cisco.ios.ios_acl_interfaces 模块 – 用于配置 ACL 接口的资源模块。
注意
此模块是 cisco.ios 集合(版本 9.0.3)的一部分。
如果您正在使用 ansible 包,您可能已经安装了此集合。它不包含在 ansible-core 中。要检查它是否已安装,请运行 ansible-galaxy collection list。
要安装它,请使用:ansible-galaxy collection install cisco.ios。
要在 playbook 中使用它,请指定:cisco.ios.ios_acl_interfaces。
cisco.ios 1.0.0 中的新增功能
概要
此模块配置和管理 IOS 平台上接口的访问控制 (ACL) 属性。
参数
参数 |
注释 |
|---|---|
ACL 接口选项的字典 |
|
为 IP 访问列表(标准或扩展)指定访问组。 |
|
为提供的 AFI 指定 ACL。 |
|
指定应用 ACL 的数据包方向。 如果已分配一个方向,则其他 acl 方向不能相同。 选择
|
|
指定接口的 IPv4/IPv4 ACL 的名称。 |
|
指定在此接口上配置的 ACL 的 AFI。 选择
|
|
接口的完整名称,不包括任何逻辑单元号,例如 GigabitEthernet0/1。 |
|
默认情况下,该模块将连接到远程设备并检索当前运行的配置,以用作与源内容进行比较的基础。有时不希望任务获取 playbook 中每个任务的当前运行配置。running_config 参数允许实施者传入配置,以用作比较的基本配置。此选项的值应是从设备执行命令收到的输出。 |
|
配置应保持的状态 状态 rendered、gathered 和 parsed 不会对设备执行任何更改。 状态 rendered 会将 状态 gathered 将从设备获取运行配置,并将其转换为结构化数据,格式与资源模块 argspec 相同,并且该值将在结果中的 gathered 键中返回。 状态 parsed 从 选择
|
注释
注意
已在 CML 上的 Cisco IOSXE 版本 17.3 上进行了测试。
此模块使用连接
network_cli。请参阅 https://docs.ansible.org.cn/ansible/latest/network/user_guide/platform_ios.html
示例
# Using Merged
# Before state:
# -------------
#
# vios#sh running-config | include interface|ip access-group|ipv6 traffic-filter
# interface Loopback888
# interface GigabitEthernet0/0
# interface GigabitEthernet0/1
# interface GigabitEthernet0/2
# ip access-group 123 out
- name: Merge module attributes of given access-groups
cisco.ios.ios_acl_interfaces:
config:
- name: GigabitEthernet0/1
access_groups:
- afi: ipv4
acls:
- name: 110
direction: in
- name: 123
direction: out
- afi: ipv6
acls:
- name: test_v6
direction: out
- name: temp_v6
direction: in
- name: GigabitEthernet0/2
access_groups:
- afi: ipv4
acls:
- name: 100
direction: in
state: merged
# Commands Fired:
# ---------------
#
# interface GigabitEthernet0/1
# ip access-group 110 in
# ip access-group 123 out
# ipv6 traffic-filter test_v6 out
# ipv6 traffic-filter temp_v6 in
# interface GigabitEthernet0/2
# ip access-group 100 in
# After state:
# -------------
#
# vios#sh running-config | include interface|ip access-group|ipv6 traffic-filter
# interface Loopback888
# interface GigabitEthernet0/0
# interface GigabitEthernet0/1
# ip access-group 110 in
# ip access-group 123 out
# ipv6 traffic-filter test_v6 out
# ipv6 traffic-filter temp_v6 in
# interface GigabitEthernet0/2
# ip access-group 110 in
# ip access-group 123 out
# Using Replaced
# Before state:
# -------------
#
# vios#sh running-config | include interface|ip access-group|ipv6 traffic-filter
# interface Loopback888
# interface GigabitEthernet0/0
# interface GigabitEthernet0/1
# ip access-group 110 in
# ip access-group 123 out
# ipv6 traffic-filter test_v6 out
# ipv6 traffic-filter temp_v6 in
# interface GigabitEthernet0/2
# ip access-group 110 in
# ip access-group 123 out
- name: Replace module attributes of given access-groups
cisco.ios.ios_acl_interfaces:
config:
- name: GigabitEthernet0/1
access_groups:
- afi: ipv4
acls:
- name: 100
direction: out
- name: 110
direction: in
state: replaced
