From 38b7c80217c4e72b1d8988eb1e60bb6e77334114 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 18 Apr 2024 07:52:22 +0200 Subject: Adding upstream version 9.4.0+dfsg. Signed-off-by: Daniel Baumann --- .../docs/cisco.ios.ios_acl_interfaces_module.rst | 2 +- .../cisco/ios/docs/cisco.ios.ios_acls_module.rst | 2088 ++++++-- .../cisco/ios/docs/cisco.ios.ios_banner_module.rst | 2 +- .../cisco.ios.ios_bgp_address_family_module.rst | 87 +- .../ios/docs/cisco.ios.ios_bgp_global_module.rst | 5 +- .../ios/docs/cisco.ios.ios_command_module.rst | 2 +- .../ios/docs/cisco.ios.ios_evpn_evi_module.rst | 791 ++++ .../ios/docs/cisco.ios.ios_evpn_global_module.rst | 721 +++ .../cisco/ios/docs/cisco.ios.ios_facts_module.rst | 15 + .../ios/docs/cisco.ios.ios_hostname_module.rst | 2 +- .../cisco/ios/docs/cisco.ios.ios_lacp_module.rst | 2 + .../docs/cisco.ios.ios_lag_interfaces_module.rst | 4 +- .../ios/docs/cisco.ios.ios_linkagg_module.rst | 2 +- .../ios/docs/cisco.ios.ios_lldp_global_module.rst | 4 +- .../docs/cisco.ios.ios_logging_global_module.rst | 2 +- .../ios/docs/cisco.ios.ios_logging_module.rst | 401 -- .../ios/docs/cisco.ios.ios_ntp_global_module.rst | 2 +- .../docs/cisco.ios.ios_ospf_interfaces_module.rst | 671 ++- .../cisco/ios/docs/cisco.ios.ios_ospfv2_module.rst | 1030 ++-- .../cisco/ios/docs/cisco.ios.ios_ospfv3_module.rst | 827 ++-- .../cisco/ios/docs/cisco.ios.ios_ping_module.rst | 15 + .../ios/docs/cisco.ios.ios_prefix_lists_module.rst | 162 +- .../ios/docs/cisco.ios.ios_service_module.rst | 8 +- .../ios/docs/cisco.ios.ios_snmp_server_module.rst | 4962 ++++++++++++++++++-- .../cisco/ios/docs/cisco.ios.ios_vlans_module.rst | 440 +- .../cisco/ios/docs/cisco.ios.ios_vrf_module.rst | 16 + .../ios/docs/cisco.ios.ios_vxlan_vtep_module.rst | 701 +++ 27 files changed, 10753 insertions(+), 2211 deletions(-) create mode 100644 ansible_collections/cisco/ios/docs/cisco.ios.ios_evpn_evi_module.rst create mode 100644 ansible_collections/cisco/ios/docs/cisco.ios.ios_evpn_global_module.rst delete mode 100644 ansible_collections/cisco/ios/docs/cisco.ios.ios_logging_module.rst create mode 100644 ansible_collections/cisco/ios/docs/cisco.ios.ios_vxlan_vtep_module.rst (limited to 'ansible_collections/cisco/ios/docs') diff --git a/ansible_collections/cisco/ios/docs/cisco.ios.ios_acl_interfaces_module.rst b/ansible_collections/cisco/ios/docs/cisco.ios.ios_acl_interfaces_module.rst index cbdf96bcc..b188ba816 100644 --- a/ansible_collections/cisco/ios/docs/cisco.ios.ios_acl_interfaces_module.rst +++ b/ansible_collections/cisco/ios/docs/cisco.ios.ios_acl_interfaces_module.rst @@ -442,7 +442,7 @@ Examples # ip access-group 123 out # Using DELETED without any config passed - #"(NOTE: This will delete all of configured resource module attributes from each configured interface)" + # "(NOTE: This will delete all of configured resource module attributes from each configured interface)" # Before state: # ------------- diff --git a/ansible_collections/cisco/ios/docs/cisco.ios.ios_acls_module.rst b/ansible_collections/cisco/ios/docs/cisco.ios.ios_acls_module.rst index e0b61c7ed..a76156dd6 100644 --- a/ansible_collections/cisco/ios/docs/cisco.ios.ios_acls_module.rst +++ b/ansible_collections/cisco/ios/docs/cisco.ios.ios_acls_module.rst @@ -3143,6 +3143,8 @@ Parameters
The remarks/description of the ACL.
+
The remarks attribute used within an ace with or without a sequence number will produce remarks that are pushed before the ace entry.
+
Remarks entry used as the only key in as the list option will produce non ace specific remarks, these remarks would be pushed at the end of all the aces for an acl.
@@ -3880,7 +3882,7 @@ Parameters
The states rendered, gathered and parsed does not perform any change on the device.
The state rendered will transform the configuration in config option to platform specific CLI commands which will be returned in the rendered key within the result. For state rendered active connection to remote host is not required.
The state gathered will fetch the running configuration from device and transform it into structured data in the format as per the resource module argspec and the value is returned in the gathered key within the result.
-
The state parsed reads the configuration from running_config option and transforms it into JSON format as per the resource module parameters and the value is returned in the parsed key within the result. The value of running_config option should be the same format as the output of commands show access-list and show running-config | include ip(v6* access-list|remark) executed on device. Config data from both the commands should be kept together one after another for the parsers to pick the commands correctly. For state parsed active connection to remote host is not required.
+
The state parsed reads the configuration from running_config option and transforms it into JSON format as per the resource module parameters and the value is returned in the parsed key within the result. The value of running_config option should be the same format as the output of commands sh running-config | section access-list for all acls related information and sh access-lists | include access list to obtain configuration specific of an empty acls, the following commands are executed on device. Config data from both the commands should be kept together one after another for the parsers to pick the commands correctly. For state parsed active connection to remote host is not required.
The state overridden, modify/add the ACLs defined, deleted all other ACLs.
The state replaced, modify/add only the ACEs of the ACLs defined only. It does not perform any other change on the device.
The state deleted, deletes only the specified ACLs, or all if not specified.
@@ -3910,35 +3912,8 @@ Examples # Before state: # ------------- # - # vios#sh access-lists - # Extended IP access list 100 - # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 echo dscp ef ttl eq 10 - - - name: Merge provided configuration with device configuration - cisco.ios.ios_acls: - config: - - afi: ipv4 - acls: - - name: 100 - aces: - - sequence: 10 - protocol_options: - icmp: - traceroute: true - state: merged - - # After state: - # ------------ - # - # Play Execution fails, with error: - # Cannot update existing sequence 10 of ACLs 100 with state merged. - # Please use state replaced or overridden. - - # Before state: - # ------------- - # - # vios#sh access-lists - # Extended IP access list 110 + # vios#sh running-config | section access-list + # ip access-list extended 110 # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 echo dscp ef ttl eq 10 - name: Merge provided configuration with device configuration @@ -3962,6 +3937,12 @@ Examples protocol_options: icmp: traceroute: true + source: + address: 192.168.3.0 + wildcard_bits: 255.255.255.0 + destination: + any: true + grant: permit - grant: deny protocol_options: tcp: @@ -3972,7 +3953,7 @@ Examples host: 198.51.110.0 port_protocol: eq: telnet - - name: test + - name: extended_acl_1 acl_type: extended aces: - grant: deny @@ -4044,64 +4025,259 @@ Examples dscp: af11 state: merged - # Commands fired: - # --------------- + # Task Output + # ----------- # - # - ip access-list standard std_acl - # - deny 192.168.1.200 - # - deny 192.168.2.0 0.0.0.255 - # - ip access-list extended 110 - # - 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 - # - deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack - # - ip access-list extended test - # - deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - # - ip access-list extended 123 - # - deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 - # - deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 - # - remark remarks for extended ACL 1 - # - remark check ACL - # - ipv6 access-list R1_TRAFFIC - # - deny tcp any eq www any eq telnet ack dscp af11 + # before: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: icmp + # protocol_options: + # icmp: + # echo: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: '100' + # afi: ipv4 + # commands: + # - ip access-list extended 110 + # - deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack + # - 30 permit icmp 192.168.3.0 255.255.255.0 any traceroute + # - ip access-list extended extended_acl_1 + # - deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 + # - ip access-list standard std_acl + # - deny 192.168.1.20 + # - deny 192.168.2.0 0.0.0.255 + # - ip access-list extended 123 + # - deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 + # - deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 + # - remark remarks for extended ACL 1 + # - remark check ACL + # - ipv6 access-list R1_TRAFFIC + # - deny tcp any eq www any eq telnet ack dscp af11 + # after: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: icmp + # protocol_options: + # icmp: + # echo: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # - destination: + # host: 198.51.110.0 + # port_protocol: + # eq: telnet + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # host: 198.51.100.0 + # - destination: + # any: true + # grant: permit + # protocol: icmp + # protocol_options: + # icmp: + # traceroute: true + # sequence: 30 + # source: + # address: 0.0.0.0 + # wildcard_bits: 255.255.255.0 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # - remarks: + # - remarks for extended ACL 1 + # - check ACL + # acl_type: extended + # name: '123' + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # grant: deny + # option: + # traceroute: true + # protocol: tcp + # protocol_options: + # tcp: + # fin: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: extended_acl_1 + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.20 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # afi: ipv4 + # - acls: + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # name: R1_TRAFFIC + # afi: ipv6 # After state: # ------------ # - # vios#sh access-lists - # Standard IP access list std_acl + # vios#sh running-config | section access-list + # ip access-list standard std_acl # 10 deny 192.168.1.200 - # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 - # Extended IP access list 100 + # 20 deny 192.168.2.0 0.0.0.255 + # ip access-list extended 100 # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 echo dscp ef ttl eq 10 - # Extended IP access list 110 + # ip access-list extended 110 # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack - # Extended IP access list 123 + # ip access-list extended 123 # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 - # Extended IP access list test + # ip access-list extended test # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - # IPv6 access list R1_TRAFFIC - # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 + # ipv6 access-list R1_TRAFFIC + # sequence 10 deny tcp any eq www any eq telnet ack dscp af11 + + # vios#show running-config | include ip(v6)* access-list|remark + # ip access-list standard std_acl + # ip access-list extended extended_acl_1 + # ip access-list extended 110 + # ip access-list extended 123 + # remark remarks for extended ACL 1 + # remark check ACL + # ipv6 access-list R1_TRAFFIC + + # Using merged (update existing ACE - will fail) + + # Before state: + # ------------- + # + # vios#sh running-config | section access-list + # ip access-list extended 100 + # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 echo dscp ef ttl eq 10 + + - name: Merge provided configuration with device configuration + cisco.ios.ios_acls: + config: + - afi: ipv4 + acls: + - name: 100 + aces: + - sequence: 10 + protocol_options: + icmp: + traceroute: true + state: merged + + # After state: + # ------------ + # + # Play Execution fails, with error: + # Cannot update existing sequence 10 of ACLs 100 with state merged. + # Please use state replaced or overridden. # Using replaced # Before state: # ------------- # - # vios#sh access-lists - # Standard IP access list std_acl - # 10 deny 192.168.1.200 - # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 - # Extended IP access list 110 - # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 - # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack - # Extended IP access list 123 - # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 - # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 - # Extended IP access list test - # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - # IPv6 access list R1_TRAFFIC - # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 + # vios#sh running-config | section access-list + # ip access-list standard std_acl + # 10 deny 192.168.1.200 + # 20 deny 192.168.2.0 0.0.0.255 + # ip access-list extended 110 + # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 + # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack + # ip access-list extended 123 + # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 + # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 + # ip access-list extended R1_TRAFFIC + # 10 deny tcp any eq www any eq telnet ack dscp af11 + # ip access-list extended test + # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - name: Replaces device configuration of listed acls with provided configuration cisco.ios.ios_acls: @@ -4147,33 +4323,619 @@ Examples eq: 10 state: replaced - # Commands fired: - # --------------- + # Task Output + # ----------- # - # - no ip access-list extended 110 - # - ip access-list extended 110 - # - deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www syn dscp ef ttl eq 10 - # - ip access-list extended 150 - # - 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 + # before: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: icmp + # protocol_options: + # icmp: + # traceroute: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # - destination: + # host: 198.51.110.0 + # port_protocol: + # eq: telnet + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # host: 198.51.100.0 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # acl_type: extended + # name: '123' + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # acl_type: extended + # name: R1_TRAFFIC + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.200 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # grant: deny + # option: + # traceroute: true + # protocol: tcp + # protocol_options: + # tcp: + # fin: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: test + # afi: ipv4 + # commands: + # - ip access-list extended 110 + # - no 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 + # - no 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack + # - deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www syn dscp ef ttl eq 10 + # - ip access-list extended 150 + # - 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 + # after: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # syn: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # acl_type: extended + # name: '123' + # - aces: + # - destination: + # address: 198.51.110.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # syn: true + # sequence: 20 + # source: + # address: 198.51.100.