.. _cisco.nxos.nxos_acl_interfaces_module: ****************************** cisco.nxos.nxos_acl_interfaces ****************************** **ACL interfaces resource module** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - Add and remove Access Control Lists on interfaces in NX-OS platform Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
config
list / elements=dictionary
A list of interfaces to be configured with ACLs
access_groups
list / elements=dictionary
List of address family indicators with ACLs to be configured on the interface
acls
list / elements=dictionary
List of Access Control Lists for the interface
direction
string / required
    Choices:
  • in
  • out
Direction to be applied for the ACL
name
string / required
Name of the ACL to be added/removed
port
boolean
    Choices:
  • no
  • yes
Use ACL as port policy.
afi
string / required
    Choices:
  • ipv4
  • ipv6
Address Family Indicator of the ACLs to be configured
name
string / required
Name of the interface
running_config
string
This option is used only with state parsed.
The value of this option should be the output received from the NX-OS device by executing the command show running-config | section '^interface'.
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
state
string
    Choices:
  • deleted
  • gathered
  • merged ←
  • overridden
  • rendered
  • replaced
  • parsed
The state the configuration should be left in

Notes ----- .. note:: - Tested against NX-OS 7.3.(0)D1(1) on VIRL - Unsupported for Cisco MDS Examples -------- .. code-block:: yaml # Using merged # Before state: # ------------ # - name: Merge ACL interfaces configuration cisco.nxos.nxos_acl_interfaces: config: - name: Ethernet1/2 access_groups: - afi: ipv6 acls: - name: ACL1v6 direction: in - name: Eth1/5 access_groups: - afi: ipv4 acls: - name: PortACL direction: in port: true - name: ACL1v4 direction: out - afi: ipv6 acls: - name: ACL1v6 direction: in state: merged # After state: # ------------ # interface Ethernet1/2 # ipv6 traffic-filter ACL1v6 in # interface Ethernet1/5 # ip port access-group PortACL in # ip access-group ACL1v4 out # ipv6 traffic-filter ACL1v6 in # Using replaced # Before state: # ------------ # interface Ethernet1/2 # ipv6 traffic-filter ACL1v6 in # interface Ethernet1/5 # ip port access-group PortACL in # ip access-group ACL1v4 out # ipv6 traffic-filter ACL1v6 in - name: Replace interface configuration with given configuration cisco.nxos.nxos_acl_interfaces: config: - name: Eth1/5 access_groups: - afi: ipv4 acls: - name: NewACLv4 direction: out - name: Ethernet1/3 access_groups: - afi: ipv6 acls: - name: NewACLv6 direction: in port: true state: replaced # After state: # ------------ # interface Ethernet1/2 # ipv6 traffic-filter ACL1v6 in # interface Ethernet1/3 # ipv6 port traffic-filter NewACLv6 in # interface Ethernet1/5 # ip access-group NewACLv4 out # Using overridden # Before state: # ------------ # interface Ethernet1/2 # ipv6 traffic-filter ACL1v6 in # interface Ethernet1/5 # ip port access-group PortACL in # ip access-group ACL1v4 out # ipv6 traffic-filter ACL1v6 in - name: Override interface configuration with given configuration cisco.nxos.nxos_acl_interfaces: config: - name: Ethernet1/3 access_groups: - afi: ipv4 acls: - name: ACL1v4 direction: out - name: PortACL port: true direction: in - afi: ipv6 acls: - name: NewACLv6 direction: in port: true state: overridden # After state: # ------------ # interface Ethernet1/3 # ip access-group ACL1v4 out # ip port access-group PortACL in # ipv6 port traffic-filter NewACLv6 in # Using deleted to remove ACL config from specified interfaces # Before state: # ------------- # interface Ethernet1/1 # ip access-group ACL2v4 in # interface Ethernet1/2 # ipv6 traffic-filter ACL1v6 in # interface Ethernet1/5 # ip port access-group PortACL in # ip access-group ACL1v4 out # ipv6 traffic-filter ACL1v6 in - name: Delete ACL configuration on interfaces cisco.nxos.nxos_acl_interfaces: config: - name: Ethernet1/5 - name: Ethernet1/2 state: deleted # After state: # ------------- # interface Ethernet1/1 # ip access-group ACL2v4 in # interface Ethernet1/2 # interface Ethernet1/5 # Using deleted to remove ACL config from all interfaces # Before state: # ------------- # interface Ethernet1/1 # ip access-group ACL2v4 in # interface Ethernet1/2 # ipv6 traffic-filter ACL1v6 in # interface Ethernet1/5 # ip port access-group PortACL in # ip access-group ACL1v4 out # ipv6 traffic-filter ACL1v6 in - name: Delete ACL configuration from all interfaces cisco.nxos.nxos_acl_interfaces: state: deleted # After state: # ------------- # interface Ethernet1/1 # interface Ethernet1/2 # interface Ethernet1/5 # Using parsed - name: Parse given configuration into structured format cisco.nxos.nxos_acl_interfaces: running_config: | interface Ethernet1/2 ipv6 traffic-filter ACL1v6 in interface Ethernet1/5 ipv6 traffic-filter ACL1v6 in ip access-group ACL1v4 out ip port access-group PortACL in state: parsed # returns # parsed: # - name: Ethernet1/2 # access_groups: # - afi: ipv6 # acls: # - name: ACL1v6 # direction: in # - name: Ethernet1/5 # access_groups: # - afi: ipv4 # acls: # - name: PortACL # direction: in # port: True # - name: ACL1v4 # direction: out # - afi: ipv6 # acls: # - name: ACL1v6 # direction: in # Using gathered: # Before state: # ------------ # interface Ethernet1/2 # ipv6 traffic-filter ACL1v6 in # interface Ethernet1/5 # ipv6 traffic-filter ACL1v6 in # ip access-group ACL1v4 out # ip port access-group PortACL in - name: Gather existing configuration from device cisco.nxos.nxos_acl_interfaces: config: state: gathered # returns # gathered: # - name: Ethernet1/2 # access_groups: # - afi: ipv6 # acls: # - name: ACL1v6 # direction: in # - name: Ethernet1/5 # access_groups: # - afi: ipv4 # acls: # - name: PortACL # direction: in # port: True # - name: ACL1v4 # direction: out # - afi: ipv6 # acls: # - name: ACL1v6 # direction: in # Using rendered - name: Render required configuration to be pushed to the device cisco.nxos.nxos_acl_interfaces: config: - name: Ethernet1/2 access_groups: - afi: ipv6 acls: - name: ACL1v6 direction: in - name: Ethernet1/5 access_groups: - afi: ipv4 acls: - name: PortACL direction: in port: true - name: ACL1v4 direction: out - afi: ipv6 acls: - name: ACL1v6 direction: in state: rendered # returns # rendered: # interface Ethernet1/2 # ipv6 traffic-filter ACL1v6 in # interface Ethernet1/5 # ipv6 traffic-filter ACL1v6 in # ip access-group ACL1v4 out # ip port access-group PortACL in Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
after
dictionary
when changed
The resulting configuration model invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
before
dictionary
always
The configuration prior to the model invocation.

Sample:
The configuration returned will always be in the same format of the parameters above.
commands
list
always
The set of commands pushed to the remote device.

Sample:
['interface Ethernet1/2', 'ipv6 traffic-filter ACL1v6 out', 'ip port access-group PortACL in']


Status ------ Authors ~~~~~~~ - Adharsh Srivats Rangarajan (@adharshsrivatsr)