cisco / cisco.nxos / 7.0.0 / module / nxos_acls ACLs resource module | "added in version" 1.0.0 of cisco.nxos" Authors: Adharsh Srivats Rangarajan (@adharshsrivatsr)cisco.nxos.nxos_acls (7.0.0) — module
Install with ansible-galaxy collection install cisco.nxos:==7.0.0
collections: - name: cisco.nxos version: 7.0.0
Manage named IP ACLs on the Cisco NX-OS platform
# Using merged # Before state: # ------------- # nxos-9k# show running-config | section '^ip(v6)* access-list' - name: Merge provided ACLs configuration with device configuration cisco.nxos.nxos_acls: state: merged config: - afi: ipv4 acls: - name: ACL1v4 aces: - grant: deny destination: address: 192.0.2.64 wildcard_bits: 0.0.0.255 source: any: true port_protocol: lt: 55 protocol: tcp protocol_options: tcp: ack: true fin: true sequence: 50 - afi: ipv6 acls: - name: ACL1v6 aces: - grant: permit sequence: 10 source: any: true destination: prefix: 2001:db8:12::/32 protocol: sctp
# Task Output # ----------- # before: [] # # commands: # - ip access-list ACL1v4 # - 50 deny tcp any lt 55 192.0.2.64 0.0.0.255 ack fin # - ipv6 access-list ACL1v6 # - 10 permit sctp any 2001:db8:12::/32 # # after: # - acls: # - aces: # - destination: # prefix: 2001:db8:12::/32 # grant: permit # protocol: sctp # sequence: 10 # source: # any: true # name: ACL1v6 # afi: ipv6 # - acls: # - aces: # - destination: # address: 192.0.2.64 # wildcard_bits: 0.0.0.255 # grant: deny # protocol: tcp # protocol_options: # tcp: # ack: true # fin: true # sequence: 50 # source: # any: true # port_protocol: # lt: '55' # name: ACL1v4 # afi: ipv4 # After state: # ------------ # # nxos-9k# show running-config | section '^ip(v6)* access-list' # ip access-list ACL1v4 # 50 deny tcp any lt 55 192.0.2.64 0.0.0.255 ack fin # ipv6 access-list ACL1v6 # 10 permit sctp any any # Using replaced # Before state: # ---------------- # nxos-9k# show running-config | section '^ip(v6)* access-list' # ip access-list ACL1v4 # 10 permit ip any any # 20 deny udp any any # ip access-list ACL2v4 # 10 permit ahp 192.0.2.0 0.0.0.255 any # ipv6 access-list ACL1v6 # 10 permit sctp any any # 20 remark IPv6 ACL # ipv6 access-list ACL2v6 # 10 deny ipv6 any 2001:db8:3000::/36 # 20 permit tcp 2001:db8:2000:2::2/128 2001:db8:2000:ab::2/128 - name: Replace existing ACL configuration with provided configuration cisco.nxos.nxos_acls: config: - afi: ipv4 - afi: ipv6 acls: - name: ACL1v6 aces: - sequence: 20 grant: permit source: any: true destination: any: true protocol: pim - remark: Replaced ACE - name: ACL2v6 state: replaced
# Task Output # ----------- # before: # - acls: # - aces: # - destination: # any: true # grant: permit # protocol: sctp # sequence: 10 # source: # any: true # - remark: IPv6 ACL # sequence: 20 # name: ACL1v6 # - aces: # - destination: # prefix: 2001:db8:3000::/36 # grant: deny # protocol: ipv6 # sequence: 10 # source: # any: true # - destination: # host: 2001:db8:2000:ab::2 # grant: permit # protocol: tcp # sequence: 20 # source: # host: 2001:db8:2000:2::2 # name: ACL2v6 # afi: ipv6 # - acls: # - aces: # - destination: # any: true # grant: permit # protocol: ip # sequence: 10 # source: # any: true # - destination: # any: true # grant: deny # protocol: udp # sequence: 20 # source: # any: true # name: ACL1v4 # - aces: # - destination: # any: true # grant: permit # protocol: ahp # sequence: 10 # source: # address: 192.0.2.0 # wildcard_bits: 0.0.0.255 # name: ACL2v4 # afi: ipv4 # # commands: # - no ip access-list ACL1v4 # - no ip access-list ACL2v4 # - ipv6 access-list ACL1v6 # - no 10 permit sctp any any # - no 20 remark IPv6 ACL # - remark Replaced ACE # - 20 permit pim any any # - ipv6 access-list ACL2v6 # - no 10 deny ipv6 any 2001:db8:3000::/36 # - no 20 permit tcp host 2001:db8:2000:2::2 host 2001:db8:2000:ab::2 # # after: # - acls: # - aces: # - remark: Replaced ACE # sequence: 10 # - destination: # any: true # grant: permit # protocol: pim # sequence: 20 # source: # any: true # name: ACL1v6 # - name: ACL2v6 # afi: ipv6 # After state: # --------------- # nxos-9k# show running-config | section '^ip(v6)* access-list' # ipv6 access-list ACL1v6 # 10 remark Replaced ACE # 20 permit pim any any # ipv6 access-list ACL2v6 # Using overridden # Before state: # ---------------- # nxos-9k# show running-config | section '^ip(v6)* access-list' # ip access-list ACL1v4 # 10 permit ip any any # 20 deny udp any any # ip access-list ACL2v4 # 10 permit ahp 192.0.2.0 0.0.0.255 any # ipv6 access-list ACL1v6 # 10 permit sctp any any # 20 remark IPv6 ACL # ipv6 access-list ACL2v6 # 10 deny ipv6 any 2001:db8:3000::/36 # 20 permit tcp 2001:db8:2000:2::2/128 2001:db8:2000:ab::2/128 - name: Override existing configuration with provided configuration cisco.nxos.nxos_acls: config: - afi: ipv4 acls: - name: NewACL aces: - grant: deny source: address: 192.0.2.0 wildcard_bits: 0.0.255.255 destination: any: true protocol: eigrp - remark: Example for overridden state state: overridden
# Task Output # ----------- # # before: # - acls: # - aces: # - destination: # any: true # grant: permit # protocol: sctp # sequence: 10 # source: # any: true # - remark: IPv6 ACL # sequence: 20 # name: ACL1v6 # - aces: # - destination: # prefix: 2001:db8:3000::/36 # grant: deny # protocol: ipv6 # sequence: 10 # source: # any: true # - destination: # host: 2001:db8:2000:ab::2 # grant: permit # protocol: tcp # sequence: 20 # source: # host: 2001:db8:2000:2::2 # name: ACL2v6 # afi: ipv6 # - acls: # - aces: # - destination: # any: true # grant: permit # protocol: ip # sequence: 10 # source: # any: true # - destination: # any: true # grant: deny # protocol: udp # sequence: 20 # source: # any: true # name: ACL1v4 # - aces: # - destination: # any: true # grant: permit # protocol: ahp # sequence: 10 # source: # address: 192.0.2.0 # wildcard_bits: 0.0.0.255 # name: ACL2v4 # afi: ipv4 # # commands: # - no ipv6 access-list ACL1v6 # - no ipv6 access-list ACL2v6 # - no ip access-list ACL1v4 # - no ip access-list ACL2v4 # - ip access-list NewACL # - deny eigrp 192.0.2.0 0.0.255.255 any # - remark Example for overridden state # # after: # - acls: # - aces: # - destination: # any: true # grant: deny # protocol: eigrp # sequence: 10 # source: # address: 192.0.2.0 # wildcard_bits: 0.0.255.255 # - remark: Example for overridden state # sequence: 20 # name: NewACL # afi: ipv4 # After state: # ------------ # nxos-9k# show running-config | section '^ip(v6)* access-list' # ip access-list NewACL # 10 deny eigrp 192.0.2.0 0.0.255.255 any # 20 remark Example for overridden state # Using deleted - delete all # # Before state: # ------------- # nxos-9k# show running-config | section '^ip(v6)* access-list' # ip access-list ACL1v4 # 10 permit ip any any # 20 deny udp any any # ip access-list ACL2v4 # 10 permit ahp 192.0.2.0 0.0.0.255 any # ip access-list ACL1v6 # 10 permit sctp any any # 20 remark IPv6 ACL # ip access-list ACL2v6 # 10 deny ipv6 any 2001:db8:3000::/36 # 20 permit tcp 2001:db8:2000:2::2/128 2001:db8:2000:ab::2/128 - name: Delete all ACLs cisco.nxos.nxos_acls: state: deleted
# Task Output # ----------- # # before: # - acls: # - aces: # - destination: # any: true # grant: permit # protocol: sctp # sequence: 10 # source: # any: true # - remark: IPv6 ACL # sequence: 20 # name: ACL1v6 # - aces: # - destination: # prefix: 2001:db8:3000::/36 # grant: deny # protocol: ipv6 # sequence: 10 # source: # any: true # - destination: # host: 2001:db8:2000:ab::2 # grant: permit # protocol: tcp # sequence: 20 # source: # host: 2001:db8:2000:2::2 # name: ACL2v6 # afi: ipv6 # - acls: # - aces: # - destination: # any: true # grant: permit # protocol: ip # sequence: 10 # source: # any: true # - destination: # any: true # grant: deny # protocol: udp # sequence: 20 # source: # any: true # name: ACL1v4 # - aces: # - destination: # any: true # grant: permit # protocol: ahp # sequence: 10 # source: # address: 192.0.2.0 # wildcard_bits: 0.0.0.255 # name: ACL2v4 # afi: ipv4 # # commands: # - no ip access-list ACL1v4 # - no ip access-list ACL2v4 # - no ipv6 access-list ACL1v6 # - no ipv6 access-list ACL2v6 # # after: [] # After state: # ----------- # nxos-9k# show running-config | section '^ip(v6)* access-list' # # Using deleted - delete AFI # Before state: # ------------- # nxos-9k# show running-config | section '^ip(v6)* access-list' # ip access-list ACL1v4 # 10 permit ip any any # 20 deny udp any any # ip access-list ACL2v4 # 10 permit ahp 192.0.2.0 0.0.0.255 any # ip access-list ACL1v6 # 10 permit sctp any any # 20 remark IPv6 ACL # ip access-list ACL2v6 # 10 deny ipv6 any 2001:db8:3000::/36 # 20 permit tcp 2001:db8:2000:2::2/128 2001:db8:2000:ab::2/128 - name: Delete all ACLs in given AFI cisco.nxos.nxos_acls: config: - afi: ipv4 state: deleted
# Task Output # ----------- # # before: # - acls: # - aces: # - destination: # any: true # grant: permit # protocol: sctp # sequence: 10 # source: # any: true # - remark: IPv6 ACL # sequence: 20 # name: ACL1v6 # - aces: # - destination: # prefix: 2001:db8:3000::/36 # grant: deny # protocol: ipv6 # sequence: 10 # source: # any: true # - destination: # host: 2001:db8:2000:ab::2 # grant: permit # protocol: tcp # sequence: 20 # source: # host: 2001:db8:2000:2::2 # name: ACL2v6 # afi: ipv6 # - acls: # - aces: # - destination: # any: true # grant: permit # protocol: ip # sequence: 10 # source: # any: true # - destination: # any: true # grant: deny # protocol: udp # sequence: 20 # source: # any: true # name: ACL1v4 # - aces: # - destination: # any: true # grant: permit # protocol: ahp # sequence: 10 # source: # address: 192.0.2.0 # wildcard_bits: 0.0.0.255 # name: ACL2v4 # afi: ipv4 # # commands: # - no ip access-list ACL1v4 # - no ip access-list ACL2v4 # # after: # - acls: # - aces: # - destination: # any: true # grant: permit # protocol: sctp # sequence: 10 # source: # any: true # - remark: IPv6 ACL # sequence: 20 # name: ACL1v6 # - aces: # - destination: # prefix: 2001:db8:3000::/36 # grant: deny # protocol: ipv6 # sequence: 10 # source: # any: true # - destination: # host: 2001:db8:2000:ab::2 # grant: permit # protocol: tcp # sequence: 20 # source: # host: 2001:db8:2000:2::2 # name: ACL2v6 # afi: ipv6 # After state: # ------------ # nxos-9k# show running-config | section '^ip(v6)* access-list' # ip access-list ACL1v6 # 10 permit sctp any any # 20 remark IPv6 ACL # ip access-list ACL2v6 # 10 deny ipv6 any 2001:db8:3000::/36 # 20 permit tcp 2001:db8:2000:2::2/128 2001:db8:2000:ab::2/128 # Using deleted - delete ACLs # Before state: # ------------- # nxos-9k# show running-config | section '^ip(v6)* access-list' # ip access-list ACL1v4 # 10 permit ip any any # 20 deny udp any any # ip access-list ACL2v4 # 10 permit ahp 192.0.2.0 0.0.0.255 any # ipv6 access-list ACL1v6 # 10 permit sctp any any # 20 remark IPv6 ACL # ipv6 access-list ACL2v6 # 10 deny ipv6 any 2001:db8:3000::/36 # 20 permit tcp 2001:db8:2000:2::2/128 2001:db8:2000:ab::2/128 - name: Delete specific ACLs cisco.nxos.nxos_acls: state: deleted config: - afi: ipv4 acls: - name: ACL1v4 - name: ACL2v4 - afi: ipv6 acls: - name: ACL1v6
# Task Output # ----------- # # before: # - acls: # - aces: # - destination: # any: true # grant: permit # protocol: sctp # sequence: 10 # source: # any: true # - remark: IPv6 ACL # sequence: 20 # name: ACL1v6 # - aces: # - destination: # prefix: 2001:db8:3000::/36 # grant: deny # protocol: ipv6 # sequence: 10 # source: # any: true # - destination: # host: 2001:db8:2000:ab::2 # grant: permit # protocol: tcp # sequence: 20 # source: # host: 2001:db8:2000:2::2 # name: ACL2v6 # afi: ipv6 # - acls: # - aces: # - destination: # any: true # grant: permit # protocol: ip # sequence: 10 # source: # any: true # - destination: # any: true # grant: deny # protocol: udp # sequence: 20 # source: # any: true # name: ACL1v4 # - aces: # - destination: # any: true # grant: permit # protocol: ahp # sequence: 10 # source: # address: 