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: '150' + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # acl_type: extended + # name: R1_TRAFFIC + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.200 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # grant: deny + # option: + # traceroute: true + # protocol: tcp + # protocol_options: + # tcp: + # fin: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: test + # afi: ipv4 # After state: # ------------- # # vios#sh access-lists - # Standard IP access list std_acl + # ip access-list standard std_acl # 10 deny 192.168.1.200 - # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 - # Extended IP access list 110 + # 20 deny 192.168.2.0 0.0.0.255 + # ip access-list extended 110 # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www syn dscp ef ttl eq 10 - # Extended IP access list 123 + # ip access-list extended 123 # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 - # Extended IP access list 150 + # ip access-list extended 150 # 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 - # Extended IP access list test + # ip access-list extended test # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - # IPv6 access list R1_TRAFFIC - # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 + # ipv6 access-list R1_TRAFFIC + # sequence 10 deny tcp any eq www any eq telnet ack dscp af11 + + # Using replaced - example remarks specific + + # Before state: + # ------------- + # + # vios#show running-config | section access-list + # ip access-list extended TEST + # 10 remark FIRST REMARK BEFORE LINE 10 + # 10 remark ============ + # 10 remark ALLOW HOST FROM TEST 10 + # 10 permit ip host 1.1.1.1 any + # 20 remark FIRST REMARK BEFORE LINE 20 + # 20 remark ============ + # 20 remark ALLOW HOST remarks AFTER LINE 20 + # 20 permit ip host 2.2.2.2 any + # 30 remark FIRST REMARK BEFORE LINE 30 + # 30 remark ============ + # 30 remark ALLOW HOST remarks AFTER LINE 30 + # 30 permit ip host 3.3.3.3 any + + - name: Replace remarks of ace with sequence 10 + # check_mode: true + cisco.ios.ios_acls: + state: replaced + config: + - acls: + - aces: + - destination: + any: true + grant: permit + protocol: ip + remarks: + - The new first remarks before 10 + - ============new + - The new second remarks before 10 + sequence: 10 + source: + host: 1.1.1.1 + - destination: + any: true + grant: permit + protocol: ip + remarks: + - FIRST REMARK BEFORE LINE 20 + - ============ + - ALLOW HOST remarks AFTER LINE 20 + sequence: 20 + source: + host: 2.2.2.2 + - destination: + any: true + grant: permit + protocol: ip + remarks: + - FIRST REMARK BEFORE LINE 30 + - ============ + - ALLOW HOST remarks AFTER LINE 30 + sequence: 30 + source: + host: 3.3.3.3 + acl_type: extended + name: TEST + afi: ipv4 + + # Task Output + # ----------- + # + # before: + # - acls: + # - aces: + # - destination: + # any: true + # grant: permit + # protocol: ip + # remarks: + # - FIRST REMARK BEFORE LINE 10 + # - ===========1= + # - ALLOW HOST FROM TEST 10 + # sequence: 10 + # source: + # host: 1.1.1.1 + # - destination: + # any: true + # grant: permit + # protocol: ip + # remarks: + # - FIRST REMARK BEFORE LINE 20 + # - ============ + # - ALLOW HOST remarks AFTER LINE 20 + # sequence: 20 + # source: + # host: 2.2.2.2 + # - destination: + # any: true + # grant: permit + # protocol: ip + # remarks: + # - FIRST REMARK BEFORE LINE 30 + # - ============ + # - ALLOW HOST remarks AFTER LINE 30 + # sequence: 30 + # source: + # host: 3.3.3.3 + # acl_type: extended + # name: TEST + # afi: ipv4 + # commands: + # - ip access-list extended TEST + # - no 10 remark + # - 10 remark The new first remarks before 10 + # - 10 remark ============new + # - 10 remark The new second remarks before 10 + # after: + # - acls: + # - aces: + # - destination: + # any: true + # grant: permit + # protocol: ip + # remarks: + # - The new first remarks before 10 + # - ============new + # - The new second remarks before 10 + # sequence: 10 + # source: + # host: 1.1.1.1 + # - destination: + # any: true + # grant: permit + # protocol: ip + # remarks: + # - FIRST REMARK BEFORE LINE 20 + # - ============ + # - ALLOW HOST remarks AFTER LINE 20 + # sequence: 20 + # source: + # host: 2.2.2.2 + # - destination: + # any: true + # grant: permit + # protocol: ip + # remarks: + # - FIRST REMARK BEFORE LINE 30 + # - ============ + # - ALLOW HOST remarks AFTER LINE 30 + # sequence: 30 + # source: + # host: 3.3.3.3 + # acl_type: extended + # name: TEST + # afi: ipv4 + + # After state: + # ------------- + # + # foo#show running-config | section access-list + # ip access-list extended TEST + # 10 remark The new first remarks before 10 + # 10 remark ============new + # 10 remark The new second remarks before 10 + # 10 permit ip host 1.1.1.1 any + # 20 remark FIRST REMARK BEFORE LINE 20 + # 20 remark ============ + # 20 remark ALLOW HOST remarks AFTER LINE 20 + # 20 permit ip host 2.2.2.2 any + # 30 remark FIRST REMARK BEFORE LINE 30 + # 30 remark ============ + # 30 remark ALLOW HOST remarks AFTER LINE 30 + # 30 permit ip host 3.3.3.3 any + + # Using replaced - example remarks specific on targeted sequence + + # Before state: + # ------------- + # + # vios#show running-config | section access-list + # ip access-list extended TEST + # 10 permit ip host 1.1.1.1 any + # 20 remark FIRST REMARK BEFORE LINE 20 + # 20 remark ============ + # 20 remark ALLOW HOST remarks AFTER LINE 20 + # 20 permit ip host 2.2.2.2 any + # 30 remark FIRST REMARK BEFORE LINE 30 + # 30 remark ============ + # 30 remark ALLOW HOST remarks AFTER LINE 30 + # 30 permit ip host 3.3.3.3 any + + - name: Replace remarks of ace with sequence 10 + # check_mode: true + cisco.ios.ios_acls: + state: replaced + config: + - acls: + - aces: + - destination: + any: true + grant: permit + protocol: ip + remarks: + - The new first remarks before 10 + - ============new + - The new second remarks before 10 + sequence: 10 + source: + host: 1.1.1.1 + - destination: + any: true + grant: permit + protocol: ip + remarks: + - FIRST REMARK BEFORE LINE 20 + - ============ + - ALLOW HOST remarks AFTER LINE 20 + sequence: 20 + source: + host: 2.2.2.2 + - destination: + any: true + grant: permit + protocol: ip + remarks: + - FIRST REMARK BEFORE LINE 30 + - ============ + - ALLOW HOST remarks AFTER LINE 30 + sequence: 30 + source: + host: 3.3.3.3 + acl_type: extended + name: TEST + afi: ipv4 + + # Task Output + # ----------- + # + # before: + # - acls: + # - aces: + # - destination: + # any: true + # grant: permit + # protocol: ip + # sequence: 10 + # source: + # host: 1.1.1.1 + # - destination: + # any: true + # grant: permit + # protocol: ip + # remarks: + # - FIRST REMARK BEFORE LINE 20 + # - ============ + # - ALLOW HOST remarks AFTER LINE 20 + # sequence: 20 + # source: + # host: 2.2.2.2 + # - destination: + # any: true + # grant: permit + # protocol: ip + # remarks: + # - FIRST REMARK BEFORE LINE 30 + # - ============ + # - ALLOW HOST remarks AFTER LINE 30 + # sequence: 30 + # source: + # host: 3.3.3.3 + # acl_type: extended + # name: TEST + # afi: ipv4 + # commands: + # - ip access-list extended TEST + # - 10 remark The new first remarks before 10 + # - 10 remark ============new + # - 10 remark The new second remarks before 10 + # after: + # - acls: + # - aces: + # - destination: + # any: true + # grant: permit + # protocol: ip + # remarks: + # - The new first remarks before 10 + # - ============new + # - The new second remarks before 10 + # sequence: 10 + # source: + # host: 1.1.1.1 + # - destination: + # any: true + # grant: permit + # protocol: ip + # remarks: + # - FIRST REMARK BEFORE LINE 20 + # - ============ + # - ALLOW HOST remarks AFTER LINE 20 + # sequence: 20 + # source: + # host: 2.2.2.2 + # - destination: + # any: true + # grant: permit + # protocol: ip + # remarks: + # - FIRST REMARK BEFORE LINE 30 + # - ============ + # - ALLOW HOST remarks AFTER LINE 30 + # sequence: 30 + # source: + # host: 3.3.3.3 + # acl_type: extended + # name: TEST + # afi: ipv4 + + # After state: + # ------------- + # + # foo#show running-config | section access-list + # ip access-list extended TEST + # 10 remark The new first remarks before 10 + # 10 remark ============new + # 10 remark The new second remarks before 10 + # 10 permit ip host 1.1.1.1 any + # 20 remark FIRST REMARK BEFORE LINE 20 + # 20 remark ============ + # 20 remark ALLOW HOST remarks AFTER LINE 20 + # 20 permit ip host 2.2.2.2 any + # 30 remark FIRST REMARK BEFORE LINE 30 + # 30 remark ============ + # 30 remark ALLOW HOST remarks AFTER LINE 30 + # 30 permit ip host 3.3.3.3 any # Using overridden @@ -4181,19 +4943,19 @@ Examples # ------------- # # vios#sh access-lists - # Standard IP access list std_acl - # 10 deny 192.168.1.200 - # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 - # Extended IP access list 110 - # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 - # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack - # Extended IP access list 123 - # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 - # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 - # Extended IP access list test - # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - # IPv6 access list R1_TRAFFIC - # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 + # ip access-list standard std_acl + # 10 deny 192.168.1.200 + # 20 deny 192.168.2.0 0.0.0.255 + # ip access-list extended 110 + # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 + # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack + # ip access-list extended 123 + # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 + # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 + # ip access-list extended R1_TRAFFIC + # 10 deny tcp any eq www any eq telnet ack dscp af11 + # ip access-list extended test + # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - name: Override device configuration of all acls with provided configuration cisco.ios.ios_acls: @@ -4242,97 +5004,416 @@ Examples eq: 10 state: overridden - # Commands fired: - # --------------- + # Task Output + # ----------- # - # - no ip access-list standard std_acl - # - no ip access-list extended 110 - # - no ip access-list extended 123 - # - no ip access-list extended 150 - # - no ip access-list extended test - # - no ipv6 access-list R1_TRAFFIC - # - ip access-list extended 150 - # - 10 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 - # - ip access-list extended 110 - # - 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq www ack dscp ef ttl eq 10 + # before: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: icmp + # protocol_options: + # icmp: + # traceroute: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # - destination: + # host: 198.51.110.0 + # port_protocol: + # eq: telnet + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # host: 198.51.100.0 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # acl_type: extended + # name: '123' + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # acl_type: extended + # name: R1_TRAFFIC + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.200 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # grant: deny + # option: + # traceroute: true + # protocol: tcp + # protocol_options: + # tcp: + # fin: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: test + # afi: ipv4 + # commands: + # - ip access-list extended 110 + # - no 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack + # - no 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 + # - 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq www ack dscp ef ttl eq 10 + # - ip access-list extended 150 + # - 10 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 + # - no ip access-list extended 123 + # - no ip access-list extended R1_TRAFFIC + # - no ip access-list standard std_acl + # - no ip access-list extended test + # after: + # - acls: + # - aces: + # - destination: + # address: 198.51.110.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 198.51.100.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.110.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # syn: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: '150' + # afi: ipv4 # After state: # ------------- # - # vios#sh access-lists - # Extended IP access list 110 - # 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq www ack dscp ef ttl eq 10 - # Extended IP access list 150 - # 10 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 + # vios#sh running-config | section access-list + # ip access-list extended 110 + # 20 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq www ack dscp ef ttl eq 10 + # ip access-list extended 150 + # 10 deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 + - # Using Deleted + # Using deleted - delete ACL(s) # Before state: # ------------- # # vios#sh access-lists - # Standard IP access list std_acl - # 10 deny 192.168.1.200 - # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 - # Extended IP access list 110 - # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 - # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack - # Extended IP access list 123 - # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 - # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 - # Extended IP access list test - # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - # IPv6 access list R1_TRAFFIC - # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 + # ip access-list standard std_acl + # 10 deny 192.168.1.200 + # 20 deny 192.168.2.0 0.0.0.255 + # ip access-list extended 110 + # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 + # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack + # ip access-list extended 123 + # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 + # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 + # ip access-list extended extended_acl_1 + # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - name: "Delete ACLs (Note: This won't delete the all configured ACLs)" cisco.ios.ios_acls: config: - afi: ipv4 acls: - - name: test + - name: extended_acl_1 acl_type: extended - name: 110 - - afi: ipv6 - acls: - - name: R1_TRAFFIC state: deleted - # Commands fired: - # --------------- + # Task Output + # ----------- # - # - no ip access-list extended test - # - no ip access-list extended 110 - # - no ipv6 access-list R1_TRAFFIC + # before: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: icmp + # protocol_options: + # icmp: + # traceroute: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # - destination: + # host: 198.51.110.0 + # port_protocol: + # eq: telnet + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # host: 198.51.100.0 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # acl_type: extended + # name: '123' + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.200 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # grant: deny + # option: + # traceroute: true + # protocol: tcp + # protocol_options: + # tcp: + # fin: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: extended_acl_1 + # afi: ipv4 + # commands: + # - no ip access-list extended 110 + # - no ip access-list extended extended_acl_1 + # after: + # - acls: + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # acl_type: extended + # name: '123' + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.200 