diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7efb5e4a2d345b586221b88364e085c68dc8a490
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,98 @@
+image: registry.kszk.bme.hu/netadmin/containers/cicd-ssh:master
+stages:
+  - collect
+  - generate
+  - upload
+  - cleanup
+
+variables:
+  ANSIBLE_FORCE_COLOR: 'true'
+  ssh: ssh -tt -T -o StrictHostKeyChecking=no ansible@10.151.0.53
+  gitdir: sch-net-ansible
+  gitdir_dev: sch-net-ansible_$CI_COMMIT_BRANCH
+  gitrepo: git@git.sch.bme.hu:NETAdmin/sch-net/ansible.git
+
+before_script:
+  - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
+  - 'mkdir -p ~/.ssh'
+  - 'eval $(ssh-agent -s)'
+  - 'echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
+  - ssh-add <(echo "$ToAdmin_PRIVATE_KEY" | base64 -d)
+
+collect-ansible:
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+  stage: collect
+  retry:
+    max: 2
+    when: runner_system_failure
+  script:
+    - $ssh "cd $gitdir && git checkout master && git pull"
+    - $ssh "cd $gitdir && ./bootstrap.sh && source .venv/bin/activate && echo $ANSIBLE_VAULT_PASSWORD > .vault_password.txt && ansible-playbook collect-run-configs.yaml --vault-password-file .vault_password.txt"
+
+generate-ansible:
+  rules:
+    - if: $CI_PIPELINE_SOURCE != "schedule" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_PIPELINE_SOURCE != "schedule" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "merge_request_event"
+  stage: generate
+  retry:
+    max: 2
+    when: runner_system_failure
+  script:
+    - $ssh "cd $gitdir && git checkout master && git pull"
+    - $ssh "cd $gitdir && ./bootstrap.sh && source .venv/bin/activate && echo $ANSIBLE_VAULT_PASSWORD > .vault_password.txt && ansible-playbook generate-configs.yaml --vault-password-file .vault_password.txt"
+
+upload-ansible:
+  rules:
+    - if: $CI_PIPELINE_SOURCE != "schedule" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+  stage: upload
+  retry:
+    max: 2
+    when: runner_system_failure
+  script:
+    - $ssh "cd $gitdir && git checkout master && git pull"
+    - $ssh "cd $gitdir && ./bootstrap.sh && source .venv/bin/activate && echo $ANSIBLE_VAULT_PASSWORD > .vault_password.txt && ansible-playbook upload.yaml --vault-password-file .vault_password.txt"
+
+collect-ansible-after-upload:
+  rules:
+    - if: $CI_PIPELINE_SOURCE != "schedule" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+  stage: upload
+  retry:
+    max: 2
+    when: runner_system_failure
+  needs: ["upload-ansible"]
+  script:
+    - !reference [collect-ansible, script]
+
+collect-ansible-cleanup:
+  stage: cleanup
+  retry:
+    max: 2
+    when: runner_system_failure
+  script:
+    - $ssh "cd $gitdir && ([ ! -e .vault_password.txt ] || rm .vault_password.txt)"
+  when: always
+
+generate-ansible-dev:
+  rules:
+    - if: $CI_PIPELINE_SOURCE != "schedule" && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+  stage: generate
+  retry:
+    max: 2
+    when: runner_system_failure
+  script:
+    - $ssh "mkdir $gitdir_dev && cd $gitdir_dev && git clone git@git.sch.bme.hu:${CI_PROJECT_PATH}.git $gitdir && cd $gitdir"
+    - $ssh "cd $gitdir_dev/$gitdir && if [ $CI_PIPELINE_SOURCE == "merge_request_event" ]; then git checkout $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME; else git checkout $CI_COMMIT_BRANCH; fi"
+    - $ssh "cd $gitdir_dev/$gitdir && ./bootstrap.sh && source .venv/bin/activate && echo $ANSIBLE_VAULT_PASSWORD > .vault_password.txt && ansible-playbook generate-configs.yaml --vault-password-file .vault_password.txt"
+
+generate-ansible-dev-cleanup:
+  rules:
+    - if: $CI_PIPELINE_SOURCE != "schedule" && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+      when: always
+  stage: generate
+  retry:
+    max: 2
+    when: runner_system_failure
+  needs: ["generate-ansible-dev"]
+  script:
+    - $ssh "([! -e $gitdir_dev] || rm -rf $gitdir_dev)"
diff --git a/README.md b/README.md
index 6ab21a1125ebf8aaceb48cc97527e8692368405e..25d6a89903ba9e514b8315efdb7418b62d462cc9 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,17 @@
-# Devops Hazi
+# Hálózat automatizálás Ansible segítségével
+Ha kontributálni szeretnél további információt [ezen](./docs/contribute.md) az oldalon találsz.
+## A Projekt célja
+A projekt elsődleges célja a Schönhertz Kollégiumban található hálózat automatizálása Ansible, Gitlab CI/CD, és Jinja2 segítségével.
+Jelenleg a konfiguráció verziókezelés és generálás sw-server-03 és sw-server-04 eszközökön működik. A többi eszközről csak automatizált backup készül.
+## A projekt felépítése
+### Környezettel Kapcsolatos előfeltételek
+- A pipeline lefutásához szükséges AdminVM legyen a VM-hez készült pipelineal és Ansible-el deployalva. (A szükséges Repositoryk a /home/ansible -be le vannak klónozva.)
+- NOC Clusterben található GitlabRunnerVM elérhető legyen.
+- A megfelelő publikus kulcsok legyen a pipeline-ban és az AdminVM-ben elérhetőek(a pipeline be tud ssh-zni AdminVM-re)
+### Futó konfigurációk begyűjtése
+15 percenként lefut egy pipeline, ami Ansible segítségével végig megy a hálózati eszközökön. Összeszedi a futó konfigurációkat, majd összehasonlítja az előző futó konfigurációval. Ha változást talált elcommitolja, majd felpusholja azokat.
+### Új Futó konfiguráció generálása
+Nem master branch-re történő pusholás esetén lefut a konfigurációt generáló pipeline. Ehhez a Runner létrehoz egy ideiglenes könyvtárat az AdminVM-en. Erre a mangament hálózathoz való hozzáférés miatt van szükség. Itt kigenerálja az Ansible a megadott  template-ek és yaml fájlok segítségével a teljes új futó konfigurácót. Ezt összehasonlítja a már meglévő azaz éppen futó konfigurációval. A két konfiguráció közötti különbséget a pipelineban tudjuk megtekinteni.
 
+### Az új futó konfiguráció feltöltése hálózati eszközre.
+Merge Request feladása esetén először a már ismertetett módon kigeneráltatja a pipeline az Ansible-el a futó konfigurációt. A pipeline-ban meg tudjuk nézni a konfiguráció különbségeket. Ha egy megfelelő jogosultsággal rendelkező személy ( Maintainer a repository-n) jóváhagyja a módosításokat, akkor a branch mergelése közben az új konfiguráció feltöltődik az eszközre. Természetes a feltöltés előtt és után a konfigurációk mentésre kerülnek.
diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..90febf774f6718a78290b88fb42752de0c5bd610
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,11 @@
+[defaults]
+inventory = inventory.yaml
+timeout = 300
+host_key_checking = False
+jinja2_extensions = jinja2.ext.do
+
+[persistent_connection]
+command_timeout = 300
+
+[diff]
+always = True
\ No newline at end of file
diff --git a/bootstrap.sh b/bootstrap.sh
new file mode 100755
index 0000000000000000000000000000000000000000..e3e4a26285b2fda59a1c73e1c6dac54d25a64595
--- /dev/null
+++ b/bootstrap.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+########################### Virtualenv setup ####################################
+
+# create virtualenv if not present
+[[ ! -d .venv ]] && python3 -m venv .venv
+
+source .venv/bin/activate
+
+pip3 install setuptools-rust
+pip3 install wheel
+pip3 install ansible
+pip3 install paramiko
+pip3 install scp
+
+########################### Ansible setup ####################################
+
+ansible-galaxy install -r requirements.galaxy.yaml
+
+########################### Help ####################################
+
+echo
+echo "########################################"
+echo
+echo "Your playbooks:"
+
+find . -maxdepth 1 -type f -name "*.yaml" | grep -v inventory
+
+echo
+echo "Recommendation: Set up your OpenSSH config based on inventory.yaml"
+
+echo
+echo "You can run playbook with:"
+printf "\tansible-playbook -i inventory.yaml your-playbook.yaml"
+echo
+
+# to stay in our comfy virtualenv
+exec "${SHELL:bash}"
+
diff --git a/collect-run-configs.yaml b/collect-run-configs.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f4a697a87b670680483cc797f2be6fc1dabd9db5
--- /dev/null
+++ b/collect-run-configs.yaml
@@ -0,0 +1,71 @@
+- name: Collect and save Running Config from device
+  hosts: all
+  connection: ansible.netcommon.network_cli
+  vars_files:
+    - vars/password-vault.yaml
+
+  tasks:
+    - name: Get current date
+      command: date +%Y-%m-%d_%H:%M:%S
+      register: date
+      delegate_to: localhost
+      changed_when: false
+      run_once: true
+
+    - name: Read-write git checkout from gitsch/configs
+      ansible.builtin.git:
+        repo: git@git.sch.bme.hu:NETAdmin/sch-net/configs.git
+        dest: ../configs
+        update: yes
+      delegate_to: localhost
+      run_once: true
+
+    - name: "Creates directory: ../configs/{{ inventory_hostname }}"
+      file:
+        path: ../configs/{{ inventory_hostname }}
+        state: directory
+      delegate_to: localhost
+
+    - name: Check that the run-config.txt exists
+      stat:
+        path: ../configs/{{ inventory_hostname }}/run-config.txt
+      register: run_config_result
+
+    - name: Create the file, if it doesnt exist already
+      file:
+        path: ../configs/{{ inventory_hostname }}/run-config.txt
+        state: touch
+      when: not run_config_result.stat.exists
+
+    - name: Diff Running Config against previous backup config
+      become: no #buta ansible elfailelne, de cisco oldalról garantálva van, hogy become-ba kerülünk
+      ios_config:
+        backup: no
+        diff_against: intended
+        intended_config: "{{ lookup('file', '../configs/{{ inventory_hostname }}/run-config.txt') }}"
+        diff_ignore_lines:
+          - "! Last configuration change at*"
+          - "Time source is NTP,*"
+          - "Load for five secs:*"
+      register: running_diff
+    
+    - name: Backup Running Config if necessary
+      become: no #buta ansible elfailelne, de cisco oldalról garantálva van, hogy become-ba kerülünk
+      ios_config:
+        backup: yes
+        backup_options:
+          filename: run-config.txt
+          dir_path: "../configs/{{ inventory_hostname }}"
+      when: running_diff.changed
+
+    ## needed because running copy after ios_command
+    - name: reset the connection after scp
+      meta: reset_connection
+
+    - name: git commit
+      shell: cd ../configs && git add . && git commit -m "Ansible backup {{ date['stdout'] }}" && git push
+      register: command_result
+      run_once: true
+      delegate_to: localhost
+      failed_when: command_result.rc !=0 and "nothing to commit" not in command_result.stdout
+      changed_when: command_result.rc == 0
diff --git a/collect.sh b/collect.sh
new file mode 100755
index 0000000000000000000000000000000000000000..d71f4cc185aa7706a144304b20a851817924cc2f
--- /dev/null
+++ b/collect.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+source .venv/bin/activate
+ansible-playbook collect-run-configs.yaml --ask-vault-pass
diff --git a/device-configs/sw-server-03.net.sch.bme.hu/run-config-new.txt b/device-configs/sw-server-03.net.sch.bme.hu/run-config-new.txt
new file mode 100644
index 0000000000000000000000000000000000000000..92efbe8ecf71bba83380345c63520260806c8729
--- /dev/null
+++ b/device-configs/sw-server-03.net.sch.bme.hu/run-config-new.txt
@@ -0,0 +1,532 @@
+Current configuration : 17619 bytes
+!
+! Last configuration change at 21:36:56 UTC Fri Sep 17 2021 by ansible
+!
+version 17.3
+service timestamps debug datetime msec
+service timestamps log datetime msec
+service password-encryption
+service call-home
+platform punt-keepalive disable-kernel-core
+!
+hostname sw-server-03
+!
+vrf definition Mgmt-vrf
+ !
+ address-family ipv4
+ exit-address-family
+ !
+ address-family ipv6
+ exit-address-family
+!
+enable secret 9 [CENSORED]
+!
+!
+!
+!
+aaa new-model
+!
+!
+aaa group server tacacs+ AAA-NOC-TACACS
+ server name NOC
+ ip vrf forwarding Mgmt-vrf
+!
+aaa authentication login default group AAA-NOC-TACACS local
+aaa authentication enable default group AAA-NOC-TACACS enable
+aaa authorization config-commands
+aaa authorization exec default group AAA-NOC-TACACS if-authenticated 
+aaa authorization commands 15 default group AAA-NOC-TACACS if-authenticated 
+aaa accounting exec default start-stop group AAA-NOC-TACACS
+aaa accounting commands 15 default start-stop group AAA-NOC-TACACS
+!
+!
+!
+!
+!
+!
+aaa session-id common
+!
+boot system switch all flash:packages.conf
+switch 1 provision c9200l-48t-4x
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+no ip domain lookup
+ip domain name net.sch.bme.hu
+!
+!
+!
+login on-success log
+no device-tracking logging theft
+!
+crypto pki trustpoint SLA-TrustPoint
+ enrollment pkcs12
+ revocation-check crl
+!
