arubanetworks / arubanetworks.aoscx / 4.3.2 / module / aoscx_l2_interface Create or Update or Delete Layer2 Interface configuration on AOS-CX. | "added in version" 2.8.0 of arubanetworks.aoscx" Authors: Aruba Networks (@ArubaNetworks) preview | supported by certifiedarubanetworks.aoscx.aoscx_l2_interface (4.3.2) — module
Install with ansible-galaxy collection install arubanetworks.aoscx:==4.3.2
collections: - name: arubanetworks.aoscx version: 4.3.2
This modules provides configuration management of Layer2 Interfaces on AOS-CX devices, including Port Security features. For platform 8360, Port Security is supported from REST v10.09 upwards.
- name: Configure Interface 1/1/13 - set allowed MAC address aoscx_l2_interface: name: 1/1/13 port_security_enable: true port_security_macs: - AA:BB:CC:DD:EE:FF
- name: > Configure Interface 1/1/13 - retain an allowed mac address by changing its setting to sticky mac. aoscx_l2_interface: name: 1/1/13 port_security_enable: true port_security_sticky_learning: true port_security_sticky_macs: - mac: AA:BB:CC:DD:EE:FF vlans: - 1 - 2 - 3
- name: > Configure Interface 1/1/13 - retain an allowed mac address by changing its setting to sticky mac. aoscx_l2_interface: name: 1/1/13 port_security_enable: true port_security_sticky_learning: true port_security_sticky_macs: - mac: AA:BB:CC:DD:EE:FF vlans: []
- name: > Configure Interface 1/1/13 - set intrusion action to disable the interface if it identifies a MAC address that is not on the allow list. aoscx_l2_interface: name: 1/1/13 port_security_enable: true port_security_violation_action: shutdown port_security_recovery_time: 60
- name: > Configure Interface 1/1/13 - set port security to dynamically add the first 8 addresses it sees to the allowed MAC address list. aoscx_l2_interface: name: 1/1/13 port_security_enable: true port_security_client_limit: 8 port_security_sticky_learning: true
- name: > Configure Interface 1/1/3 - enable port security for a total of 10 MAC addresses with sticky MAC learning, and two user set MAC addresses. aoscx_l2_interface: interface: 1/1/3 port_security_enable: true port_security_client_limit: 10 port_security_sticky_learning: true port_security_macs: - 11:22:33:44:55:66 - AA:BB:CC:DD:EE:FF
- name: > Configure Interface 1/1/13 - remove allowed MAC address AA:BB:CC:DD:EE:FF aoscx_l2_interface: name: 1/1/13 port_security_enable: true port_security_macs: - AA:BB:CC:DD:EE:FF state: delete
- name: Configure Interface 1/1/13 - delete configuration of client limit. aoscx_l2_interface: name: 1/1/13 port_security_enable: true port_security_client_limit: 2 state: delete
- name: > Configure Interface 1/1/13 - delete configuration of recovery time. aoscx_l2_interface: name: 1/1/13 port_security_enable: true port_security_recovery_time: 60 state: delete
- name: Configure Interface 1/1/13 - disable port security. aoscx_l2_interface: name: 1/1/13 port_security_enable: false
- name: > Configure Interface 1/1/2 - enable interface and vsx-sync features IMPORTANT NOTE: the aoscx_interface module is needed to enable the interface and set the VSX features to be synced. aoscx_interface: name: 1/1/2 enabled: true vsx_sync: - acl - irdp - qos - rate_limits - vlan - vsx_virtual
- name: Configure Interface 1/1/3 - vlan trunk allowed all aoscx_l2_interface: interface: 1/1/3 vlan_mode: trunk trunk_allowed_all: true
- name: Delete Interface 1/1/3 aoscx_l2_interface: interface: 1/1/3 state: delete
- name: Configure Interface 1/1/1 - vlan trunk allowed 200 aoscx_l2_interface: interface: 1/1/1 vlan_mode: trunk vlan_trunks: 200
- name: Configure Interface 1/1/1 - vlan trunk allowed 200,300 aoscx_l2_interface: interface: 1/1/1 vlan_mode: trunk vlan_trunks: - 200 - 300