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # afi: ipv4 # After state: # ------------- # - # vios#sh access-lists - # Standard IP access list std_acl + # vios#sh running-config | section access-list + # ip access-list standard std_acl # 10 deny 192.168.1.200 - # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 - # Extended IP access list 123 + # 20 deny 192.168.2.0 0.0.0.255 + # ip access-list extended 123 # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 + # Using deleted - delete ACLs based on AFI + # Before state: # ------------- # - # vios#sh access-lists - # Standard IP access list std_acl - # 10 deny 192.168.1.200 - # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 - # Extended IP access list 110 - # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 - # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack - # Extended IP access list 123 - # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 - # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 - # Extended IP access list test - # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - # IPv6 access list R1_TRAFFIC - # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 + # vios#sh running-config | section access-list + # ip access-list standard std_acl + # 10 deny 192.168.1.200 + # 20 deny 192.168.2.0 0.0.0.255 + # ip access-list extended 110 + # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 + # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack + # ip access-list extended 123 + # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 + # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 + # ip access-list extended test + # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 + # ipv6 access-list R1_TRAFFIC + # sequence 10 deny tcp any eq www any eq telnet ack dscp af11 - name: "Delete ACLs based on AFI (Note: This won't delete the all configured ACLs)" cisco.ios.ios_acls: @@ -4340,245 +5421,478 @@ Examples - afi: ipv4 state: deleted - # Commands fired: - # --------------- + # Task Output + # ----------- # - # - no ip access-list standard std_acl - # - no ip access-list extended test - # - no ip access-list extended 110 - # - no ip access-list extended 123 + # before: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: icmp + # protocol_options: + # icmp: + # traceroute: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # - destination: + # host: 198.51.110.0 + # port_protocol: + # eq: telnet + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # host: 198.51.100.0 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # acl_type: extended + # name: '123' + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.200 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # grant: deny + # option: + # traceroute: true + # protocol: tcp + # protocol_options: + # tcp: + # fin: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: test + # afi: ipv4 + # - acls: + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # name: R1_TRAFFIC + # afi: ipv6 + # commands: + # - no ip access-list extended 110 + # - no ip access-list extended 123 + # - no ip access-list standard std_acl + # - no ip access-list extended test + # after: + # - acls: + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # name: R1_TRAFFIC + # afi: ipv6 # After state: # ------------- # - # vios#sh access-lists - # IPv6 access list R1_TRAFFIC - # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 + # vios#sh running-config | section access-list + # ipv6 access-list R1_TRAFFIC + # sequence 10 deny tcp any eq www any eq telnet ack dscp af11 + - # Using Deleted without any config passed - #"(NOTE: This will delete all of configured ACLs)" + # Using deleted - delete all ACLs # Before state: # ------------- # # vios#sh access-lists - # Standard IP access list std_acl - # 10 deny 192.168.1.200 - # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 - # Extended IP access list 110 - # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 - # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack - # Extended IP access list 123 - # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 - # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 - # Extended IP access list test - # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - # IPv6 access list R1_TRAFFIC - # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 + # ip access-list standard std_acl + # 10 deny 192.168.1.200 + # 20 deny 192.168.2.0 0.0.0.255 + # ip access-list extended 110 + # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 + # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack + # ip access-list extended 123 + # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 + # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 + # ip access-list extended test + # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 + # ipv6 access-list R1_TRAFFIC + # sequence 10 deny tcp any eq www any eq telnet ack dscp af11 - - name: - "Delete ALL of configured ACLs (Note: This WILL delete the all configured - ACLs)" + - name: Delete ALL of configured ACLs cisco.ios.ios_acls: state: deleted - # Commands fired: - # --------------- + # Task Output + # ----------- # - # - no ip access-list extended test - # - no ip access-list extended 110 - # - no ip access-list extended 123 - # - no ip access-list extended test - # - no ipv6 access-list R1_TRAFFIC + # before: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: icmp + # protocol_options: + # icmp: + # traceroute: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # - destination: + # host: 198.51.110.0 + # port_protocol: + # eq: telnet + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # host: 198.51.100.0 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # acl_type: extended + # name: '123' + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.200 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # grant: deny + # option: + # traceroute: true + # protocol: tcp + # protocol_options: + # tcp: + # fin: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: test + # afi: ipv4 + # - acls: + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # name: R1_TRAFFIC + # afi: ipv6 + # commands: + # - no ip access-list extended test + # - no ip access-list extended 110 + # - no ip access-list extended 123 + # - no ip access-list extended test + # - no ipv6 access-list R1_TRAFFIC + # after: [] # After state: # ------------- # - # vios#sh access-lists + # vios#sh running-config | section access-list - # Using Gathered + + # Using gathered # Before state: # ------------- # # vios#sh access-lists - # Standard IP access list std_acl + # ip access-list standard std_acl # 10 deny 192.168.1.200 - # 20 deny 192.168.2.0, wildcard bits 0.0.0.255 - # Extended IP access list 110 + # 20 deny 192.168.2.0 0.0.0.255 + # ip access-list extended 110 # 10 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 traceroute dscp ef ttl eq 10 # 20 deny tcp host 198.51.100.0 host 198.51.110.0 eq telnet ack - # Extended IP access list 123 + # ip access-list extended 123 # 10 deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12 # 20 deny tcp 192.0.3.0 0.0.0.255 192.0.4.0 0.0.0.255 eq www ack dscp ef ttl lt 20 - # Extended IP access list test + # ip access-list extended test # 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www fin option traceroute ttl eq 10 - # IPv6 access list R1_TRAFFIC - # deny tcp any eq www any eq telnet ack dscp af11 sequence 10 + # ipv6 access-list R1_TRAFFIC + # sequence 10 deny tcp any eq www any eq telnet ack dscp af11 - - name: Gather listed acls with provided configurations + - name: Gather ACLs configuration from target device cisco.ios.ios_acls: - config: state: gathered # Module Execution Result: # ------------------------ # - # "gathered": [ - # { - # "acls": [ - # { - # "aces": [ - # { - # "destination": { - # "address": "192.0.3.0", - # "wildcard_bits": "0.0.0.255" - # }, - # "dscp": "ef", - # "grant": "deny", - # "protocol_options": { - # "icmp": { - # "echo": true - # } - # }, - # "sequence": 10, - # "source": { - # "address": "192.0.2.0", - # "wildcard_bits": "0.0.0.255" - # }, - # "ttl": { - # "eq": 10 - # } - # } - # ], - # "acl_type": "extended", - # "name": "110" - # }, - # { - # "aces": [ - # { - # "destination": { - # "address": "198.51.101.0", - # "port_protocol": { - # "eq": "telnet" - # }, - # "wildcard_bits": "0.0.0.255" - # }, - # "grant": "deny", - # "protocol_options": { - # "tcp": { - # "ack": true - # } - # }, - # "sequence": 10, - # "source": { - # "address": "198.51.100.0", - # "wildcard_bits": "0.0.0.255" - # }, - # "tos": { - # "service_value": 12 - # } - # }, - # { - # "destination": { - # "address": "192.0.4.0", - # "port_protocol": { - # "eq": "www" - # }, - # "wildcard_bits": "0.0.0.255" - # }, - # "dscp": "ef", - # "grant": "deny", - # "protocol_options": { - # "tcp": { - # "ack": true - # } - # }, - # "sequence": 20, - # "source": { - # "address": "192.0.3.0", - # "wildcard_bits": "0.0.0.255" - # }, - # "ttl": { - # "lt": 20 - # } - # } - # ], - # "acl_type": "extended", - # "name": "123" - # }, - # { - # "aces": [ - # { - # "destination": { - # "address": "192.0.3.0", - # "port_protocol": { - # "eq": "www" - # }, - # "wildcard_bits": "0.0.0.255" - # }, - # "grant": "deny", - # "option": { - # "traceroute": true - # }, - # "protocol_options": { - # "tcp": { - # "fin": true - # } - # }, - # "sequence": 10, - # "source": { - # "address": "192.0.2.0", - # "wildcard_bits": "0.0.0.255" - # }, - # "ttl": { - # "eq": 10 - # } - # } - # ], - # "acl_type": "extended", - # "name": "test_acl" - # } - # ], - # "afi": "ipv4" - # }, - # { - # "acls": [ - # { - # "aces": [ - # { - # "destination": { - # "any": true, - # "port_protocol": { - # "eq": "telnet" - # } - # }, - # "dscp": "af11", - # "grant": "deny", - # "protocol_options": { - # "tcp": { - # "ack": true - # } - # }, - # "sequence": 10, - # "source": { - # "any": true, - # "port_protocol": { - # "eq": "www" - # } - # } - # } - # ], - # "name": "R1_TRAFFIC" - # } - # ], - # "afi": "ipv6" - # } - # ] + # before: + # - acls: + # - aces: + # - destination: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: icmp + # protocol_options: + # icmp: + # traceroute: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # - destination: + # host: 198.51.110.0 + # port_protocol: + # eq: telnet + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # host: 198.51.100.0 + # acl_type: extended + # name: '110' + # - aces: + # - destination: + # address: 198.51.101.0 + # port_protocol: + # eq: telnet + # wildcard_bits: 0.0.0.255 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # address: 198.51.100.0 + # wildcard_bits: 0.0.0.255 + # tos: + # service_value: 12 + # - destination: + # address: 192.0.4.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # dscp: ef + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 20 + # source: + # address: 192.0.3.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # lt: 20 + # acl_type: extended + # name: '123' + # - aces: + # - grant: deny + # sequence: 10 + # source: + # host: 192.168.1.200 + # - grant: deny + # sequence: 20 + # source: + # address: 192.168.2.0 + # wildcard_bits: 0.0.0.255 + # acl_type: standard + # name: std_acl + # - aces: + # - destination: + # address: 192.0.3.0 + # port_protocol: + # eq: www + # wildcard_bits: 0.0.0.255 + # grant: deny + # option: + # traceroute: true + # protocol: tcp + # protocol_options: + # tcp: + # fin: true + # sequence: 10 + # source: + # address: 192.0.2.0 + # wildcard_bits: 0.0.0.255 + # ttl: + # eq: 10 + # acl_type: extended + # name: test + # afi: ipv4 + # - acls: + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # name: R1_TRAFFIC + # afi: ipv6 - # Using Rendered + # Using rendered - - name: Rendered the provided configuration with the existing running configuration + - name: Render the provided configuration into platform specific configuration lines cisco.ios.ios_acls: config: - afi: ipv4 @@ -4625,12 +5939,11 @@ Examples # Module Execution Result: # ------------------------ # - # "rendered": [ - # "ip access-list extended 110", - # "10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www syn dscp ef ttl eq 10", - # "ip access-list extended 150", - # "deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10" - # ] + # rendered: + # - ip access-list extended 110 + # - 10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www syn dscp ef ttl eq 10 + # - ip access-list extended 150 + # - deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10 # Using Parsed @@ -4648,39 +5961,26 @@ Examples # Module Execution Result: # ------------------------ # - # "parsed": [ - # { - # "acls": [ - # { - # "aces": [ - # { - # "destination": { - # "any": true, - # "port_protocol": { - # "eq": "telnet" - # } - # }, - # "dscp": "af11", - # "grant": "deny", - # "protocol_options": { - # "tcp": { - # "ack": true - # } - # }, - # "source": { - # "any": true, - # "port_protocol": { - # "eq": "www" - # } - # } - # } - # ], - # "name": "R1_TRAFFIC" - # } - # ], - # "afi": "ipv6" - # } - # ] + # parsed: + # - acls: + # - aces: + # - destination: + # any: true + # port_protocol: + # eq: telnet + # dscp: af11 + # grant: deny + # protocol: tcp + # protocol_options: + # tcp: + # ack: true + # sequence: 10 + # source: + # any: true + # port_protocol: + # eq: www + # name: R1_TRAFFIC + # afi: ipv6 diff --git a/ansible_collections/cisco/ios/docs/cisco.ios.ios_banner_module.rst b/ansible_collections/cisco/ios/docs/cisco.ios.ios_banner_module.rst index 372179412..75e1affa7 100644 --- a/ansible_collections/cisco/ios/docs/cisco.ios.ios_banner_module.rst +++ b/ansible_collections/cisco/ios/docs/cisco.ios.ios_banner_module.rst @@ -143,7 +143,7 @@ Examples - name: Configure banner from file cisco.ios.ios_banner: banner: motd - text: "{{ lookup('file', './config_partial/raw_banner.cfg') }}" # Use unix formatted text files (LF not CRLF) to avoid idempotency issues. + text: "{{ lookup('file', './config_partial/raw_banner.cfg') }}" # Use unix formatted text files (LF not CRLF) to avoid idempotency issues. state: present - name: Configure the login banner using delimiter diff --git a/ansible_collections/cisco/ios/docs/cisco.ios.ios_bgp_address_family_module.rst b/ansible_collections/cisco/ios/docs/cisco.ios.ios_bgp_address_family_module.rst index b6a4100bc..25fb233ac 100644 --- a/ansible_collections/cisco/ios/docs/cisco.ios.ios_bgp_address_family_module.rst +++ b/ansible_collections/cisco/ios/docs/cisco.ios.ios_bgp_address_family_module.rst @@ -68,6 +68,66 @@ Parameters + +
+ advertise + +
+ dictionary +
+ + + + +
Configure path advertise/export to other address-family
+ + + + + + + +
+ afi + +
+ string +
+ + + + + +
Address family for VRF advertise/export
+ + + + + + + +
+ safi + +
+ string +
+ + + + + +
Advertise/export prefixes to address family
+ + + + + +
afi @@ -3101,7 +3161,7 @@ Parameters number
- integer + string
@@ -3321,29 +3381,6 @@ Parameters
Neighbor ipv6 address (X:X:X:X::X)
- - - - - -
- next_hop_self - -
- boolean -
- - - - - -
Disable the next hop calculation for this neighbor
-
This option is DEPRECATED and is replaced with nexthop_self which accepts dict as input this attribute will be removed after 2023-06-01.
- - @@ -4049,7 +4086,7 @@ Parameters remote_as
- integer + string
diff --git a/ansible_collections/cisco/ios/docs/cisco.ios.ios_bgp_global_module.rst b/ansible_collections/cisco/ios/docs/cisco.ios.ios_bgp_global_module.rst index b753c10fe..ad461f776 100644 --- a/ansible_collections/cisco/ios/docs/cisco.ios.ios_bgp_global_module.rst +++ b/ansible_collections/cisco/ios/docs/cisco.ios.ios_bgp_global_module.rst @@ -9407,6 +9407,7 @@ Parameters -
Enable SNMP environmental monitor supply traps
+
Enable SNMP ceDiagScheduledTestFailedNotif traps
+ - - - +
- temperature + entity_perf
- boolean + dictionary
- -
Enable SNMP environmental monitor temperature traps
+
Allow SNMP CISCO-ENTITY-PERFORMANCE-MIB traps
- - +
- shutdown + enable
boolean @@ -2383,7 +2587,7 @@ Parameters -
Enable SNMP environmental monitor shutdown traps
+
Enable SNMP CISCO-ENTITY-PERFORMANCE-MIB traps
@@ -2392,7 +2596,7 @@ Parameters
- status + throughput_notif
boolean @@ -2405,16 +2609,16 @@ Parameters -
Enable SNMP environmental status change traps
+
Enable ENTITY PERFORMANCE MIB throughput traps
+ - - +
- supply + entity_state
boolean @@ -2427,56 +2631,3827 @@ Parameters -
Enable SNMP environmental monitor supply traps
+
Enable SNMP ENTITY-STATE-MIB traps
- - +
- temperature + envmon
- boolean + dictionary
-
    Choices: -
  • no
    • + + +
    Enable SNMP environmental monitor traps
    + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable/disable envmon traps
    + + + + + + + +
    + fan + +
    + dictionary +
    + + + + +
    Enable SNMP envmon fan traps
    +
    This option is DEPRECATED and is replaced with fan_enable which accepts bool as input
    +
    This attribute will be removed after 2024-09-01
    + + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable/disable fan traps
    + + + + + + + + +
    + shutdown + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP environmental monitor shutdown traps
    + + + + + + + + +
    + status + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP environmental status change traps
    + + + + + + + + +
    + supply + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP environmental monitor supply traps
    + + + + + + + + +
    + temperature + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP environmental monitor temperature traps
    + + + + + + + + +
    + fan_enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP envmon fan traps
    + + + + + + + +
    + shutdown + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP environmental monitor shutdown traps
    + + + + + + + +
    + status + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP environmental status change traps
    + + + + + + + +
    + supply + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP environmental monitor supply traps
    + + + + + + + +
    + temperature + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP environmental monitor temperature traps
    + + + + + + + +
    + errdisable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP errdisable notifications
    + + + + + + +
    + ether_oam + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP ethernet oam traps
    + + + + + + +
    + ethernet + +
    + dictionary +
    + + + + +
    Allow ethernet traps
    + + + + + + + +
    + cfm + +
    + dictionary +
    + + + + +
    Enable SNMP Ethernet CFM traps
    + + + + + + + + +
    + alarm + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP Ethernet CFM fault alarm trap
    + + + + + + + + +
    + cc + +
    + dictionary +
    + + + + +
    Enable SNMP Ethernet CC trap
    + + + + + + + + + +
    + config + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP Ethernet CFM configuration error traps
    + + + + + + + + + +
    + cross_connect + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP Ethernet CFM cross-connect traps
    + + + + + + + + + +
    + loop + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP Ethernet CFM loop traps
    + + + + + + + + + +
    + mep_down + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP Ethernet CFM CC Down traps
    + + + + + + + + + +
    + mep_up + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP Ethernet CFM CC Up traps
    + + + + + + + + + +
    + crosscheck + +
    + dictionary +
    + + + + +
    Enable SNMP Ethernet CC crosscheck trap
    + + + + + + + + + +
    + mep_missing + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP Ethernet CC crosscheck missing trap
    + + + + + + + + + +
    + mep_unknown + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP Ethernet CC crosscheck unknown traps
    + + + + + + + + + +
    + service_up + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP Ethernet CC crosscheck service traps
    + + + + + + + + + +
    + evc + +
    + dictionary +
    + + + + +
    Enable SNMP Ethernet EVC traps
    + + + + + + + + +
    + create + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP Ethernet EVC create traps
    + + + + + + + + +
    + delete + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP Ethernet EVC delete traps
    + + + + + + + + +
    + status + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP Ethernet EVC status traps
    + + + + + + + + +
    + event_manager + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP event-manager traps
    + + + + + + +
    + firewall + +
    + dictionary +
    + + + + +
    Enable SNMP firewall traps
    + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable/disable firewall traps
    + + + + + + + +
    + serverstatus + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable firewall server status change trap
    + + + + + + + +
    + flash + +
    + dictionary +
    + + + + +
    SNMP FLASH notifications
    + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP FLASH notifications
    + + + + + + + +
    + insertion + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP Flash Insertion notifications
    + + + + + + + +
    + lowspace + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP Flash Low Space notifications
    + + + + + + + +
    + removal + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP Flash Removal notifications
    + + + + + + + +
    + flex_links + +
    + dictionary +
    + + + + +
    SNMP FLEX Links traps
    + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP FLEX Links traps
    + + + + + + + +
    + status + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP FLEX Links status change traps
    + + + + + + + +
    + flowmon + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP flowmon traps
    + + + + + + +
    + frame_relay + +
    + dictionary +
    + + + + +
    Allow frame-relay traps
    + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable/disable frame-relay traps
    + + + + + + + +
    + subif + +
    + dictionary +
    + + + + +
    Enable SNMP frame-relay subinterface traps
    + + + + + + + + +
    + count + +
    + integer +
    + + + + +
    Maximum number of traps sent per interval
    + + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable/disable subif traps
    + + + + + + + + +
    + interval + +
    + integer +
    + + + + +
    Interval duration in which to limit the number of traps sent
    + + + + + + + + +
    + fru_ctrl + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP fru-ctrl traps
    + + + + + + +
    + hsrp + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP hsrp traps
    + + + + + + +
    + ike + +
    + dictionary +
    + + + + +
    Allow ike traps
    + + + + + + + +
    + policy + +
    + dictionary +
    + + + + +
    Enable IKE Policy traps
    + + + + + + + + +
    + add + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable IKE Policy add trap
    + + + + + + + + +
    + delete + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable IKE Policy delete trap
    + + + + + + + + +
    + tunnel + +
    + dictionary +
    + + + + +
    Enable IKE Tunnel traps
    + + + + + + + + +
    + start + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable IKE Tunnel start trap
    + + + + + + + + +
    + stop + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable IKE Tunnel stop trap
    + + + + + + + + +
    + ipmulticast + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP ip multi cast traps
    + + + + + + +
    + ipsec + +
    + dictionary +
    + + + + +
    Allow ike traps
    + + + + + + + +
    + cryptomap + +
    + dictionary +
    + + + + +
    Enable IPsec Cryptomap traps
    + + + + + + + + +
    + add + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable IPsec Cryptomap add trap
    + + + + + + + + +
    + attach + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable IPsec Cryptomap Attach trap
    + + + + + + + + +
    + delete + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable IPsec Cryptomap delete trap
    + + + + + + + + +
    + detach + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable IPsec Cryptomap Detach trap
    + + + + + + + + +
    + too_many_sas + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable IPsec Tunnel Start trap
    + + + + + + + +
    + tunnel + +
    + dictionary +
    + + + + +
    Enable IPsec Tunnel traps
    + + + + + + + + +
    + start + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable IPsec Tunnel start trap
    + + + + + + + + +
    + stop + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable IPsec Tunnel stop trap
    + + + + + + + + +
    + ipsla + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP ipsla traps
    + + + + + + +
    + isis + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP isis traps
    + + + + + + +
    + l2tc + +
    + dictionary +
    + + + + +
    Allow SNMP L2 Tunnel Config traps
    + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP L2 Tunnel Config traps
    + + + + + + + +
    + sys_threshold + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP L2TC System threshold traps
    + + + + + + + +
    + threshold + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP L2 Tunnel Config threshold traps
    + + + + + + + +
    + l2tun + +
    + dictionary +
    + + + + +
    Allow SNMP l2tun traps
    + + + + + + + +
    + pseudowire_status + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable BFD pseudo wire status traps
    + + + + + + + +
    + session + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable BFD session traps
    + + + + + + + +
    + license + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable license traps
    + + + + + + +
    + lisp + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP LISP MIB traps
    + + + + + + +
    + local_auth + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP local auth traps
    + + + + + + +
    + mac_notification + +
    + dictionary +
    + + + + +
    Allow SNMP MAC Notification traps
    + + + + + + + +
    + change + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP MAC Change traps
    + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP MAC Notification traps
    + + + + + + + +
    + move + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP MAC Move traps
    + + + + + + + +
    + threshold + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP MAC Threshold traps
    + + + + + + + +
    + memory + +
    + dictionary +
    + + + + +
    Allow MEMORY traps
    + + + + + + + +
    + bufferpeak + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP Memory Bufferpeak traps
    + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MEMORY traps
    + + + + + + + +
    + mpls + +
    + dictionary +
    + + + + +
    Enable SNMP mpls traps
    + + + + + + + +
    + fast_reroute + +
    + dictionary +
    + + + + +
    Allow SNMP MPLS fast reroute traps
    + + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP MPLS fast reroute traps
    + + + + + + + + +
    + protected + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS fast reroute protection traps
    + + + + + + + + +
    + ldp + +
    + dictionary +
    + + + + +
    Allow SNMP MPLS label distribution protocol traps
    + + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP MPLS label distribution protocol traps
    + + + + + + + + +
    + pv_limit + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS LDP path vector limit mismatch traps
    + + + + + + + + +
    + session_down + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS LDP session down traps
    + + + + + + + + +
    + session_up + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS LDP session up traps
    + + + + + + + + +
    + threshold + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS LDP threshold exceeded traps
    + + + + + + + + +
    + rfc + +
    + dictionary +
    + + + + +
    Enable SNMP MPLS RFC traps
    + + + + + + + + +
    + ldp + +
    + dictionary +
    + + + + +
    Allow SNMP MPLS label distribution protocol RFC traps
    + + + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP MPLS label distribution protocol RFC traps
    + + + + + + + + + +
    + pv_limit + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS LDP path vector limit mismatch RFC traps
    + + + + + + + + + +
    + session_down + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS LDP session down RFC traps
    + + + + + + + + + +
    + session_up + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS LDP session up RFC traps
    + + + + + + + + + +
    + threshold + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS LDP threshold exceeded RFC traps
    + + + + + + + + + +
    + traffic_eng + +
    + dictionary +
    + + + + +
    Allow SNMP MPLS traffic engineering RFC traps
    + + + + + + + + + +
    + down + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS TE tunnel down RFC traps
    + + + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP MPLS traffic engineering RFC traps
    + + + + + + + + + +
    + reoptimized + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS TE tunnel reoptimized RFC traps
    + + + + + + + + + +
    + reroute + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS TE tunnel reroute RFC traps
    + + + + + + + + + +
    + up + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS TE tunnel up RFC traps
    + + + + + + + + + +
    + vpn + +
    + dictionary +
    + + + + +
    Allow SNMP MPLS Virtual Private Network RFC traps
    + + + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP MPLS Virtual Private Network RFC traps
    + + + + + + + + + +
    + illegal_label + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS VPN illegal label threshold exceeded RFC traps
    + + + + + + + + + +
    + max_thresh_cleared + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS VPN maximum threshold cleared RFC traps
    + + + + + + + + + +
    + max_threshold + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS VPN maximum threshold exceeded RFC traps
    + + + + + + + + + +
    + mid_threshold + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS VPN middle threshold exceeded RFC traps
    + + + + + + + + + +
    + vrf_down + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS VPN vrf down RFC traps
    + + + + + + + + + +
    + vrf_up + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS VPN vrf up RFC traps
    + + + + + + + + + +
    + traffic_eng + +
    + dictionary +
    + + + + +
    Allow SNMP MPLS traffic engineering traps
    + + + + + + + + +
    + down + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS TE tunnel down traps
    + + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP MPLS traffic engineering traps
    + + + + + + + + +
    + reroute + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS TE tunnel reroute traps
    + + + + + + + + +
    + up + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS TE tunnel up traps
    + + + + + + + + +
    + vpn + +
    + dictionary +
    + + + + +
    Allow SNMP MPLS Virtual Private Network traps
    + + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP MPLS Virtual Private Network traps
    + + + + + + + + +
    + illegal_label + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS VPN illegal label threshold exceeded traps
    + + + + + + + + +
    + max_thresh_cleared + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS VPN maximum threshold cleared traps
    + + + + + + + + +
    + max_threshold + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS VPN maximum threshold exceeded traps
    + + + + + + + + +
    + mid_threshold + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS VPN middle threshold exceeded traps
    + + + + + + + + +
    + vrf_down + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS VPN vrf down traps
    + + + + + + + + +
    + vrf_up + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable MPLS VPN vrf up traps
    + + + + + + + + +
    + mpls_vpn + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP mpls traps
    +
    This option is DEPRECATED and is replaced with mpls which accepts dict as input
    +
    This attribute will be removed after 2024-09-01
    + + + + + + +
    + msdp + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP msdp traps
    + + + + + + +
    + mvpn + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP mvpn traps
    + + + + + + +
    + nhrp + +
    + dictionary +
    + + + + +
    Allow SNMP NHRP traps
    + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable SNMP NHRP traps
    + + + + + + + +
    + nhc + +
    + dictionary +
    + + + + +
    Allow Next Hop Client traps
    + + + + + + + + +
    + down + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable Next Hop Client down trap
    + + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable Next Hop Client traps
    + + + + + + + + +
    + up + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable Next Hop Client up trap
    + + + + + + + + +
    + nhp + +
    + dictionary +
    + + + + +
    Allow Next Hop Peer traps
    + + + + + + + + +
    + down + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable Next Hop Peer down trap
    + + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable Next Hop Peer traps
    + + + + + + + + +
    + up + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable Next Hop Peer up trap
    + + + + + + + + +
    + nhs + +
    + dictionary +
    + + + + +
    Allow Next Hop Server traps
    + + + + + + + + +
    + down + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable Next Hop Server down trap
    + + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable Next Hop Server traps
    + + + + + + + + +
    + up + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable Next Hop Server up trap
    + + + + + + + + +
    + quota_exceeded + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable quota-exceeded trap
    + + + + + + + +
    + ospf + +
    + dictionary +
    + + + + +
    Allow ospf related traps
    + + + + + + + +
    + cisco_specific + +
    + dictionary +
    + + + + +
    Cisco specific traps
    + + + + + + + + +
    + error + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    error traps
    + + + + + + + + +
    + lsa + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Lsa related traps
    + + + + + + + + +
    + retransmit + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Packet retransmit traps
    + + + + + + + + +
    + state_change + +
    + dictionary +
    + + + + +
    state change traps
    + + + + + + + + + +
    + nssa_trans_change + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Nssa translator state changes
    + + + + + + + + + +
    + shamlink + +
    + dictionary +
    + + + + +
    Config mismatch errors on virtual interfaces
    + + + + + + + + + + +
    + interface + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Sham link interface state changes
    + + + + + + + + + + +
    + neighbor + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Sham link neighbor state changes
    + + + + + + + + + + +
    + error + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable error traps
    + + + + + + + +
    + lsa + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable/disable ospf lsa traps
    + + + + + + + +
    + retransmit + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable/disable ospf retransmit traps
    + + + + + + + +
    + state_change + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable/disable state change traps
    + + + + + + + +
    + ospfv3 + +
    + dictionary +
    + + + + +
    Allow OSPFv3 related traps
    + + + + + + + +
    + errors + +
    + dictionary +
    + + + + +
    Error traps
    + + + + + + + + +
    + bad_packet + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Packet parse failure on non-virtual interfaces
    + + + + + + + + +
    + config_error + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Config mismatch errors on non-virtual interfaces
    + + + + + + + + +
    + enable + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Enable Error traps
    + + + + + + + + +
    + virt_bad_packet + +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Packet parse failure on virtual interfaces
    + + + + + + + + +
    + virt_config_error + +
    + boolean +
    + + +
      Choices: +
    • no
    • yes
    -
    Enable SNMP environmental monitor temperature traps
    +
    Config mismatch errors on virtual interfaces
    - + +
    - ethernet + rate_limit
    - dictionary + integer
    -
    Allow ethernet traps
    +
    Trap rate limit values
    +
    Rate limit window size in seconds (between 2 and 60)
    - +
    - cfm + state_change
    dictionary @@ -2485,7 +6460,7 @@ Parameters -
    Enable SNMP Ethernet CFM traps
    +
    State change traps
    @@ -2495,7 +6470,7 @@ Parameters
    - alarm + enable
    boolean @@ -2508,7 +6483,7 @@ Parameters
-
Enable SNMP Ethernet CFM fault alarm trap
+
Enable State change traps
@@ -2518,27 +6493,30 @@ Parameters
- cc + if_state_change
- dictionary + boolean
+
    Choices: +
  • no
    • +
  • yes
    • +
-
Enable SNMP Ethernet CC trap
+
Non_virtual interface state changes
- - + - +
- config + neighbor_restart_helper_status_change
boolean @@ -2551,7 +6529,7 @@ Parameters -
Enable SNMP Ethernet CFM configuration error traps
+
Neighbor graceful restart helper status changes
@@ -2559,10 +6537,9 @@ Parameters - - +
- cross_connect + neighbor_state_change
boolean @@ -2575,7 +6552,7 @@ Parameters -
Enable SNMP Ethernet CFM cross-connect traps
+
Non_virtual neighbor state changes
@@ -2583,10 +6560,9 @@ Parameters - - +
- loop + nssa_translator_status_change
boolean @@ -2599,7 +6575,7 @@ Parameters -
Enable SNMP Ethernet CFM loop traps
+
NSSA translator status changes
@@ -2607,10 +6583,9 @@ Parameters - - +
- mep_down + restart_status_change
boolean @@ -2623,7 +6598,7 @@ Parameters -
Enable SNMP Ethernet CFM CC Down traps
+
Graceful restart status changes
@@ -2631,10 +6606,9 @@ Parameters - - +
- mep_up + virtif_state_change
boolean @@ -2647,10 +6621,9 @@ Parameters -
Enable SNMP Ethernet CFM CC Up traps
+
Virtual interface state changes
- @@ -2658,27 +6631,30 @@ Parameters
- crosscheck + vn_restart_helper_status_change
- dictionary + boolean
+
    Choices: +
  • no
    • +
  • yes
    • +
-
Enable SNMP Ethernet CC crosscheck trap
+
Virtual neighbor graceful restart helper status changes
- - + - +
- mep_missing + vn_state_change
boolean @@ -2691,18 +6667,35 @@ Parameters -
Enable SNMP Ethernet CC crosscheck missing trap
+
Virtual neighbor state changes
+ + + +
+ pim + +
+ dictionary +
+ + + + +
Allow PIM traps
+ + + - +
- mep_unknown + enable
boolean @@ -2715,18 +6708,16 @@ Parameters -
Enable SNMP Ethernet CC crosscheck unknown traps
+
Enable/disable PIM traps
- - - +
- service_up + invalid_pim_message
boolean @@ -2739,37 +6730,38 @@ Parameters -
Enable SNMP Ethernet CC crosscheck service traps
+
Enable invalid pim message trap
- -
- evc + neighbor_change
- dictionary + boolean
+
    Choices: +
  • no
    • +
  • yes
    • +
-
Enable SNMP Ethernet EVC traps
+
Enable neighbor change trap
- - + - +
- create + rp_mapping_change
boolean @@ -2782,17 +6774,37 @@ Parameters -
Enable SNMP Ethernet EVC create traps
+
Enable rp mapping change trap
+ + +
+ pki + +
+ boolean +
+ + +
    Choices: +
  • no
    • +
  • yes
    • +
+ + +
Enable SNMP pki traps
+ + + - +
- delete + port_security
boolean @@ -2805,17 +6817,33 @@ Parameters -
Enable SNMP Ethernet EVC delete traps
+
Enable SNMP port security traps
+ +
+ power_ethernet + +
+ dictionary +
+ + + + +
Allow SNMP power ethernet traps
+ + + + - +
- status + enable
boolean @@ -2828,17 +6856,74 @@ Parameters -
Enable SNMP Ethernet EVC status traps
+
Enable SNMP power ethernet traps
+ + + + + + + +
+ group + +
+ list + / elements=dictionary +
+ + + + +
Enable SNMP inline power group based traps.