# Commands Fired:
# ---------------
#
# interface GigabitEthernet0/1
# no ip access-group 123 out
# no ipv6 traffic-filter temp_v6 in
# no ipv6 traffic-filter test_v6 out
# ip access-group 100 out
# After state:
# -------------
#
# vios#sh running-config | include interface|ip access-group|ipv6 traffic-filter
# interface Loopback888
# interface GigabitEthernet0/0
# interface GigabitEthernet0/1
# ip access-group 100 out
# ip access-group 110 in
# interface GigabitEthernet0/2
# ip access-group 110 in
# ip access-group 123 out
# Using Overridden
# Before state:
# -------------
#
# vios#sh running-config | include interface|ip access-group|ipv6 traffic-filter
# interface Loopback888
# interface GigabitEthernet0/0
# interface GigabitEthernet0/1
# ip access-group 110 in
# ip access-group 123 out
# ipv6 traffic-filter test_v6 out
# ipv6 traffic-filter temp_v6 in
# interface GigabitEthernet0/2
# ip access-group 110 in
# ip access-group 123 out
- name: Overridden module attributes of given access-groups
cisco.ios.ios_acl_interfaces:
config:
- name: GigabitEthernet0/1
access_groups:
- afi: ipv4
acls:
- name: 100
direction: out
- name: 110
direction: in
state: overridden
# Commands Fired:
# ---------------
#
# interface GigabitEthernet0/1
# no ip access-group 123 out
# no ipv6 traffic-filter test_v6 out
# no ipv6 traffic-filter temp_v6 in
# ip access-group 100 out
# interface GigabitEthernet0/2
# no ip access-group 110 in
# no ip access-group 123 out
# After state:
# -------------
#
# vios#sh running-config | include interface|ip access-group|ipv6 traffic-filter
# interface Loopback888
# interface GigabitEthernet0/0
# interface GigabitEthernet0/1
# ip access-group 100 out
# ip access-group 110 in
# interface GigabitEthernet0/2
# Using Deleted
# Before state:
# -------------
#
# vios#sh running-config | include interface|ip access-group|ipv6 traffic-filter
# interface Loopback888
# interface GigabitEthernet0/0
# interface GigabitEthernet0/1
# ip access-group 110 in
# ip access-group 123 out
# ipv6 traffic-filter test_v6 out
# ipv6 traffic-filter temp_v6 in
# interface GigabitEthernet0/2
# ip access-group 110 in
# ip access-group 123 out
- name: Delete module attributes of given Interface
cisco.ios.ios_acl_interfaces:
config:
- name: GigabitEthernet0/1
state: deleted
# Commands Fired:
# ---------------
#
# interface GigabitEthernet0/1
# no ip access-group 110 in
# no ip access-group 123 out
# no ipv6 traffic-filter test_v6 out
# no ipv6 traffic-filter temp_v6 in
# After state:
# -------------
#
# vios#sh running-config | include interface|ip access-group|ipv6 traffic-filter
# interface Loopback888
# interface GigabitEthernet0/0
# interface GigabitEthernet0/1
# interface GigabitEthernet0/2
# ip access-group 110 in
# ip access-group 123 out
# Using DELETED without any config passed
# "(NOTE: This will delete all of configured resource module attributes from each configured interface)"
# Before state:
# -------------
#
# vios#sh running-config | include interface|ip access-group|ipv6 traffic-filter
# interface Loopback888
# interface GigabitEthernet0/0
# interface GigabitEthernet0/1
# ip access-group 110 in
# ip access-group 123 out
# ipv6 traffic-filter test_v6 out
# ipv6 traffic-filter temp_v6 in
# interface GigabitEthernet0/2
# ip access-group 110 in
# ip access-group 123 out
- name: Delete module attributes of given access-groups from ALL Interfaces
cisco.ios.ios_acl_interfaces:
config:
state: deleted
