Try SpotterACLs resource module
| "added in version" 1.0.0 of cisco.nxos"
Authors: Adharsh Srivats Rangarajan (@adharshsrivatsr)
Install with ansible-galaxy collection install cisco.nxos:==7.0.0
collections:
- name: cisco.nxos
version: 7.0.0Manage named IP ACLs on the Cisco NX-OS platform
# Using merged
# Before state:
# -------------
# nxos-9k# show running-config | section '^ip(v6)* access-list'
- name: Merge provided ACLs configuration with device configuration
cisco.nxos.nxos_acls:
state: merged
config:
- afi: ipv4
acls:
- name: ACL1v4
aces:
- grant: deny
destination:
address: 192.0.2.64
wildcard_bits: 0.0.0.255
source:
any: true
port_protocol:
lt: 55
protocol: tcp
protocol_options:
tcp:
ack: true
fin: true
sequence: 50
- afi: ipv6
acls:
- name: ACL1v6
aces:
- grant: permit
sequence: 10
source:
any: true
destination:
prefix: 2001:db8:12::/32
protocol: sctp
# Task Output
# -----------
# before: []
#
# commands:
# - ip access-list ACL1v4
# - 50 deny tcp any lt 55 192.0.2.64 0.0.0.255 ack fin
# - ipv6 access-list ACL1v6
# - 10 permit sctp any 2001:db8:12::/32
#
# after:
# - acls:
# - aces:
# - destination:
# prefix: 2001:db8:12::/32
# grant: permit
# protocol: sctp
# sequence: 10
# source:
# any: true
# name: ACL1v6
# afi: ipv6
# - acls:
# - aces:
# - destination:
# address: 192.0.2.64
# wildcard_bits: 0.0.0.255
# grant: deny
# protocol: tcp
# protocol_options:
# tcp:
# ack: true
# fin: true
# sequence: 50
# source:
# any: true
# port_protocol:
# lt: '55'
# name: ACL1v4
# afi: ipv4
# After state:
# ------------
#
# nxos-9k# show running-config | section '^ip(v6)* access-list'
# ip access-list ACL1v4
# 50 deny tcp any lt 55 192.0.2.64 0.0.0.255 ack fin
# ipv6 access-list ACL1v6
# 10 permit sctp any any
# Using replaced
# Before state:
# ----------------
# nxos-9k# show running-config | section '^ip(v6)* access-list'
# ip access-list ACL1v4
# 10 permit ip any any
# 20 deny udp any any
# ip access-list ACL2v4
# 10 permit ahp 192.0.2.0 0.0.0.255 any
# ipv6 access-list ACL1v6
# 10 permit sctp any any
# 20 remark IPv6 ACL
# ipv6 access-list ACL2v6
# 10 deny ipv6 any 2001:db8:3000::/36
# 20 permit tcp 2001:db8:2000:2::2/128 2001:db8:2000:ab::2/128
- name: Replace existing ACL configuration with provided configuration
cisco.nxos.nxos_acls:
config:
- afi: ipv4
- afi: ipv6
acls:
- name: ACL1v6
aces:
- sequence: 20
grant: permit
source:
any: true
destination:
any: true
protocol: pim
- remark: Replaced ACE
- name: ACL2v6
state: replaced
# Task Output
# -----------
# before:
# - acls:
# - aces:
# - destination:
# any: true
# grant: permit
# protocol: sctp
# sequence: 10
# source:
# any: true
# - remark: IPv6 ACL
# sequence: 20
# name: ACL1v6
# - aces:
# - destination:
# prefix: 2001:db8:3000::/36
# grant: deny
# protocol: ipv6
# sequence: 10
# source:
# any: true
# - destination:
# host: 2001:db8:2000:ab::2
# grant: permit
# protocol: tcp
# sequence: 20
# source:
# host: 2001:db8:2000:2::2
# name: ACL2v6
# afi: ipv6
# - acls:
# - aces:
# - destination:
# any: true
# grant: permit
# protocol: ip
# sequence: 10
# source:
# any: true
# - destination:
# any: true
# grant: deny
# protocol: udp
# sequence: 20
# source:
# any: true
# name: ACL1v4
# - aces:
# - destination:
# any: true
# grant: permit
# protocol: ahp
# sequence: 10
# source:
# address: 