← Ordo Artificum

ansible-netgear

Ansible collection for Netgear switches

Nine idempotent Ansible modules for managing Netgear Smart Managed Plus switches as infrastructure-as-code. Declare your VLAN layout, port settings, and QoS policy in YAML — the collection handles the rest.

Early release — lightly tested github.com/jfrancis42/ansible-netgear

New project — lightly tested

Tested against a single GS105Ev2 (5-port gigabit, firmware V1.6.0.24). Other Netgear Smart Managed Plus models that share the same web UI are expected to be compatible but have not been verified. The module interface may change without notice. Verify each operation on your hardware before use in production — especially VLAN changes on live switches.

What it is

Netgear Smart Managed Plus switches have no REST API, no SSH, and no Ansible connection plugin — their only configuration interface is an HTTP web UI. ansible-netgear wraps the netgear-tool Python SDK to expose nine fully idempotent Ansible modules that manage these switches the same way you would any other network device.

All modules support check mode (--check), report changed/unchanged state accurately, and are safe to run repeatedly. The collection runs locally on the Ansible control node (connection: local) — no agent or SSH access to the switch is required.

VLAN configuration, port settings, QoS, bandwidth limits, port mirroring, and IGMP snooping are all declaratively managed. Maintenance tasks — reboot, factory reset, and cable diagnostics — are also available.

Modules

Module What it manages
facts Gather all switch state as Ansible facts under the netgear key
system Switch name, static IP, netmask, gateway, DHCP mode, admin password
port Per-port enable/disable, speed/duplex, flow control — accepts a list of ports
mirror Port mirroring (SPAN) — source ports and destination port
igmp IGMP snooping, loop detection, and broadcast filtering
qos Global QoS scheduling mode (port-based or 802.1p/DSCP)
bandwidth Per-port ingress and egress rate limits — accepts a list of ports
vlan 802.1Q VLAN configuration — tagged/untagged port membership and PVIDs
maintenance Reboot, factory reset (requires force: true), cable diagnostics

Quick start

A playbook that enables 802.1Q, configures two VLANs, and sets up a trunk port:

---
- name: Configure Netgear switch
  hosts: my-switch
  connection: local
  gather_facts: false
  tasks:
    - name: Enable IGMP snooping and loop detection
      jfrancis42.netgear.igmp:
        host: "{{ ansible_host }}"
        password: "{{ netgear_password }}"
        igmp_enabled: true
        loop_detection: true
    - name: VLAN 1 — ports 1-2 access, port 5 trunk
      jfrancis42.netgear.vlan:
        host: "{{ ansible_host }}"
        password: "{{ netgear_password }}"
        vlan_id: 1
        untagged_ports: [1, 2]
        tagged_ports: [5]
        state: present
    - name: VLAN 10 — port 3 access, port 5 trunk
      jfrancis42.netgear.vlan:
        host: "{{ ansible_host }}"
        password: "{{ netgear_password }}"
        vlan_id: 10
        untagged_ports: [3]
        tagged_ports: [5]
        pvid: 10
        state: present

Installation

Install from Ansible Galaxy:

ansible-galaxy collection install jfrancis42.netgear
# Requires: netgear-tool SDK (netgear_switch.py) on the Python path
# Requires: Python 3.8+, requests library

The collection depends on the netgear-tool SDK. Place netgear_switch.py anywhere on your Python path, or drop it into the collection's plugins/module_utils/ directory.

All modules use connection: local — set this at the play level or in your inventory's group vars. The host and password parameters are passed directly to each module.