Try SpotterResource module for networks _switch _accesspolicies
| "added in version" 2.16.0 of cisco.meraki"
Authors: Francisco Munoz (@fmunoz)
This plugin has a corresponding action plugin.
Install with ansible-galaxy collection install cisco.meraki:==2.18.0
collections:
- name: cisco.meraki
version: 2.18.0Manage operations create, update and delete of the resource networks _switch _accesspolicies.
Create an access policy for a switch network. If you would like to enable Meraki Authentication, set radiusServers to empty array.
Delete an access policy for a switch network.
Update an access policy for a switch network. If you would like to enable Meraki Authentication, set radiusServers to empty array.
- name: Create
cisco.meraki.networks_switch_access_policies:
meraki_api_key: "{{meraki_api_key}}"
meraki_base_url: "{{meraki_base_url}}"
meraki_single_request_timeout: "{{meraki_single_request_timeout}}"
meraki_certificate_path: "{{meraki_certificate_path}}"
meraki_requests_proxy: "{{meraki_requests_proxy}}"
meraki_wait_on_rate_limit: "{{meraki_wait_on_rate_limit}}"
meraki_nginx_429_retry_wait_time: "{{meraki_nginx_429_retry_wait_time}}"
meraki_action_batch_retry_wait_time: "{{meraki_action_batch_retry_wait_time}}"
meraki_retry_4xx_error: "{{meraki_retry_4xx_error}}"
meraki_retry_4xx_error_wait_time: "{{meraki_retry_4xx_error_wait_time}}"
meraki_maximum_retries: "{{meraki_maximum_retries}}"
meraki_output_log: "{{meraki_output_log}}"
meraki_log_file_prefix: "{{meraki_log_file_prefix}}"
meraki_log_path: "{{meraki_log_path}}"
meraki_print_console: "{{meraki_print_console}}"
meraki_suppress_logging: "{{meraki_suppress_logging}}"
meraki_simulate: "{{meraki_simulate}}"
meraki_be_geo_id: "{{meraki_be_geo_id}}"
meraki_use_iterator_for_get_pages: "{{meraki_use_iterator_for_get_pages}}"
meraki_inherit_logging_config: "{{meraki_inherit_logging_config}}"
state: present
accessPolicyType: Hybrid authentication
dot1x:
controlDirection: inbound
guestPortBouncing: false
guestVlanId: 100
hostMode: Single-Host
increaseAccessSpeed: false
name: 'Access policy #1'
networkId: string
radius:
criticalAuth:
dataVlanId: 100
suspendPortBounce: true
voiceVlanId: 100
failedAuthVlanId: 100
reAuthenticationInterval: 120
radiusAccountingEnabled: true
radiusAccountingServers:
- host: 1.2.3.4
port: 22
secret: secret
radiusCoaSupportEnabled: false
radiusGroupAttribute: '11'
radiusServers:
- host: 1.2.3.4
port: 22
secret: secret
radiusTestingEnabled: false
urlRedirectWalledGardenEnabled: true
urlRedirectWalledGardenRanges:
- 192.168.1.0/24
voiceVlanClients: true
- name: Delete by id
cisco.meraki.networks_switch_access_policies:
meraki_api_key: "{{meraki_api_key}}"
meraki_base_url: "{{meraki_base_url}}"
meraki_single_request_timeout: "{{meraki_single_request_timeout}}"
meraki_certificate_path: "{{meraki_certificate_path}}"
meraki_requests_proxy: "{{meraki_requests_proxy}}"
meraki_wait_on_rate_limit: "{{meraki_wait_on_rate_limit}}"
meraki_nginx_429_retry_wait_time: "{{meraki_nginx_429_retry_wait_time}}"
meraki_action_batch_retry_wait_time: "{{meraki_action_batch_retry_wait_time}}"
meraki_retry_4xx_error: "{{meraki_retry_4xx_error}}"
meraki_retry_4xx_error_wait_time: "{{meraki_retry_4xx_error_wait_time}}"
meraki_maximum_retries: "{{meraki_maximum_retries}}"
meraki_output_log: "{{meraki_output_log}}"
meraki_log_file_prefix: "{{meraki_log_file_prefix}}"