- name: > Configure Interface 1/1/1 - vlan trunks allowed 200, 300, vlan trunk native 200. aoscx_l2_interface: interface: 1/1/3 vlan_mode: trunk vlan_trunks: - 200 - 300 native_vlan_id: '200'
- name: Configure Interface 1/1/4 - vlan access 200 aoscx_l2_interface: interface: 1/1/4 vlan_mode: access vlan_access: '200'
- name: > Configure Interface 1/1/5 - vlan trunk allowed all, vlan trunk native 200 tag. aoscx_l2_interface: interface: 1/1/5 vlan_mode: trunk trunk_allowed_all: true native_vlan_id: '200' native_vlan_tag: true
- name: > Configure Interface 1/1/6 - vlan trunk allowed all, vlan trunk native 200. aoscx_l2_interface: interface: 1/1/6 vlan_mode: trunk trunk_allowed_all: true native_vlan_id: '200'
state: choices: - create - update - delete default: create description: Create, Update, or Delete Layer2 Interface. required: false type: str interface: description: 'Interface name, should be in the format chassis/slot/port, i.e. 1/2/3, 1/1/32. Please note, if the interface is a Layer3 interface in the existing configuration and the user wants to change the interface to be Layer2, the user must delete the L3 interface then recreate the interface as a Layer2. ' required: true type: str vlan_mode: choices: - access - trunk description: VLAN mode on interface, access or trunk. required: false type: str description: description: Description of interface. required: false type: str vlan_access: description: Access VLAN ID, vlan_mode must be set to access. required: false type: str vlan_trunks: description: List of trunk VLAN IDs, vlan_mode must be set to trunk. elements: str required: false type: list native_vlan_id: description: VLAN trunk native VLAN ID, vlan_mode must be set to trunk. required: false type: str native_vlan_tag: description: 'Flag for accepting only tagged packets on VLAN trunk native, vlan_mode must be set to trunk. ' required: false type: bool trunk_allowed_all: description: 'Flag for vlan trunk allowed all on L2 interface, vlan_mode must be set to trunk. ' required: false type: bool interface_qos_rate: description: "The rate limit value configured for broadcast/multicast/unknown unicast\ \ traffic. Dictionary should have the format <type_of_traffic>: <speed>. e.g. unknown-unicast:\ \ 100pps\n broadcast: 200kbps\n multicast: 200pps\n" required: false type: dict port_security_macs: description: 'List of allowed MAC addresses (aoscx connection). Only valid when port_security is enabled. ' elements: str required: false type: list port_security_enable: description: Enable port security in this interface (aoscx connection). required: false type: bool port_security_sticky_macs: description: 'Configure the sticky MAC addresses for the interface (aoscx connection). Only valid when port_security is enabled. ' elements: dict required: false suboptions: mac: description: a mac address. required: true type: str vlans: description: a list of VLAN IDs. elements: int required: true type: list type: list port_security_client_limit: description: 'Maximum amount of MACs allowed in the interface (aoscx connection). Only valid when port_security is enabled. ' required: false type: int port_security_recovery_time: description: 'Time in seconds to wait for recovery after a violation (aoscx connection). Only valid when port_security is enabled. ' required: false type: int port_security_sticky_learning: description: 'Enable sticky MAC learning (aoscx connection). Only valid when port_security is enabled. ' required: false type: bool interface_qos_schedule_profile: description: 'Attaching existing QoS schedule profile to interface. *This parameter is deprecated and will be removed in a future version. ' required: false type: dict port_security_violation_action: choices: - notify - shutdown description: 'Action to perform when a violation is detected (aoscx connection). Only valid when port_security is enabled. ' required: false type: str