cisco.iosxr.iosxr_acl_interfaces – ACL interfaces resource module
Note
This plugin is part of the cisco.iosxr collection (version 1.2.1).
To install it use: ansible-galaxy collection install cisco.iosxr
.
To use it in a playbook, specify: cisco.iosxr.iosxr_acl_interfaces
.
New in version 1.0.0: of cisco.iosxr
Synopsis
- This module manages adding and removing Access Control Lists (ACLs) from interfaces on devices running IOS-XR software.
Note
This module has a corresponding action plugin.
Parameters
Parameter | Choices/Defaults | Comments | |||
---|---|---|---|---|---|
config list / elements=dictionary | A dictionary of ACL options for interfaces. | ||||
access_groups list / elements=dictionary | Specifies ACLs attached to the interfaces. | ||||
acls list / elements=dictionary | Specifies the ACLs for the provided AFI. | ||||
direction string / required |
| Specifies the direction of packets that the ACL will be applied on. | |||
name string / required | Specifies the name of the IPv4/IPv6 ACL for the interface. | ||||
afi string / required |
| Specifies the AFI for the ACL(s) to be configured on this interface. | |||
name string / required | Name/Identifier for the interface | ||||
running_config string | This option is used only with state parsed. The value of this option should be the output received from the IOS-XR device by executing the command show running-config interface. The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result. | ||||
state string |
| The state the configuration should be left in. |
Examples
# Using merged # Before state: # ------------- # # RP/0/RP0/CPU0:ios#sh running-config interface # Wed Jan 15 12:22:32.911 UTC # interface MgmtEth0/RP0/CPU0/0 # ipv4 address dhcp # ! # interface GigabitEthernet0/0/0/0 # shutdown # ! # interface GigabitEthernet0/0/0/1 # shutdown # ! - name: Merge the provided configuration with the existing running configuration cisco.iosxr.iosxr_acl_interfaces: config: - name: GigabitEthernet0/0/0/0 access_groups: - afi: ipv4 acls: - name: acl_1 direction: in - name: acl_2 direction: out - afi: ipv6 acls: - name: acl6_1 direction: in - name: acl6_2 direction: out - name: GigabitEthernet0/0/0/1 access_groups: - afi: ipv4 acls: - name: acl_1 direction: out state: merged # After state: # ------------- # # RP/0/RP0/CPU0:ios#sh running-config interface # Wed Jan 15 12:27:49.378 UTC # interface MgmtEth0/RP0/CPU0/0 # ipv4 address dhcp # ! # interface GigabitEthernet0/0/0/0 # shutdown # ipv4 access-group acl_1 ingress # ipv4 access-group acl_2 egress # ipv6 access-group acl6_1 ingress # ipv6 access-group acl6_2 egress # ! # interface GigabitEthernet0/0/0/1 # shutdown # ipv4 access-group acl_1 egress # ! # Using merged to update interface ACL configuration # Before state: # ------------- # # RP/0/RP0/CPU0:ios#sh running-config interface # Wed Jan 15 12:27:49.378 UTC # interface MgmtEth0/RP0/CPU0/0 # ipv4 address dhcp # ! # interface GigabitEthernet0/0/0/0 # shutdown # ipv4 access-group acl_1 ingress # ipv4 access-group acl_2 egress # ipv6 access-group acl6_1 ingress # ipv6 access-group acl6_2 egress # ! # interface GigabitEthernet0/0/0/1 # shutdown # ipv4 access-group acl_1 egress # ! # - name: Update acl_interfaces configuration using merged cisco.iosxr.iosxr_acl_interfaces: config: - name: GigabitEthernet0/0/0/1 access_groups: - afi: ipv4 acls: - name: acl_2 direction: out - name: acl_1 direction: in state: merged # After state: # ------------- # # RP/0/RP0/CPU0:ios#sh running-config interface # Wed Jan 15 12:27:49.378 UTC # interface MgmtEth0/RP0/CPU0/0 # ipv4 address dhcp # ! # interface GigabitEthernet0/0/0/0 # shutdown # ipv4 access-group acl_1 ingress # ipv4 access-group acl_2 egress # ipv6 access-group acl6_1 ingress # ipv6 access-group acl6_2 egress # ! # interface GigabitEthernet0/0/0/1 # shutdown # ipv4 access-group acl_1 ingress # ipv4 access-group acl_2 egress # ! # # Using replaced # Before state: # ------------- # # RP/0/RP0/CPU0:ios#sh running-config interface # Wed Jan 15 12:34:56.689 UTC # interface MgmtEth0/RP0/CPU0/0 # ipv4 address dhcp # ! # interface GigabitEthernet0/0/0/0 # shutdown # ipv4 access-group acl_1 ingress # ipv4 access-group acl_2 egress # ipv6 access-group acl6_1 ingress # ipv6 access-group acl6_2 egress # ! # interface GigabitEthernet0/0/0/1 # shutdown # ipv4 access-group acl_1 egress # ! - name: Replace device configurations of listed interface with provided configurations cisco.iosxr.iosxr_acl_interfaces: config: - name: GigabitEthernet0/0/0/0 access_groups: - afi: ipv6 acls: - name: acl6_3 direction: in state: replaced # After state: # ------------- # # RP/0/RP0/CPU0:ios#sh running-config interface # Wed Jan 15 12:34:56.689 UTC # interface MgmtEth0/RP0/CPU0/0 # ipv4 address dhcp # ! # interface GigabitEthernet0/0/0/0 # shutdown # ipv6 access-group acl6_3 ingress # ! # interface GigabitEthernet0/0/0/1 # shutdown # ipv4 access-group acl_1 egress # ! # # Using overridden # Before state: # ------------- # # RP/0/RP0/CPU0:ios#sh running-config interface # Wed Jan 15 12:34:56.689 UTC # interface MgmtEth0/RP0/CPU0/0 # ipv4 address dhcp # ! # interface GigabitEthernet0/0/0/0 # shutdown # ipv4 access-group acl_1 ingress # ipv4 access-group acl_2 egress # ipv6 access-group acl6_1 ingress # ipv6 access-group acl6_2 egress # ! # interface GigabitEthernet0/0/0/1 # shutdown # ipv4 access-group acl_1 egress # ! # - name: Overridde all interface ACL configuration with provided configuration cisco.iosxr.iosxr_acl_interfaces: config: - name: GigabitEthernet0/0/0/1 access_groups: - afi: ipv4 acls: - name: acl_2 direction: in - afi: ipv6 acls: - name: acl6_3 direction: out state: overridden # After state: # ------------- # # RP/0/RP0/CPU0:ios#sh running-config interface # Wed Jan 15 12:34:56.689 UTC # interface MgmtEth0/RP0/CPU0/0 # ipv4 address dhcp # ! # interface GigabitEthernet0/0/0/0 # shutdown # ! # interface GigabitEthernet0/0/0/1 # shutdown # ipv4 access-group acl_2 ingress # ipv6 access-group acl6_3 egress # ! # # Using 'deleted' to delete all ACL attributes of a single interface # Before state: # ------------- # # RP/0/RP0/CPU0:ios#sh running-config interface # Wed Jan 15 12:34:56.689 UTC # interface MgmtEth0/RP0/CPU0/0 # ipv4 address dhcp # ! # interface GigabitEthernet0/0/0/0 # shutdown # ipv4 access-group acl_1 ingress # ipv4 access-group acl_2 egress # ipv6 access-group acl6_1 ingress # ipv6 access-group acl6_2 egress # ! # interface GigabitEthernet0/0/0/1 # shutdown # ipv4 access-group acl_1 egress # ! # - name: Delete all ACL attributes of GigabitEthernet0/0/0/1 cisco.iosxr.iosxr_acl_interfaces: config: - name: GigabitEthernet0/0/0/1 state: deleted # After state: # ------------- # # RP/0/RP0/CPU0:ios#sh running-config interface # Wed Jan 15 12:34:56.689 UTC # interface MgmtEth0/RP0/CPU0/0 # ipv4 address dhcp # ! # interface GigabitEthernet0/0/0/0 # shutdown # ipv4 access-group acl_1 ingress # ipv4 access-group acl_2 egress # ipv6 access-group acl6_1 ingress # ipv6 access-group acl6_2 egress # ! # interface GigabitEthernet0/0/0/1 # shutdown # ! # # Using 'deleted' to remove all ACLs attached to all the interfaces in the device # Before state: # ------------- # # RP/0/RP0/CPU0:ios#sh running-config interface # Wed Jan 15 12:34:56.689 UTC # interface MgmtEth0/RP0/CPU0/0 # ipv4 address dhcp # ! # interface GigabitEthernet0/0/0/0 # shutdown # ipv4 access-group acl_1 ingress # ipv4 access-group acl_2 