cisco.iosxr.iosxr_acl_interfaces – ACL interfaces resource module
Note
This plugin is part of the cisco.iosxr collection (version 2.5.0).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install cisco.iosxr.
To use it in a playbook, specify: cisco.iosxr.iosxr_acl_interfaces.
New in version 1.0.0: of cisco.iosxr
Synopsis
- This module manages adding and removing Access Control Lists (ACLs) from interfaces on devices running IOS-XR software.
Note
This module has a corresponding action plugin.
Parameters
| Parameter | Choices/Defaults | Comments | |||
|---|---|---|---|---|---|
| config
list / elements=dictionary
|
A dictionary of ACL options for interfaces.
|
||||
| access_groups
list / elements=dictionary
|
Specifies ACLs attached to the interfaces.
|
||||
| acls
list / elements=dictionary
|
Specifies the ACLs for the provided AFI.
|
||||
| direction
string / required
|
|
Specifies the direction of packets that the ACL will be applied on.
|
|||
| name
string / required
|
Specifies the name of the IPv4/IPv6 ACL for the interface.
|
||||
| afi
string / required
|
|
Specifies the AFI for the ACL(s) to be configured on this interface.
|
|||
| name
string / required
|
Name/Identifier for the interface
|
||||
| running_config
string
|
This option is used only with state parsed.
The value of this option should be the output received from the IOS-XR device by executing the command show running-config interface.
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
|
||||
| state
string
|
|
The state the configuration should be left in.
|
|||
Examples
# Using merged
# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:22:32.911 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# !
- name: Merge the provided configuration with the existing running configuration
cisco.iosxr.iosxr_acl_interfaces:
config:
- name: GigabitEthernet0/0/0/0
access_groups:
- afi: ipv4
acls:
- name: acl_1
direction: in
- name: acl_2
direction: out
- afi: ipv6
acls:
- name: acl6_1
direction: in
- name: acl6_2
direction: out
- name: GigabitEthernet0/0/0/1
access_groups:
- afi: ipv4
acls:
- name: acl_1
direction: out
state: merged
# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:27:49.378 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 egress
# !
# Using merged to update interface ACL configuration
# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:27:49.378 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 egress
# !
#
- name: Update acl_interfaces configuration using merged
cisco.iosxr.iosxr_acl_interfaces:
config:
- name: GigabitEthernet0/0/0/1
access_groups:
- afi: ipv4
acls:
- name: acl_2
direction: out
- name: acl_1
direction: in
state: merged
# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:27:49.378 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# !
#
# Using replaced
# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 egress
# !
- name: Replace device configurations of listed interface with provided configurations
cisco.iosxr.iosxr_acl_interfaces:
config:
- name: GigabitEthernet0/0/0/0
access_groups:
- afi: ipv6
acls:
- name: acl6_3
direction: in
state: replaced
# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv6 access-group acl6_3 ingress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 egress
# !
#
# Using overridden
# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 egress
# !
#
- name: Overridde all interface ACL configuration with provided configuration
cisco.iosxr.iosxr_acl_interfaces:
config:
- name: GigabitEthernet0/0/0/1
access_groups:
- afi: ipv4
acls:
- name: acl_2
direction: in
- afi: ipv6
acls:
- name: acl6_3
direction: out
state: overridden
# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_2 ingress
# ipv6 access-group acl6_3 egress
# !
#
# Using 'deleted' to delete all ACL attributes of a single interface
# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 egress
# !
#
- name: Delete all ACL attributes of GigabitEthernet0/0/0/1
cisco.iosxr.iosxr_acl_interfaces:
config:
- name: GigabitEthernet0/0/0/1
state: deleted
# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# !
#
# Using 'deleted' to remove all ACLs attached to all the interfaces in the device
# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 egress
# !
#
- name: Delete all ACL interfaces configuration from the device
cisco.iosxr.iosxr_acl_interfaces:
state: deleted
# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# !
#
# Using parsed
# parsed.cfg
# ------------
#
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 egress
# !
# - name: Convert ACL interfaces config to argspec without connecting to the appliance
# cisco.iosxr.iosxr_acl_interfaces:
# running_config: "{{ lookup('file', './parsed.cfg') }}"
# state: parsed
# Task Output (redacted)
# -----------------------
# "parsed": [
# {
# "name": "MgmtEth0/RP0/CPU0/0"
# },
# {
# "access_groups": [
# {
# "acls": [
# {
# "direction": "in",
# "name": "acl_1"
# },
# {
# "direction": "out",
# "name": "acl_2"
# }
# ],
# "afi": "ipv4"
# },
# {
# "acls": [
# {
# "direction": "in",
# "name": "acl6_1"
# },
# {
# "direction": "out",
# "name": "acl6_2"
# }
# ],
# "afi": "ipv6"
# }
# ],
# "name": "GigabitEthernet0/0/0/0"
# },
# {
# "access_groups": [
# {
# "acls": [
# {
# "direction": "out",
# "name": "acl_1"
# }
# ],
# "afi": "ipv4"
# }
# ],
# "name": "GigabitEthernet0/0/0/1"
# }
# ]
# }
# Using gathered
- name: Gather ACL interfaces facts using gathered state
cisco.iosxr.iosxr_acl_interfaces:
state: gathered
# Task Output (redacted)
# -----------------------
#
# "gathered": [
# {
# "name": "MgmtEth0/RP0/CPU0/0"
# },
# {
# "access_groups": [
# {
# "acls": [
# {
# "direction": "in",
# "name": "acl_1"
# },
# {
# "direction": "out",
# "name": "acl_2"
# }
# ],
# "afi": "ipv4"
# }
# "name": "GigabitEthernet0/0/0/0"
# },
# {
# "access_groups": [
# {
# "acls": [
# {
# "direction": "in",
# "name": "acl6_1"
# }
# ],
# "afi": "ipv6"
# }
# "name": "GigabitEthernet0/0/0/1"
# }
# ]
# Using rendered
- name: Render platform specific commands from task input using rendered state
cisco.iosxr.iosxr_acl_interfaces:
config:
- name: GigabitEthernet0/0/0/0
access_groups:
- afi: ipv4
acls:
- name: acl_1
direction: in
- name: acl_2
direction: out
state: rendered
# Task Output (redacted)
# -----------------------
# "rendered": [
# "interface GigabitEthernet0/0/0/0",
# "ipv4 access-group acl_1 ingress",
# "ipv4 access-group acl_2 egress"
# ]
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| after
list / elements=string
|
when changed |
The resulting configuration model invocation.
Sample:
The configuration returned will always be in the same format of the parameters above.
|
| before
list / elements=string
|
always |
The configuration prior to the model invocation.
Sample:
The configuration returned will always be in the same format of the parameters above.
|
| commands
list / elements=string
|
always |
The set of commands pushed to the remote device.
Sample:
['interface GigabitEthernet0/0/0/1', 'ipv4 access-group acl_1 ingress', 'ipv4 access-group acl_2 egress', 'ipv6 access-group acl6_1 ingress', 'interface GigabitEthernet0/0/0/2', 'no ipv4 access-group acl_3 ingress', 'ipv4 access-group acl_4 egress']
|
Authors
- Nilashish Chakraborty (@NilashishC)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/cisco/iosxr/iosxr_acl_interfaces_module.html