Try SpotterCreate or Update or Delete Layer2 Interface configuration on AOS-CX.
| "added in version" 2.8.0 of arubanetworks.aoscx"
Authors: Aruba Networks (@ArubaNetworks)
preview | supported by certified
Install with ansible-galaxy collection install arubanetworks.aoscx:==4.3.2
collections:
- name: arubanetworks.aoscx
version: 4.3.2This modules provides configuration management of Layer2 Interfaces on AOS-CX devices, including Port Security features. For platform 8360, Port Security is supported from REST v10.09 upwards.
- name: Configure Interface 1/1/13 - set allowed MAC address
aoscx_l2_interface:
name: 1/1/13
port_security_enable: true
port_security_macs:
- AA:BB:CC:DD:EE:FF
- name: >
Configure Interface 1/1/13 - retain an allowed mac address by changing its
setting to sticky mac.
aoscx_l2_interface:
name: 1/1/13
port_security_enable: true
port_security_sticky_learning: true
port_security_sticky_macs:
- mac: AA:BB:CC:DD:EE:FF
vlans:
- 1
- 2
- 3
- name: >
Configure Interface 1/1/13 - retain an allowed mac address by changing its
setting to sticky mac.
aoscx_l2_interface:
name: 1/1/13
port_security_enable: true
port_security_sticky_learning: true
port_security_sticky_macs:
- mac: AA:BB:CC:DD:EE:FF
vlans: []
- name: >
Configure Interface 1/1/13 - set intrusion action to disable the interface
if it identifies a MAC address that is not on the allow list.
aoscx_l2_interface:
name: 1/1/13
port_security_enable: true
port_security_violation_action: shutdown
port_security_recovery_time: 60
- name: >
Configure Interface 1/1/13 - set port security to dynamically add the first
8 addresses it sees to the allowed MAC address list.
aoscx_l2_interface:
name: 1/1/13
port_security_enable: true
port_security_client_limit: 8
port_security_sticky_learning: true
- name: >
Configure Interface 1/1/3 - enable port security for a total of 10 MAC
addresses with sticky MAC learning, and two user set MAC addresses.
aoscx_l2_interface:
interface: 1/1/3
port_security_enable: true
port_security_client_limit: 10
port_security_sticky_learning: true
port_security_macs:
- 11:22:33:44:55:66
- AA:BB:CC:DD:EE:FF
- name: >
Configure Interface 1/1/13 - remove allowed MAC address AA:BB:CC:DD:EE:FF
aoscx_l2_interface:
name: 1/1/13
port_security_enable: true
port_security_macs:
- AA:BB:CC:DD:EE:FF
state: delete
- name: Configure Interface 1/1/13 - delete configuration of client limit.
aoscx_l2_interface:
name: 1/1/13
port_security_enable: true
port_security_client_limit: 2
state: delete
- name: >
Configure Interface 1/1/13 - delete configuration of recovery time.
aoscx_l2_interface:
name: 1/1/13
port_security_enable: true
port_security_recovery_time: 60
state: delete
- name: Configure Interface 1/1/13 - disable port security.
aoscx_l2_interface:
name: 1/1/13
port_security_enable: false
- name: >
Configure Interface 1/1/2 - enable interface and vsx-sync features
IMPORTANT NOTE: the aoscx_interface module is needed to enable the
interface and set the VSX features to be synced.
aoscx_interface:
name: 1/1/2
enabled: true
vsx_sync:
- acl
- irdp
- qos
- rate_limits
- vlan
- vsx_virtual
- name: Configure Interface 1/1/3 - vlan trunk allowed all
aoscx_l2_interface:
interface: 1/1/3
vlan_mode: trunk
trunk_allowed_all: true
- name: Delete Interface 1/1/3
aoscx_l2_interface:
interface: 1/1/3
state: delete
- name: Configure Interface 1/1/1 - vlan trunk allowed 200
aoscx_l2_interface:
interface: 1/1/1
vlan_mode: trunk
vlan_trunks: 200
- name: Configure Interface 1/1/1 - vlan trunk allowed 200,300
aoscx_l2_interface:
interface: 1/1/1
vlan_mode: trunk
vlan_trunks:
- 200
- 300
- name: >
Configure Interface 1/1/1 - vlan trunks allowed 200, 300, vlan trunk native
200.