192.0.2.0
# wildcard_bits: 0.0.0.255
# name: ACL2v4
# afi: ipv4
#
# commands:
# - no ip access-list ACL1v4
# - no ip access-list ACL2v4
# - ipv6 access-list ACL1v6
# - no 10 permit sctp any any
# - no 20 remark IPv6 ACL
# - remark Replaced ACE
# - 20 permit pim any any
# - ipv6 access-list ACL2v6
# - no 10 deny ipv6 any 2001:db8:3000::/36
# - no 20 permit tcp host 2001:db8:2000:2::2 host 2001:db8:2000:ab::2
#
# after:
# - acls:
# - aces:
# - remark: Replaced ACE
# sequence: 10
# - destination:
# any: true
# grant: permit
# protocol: pim
# sequence: 20
# source:
# any: true
# name: ACL1v6
# - name: ACL2v6
# afi: ipv6
# After state:
# ---------------
# nxos-9k# show running-config | section '^ip(v6)* access-list'
# ipv6 access-list ACL1v6
# 10 remark Replaced ACE
# 20 permit pim any any
# ipv6 access-list ACL2v6
# Using overridden
# Before state:
# ----------------
# nxos-9k# show running-config | section '^ip(v6)* access-list'
# ip access-list ACL1v4
# 10 permit ip any any
# 20 deny udp any any
# ip access-list ACL2v4
# 10 permit ahp 192.0.2.0 0.0.0.255 any
# ipv6 access-list ACL1v6
# 10 permit sctp any any
# 20 remark IPv6 ACL
# ipv6 access-list ACL2v6
# 10 deny ipv6 any 2001:db8:3000::/36
# 20 permit tcp 2001:db8:2000:2::2/128 2001:db8:2000:ab::2/128
- name: Override existing configuration with provided configuration
cisco.nxos.nxos_acls:
config:
- afi: ipv4
acls:
- name: NewACL
aces:
- grant: deny
source:
address: 192.0.2.0
wildcard_bits: 0.0.255.255
destination:
any: true
protocol: eigrp
- remark: Example for overridden state
state: overridden
# Task Output
# -----------
#
# before:
# - acls:
# - aces:
# - destination:
# any: true
# grant: permit
# protocol: sctp
# sequence: 10
# source:
# any: true
# - remark: IPv6 ACL
# sequence: 20
# name: ACL1v6
# - aces:
# - destination:
# prefix: 2001:db8:3000::/36
# grant: deny
# protocol: ipv6
# sequence: 10
# source:
# any: true
# - destination:
# host: 2001:db8:2000:ab::2
# grant: permit
# protocol: tcp
# sequence: 20
# source:
# host: 2001:db8:2000:2::2
# name: ACL2v6
# afi: ipv6
# - acls:
# - aces:
# - destination:
# any: true
# grant: permit
# protocol: ip
# sequence: 10
# source:
# any: true
# - destination:
# any: true
# grant: deny
# protocol: udp
# sequence: 20
# source:
# any: true
# name: ACL1v4
# - aces:
# - destination:
# any: true
# grant: permit
# protocol: ahp
# sequence: 10
# source:
# address: 192.0.2.0
# wildcard_bits: 0.0.0.255
# name: ACL2v4
# afi: ipv4
#
# commands:
# - no ipv6 access-list ACL1v6
# - no ipv6 access-list ACL2v6
# - no ip access-list ACL1v4
# - no ip access-list ACL2v4
# - ip access-list NewACL
# - deny eigrp 192.0.2.0 0.0.255.255 any
# - remark Example for overridden state
#
# after:
# - acls:
# - aces:
# - destination:
# any: true
# grant: deny
# protocol: eigrp
# sequence: 10
# source:
# address: 192.0.2.0
# wildcard_bits: 0.0.255.255
# - remark: Example for overridden state
# sequence: 20
# name: NewACL
# afi: ipv4
# After state:
# ------------
# nxos-9k# show running-config | section '^ip(v6)* access-list'
# ip access-list NewACL
# 10 deny eigrp 192.0.2.0 0.0.255.255 any
# 20 remark Example for overridden state
# Using deleted - delete all
#
# Before state:
# -------------
# nxos-9k# show running-config | section '^ip(v6)* access-list'
# ip access-list ACL1v4
# 10 permit ip any any
# 20 deny udp any any
# ip access-list ACL2v4
# 10 permit ahp 192.0.2.0 0.0.0.255 any
# ip access-list ACL1v6
# 10 permit sctp any any
# 20 remark IPv6 ACL
# ip access-list ACL2v6
# 10 deny ipv6 any 2001:db8:3000::/36
# 20 permit tcp 2001:db8:2000:2::2/128 2001:db8:2000:ab::2/128
- name: Delete all ACLs
