cisco.nxos.nxos_prefix_lists 模块 – 前缀列表资源模块。
注意
此模块是 cisco.nxos 集合 (版本 9.2.1) 的一部分。
如果您正在使用 ansible 包,则可能已安装此集合。它不包含在 ansible-core 中。要检查它是否已安装,请运行 ansible-galaxy collection list。
要安装它,请使用: ansible-galaxy collection install cisco.nxos。
要在 playbook 中使用它,请指定: cisco.nxos.nxos_prefix_lists。
cisco.nxos 2.4.0 中的新增功能
概要
此模块管理运行 Cisco NX-OS 的设备上的前缀列表配置。
参数
参数 |
注释 |
|---|---|
前缀列表配置列表。 |
|
前缀列表的地址族标识符 (AFI)。 选项
|
|
前缀列表配置列表。 |
|
前缀列表的描述 |
|
指定前缀列表的配置列表 |
|
前缀列表许可或拒绝。 选项
|
|
要匹配的精确前缀长度。 |
|
要匹配的最小前缀长度。 |
|
要匹配的最大前缀长度。 |
|
显式匹配掩码。 |
|
A.B.C.D/LEN 或 A:B::C:D/LEN 格式的 IP 或 IPv6 前缀。 |
|
序列号。 |
|
前缀列表的名称。 |
|
此选项仅与 state *parsed* 一起使用。 此选项的值应是从 NX-OS 设备通过执行命令 show running-config | section ‘^ip(.* prefix-list’ 获得的输出。 state *parsed* 从 |
|
配置应保留的状态。 有关更多详细信息,请参阅示例。 对于 state *replaced*,对于列出的前缀列表,运行配置中存在但在任务中不存在的序列将被否定。 对于 state *overridden*,运行配置中存在但在任务中不存在的所有前缀列表都将被否定。 有关更多详细信息,请参阅示例。 选项
|
备注
注意
针对 NX-OS 9.3.6 进行了测试。
不支持 Cisco MDS
此模块可与连接
network_cli和httpapi配合使用。
示例
# Using merged
# Before state:
# -------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# nxos-9k-rdo#
- name: Merge the provided configuration with the existing running configuration
cisco.nxos.nxos_prefix_lists:
config:
- afi: ipv4
prefix_lists:
- name: AllowPrefix
description: allows engineering IPv4 networks
entries:
- sequence: 10
action: permit
prefix: 192.0.2.0/23
eq: 24
- sequence: 20
action: permit
prefix: 198.51.100.128/26
- name: DenyPrefix
description: denies lab IPv4 networks
entries:
- sequence: 20
action: deny
prefix: 203.0.113.0/24
le: 25
- afi: ipv6
prefix_lists:
- name: AllowIPv6Prefix
description: allows engineering IPv6 networks
entries:
- sequence: 8
action: permit
prefix: "2001:db8:400::/38"
- sequence: 20
action: permit
prefix: "2001:db8:8000::/35"
le: 37
# Task output
# -------------
# before: []
#
# commands:
# - "ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks"
# - "ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38"
# - "ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37"
# - "ip prefix-list AllowPrefix description allows engineering IPv4 networks"
# - "ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24"
# - "ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26"
# - "ip prefix-list DenyPrefix description denies lab IPv4 networks"
# - "ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25"
#
# after:
# - afi: ipv4
# prefix_lists:
# - description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 192.0.2.0/23
# eq: 24
# - sequence: 20
# action: permit
# prefix: 198.51.100.128/26
# name: AllowPrefix
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
# After state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24
# ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
# Using replaced
# Before state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24
# ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
- name: Replace prefix-lists configurations of listed prefix-lists with provided configurations
cisco.nxos.nxos_prefix_lists:
config:
- afi: ipv4
prefix_lists:
- name: AllowPrefix
description: allows engineering IPv4 networks
entries:
- sequence: 10
action: permit
prefix: 203.0.113.64/27
- sequence: 30
action: permit
prefix: 203.0.113.96/27
- name: AllowPrefix2Stub
description: allow other engineering IPv4 network
state: replaced
# Task output
# -------------
# before:
# - afi: ipv4
# prefix_lists:
# - description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 192.0.2.0/23
# eq: 24
# - sequence: 20
# action: permit
# prefix: 198.51.100.128/26
# name: AllowPrefix
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
#
# commands:
# - "no ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24"
# - "ip prefix-list AllowPrefix seq 10 permit 203.0.113.64/27"
# - "ip prefix-list AllowPrefix seq 30 permit 203.0.113.96/27"
# - "no ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26"
# - "ip prefix-list AllowPrefix2Stub description allow other engineering IPv4 network"
#
# after:
# - afi: ipv4
# prefix_lists:
# - description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 203.0.113.64/27
# - sequence: 30
# action: permit
# prefix: 203.0.113.96/27
# name: AllowPrefix
# - description: allow other engineering IPv4 network
# name: AllowPrefix2Stub
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
#
# After state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 203.0.113.64/27
# ip prefix-list AllowPrefix seq 30 permit 203.0.113.96/27
# ip prefix-list AllowPrefix2Stub description allow other engineering IPv4 network
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
# Using overridden
# Before state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24
# ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
- name: Override all prefix-lists configuration with provided configuration
cisco.nxos.nxos_prefix_lists: &id003
config:
- afi: ipv4
prefix_lists:
- name: AllowPrefix
description: allows engineering IPv4 networks
entries:
- sequence: 10
action: permit
prefix: 203.0.113.64/27
- sequence: 30
action: permit
prefix: 203.0.113.96/27
- name: AllowPrefix2Stub
description: allow other engineering IPv4 network
state: overridden
