cisco.iosxr.iosxr_acl_interfaces 模块 – 用于配置 ACL 接口的资源模块。
注意
此模块是 cisco.iosxr 集合(版本 10.2.2)的一部分。
如果您正在使用 ansible 包,您可能已经安装了此集合。它不包含在 ansible-core 中。要检查是否已安装,请运行 ansible-galaxy collection list。
要安装它,请使用:ansible-galaxy collection install cisco.iosxr。
要在 playbook 中使用它,请指定:cisco.iosxr.iosxr_acl_interfaces。
cisco.iosxr 1.0.0 中的新增功能
概要
此模块管理在运行 IOS-XR 软件的设备上添加和删除接口的访问控制列表 (ACL)。
参数
参数 |
注释 |
|---|---|
接口的 ACL 选项字典。 |
|
指定附加到接口的 ACL。 |
|
指定提供的 AFI 的 ACL。 |
|
指定将应用 ACL 的数据包方向。 选项
|
|
指定接口的 IPv4/IPv6 ACL 的名称。 |
|
指定要在此接口上配置的 ACL 的 AFI。 选项
|
|
接口的名称/标识符 |
|
此选项仅与状态parsed一起使用。 此选项的值应是通过执行命令 show running-config interface 从 IOS-XR 设备收到的输出。 状态parsed从 |
|
配置应保留的状态。 选项
|
示例
# Using merged
# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:22:32.911 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# !
- name: Merge the provided configuration with the existing running configuration
cisco.iosxr.iosxr_acl_interfaces:
config:
- name: GigabitEthernet0/0/0/0
access_groups:
- afi: ipv4
acls:
- name: acl_1
direction: in
- name: acl_2
direction: out
- afi: ipv6
acls:
- name: acl6_1
direction: in
- name: acl6_2
direction: out
- name: GigabitEthernet0/0/0/1
access_groups:
- afi: ipv4
acls:
- name: acl_1
direction: out
state: merged
# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:27:49.378 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 egress
# !
# Using merged to update interface ACL configuration
# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:27:49.378 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 egress
# !
#
- name: Update acl_interfaces configuration using merged
cisco.iosxr.iosxr_acl_interfaces:
config:
- name: GigabitEthernet0/0/0/1
access_groups:
- afi: ipv4
acls:
- name: acl_2
direction: out
- name: acl_1
direction: in
state: merged
# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:27:49.378 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# !
#
# Using replaced
# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 egress
# !
- name: >-
Replace device configurations of listed interface with provided
configurations
cisco.iosxr.iosxr_acl_interfaces:
config:
- name: GigabitEthernet0/0/0/0
access_groups:
- afi: ipv6
acls:
- name: acl6_3
direction: in
state: replaced
# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv6 access-group acl6_3 ingress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 egress
# !
#
# Using overridden
# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 egress
# !
#
- name: Overridde all interface ACL configuration with provided configuration
cisco.iosxr.iosxr_acl_interfaces:
config:
- name: GigabitEthernet0/0/0/1
access_groups:
- afi: ipv4
acls:
- name: acl_2
direction: in
- afi: ipv6
acls:
- name: acl6_3
direction: out
state: overridden
# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_2 ingress
# ipv6 access-group acl6_3 egress
# !
#
# Using 'deleted' to delete all ACL attributes of a single interface
# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 egress
# !
#
- name: Delete all ACL attributes of GigabitEthernet0/0/0/1
cisco.iosxr.iosxr_acl_interfaces:
config:
- name: GigabitEthernet0/0/0/1
state: deleted
# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# !
#
# Using 'deleted' to remove all ACLs attached to all the interfaces in the device
# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 egress
# !
#
- name: Delete all ACL interfaces configuration from the device
cisco.iosxr.iosxr_acl_interfaces:
state: deleted
# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# !
#
# Using parsed
# parsed.cfg
# ------------
#
# interface MgmtEth0/RP0/CPU0/0
# ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
# shutdown
# ipv4 access-group acl_1 ingress
# ipv4 access-group acl_2 egress
# ipv6 access-group acl6_1 ingress
# ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
# shutdown
# ipv4 access-group acl_1 egress
# !
# - name: Convert ACL interfaces config to argspec without connecting to the appliance
# cisco.iosxr.iosxr_acl_interfaces:
# running_config: "{{ lookup('file', './parsed.cfg') }}"
# state: parsed
# Task Output (redacted)
# -----------------------
# "parsed": [
# {
# "name": "MgmtEth0/RP0/CPU0/0"
# },
# {
# "access_groups": [
# {
# "acls": [
# {
# "direction": "in",
# "name": "acl_1"
# },
# {
# "direction": "out",
# "name": "acl_2"
# }
# ],
# "afi": "ipv4"
# },
# {
# "acls": [
# {
# "direction": "in",
# "name": "acl6_1"
# },
# {
# "direction": "out",
# "name": "acl6_2"
# }
# ],
# "afi": "ipv6"
# }
# ],
# "name": "GigabitEthernet0/0/0/0"
# },
# {
# "access_groups": [
# {
# "acls": [
# {
# "direction": "out",
# "name": "acl_1"
# }
# ],
# "afi": "ipv4"
# }
# ],
# "name": "GigabitEthernet0/0/0/1"
# }
# ]
# }
# Using gathered
- name: Gather ACL interfaces facts using gathered state
cisco.iosxr.iosxr_acl_interfaces:
state: gathered
# Task Output (redacted)
# -----------------------
#
# "gathered": [
# {
# "name": "MgmtEth0/RP0/CPU0/0"
# },
# {
# "access_groups": [
# {
# "acls": [
# {
# "direction": "in",
# "name": "acl_1"
# },
# {
# "direction": "out",
# "name": "acl_2"
# }
# ],
# "afi": "ipv4"
# }
# "name": "GigabitEthernet0/0/0/0"
# },
# {
# "access_groups": [
# {
# "acls": [
# {
# "direction": "in",
# "name": "acl6_1"
# }
# ],
# "afi": "ipv6"
# }
# "name": "GigabitEthernet0/0/0/1"
# }
# ]
# Using rendered
- name: Render platform specific commands from task input using rendered state
cisco.iosxr.iosxr_acl_interfaces:
config:
- name: GigabitEthernet0/0/0/0
access_groups:
- afi: ipv4
acls:
- name: acl_1
direction: in
- name: acl_2
direction: out
state: rendered
# Task Output (redacted)
# -----------------------
# "rendered": [
# "interface GigabitEthernet0/0/0/0",
# "ipv4 access-group acl_1 ingress",
# "ipv4 access-group acl_2 egress"
# ]
返回值
常见的返回值记录在此处,以下是此模块独有的字段
键 |
描述 |
|---|---|
生成的配置模型调用。 返回:当更改时 示例: |
|
模型调用之前的配置。 返回:始终 示例: |
|
推送到远程设备的命令集。 返回:始终 示例: |