egress # ipv6 access-group acl6_1 ingress # ipv6 access-group acl6_2 egress # ! # interface GigabitEthernet0/0/0/1 # shutdown # ipv4 access-group acl_1 egress # ! # - name: Delete all ACL interfaces configuration from the device cisco.iosxr.iosxr_acl_interfaces: state: deleted # After state: # ------------- # # RP/0/RP0/CPU0:ios#sh running-config interface # Wed Jan 15 12:34:56.689 UTC # interface MgmtEth0/RP0/CPU0/0 # ipv4 address dhcp # ! # interface GigabitEthernet0/0/0/0 # shutdown # ! # interface GigabitEthernet0/0/0/1 # shutdown # ! # # Using parsed # parsed.cfg # ------------ # # interface MgmtEth0/RP0/CPU0/0 # ipv4 address dhcp # ! # interface GigabitEthernet0/0/0/0 # shutdown # ipv4 access-group acl_1 ingress # ipv4 access-group acl_2 egress # ipv6 access-group acl6_1 ingress # ipv6 access-group acl6_2 egress # ! # interface GigabitEthernet0/0/0/1 # shutdown # ipv4 access-group acl_1 egress # ! # - name: Convert ACL interfaces config to argspec without connecting to the appliance # cisco.iosxr.iosxr_acl_interfaces: # running_config: "{{ lookup('file', './parsed.cfg') }}" # state: parsed # Task Output (redacted) # ----------------------- # "parsed": [ # { # "name": "MgmtEth0/RP0/CPU0/0" # }, # { # "access_groups": [ # { # "acls": [ # { # "direction": "in", # "name": "acl_1" # }, # { # "direction": "out", # "name": "acl_2" # } # ], # "afi": "ipv4" # }, # { # "acls": [ # { # "direction": "in", # "name": "acl6_1" # }, # { # "direction": "out", # "name": "acl6_2" # } # ], # "afi": "ipv6" # } # ], # "name": "GigabitEthernet0/0/0/0" # }, # { # "access_groups": [ # { # "acls": [ # { # "direction": "out", # "name": "acl_1" # } # ], # "afi": "ipv4" # } # ], # "name": "GigabitEthernet0/0/0/1" # } # ] # } # Using gathered - name: Gather ACL interfaces facts using gathered state cisco.iosxr.iosxr_acl_interfaces: state: gathered # Task Output (redacted) # ----------------------- # # "gathered": [ # { # "name": "MgmtEth0/RP0/CPU0/0" # }, # { # "access_groups": [ # { # "acls": [ # { # "direction": "in", # "name": "acl_1" # }, # { # "direction": "out", # "name": "acl_2" # } # ], # "afi": "ipv4" # } # "name": "GigabitEthernet0/0/0/0" # }, # { # "access_groups": [ # { # "acls": [ # { # "direction": "in", # "name": "acl6_1" # } # ], # "afi": "ipv6" # } # "name": "GigabitEthernet0/0/0/1" # } # ] # Using rendered - name: Render platform specific commands from task input using rendered state cisco.iosxr.iosxr_acl_interfaces: config: - name: GigabitEthernet0/0/0/0 access_groups: - afi: ipv4 acls: - name: acl_1 direction: in - name: acl_2 direction: out state: rendered # Task Output (redacted) # ----------------------- # "rendered": [ # "interface GigabitEthernet0/0/0/0", # "ipv4 access-group acl_1 ingress", # "ipv4 access-group acl_2 egress" # ]
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
after list / elements=string | when changed | The resulting configuration model invocation. Sample: The configuration returned will always be in the same format of the parameters above. |
before list / elements=string | always | The configuration prior to the model invocation. Sample: The configuration returned will always be in the same format of the parameters above. |
commands list / elements=string | always | The set of commands pushed to the remote device. Sample: ['interface GigabitEthernet0/0/0/1', 'ipv4 access-group acl_1 ingress', 'ipv4 access-group acl_2 egress', 'ipv6 access-group acl6_1 ingress', 'interface GigabitEthernet0/0/0/2', 'no ipv4 access-group acl_3 ingress', 'ipv4 access-group acl_4 egress'] |
Authors
- Nilashish Chakraborty (@NilashishC)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/cisco/iosxr/iosxr_acl_interfaces_module.html