+crypto pki trustpoint TP-self-signed-2304367758
+ enrollment selfsigned
+ subject-name cn=IOS-Self-Signed-Certificate-2304367758
+ revocation-check none
+ rsakeypair TP-self-signed-2304367758
+!
+!
+crypto pki certificate chain SLA-TrustPoint
+ certificate ca 01
+[CENSORED]
+  	quit
+crypto pki certificate chain TP-self-signed-2304367758
+ certificate self-signed 01
+[CENSORED]
+  	quit
+!
+system mtu 9198
+license boot level network-essentials addon dna-essentials
+!
+!
+diagnostic bootup level minimal
+!
+spanning-tree mode mst
+spanning-tree logging
+spanning-tree extend system-id
+!
+spanning-tree mst configuration
+ name SCH
+ revision 40
+ instance 4 vlan 49, 114, 208, 212
+ instance 8 vlan 6-7, 43, 51-52, 54-57, 112-113, 152, 154-155, 173, 176-183
+ instance 8 vlan 210, 1502, 2110
+ instance 12 vlan 172, 192, 209, 211
+ instance 16 vlan 10, 20-22
+ instance 18 vlan 11
+ instance 20 vlan 12
+!
+spanning-tree mst 0,4,8,12 priority 40960
+!
+memory free low-watermark processor 10055
+!
+username [CENSORED] privilege 15 secret 9 [CENSORED]
+username ansible privilege 15 secret 9 [CENSORED]
+username [CENSORED] privilege 15 secret 9 [CENSORED]
+!
+!
+redundancy
+ mode sso
+!
+!
+transceiver type all
+ monitoring
+lldp run
+!
+class-map match-any system-cpp-police-ewlc-control
+  description EWLC Control 
+class-map match-any system-cpp-police-topology-control
+  description Topology control
+class-map match-any system-cpp-police-sw-forward
+  description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
+class-map match-any system-cpp-default
+  description EWLC data, Inter FED Traffic 
+class-map match-any system-cpp-police-sys-data
+  description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
+class-map match-any system-cpp-police-punt-webauth
+  description Punt Webauth
+class-map match-any system-cpp-police-l2lvx-control
+  description L2 LVX control packets
+class-map match-any system-cpp-police-forus
+  description Forus Address resolution and Forus traffic
+class-map match-any system-cpp-police-multicast-end-station
+  description MCAST END STATION
+class-map match-any system-cpp-police-high-rate-app
+  description High Rate Applications 
+class-map match-any system-cpp-police-multicast
+  description MCAST Data
+class-map match-any system-cpp-police-l2-control
+  description L2 control
+class-map match-any system-cpp-police-dot1x-auth
+  description DOT1X Auth
+class-map match-any system-cpp-police-data
+  description ICMP redirect, ICMP_GEN and BROADCAST
+class-map match-any system-cpp-police-stackwise-virt-control
+  description Stackwise Virtual OOB
+class-map match-any non-client-nrt-class
+class-map match-any system-cpp-police-routing-control
+  description Routing control and Low Latency
+class-map match-any system-cpp-police-protocol-snooping
+  description Protocol snooping
+class-map match-any system-cpp-police-dhcp-snooping
+  description DHCP snooping
+class-map match-any system-cpp-police-ios-routing
+  description L2 control, Topology control, Routing control, Low Latency
+class-map match-any system-cpp-police-system-critical
+  description System Critical and Gold Pkt
+class-map match-any system-cpp-police-ios-feature
+  description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
+!
+policy-map system-cpp-policy
+!
+! 
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+interface Port-channel1
+ description % Memory-A : Port-channel1 : trunk %
+ switchport trunk allowed vlan 10,11
+ switchport mode trunk
+!
+interface Port-channel2
+ description % Memory-A-ng : Port-channel2 : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 10,11
+ switchport mode trunk
+!
+interface GigabitEthernet0/0
+ vrf forwarding Mgmt-vrf
+ ip address 172.20.0.51 255.255.0.0
+ negotiation auto
+!
+interface GigabitEthernet1/0/1
+ description % VMWare node1 : BalFelsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/2
+ description % VMWare node1 : JobbFelsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/3
+ description % VMWare node2 : BalFelsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/4
+ description % VMWare node2 : JobbFelsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/5
+ description % VMWare node3 : BalFelsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/6
+ description % VMWare node3 : JobbFelsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/7
+ description % VMWare node4 : BalFelsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/8
+ description % VMWare node4 : JobbFelsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/9
+ shutdown
+!
+interface GigabitEthernet1/0/10
+ shutdown
+!
+interface GigabitEthernet1/0/11
+ description % Memory-A-ng : BalKartyaPort1 : bond-trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 10,11
+ switchport mode trunk
+ channel-protocol lacp
+ channel-group 2 mode active
+!
+interface GigabitEthernet1/0/12
+ description % Memory-A-ng : BalKartyaPort2 : bond-trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 10,11
+ switchport mode trunk
+ channel-protocol lacp
+ channel-group 2 mode active
+!
+interface GigabitEthernet1/0/13
+ description % FujitsuStorage : Storage1 - CM#0 CA#0 Port#0 : access %
+ switchport access vlan 11
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/14
+ description % FujitsuStorage : Storage2 - CM#0 CA#0 Port#1 : access %
+ switchport access vlan 12
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/15
+ description % Memory-A : TODO : bond-trunk %
+ switchport trunk allowed vlan 10,11
+ switchport mode trunk
+ channel-protocol lacp
+ channel-group 1 mode active
+!
+interface GigabitEthernet1/0/16
+ description % Memory-A : TODO : bond-trunk %
+ switchport trunk allowed vlan 10,11
+ switchport mode trunk
+ channel-protocol lacp
+ channel-group 1 mode active
+!
+interface GigabitEthernet1/0/17
+ description % HyperV-Host-1-trunk : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 10,151,152,208-212,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/18
+ description % HyperV-Host-1-storage : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 11,12
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/19
+ description % HyperV-Host-2-trunk : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 10,151,152,208-212,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/20
+ description % HyperV-Host-2-storage : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 11,12
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/21
+ description % HyperV-Host-3-trunk : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 10,151,152,208-212,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/22
+ description % HyperV-Host-3-storage : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 11,12
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/23
+ description % HP-Storage : Storage1 - Card-B iSCSI2 : access %
+ switchport access vlan 12
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/24
+ description % HP-Storage : Storage2 - Card-A iSCSI2 : access %
+ switchport access vlan 12
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/25
+ description % HP-Storage : Storage1 - Card-A iSCSI1 : access %
+ switchport access vlan 11
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/26
+ description % HP-Storage : Storage2 - Card-B iSCSI1 : access %
+ switchport access vlan 11
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/27
+ description % behemoth-ng : eth0 : trunk %
+ switchport trunk native vlan 208
+ switchport trunk allowed vlan 10,11,208
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/28
+ shutdown
+!
+interface GigabitEthernet1/0/29
+ description % beholder : TODO : access %
+ switchport access vlan 208
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/30
+ description % beholder : TODO : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 10-12
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/31
+ shutdown
+!
+interface GigabitEthernet1/0/32
+ shutdown
+!
+interface GigabitEthernet1/0/33
+ shutdown
+!
+interface GigabitEthernet1/0/34
+ shutdown
+!
+interface GigabitEthernet1/0/35
+ shutdown
+!
+interface GigabitEthernet1/0/36
+ shutdown
+!
+interface GigabitEthernet1/0/37
+ shutdown
+!
+interface GigabitEthernet1/0/38
+ shutdown
+!
+interface GigabitEthernet1/0/39
+ shutdown
+!
+interface GigabitEthernet1/0/40
+ shutdown
+!
+interface GigabitEthernet1/0/41
+ shutdown
+!
+interface GigabitEthernet1/0/42
+ shutdown
+!
+interface GigabitEthernet1/0/43
+ shutdown
+!
+interface GigabitEthernet1/0/44
+ shutdown
+!
+interface GigabitEthernet1/0/45
+ shutdown
+!
+interface GigabitEthernet1/0/46
+ shutdown
+!
+interface GigabitEthernet1/0/47
+ shutdown
+!
+interface GigabitEthernet1/0/48
+ description % sw-admin-02 : Gig0/1 : trunk %
+ switchport trunk native vlan 743
+ switchport trunk allowed vlan 10,172
+ switchport mode trunk
+!
+interface TenGigabitEthernet1/1/1
+ description % rtr-1 : Te3/1 : trunk %
+ switchport trunk native vlan 741
+ switchport trunk allowed vlan 1-740,742-4094
+ switchport mode trunk
+!
+interface TenGigabitEthernet1/1/2
+ description % Juniper-Experimental-trunk : xe/0/0/11 : trunk %
+ switchport trunk native vlan 2110
+ switchport trunk allowed vlan 151,152,211
+ switchport mode trunk
+
+interface TenGigabitEthernet1/1/3
+ shutdown
+!
+interface TenGigabitEthernet1/1/4
+ shutdown
+!
+interface Vlan1
+ no ip address
+ shutdown
+!
+!
+!
+ip forward-protocol nd
+no ip http server
+no ip http secure-server
+ip ssh version 2
+ip scp server enable
+!
+!
+!
+logging host 172.20.208.248 vrf Mgmt-vrf
+snmp-server community SCHNET RO SNMP
+snmp-server location SCH0114, Budapest, HU
+snmp-server contact SCH Netadmin <netadmin@sch.bme.hu>
+snmp-server enable traps snmp linkdown linkup
+snmp-server host 172.20.208.249 vrf Mgmt-vrf SCHNET  snmp
+tacacs server NOC
+ address ipv4 172.20.208.250
+ key 7 [CENSORED]
+!
+!
+!
+control-plane
+ service-policy input system-cpp-policy
+!
+!
+line con 0
+ logging synchronous
+ stopbits 1
+line aux 0
+ stopbits 1
+line vty 0 4
+ transport input ssh
+line vty 5 31
+ transport input ssh
+!
+ntp server 172.20.208.250
+call-home
+ ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
+ ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
+ contact-email-addr sch-smart-licensing@cisco.com
+ profile "CiscoTAC-1"
+  active
+  destination transport-method http
+!
+!
+!
+!
+!
+!
+end
diff --git a/device-configs/sw-server-03.net.sch.bme.hu/run-config-old.txt b/device-configs/sw-server-03.net.sch.bme.hu/run-config-old.txt
new file mode 100644
index 0000000000000000000000000000000000000000..0bd002c1ee18d974d7c810d94492a03e77a662fa
--- /dev/null
+++ b/device-configs/sw-server-03.net.sch.bme.hu/run-config-old.txt
@@ -0,0 +1,529 @@
+Building configuration...
+
+Current configuration : 18127 bytes
+!
+! Last configuration change at 01:23:37 UTC Fri Dec 17 2021 by kelteto
+!
+version 17.3
+service timestamps debug datetime msec
+service timestamps log datetime msec
+service password-encryption
+service call-home
+platform punt-keepalive disable-kernel-core
+!
+hostname sw-server-03
+!
+!
+vrf definition Mgmt-vrf
+ !
+ address-family ipv4
+ exit-address-family
+ !
+ address-family ipv6
+ exit-address-family
+!
+enable secret 9 [CENSORED]
+!
+!
+!
+!
+aaa new-model
+!
+!
+aaa group server tacacs+ AAA-NOC-TACACS
+ server name NOC
+ ip vrf forwarding Mgmt-vrf
+!
+aaa authentication login default group AAA-NOC-TACACS local
+aaa authentication enable default group AAA-NOC-TACACS enable
+aaa authorization config-commands
+aaa authorization exec default group AAA-NOC-TACACS if-authenticated 
+aaa authorization commands 15 default group AAA-NOC-TACACS if-authenticated 
+aaa accounting exec default start-stop group AAA-NOC-TACACS
+aaa accounting commands 15 default start-stop group AAA-NOC-TACACS
+!
+!
+!
+!
+!
+!
+aaa session-id common
+boot system switch all flash:packages.conf
+switch 1 provision c9200l-48t-4x
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+no ip domain lookup
+ip domain name net.sch.bme.hu
+!
+!
+!
+login on-success log
+no device-tracking logging theft
+!
+crypto pki trustpoint SLA-TrustPoint
+ enrollment pkcs12
+ revocation-check crl
+!
+crypto pki trustpoint TP-self-signed-2304367758
+ enrollment selfsigned
+ subject-name cn=IOS-Self-Signed-Certificate-2304367758
+ revocation-check none
+ rsakeypair TP-self-signed-2304367758
+!
+!
+crypto pki certificate chain SLA-TrustPoint
+ certificate ca 01
+[CENSORED]
+  	quit
+crypto pki certificate chain TP-self-signed-2304367758
+ certificate self-signed 01
+[CENSORED]
+  	quit
+!
+system mtu 9198
+license boot level network-essentials addon dna-essentials
+!
+!
+diagnostic bootup level minimal
+!
+spanning-tree mode mst
+spanning-tree logging
+spanning-tree extend system-id
+!
+spanning-tree mst configuration
+ name SCH
+ revision 40
+ instance 4 vlan 49, 114, 208, 212
+ instance 8 vlan 6-7, 43, 51-52, 54-57, 112-113, 152, 154-155, 173, 176-183
+ instance 8 vlan 210, 1502, 2110
+ instance 12 vlan 172, 192, 209, 211
+ instance 16 vlan 10, 20-22
+ instance 18 vlan 11
+ instance 20 vlan 12
+!
+spanning-tree mst 0,4,8,12 priority 40960
+memory free low-watermark processor 10055
+!
+username [CENSORED] privilege 15 secret 9 [CENSORED]
+username ansible privilege 15 secret 9 [CENSORED]
+username [CENSORED] privilege 15 secret 9 [CENSORED]
+!