+ + + + + + + + +
+ slot_id + +
+ integer +
+ + + + +
An integer between 1 and 20 (physical slot number)
+ + + + + + + + +
+ threshold + +
+ integer +
+ + + + +
Threshold level for this slot
- - + +
- event_manager + police
boolean @@ -2851,33 +6936,37 @@ Parameters -
Enable SNMP event-manager traps
+
Enable Policing Trap
+
- firewall + pw_vc
- dictionary + boolean
+
    Choices: +
  • no
    • +
  • yes
    • +
-
Enable SNMP firewall traps
+
Enable SNMP pw vc traps
- - + - +
- enable + rep
boolean @@ -2890,16 +6979,15 @@ Parameters -
Enable/disable firewall traps
+
Enable SNMP Resilient Ethernet Protocol Traps
- - +
- serverstatus + rf
boolean @@ -2912,16 +7000,15 @@ Parameters -
Enable firewall server status change trap
+
Enable all SNMP traps defined in CISCO-RF-MIB
-
- flowmon + rsvp
boolean @@ -2934,7 +7021,7 @@ Parameters -
Enable SNMP flowmon traps
+
Enable SNMP RSVP traps
@@ -2942,7 +7029,7 @@ Parameters
- frame_relay + smart_license
dictionary @@ -2951,7 +7038,7 @@ Parameters -
Allow frame-relay traps
+
Allow smart license traps
@@ -2973,7 +7060,7 @@ Parameters -
Enable/disable frame-relay traps
+
Enable smart license traps
@@ -2982,45 +7069,29 @@ Parameters
- subif - -
- dictionary -
- - - - -
Enable SNMP frame-relay subinterface traps
- - - - - - - - -
- count + entitlement
- integer + boolean
+
    Choices: +
  • no
    • +
  • yes
    • +
-
Maximum number of traps sent per interval
+
Enable Entitlement Notification trap
- - +
- enable + global
boolean @@ -3033,36 +7104,34 @@ Parameters -
Enable/disable subif traps
+
Enable Global Notification traps
+ - - - +
- interval + snmp
- integer + dictionary
-
Interval duration in which to limit the number of traps sent
+
Enable SNMP traps
- - - + - + +
- fru_ctrl + authentication
boolean @@ -3075,15 +7144,16 @@ Parameters -
Enable SNMP fru-ctrl traps
+
Enable authentication trap
- + +
- hsrp + coldstart
boolean @@ -3096,52 +7166,60 @@ Parameters -
Enable SNMP hsrp traps
+
Enable coldStart trap
- + +
- ike + linkdown
- dictionary + boolean
+
    Choices: +
  • no
    • +
  • yes
    • +
-
Allow ike traps
+
Enable linkDown trap
- +
- policy + linkup
- dictionary + boolean
+
    Choices: +
  • no
    • +
  • yes
    • +
-
Enable IKE Policy traps
+
Enable linkUp trap
- - + - +
- add + warmstart
boolean @@ -3154,17 +7232,16 @@ Parameters -
Enable IKE Policy add trap
+
Enable warmStart trap
+ - - - +
- delete + stackwise
boolean @@ -3177,17 +7254,15 @@ Parameters -
Enable IKE Policy delete trap
+
Enable SNMP stackwise traps
- - - +
- tunnel + stpx
dictionary @@ -3196,17 +7271,16 @@ Parameters -
Enable IKE Tunnel traps
+
Allow SNMP STPX MIB traps
- - +
- start + enable
boolean @@ -3219,17 +7293,16 @@ Parameters -
Enable IKE Tunnel start trap
+
Enable SNMP STPX MIB traps
- - +
- stop + inconsistency
boolean @@ -3242,17 +7315,16 @@ Parameters -
Enable IKE Tunnel stop trap
+
Enable SNMP STPX MIB InconsistencyUpdate traps
- - - + +
- ipmulticast + loop_inconsistency
boolean @@ -3265,52 +7337,38 @@ Parameters -
Enable SNMP ip multi cast traps
+
Enable SNMP STPX MIB LoopInconsistencyUpdate traps
- -
- ipsec - -
- dictionary -
- - - - -
Allow ike traps
- - - - -
- cryptomap + root_inconsistency
- dictionary + boolean
+
    Choices: +
  • no
    • +
  • yes
    • +
-
Enable IPsec Cryptomap traps
+
Enable SNMP STPX MIB RootInconsistencyUpdate traps
- - - + + - +
- add + syslog
boolean @@ -3323,17 +7381,15 @@ Parameters -
Enable IPsec Cryptomap add trap
+
Enable SNMP syslog traps
- - - +
- attach + transceiver_all
boolean @@ -3346,40 +7402,33 @@ Parameters -
Enable IPsec Cryptomap Attach trap
+
Enable SNMP transceiver traps
- - - +
- delete + trustsec
- boolean + dictionary
-
    Choices: -
  • no
    • -
  • yes
    • -
-
Enable IPsec Cryptomap delete trap
+
Allow SNMP CISCO-TRUSTSEC-MIB traps
- - + - +
- detach + authz_file_error
boolean @@ -3392,17 +7441,16 @@ Parameters -
Enable IPsec Cryptomap Detach trap
+
Enable ctsAuthzCacheFileErrNotif notifications
-
- too_many_sas + cache_file_error
boolean @@ -3415,7 +7463,7 @@ Parameters -
Enable IPsec Tunnel Start trap
+
Enable ctsCacheFileAccessErrNotif notifications
@@ -3424,26 +7472,29 @@ Parameters
- tunnel + enable
- dictionary + boolean
+
    Choices: +
  • no
    • +
  • yes
    • +
-
Enable IPsec Tunnel traps
+
Enable SNMP CISCO-TRUSTSEC-MIB traps
- - + - +
- start + keystore_file_error
boolean @@ -3456,17 +7507,16 @@ Parameters -
Enable IPsec Tunnel start trap
+
Enable ctsSwKeystoreFileErrNotif notifications
- - +
- stop + keystore_sync_fail
boolean @@ -3479,17 +7529,16 @@ Parameters -
Enable IPsec Tunnel stop trap
+
Enable ctsSwKeystoreSyncFailNotif notifications
- - - + +
- ipsla + random_number_fail
boolean @@ -3502,15 +7551,16 @@ Parameters -
Enable SNMP ipsla traps
+
Enable ctsSapRandonNumberFailNotif notifications
- + +
- isis + src_entropy_fail
boolean @@ -3523,15 +7573,16 @@ Parameters -
Enable SNMP isis traps
+
Enable ctsSrcEntropyFailNotif notifications
+
- l2tun + trustsec_interface
dictionary @@ -3540,7 +7591,7 @@ Parameters -
Allow SNMP l2tun traps
+
Allow SNMP CISCO-TRUSTSEC-INTERFACE-MIB traps
@@ -3549,7 +7600,7 @@ Parameters
- pseudowire_status + authc_fail
boolean @@ -3562,7 +7613,7 @@ Parameters -
Enable BFD pseudo wire status traps
+
Enable ctsiIfAuthenticationFailNotif trap
@@ -3571,7 +7622,7 @@ Parameters
- session + authz_fail
boolean @@ -3584,16 +7635,16 @@ Parameters -
Enable BFD session traps
+
Enable ctsiAuthorizationFailNotif trap
- - + +
- mpls_vpn + enable
boolean @@ -3606,15 +7657,16 @@ Parameters -
Enable SNMP mpls traps
+
Enable SNMP CISCO-TRUSTSEC-INTERFACE-MIB traps
- + +
- msdp + sap_fail
boolean @@ -3627,15 +7679,16 @@ Parameters -
Enable SNMP msdp traps
+
Enable ctsiIfSapNegotiationFailNotif trap
- + +
- mvpn + supplicant_fail
boolean @@ -3648,33 +7701,38 @@ Parameters -
Enable SNMP mvpn traps
+
Enable ctsiIfAddSupplicantFailNotif trap
- + +
- ospf + unauthorized
- dictionary + boolean
+
    Choices: +
  • no
    • +
  • yes
    • +
-
Allow ospf related traps
+
Enable ctsiIfUnauthorizedNotifEnable trap
- - + + - +
- cisco_specific + trustsec_policy
dictionary @@ -3683,17 +7741,16 @@ Parameters -
Cisco specific traps
+
Allow SNMP CISCO-TRUSTSEC-POLICY-MIB traps
- - +
- error + authz_sgacl_fail
boolean @@ -3706,17 +7763,16 @@ Parameters -
error traps
+
Enable ctspAuthorizationSgaclFailNotif notifications
- - +
- lsa + enable
boolean @@ -3729,17 +7785,16 @@ Parameters -
Lsa related traps
+
Enable SNMP CISCO-TRUSTSEC-POLICY-MIB traps
- - +
- retransmit + peer_policy_updated
boolean @@ -3752,17 +7807,16 @@ Parameters -
Packet retransmit traps
+
Enable ctspPeerPolicyUpdatedNotif notifications
+ - - - +
- state_change + trustsec_server
dictionary @@ -3771,18 +7825,16 @@ Parameters -
state change traps
+
Allow SNMP CISCO-TRUSTSEC-SERVER-MIB traps
- - - +
- nssa_trans_change + enable
boolean @@ -3795,39 +7847,38 @@ Parameters -
Nssa translator state changes
+
Enable SNMP CISCO-TRUSTSEC-SERVER-MIB traps
- - - +
- shamlink + provision_secret
- dictionary + boolean
+
    Choices: +
  • no
    • +
  • yes
    • +
-
Config mismatch errors on virtual interfaces
+
Enable ctsvNoProvisionSecretNotif notification
- - - - + - +
- interface + radius_server
boolean @@ -3840,19 +7891,34 @@ Parameters -
Sham link interface state changes
+
Enable ctsvNoRadiusServerNotif notification
+ + +
+ trustsec_sxp + +
+ dictionary +
+ + + + +
Allow SNMP CISCO-TRUSTSEC-SXP-MIB traps
+ + + - - +
- neighbor + binding_conflict
boolean @@ -3865,19 +7931,16 @@ Parameters -
Sham link neighbor state changes
+
Enable ctsxSxpBindingConflictNotif notifications
- - -
- error + binding_err
boolean @@ -3890,7 +7953,7 @@ Parameters -
Enable error traps
+
Enable ctsxSxpBindingErrNotif notifications
@@ -3899,7 +7962,7 @@ Parameters
- lsa + binding_expn_fail
boolean @@ -3912,7 +7975,7 @@ Parameters -
Enable/disable ospf lsa traps
+
Enable ctsxSxpBindingExpnFailNotif notifications
@@ -3921,7 +7984,7 @@ Parameters
- retransmit + conn_config_err
boolean @@ -3934,7 +7997,7 @@ Parameters -
Enable/disable ospf retransmit traps
+
Enable ctsxSxpConnConfigErrNotif notifications
@@ -3943,7 +8006,7 @@ Parameters
- state_change + conn_down
boolean @@ -3956,34 +8019,38 @@ Parameters -
Enable/disable state change traps
+
Enable ctsxSxpConnDownNotif notifications
- - + +
- pim + conn_srcaddr_err
- dictionary + boolean
+
    Choices: +
  • no
    • +
  • yes
    • +
-
Allow PIM traps
+
Enable ctsxSxpConnSourceAddrErrNotif notifications
- +
- enable + conn_up
boolean @@ -3996,7 +8063,7 @@ Parameters -
Enable/disable PIM traps
+
Enable ctsxSxpConnUpNotif notifications
@@ -4005,7 +8072,7 @@ Parameters
- invalid_pim_message + enable
boolean @@ -4018,7 +8085,7 @@ Parameters -
Enable invalid pim message trap
+
Enable SNMP CISCO-TRUSTSEC-SXP-MIB traps
@@ -4027,7 +8094,7 @@ Parameters
- neighbor_change + msg_parse_err
boolean @@ -4040,7 +8107,7 @@ Parameters -
Enable neighbor change trap
+
Enable ctsxSxpMsgParseErrNotif notifications
@@ -4049,7 +8116,7 @@ Parameters
- rp_mapping_change + oper_nodeid_change
boolean @@ -4062,7 +8129,7 @@ Parameters -
Enable rp mapping change trap
+
Enable ctsxSxpOperNodeIdChangeNotif notifications
@@ -4071,7 +8138,7 @@ Parameters
- pki + tty
boolean @@ -4084,7 +8151,7 @@ Parameters -
Enable SNMP pki traps
+
Enable SNMP tty TCP connection traps
@@ -4092,28 +8159,25 @@ Parameters
- pw_vc + udld
- boolean + dictionary
-
    Choices: -
  • no
    • -
  • yes
    • -
-
Enable SNMP pw vc traps
+
Allow SNMP CISCO-UDLDP-MIB traps
- + - + +
- rsvp + enable
boolean @@ -4126,33 +8190,38 @@ Parameters -
Enable SNMP RSVP traps
+
Enable SNMP CISCO-UDLDP-MIB traps
- + +
- snmp + link_fail_rpt
- dictionary + boolean
+
    Choices: +
  • no
    • +
  • yes
    • +
-
Enable SNMP traps
+
Enable SNMP cudldpFastHelloLinkFailRptNotification traps
- +
- authentication + status_change
boolean @@ -4165,16 +8234,16 @@ Parameters -
Enable authentication trap
+
Enable SNMP cudldpFastHelloStatusChangeNotification traps
+ - - +
- coldstart + vlan_membership
boolean @@ -4187,16 +8256,15 @@ Parameters -
Enable coldStart trap
+
Enable SNMP VLAN membership traps
- - +
- linkdown + vlancreate
boolean @@ -4209,16 +8277,15 @@ Parameters -
Enable linkDown trap
+
Enable SNMP VLAN created traps
- - +
- linkup + vlandelete
boolean @@ -4231,16 +8298,33 @@ Parameters -
Enable linkUp trap
+
Enable SNMP VLAN deleted traps
+ +
+ vrfmib + +
+ dictionary +
+ + + + +
Allow vrfmib traps
+ + + + +
- warmstart + vnet_trunk_down
boolean @@ -4253,16 +8337,16 @@ Parameters -
Enable warmStart trap
+
Enable vnet-trunk-down traps
- - + +
- syslog + vnet_trunk_up
boolean @@ -4275,15 +8359,16 @@ Parameters -
Enable SNMP syslog traps
+
Enable vnet-trunk-up trap
- + +
- transceiver_all + vrf_down
boolean @@ -4296,15 +8381,16 @@ Parameters -
Enable SNMP transceiver traps
+
Enable vrf-down trap
- + +
- tty + vrf_up
boolean @@ -4317,55 +8403,55 @@ Parameters -
Enable SNMP tty TCP connection traps
+
Enable vrf-up trap
+
- vrfmib + vrrp
- dictionary + boolean
+
    Choices: +
  • no
    • +
  • yes
    • +
-
Allow vrfmib traps
+
Enable SNMP vrrp traps
- - + - +
- vnet_trunk_down + vswitch
- boolean + dictionary
-
    Choices: -
  • no
    • -
  • yes
    • -
-
Enable vnet-trunk-down traps
+
Allow SNMP Virtual Switch notifications
- +
- vnet_trunk_up + dual_active
boolean @@ -4378,7 +8464,7 @@ Parameters -
Enable vnet-trunk-up trap
+
Enable SNMP Virtual Switch (Dual Active) notification
@@ -4387,7 +8473,7 @@ Parameters
- vrf_down + enable
boolean @@ -4400,7 +8486,7 @@ Parameters -
Enable vrf-down trap
+