# Commands Fired:
# ---------------
#
# interface GigabitEthernet0/1
# no ip access-group 110 in
# no ip access-group 123 out
# no ipv6 traffic-filter test_v6 out
# no ipv6 traffic-filter temp_v6 in
# interface GigabitEthernet0/2
# no ip access-group 110 out
# no ip access-group 123 out
# After state:
# -------------
#
# vios#sh running-config | include interface|ip access-group|ipv6 traffic-filter
# interface Loopback888
# interface GigabitEthernet0/0
# interface GigabitEthernet0/1
# interface GigabitEthernet0/2
# Using Gathered
# Before state:
# -------------
#
# vios#sh running-config | include interface|ip access-group|ipv6 traffic-filter
# interface Loopback888
# interface GigabitEthernet0/0
# interface GigabitEthernet0/1
# ip access-group 110 in
# ip access-group 123 out
# ipv6 traffic-filter test_v6 out
# ipv6 traffic-filter temp_v6 in
# interface GigabitEthernet0/2
# ip access-group 110 in
# ip access-group 123 out
- name: Gather listed acl interfaces with provided configurations
cisco.ios.ios_acl_interfaces:
config:
state: gathered
# Module Execution Result:
# ------------------------
#
# "gathered": [
# {
# "name": "Loopback888"
# },
# {
# "name": "GigabitEthernet0/0"
# },
# {
# "access_groups": [
# {
# "acls": [
# {
# "direction": "in",
# "name": "110"
# },
# {
# "direction": "out",
# "name": "123"
# }
# ],
# "afi": "ipv4"
# },
# {
# "acls": [
# {
# "direction": "in",
# "name": "temp_v6"
# },
# {
# "direction": "out",
# "name": "test_v6"
# }
# ],
# "afi": "ipv6"
# }
# ],
# "name": "GigabitEthernet0/1"
# },
# {
# "access_groups": [
# {
# "acls": [
# {
# "direction": "in",
# "name": "100"
# },
# {
# "direction": "out",
# "name": "123"
# }
# ],
# "afi": "ipv4"
# }
# ],
# "name": "GigabitEthernet0/2"
# }
# ]
# After state:
# ------------
#
# vios#sh running-config | include interface|ip access-group|ipv6 traffic-filter
# interface Loopback888
# interface GigabitEthernet0/0
# interface GigabitEthernet0/1
# ip access-group 110 in
# ip access-group 123 out
# ipv6 traffic-filter test_v6 out
# ipv6 traffic-filter temp_v6 in
# interface GigabitEthernet0/2
# ip access-group 110 in
# ip access-group 123 out
# Using Rendered
- name: Render the commands for provided configuration
cisco.ios.ios_acl_interfaces:
config:
- name: GigabitEthernet0/1
access_groups:
- afi: ipv4
acls:
- name: 110
direction: in
- name: 123
direction: out
- afi: ipv6
acls:
- name: test_v6
direction: out
- name: temp_v6
direction: in
state: rendered
# Module Execution Result:
# ------------------------
#
# "rendered": [
# "interface GigabitEthernet0/1",
# "ip access-group 110 in",
# "ip access-group 123 out",
# "ipv6 traffic-filter temp_v6 in",
# "ipv6 traffic-filter test_v6 out"
# ]
# Using Parsed
# File: parsed.cfg
# ----------------
#
# interface GigabitEthernet0/1
# ip access-group 110 in
# ip access-group 123 out
# ipv6 traffic-filter temp_v6 in
# ipv6 traffic-filter test_v6 out
- name: Parse the commands for provided configuration
cisco.ios.ios_acl_interfaces:
running_config: "{{ lookup('file', 'parsed.cfg') }}"
state: parsed
# Module Execution Result:
# ------------------------
#
# "parsed": [
# {
# "access_groups": [
# {
# "acls": [
# {
# "direction": "in",
# "name": "110"
# }
# ],
# "afi": "ipv4"
# },
# {
# "acls": [
# {
# "direction": "in",
# "name": "temp_v6"
# }
# ],
# "afi": "ipv6"
# }
# ],
# "name": "GigabitEthernet0/1"
# }
# ]
返回值
常见返回值记录在 此处,以下是此模块独有的字段
键 |
描述 |
|---|---|
模块执行后的结果配置。 返回:当发生更改时 示例: |
|
模块执行之前的配置。 返回: 当 state 为 示例: |
|
推送到远程设备的命令集合。 返回: 当 state 为 示例: |
|
从远程设备收集的网络资源的事实,以结构化数据的形式呈现。 返回: 当 state 为 示例: |
|
根据模块的 argspec,将 running_config 选项中提供的设备原生配置解析为结构化数据。 返回: 当 state 为 示例: |
|
任务中提供的配置以设备原生格式(离线)呈现。 返回: 当 state 为 示例: |