Cisco Automation REST APIs Ansible Python for Exam Preparation

Modern network engineering is no longer just about manual configuration via the command line. For current CCNA, DevNet Associate, and other Cisco certifications, you must understand how to automate and program networks. This shift represents a fundamental change in the skill set required to manage scalable, reliable, and agile network infrastructures. Mastering REST APIs, Ansible, and Python is not just about passing an exam; it's about building the foundational skills for a career in network automation, where you treat infrastructure as code and manage devices programmatically.

Core Concepts: The Automation Trifecta

The automation landscape for Cisco devices rests on three interdependent pillars: programmatic interfaces (APIs), configuration management tools (like Ansible), and a scripting language (Python). REST APIs (Representational State Transfer Application Programming Interfaces) provide a standardized way for software components to communicate over HTTP. Instead of sending CLI commands, you send HTTP requests (GET, POST, PUT, DELETE) to a specific URL (an endpoint) to retrieve data or make changes. Cisco implements REST APIs on platforms like IOS XE, DNA Center, and Meraki, making them a central exam topic.

To interact with these APIs, you need practical tools. Postman is a graphical API client that allows you to craft, send, and inspect HTTP requests without writing code. It's invaluable for learning API structures, testing authentication, and understanding the JSON data returned by Cisco devices. For automation, you use the Python requests library, which lets your scripts programmatically perform the same actions you test in Postman. A typical script involves constructing a request with the proper headers (like Content-Type: application/json and an authorization token), sending it, and then parsing the JSON response.

Interacting with Cisco REST APIs

Cisco's REST APIs typically require authentication. You will often use HTTP Basic Auth or, more commonly, token-based authentication. For example, to interact with the Cisco DNA Center API, your script might first send a POST request to /dna/system/api/v1/auth/token with a username and password to receive a time-limited token. This token must then be included in the X-Auth-Token header of all subsequent requests.

The data exchanged is in JSON (JavaScript Object Notation) format, a lightweight, human-readable data-interchange format. A common exam task is to write a Python script using the requests library to retrieve a list of network devices. The core code block looks like this:

import requests
response = requests.get('https://<dnac-ip>/dna/intent/api/v1/network-device',
                        headers={'X-Auth-Token': 'your-token'},
                        verify=False)
devices = response.json()['response']
for device in devices:
    print(f"Hostname: {device['hostname']}, IP: {device['managementIpAddress']}")

You must understand HTTP status codes: a 200 OK means success, 401 means unauthorized, and 404 means the requested resource (endpoint) was not found.

Automating with Ansible Playbooks

While Python scripts offer granular control, Ansible is a powerful configuration management and automation engine that uses a declarative model. You describe the desired state of a system, and Ansible figures out how to get there. For network automation, you write playbooks in YAML format. Key exam concepts include inventory files (which list your managed devices), connection plugins (like ansible.netcommon.httpapi for REST APIs or network_cli for SSH), and modules (pre-built units of code that perform specific tasks, like ios_command or cisco.dnac.device_info).

A simple Ansible playbook to gather facts from an IOS XE device using RESTCONF might look like this:

---
- name: Collect IOS XE Device Facts via RESTCONF
  hosts: ios_xe_routers
  gather_facts: no
  connection: httpapi
  vars:
    ansible_network_os: ios
    ansible_httpapi_use_ssl: yes
    ansible_httpapi_validate_certs: no

  tasks:
    - name: Get system information
      ios_facts:
        gather_subset: all

Ansible's idempotency is a crucial concept: running the same playbook multiple times results in the same system state, preventing unintended configuration drift. For the exam, you should be able to read a playbook and predict its outcome, or identify missing required parameters.

Understanding Data Models: YANG, NETCONF, and RESTCONF

To manage devices programmatically, you need a structured way to represent configuration and operational data. This is where data models come in. YANG (Yet Another Next Generation) is a data modeling language that defines the structure of configuration and state data sent to and from a network device. Think of a YANG model as a strict schema or blueprint for the data.

NETCONF (Network Configuration Protocol) is a protocol that uses YANG models over a secure, persistent SSH connection to install, manipulate, and delete device configurations. It operates with concepts like get-config and edit-config RPCs (Remote Procedure Calls). RESTCONF is a RESTful protocol that provides a similar functionality to NETCONF but uses HTTP methods and works with YANG data encoded in JSON or XML. For modern Cisco exams, RESTCONF is emphasized due to its alignment with common API practices. A key task is using a tool like pyang to view a YANG model and understand the correct JSON structure needed for a RESTCONF POST or PUT request to configure an interface, for example.

Python Scripting for Common Automation Tasks

Beyond basic API interaction, exam scenarios often involve writing Python scripts to solve specific network problems. This requires familiarity with core Python concepts: variables, data types (strings, lists, dictionaries), loops, conditionals, and file handling. You will frequently parse and manipulate nested JSON data structures returned from APIs.

A classic exam task is to write a script that automates a troubleshooting workflow. For instance, a script might: 1) Use the requests library to log into a Cisco DNA Center sandbox. 2) Retrieve a list of devices with a GET request. 3) Filter that list to find devices with a specific software version. 4) For each matching device, send another GET request to retrieve its interface statistics. 5) Parse the response to find interfaces with high error counts. 6) Print or log a formatted report. This tests your ability to chain API calls, handle data, and implement logic—all core automation skills.

Common Pitfalls

1. Ignoring Authentication and Headers: The most common API error is failing to handle authentication correctly. Forgetting to include the X-Auth-Token header or not refreshing an expired token will result in 401 Unauthorized errors. Always check your authentication flow first.
2. Hardcoding Values and Ignoring Code Reusability: Writing scripts with hardcoded IP addresses, credentials, or device IDs is poor practice and often penalized in exam scenarios. Use variables, prompt for input, or read from external files or environment variables to make your code reusable and secure.
3. Misunderstanding YAML Syntax in Ansible: Ansible playbooks are sensitive to YAML formatting. Using tabs instead of spaces, incorrect indentation, or mishandling multi-line strings (| vs >) will cause playbooks to fail. Always use spaces and validate your YAML structure.
4. Confusing Operational Data with Configuration Data: When working with YANG and RESTCONF/NETCONF, you must know the difference between configuration datastores (which hold the intended state, like running-config) and operational data (which is read-only state data, like interface statistics). Using a GET to a config endpoint won't give you live operational insights, and trying to PUT operational data will fail.

Summary

• REST APIs are the foundation: You interact with modern Cisco devices by sending HTTP requests (GET, POST, PUT, DELETE) to specific URIs and processing JSON responses. Tools like Postman are for learning; the Python requests library is for automation.
• Ansible provides declarative automation: You write YAML playbooks that describe the desired network state. Understand inventory, connection methods, modules, and the principle of idempotency.
• Data models enable structured management: YANG defines the schema for device data. RESTCONF (HTTP-based) and NETCONF (SSH-based) are protocols that use these models for programmatic configuration and data retrieval.
• Python is your glue logic: Beyond simple API calls, you must write scripts that combine logic, data parsing, and multiple API interactions to solve real-world network automation tasks.
• Exam success hinges on practice: Set up a sandbox (like Cisco DevNet's always-on labs or Cisco DNA Center sandbox), use Postman to explore APIs, write Ansible playbooks, and build Python scripts from scratch. This hands-on experience is irreplaceable for both the exam and your career.