cisco / cisco.meraki / 2.18.0 / module / networks_switch_access_policies Resource module for networks _switch _accesspolicies | "added in version" 2.16.0 of cisco.meraki" Authors: Francisco Munoz (@fmunoz) This plugin has a corresponding action plugin.cisco.meraki.networks_switch_access_policies (2.18.0) — module
Install with ansible-galaxy collection install cisco.meraki:==2.18.0
collections: - name: cisco.meraki version: 2.18.0
Manage operations create, update and delete of the resource networks _switch _accesspolicies.
Create an access policy for a switch network. If you would like to enable Meraki Authentication, set radiusServers to empty array.
Delete an access policy for a switch network.
Update an access policy for a switch network. If you would like to enable Meraki Authentication, set radiusServers to empty array.
- name: Create cisco.meraki.networks_switch_access_policies: meraki_api_key: "{{meraki_api_key}}" meraki_base_url: "{{meraki_base_url}}" meraki_single_request_timeout: "{{meraki_single_request_timeout}}" meraki_certificate_path: "{{meraki_certificate_path}}" meraki_requests_proxy: "{{meraki_requests_proxy}}" meraki_wait_on_rate_limit: "{{meraki_wait_on_rate_limit}}" meraki_nginx_429_retry_wait_time: "{{meraki_nginx_429_retry_wait_time}}" meraki_action_batch_retry_wait_time: "{{meraki_action_batch_retry_wait_time}}" meraki_retry_4xx_error: "{{meraki_retry_4xx_error}}" meraki_retry_4xx_error_wait_time: "{{meraki_retry_4xx_error_wait_time}}" meraki_maximum_retries: "{{meraki_maximum_retries}}" meraki_output_log: "{{meraki_output_log}}" meraki_log_file_prefix: "{{meraki_log_file_prefix}}" meraki_log_path: "{{meraki_log_path}}" meraki_print_console: "{{meraki_print_console}}" meraki_suppress_logging: "{{meraki_suppress_logging}}" meraki_simulate: "{{meraki_simulate}}" meraki_be_geo_id: "{{meraki_be_geo_id}}" meraki_use_iterator_for_get_pages: "{{meraki_use_iterator_for_get_pages}}" meraki_inherit_logging_config: "{{meraki_inherit_logging_config}}" state: present accessPolicyType: Hybrid authentication dot1x: controlDirection: inbound guestPortBouncing: false guestVlanId: 100 hostMode: Single-Host increaseAccessSpeed: false name: 'Access policy #1' networkId: string radius: criticalAuth: dataVlanId: 100 suspendPortBounce: true voiceVlanId: 100 failedAuthVlanId: 100 reAuthenticationInterval: 120 radiusAccountingEnabled: true radiusAccountingServers: - host: 1.2.3.4 port: 22 secret: secret radiusCoaSupportEnabled: false radiusGroupAttribute: '11' radiusServers: - host: 1.2.3.4 port: 22 secret: secret radiusTestingEnabled: false urlRedirectWalledGardenEnabled: true urlRedirectWalledGardenRanges: - 192.168.1.0/24 voiceVlanClients: true
- name: Delete by id cisco.meraki.networks_switch_access_policies: meraki_api_key: "{{meraki_api_key}}" meraki_base_url: "{{meraki_base_url}}" meraki_single_request_timeout: "{{meraki_single_request_timeout}}" meraki_certificate_path: "{{meraki_certificate_path}}" meraki_requests_proxy: "{{meraki_requests_proxy}}" meraki_wait_on_rate_limit: "{{meraki_wait_on_rate_limit}}" meraki_nginx_429_retry_wait_time: "{{meraki_nginx_429_retry_wait_time}}" meraki_action_batch_retry_wait_time: "{{meraki_action_batch_retry_wait_time}}" meraki_retry_4xx_error: "{{meraki_retry_4xx_error}}" meraki_retry_4xx_error_wait_time: "{{meraki_retry_4xx_error_wait_time}}" meraki_maximum_retries: "{{meraki_maximum_retries}}" meraki_output_log: "{{meraki_output_log}}" meraki_log_file_prefix: "{{meraki_log_file_prefix}}" meraki_log_path: "{{meraki_log_path}}" meraki_print_console: "{{meraki_print_console}}" meraki_suppress_logging: "{{meraki_suppress_logging}}" meraki_simulate: "{{meraki_simulate}}" meraki_be_geo_id: "{{meraki_be_geo_id}}" meraki_use_iterator_for_get_pages: "{{meraki_use_iterator_for_get_pages}}" meraki_inherit_logging_config: "{{meraki_inherit_logging_config}}" state: absent accessPolicyNumber: string networkId: string
- name: Update by id cisco.meraki.networks_switch_access_policies: meraki_api_key: "{{meraki_api_key}}" meraki_base_url: "{{meraki_base_url}}" meraki_single_request_timeout: "{{meraki_single_request_timeout}}" meraki_certificate_path: "{{meraki_certificate_path}}" meraki_requests_proxy: "{{meraki_requests_proxy}}" meraki_wait_on_rate_limit: "{{meraki_wait_on_rate_limit}}" meraki_nginx_429_retry_wait_time: "{{meraki_nginx_429_retry_wait_time}}" meraki_action_batch_retry_wait_time: "{{meraki_action_batch_retry_wait_time}}" meraki_retry_4xx_error: "{{meraki_retry_4xx_error}}" meraki_retry_4xx_error_wait_time: "{{meraki_retry_4xx_error_wait_time}}" meraki_maximum_retries: "{{meraki_maximum_retries}}" meraki_output_log: "{{meraki_output_log}}" meraki_log_file_prefix: "{{meraki_log_file_prefix}}" meraki_log_path: "{{meraki_log_path}}" meraki_print_console: "{{meraki_print_console}}" meraki_suppress_logging: "{{meraki_suppress_logging}}" meraki_simulate: "{{meraki_simulate}}" meraki_be_geo_id: "{{meraki_be_geo_id}}" meraki_use_iterator_for_get_pages: "{{meraki_use_iterator_for_get_pages}}" meraki_inherit_logging_config: "{{meraki_inherit_logging_config}}" state: present accessPolicyNumber: string accessPolicyType: Hybrid authentication dot1x: controlDirection: inbound guestPortBouncing: false guestVlanId: 100 hostMode: Single-Host increaseAccessSpeed: false name: 'Access policy #1' networkId: string radius: criticalAuth: dataVlanId: 100 suspendPortBounce: true voiceVlanId: 100 failedAuthVlanId: 100 reAuthenticationInterval: 120 radiusAccountingEnabled: true radiusAccountingServers: - host: 1.2.3.4 port: 22 secret: secret radiusCoaSupportEnabled: false radiusGroupAttribute: '11' radiusServers: - host: 1.2.3.4 port: 22 secret: secret radiusTestingEnabled: false urlRedirectWalledGardenEnabled: true urlRedirectWalledGardenRanges: - 192.168.1.0/24 voiceVlanClients: true
name: description: Name of the access policy. type: str dot1x: description: 802.1x Settings. suboptions: controlDirection: description: Supports either 'both' or 'inbound'. Set to 'inbound' to allow unauthorized egress on the switchport. Set to 'both' to control both traffic directions with authorization. Defaults to 'both'. type: str type: dict radius: description: Object for RADIUS Settings. suboptions: criticalAuth: description: Critical auth settings for when authentication is rejected by the RADIUS server. suboptions: dataVlanId: description: VLAN that clients who use data will be placed on when RADIUS authentication fails. Will be null if hostMode is Multi-Auth. type: int suspendPortBounce: description: Enable to suspend port bounce when RADIUS servers are unreachable. type: bool voiceVlanId: description: VLAN that clients who use voice will be placed on when RADIUS authentication fails. Will be null if hostMode is Multi-Auth. type: int type: dict failedAuthVlanId: description: VLAN that clients will be placed on when RADIUS authentication fails. Will be null if hostMode is Multi-Auth. type: int reAuthenticationInterval: description: Re-authentication period in seconds. Will be null if hostMode is Multi-Auth. type: int type: dict hostMode: description: Choose the Host Mode for the access policy. type: str networkId: description: NetworkId path parameter. Network ID. type: str guestVlanId: description: ID for the guest VLAN allow unauthorized devices access to limited network resources. type: int meraki_caller: default: '' description: - meraki_caller (string), optional identifier for API usage tracking; can also be set as an environment variable MERAKI_PYTHON_SDK_CALLER type: str radiusServers: description: List of RADIUS servers to require connecting devices to authenticate against before granting network access. elements: dict suboptions: host: description: Public IP address of the RADIUS server. type: str port: description: UDP port that the RADIUS server listens on for access requests. type: int secret: description: RADIUS client shared secret. type: str type: list meraki_api_key: description: - meraki_api_key (string), API key generated in dashboard; can also be set as an environment variable MERAKI_DASHBOARD_API_KEY required: true type: str meraki_base_url: default: https://api.meraki.com/api/v1 description: - meraki_base_url (string), preceding all endpoint resources type: str meraki_log_path: default: '' description: - log_path (string), path to output log; by default, working directory of script if not specified type: str meraki_simulate: default: false description: - meraki_simulate (boolean), simulate POST/PUT/DELETE calls to prevent changes? type: bool accessPolicyType: description: Access Type of the policy. Automatically 'Hybrid authentication' when hostMode is 'Multi-Domain'. type: str meraki_be_geo_id: default: '' description: - meraki_be_geo_id (string), optional partner identifier for API usage tracking; can also be set as an environment variable BE_GEO_ID type: str voiceVlanClients: description: CDP/LLDP capable voice clients will be able to use this VLAN. Automatically true when hostMode is 'Multi-Domain'. type: bool guestPortBouncing: description: If enabled, Meraki devices will periodically send access-request messages to these RADIUS servers. type: bool meraki_output_log: default: true description: - meraki_output_log (boolean), create an output log file? type: bool accessPolicyNumber: description: AccessPolicyNumber path parameter. Access policy number. type: str increaseAccessSpeed: description: Enabling this option will make switches execute 802.1X and MAC-bypass authentication simultaneously