meraki_log_path: "{{meraki_log_path}}"
meraki_print_console: "{{meraki_print_console}}"
meraki_suppress_logging: "{{meraki_suppress_logging}}"
meraki_simulate: "{{meraki_simulate}}"
meraki_be_geo_id: "{{meraki_be_geo_id}}"
meraki_use_iterator_for_get_pages: "{{meraki_use_iterator_for_get_pages}}"
meraki_inherit_logging_config: "{{meraki_inherit_logging_config}}"
state: absent
accessPolicyNumber: string
networkId: string
- name: Update by id
cisco.meraki.networks_switch_access_policies:
meraki_api_key: "{{meraki_api_key}}"
meraki_base_url: "{{meraki_base_url}}"
meraki_single_request_timeout: "{{meraki_single_request_timeout}}"
meraki_certificate_path: "{{meraki_certificate_path}}"
meraki_requests_proxy: "{{meraki_requests_proxy}}"
meraki_wait_on_rate_limit: "{{meraki_wait_on_rate_limit}}"
meraki_nginx_429_retry_wait_time: "{{meraki_nginx_429_retry_wait_time}}"
meraki_action_batch_retry_wait_time: "{{meraki_action_batch_retry_wait_time}}"
meraki_retry_4xx_error: "{{meraki_retry_4xx_error}}"
meraki_retry_4xx_error_wait_time: "{{meraki_retry_4xx_error_wait_time}}"
meraki_maximum_retries: "{{meraki_maximum_retries}}"
meraki_output_log: "{{meraki_output_log}}"
meraki_log_file_prefix: "{{meraki_log_file_prefix}}"
meraki_log_path: "{{meraki_log_path}}"
meraki_print_console: "{{meraki_print_console}}"
meraki_suppress_logging: "{{meraki_suppress_logging}}"
meraki_simulate: "{{meraki_simulate}}"
meraki_be_geo_id: "{{meraki_be_geo_id}}"
meraki_use_iterator_for_get_pages: "{{meraki_use_iterator_for_get_pages}}"
meraki_inherit_logging_config: "{{meraki_inherit_logging_config}}"
state: present
accessPolicyNumber: string
accessPolicyType: Hybrid authentication
dot1x:
controlDirection: inbound
guestPortBouncing: false
guestVlanId: 100
hostMode: Single-Host
increaseAccessSpeed: false
name: 'Access policy #1'
networkId: string
radius:
criticalAuth:
dataVlanId: 100
suspendPortBounce: true
voiceVlanId: 100
failedAuthVlanId: 100
reAuthenticationInterval: 120
radiusAccountingEnabled: true
radiusAccountingServers:
- host: 1.2.3.4
port: 22
secret: secret
radiusCoaSupportEnabled: false
radiusGroupAttribute: '11'
radiusServers:
- host: 1.2.3.4
port: 22
secret: secret
radiusTestingEnabled: false
urlRedirectWalledGardenEnabled: true
urlRedirectWalledGardenRanges:
- 192.168.1.0/24
voiceVlanClients: true
name:
description: Name of the access policy.
type: str
dot1x:
description: 802.1x Settings.
suboptions:
controlDirection:
description: Supports either 'both' or 'inbound'. Set to 'inbound' to allow unauthorized
egress on the switchport. Set to 'both' to control both traffic directions with
authorization. Defaults to 'both'.
type: str
type: dict
radius:
description: Object for RADIUS Settings.
suboptions:
criticalAuth:
description: Critical auth settings for when authentication is rejected by the
RADIUS server.
suboptions:
dataVlanId:
description: VLAN that clients who use data will be placed on when RADIUS
authentication fails. Will be null if hostMode is Multi-Auth.
type: int
suspendPortBounce:
description: Enable to suspend port bounce when RADIUS servers are unreachable.
type: bool
voiceVlanId:
description: VLAN that clients who use voice will be placed on when RADIUS
authentication fails. Will be null if hostMode is Multi-Auth.
type: int
type: dict
failedAuthVlanId:
description: VLAN that clients will be placed on when RADIUS authentication fails.