aoscx_l2_interface:
interface: 1/1/3
vlan_mode: trunk
vlan_trunks:
- 200
- 300
native_vlan_id: '200'
- name: Configure Interface 1/1/4 - vlan access 200
aoscx_l2_interface:
interface: 1/1/4
vlan_mode: access
vlan_access: '200'
- name: >
Configure Interface 1/1/5 - vlan trunk allowed all, vlan trunk native 200
tag.
aoscx_l2_interface:
interface: 1/1/5
vlan_mode: trunk
trunk_allowed_all: true
native_vlan_id: '200'
native_vlan_tag: true
- name: >
Configure Interface 1/1/6 - vlan trunk allowed all, vlan trunk native 200.
aoscx_l2_interface:
interface: 1/1/6
vlan_mode: trunk
trunk_allowed_all: true
native_vlan_id: '200'
state:
choices:
- create
- update
- delete
default: create
description: Create, Update, or Delete Layer2 Interface.
required: false
type: str
interface:
description: 'Interface name, should be in the format chassis/slot/port, i.e. 1/2/3,
1/1/32. Please note, if the interface is a Layer3 interface in the existing configuration
and the user wants to change the interface to be Layer2, the user must delete the
L3 interface then recreate the interface as a Layer2.
'
required: true
type: str
vlan_mode:
choices:
- access
- trunk
description: VLAN mode on interface, access or trunk.
required: false
type: str
description:
description: Description of interface.
required: false
type: str
vlan_access:
description: Access VLAN ID, vlan_mode must be set to access.
required: false
type: str
vlan_trunks:
description: List of trunk VLAN IDs, vlan_mode must be set to trunk.
elements: str
required: false
type: list
native_vlan_id:
description: VLAN trunk native VLAN ID, vlan_mode must be set to trunk.
required: false
type: str
native_vlan_tag:
description: 'Flag for accepting only tagged packets on VLAN trunk native, vlan_mode
must be set to trunk.
'
required: false
type: bool
trunk_allowed_all:
description: 'Flag for vlan trunk allowed all on L2 interface, vlan_mode must be set
to trunk.
'
required: false
type: bool
interface_qos_rate:
description: "The rate limit value configured for broadcast/multicast/unknown unicast\
\ traffic. Dictionary should have the format <type_of_traffic>: <speed>. e.g. unknown-unicast:\
\ 100pps\n broadcast: 200kbps\n multicast: 200pps\n"
required: false
type: dict
port_security_macs:
description: 'List of allowed MAC addresses (aoscx connection). Only valid when port_security
is enabled.
'
elements: str
required: false
type: list
port_security_enable:
description: Enable port security in this interface (aoscx connection).
required: false
type: bool
port_security_sticky_macs:
description: 'Configure the sticky MAC addresses for the interface (aoscx connection).
Only valid when port_security is enabled.
'
elements: dict
required: false
suboptions:
mac:
description: a mac address.
required: true
type: str
vlans:
description: a list of VLAN IDs.
elements: int
required: true
type: list
type: list
port_security_client_limit:
description: 'Maximum amount of MACs allowed in the interface (aoscx connection).
Only valid when port_security is enabled.
'
required: false
type: int
port_security_recovery_time:
description: 'Time in seconds to wait for recovery after a violation (aoscx connection).
Only valid when port_security is enabled.
'
required: false
type: int
port_security_sticky_learning:
description: 'Enable sticky MAC learning (aoscx connection). Only valid when port_security
is enabled.
'
required: false
type: bool
interface_qos_schedule_profile:
description: 'Attaching existing QoS schedule profile to interface. *This parameter
is deprecated and will be removed in a future version.
'
required: false
type: dict
port_security_violation_action:
choices:
- notify
- shutdown
description: 'Action to perform when a violation is detected (aoscx connection). Only
valid when port_security is enabled.
'
required: false
type: str