | ok* | ok |
| port_channel | ok* | ok | ok* | ok* | ok* | ok* | ok* | ok |
| radius | not supported by IOS | not supported by IOS | not supported by IOS | not supported by IOS | not supported by IOS | not supported by IOS | not supported by IOS | not supported by IOS |
| radius_global* | ok | ok | ok | ok | ok | ok | ok | ok |
| radius_server | ok | ok* | ok | not supported | ok | not supported | not supported | not supported |
| radius_server_group | ok | ok | ok | ok | ok | ok | ok | ok |
| search_domain | use network_dns | use network_dns | use network_dns | use network_dns | use network_dns | use network_dns | use network_dns | use network_dns |
| snmp_community | ok | ok | ok | ok | ok | ok | ok | ok |
| snmp_notification | ok | ok | ok | ok | ok | ok | ok | ok |
| snmp_notification_receiver | ok | ok | ok | ok | ok | ok | ok | ok |
| snmp_user* | ok | ok | ok | ok | ok | ok | ok | ok |
| syslog_server | ok | ok | ok | ok | ok | ok | ok | ok |
| syslog_settings | ok | ok | ok | ok | ok | ok | ok | ok |
| tacacs | not supported by IOS | not supported by IOS | not supported by IOS | not supported by IOS | not supported by IOS | not supported by IOS | not supported by IOS | not supported by IOS |
| tacacs_global* | ok | ok | ok | ok | ok | ok | ok | ok |
| tacacs_server | ok | ok | ok | ok | ok | ok | ok | ok |
| tacacs_server_group | ok | ok | ok | ok | ok | ok | ok | ok |
| vrf | unsupported | ok* | ok | ok | unsupported | ok | ok | ok |
| ios_ip | ok | ok | ok | ok | ok | ok | ok* | ok |
| ios_cef | unsupported | ok* | ok | ok* | ok | ok* | ok* | ok* |
Cells marked with the * have deviations. See the section below for details.
As required by RFC 3414 SNMP server, user commands will not be displayed in the configuration output of the device. The values password and enforce_privacy are not comparable on the device. This means when using the resource to manage v3 SNMP users, we can't support idempotency and a corrective change will occur when password and enforce_privacy are present in a manifest.
The switch does not support the MTU on a per-interface basis. It does not support the following attributes: link
- mtu
The above switch does not support the setting of MTU on a per-interface basis.
- mtu
The switch does not support the MTU on a per-interface basis. It does not support the following attributes: link
- mtu
The switch does not support the MTU on a per-interface basis. It does not support the following attributes: link
- mtu
The above devices do not support the params mac_notification_added or mac_notification_added.
The above devices do not support the params ip_dhcp_snooping_trust or ip_dhcp_snooping_limit.
The above devices do not support the param vrf.
The above devices do not support the param route_cache_cef.
This device does not have native trunking. It does not support the following attributes: link
- ensure
- encapsulation
When managing the password and mode, the expectation is that these will supplied as stored on the device, i.e. the encrypted password and mode 7 in most cases. To get the current configuration the --resource command can be used:
puppet device --target cisco.example.com --resource ntp_auth_key
This is the configuration which should be managed in your Puppet manifest.
This device type only supports a single method of encapsulation, 802.1q, and as such the attribute to set it is not supported.
Does not support the following attributes:
- minpoll
- maxpoll
Does not support the following attributes: link
- minpoll
- maxpoll
Does not support the following attributes: link
- minpoll
- maxpoll
Does not support the following attributes: link
- minpoll
- maxpoll
The above devices do not have native trunking. The following attributes are not supported: link
- flowcontrol_send
The IOS operating system does not support:
- enable
The IOS operating system needs to support the new "radius server" command, we do not use "radius-server" link
This device does not support bridge assurance link
###ios_ntp_config
These devices don't support the update_calendar attribute
These devices don't support the ipv6_access_group attribute
Does not implement vrf or time_stamp_units as described in the netdev_stdlib type definition.
The IOS operating system uses the deprecated "tacacs_server" syntax, we cannot use 'unset' functionality for individual fields link
The IOS operating system does not support:
- enable
- retransmit_count
- vrf
The origin-id command is not avalible on th above machine.
The setting of a VRF is not supported on the above machines.
The setting of a VRF is only supported on the above machine when an IP Services License is acquired.
ip cef distributed is enabled by default of the above machines and cannot be disabled.
ip cef optimize neighbor resolution cannot be set on the above machine.
It has been noted that NTP Server configuration may allow multiple entries of the same NTP Server address with different Source Interfaces
For example:
ntp server 1.2.3.4 key 42
ntp server 1.2.3.4 key 94 source Vlan42
ntp server 1.2.3.4 key 50 source Loopback42
While Puppet Resource will obtain all entries, Puppet Apply compares against the first entry found with the same name.
Send an ensure 'absent' manifest to remove all ntp servers of the same name, before rebuilding the ntp server configuration:
ntp_server { '1.2.3.4':
ensure => 'absent',
}followed by:
ntp_server { '1.2.3.4':
ensure => 'present',
key => 94,
prefer => true,
minpoll => 4,
maxpoll => 14,
source_interface => 'Vlan 42',
}Any edits can be made by referencing the same ntp_server name and source_interface.