+redundancy
+ mode sso
+!
+!
+transceiver type all
+ monitoring
+lldp run
+!
+!
+class-map match-any system-cpp-police-ewlc-control
+  description EWLC Control 
+class-map match-any system-cpp-police-topology-control
+  description Topology control
+class-map match-any system-cpp-police-sw-forward
+  description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
+class-map match-any system-cpp-default
+  description EWLC data, Inter FED Traffic 
+class-map match-any system-cpp-police-sys-data
+  description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
+class-map match-any system-cpp-police-punt-webauth
+  description Punt Webauth
+class-map match-any system-cpp-police-l2lvx-control
+  description L2 LVX control packets
+class-map match-any system-cpp-police-forus
+  description Forus Address resolution and Forus traffic
+class-map match-any system-cpp-police-multicast-end-station
+  description MCAST END STATION
+class-map match-any system-cpp-police-high-rate-app
+  description High Rate Applications 
+class-map match-any system-cpp-police-multicast
+  description MCAST Data
+class-map match-any system-cpp-police-l2-control
+  description L2 control
+class-map match-any system-cpp-police-dot1x-auth
+  description DOT1X Auth
+class-map match-any system-cpp-police-data
+  description ICMP redirect, ICMP_GEN and BROADCAST
+class-map match-any system-cpp-police-stackwise-virt-control
+  description Stackwise Virtual OOB
+class-map match-any non-client-nrt-class
+class-map match-any system-cpp-police-routing-control
+  description Routing control and Low Latency
+class-map match-any system-cpp-police-protocol-snooping
+  description Protocol snooping
+class-map match-any system-cpp-police-dhcp-snooping
+  description DHCP snooping
+class-map match-any system-cpp-police-ios-routing
+  description L2 control, Topology control, Routing control, Low Latency
+class-map match-any system-cpp-police-system-critical
+  description System Critical and Gold Pkt
+class-map match-any system-cpp-police-ios-feature
+  description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
+!
+policy-map system-cpp-policy
+!
+! 
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+interface Port-channel1
+ description % Memory-A : Port-channel1 : trunk %
+ switchport trunk allowed vlan 10,11
+ switchport mode trunk
+!
+interface Port-channel2
+ description % Memory-A-ng : Port-channel2 : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 10,11
+ switchport mode trunk
+!
+interface GigabitEthernet0/0
+ vrf forwarding Mgmt-vrf
+ ip address 172.20.0.51 255.255.0.0
+ negotiation auto
+!
+interface GigabitEthernet1/0/1
+ description % VMWare node1 : BalFelsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/2
+ description % VMWare node1 : JobbFelsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/3
+ description % VMWare node2 : BalFelsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/4
+ description % VMWare node2 : JobbFelsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/5
+ description % VMWare node3 : BalFelsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/6
+ description % VMWare node3 : JobbFelsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/7
+ description % VMWare node4 : BalFelsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/8
+ description % VMWare node4 : JobbFelsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/9
+ shutdown
+!
+interface GigabitEthernet1/0/10
+ shutdown
+!
+interface GigabitEthernet1/0/11
+ description % Memory-A-ng : BalKartyaPort1 : bond-trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 10,11
+ switchport mode trunk
+ shutdown
+ channel-protocol lacp
+ channel-group 2 mode active
+!
+interface GigabitEthernet1/0/12
+ description % Memory-A-ng : BalKartyaPort2 : bond-trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 10,11
+ switchport mode trunk
+ shutdown
+ channel-protocol lacp
+ channel-group 2 mode active
+!
+interface GigabitEthernet1/0/13
+ description % FujitsuStorage : Storage1 - CM#0 CA#0 Port#0 : access %
+ switchport access vlan 11
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/14
+ description % FujitsuStorage : Storage2 - CM#0 CA#0 Port#1 : access %
+ switchport access vlan 12
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/15
+ description % Memory-A : TODO : bond-trunk %
+ switchport trunk allowed vlan 10,11
+ switchport mode trunk
+ channel-protocol lacp
+ channel-group 1 mode active
+!
+interface GigabitEthernet1/0/16
+ description % Memory-A : TODO : bond-trunk %
+ switchport trunk allowed vlan 10,11
+ switchport mode trunk
+ channel-protocol lacp
+ channel-group 1 mode active
+!
+interface GigabitEthernet1/0/17
+ description % HyperV-Host-1-trunk : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 10,151,152,208-212,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/18
+ description % HyperV-Host-1-storage : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 11,12
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/19
+ description % HyperV-Host-2-trunk : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 10,151,152,208-212,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/20
+ description % HyperV-Host-2-storage : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 11,12
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/21
+ description % HyperV-Host-3-trunk : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 10,151,152,208-212,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/22
+ description % HyperV-Host-3-storage : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 11,12
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/23
+ description % HP-Storage : Storage1 - Card-B iSCSI2 : access %
+ switchport access vlan 12
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/24
+ description % HP-Storage : Storage2 - Card-A iSCSI2 : access %
+ switchport access vlan 12
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/25
+ description % HP-Storage : Storage1 - Card-A iSCSI1 : access %
+ switchport access vlan 11
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/26
+ description % HP-Storage : Storage2 - Card-B iSCSI1 : access %
+ switchport access vlan 11
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/27
+ description % behemoth-ng : eth0 : trunk %
+ switchport trunk native vlan 208
+ switchport trunk allowed vlan 10,11,208
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/28
+ shutdown
+!
+interface GigabitEthernet1/0/29
+ description % beholder : TODO : access %
+ switchport access vlan 208
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/30
+ description % beholder : TODO : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 10-12
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/31
+!
+interface GigabitEthernet1/0/32
+!
+interface GigabitEthernet1/0/33
+!
+interface GigabitEthernet1/0/34
+!
+interface GigabitEthernet1/0/35
+ shutdown
+!
+interface GigabitEthernet1/0/36
+ shutdown
+!
+interface GigabitEthernet1/0/37
+ shutdown
+!
+interface GigabitEthernet1/0/38
+ shutdown
+!
+interface GigabitEthernet1/0/39
+ shutdown
+!
+interface GigabitEthernet1/0/40
+ shutdown
+!
+interface GigabitEthernet1/0/41
+ shutdown
+!
+interface GigabitEthernet1/0/42
+ shutdown
+!
+interface GigabitEthernet1/0/43
+ shutdown
+!
+interface GigabitEthernet1/0/44
+ shutdown
+!
+interface GigabitEthernet1/0/45
+ shutdown
+!
+interface GigabitEthernet1/0/46
+ shutdown
+!
+interface GigabitEthernet1/0/47
+ shutdown
+!
+interface GigabitEthernet1/0/48
+ description % sw-admin-02 : Gig0/1 : trunk %
+ switchport trunk native vlan 743
+ switchport trunk allowed vlan 10,172
+ switchport mode trunk
+!
+interface TenGigabitEthernet1/1/1
+ description % rtr-1 : Te3/1 : trunk %
+ switchport trunk native vlan 741
+ switchport trunk allowed vlan 1-740,742-4094
+ switchport mode trunk
+!
+interface TenGigabitEthernet1/1/2
+ description % Juniper-Experimental-trunk : xe/0/0/11 : trunk %
+ switchport trunk native vlan 2110
+ switchport trunk allowed vlan 151,152,211
+ switchport mode trunk
+!
+interface TenGigabitEthernet1/1/3
+ shutdown
+!
+interface TenGigabitEthernet1/1/4
+ shutdown
+!
+interface Vlan1
+ no ip address
+ shutdown
+!
+ip forward-protocol nd
+no ip http server
+no ip http secure-server
+ip ssh version 2
+ip scp server enable
+!
+!
+logging host 172.20.208.248 vrf Mgmt-vrf
+!
+snmp-server community SCHNET RO SNMP
+snmp-server location SCH0114, Budapest, HU
+snmp-server contact SCH Netadmin <netadmin@sch.bme.hu>
+snmp-server enable traps snmp linkdown linkup
+snmp-server host 172.20.208.249 vrf Mgmt-vrf SCHNET  snmp
+tacacs server NOC
+ address ipv4 172.20.208.250
+ key 7 [CENSORED]
+!
+!
+!
+control-plane
+ service-policy input system-cpp-policy
+!
+!
+line con 0
+ logging synchronous
+ stopbits 1
+line aux 0
+ stopbits 1
+line vty 0 4
+ transport input ssh
+line vty 5 31
+ transport input ssh
+!
+ntp server 172.20.208.250
+call-home
+ ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
+ ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
+ contact-email-addr sch-smart-licensing@cisco.com
+ profile "CiscoTAC-1"
+  active
+  destination transport-method http
+!
+!
+!
+!
+!
+!
+end
\ No newline at end of file
diff --git a/device-configs/sw-server-04.net.sch.bme.hu/run-config-new.txt b/device-configs/sw-server-04.net.sch.bme.hu/run-config-new.txt
new file mode 100644
index 0000000000000000000000000000000000000000..38d0a41abbdf5967a27f7b54982aaa880789486d
--- /dev/null
+++ b/device-configs/sw-server-04.net.sch.bme.hu/run-config-new.txt
@@ -0,0 +1,435 @@
+Current configuration : 17619 bytes
+!
+! Last configuration change at 21:36:56 UTC Fri Sep 17 2021 by ansible
+!
+version 17.3
+service timestamps debug datetime msec
+service timestamps log datetime msec
+service password-encryption
+service call-home
+platform punt-keepalive disable-kernel-core
+!
+hostname sw-server-04
+!
+vrf definition Mgmt-vrf
+ !
+ address-family ipv4
+ exit-address-family
+ !
+ address-family ipv6
+ exit-address-family
+!
+enable secret 9 [CENSORED]
+!
+!
+!
+!
+aaa new-model
+!
+!
+aaa group server tacacs+ AAA-NOC-TACACS
+ server name NOC
+ ip vrf forwarding Mgmt-vrf
+!
+aaa authentication login default group AAA-NOC-TACACS local
+aaa authentication enable default group AAA-NOC-TACACS enable
+aaa authorization config-commands
+aaa authorization exec default group AAA-NOC-TACACS if-authenticated 
+aaa authorization commands 15 default group AAA-NOC-TACACS if-authenticated 
+aaa accounting exec default start-stop group AAA-NOC-TACACS
+aaa accounting commands 15 default start-stop group AAA-NOC-TACACS
+!
+!
+!
+!
+!
+!
+aaa session-id common
+!
+boot system switch all flash:packages.conf
+switch 1 provision c9300l-24t-4x
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+no ip domain lookup
+ip domain name net.sch.bme.hu
+!
+!
+!
+login on-success log
+no device-tracking logging theft
+!
+crypto pki trustpoint TP-self-signed-2856276394
+ enrollment selfsigned
+ subject-name cn=IOS-Self-Signed-Certificate-2856276394
+ revocation-check none
+ rsakeypair TP-self-signed-2856276394
+!
+crypto pki trustpoint SLA-TrustPoint
+ enrollment pkcs12
+ revocation-check crl
+!
+!
+crypto pki certificate chain TP-self-signed-2856276394
+ certificate self-signed 01
+[CENSORED]
+  	quit
+crypto pki certificate chain SLA-TrustPoint
+ certificate ca 01
+[CENSORED]
+  	quit
+!
+system mtu 9198
+license boot level network-essentials addon dna-essentials
+!
+!
+diagnostic bootup level minimal
+!
+spanning-tree mode mst
+spanning-tree logging
+spanning-tree extend system-id
+!
+spanning-tree mst configuration
+ name SCH
+ revision 40
+ instance 4 vlan 49, 114, 208, 212
+ instance 8 vlan 6-7, 43, 51-52, 54-57, 112-113, 152, 154-155, 173, 176-183
+ instance 8 vlan 210, 1502, 2110
+ instance 12 vlan 172, 192, 209, 211
+ instance 16 vlan 10, 20-22
+ instance 18 vlan 11
+ instance 20 vlan 12
+!
+spanning-tree mst 0,4,8,12 priority 40960
+!
+memory free low-watermark processor 134344
+!
+username [CENSORED] privilege 15 secret 9 [CENSORED]
+username ansible privilege 15 secret 9 [CENSORED]
+username [CENSORED] privilege 15 secret 9 [CENSORED]
+!
+!
+redundancy
+ mode sso
+!
+!
+transceiver type all
+ monitoring
+lldp run
+!
+class-map match-any system-cpp-police-ewlc-control
+  description EWLC Control 
+class-map match-any system-cpp-police-topology-control
+  description Topology control
+class-map match-any system-cpp-police-sw-forward
+  description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
+class-map match-any system-cpp-default
+  description EWLC Data, Inter FED Traffic 
+class-map match-any system-cpp-police-sys-data
+  description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
+class-map match-any system-cpp-police-punt-webauth
+  description Punt Webauth
+class-map match-any system-cpp-police-l2lvx-control
+  description L2 LVX control packets
+class-map match-any system-cpp-police-forus
+  description Forus Address resolution and Forus traffic
+class-map match-any system-cpp-police-multicast-end-station
+  description MCAST END STATION
+class-map match-any system-cpp-police-high-rate-app
+  description High Rate Applications 
+class-map match-any system-cpp-police-multicast
+  description MCAST Data
+class-map match-any system-cpp-police-l2-control
+  description L2 control
+class-map match-any system-cpp-police-dot1x-auth
+  description DOT1X Auth
+class-map match-any system-cpp-police-data
+  description ICMP redirect, ICMP_GEN and BROADCAST
+class-map match-any system-cpp-police-stackwise-virt-control
+  description Stackwise Virtual OOB
+class-map match-any non-client-nrt-class
+class-map match-any system-cpp-police-routing-control
+  description Routing control and Low Latency
+class-map match-any system-cpp-police-protocol-snooping
+  description Protocol snooping
+class-map match-any system-cpp-police-dhcp-snooping
+  description DHCP snooping
+class-map match-any system-cpp-police-ios-routing
+  description L2 control, Topology control, Routing control, Low Latency
+class-map match-any system-cpp-police-system-critical
+  description System Critical and Gold Pkt
+class-map match-any system-cpp-police-ios-feature
+  description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
+!