cisco.nxos.nxos_acls:
state: deleted
# Task Output
# -----------
#
# before:
# - acls:
# - aces:
# - destination:
# any: true
# grant: permit
# protocol: sctp
# sequence: 10
# source:
# any: true
# - remark: IPv6 ACL
# sequence: 20
# name: ACL1v6
# - aces:
# - destination:
# prefix: 2001:db8:3000::/36
# grant: deny
# protocol: ipv6
# sequence: 10
# source:
# any: true
# - destination:
# host: 2001:db8:2000:ab::2
# grant: permit
# protocol: tcp
# sequence: 20
# source:
# host: 2001:db8:2000:2::2
# name: ACL2v6
# afi: ipv6
# - acls:
# - aces:
# - destination:
# any: true
# grant: permit
# protocol: ip
# sequence: 10
# source:
# any: true
# - destination:
# any: true
# grant: deny
# protocol: udp
# sequence: 20
# source:
# any: true
# name: ACL1v4
# - aces:
# - destination:
# any: true
# grant: permit
# protocol: ahp
# sequence: 10
# source:
# address: 192.0.2.0
# wildcard_bits: 0.0.0.255
# name: ACL2v4
# afi: ipv4
#
# commands:
# - no ip access-list ACL1v4
# - no ip access-list ACL2v4
# - no ipv6 access-list ACL1v6
# - no ipv6 access-list ACL2v6
#
# after: []
# After state:
# -----------
# nxos-9k# show running-config | section '^ip(v6)* access-list'
#
# Using deleted - delete AFI
# Before state:
# -------------
# nxos-9k# show running-config | section '^ip(v6)* access-list'
# ip access-list ACL1v4
# 10 permit ip any any
# 20 deny udp any any
# ip access-list ACL2v4
# 10 permit ahp 192.0.2.0 0.0.0.255 any
# ip access-list ACL1v6
# 10 permit sctp any any
# 20 remark IPv6 ACL
# ip access-list ACL2v6
# 10 deny ipv6 any 2001:db8:3000::/36
# 20 permit tcp 2001:db8:2000:2::2/128 2001:db8:2000:ab::2/128
- name: Delete all ACLs in given AFI
cisco.nxos.nxos_acls:
config:
- afi: ipv4
state: deleted
# Task Output
# -----------
#
# before:
# - acls:
# - aces:
# - destination:
# any: true
# grant: permit
# protocol: sctp
# sequence: 10
# source:
# any: true
# - remark: IPv6 ACL
# sequence: 20
# name: ACL1v6
# - aces:
# - destination:
# prefix: 2001:db8:3000::/36
# grant: deny
# protocol: ipv6
# sequence: 10
# source:
# any: true
# - destination:
# host: 2001:db8:2000:ab::2
# grant: permit
# protocol: tcp
# sequence: 20
# source:
# host: 2001:db8:2000:2::2
# name: ACL2v6
# afi: ipv6
# - acls:
# - aces:
# - destination:
# any: true
# grant: permit
# protocol: ip
# sequence: 10
# source:
# any: true
# - destination:
# any: true
# grant: deny
# protocol: udp
# sequence: 20
# source:
# any: true
# name: ACL1v4
# - aces:
# - destination:
# any: true
# grant: permit
# protocol: ahp
# sequence: 10
# source:
# address: 192.0.2.0
# wildcard_bits: 0.0.0.255
# name: ACL2v4
# afi: ipv4
#
# commands:
# - no ip access-list ACL1v4
# - no ip access-list ACL2v4
#
# after:
# - acls:
# - aces:
# - destination:
# any: true
# grant: permit
# protocol: sctp
# sequence: 10
# source:
# any: true
# - remark: IPv6 ACL
# sequence: 20
# name: ACL1v6
# - aces:
# - destination:
# prefix: 2001:db8:3000::/36
# grant: deny
# protocol: ipv6
# sequence: 10
# source:
# any: true
# - destination:
# host: 2001:db8:2000:ab::2
# grant: permit
# protocol: tcp
# sequence: 20
# source:
# host: 2001:db8:2000:2::2
# name: ACL2v6
# afi: ipv6
# After state:
# ------------
# nxos-9k# show running-config | section '^ip(v6)* access-list'
# ip access-list ACL1v6
# 10 permit sctp any any
# 20 remark IPv6 ACL
# ip access-list ACL2v6
# 10 deny ipv6 any 2001:db8:3000::/36
# 20 permit tcp 2001:db8:2000:2::2/128 2001:db8:2000:ab::2/128
# Using deleted - delete ACLs
# Before state:
# -------------
# nxos-9k# show running-config | section '^ip(v6)* access-list'
# ip access-list ACL1v4
# 10 permit ip any any
# 20 deny udp any any
# ip access-list ACL2v4
# 10 permit ahp 192.0.2.0 0.0.0.255 any
# ipv6 access-list ACL1v6
# 10 permit sctp any any
# 20 remark IPv6 ACL
# ipv6 access-list ACL2v6
# 10 deny ipv6 any 2001:db8:3000::/36
# 20 permit tcp 2001:db8:2000:2::2/128 2001:db8:2000:ab::2/128
- name: Delete specific ACLs
cisco.nxos.nxos_acls:
state: deleted
config:
- afi: ipv4
acls:
- name: ACL1v4
- name: ACL2v4
- afi: ipv6
acls:
- name: ACL1v6
# Task Output
# -----------
#
# before:
# - acls:
# - aces:
# - destination:
# any: true
# grant: permit
# protocol: sctp
# sequence: 10
# source:
# any: true
# - remark: IPv6 ACL
# sequence: 20
# name: ACL1v6
# - aces:
# - destination:
# prefix: 2001:db8:3000::/36
# grant: deny
# protocol: ipv6
# sequence: 10
# source:
# any: true
# - destination:
# host: 2001:db8:2000:ab::2
# grant: permit
# protocol: tcp
# sequence: 20
# source:
# host: 2001:db8:2000:2::2
# name: ACL2v6
# afi: ipv6
# - acls:
# - aces:
# - destination:
# any: true
# grant: permit
# protocol: ip
# sequence: 10
# source:
# any: true
# - destination:
# any: true
# grant: deny
# protocol: udp
# sequence: 20
# source:
# any: true
# name: ACL1v4
# - aces:
# - destination:
# any: true
# grant: permit
# protocol: ahp
# sequence: 10
# source:
# address: 192.0.2.0
# wildcard_bits: 0.0.0.255
# name: ACL2v4
# afi: ipv4
#
# commands:
# - no ip access-list ACL1v4
# - no ip access-list ACL2v4
# - no ipv6 access-list ACL1v6
#
# after:
# - acls:
# - aces:
# - destination:
# prefix: 2001:db8:3000::/36
# grant: deny
# protocol: ipv6
# sequence: 10
# source:
# any: true
# - destination:
# host: 2001:db8:2000:ab::2
# grant: permit
# protocol: tcp
# sequence: 20
# source:
# host: 2001:db8:2000:2::2
# name: ACL2v6
# afi: ipv6
# After state:
# ------------
# nxos-9k# show running-config | section '^ip(v6)* access-list'
# ipv6 access-list ACL2v6
# 10 deny ipv6 any 2001:db8:3000::/36
# 20 permit tcp 2001:db8:2000:2::2/128 2001:db8:2000:ab::2/128
# Using parsed
- name: Parse given config to structured data
cisco.nxos.nxos_acls:
running_config: |
ip access-list ACL1v4
50 deny tcp any lt 55 192.0.2.64 0.0.0.255 ack fin
ipv6 access-list ACL1v6
10 permit sctp any any
state: parsed
# Task Output
# ------------
#
# parsed:
# - afi: ipv4
# acls:
# - name: ACL1v4
# aces:
# - grant: deny
# destination:
# address: 192.0.2.64
# wildcard_bits: 0.0.0.255
# source:
# any: true
# port_protocol:
# lt: 55
# protocol: tcp
# protocol_options:
# tcp:
# ack: true
# fin: true
# sequence: 50
#
# - afi: ipv6
# acls:
# - name: ACL1v6
# aces:
# - grant: permit
# sequence: 10
# source:
# any: true
# destination:
# prefix: 2001:db8:12::/32
# protocol: sctp
# Using gathered:
# Before state:
# ------------
# nxos-9k# show running-config | section '^ip(v6)* access-list'
# ip access-list ACL1v4
# 50 deny tcp any lt 55 192.0.2.64 0.0.0.255 ack fin
# ipv6 access-list ACL1v6
# 10 permit sctp any any
- name: Gather existing configuration
cisco.nxos.nxos_acls:
state: gathered
# Task Output
# -----------
#
# gathered:
# - afi: ipv4
# acls:
# - name: ACL1v4
# aces:
# - grant: deny
# destination:
# address: 192.0.2.64
# wildcard_bits: 0.0.0.255
# source:
# any: true
# port_protocol:
# lt: 55
# protocol: tcp
# protocol_options:
# tcp:
# ack: true
# fin: true
# sequence: 50
# - afi: ipv6
# acls:
# - name: ACL1v6
# aces:
# - grant: permit
# sequence: 10
# source:
# any: true
# destination:
# prefix: 2001:db8:12::/32
# protocol: sctp
# Using rendered
- name: Render required configuration to be pushed to the device
cisco.nxos.nxos_acls:
config:
- afi: ipv4
acls:
- name: ACL1v4
aces:
- grant: deny
destination:
address: 192.0.2.64
wildcard_bits: 0.0.0.255
source:
any: true
port_protocol:
lt: 55
protocol: tcp
protocol_options:
tcp:
ack: true
fin: true
sequence: 50
- afi: ipv6
acls:
- name: ACL1v6
aces:
- grant: permit
sequence: 10
source:
any: true
destination:
prefix: '2001:db8:12::/32'
protocol: sctp
state: rendered
state:
choices:
- deleted
- gathered
- merged
- overridden
- rendered
- replaced
- parsed
default: merged
description:
- The state the configuration should be left in
type: str
config:
description: A dictionary of ACL options.
elements: dict
suboptions:
acls:
description: A list of the ACLs.
elements: dict
suboptions:
aces:
description: The entries within the ACL.
elements: dict
suboptions:
destination:
description: Specify the packet destination.
suboptions:
address:
description: Destination network address.
type: str
any:
description: Any destination address.
type: bool
host:
description: Host IP address.
type: str
port_protocol:
description: Specify the destination port or protocol (only for TCP
and UDP).
suboptions:
eq:
description: Match only packets on a given port number.
type: str
gt:
description: Match only packets with a greater port number.
type: str
lt:
description: Match only packets with a lower port number.
type: str
neq:
description: Match only packets not on a given port number.
type: str
range:
description: Match only packets in the range of port numbers.
suboptions:
end:
description: Specify the end of the port range.
type: str
start:
description: Specify the start of the port range.
type: str
type: dict
type: dict
prefix:
description: Destination network prefix. Only for prefixes of value
less than 31 for ipv4 and 127 for ipv6. Prefixes of 32 (ipv4) and
128 (ipv6) should be given in the 'host' key.
type: str
wildcard_bits:
description: Destination wildcard bits.
type: str
type: dict
dscp:
description: Match packets with given DSCP value.
type: str
fragments:
description: Check non-initial fragments.
type: bool
grant:
choices:
- permit
- deny
description: Action to be applied on the rule.
type: str
log:
description: Log matches against this entry.
type: bool
precedence:
description: Match packets with given precedence value.
type: str
protocol:
description: Specify the protocol.
type: str
protocol_options:
description: All possible suboptions for the protocol chosen.
suboptions:
icmp:
description: ICMP protocol options.
suboptions:
administratively_prohibited:
description: Administratively prohibited
type: bool
alternate_address:
description: Alternate address
type: bool
conversion_error:
description: Datagram conversion
type: bool
dod_host_prohibited:
description: Host prohibited
type: bool
dod_net_prohibited:
description: Net prohibited
type: bool
echo:
description: Echo (ping)
type: bool
echo_reply:
description: Echo reply
type: bool
echo_request:
description: Echo request (ping)
type: bool
general_parameter_problem:
description: Parameter problem
type: bool
host_isolated:
description: Host isolated
type: bool
host_precedence_unreachable:
description: Host unreachable for precedence
type: bool
host_redirect:
description: Host redirect
type: bool
host_tos_redirect:
description: Host redirect for TOS
type: bool
host_tos_unreachable:
description: Host unreachable for TOS
type: bool
host_unknown:
description: Host unknown
type: bool
host_unreachable:
description: Host unreachable
type: bool
information_reply:
description: Information replies
type: bool
information_request:
description: Information requests
type: bool
mask_reply:
description: Mask replies
type: bool
mask_request:
description: Mask requests
type: bool
message_code:
description: ICMP message code
type: int
message_type:
description: ICMP message type
type: int
mobile_redirect:
description: Mobile host redirect
type: bool
net_redirect:
description: Network redirect
type: bool
net_tos_redirect:
description: Net redirect for TOS
type: bool
net_tos_unreachable:
description: Network unreachable for TOS
type: bool
net_unreachable:
description: Net unreachable
type: bool
network_unknown:
description: Network unknown
type: bool
no_room_for_option:
description: Parameter required but no room
type: bool
option_missing:
description: Parameter required but not present
type: bool
packet_too_big:
description: Fragmentation needed and DF set
type: bool
parameter_problem:
description: All parameter problems
type: bool
port_unreachable:
description: Port unreachable
type: bool
precedence_unreachable:
description: Precedence cutoff
type: bool
protocol_unreachable:
description: Protocol unreachable
type: bool
reassembly_timeout:
description: Reassembly timeout
type: bool
redirect:
description: All redirects
type: bool
router_advertisement:
description: Router discovery advertisements
type: bool
router_solicitation:
description: Router discovery solicitations
type: bool
source_quench:
description: Source quenches
type: bool
source_route_failed:
description: Source route failed
type: bool
time_exceeded:
description: All time exceeded.
type: bool
timestamp_reply:
description: Timestamp replies
type: bool
timestamp_request:
description: Timestamp requests
type: bool
traceroute:
description: Traceroute
type: bool
ttl_exceeded:
description: TTL exceeded
type: bool
unreachable:
description: All unreachables
type: bool
type: dict
icmpv6:
description: ICMPv6 protocol options.
suboptions:
beyond_scope:
description: Destination beyond scope.
type: bool
destination_unreachable:
description: Destination address is unreachable.
type: bool
echo_reply:
description: Echo reply.
type: bool
echo_request:
description: Echo request (ping).
type: bool
fragments:
description: Check non-initial fragments.
type: bool
header:
description: Parameter header problem.
type: bool
hop_limit:
description: Hop limit exceeded in transit.
type: bool
mld_query:
description: Multicast Listener Discovery Query.
type: bool
mld_reduction:
description: Multicast Listener Discovery Reduction.
type: bool
mld_report:
description: Multicast Listener Discovery Report.
type: bool
mldv2:
description: Multicast Listener Discovery Protocol.
type: bool
nd_na:
description: Neighbor discovery neighbor advertisements.
type: bool
nd_ns:
description: Neighbor discovery neighbor solicitations.
type: bool
next_header:
description: Parameter next header problems.
type: bool
no_admin:
description: Administration prohibited destination.
type: bool
no_route:
description: No route to destination.
type: bool
packet_too_big:
description: Packet too big.
type: bool
parameter_option:
description: Parameter option problems.
type: bool
parameter_problem:
description: All parameter problems.
type: bool
port_unreachable:
description: Port unreachable.
type: bool
reassembly_timeout:
description: Reassembly timeout.
type: bool
renum_command:
description: Router renumbering command.
type: bool
renum_result:
description: Router renumbering result.
type: bool
renum_seq_number:
description: Router renumbering sequence number reset.
type: bool
router_advertisement:
description: Neighbor discovery router advertisements.
type: bool
router_renumbering:
description: All router renumbering.
type: bool
router_solicitation:
description: Neighbor discovery router solicitations.
type: bool
telemetry_path:
description: IPT enabled.
type: bool
telemetry_queue:
description: Flow of interest for BDC/HDC.
type: bool
time_exceeded:
description: All time exceeded.
type: bool
unreachable:
description: All unreachable.
type: bool
type: dict
igmp:
description: IGMP protocol options.
suboptions:
dvmrp:
description: Distance Vector Multicast Routing Protocol
type: bool
host_query:
description: Host Query
type: bool
host_report:
description: Host Report
type: bool
type: dict
tcp:
description: TCP flags.
suboptions:
ack:
description: Match on the ACK bit
type: bool
established:
description: Match established connections
type: bool
fin:
description: Match on the FIN bit
type: bool
psh:
description: Match on the PSH bit
type: bool
rst:
description: Match on the RST bit
type: bool
syn:
description: Match on the SYN bit
type: bool
urg:
description: Match on the URG bit
type: bool
type: dict
type: dict
remark:
description: Access list entry comment.
type: str
sequence:
description: Sequence number.
type: int
source:
description: Specify the packet source.
suboptions:
address:
description: Source network address.
type: str
any:
description: Any source address.
type: bool
host:
description: Host IP address.
type: str
port_protocol:
description: Specify the destination port or protocol (only for TCP
and UDP).
suboptions:
eq:
description: Match only packets on a given port number.
type: str
gt:
description: Match only packets with a greater port number.
type: str
lt:
description: Match only packets with a lower port number.
type: str
neq:
description: Match only packets not on a given port number.
type: str
range:
description: Match only packets in the range of port numbers.
suboptions:
end:
description: Specify the end of the port range.
type: str
start:
description: Specify the start of the port range.
type: str
type: dict
type: dict
prefix:
description: Source network prefix. Only for prefixes of mask value
less than 31 for ipv4 and 127 for ipv6. Prefixes of mask 32 (ipv4)
and 128 (ipv6) should be given in the 'host' key.
type: str
wildcard_bits:
description: Source wildcard bits.
type: str
type: dict
type: list
name:
description: Name of the ACL.
required: true
type: str
type: list
afi:
choices:
- ipv4
- ipv6
description: The Address Family Indicator (AFI) for the ACL.
required: true
type: str
type: list
running_config:
description:
- This option is used only with state I(parsed).
- The value of this option should be the output received from the NX-OS device by
executing the command B(show running-config | section 'ip(v6)* access-list).
- The state I(parsed) reads the configuration from C(running_config) option and transforms
it into Ansible structured data as per the resource module's argspec and the value
is then returned in the I(parsed) key within the result.
type: str
after:
description: The resulting configuration model invocation.
returned: when changed
sample: "The configuration returned will always be in the same format\n of the parameters\
\ above.\n"
type: dict
before:
description: The configuration prior to the model invocation.
returned: always
sample: "The configuration returned will always be in the same format\n of the parameters\
\ above.\n"
type: dict
commands:
description: The set of commands pushed to the remote device.
returned: always
sample:
- ip access-list ACL1v4
- 10 permit ip any any precedence critical log
- 20 deny tcp any lt smtp host 192.0.2.64 ack fin
type: list
gathered:
description: Facts about the network resource gathered from the remote device as
structured data.
returned: when I(state) is C(gathered)
sample: 'This output will always be in the same format as the module argspec.
'
type: list
parsed:
description: The device native config provided in I(running_config) option parsed
into structured data as per module argspec.
returned: when I(state) is C(parsed)
sample: 'This output will always be in the same format as the module argspec.
'
type: list
rendered:
description: The provided configuration in the task rendered in device-native format
(offline).
returned: when I(state) is C(rendered)
sample:
- ip access-list ACL1v4
- 10 permit ip any any precedence critical log
- 20 deny tcp any lt smtp host 192.0.2.64 ack fin
type: list