so that clients authenticate faster. Only required when accessPolicyType is 'Hybrid Authentication. type: bool meraki_print_console: default: true description: - meraki_print_console (boolean), print logging output to console? type: bool radiusGroupAttribute: description: Acceptable values are `""` for None, or `"11"` for Group Policies ACL. type: str radiusTestingEnabled: description: If enabled, Meraki devices will periodically send access-request messages to these RADIUS servers. type: bool meraki_requests_proxy: default: '' description: - meraki_requests_proxy (string), proxy server and port, if needed, for HTTPS type: str meraki_log_file_prefix: default: meraki_api_ description: - meraki_log_file_prefix (string), log file name appended with date and timestamp type: str meraki_maximum_retries: default: 2 description: - meraki_maximum_retries (integer), retry up to this many times when encountering 429s or other server-side errors type: int meraki_retry_4xx_error: default: false description: - meraki_retry_4xx_error (boolean), retry if encountering other 4XX error (besides 429)? type: bool meraki_certificate_path: default: '' description: - meraki_certificate_path (string), path for TLS/SSL certificate verification if behind local proxy type: str meraki_suppress_logging: default: false description: - meraki_suppress_logging (boolean), disable all logging? you're on your own then! type: bool radiusAccountingEnabled: description: Enable to send start, interim-update and stop messages to a configured RADIUS accounting server for tracking connected clients. type: bool radiusAccountingServers: description: List of RADIUS accounting servers to require connecting devices to authenticate against before granting network access. elements: dict suboptions: host: description: Public IP address of the RADIUS accounting server. type: str port: description: UDP port that the RADIUS Accounting server listens on for access requests. type: int secret: description: RADIUS client shared secret. type: str type: list radiusCoaSupportEnabled: description: Change of authentication for RADIUS re-authentication and disconnection. type: bool meraki_wait_on_rate_limit: default: true description: - meraki_wait_on_rate_limit (boolean), retry if 429 rate limit error encountered? type: bool meraki_inherit_logging_config: default: false description: - meraki_inherit_logging_config (boolean), Inherits your own logger instance type: bool meraki_single_request_timeout: default: 60 description: - meraki_single_request_timeout (integer), maximum number of seconds for each API call type: int urlRedirectWalledGardenRanges: description: IP address ranges, in CIDR notation, to restrict access for clients to a specific set of IP addresses or hostnames prior to authentication. elements: str type: list urlRedirectWalledGardenEnabled: description: Enable to restrict access for clients to a specific set of IP addresses or hostnames prior to authentication. type: bool meraki_nginx_429_retry_wait_time: default: 60 description: - meraki_nginx_429_retry_wait_time (integer), Nginx 429 retry wait time type: int meraki_retry_4xx_error_wait_time: default: 60 description: - meraki_retry_4xx_error_wait_time (integer), other 4XX error retry wait time type: int meraki_use_iterator_for_get_pages: default: false description: - meraki_use_iterator_for_get_pages (boolean), list* methods will return an iterator with each object instead of a complete list with all items type: bool meraki_action_batch_retry_wait_time: default: 60 description: - meraki_action_batch_retry_wait_time (integer), action batch concurrency error retry wait time type: int
meraki_response: description: A dictionary or list with the response returned by the Cisco Meraki Python SDK returned: always sample: "{\n \"accessPolicyType\": \"string\",\n \"counts\": {\n \"ports\"\ : {\n \"withThisPolicy\": 0\n }\n },\n \"dot1x\": {\n \"controlDirection\"\ : \"string\"\n },\n \"guestPortBouncing\": true,\n \"guestVlanId\": 0,\n \"\ hostMode\": \"string\",\n \"increaseAccessSpeed\": true,\n \"name\": \"string\"\ ,\n \"radius\": {\n \"criticalAuth\": {\n \"dataVlanId\": 0,\n \"\ suspendPortBounce\": true,\n \"voiceVlanId\": 0\n },\n \"failedAuthVlanId\"\ : 0,\n \"reAuthenticationInterval\": 0\n },\n \"radiusAccountingEnabled\"\ : true,\n \"radiusAccountingServers\": [\n {\n \"host\": \"string\",\n\ \ \"port\": 0\n }\n ],\n \"radiusCoaSupportEnabled\": true,\n \"radiusGroupAttribute\"\ : \"string\",\n \"radiusServers\": [\n {\n \"host\": \"string\",\n \ \ \"port\": 0\n }\n ],\n \"radiusTestingEnabled\": true,\n \"urlRedirectWalledGardenEnabled\"\ : true,\n \"urlRedirectWalledGardenRanges\": [\n \"string\"\n ],\n \"voiceVlanClients\"\ : true\n}\n" type: dict