# Task output
# -------------
# before:
# - afi: ipv4
# prefix_lists:
# - description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 192.0.2.0/23
# eq: 24
# - sequence: 20
# action: permit
# prefix: 198.51.100.128/26
# name: AllowPrefix
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
#
# commands:
# - "no ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24"
# - "ip prefix-list AllowPrefix seq 10 permit 203.0.113.64/27"
# - "ip prefix-list AllowPrefix seq 30 permit 203.0.113.96/27"
# - "no ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26"
# - "ip prefix-list AllowPrefix2Stub description allow other engineering IPv4 network"
# - "no ip prefix-list DenyPrefix"
# - "no ipv6 prefix-list AllowIPv6Prefix"
#
# after:
# - afi: ipv4
# prefix_lists:
# - name: AllowPrefix
# description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 203.0.113.64/27
#
# - sequence: 30
# action: permit
# prefix: 203.0.113.96/27
# - name: AllowPrefix2Stub
# description: allow other engineering IPv4 network
#
# After state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 203.0.113.64/27
# ip prefix-list AllowPrefix seq 30 permit 203.0.113.96/27
# ip prefix-list AllowPrefix2Stub description allow other engineering IPv4 network
# Using deleted to delete a all prefix lists for an AFI
# Before state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24
# ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
- name: Delete all prefix-lists for an AFI
cisco.nxos.nxos_prefix_lists:
config:
- afi: ipv4
state: deleted
register: result
# Task output
# -------------
# before:
# - afi: ipv4
# prefix_lists:
# - description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 192.0.2.0/23
# eq: 24
# - sequence: 20
# action: permit
# prefix: 198.51.100.128/26
# name: AllowPrefix
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
#
# commands:
# - "no ip prefix-list AllowPrefix"
# - "no ip prefix-list DenyPrefix"
#
# after:
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
#
# After state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
# Using deleted to delete a single prefix-list
# Before state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24
# ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
- name: Delete a single prefix-list
cisco.nxos.nxos_prefix_lists:
config:
- afi: ipv4
prefix_lists:
- name: AllowPrefix
state: deleted
# Task output
# -------------
# before:
# - afi: ipv4
# prefix_lists:
# - description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 192.0.2.0/23
# eq: 24
# - sequence: 20
# action: permit
# prefix: 198.51.100.128/26
# name: AllowPrefix
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
#
# commands:
# - "no ip prefix-list AllowPrefix"
#
# after:
# - afi: ipv4
# prefix_lists:
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
#
# After state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
# Using deleted to delete all prefix-lists from the device
# Before state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24
# ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
- name: Delete all prefix-lists
cisco.nxos.nxos_prefix_lists:
state: deleted
# Task output
# -------------
# before:
# - afi: ipv4
# prefix_lists:
# - description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 192.0.2.0/23
# eq: 24
# - sequence: 20
# action: permit
# prefix: 198.51.100.128/26
# name: AllowPrefix
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
#
# commands:
# - "no ip prefix-list AllowPrefix"
# - "no ip prefix-list DenyPrefix"
# - "no ipv6 prefix-list AllowIPv6Prefix"
#
# after: []
#
# After state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# nxos-9k-rdo#
# Using rendered
- name: Render platform specific configuration lines with state rendered (without connecting to the device)
cisco.nxos.nxos_prefix_lists: &id001
config:
- afi: ipv4
prefix_lists:
- name: AllowPrefix
description: allows engineering IPv4 networks
entries:
- sequence: 10
action: permit
prefix: 192.0.2.0/23
eq: 24
- sequence: 20
action: permit
prefix: 198.51.100.128/26
- name: DenyPrefix
description: denies lab IPv4 networks
entries:
- sequence: 20
action: deny
prefix: 203.0.113.0/24
le: 25
- afi: ipv6
prefix_lists:
- name: AllowIPv6Prefix
description: allows engineering IPv6 networks
entries:
- sequence: 8
action: permit
prefix: "2001:db8:400::/38"
- sequence: 20
action: permit
prefix: "2001:db8:8000::/35"
le: 37
state: rendered
# Task Output (redacted)
# -----------------------
# rendered:
# - afi: ipv4
# prefix_lists:
# - description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 192.0.2.0/23
# eq: 24
# - sequence: 20
# action: permit
# prefix: 198.51.100.128/26
# name: AllowPrefix
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
# Using parsed
# parsed.cfg
# ------------
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24
# ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
- name: Parse externally provided prefix-lists configuration
register: result
cisco.nxos.nxos_prefix_lists:
running_config: "{{ lookup('file', './parsed.cfg') }}"
state: parsed
# Task output (redacted)
# -----------------------
# parsed:
# - afi: ipv4
# prefix_lists:
# - description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 192.0.2.0/23
# eq: 24
# - sequence: 20
# action: permit
# prefix: 198.51.100.128/26
# name: AllowPrefix
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix