A network administrator is managing a small office with 10 Cisco 9200 switches. They want to automate the deployment of a standard base configuration (VLANs, STP, management access) to all switches. They have a Linux server with Ansible installed. The administrator writes a playbook that uses the 'ios_config' module to apply configuration blocks. However, when they run the playbook against the first switch, it fails with an authentication error. The administrator can SSH to the switch manually using the same credentials. What is the most likely cause of the failure?
Network devices require these variables to handle the SSH session correctly.
Why this answer
The most likely cause is that the playbook is missing the required connection and platform variables. When using Ansible's `ios_config` module, you must explicitly set `ansible_connection: network_cli` and `ansible_network_os: ios` in the host variables or playbook. Without these, Ansible defaults to the `smart` connection plugin, which attempts an SSH connection using the `paramiko` library but does not properly negotiate the network CLI session, leading to authentication failures even though manual SSH works.
Exam trap
Cisco often tests the distinction between SSH connectivity and Ansible connection method configuration, trapping candidates who assume that successful manual SSH implies the playbook will work without setting `ansible_connection` and `ansible_network_os`.
How to eliminate wrong answers
Option B is wrong because if the SSH server did not support the key exchange algorithm, manual SSH would also fail, but the administrator can SSH successfully. Option C is wrong because the playbook failing with an authentication error while manual SSH works suggests the credentials are correct; the issue is not a missing username variable but the connection method. Option D is wrong because an incompatible IOS version would cause command execution errors, not authentication failures; the playbook hasn't reached the point of applying commands.