+policy-map system-cpp-policy
+!
+! 
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+interface Port-channel1
+ description % Memory-A : Port-channel1 : trunk %
+ switchport trunk allowed vlan 12
+ switchport mode trunk
+!
+interface Port-channel2
+ description % Memory-A-ng : Port-channel2 : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 10,12
+ switchport mode trunk
+!
+interface GigabitEthernet0/0
+ vrf forwarding Mgmt-vrf
+ ip address 172.20.0.52 255.255.0.0
+ negotiation auto
+!
+interface GigabitEthernet1/0/1
+ description % VMWare node1 : BalAlsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/2
+ description % VMWare node1 : JobbAlsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/3
+ description % VMWare node2 : BalAlsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/4
+ description % VMWare node2 : JobbAlsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/5
+ description % VMWare node3 : BalAlsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/6
+ description % VMWare node3 : JobbAlsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/7
+ description % VMWare node4 : BalAlsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/8
+ description % VMWare node4 : JobbAlsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/9
+ shutdown
+!
+interface GigabitEthernet1/0/10
+ shutdown
+!
+interface GigabitEthernet1/0/11
+ description % Memory-A-ng : JobbKartyaPort1 : bond-trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 10,12
+ switchport mode trunk
+ channel-protocol lacp
+ channel-group 2 mode active
+!
+interface GigabitEthernet1/0/12
+ description % Memory-A-ng : JobbKartyaPort2 : bond-trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 10,12
+ switchport mode trunk
+ channel-protocol lacp
+ channel-group 2 mode active
+!
+interface GigabitEthernet1/0/13
+ description % FujitsuStorage : Storage1 - CM#0 CA#0 Port#0 : access %
+ switchport access vlan 11
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/14
+ description % FujitsuStorage : Storage2 - CM#0 CA#0 Port#1 : access %
+ switchport access vlan 12
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/15
+ description % Memory-A : TODO : bond-trunk %
+ switchport trunk allowed vlan 12
+ switchport mode trunk
+ channel-protocol lacp
+ channel-group 1 mode active
+!
+interface GigabitEthernet1/0/16
+ description % Memory-A : TODO : bond-trunk %
+ switchport trunk allowed vlan 12
+ switchport mode trunk
+ channel-protocol lacp
+ channel-group 1 mode active
+!
+interface GigabitEthernet1/0/17
+ description % HyperV-Host-1-trunk : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 10,151,152,208-212,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/18
+ description % HyperV-Host-1-storage : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 11,12
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/19
+ description % HyperV-Host-2-trunk : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 10,151,152,208-212,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/20
+ description % HyperV-Host-2-storage : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 11,12
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/21
+ description % HyperV-Host-3-trunk : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 10,151,152,208-212,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/22
+ description % HyperV-Host-3-storage : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 11,12
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/23
+ shutdown
+!
+interface GigabitEthernet1/0/24
+ description % sw-admin-02 : Gig0/2 : trunk %
+ switchport trunk native vlan 743
+ switchport trunk allowed vlan 10,172
+ switchport mode trunk
+!
+interface TenGigabitEthernet1/1/1
+ description % rtr-1 : Te3/2 : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 1-741,743-4094
+ switchport mode trunk
+!
+interface TenGigabitEthernet1/1/2
+ shutdown
+!
+interface TenGigabitEthernet1/1/3
+ shutdown
+!
+interface TenGigabitEthernet1/1/4
+ shutdown
+!
+interface AppGigabitEthernet1/0/1
+ shutdown
+!
+interface Vlan1
+ no ip address
+ shutdown
+!
+!
+!
+ip forward-protocol nd
+no ip http server
+no ip http secure-server
+ip ssh version 2
+ip scp server enable
+!
+!
+!
+logging host 172.20.208.248 vrf Mgmt-vrf
+snmp-server community SCHNET RO SNMP
+snmp-server location SCH0114, Budapest, HU
+snmp-server contact SCH Netadmin <netadmin@sch.bme.hu>
+snmp-server enable traps snmp linkdown linkup
+snmp-server host 172.20.208.249 vrf Mgmt-vrf SCHNET  snmp
+tacacs server NOC
+ address ipv4 172.20.208.250
+ key 7 [CENSORED]
+!
+!
+!
+control-plane
+ service-policy input system-cpp-policy
+!
+!
+line con 0
+ logging synchronous
+ stopbits 1
+line vty 0 4
+ transport input ssh
+line vty 5 31
+ transport input ssh
+!
+call-home
+ ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
+ ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
+ contact-email-addr sch-smart-licensing@cisco.com
+ profile "CiscoTAC-1"
+  active
+  destination transport-method http
+ntp server 172.20.208.250
+!
+!
+!
+!
+!
+!
+end
diff --git a/device-configs/sw-server-04.net.sch.bme.hu/run-config-old.txt b/device-configs/sw-server-04.net.sch.bme.hu/run-config-old.txt
new file mode 100644
index 0000000000000000000000000000000000000000..78d8fd07739c26934a7c5765a28b384d3e9b6b32
--- /dev/null
+++ b/device-configs/sw-server-04.net.sch.bme.hu/run-config-old.txt
@@ -0,0 +1,417 @@
+Building configuration...
+
+Current configuration : 15548 bytes
+!
+! Last configuration change at 01:14:22 UTC Fri Dec 17 2021 by kelteto
+!
+version 17.3
+service timestamps debug datetime msec
+service timestamps log datetime msec
+service password-encryption
+service call-home
+platform punt-keepalive disable-kernel-core
+!
+hostname sw-server-04
+!
+!
+vrf definition Mgmt-vrf
+ !
+ address-family ipv4
+ exit-address-family
+ !
+ address-family ipv6
+ exit-address-family
+!
+enable secret 9 [CENSORED]
+!
+aaa new-model
+!
+!
+aaa group server tacacs+ AAA-NOC-TACACS
+ server name NOC
+ ip vrf forwarding Mgmt-vrf
+!
+aaa authentication login default group AAA-NOC-TACACS local
+aaa authentication enable default group AAA-NOC-TACACS enable
+aaa authorization config-commands
+aaa authorization exec default group AAA-NOC-TACACS if-authenticated 
+aaa authorization commands 15 default group AAA-NOC-TACACS if-authenticated 
+aaa accounting exec default start-stop group AAA-NOC-TACACS
+aaa accounting commands 15 default start-stop group AAA-NOC-TACACS
+!
+!
+!
+!
+!
+!
+aaa session-id common
+boot system switch all flash:packages.conf
+switch 1 provision c9300l-24t-4x
+!
+!
+!
+!
+!
+no ip domain lookup
+ip domain name net.sch.bme.hu
+!
+!
+!
+login on-success log
+!
+!
+!
+!
+!
+no device-tracking logging theft
+!
+crypto pki trustpoint TP-self-signed-2856276394
+ enrollment selfsigned
+ subject-name cn=IOS-Self-Signed-Certificate-2856276394
+ revocation-check none
+ rsakeypair TP-self-signed-2856276394
+!
+crypto pki trustpoint SLA-TrustPoint
+ enrollment pkcs12
+ revocation-check crl
+!
+!
+crypto pki certificate chain TP-self-signed-2856276394
+ certificate self-signed 01
+[CENSORED]
+  	quit
+crypto pki certificate chain SLA-TrustPoint
+ certificate ca 01
+[CENSORED]
+  	quit
+!
+system mtu 9198
+license boot level network-essentials addon dna-essentials
+!
+!
+diagnostic bootup level minimal
+!
+spanning-tree mode mst
+spanning-tree logging
+spanning-tree extend system-id
+!
+spanning-tree mst configuration
+ name SCH
+ revision 40
+ instance 4 vlan 49, 114, 208, 212
+ instance 8 vlan 6-7, 43, 51-52, 54-57, 112-113, 152, 154-155, 173, 176-183
+ instance 8 vlan 210, 1502, 2110
+ instance 12 vlan 172, 192, 209, 211
+ instance 16 vlan 10, 20-22
+ instance 18 vlan 11
+ instance 20 vlan 12
+!
+spanning-tree mst 0,4,8,12 priority 40960
+memory free low-watermark processor 134344
+!
+username [CENSORED] privilege 15 secret 9 [CENSORED]
+username ansible privilege 15 secret 9 [CENSORED]
+username [CENSORED] privilege 15 secret 9 [CENSORED]
+redundancy
+ mode sso
+!
+!
+!
+!
+!
+!
+transceiver type all
+ monitoring
+lldp run
+!
+!
+class-map match-any system-cpp-police-ewlc-control
+  description EWLC Control 
+class-map match-any system-cpp-police-topology-control
+  description Topology control
+class-map match-any system-cpp-police-sw-forward
+  description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
+class-map match-any system-cpp-default
+  description EWLC Data, Inter FED Traffic 
+class-map match-any system-cpp-police-sys-data
+  description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
+class-map match-any system-cpp-police-punt-webauth
+  description Punt Webauth
+class-map match-any system-cpp-police-l2lvx-control
+  description L2 LVX control packets
+class-map match-any system-cpp-police-forus
+  description Forus Address resolution and Forus traffic
+class-map match-any system-cpp-police-multicast-end-station
+  description MCAST END STATION
+class-map match-any system-cpp-police-high-rate-app
+  description High Rate Applications 
+class-map match-any system-cpp-police-multicast
+  description MCAST Data
+class-map match-any system-cpp-police-l2-control
+  description L2 control
+class-map match-any system-cpp-police-dot1x-auth
+  description DOT1X Auth
+class-map match-any system-cpp-police-data
+  description ICMP redirect, ICMP_GEN and BROADCAST
+class-map match-any system-cpp-police-stackwise-virt-control
+  description Stackwise Virtual OOB
+class-map match-any non-client-nrt-class
+class-map match-any system-cpp-police-routing-control
+  description Routing control and Low Latency
+class-map match-any system-cpp-police-protocol-snooping
+  description Protocol snooping
+class-map match-any system-cpp-police-dhcp-snooping
+  description DHCP snooping
+class-map match-any system-cpp-police-ios-routing
+  description L2 control, Topology control, Routing control, Low Latency
+class-map match-any system-cpp-police-system-critical
+  description System Critical and Gold Pkt
+class-map match-any system-cpp-police-ios-feature
+  description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
+!
+policy-map system-cpp-policy
+!
+! 
+!
+!
+!
+!
+!
+!
+!
+!
+!
+interface Port-channel1
+ description % Memory-A : Port-channel1 : trunk %
+ switchport trunk allowed vlan 12
+ switchport mode trunk
+!
+interface Port-channel2
+ description % Memory-A-ng : Port-channel2 : trunk %
+ switchport trunk allowed vlan 10,12
+ switchport mode trunk
+!
+interface GigabitEthernet0/0
+ vrf forwarding Mgmt-vrf
+ ip address 172.20.0.52 255.255.0.0
+ negotiation auto
+!
+interface GigabitEthernet1/0/1
+ description % VMWare node1 : BalAlsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/2
+ description % VMWare node1 : JobbAlsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/3
+ description % VMWare node2 : BalAlsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/4
+ description % VMWare node2 : JobbAlsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/5
+ description % VMWare node3 : BalAlsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/6
+ description % VMWare node3 : JobbAlsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/7
+ description % VMWare node4 : BalAlsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/8
+ description % VMWare node4 : JobbAlsoSzerverPort : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/9
+ shutdown
+!
+interface GigabitEthernet1/0/10
+ shutdown
+!
+interface GigabitEthernet1/0/11
+!
+interface GigabitEthernet1/0/12
+!
+interface GigabitEthernet1/0/13
+ description % FujitsuStorage : Storage1 - CM#0 CA#0 Port#0 : access %
+ switchport access vlan 11
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/14
+ description % FujitsuStorage : Storage2 - CM#0 CA#0 Port#1 : access %
+ switchport access vlan 12
+ switchport mode access
+ spanning-tree portfast
+!
+interface GigabitEthernet1/0/15
+ description % Memory-A : TODO : bond-trunk %
+ switchport trunk allowed vlan 12
+ switchport mode trunk
+ channel-protocol lacp
+ channel-group 1 mode active
+!
+interface GigabitEthernet1/0/16
+ description % Memory-A : TODO : bond-trunk %
+ switchport trunk allowed vlan 12
+ switchport mode trunk
+ channel-protocol lacp
+ channel-group 1 mode active
+!
+interface GigabitEthernet1/0/17
+ description % HyperV-Host-1-trunk : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 10,151,152,208-212,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/18
+ description % HyperV-Host-1-storage : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 11,12
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/19
+ description % HyperV-Host-2-trunk : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 10,151,152,208-212,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/20
+ description % HyperV-Host-2-storage : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 11,12
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/21
+ description % HyperV-Host-3-trunk : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 10,151,152,208-212,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/22
+ description % HyperV-Host-3-storage : TODO : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 11,12
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/23
+ shutdown
+!
+interface GigabitEthernet1/0/24
+ description % sw-admin-02 : Gig0/2 : trunk %
+ switchport trunk native vlan 743
+ switchport trunk allowed vlan 10,172
+ switchport mode trunk
+!
+interface TenGigabitEthernet1/1/1
+ description % rtr-1 : Te3/2 : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 1-741,743-4094
+ switchport mode trunk
+!
+interface TenGigabitEthernet1/1/2
+ shutdown
+!
+interface TenGigabitEthernet1/1/3
+!
+interface TenGigabitEthernet1/1/4
+ shutdown
+!
+interface AppGigabitEthernet1/0/1
+ shutdown
+!
+interface Vlan1
+ no ip address
+ shutdown
+!
+ip forward-protocol nd
+no ip http server
+no ip http secure-server
+ip ssh version 2
+ip scp server enable
+!
+!
+logging host 172.20.208.248 vrf Mgmt-vrf
+!
+snmp-server community SCHNET RO SNMP
+snmp-server location SCH0114, Budapest, HU
+snmp-server contact SCH Netadmin <netadmin@sch.bme.hu>
+snmp-server enable traps snmp linkdown linkup
+snmp-server host 172.20.208.249 vrf Mgmt-vrf SCHNET  snmp
+tacacs server NOC
+ address ipv4 172.20.208.250
+ key 7 [CENSORED]
+!
+!
+!
+control-plane
+ service-policy input system-cpp-policy
+!
+!
+line con 0
+ logging synchronous
+ stopbits 1
+line vty 0 4
+ transport input ssh
+line vty 5 31
+ transport input ssh
+!
+call-home
+ ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
+ ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
+ contact-email-addr sch-smart-licensing@cisco.com
+ profile "CiscoTAC-1"
+  active
+  destination transport-method http
+ntp server 172.20.208.250
+!
+!
+!
+!
+!
+!
+end
\ No newline at end of file
diff --git "a/docs/DevOpsH\303\241zi.pdf" "b/docs/DevOpsH\303\241zi.pdf"
new file mode 100644
index 0000000000000000000000000000000000000000..b120b04f60657ab0146310219ebbce9d0c7fea39
Binary files /dev/null and "b/docs/DevOpsH\303\241zi.pdf" differ
diff --git a/docs/bootstrap.md b/docs/bootstrap.md
new file mode 100644
index 0000000000000000000000000000000000000000..5e47a31fc2ca99b6870db2228dc7dc85e2c2d3aa
--- /dev/null
+++ b/docs/bootstrap.md
@@ -0,0 +1,37 @@
+# Hálózati eszköz Bootsrap konfigurációk
+## Device config for new C9200
+```
+ena
+conf t
+hostname sw-05-poe
+cdp run
+lldp run
+ip domain-name net.sch.bme.hu
+int gig 0/0 !dedikaltMGMT interface
+no shutdown
+ip add 172.20.69.5 255.255.0.0
+exit
+no ip http server !gyari webserver off
+no ip http secure-server !gyari webserver off
+no ip http authentication !gyari webserver off
+no ip domain-lookup !ne szivjunk... kisgyerek elso 4 szava
+ip ssh version 2
+crypto key generate rsa modulus 4096
+service password-encryption
+!!!!!!!!!!!csak tmp ansible kiuti
+username [CENSORED] privilege 15 password [CENSORED]
+line vty 0 15
+transport input ssh
+login local
+exit
+do wr
+
+```
+made by zoli0 and woranhun
+## ssh config
+```
+Host 172.20.*
+  KexAlgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
+  Ciphers aes128-cbc
+
+```
diff --git a/docs/contribute.md b/docs/contribute.md
new file mode 100644
index 0000000000000000000000000000000000000000..97588e5e3cf50e5e82353325db10502436a7edcf
--- /dev/null
+++ b/docs/contribute.md
@@ -0,0 +1,21 @@
+# Kontributálás a projekthez
+## Hasznos linkek
+- [Cisco Ansible](https://docs.ansible.com/ansible/latest/collections/cisco/ios/)
+- [Gitlab CICD Reference](https://docs.gitlab.com/ee/ci/yaml/)
+## Konfiguráció módosítása meglévő eszközön
+`vars/devices/<eszköz-neve>.yaml` -ban található a meglévő eszköz konfigja. Ebben a fájlban a legáltalánosabb beállítások végezhetőek el. Például: port fel vagy lekapcsolása, másik template húzása a portra, vlan módosítása stb.
+
+Ha valami olyat kell módosítani, ami nincs kivezete var fájlba, akkor a `templates` alatt található `.j2` fájlokat kell módosítani.
+
+A `templates/port-templates` alatt tudunk új port template-t létrehozni. Azt itt található fájloknál a kiterjesztés levágása utáni maradó névre tudunk hivatkozni az Ansible playbook-ban. Például: `hyper-v-storage.txt.j2` --> `hyper-v-storage` lesz
+## Új eszköz hozzáadása
+1. Előkészületek
+   1. Ha üres konfigurációja van az eszköznek, akkor a bootstrap config feltöltése az eszközre [innen](bootstrap.md). 
+   2. Meglévő Running konfiguráció begyűjtése az eszközről
+2. Lépés: `vars/devices` alá az eszköz FQDN jének megfelelő `*.yaml` elkészítése. `example.yaml` használható mintának.
+3. Ha még nem létezik, akkor a `templates/device-config` alá az eszköz típusának megfelelő konfig sablon létrehozása. Ehhez célszerű először a begyűjtött eszköz futó konfigurációját bemásolni ide, majd átnevezni és a megfelelő részeket kivágni, Jinja2 segítségével a meglévő részt behúzni és végül megtemplétezni. 
+4. `templates/device-config/crypto` alá az eszköz sorozatszámának megfelelő `*.txt.j2` létrehozása. Ebbe a fájlba kerülnek a fizikai eszköz specifikus részek pl.: tanusítványok.
+5. `iventory.yaml` fájlba az eszköz felvétele a `cisco-devices` csoport alá.
+## Új eszköz hozzáadása (csak konfiguráció gyűjtésére)
+1. `iventory.yaml` fájlba az eszköz felvétele a `cisco-only-backup` csoport alá.
+2. Ansible user beengedése az eszközre. (ACL módosítása)
\ No newline at end of file
diff --git a/generate-configs.yaml b/generate-configs.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..83f533de90fb3b19c5e97a8629211f3c09e6c834
--- /dev/null
+++ b/generate-configs.yaml
@@ -0,0 +1,72 @@
+- name: GatherFacts for vars include
+  hosts: cisco-devices
+  connection: ansible.netcommon.network_cli
+  gather_facts: no
+  vars_files:
+    - vars/password-vault.yaml
+  tasks:
+    - gather_facts:
+
+- name: Collect, save Running Config from device and diff with generated config
+  hosts: cisco-devices
+  connection: ansible.netcommon.network_cli
+  gather_facts: no
+  vars_files:
+    - vars/password-vault.yaml
+    - vars/common.yaml
+    - vars/devices/{{ inventory_hostname }}.yaml
+
+  tasks:
+    - name: Get current date
+      command: date +%Y-%m-%d_%H:%M:%S
+      register: date
+      delegate_to: localhost
+      changed_when: false
+      run_once: true
+    
+    - name: Collect custom types
+      import_tasks: tasks/collect-custom-types.yaml
+      delegate_to: localhost
+      changed_when: false
+      run_once: true
+
+    - name: "Creates directory: device-configs"
+      file:
+        path: device-configs
+        state: directory
+      run_once: true
+
+    - name: "Creates directory: device-configs/{{ inventory_hostname }}"
+      file:
+        path: device-configs/{{ inventory_hostname }}
+        state: directory
+
+    - name: Collect running configs
+      become: no
+      ios_command:
+        commands:
+          - "show run"
+      register: config
+
+    - name: Save output to device-configs/
+      copy:
+        content: "{{config.stdout[0]}}"
+        dest: "device-configs/{{ inventory_hostname }}/run-config-old.txt"
+
+    ## needed because running copy after ios_command
+    - name: reset the connection after scp
+      meta: reset_connection
+
+    - name: "Generate new configs"
+      template:
+        src: device-config/{{ device_model }}.txt.j2
+        dest: device-configs/{{ inventory_hostname }}/run-config-new.txt
+    
+    - name: check the running-config against master config
+      cisco.ios.ios_config:
+        diff_against: intended
+        intended_config: "{{ lookup('file', 'device-configs/{{ inventory_hostname }}/run-config-new.txt') }}"
+        diff_ignore_lines:
+          - "! Last configuration change at*"
+          - "Time source is NTP,*"
+          - "Load for five secs:*"
diff --git a/generate.sh b/generate.sh
new file mode 100755
index 0000000000000000000000000000000000000000..f08e255e2d37e3a040861017f09125565444329c
--- /dev/null
+++ b/generate.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+source .venv/bin/activate
+ansible-playbook generate-configs.yaml --ask-vault-pass
diff --git a/inventory.yaml b/inventory.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..930844d92134731d6b43da1ed79667efed0c92ea
--- /dev/null
+++ b/inventory.yaml
@@ -0,0 +1,46 @@
+all:
+  children:
+    cisco-only-backup:
+      hosts:
+        rtr-1.net.sch.bme.hu:
+          ansible_host: 172.20.208.253
+        sw-02.net.sch.bme.hu:
+          ansible_host: 172.20.0.2
+        sw-05.net.sch.bme.hu:
+          ansible_host: 172.20.0.5
+        sw-08.net.sch.bme.hu:
+          ansible_host: 172.20.0.8
+        sw-11.net.sch.bme.hu:
+          ansible_host: 172.20.0.11
+        sw-14.net.sch.bme.hu:
+          ansible_host: 172.20.0.14
+        sw-17.net.sch.bme.hu:
+          ansible_host: 172.20.0.17
+        sw-admin-02.net.sch.bme.hu:
+          ansible_host: 10.172.1.20
+        sw-kszk.net.sch.bme.hu:
+          ansible_host: 172.20.0.70
+        sw-mgmt.net.sch.bme.hu:
+          ansible_host: 172.20.172.20
+      vars:
+          ansible_user: ansible
+          ansible_ssh_pass: "{{ ansiblepass }}"
+          ansible_network_os: cisco.ios.ios
+          ansible_become_method: enable
+          ansible_become_password: "{{ enablepass }}"
+          host_key_checking: false
+          ansible_command_timeout: 180        
+    cisco-devices:
+      hosts:
+        sw-server-03.net.sch.bme.hu:
+          ansible_host: 172.20.0.51
+        sw-server-04.net.sch.bme.hu:
+          ansible_host: 172.20.0.52
+      vars:
+          ansible_user: ansible
+          ansible_ssh_pass: "{{ ansiblepass }}"
+          ansible_network_os: cisco.ios.ios
+          ansible_become_method: enable
+          ansible_become_password: "{{ enablepass }}"
+          host_key_checking: false
+          ansible_command_timeout: 180
diff --git a/requirements.galaxy.yaml b/requirements.galaxy.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..3b27f489af2c4d1e14a131c87f3b5eb1582a699e
--- /dev/null
+++ b/requirements.galaxy.yaml
@@ -0,0 +1,14 @@
+---
+
+# items from https://galaxy.ansible.com/home
+
+collections:
+- ansible.posix
+- name: cisco.ios
+- name: nginxinc.nginx_core
+  version: 0.3.0
+
+roles:
+- src: yatesr.timezone      # to set timezone
+
+
diff --git a/tasks/collect-custom-types.yaml b/tasks/collect-custom-types.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e6f5f335e1189caafb2dc5e3d676a863e61cd908
--- /dev/null
+++ b/tasks/collect-custom-types.yaml
@@ -0,0 +1,11 @@
+---
+- name: collect port-templates
+  block:
+    - name: collect port-template
+      set_fact:
+       valid_port_templates: "{{ valid_port_templates + [(item | basename).split('.')[0]] }}"
+      with_fileglob:
+        - "../templates/device-config/port-templates/*"
+    - debug:
+        var: valid_port_templates
+        
\ No newline at end of file
diff --git a/templates/device-config/c9200l-48t-4x.txt.j2 b/templates/device-config/c9200l-48t-4x.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..669a12d8ee838547c5f019c283ad6ecb9284b17a
--- /dev/null
+++ b/templates/device-config/c9200l-48t-4x.txt.j2
@@ -0,0 +1,165 @@
+Current configuration : 17619 bytes
+!
+! Last configuration change at 21:36:56 UTC Fri Sep 17 2021 by ansible
+!
+version 17.3
+service timestamps debug datetime msec
+service timestamps log datetime msec
+service password-encryption
+service call-home
+platform punt-keepalive disable-kernel-core
+!
+hostname {{ hostname }}
+{% include 'mgmt.txt.j2' %}
+boot system switch all flash:packages.conf
+switch 1 provision c9200l-48t-4x
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+no ip domain lookup
+ip domain name {{ domain_name }}
+!
+!
+!
+login on-success log
+no device-tracking logging theft
+{% include 'crypto/'+serial_number+'.txt.j2' %}
+system mtu 9198
+license boot level network-essentials addon dna-essentials
+!
+!
+diagnostic bootup level minimal
+!
+{% include 'mst.txt.j2' %}
+memory free low-watermark processor 10055
+!
+{% include 'users.txt.j2' %}
+!
+!
+redundancy
+ mode sso
+!
+!
+transceiver type all
+ monitoring
+lldp run
+!
