arista.eos.eos_acl_interfaces – ACL interfaces resource module

From Get docs
Ansible/docs/2.11/collections/arista/eos/eos acl interfaces module


arista.eos.eos_acl_interfaces – ACL interfaces resource module

Note

This plugin is part of the arista.eos collection (version 1.3.0).

To install it use: ansible-galaxy collection install arista.eos.

To use it in a playbook, specify: arista.eos.eos_acl_interfaces.


New in version 1.0.0: of arista.eos


Synopsis

  • This module manages adding and removing Access Control Lists (ACLs) from interfaces on devices running EOS software.

Note

This module has a corresponding action plugin.


Parameters

Parameter Choices/Defaults Comments

config

list / elements=dictionary

A dictionary of ACL options for interfaces.

access_groups

list / elements=dictionary

Specifies ACLs attached to the interfaces.

acls

list / elements=dictionary

Specifies the ACLs for the provided AFI.

direction

string / required

  • in
  • out

Specifies the direction of packets that the ACL will be applied on.

name

string / required

Specifies the name of the IPv4/IPv4 ACL for the interface.

afi

string / required

  • ipv4
  • ipv6

Specifies the AFI for the ACL(s) to be configured on this interface.

name

string / required

Name/Identifier for the interface.

running_config

string

The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The running_config argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command

state

string

  • merged

  • replaced
  • overridden
  • deleted
  • gathered
  • parsed
  • rendered

The state the configuration should be left in.



Examples

# Using Merged

# Before state:
# -------------
#
# eos#sh running-config | include interface|access-group
# interface Ethernet1
# interface Ethernet2
# interface Ethernet3

- name: Merge module attributes of given access-groups
  arista.eos.eos_acl_interfaces:
    config:
    - name: Ethernet2
      access_groups:
      - afi: ipv4
        acls:
          name: acl01
          direction: in
      - afi: ipv6
        acls:
          name: acl03
          direction: out
    state: merged

# Commands Fired:
# ---------------
#
# interface Ethernet2
# ip access-group acl01 in
# ipv6 access-group acl03 out

# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
#  ip access-group acl01 in
#  ipv6 access-group acl03 out
# interface Ethernet3


# Using Replaced

# Before state:
# -------------
#
# eos#sh running-config | include interface|access-group
# interface Ethernet1
# interface Ethernet2
#  ip access-group acl01 in
#  ipv6 access-group acl03 out
# interface Ethernet3
#  ip access-group acl01 in

- name: Replace module attributes of given access-groups
  arista.eos.eos_acl_interfaces:
    config:
    - name: Ethernet2
      access_groups:
      - afi: ipv4
        acls:
          name: acl01
          direction: out
    state: replaced

# Commands Fired:
# ---------------
#
# interface Ethernet2
# no ip access-group acl01 in
# no ipv6 access-group acl03 out
# ip access-group acl01 out

# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
#  ip access-group acl01 out
# interface Ethernet3
#  ip access-group acl01 in


# Using Overridden

# Before state:
# -------------
#
# eos#sh running-config | include interface|access-group
# interface Ethernet1
# interface Ethernet2
#  ip access-group acl01 in
#  ipv6 access-group acl03 out
# interface Ethernet3
#  ip access-group acl01 in

- name: Override module attributes of given access-groups
  arista.eos.eos_acl_interfaces:
    config:
    - name: Ethernet2
      access_groups:
      - afi: ipv4
        acls:
          name: acl01
          direction: out
    state: overridden

# Commands Fired:
# ---------------
#
# interface Ethernet2
# no ip access-group acl01 in
# no ipv6 access-group acl03 out
# ip access-group acl01 out
# interface Ethernet3
# no ip access-group acl01 in

# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
#  ip access-group acl01 out
# interface Ethernet3


# Using Deleted

# Before state:
# -------------
#
# eos#sh running-config | include interface|access-group
# interface Ethernet1
# interface Ethernet2
#  ip access-group acl01 in
#  ipv6 access-group acl03 out
# interface Ethernet3
#  ip access-group acl01 out

- name: Delete module attributes of given access-groups
  arista.eos.eos_acl_interfaces:
    config:
    - name: Ethernet2
      access_groups:
      - afi: ipv4
        acls:
          name: acl01
          direction: in
      - afi: ipv6
        acls:
          name: acl03
          direction: out
    state: deleted

# Commands Fired:
# ---------------
#
# interface Ethernet2
# no ip access-group acl01 in
# no ipv6 access-group acl03 out

# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
# interface Ethernet3
#  ip access-group acl01 out


# Before state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Ethernet1
# interface Ethernet2
#  ip access-group acl01 in
#  ipv6 access-group acl03 out
# interface Ethernet3
#  ip access-group acl01 out

- name: Delete module attributes of given access-groups from ALL Interfaces
  arista.eos.eos_acl_interfaces:
    config:
    state: deleted

# Commands Fired:
# ---------------
#
# interface Ethernet2
# no ip access-group acl01 in
# no ipv6 access-group acl03 out
# interface Ethernet3
# no ip access-group acl01 out

# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
# interface Ethernet3

# Before state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Ethernet1
# interface Ethernet2
#  ip access-group acl01 in
#  ipv6 access-group acl03 out
# interface Ethernet3
#  ip access-group acl01 out

- name: Delete acls under afi
  arista.eos.eos_acl_interfaces:
    config:
    - name: Ethernet3
      access_groups:
      - afi: ipv4
    - name: Ethernet2
      access_groups:
      - afi: ipv6
    state: deleted

# Commands Fired:
# ---------------
#
# interface Ethernet2
# no ipv6 access-group acl03 out
# interface Ethernet3
# no ip access-group acl01 out

# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
#   ip access-group acl01 in
# interface Ethernet3

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

after

list / elements=string

when changed

The resulting configuration model invocation.


Sample:

The configuration returned will always be in the same format of the parameters above.

before

list / elements=string

always

The configuration prior to the model invocation.


Sample:

The configuration returned will always be in the same format of the parameters above.

commands

list / elements=string

always

The set of commands pushed to the remote device.


Sample:

['interface Ethernet2', 'ip access-group acl01 in', 'ipv6 access-group acl03 out', 'interface Ethernet3', 'ip access-group acl01 out']




Authors

  • GomathiSelvi S (@GomathiselviS)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/arista/eos/eos_acl_interfaces_module.html