Enable SNMP Virtual Switch notifications
@@ -4409,7 +8495,7 @@ Parameters
- vrf_up + vsl
boolean @@ -4422,7 +8508,7 @@ Parameters -
Enable vrf-up trap
+
Enable SNMP Virtual Switch Link (VSL) notification
@@ -4431,7 +8517,7 @@ Parameters
- vrrp + vtp
boolean @@ -4444,7 +8530,7 @@ Parameters -
Enable SNMP vrrp traps
+
Enable SNMP VTP traps
@@ -5285,7 +9371,7 @@ Examples # Before state: # ------------- - #router-ios#show running-config | section ^snmp-server + # router-ios#show running-config | section ^snmp-server # snmp-server engineID remote 172.16.0.12 udp-port 25 AB0C5342FF0F # snmp-server user userPaul dev v1 access 24 # snmp-server group mergedGroup v3 auth diff --git a/ansible_collections/cisco/ios/docs/cisco.ios.ios_vlans_module.rst b/ansible_collections/cisco/ios/docs/cisco.ios.ios_vlans_module.rst index 93b259513..598486c57 100644 --- a/ansible_collections/cisco/ios/docs/cisco.ios.ios_vlans_module.rst +++ b/ansible_collections/cisco/ios/docs/cisco.ios.ios_vlans_module.rst @@ -51,6 +51,58 @@ Parameters + +
+ member + +
+ dictionary +
+ + + + +
Members of VLAN
+ + + + + + +
+ evi + +
+ integer +
+ + + + +
Ethernet Virtual Private Network (EVPN)
+ + + + + + +
+ vni + +
+ integer + / required +
+ + + + +
VXLAN vni
+ + + + +
mtu @@ -218,6 +270,25 @@ Parameters + + +
+ configuration + +
+ boolean +
+ + +
    Choices: +
  • no
    • +
  • yes
    • +
+ + +
When set to true, deals with vlan configuration CLIs
+ +
@@ -353,6 +424,44 @@ Examples # ------------------------------------------------------------------------------ # 10 + # Using merged (configuration: True) + + # Before state: + # ------------- + # + # Leaf-01#show run nve | sec ^vlan configuration + # vlan configuration 101 + # member evpn-instance 101 vni 10101 + # vlan configuration 201 + # member evpn-instance 201 vni 10201 + + + - name: Merge provided configuration with device configuration + cisco.ios.ios_vlans: + config: + - vlan_id: 102 + member: + vni: 10102 + evi: 102 + - vlan_id: 901 + member: + vni: 50901 + configuration: true + state: merged + + # After state: + # ------------ + # + # Leaf-01#show run nve | sec ^vlan configuration + # vlan configuration 101 + # member evpn-instance 101 vni 10101 + # vlan configuration 102 + # member evpn-instance 102 vni 10102 + # vlan configuration 201 + # member evpn-instance 201 vni 10201 + # vlan configuration 901 + # member vni 50901 + # Using overridden # Before state: @@ -415,6 +524,45 @@ Examples # 1004 fdnet 101004 1500 - - - ieee - 0 0 # 1005 trnet 101005 1500 - - - ibm - 0 0 + + # Using overridden (configuration: True) + + # Before state: + # ------------- + # + # Leaf-01#show run nve | sec ^vlan configuration + # vlan configuration 101 + # member evpn-instance 101 vni 10101 + # vlan configuration 102 + # member evpn-instance 102 vni 10102 + # vlan configuration 201 + # member evpn-instance 201 vni 10201 + # vlan configuration 901 + # member vni 50901 + + - name: Override device configuration of all VLANs with provided configuration + cisco.ios.ios_vlans: + config: + - vlan_id: 101 + member: + vni: 10102 + evi: 102 + - vlan_id: 102 + member: + vni: 10101 + evi: 101 + configuration: true + state: overridden + + # After state: + # ------------ + # + # Leaf-01#show run nve | sec ^vlan configuration + # vlan configuration 101 + # member evpn-instance 102 vni 10102 + # vlan configuration 102 + # member evpn-instance 101 vni 10101 + # Using replaced # Before state: @@ -575,8 +723,41 @@ Examples # 1004 fdnet 101004 1500 - - - ieee - 0 0 # 1005 trnet 101005 1500 - - - ibm - 0 0 + # Using deleted (configuration: True) + + # Before state: + # ------------- + # + # Leaf-01#show run nve | sec ^vlan configuration + # vlan configuration 101 + # member evpn-instance 101 vni 10101 + # vlan configuration 102 + # member evpn-instance 102 vni 10102 + # vlan configuration 201 + # member evpn-instance 201 vni 10201 + # vlan configuration 901 + # member vni 50901 + + - name: Delete attributes of given VLANs + cisco.ios.ios_vlans: + config: + - vlan_id: 101 + configuration: true + state: deleted + + # After state: + # ------------- + # + # Leaf-01#show run nve | sec ^vlan configuration + # vlan configuration 102 + # member evpn-instance 102 vni 10102 + # vlan configuration 201 + # member evpn-instance 201 vni 10201 + # vlan configuration 901 + # member vni 50901 + # Using Deleted without any config passed - #"(NOTE: This will delete all of configured vlans attributes)" + # "(NOTE: This will delete all of configured vlans attributes)" # Before state: # ------------- @@ -632,134 +813,108 @@ Examples # 1004 fdnet 101004 1500 - - - ieee - 0 0 # 1005 trnet 101005 1500 - - - ibm - 0 0 - # Using Gathered + # Using Deleted without any config passed (configuration: True) + # "(NOTE: This will delete all of configured vlans attributes)" # Before state: # ------------- # - # vios_l2#show vlan - # VLAN Name Status Ports - # ---- -------------------------------- --------- ------------------------------- - # 1 default active Gi0/1, Gi0/2 - # 10 vlan_10 active - # 20 vlan_20 act/lshut - # 30 vlan_30 sus/lshut - # 1002 fddi-default act/unsup - # 1003 token-ring-default act/unsup - # 1004 fddinet-default act/unsup - # 1005 trnet-default act/unsup + # Leaf-01#show run nve | sec ^vlan configuration + # vlan configuration 101 + # member evpn-instance 101 vni 10101 + # vlan configuration 102 + # member evpn-instance 102 vni 10102 + # vlan configuration 201 + # member evpn-instance 201 vni 10201 + # vlan configuration 202 + # member evpn-instance 202 vni 10202 + # vlan configuration 901 + # member vni 50901 + + - name: Delete attributes of ALL VLANs + cisco.ios.ios_vlans: + configuration: true + state: deleted + + # After state: + # ------------- # - # VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 - # ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ - # 1 enet 100001 1500 - - - - - 0 0 - # 10 enet 100010 1500 - - - - - 0 0 - # 20 enet 100020 610 - - - - - 0 0 - # 30 enet 100030 1500 - - - - - 0 0 - # 1002 fddi 101002 1500 - - - - - 0 0 - # 1003 tr 101003 1500 - - - - - 0 0 - # 1004 fdnet 101004 1500 - - - ieee - 0 0 - # 1005 trnet 101005 1500 - - - ibm - 0 0 + # Leaf-01#show run nve | sec ^vlan configuration + # no vlan configuration 101 + # no vlan configuration 102 + # no vlan configuration 201 + # no vlan configuration 202 + # no vlan configuration 901 + # no vlan configuration 902 + + # Using Gathered (configuration: True) + + # Before state: + # ------------- # - # Remote SPAN VLANs - # ------------------------------------------------------------------------------ - # 10 + # Leaf-01#show run nve | sec ^vlan configuration + # vlan configuration 101 + # member evpn-instance 101 vni 10101 + # vlan configuration 102 + # member evpn-instance 102 vni 10102 + # vlan configuration 201 + # member evpn-instance 201 vni 10201 + # vlan configuration 202 + # member evpn-instance 202 vni 10202 + # vlan configuration 901 + # member vni 50901 - name: Gather listed vlans with provided configurations cisco.ios.ios_vlans: config: + configuration: true state: gathered # Module Execution Result: # ------------------------ # - # "gathered": [ - # { - # "mtu": 1500, - # "name": "default", - # "shutdown": "disabled", - # "state": "active", - # "vlan_id": 1 + # gathered = [ + # { + # "member": { + # "evi": 101, + # "vni": 10101 # }, - # { - # "mtu": 1500, - # "name": "VLAN0010", - # "shutdown": "disabled", - # "state": "active", - # "vlan_id": 10 - # }, - # { - # "mtu": 1500, - # "name": "VLAN0020", - # "shutdown": "disabled", - # "state": "active", - # "vlan_id": 20 + # "vlan_id": 101 + # }, + # { + # "member": { + # "evi": 102, + # "vni": 10102 # }, - # { - # "mtu": 1500, - # "name": "VLAN0030", - # "shutdown": "disabled", - # "state": "active", - # "vlan_id": 30 + # "vlan_id": 102 + # }, + # { + # "member": { + # "evi": 201, + # "vni": 10201 # }, - # { - # "mtu": 1500, - # "name": "fddi-default", - # "shutdown": "enabled", - # "state": "active", - # "vlan_id": 1002 + # "vlan_id": 201 + # }, + # { + # "member": { + # "evi": 202, + # "vni": 10202 # }, - # { - # "mtu": 1500, - # "name": "token-ring-default", - # "shutdown": "enabled", - # "state": "active", - # "vlan_id": 1003 + # "vlan_id": 202 + # }, + # { + # "member": { + # "vni": 50901 # }, - # { - # "mtu": 1500, - # "name": "fddinet-default", - # "shutdown": "enabled", - # "state": "active", - # "vlan_id": 1004 + # "vlan_id": 901 + # }, + # { + # "member": { + # "vni": 50902 # }, - # { - # "mtu": 1500, - # "name": "trnet-default", - # "shutdown": "enabled", - # "state": "active", - # "vlan_id": 1005 - # } - # ] - - # After state: - # ------------ - # - # vios_l2#show vlan - # VLAN Name Status Ports - # ---- -------------------------------- --------- ------------------------------- - # 1 default active Gi0/1, Gi0/2 - # 10 vlan_10 active - # 20 vlan_20 act/lshut - # 30 vlan_30 sus/lshut - # 1002 fddi-default act/unsup - # 1003 token-ring-default act/unsup - # 1004 fddinet-default act/unsup - # 1005 trnet-default act/unsup - # - # VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 - # ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ - # 1 enet 100001 1500 - - - - - 0 0 - # 10 enet 100010 1500 - - - - - 0 0 - # 20 enet 100020 610 - - - - - 0 0 - # 30 enet 100030 1500 - - - - - 0 0 - # 1002 fddi 101002 1500 - - - - - 0 0 - # 1003 tr 101003 1500 - - - - - 0 0 - # 1004 fdnet 101004 1500 - - - ieee - 0 0 - # 1005 trnet 101005 1500 - - - ibm - 0 0 - # - # Remote SPAN VLANs - # ------------------------------------------------------------------------------ - # 10 + # "vlan_id": 902 + # } + # ] # Using Rendered @@ -802,6 +957,31 @@ Examples # "shutdown" # ] + # Using Rendered (configuration: True) + + - name: Render the commands for provided configuration + cisco.ios.ios_vlans: + config: + - vlan_id: 101 + member: + vni: 10101 + evi: 101 + - vlan_id: 102 + member: + vni: 10102 + evi: 102 + state: rendered + + # Module Execution Result: + # ------------------------ + # + # "rendered": [ + # "vlan configuration 101", + # "member evpn-instance 101 vni 10101", + # "vlan configuration 102", + # "member evpn-instance 102 vni 10102" + # ] + # Using Parsed # File: parsed.cfg @@ -896,6 +1076,50 @@ Examples # } # ] + # Using Parsed (configuration: True) + + # File: parsed.cfg + # ---------------- + # + # vlan configuration 101 + # member evpn-instance 101 vni 10101 + # vlan configuration 102 + # member evpn-instance 102 vni 10102 + # vlan configuration 901 + # member vni 50901 + + - name: Parse the commands for provided configuration + cisco.ios.ios_vlans: + running_config: "{{ lookup('file', './parsed.cfg') }}" + configuration: true + state: parsed + + # Module Execution Result: + # ------------------------ + # + # "parsed": [ + # { + # "member": { + # "evi": 101, + # "vni": 10101 + # }, + # "vlan_id": 101 + # }, + # { + # "member": { + # "evi": 102, + # "vni": 10102 + # }, + # "vlan_id": 102 + # }, + # { + # "member": { + # "vni": 50901 + # }, + # "vlan_id": 901 + # } + # ] + Return Values diff --git a/ansible_collections/cisco/ios/docs/cisco.ios.ios_vrf_module.rst b/ansible_collections/cisco/ios/docs/cisco.ios.ios_vrf_module.rst index 1420a65fd..9223586e0 100644 --- a/ansible_collections/cisco/ios/docs/cisco.ios.ios_vrf_module.rst +++ b/ansible_collections/cisco/ios/docs/cisco.ios.ios_vrf_module.rst @@ -33,6 +33,22 @@ Parameters Choices/Defaults Comments + + +
+ address_family + +
+ list + / elements=dictionary +
+ + + + +
The list of address families with MDT parameters to be configured on the remote IOS device.
+ +
diff --git a/ansible_collections/cisco/ios/docs/cisco.ios.ios_vxlan_vtep_module.rst b/ansible_collections/cisco/ios/docs/cisco.ios.ios_vxlan_vtep_module.rst new file mode 100644 index 000000000..3f1abc5f5 --- /dev/null +++ b/ansible_collections/cisco/ios/docs/cisco.ios.ios_vxlan_vtep_module.rst @@ -0,0 +1,701 @@ +.. _cisco.ios.ios_vxlan_vtep_module: + + +************************ +cisco.ios.ios_vxlan_vtep +************************ + +**Resource module to configure VXLAN VTEP interface.** + + +Version added: 5.3.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module provides declarative management of VXLAN VTEP interface on Cisco IOS network devices. + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ config + +
+ list + / elements=dictionary +
+ 		+ +
A dictionary of VXLAN VTEP interface option
+
+
+ host_reachability_bgp + +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
Host reachability using EVPN protocol
+
+
+ interface + +
+ string + / required +
+ 		+ +
VXLAN VTEP interface
+
+
+ member + +
+ dictionary +
+ 		+ +
Configure VNI member
+
+
+ vni + +
+ dictionary +
+ 		+ +
Configure VNI information
+
+
+ l2vni + +
+ list + / elements=dictionary +
+ 		+ +
Associates L2VNI with the VXLAN VTEP interface
+
+
+ replication + +
+ dictionary +
+ 		+ +
Replication type for the L2VNI
+
+
+ mcast_group + +
+ dictionary +
+ 		+ +
Configure multicast group for VNs
+
+
+ ipv4 + +
+ string +
+ 		+ +
IPv4 multicast group
+
+
+ ipv6 + +
+ string +
+ 		+ +
IPv6 multicast group
+
+
+ type + +
+ string +
+ 		+
    Choices: +
  • ingress
    • +
  • static
    • +
+ 		+
Replication type
+
+
+ vni + +
+ integer +
+ 		+ +
VNI number
+
+
+ l3vni + +
+ list + / elements=dictionary +
+ 		+ +
Associates L3VNI with the VXLAN VTEP interface
+
+
+ vni + +
+ integer +
+ 		+ +
VNI number
+
+
+ vrf + +
+ string +
+ 		+ +
VRF name of the L3VNI
+
+
+ source_interface + +
+ string +
+ 		+ +
Source interface for the VXLAN VTEP interface
+
+
+ running_config + +
+ string +
+ 		+ +
This option is used only with state parsed.
+
The value of this option should be the output received from the IOS device by executing the command show running-config | section ^interface nve.
+
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • merged ←
    • +
  • replaced
    • +
  • overridden
    • +
  • deleted
    • +
  • rendered
    • +
  • gathered
    • +
  • parsed
    • +
+ 		+
The state the configuration should be left in
+
+
+ + +Notes +----- + +.. note:: + - Tested against Cisco IOS device with Version 17.13.01 on Cat9k on CML. + - This module works with connection ``network_cli``. See https://docs.ansible.com/ansible/latest/network/user_guide/platform_ios.html + + + +Examples +-------- + +.. code-block:: yaml + + # Using state merged + + # Before state: + # ------------- + # interface nve1 + # no ip address + # source-interface Loopback1 + # host-reachability protocol bgp + # member vni 10101 mcast-group 225.0.0.101 + # member vni 10102 ingress-replication + # member vni 50901 vrf green + # member vni 10201 mcast-group 225.0.0.101 + # member vni 10202 ingress-replication + # member vni 50902 vrf blue + + # - name: Merge the provided configuration with the device configuration + # cisco.ios.ios_vxlan_vtep: + # config: + # - interface: nve1 + # source_interface: loopback2 + # member: + # vni: + # l2vni: + # - vni: 10101 + # replication: + # type: ingress + # - vni: 10201 + # replication: + # type: static + # mcast_group: + # ipv4: 225.0.0.101 + # ipv6: FF0E:225::101 + # l3vni: + # - vni: 50901 + # vrf: blue + # state: merged + + # Commands Fired: + # --------------- + # "commands": [ + # "interface nve1", + # "source-interface loopback2", + # "no member vni 10101 mcast-group 225.0.0.101", + # "member vni 10101 ingress-replication", + # "no member vni 10201 mcast-group 225.0.0.101", + # "member vni 10201 mcast-group 225.0.0.101 FF0E:225::101", + # "no member vni 50901 vrf green", + # "no member vni 50902 vrf blue", + # "member vni 50901 vrf blue" + # ], + + # After state: + # ------------ + # interface nve1 + # no ip address + # source-interface Loopback2 + # host-reachability protocol bgp + # member vni 10102 ingress-replication + # member vni 10202 ingress-replication + # member vni 10101 ingress-replication + # member vni 10201 mcast-group 225.0.0.101 FF0E:225::101 + # member vni 50901 vrf blue + + # Using state replaced + + # Before state: + # ------------- + # interface nve1 + # no ip address + # source-interface Loopback2 + # host-reachability protocol bgp + # member vni 10102 ingress-replication + # member vni 10202 ingress-replication + # member vni 10101 ingress-replication + # member vni 10201 mcast-group 225.0.0.101 FF0E:225::101 + # member vni 50901 vrf blue + + # - name: Replaces the device configuration with the provided configuration + # cisco.ios.ios_vxlan_vtep: + # config: + # - interface: nve1 + # source_interface: Loopback2 + # member: + # vni: + # l2vni: + # - vni: 10101 + # replication: + # type: static + # mcast_group: + # ipv6: FF0E:225::101 + # - vni: 10201 + # replication: + # type: static + # mcast_group: + # ipv6: FF0E:225::102 + # state: replaced + + # Commands Fired: + # --------------- + # "commands": [ + # "interface nve1", + # "no member vni 10101 ingress-replication", + # "member vni 10101 mcast-group FF0E:225::101", + # "no member vni 10201 mcast-group 225.0.0.101 FF0E:225::101", + # "member vni 10201 mcast-group FF0E:225::102", + # "no member vni 10102 ingress-replication", + # "no member vni 10202 ingress-replication", + # "no member vni 50901 vrf blue" + # ], + + # After state: + # ------------ + # interface nve1 + # no ip address + # source-interface Loopback2 + # host-reachability protocol bgp + # member vni 10101 mcast-group FF0E:225::101 + # member vni 10201 mcast-group FF0E:225::102 + + # Using state Deleted + + # Before state: + # ------------- + # interface nve1 + # no ip address + # source-interface Loopback2 + # host-reachability protocol bgp + # member vni 10101 mcast-group FF0E:225::101 + # member vni 10201 mcast-group FF0E:225::102 + + # - name: "Delete VXLAN VTEP interface" + # cisco.ios.ios_vxlan_vtep: + # config: + # - interface: nve1 + # state: deleted + + # Commands Fired: + # --------------- + # "commands": [ + # "interface nve1", + # "no source-interface Loopback2", + # "no host-reachability protocol bgp", + # "no member vni 10101 mcast-group FF0E:225::101", + # "no member vni 10201 mcast-group FF0E:225::102" + # ], + + # After state: + # ------------- + # interface nve1 + # no ip address + + # Using state Deleted with member VNIs + + # Before state: + # ------------- + # interface nve1 + # no ip address + # source-interface Loopback2 + # host-reachability protocol bgp + # member vni 10101 mcast-group FF0E:225::101 + # member vni 10102 mcast-group 225.0.0.101 + # member vni 10201 mcast-group 225.0.0.101 FF0E:225::101 + + # - name: "Delete VXLAN VTEP interface with member VNIs" + # cisco.ios.ios_vxlan_vtep: + # config: + # - interface: nve1 + # source_interface: Loopback2 + # member: + # vni: + # l2vni: + # - vni: 10101 + # - vni: 10102 + # state: deleted + + # Commands Fired: + # --------------- + # "commands": [ + # "interface nve1", + # "no member vni 10101 mcast-group FF0E:225::101", + # "no member vni 10102 mcast-group 225.0.0.101" + # ], + + # After state: + # ------------- + # interface nve1 + # no ip address + # source-interface Loopback2 + # host-reachability protocol bgp + # member vni 10201 mcast-group 225.0.0.101 FF0E:225::101 + + # Using state Deleted with no config + + # Before state: + # ------------- + # interface nve1 + # no ip address + # source-interface Loopback2 + # host-reachability protocol bgp + # member vni 10101 mcast-group FF0E:225::101 + # member vni 10201 mcast-group FF0E:225::102 + + # - name: "Delete VXLAN VTEP interface with no config" + # cisco.ios.ios_vxlan_vtep: + # state: deleted + + # Commands Fired: + # --------------- + # "commands": [ + # "interface nve1", + # "no source-interface Loopback2", + # "no host-reachability protocol bgp", + # "no member vni 10101 mcast-group FF0E:225::101", + # "no member vni 10201 mcast-group FF0E:225::102" + # ], + + # After state: + # ------------- + # interface nve1 + # no ip address + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ after + +
+ dictionary +
+ 		when changed +
The resulting configuration after module execution.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+
+
+ before + +
+ dictionary +
+ 		when state is merged, replaced, overridden, deleted or purged +
The configuration prior to the module execution.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+
+
+ commands + +
+ list +
+ 		when state is merged, replaced, overridden, deleted or purged +
The set of commands pushed to the remote device.
+
+
Sample:
+
['interface nve1', 'source-interface Loopback1', 'host-reachability protocol bgp', 'member vni 10101 ingress-replication']
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Padmini Priyadarshini Sivaraj (@PadminiSivaraj) -- cgit v1.2.3