+class-map match-any system-cpp-police-ewlc-control
+  description EWLC Control 
+class-map match-any system-cpp-police-topology-control
+  description Topology control
+class-map match-any system-cpp-police-sw-forward
+  description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
+class-map match-any system-cpp-default
+  description EWLC data, Inter FED Traffic 
+class-map match-any system-cpp-police-sys-data
+  description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
+class-map match-any system-cpp-police-punt-webauth
+  description Punt Webauth
+class-map match-any system-cpp-police-l2lvx-control
+  description L2 LVX control packets
+class-map match-any system-cpp-police-forus
+  description Forus Address resolution and Forus traffic
+class-map match-any system-cpp-police-multicast-end-station
+  description MCAST END STATION
+class-map match-any system-cpp-police-high-rate-app
+  description High Rate Applications 
+class-map match-any system-cpp-police-multicast
+  description MCAST Data
+class-map match-any system-cpp-police-l2-control
+  description L2 control
+class-map match-any system-cpp-police-dot1x-auth
+  description DOT1X Auth
+class-map match-any system-cpp-police-data
+  description ICMP redirect, ICMP_GEN and BROADCAST
+class-map match-any system-cpp-police-stackwise-virt-control
+  description Stackwise Virtual OOB
+class-map match-any non-client-nrt-class
+class-map match-any system-cpp-police-routing-control
+  description Routing control and Low Latency
+class-map match-any system-cpp-police-protocol-snooping
+  description Protocol snooping
+class-map match-any system-cpp-police-dhcp-snooping
+  description DHCP snooping
+class-map match-any system-cpp-police-ios-routing
+  description L2 control, Topology control, Routing control, Low Latency
+class-map match-any system-cpp-police-system-critical
+  description System Critical and Gold Pkt
+class-map match-any system-cpp-police-ios-feature
+  description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
+!
+policy-map system-cpp-policy
+!
+! 
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+{% include 'portchannels.txt.j2' %}
+{% include 'ports.txt.j2' %}
+!
+!
+ip forward-protocol nd
+no ip http server
+no ip http secure-server
+ip ssh version 2
+ip scp server enable
+!
+!
+!
+logging host 172.20.208.248 vrf Mgmt-vrf
+snmp-server community SCHNET RO SNMP
+snmp-server location SCH0114, Budapest, HU
+snmp-server contact SCH Netadmin <netadmin@sch.bme.hu>
+snmp-server enable traps snmp linkdown linkup
+snmp-server host 172.20.208.249 vrf Mgmt-vrf SCHNET  snmp
+tacacs server NOC
+ address ipv4 172.20.208.250
+ key 7 [CENSORED]
+!
+!
+!
+control-plane
+ service-policy input system-cpp-policy
+!
+!
+line con 0
+ logging synchronous
+ stopbits 1
+line aux 0
+ stopbits 1
+line vty 0 4
+ transport input ssh
+line vty 5 31
+ transport input ssh
+!
+ntp server 172.20.208.250
+call-home
+ ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
+ ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
+ contact-email-addr sch-smart-licensing@cisco.com
+ profile "CiscoTAC-1"
+  active
+  destination transport-method http
+!
+!
+!
+!
+!
+!
+end
diff --git a/templates/device-config/c9300l-24t-4x.txt.j2 b/templates/device-config/c9300l-24t-4x.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..99d6f40a6347283cf364a7ff8a96dc3795c760a5
--- /dev/null
+++ b/templates/device-config/c9300l-24t-4x.txt.j2
@@ -0,0 +1,163 @@
+Current configuration : 17619 bytes
+!
+! Last configuration change at 21:36:56 UTC Fri Sep 17 2021 by ansible
+!
+version 17.3
+service timestamps debug datetime msec
+service timestamps log datetime msec
+service password-encryption
+service call-home
+platform punt-keepalive disable-kernel-core
+!
+hostname {{ hostname }}
+{% include 'mgmt.txt.j2' %}
+boot system switch all flash:packages.conf
+switch 1 provision c9300l-24t-4x
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+no ip domain lookup
+ip domain name {{ domain_name }}
+!
+!
+!
+login on-success log
+no device-tracking logging theft
+{% include 'crypto/'+serial_number+'.txt.j2' %}
+system mtu 9198
+license boot level network-essentials addon dna-essentials
+!
+!
+diagnostic bootup level minimal
+!
+{% include 'mst.txt.j2' %}
+memory free low-watermark processor 134344
+!
+{% include 'users.txt.j2' -%}
+!
+!
+redundancy
+ mode sso
+!
+!
+transceiver type all
+ monitoring
+lldp run
+!
+class-map match-any system-cpp-police-ewlc-control
+  description EWLC Control 
+class-map match-any system-cpp-police-topology-control
+  description Topology control
+class-map match-any system-cpp-police-sw-forward
+  description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
+class-map match-any system-cpp-default
+  description EWLC Data, Inter FED Traffic 
+class-map match-any system-cpp-police-sys-data
+  description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
+class-map match-any system-cpp-police-punt-webauth
+  description Punt Webauth
+class-map match-any system-cpp-police-l2lvx-control
+  description L2 LVX control packets
+class-map match-any system-cpp-police-forus
+  description Forus Address resolution and Forus traffic
+class-map match-any system-cpp-police-multicast-end-station
+  description MCAST END STATION
+class-map match-any system-cpp-police-high-rate-app
+  description High Rate Applications 
+class-map match-any system-cpp-police-multicast
+  description MCAST Data
+class-map match-any system-cpp-police-l2-control
+  description L2 control
+class-map match-any system-cpp-police-dot1x-auth
+  description DOT1X Auth
+class-map match-any system-cpp-police-data
+  description ICMP redirect, ICMP_GEN and BROADCAST
+class-map match-any system-cpp-police-stackwise-virt-control
+  description Stackwise Virtual OOB
+class-map match-any non-client-nrt-class
+class-map match-any system-cpp-police-routing-control
+  description Routing control and Low Latency
+class-map match-any system-cpp-police-protocol-snooping
+  description Protocol snooping
+class-map match-any system-cpp-police-dhcp-snooping
+  description DHCP snooping
+class-map match-any system-cpp-police-ios-routing
+  description L2 control, Topology control, Routing control, Low Latency
+class-map match-any system-cpp-police-system-critical
+  description System Critical and Gold Pkt
+class-map match-any system-cpp-police-ios-feature
+  description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
+!
+policy-map system-cpp-policy
+!
+! 
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+{% include 'portchannels.txt.j2' %}
+{% include 'ports.txt.j2' %}
+!
+!
+ip forward-protocol nd
+no ip http server
+no ip http secure-server
+ip ssh version 2
+ip scp server enable
+!
+!
+!
+logging host 172.20.208.248 vrf Mgmt-vrf
+snmp-server community SCHNET RO SNMP
+snmp-server location SCH0114, Budapest, HU
+snmp-server contact SCH Netadmin <netadmin@sch.bme.hu>
+snmp-server enable traps snmp linkdown linkup
+snmp-server host 172.20.208.249 vrf Mgmt-vrf SCHNET  snmp
+tacacs server NOC
+ address ipv4 172.20.208.250
+ key 7 [CENSORED]
+!
+!
+!
+control-plane
+ service-policy input system-cpp-policy
+!
+!
+line con 0
+ logging synchronous
+ stopbits 1
+line vty 0 4
+ transport input ssh
+line vty 5 31
+ transport input ssh
+!
+call-home
+ ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
+ ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
+ contact-email-addr sch-smart-licensing@cisco.com
+ profile "CiscoTAC-1"
+  active
+  destination transport-method http
+ntp server 172.20.208.250
+!
+!
+!
+!
+!
+!
+end
diff --git a/templates/device-config/crypto/[CENSORED].txt.j2 b/templates/device-config/crypto/[CENSORED].txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..cca1e22b944ed8a3ecc604f2f9603a111e5f6c71
--- /dev/null
+++ b/templates/device-config/crypto/[CENSORED].txt.j2
@@ -0,0 +1,22 @@
+!
+crypto pki trustpoint TP-self-signed-2856276394
+ enrollment selfsigned
+ subject-name cn=IOS-Self-Signed-Certificate-2856276394
+ revocation-check none
+ rsakeypair TP-self-signed-2856276394
+!
+crypto pki trustpoint SLA-TrustPoint
+ enrollment pkcs12
+ revocation-check crl
+!
+!
+crypto pki certificate chain TP-self-signed-2856276394
+ certificate self-signed 01
+[CENSORED]
+  	quit
+crypto pki certificate chain SLA-TrustPoint
+ certificate ca 01
+[CENSORED]
+  	quit
+!
+
diff --git a/templates/device-config/crypto/[CENSORED]2.txt.j2 b/templates/device-config/crypto/[CENSORED]2.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..4203e50e8505ce26529198182aeecf6936a6b9a9
--- /dev/null
+++ b/templates/device-config/crypto/[CENSORED]2.txt.j2
@@ -0,0 +1,22 @@
+!
+crypto pki trustpoint SLA-TrustPoint
+ enrollment pkcs12
+ revocation-check crl
+!
+crypto pki trustpoint TP-self-signed-2304367758
+ enrollment selfsigned
+ subject-name cn=IOS-Self-Signed-Certificate-2304367758
+ revocation-check none
+ rsakeypair TP-self-signed-2304367758
+!
+!
+crypto pki certificate chain SLA-TrustPoint
+ certificate ca 01
+[CENSORED]
+  	quit
+crypto pki certificate chain TP-self-signed-2304367758
+ certificate self-signed 01
+[CENSORED]
+  	quit
+!
+
diff --git a/templates/device-config/mgmt.txt.j2 b/templates/device-config/mgmt.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..e1303a63a358d04cfa43268152430ac266f16d16
--- /dev/null
+++ b/templates/device-config/mgmt.txt.j2
@@ -0,0 +1,37 @@
+!
+vrf definition Mgmt-vrf
+ !
+ address-family ipv4
+ exit-address-family
+ !
+ address-family ipv6
+ exit-address-family
+!
+enable secret 9 {{ enable_hashed }}
+!
+!
+!
+!
+aaa new-model
+!
+!
+aaa group server tacacs+ AAA-NOC-TACACS
+ server name NOC
+ ip vrf forwarding Mgmt-vrf
+!
+aaa authentication login default group AAA-NOC-TACACS local
+aaa authentication enable default group AAA-NOC-TACACS enable
+aaa authorization config-commands
+aaa authorization exec default group AAA-NOC-TACACS if-authenticated 
+aaa authorization commands 15 default group AAA-NOC-TACACS if-authenticated 
+aaa accounting exec default start-stop group AAA-NOC-TACACS
+aaa accounting commands 15 default start-stop group AAA-NOC-TACACS
+!
+!
+!
+!
+!
+!
+aaa session-id common
+!
+
diff --git a/templates/device-config/mst.txt.j2 b/templates/device-config/mst.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..cdc3a8e181f5357d61ecc667264b5ddfc5784041
--- /dev/null
+++ b/templates/device-config/mst.txt.j2
@@ -0,0 +1,18 @@
+spanning-tree mode mst
+spanning-tree logging
+spanning-tree extend system-id
+!
+spanning-tree mst configuration
+ name SCH
+ revision 40
+ instance 4 vlan 49, 114, 208, 212
+ instance 8 vlan 6-7, 43, 51-52, 54-57, 112-113, 152, 154-155, 173, 176-183
+ instance 8 vlan 210, 1502, 2110
+ instance 12 vlan 172, 192, 209, 211
+ instance 16 vlan 10, 20-22
+ instance 18 vlan 11
+ instance 20 vlan 12
+!
+spanning-tree mst 0,4,8,12 priority 40960
+!
+
diff --git a/templates/device-config/port-templates/default.txt.j2 b/templates/device-config/port-templates/default.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..1b86c886cf7743515e5be121d10875111b90aa8f
--- /dev/null
+++ b/templates/device-config/port-templates/default.txt.j2
@@ -0,0 +1,3 @@
+interface {{ ifname }}
+ shutdown
+!
diff --git a/templates/device-config/port-templates/hyper-v-storage.txt.j2 b/templates/device-config/port-templates/hyper-v-storage.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..8b2db35b159254f7b3b48ce643c4d44e479badaf
--- /dev/null
+++ b/templates/device-config/port-templates/hyper-v-storage.txt.j2
@@ -0,0 +1,9 @@
+interface {{ ifname }}
+ description % HyperV-{{ifaces[ifname].server_name}}-storage : {{ ifaces[ifname].server_iface_name }} : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 11,12
+ switchport mode trunk
+ spanning-tree portfast trunk
+{% if ifaces[ifname].shutdown is defined %} shutdown
+{% endif %}
+!
diff --git a/templates/device-config/port-templates/hyper-v-trunk.txt.j2 b/templates/device-config/port-templates/hyper-v-trunk.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..3eaa370980050e711373855dd4bff26d02564fcb
--- /dev/null
+++ b/templates/device-config/port-templates/hyper-v-trunk.txt.j2
@@ -0,0 +1,9 @@
+interface {{ ifname }}
+ description % HyperV-{{ifaces[ifname].server_name}}-trunk : {{ ifaces[ifname].server_iface_name }} : trunk %
+ switchport trunk native vlan 742
+ switchport trunk allowed vlan 10,151,152,208-212,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+{% if ifaces[ifname].shutdown is defined %} shutdown
+{% endif %}
+!