Will be null if hostMode is Multi-Auth.
type: int
reAuthenticationInterval:
description: Re-authentication period in seconds. Will be null if hostMode is
Multi-Auth.
type: int
type: dict
hostMode:
description: Choose the Host Mode for the access policy.
type: str
networkId:
description: NetworkId path parameter. Network ID.
type: str
guestVlanId:
description: ID for the guest VLAN allow unauthorized devices access to limited network
resources.
type: int
meraki_caller:
default: ''
description:
- meraki_caller (string), optional identifier for API usage tracking; can also be
set as an environment variable MERAKI_PYTHON_SDK_CALLER
type: str
radiusServers:
description: List of RADIUS servers to require connecting devices to authenticate
against before granting network access.
elements: dict
suboptions:
host:
description: Public IP address of the RADIUS server.
type: str
port:
description: UDP port that the RADIUS server listens on for access requests.
type: int
secret:
description: RADIUS client shared secret.
type: str
type: list
meraki_api_key:
description:
- meraki_api_key (string), API key generated in dashboard; can also be set as an environment
variable MERAKI_DASHBOARD_API_KEY
required: true
type: str
meraki_base_url:
default: https://api.meraki.com/api/v1
description:
- meraki_base_url (string), preceding all endpoint resources
type: str
meraki_log_path:
default: ''
description:
- log_path (string), path to output log; by default, working directory of script if
not specified
type: str
meraki_simulate:
default: false
description:
- meraki_simulate (boolean), simulate POST/PUT/DELETE calls to prevent changes?
type: bool
accessPolicyType:
description: Access Type of the policy. Automatically 'Hybrid authentication' when
hostMode is 'Multi-Domain'.
type: str
meraki_be_geo_id:
default: ''
description:
- meraki_be_geo_id (string), optional partner identifier for API usage tracking; can
also be set as an environment variable BE_GEO_ID
type: str
voiceVlanClients:
description: CDP/LLDP capable voice clients will be able to use this VLAN. Automatically
true when hostMode is 'Multi-Domain'.
type: bool
guestPortBouncing:
description: If enabled, Meraki devices will periodically send access-request messages
to these RADIUS servers.
type: bool
meraki_output_log:
default: true
description:
- meraki_output_log (boolean), create an output log file?
type: bool
accessPolicyNumber:
description: AccessPolicyNumber path parameter. Access policy number.
type: str
increaseAccessSpeed:
description: Enabling this option will make switches execute 802.1X and MAC-bypass
authentication simultaneously so that clients authenticate faster. Only required
when accessPolicyType is 'Hybrid Authentication.
type: bool
meraki_print_console:
default: true
description:
- meraki_print_console (boolean), print logging output to console?
type: bool
radiusGroupAttribute:
description: Acceptable values are `""` for None, or `"11"` for Group Policies ACL.
type: str
radiusTestingEnabled:
description: If enabled, Meraki devices will periodically send access-request messages
to these RADIUS servers.
type: bool
meraki_requests_proxy:
default: ''
description:
- meraki_requests_proxy (string), proxy server and port, if needed, for HTTPS
type: str
meraki_log_file_prefix:
default: meraki_api_
description:
- meraki_log_file_prefix (string), log file name appended with date and timestamp
type: str
meraki_maximum_retries:
default: 2
description:
- meraki_maximum_retries (integer), retry up to this many times when encountering
429s or other server-side errors
type: int
meraki_retry_4xx_error:
default: false
description:
- meraki_retry_4xx_error (boolean), retry if encountering other 4XX error (besides
429)?
type: bool
meraki_certificate_path:
default: ''
description:
- meraki_certificate_path (string), path for TLS/SSL certificate verification if behind
local proxy
type: str
meraki_suppress_logging:
default: false
description:
- meraki_suppress_logging (boolean), disable all logging? you're on your own then!
type: bool
radiusAccountingEnabled:
description: Enable to send start, interim-update and stop messages to a configured
RADIUS accounting server for tracking connected clients.
type: bool
radiusAccountingServers:
description: List of RADIUS accounting servers to require connecting devices to authenticate
against before granting network access.
elements: dict
suboptions:
host:
description: Public IP address of the RADIUS accounting server.
type: str
port:
description: UDP port that the RADIUS Accounting server listens on for access
requests.
type: int
secret:
description: RADIUS client shared secret.
type: str
type: list
radiusCoaSupportEnabled:
description: Change of authentication for RADIUS re-authentication and disconnection.
type: bool
meraki_wait_on_rate_limit:
default: true
description:
- meraki_wait_on_rate_limit (boolean), retry if 429 rate limit error encountered?
type: bool
meraki_inherit_logging_config:
default: false
description:
- meraki_inherit_logging_config (boolean), Inherits your own logger instance
type: bool
meraki_single_request_timeout:
default: 60
description:
- meraki_single_request_timeout (integer), maximum number of seconds for each API
call
type: int
urlRedirectWalledGardenRanges:
description: IP address ranges, in CIDR notation, to restrict access for clients to
a specific set of IP addresses or hostnames prior to authentication.
elements: str
type: list
urlRedirectWalledGardenEnabled:
description: Enable to restrict access for clients to a specific set of IP addresses
or hostnames prior to authentication.
type: bool
meraki_nginx_429_retry_wait_time:
default: 60
description:
- meraki_nginx_429_retry_wait_time (integer), Nginx 429 retry wait time
type: int
meraki_retry_4xx_error_wait_time:
default: 60
description:
- meraki_retry_4xx_error_wait_time (integer), other 4XX error retry wait time
type: int
meraki_use_iterator_for_get_pages:
default: false
description:
- meraki_use_iterator_for_get_pages (boolean), list* methods will return an iterator
with each object instead of a complete list with all items
type: bool
meraki_action_batch_retry_wait_time:
default: 60
description:
- meraki_action_batch_retry_wait_time (integer), action batch concurrency error retry
wait time
type: int
meraki_response:
description: A dictionary or list with the response returned by the Cisco Meraki
Python SDK
returned: always
sample: "{\n \"accessPolicyType\": \"string\",\n \"counts\": {\n \"ports\"\
: {\n \"withThisPolicy\": 0\n }\n },\n \"dot1x\": {\n \"controlDirection\"\
: \"string\"\n },\n \"guestPortBouncing\": true,\n \"guestVlanId\": 0,\n \"\
hostMode\": \"string\",\n \"increaseAccessSpeed\": true,\n \"name\": \"string\"\
,\n \"radius\": {\n \"criticalAuth\": {\n \"dataVlanId\": 0,\n \"\
suspendPortBounce\": true,\n \"voiceVlanId\": 0\n },\n \"failedAuthVlanId\"\
: 0,\n \"reAuthenticationInterval\": 0\n },\n \"radiusAccountingEnabled\"\
: true,\n \"radiusAccountingServers\": [\n {\n \"host\": \"string\",\n\
\ \"port\": 0\n }\n ],\n \"radiusCoaSupportEnabled\": true,\n \"radiusGroupAttribute\"\
: \"string\",\n \"radiusServers\": [\n {\n \"host\": \"string\",\n \
\ \"port\": 0\n }\n ],\n \"radiusTestingEnabled\": true,\n \"urlRedirectWalledGardenEnabled\"\
: true,\n \"urlRedirectWalledGardenRanges\": [\n \"string\"\n ],\n \"voiceVlanClients\"\
: true\n}\n"
type: dict