diff --git a/templates/device-config/port-templates/juniper-experiment.txt.j2 b/templates/device-config/port-templates/juniper-experiment.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..942ee931d8d200e3c79d51154a2628d98e78ec55
--- /dev/null
+++ b/templates/device-config/port-templates/juniper-experiment.txt.j2
@@ -0,0 +1,7 @@
+interface {{ ifname }}
+ description % Juniper-Experimental-trunk : {{ ifaces[ifname].neighbour_iface }} : trunk %
+ switchport trunk native vlan 2110
+ switchport trunk allowed vlan 151,152,211
+ switchport mode trunk
+{% if ifaces[ifname].shutdown is defined %} shutdown
+{% endif %}
diff --git a/templates/device-config/port-templates/mgmt-vrf.txt.j2 b/templates/device-config/port-templates/mgmt-vrf.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..c9e02556203f56f30d95fca1aee9d546e478458f
--- /dev/null
+++ b/templates/device-config/port-templates/mgmt-vrf.txt.j2
@@ -0,0 +1,5 @@
+interface {{ ifname }}
+ vrf forwarding Mgmt-vrf
+ ip address {{ mgmtVRFip }} {{ mgmtVRFmask }}
+ negotiation auto
+!
diff --git a/templates/device-config/port-templates/network-trunk.txt.j2 b/templates/device-config/port-templates/network-trunk.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..d325b22a0087d4a075d6d8f5bf755fe30dc21c5c
--- /dev/null
+++ b/templates/device-config/port-templates/network-trunk.txt.j2
@@ -0,0 +1,9 @@
+interface {{ ifname }}
+ description % {{ ifaces[ifname].neighbour_name }} : {{ ifaces[ifname].neighbour_iface }} : trunk %
+{% if ifaces[ifname].trunk_native != 1 %} switchport trunk native vlan {{ ifaces[ifname].trunk_native }}
+{% endif %}
+ switchport trunk allowed vlan {{ ifaces[ifname].trunk_vlans }}
+ switchport mode trunk
+{% if ifaces[ifname].shutdown is defined %} shutdown
+{% endif %}
+!
diff --git a/templates/device-config/port-templates/server-access.txt.j2 b/templates/device-config/port-templates/server-access.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..5416a1eb9ec6db692914fd28148a8ef699cd153a
--- /dev/null
+++ b/templates/device-config/port-templates/server-access.txt.j2
@@ -0,0 +1,8 @@
+interface {{ ifname }}
+ description % {{ ifaces[ifname].server_name }} : {{ ifaces[ifname].server_iface_name }} : access %
+ switchport access vlan {{ ifaces[ifname].access_vlan }}
+ switchport mode access
+ spanning-tree portfast
+{% if ifaces[ifname].shutdown is defined %} shutdown
+{% endif %}
+!
diff --git a/templates/device-config/port-templates/server-bond-trunk.txt.j2 b/templates/device-config/port-templates/server-bond-trunk.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..283a8d16538ca87bcd718d00dfe7d2465d8b2e86
--- /dev/null
+++ b/templates/device-config/port-templates/server-bond-trunk.txt.j2
@@ -0,0 +1,11 @@
+interface {{ ifname }}
+ description % {{ ifaces[ifname].server_name }} : {{ ifaces[ifname].server_iface_name }} : bond-trunk %
+{% if ifaces[ifname].trunk_native != 1 %} switchport trunk native vlan {{ ifaces[ifname].trunk_native }}
+{% endif %}
+ switchport trunk allowed vlan {{ ifaces[ifname].trunk_vlans }}
+ switchport mode trunk
+ channel-protocol lacp
+ channel-group {{ ifaces[ifname].portchannel_id }} mode active
+{% if ifaces[ifname].shutdown is defined %} shutdown
+{% endif %}
+!
diff --git a/templates/device-config/port-templates/server-trunk.txt.j2 b/templates/device-config/port-templates/server-trunk.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..ff7a7f112e133dda9b3c59d913459c6e672669df
--- /dev/null
+++ b/templates/device-config/port-templates/server-trunk.txt.j2
@@ -0,0 +1,10 @@
+interface {{ ifname }}
+ description % {{ ifaces[ifname].server_name }} : {{ ifaces[ifname].server_iface_name }} : trunk %
+{% if ifaces[ifname].trunk_native != 1 %} switchport trunk native vlan {{ ifaces[ifname].trunk_native }}
+{% endif %}
+ switchport trunk allowed vlan {{ ifaces[ifname].trunk_vlans }}
+ switchport mode trunk
+ spanning-tree portfast trunk
+{% if ifaces[ifname].shutdown is defined %} shutdown
+{% endif %}
+!
diff --git a/templates/device-config/port-templates/vlan.txt.j2 b/templates/device-config/port-templates/vlan.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..23644391dd75006201b484525cccfe13e6e022a9
--- /dev/null
+++ b/templates/device-config/port-templates/vlan.txt.j2
@@ -0,0 +1,7 @@
+interface {{ ifname }}
+{% if ifaces[ifname].ip is defined %} ip address {{ ifaces[ifname].ip }}
+{% else %} no ip address
+{% if ifaces[ifname].shutdown is defined %} shutdown
+{% endif %}
+{% endif %}
+!
diff --git a/templates/device-config/port-templates/vmware-node.txt.j2 b/templates/device-config/port-templates/vmware-node.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..df92f008b106ade2df1c65fd6d8524bb16b932e8
--- /dev/null
+++ b/templates/device-config/port-templates/vmware-node.txt.j2
@@ -0,0 +1,10 @@
+interface {{ ifname }}
+ description % VMWare {{ ifaces[ifname].node_name }} : {{ ifaces[ifname].server_iface_name }} : trunk %
+ switchport trunk native vlan 10
+ switchport trunk allowed vlan 2,6,7,10-12,20-22,43,44,49-51,55-57,112,151,152
+ switchport trunk allowed vlan add 172,176-183,208-212,500,502,503,2110
+ switchport mode trunk
+ spanning-tree portfast trunk
+{% if ifaces[ifname].shutdown is defined %} shutdown
+{% endif %}
+!
diff --git a/templates/device-config/port-templates/vmware-storage.txt.j2 b/templates/device-config/port-templates/vmware-storage.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..5a50c615655856d8d25e77cc5031f790f04617cf
--- /dev/null
+++ b/templates/device-config/port-templates/vmware-storage.txt.j2
@@ -0,0 +1,8 @@
+interface {{ ifname }}
+ description % {{ ifaces[ifname].server_name }} : {{ ifaces[ifname].server_iface_name }} : access %
+ switchport access vlan {{ ifaces[ifname].vlan }}
+ switchport mode access
+ spanning-tree portfast
+{% if ifaces[ifname].shutdown is defined %} shutdown
+{% endif %}
+!
diff --git a/templates/device-config/portchannels.txt.j2 b/templates/device-config/portchannels.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..5c6d067cd9dc7aefabcb6a664ffd145d95ffdc8f
--- /dev/null
+++ b/templates/device-config/portchannels.txt.j2
@@ -0,0 +1,22 @@
+{% set portchannel_ids = [] %}
+{% for ifname in ifaces %}
+{% if ifaces[ifname].port_template is defined and ifaces[ifname].port_template == "server-bond-trunk" and ifaces[ifname].portchannel_id not in portchannel_ids %}
+{{ portchannel_ids.append(ifaces[ifname].portchannel_id) -}}
+{% endif %}
+{% endfor %}
+{% for poid in portchannel_ids|sort %}
+{% for ifname in ifaces  %}
+{% if ifaces[ifname].port_template is defined and ifaces[ifname].port_template == "server-bond-trunk" and ifaces[ifname].portchannel_id == poid and ifaces[ifname].portchannel_id in portchannel_ids %}
+interface Port-channel{{ifaces[ifname].portchannel_id}}
+ description % {{ ifaces[ifname].server_name }} : Port-channel{{ifaces[ifname].portchannel_id}} : trunk %
+{% if ifaces[ifname].trunk_native != 1 %} switchport trunk native vlan {{ ifaces[ifname].trunk_native }}
+{% endif %}
+ switchport trunk allowed vlan {{ ifaces[ifname].trunk_vlans }}
+ switchport mode trunk
+{{ portchannel_ids.remove(ifaces[ifname].portchannel_id) -}}
+{% if ifaces[ifname].shutdown is defined %} shutdown
+{% endif %}
+!
+{% endif %}
+{% endfor %}
+{% endfor %}
diff --git a/templates/device-config/ports.txt.j2 b/templates/device-config/ports.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..759729b2e2add7e4e17b2b0dc8dcf6ffa2226ade
--- /dev/null
+++ b/templates/device-config/ports.txt.j2
@@ -0,0 +1,9 @@
+{% for ifname in ifaces  %}
+{% if ifaces[ifname].port_template is defined and ifaces[ifname].port_template in valid_port_templates  %}
+{% include './port-templates/' + ifaces[ifname].port_template + '.txt.j2' %}
+
+{% else %}
+{% include './port-templates/default.txt.j2' %}
+
+{% endif %}
+{% endfor %}
diff --git a/templates/device-config/users.txt.j2 b/templates/device-config/users.txt.j2
new file mode 100644
index 0000000000000000000000000000000000000000..70fac82165c11a648da37f16b26af553a40d6fae
--- /dev/null
+++ b/templates/device-config/users.txt.j2
@@ -0,0 +1,4 @@
+username [CENSORED] privilege 15 secret 9 [CENSORED]
+username ansible privilege 15 secret 9 {{ ansible_hashed }}
+username {{ hostname }} privilege 15 secret 9 {{ enable_hashed }}
+
diff --git a/upload.sh b/upload.sh
new file mode 100755
index 0000000000000000000000000000000000000000..75226390917f00660ea1a0044dfeffa881eefdc1
--- /dev/null
+++ b/upload.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+source .venv/bin/activate
+ansible-playbook upload.yaml --ask-vault-pass
diff --git a/upload.yaml b/upload.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ba42fadd1eec7579c2d107d442ce83c463bd727c
--- /dev/null
+++ b/upload.yaml
@@ -0,0 +1,70 @@
+- name: GatherFacts for vars include
+  hosts: cisco-devices
+  connection: ansible.netcommon.network_cli
+  gather_facts: no
+  vars_files:
+    - vars/password-vault.yaml
+  tasks:
+    - gather_facts:
+
+- name: Collect, save Running Config from device and diff with generated config
+  hosts: cisco-devices
+  connection: ansible.netcommon.network_cli
+  gather_facts: no
+  vars_files:
+    - vars/password-vault.yaml
+    - vars/common.yaml
+    - vars/devices/{{ inventory_hostname }}.yaml
+
+  tasks:
+    - name: Get current date
+      command: date +%Y-%m-%d_%H:%M:%S
+      register: date
+      delegate_to: localhost
+      changed_when: false
+      run_once: true
+    
+    - name: Collect custom types
+      import_tasks: tasks/collect-custom-types.yaml
+      delegate_to: localhost
+      changed_when: false
+      run_once: true
+
+    - name: "Creates directory: device-configs"
+      file:
+        path: device-configs
+        state: directory
+      run_once: true
+
+    - name: "Creates directory: device-configs/{{ inventory_hostname }}"
+      file:
+        path: device-configs/{{ inventory_hostname }}
+        state: directory
+
+    - name: Collect running configs
+      become: yes
+      ios_command:
+        commands:
+          - "show run"
+      register: config
+
+    - name: Save output to device-configs/
+      copy:
+        content: "{{config.stdout[0]}}"
+        dest: "device-configs/{{ inventory_hostname }}/run-config-old.txt"
+
+    ## needed because running copy after ios_command
+    - name: reset the connection after scp
+      meta: reset_connection
+
+    - name: upload new config
+      become: yes
+      cisco.ios.ios_config:
+        diff_against: intended
+        save_when: modified
+        intended_config: "{{ lookup('file', 'device-configs/{{ inventory_hostname }}/run-config-new.txt') }}"
+        src: 'device-configs/{{ inventory_hostname }}/run-config-new.txt'
+        diff_ignore_lines:
+          - "! Last configuration change at*"
+          - "Time source is NTP,*"
+          - "Load for five secs:*"
diff --git a/vars/common.yaml b/vars/common.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..85cf6317484fa9d4030e8128cdabece89d7d8d0e
--- /dev/null
+++ b/vars/common.yaml
@@ -0,0 +1,3 @@
+domain_name: net.sch.bme.hu
+mgmtVRFmask: 255.255.0.0
+valid_port_templates: [] #placeholder
diff --git a/vars/devices/example.yaml b/vars/devices/example.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..3259c0862974c83df00b4f7e9b7d48494d0528e7
--- /dev/null
+++ b/vars/devices/example.yaml
@@ -0,0 +1,61 @@
+hostname: example
+mgmtVRFip: 172.0.0.0
+device_model: cxxxxl-yyt-zx
+serial_number: XXXXXXXXXXX
+ifaces:
+  GigabitEthernet0/0:
+  GigabitEthernet1/0/1:
+  GigabitEthernet1/0/2:
+  GigabitEthernet1/0/3:
+  GigabitEthernet1/0/4:
+  GigabitEthernet1/0/5: 
+  GigabitEthernet1/0/6:
+  GigabitEthernet1/0/7:
+  GigabitEthernet1/0/8:
+  GigabitEthernet1/0/9:
+  GigabitEthernet1/0/10:
+  GigabitEthernet1/0/11:
+  GigabitEthernet1/0/12: 
+  GigabitEthernet1/0/13:
+  GigabitEthernet1/0/14:  
+  GigabitEthernet1/0/15:
+  GigabitEthernet1/0/16:
+  GigabitEthernet1/0/17:
+  GigabitEthernet1/0/18: 
+  GigabitEthernet1/0/19:    
+  GigabitEthernet1/0/20: 
+  GigabitEthernet1/0/21:  
+  GigabitEthernet1/0/22:
+  GigabitEthernet1/0/23:
+  GigabitEthernet1/0/24:
+  GigabitEthernet1/0/25: 
+  GigabitEthernet1/0/26:
+  GigabitEthernet1/0/27:
+  GigabitEthernet1/0/28: 
+  GigabitEthernet1/0/29:
+  GigabitEthernet1/0/30:
+  GigabitEthernet1/0/31:
+  GigabitEthernet1/0/32:
+  GigabitEthernet1/0/33:
+  GigabitEthernet1/0/34:
+  GigabitEthernet1/0/35: 
+  GigabitEthernet1/0/36: 
+  GigabitEthernet1/0/37: 
+  GigabitEthernet1/0/38: 
+  GigabitEthernet1/0/39: 
+  GigabitEthernet1/0/40: 
+  GigabitEthernet1/0/41: 
+  GigabitEthernet1/0/42: 
+  GigabitEthernet1/0/43: 
+  GigabitEthernet1/0/44: 
+  GigabitEthernet1/0/45: 
+  GigabitEthernet1/0/46: 
+  GigabitEthernet1/0/47: 
+  GigabitEthernet1/0/48:
+  TenGigabitEthernet1/1/1:
+  TenGigabitEthernet1/1/2:
+  TenGigabitEthernet1/1/3:
+  TenGigabitEthernet1/1/4: 
+  Vlan1:
+    port_template: vlan
+    shutdown:
diff --git a/vars/devices/sw-server-03.net.sch.bme.hu.yaml b/vars/devices/sw-server-03.net.sch.bme.hu.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..5d34e174ccbcb21cfd902002089aa9d9867108ac
--- /dev/null
+++ b/vars/devices/sw-server-03.net.sch.bme.hu.yaml
@@ -0,0 +1,178 @@
+hostname: sw-server-03
+mgmtVRFip: 172.20.0.51
+device_model: c9200l-48t-4x
+serial_number: "[CENSORED]" #Serial number alapján derül ki, hogy melyik crypto-t kell behúzni
+ifaces:
+  GigabitEthernet0/0:
+    port_template: mgmt-vrf
+  GigabitEthernet1/0/1:
+    port_template: vmware-node
+    node_name: "node1"
+    server_iface_name: BalFelsoSzerverPort
+  GigabitEthernet1/0/2:
+    port_template: vmware-node
+    node_name: "node1"
+    server_iface_name: JobbFelsoSzerverPort
+  GigabitEthernet1/0/3:
+    port_template: vmware-node
+    node_name: "node2"
+    server_iface_name: BalFelsoSzerverPort  
+  GigabitEthernet1/0/4:
+    port_template: vmware-node
+    node_name: "node2"
+    server_iface_name: JobbFelsoSzerverPort   
+  GigabitEthernet1/0/5: 
+    port_template: vmware-node
+    node_name: "node3"
+    server_iface_name: BalFelsoSzerverPort
+  GigabitEthernet1/0/6:
+    port_template: vmware-node
+    node_name: "node3"
+    server_iface_name: JobbFelsoSzerverPort 
+  GigabitEthernet1/0/7:
+    port_template: vmware-node
+    node_name: "node4"
+    server_iface_name: BalFelsoSzerverPort
+  GigabitEthernet1/0/8:
+    port_template: vmware-node
+    node_name: "node4"
+    server_iface_name: JobbFelsoSzerverPort  
+  GigabitEthernet1/0/9:
+  GigabitEthernet1/0/10:
+  GigabitEthernet1/0/11:
+    port_template: server-bond-trunk
+    server_name: Memory-A-ng
+    server_iface_name: BalKartyaPort1
+    trunk_native: 10
+    trunk_vlans: 10,11
+    portchannel_id: 2
+  GigabitEthernet1/0/12:
+    port_template: server-bond-trunk
+    server_name: Memory-A-ng
+    server_iface_name: JobbKartyaPort1
+    trunk_native: 10
+    trunk_vlans: 10,11
+    portchannel_id: 2 
+  GigabitEthernet1/0/13:
+    port_template: vmware-storage
+    server_name: FujitsuStorage
+    server_iface_name: "Storage1 - CM#0 CA#0 Port#0"
+    vlan: 11  
+  GigabitEthernet1/0/14:
+    port_template: vmware-storage
+    server_name: FujitsuStorage
+    server_iface_name: "Storage2 - CM#0 CA#0 Port#1"
+    vlan: 12  
+  GigabitEthernet1/0/15:
+    port_template: server-bond-trunk
+    server_name: Memory-A
+    server_iface_name: TODO
+    trunk_native: 1
+    trunk_vlans: 10,11
+    portchannel_id: 1
+  GigabitEthernet1/0/16:
+    port_template: server-bond-trunk
+    server_name: Memory-A
+    server_iface_name: TODO
+    trunk_native: 1
+    trunk_vlans: 10,11
+    portchannel_id: 1
+  GigabitEthernet1/0/17:
+    port_template: hyper-v-trunk
+    server_name: Host-1
+    server_iface_name: TODO 
+  GigabitEthernet1/0/18:
+    port_template: hyper-v-storage
+    server_name: Host-1
+    server_iface_name: TODO   
+  GigabitEthernet1/0/19:
+    port_template: hyper-v-trunk
+    server_name: Host-2
+    server_iface_name: TODO    
+  GigabitEthernet1/0/20:
+    port_template: hyper-v-storage
+    server_name: Host-2
+    server_iface_name: TODO    
+  GigabitEthernet1/0/21:
+    port_template: hyper-v-trunk
+    server_name: Host-3
+    server_iface_name: TODO   
+  GigabitEthernet1/0/22:
+    port_template: hyper-v-storage
+    server_name: Host-3
+    server_iface_name: TODO  
+  GigabitEthernet1/0/23:
+    port_template: vmware-storage
+    server_name: HP-Storage
+    server_iface_name: "Storage1 - Card-B iSCSI2"
+    vlan: 12   
+  GigabitEthernet1/0/24:
+    port_template: vmware-storage
+    server_name: HP-Storage
+    server_iface_name: "Storage2 - Card-A iSCSI2"
+    vlan: 12   
+  GigabitEthernet1/0/25:
+    port_template: vmware-storage
+    server_name: HP-Storage
+    server_iface_name: "Storage1 - Card-A iSCSI1"
+    vlan: 11   
+  GigabitEthernet1/0/26:
+    port_template: vmware-storage
+    server_name: HP-Storage
+    server_iface_name: "Storage2 - Card-B iSCSI1"
+    vlan: 11   
+  GigabitEthernet1/0/27:
+    port_template: server-trunk
+    server_name: behemoth-ng
+    server_iface_name: eth0
+    trunk_native: 208
+    trunk_vlans: 10,11,208
+  GigabitEthernet1/0/28: 
+  GigabitEthernet1/0/29:
+    port_template: server-access
+    server_name: beholder
+    server_iface_name: TODO
+    access_vlan: 208 
+  GigabitEthernet1/0/30:
+    port_template: server-trunk
+    server_name: beholder
+    server_iface_name: TODO
+    trunk_native: 10
+    trunk_vlans: 10-12
+  GigabitEthernet1/0/31:
+  GigabitEthernet1/0/32:
+  GigabitEthernet1/0/33:
+  GigabitEthernet1/0/34:
+  GigabitEthernet1/0/35: 
+  GigabitEthernet1/0/36: 
+  GigabitEthernet1/0/37: 
+  GigabitEthernet1/0/38: 
+  GigabitEthernet1/0/39: 
+  GigabitEthernet1/0/40: 
+  GigabitEthernet1/0/41: 
+  GigabitEthernet1/0/42: 
+  GigabitEthernet1/0/43: 
+  GigabitEthernet1/0/44: 
+  GigabitEthernet1/0/45: 
+  GigabitEthernet1/0/46: 
+  GigabitEthernet1/0/47: 
+  GigabitEthernet1/0/48:
+    port_template: network-trunk
+    neighbour_name: sw-admin-02
+    neighbour_iface: Gig0/1
+    trunk_vlans: 10,172
+    trunk_native: 743 
+  TenGigabitEthernet1/1/1:
+    port_template: network-trunk
+    neighbour_name: rtr-1
+    neighbour_iface: Te3/1
+    trunk_vlans: 1-740,742-4094 #TODO nem kéne ennyi vlannak lejönnie ide...
+    trunk_native: 741  
+  TenGigabitEthernet1/1/2:
+    port_template: juniper-experiment
+    neighbour_iface: xe/0/0/11
+  TenGigabitEthernet1/1/3:
+  TenGigabitEthernet1/1/4: 
+  Vlan1:
+    port_template: vlan
+    shutdown:
diff --git a/vars/devices/sw-server-04.net.sch.bme.hu.yaml b/vars/devices/sw-server-04.net.sch.bme.hu.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d70cfc5128bdcd130499c0e0f486207bcc1f2743
--- /dev/null
+++ b/vars/devices/sw-server-04.net.sch.bme.hu.yaml
@@ -0,0 +1,123 @@
+hostname: sw-server-04
+mgmtVRFip: 172.20.0.52
+device_model: c9300l-24t-4x
+serial_number: "[CENSORED]" #Serial number alapján derül ki, hogy melyik crypto-t kell behúzni
+ifaces:
+  GigabitEthernet0/0:
+    port_template: mgmt-vrf
+  GigabitEthernet1/0/1:
+    port_template: vmware-node
+    node_name: "node1"
+    server_iface_name: BalAlsoSzerverPort
+  GigabitEthernet1/0/2:
+    port_template: vmware-node
+    node_name: "node1"
+    server_iface_name: JobbAlsoSzerverPort
+  GigabitEthernet1/0/3:
+    port_template: vmware-node
+    node_name: "node2"
+    server_iface_name: BalAlsoSzerverPort
+  GigabitEthernet1/0/4:
+    port_template: vmware-node
+    node_name: "node2"
+    server_iface_name: JobbAlsoSzerverPort
+  GigabitEthernet1/0/5: 
+    port_template: vmware-node
+    node_name: "node3"
+    server_iface_name: BalAlsoSzerverPort  
+  GigabitEthernet1/0/6:
+    port_template: vmware-node
+    node_name: "node3"
+    server_iface_name: JobbAlsoSzerverPort
+  GigabitEthernet1/0/7:
+    port_template: vmware-node
+    node_name: "node4"
+    server_iface_name: BalAlsoSzerverPort  
+  GigabitEthernet1/0/8:
+    port_template: vmware-node
+    node_name: "node4"
+    server_iface_name: JobbAlsoSzerverPort
+  GigabitEthernet1/0/9:
+  GigabitEthernet1/0/10:
+  GigabitEthernet1/0/11:
+    port_template: server-bond-trunk
+    server_name: Memory-A-ng
+    server_iface_name: BalKartyaPort2
+    trunk_native: 10
+    trunk_vlans: 10,12
+    portchannel_id: 2
+  GigabitEthernet1/0/12:
+    port_template: server-bond-trunk
+    server_name: Memory-A-ng
+    server_iface_name: JobbKartyaPort2
+    trunk_native: 10
+    trunk_vlans: 10,12
+    portchannel_id: 2 
+  GigabitEthernet1/0/13:
+    port_template: vmware-storage
+    server_name: FujitsuStorage
+    server_iface_name: "Storage1 - CM#0 CA#0 Port#0"
+    vlan: 11  
+  GigabitEthernet1/0/14:
+    port_template: vmware-storage
+    server_name: FujitsuStorage
+    server_iface_name: "Storage2 - CM#0 CA#0 Port#1"
+    vlan: 12  
+  GigabitEthernet1/0/15:
+    port_template: server-bond-trunk
+    server_name: Memory-A
+    server_iface_name: TODO
+    trunk_native: 1
+    trunk_vlans: 12
+    portchannel_id: 1
+  GigabitEthernet1/0/16:
+    port_template: server-bond-trunk
+    server_name: Memory-A
+    server_iface_name: TODO
+    trunk_native: 1
+    trunk_vlans: 12
+    portchannel_id: 1
+  GigabitEthernet1/0/17:
+    port_template: hyper-v-trunk
+    server_name: Host-1
+    server_iface_name: TODO 
+  GigabitEthernet1/0/18:
+    port_template: hyper-v-storage
+    server_name: Host-1
+    server_iface_name: TODO   
+  GigabitEthernet1/0/19:
+    port_template: hyper-v-trunk
+    server_name: Host-2
+    server_iface_name: TODO    
+  GigabitEthernet1/0/20:
+    port_template: hyper-v-storage
+    server_name: Host-2
+    server_iface_name: TODO    
+  GigabitEthernet1/0/21:
+    port_template: hyper-v-trunk
+    server_name: Host-3
+    server_iface_name: TODO   
+  GigabitEthernet1/0/22:
+    port_template: hyper-v-storage
+    server_name: Host-3
+    server_iface_name: TODO  
+  GigabitEthernet1/0/23:
+  GigabitEthernet1/0/24:
+    port_template: network-trunk
+    neighbour_name: sw-admin-02
+    neighbour_iface: Gig0/2
+    trunk_vlans: 10,172
+    trunk_native: 743 
+  TenGigabitEthernet1/1/1:
+    port_template: network-trunk
+    neighbour_name: rtr-1
+    neighbour_iface: Te3/2
+    trunk_vlans: 1-741,743-4094 #TODO nem kéne ennyi vlannak lejönnie ide...
+    trunk_native: 742  
+  TenGigabitEthernet1/1/2: 
+  TenGigabitEthernet1/1/3:
+  TenGigabitEthernet1/1/4:
+  AppGigabitEthernet1/0/1: 
+  Vlan1:
+    port_template: vlan
+    shutdown:
diff --git a/vars/password-vault.yaml b/vars/password-vault.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..664d9a6e69a44b53c911742fa013af6d9e1385d2
--- /dev/null
+++ b/vars/password-vault.yaml
@@ -0,0 +1 @@
+[CENSORED]
\ No newline at end of file