192.0.2.0 # wildcard_bits: 0.0.0.255 # name: ACL2v4 # afi: ipv4 # # commands: # - no ip access-list ACL1v4 # - no ip access-list ACL2v4 # - no ipv6 access-list ACL1v6 # # after: # - acls: # - aces: # - destination: # prefix: 2001:db8:3000::/36 # grant: deny # protocol: ipv6 # sequence: 10 # source: # any: true # - destination: # host: 2001:db8:2000:ab::2 # grant: permit # protocol: tcp # sequence: 20 # source: # host: 2001:db8:2000:2::2 # name: ACL2v6 # afi: ipv6 # After state: # ------------ # nxos-9k# show running-config | section '^ip(v6)* access-list' # ipv6 access-list ACL2v6 # 10 deny ipv6 any 2001:db8:3000::/36 # 20 permit tcp 2001:db8:2000:2::2/128 2001:db8:2000:ab::2/128 # Using parsed - name: Parse given config to structured data cisco.nxos.nxos_acls: running_config: | ip access-list ACL1v4 50 deny tcp any lt 55 192.0.2.64 0.0.0.255 ack fin ipv6 access-list ACL1v6 10 permit sctp any any state: parsed
# Task Output # ------------ # # parsed: # - afi: ipv4 # acls: # - name: ACL1v4 # aces: # - grant: deny # destination: # address: 192.0.2.64 # wildcard_bits: 0.0.0.255 # source: # any: true # port_protocol: # lt: 55 # protocol: tcp # protocol_options: # tcp: # ack: true # fin: true # sequence: 50 # # - afi: ipv6 # acls: # - name: ACL1v6 # aces: # - grant: permit # sequence: 10 # source: # any: true # destination: # prefix: 2001:db8:12::/32 # protocol: sctp # Using gathered: # Before state: # ------------ # nxos-9k# show running-config | section '^ip(v6)* access-list' # ip access-list ACL1v4 # 50 deny tcp any lt 55 192.0.2.64 0.0.0.255 ack fin # ipv6 access-list ACL1v6 # 10 permit sctp any any - name: Gather existing configuration cisco.nxos.nxos_acls: state: gathered
# Task Output # ----------- # # gathered: # - afi: ipv4 # acls: # - name: ACL1v4 # aces: # - grant: deny # destination: # address: 192.0.2.64 # wildcard_bits: 0.0.0.255 # source: # any: true # port_protocol: # lt: 55 # protocol: tcp # protocol_options: # tcp: # ack: true # fin: true # sequence: 50 # - afi: ipv6 # acls: # - name: ACL1v6 # aces: # - grant: permit # sequence: 10 # source: # any: true # destination: # prefix: 2001:db8:12::/32 # protocol: sctp # Using rendered - name: Render required configuration to be pushed to the device cisco.nxos.nxos_acls: config: - afi: ipv4 acls: - name: ACL1v4 aces: - grant: deny destination: address: 192.0.2.64 wildcard_bits: 0.0.0.255 source: any: true port_protocol: lt: 55 protocol: tcp protocol_options: tcp: ack: true fin: true sequence: 50 - afi: ipv6 acls: - name: ACL1v6 aces: - grant: permit sequence: 10 source: any: true destination: prefix: '2001:db8:12::/32' protocol: sctp state: rendered
state: choices: - deleted - gathered - merged - overridden - rendered - replaced - parsed default: merged description: - The state the configuration should be left in type: str config: description: A dictionary of ACL options. elements: dict suboptions: acls: description: A list of the ACLs. elements: dict suboptions: aces: description: The entries within the ACL. elements: dict suboptions: destination: description: Specify the packet destination. suboptions: address: description: Destination network address. type: str any: description: Any destination address. type: bool host: description: Host IP address. type: str port_protocol: description: Specify the destination port or protocol (only for TCP and UDP). suboptions: eq: description: Match only packets on a given port number. type: str gt: description: Match only packets with a greater port number. type: str lt: description: Match only packets with a lower port number. type: str neq: description: Match only packets not on a given port number. type: str range: description: Match only packets in the range of port numbers. suboptions: end: description: Specify the end of the port range. type: str start: description: Specify the start of the port range. type: str type: dict type: dict prefix: description: Destination network prefix. Only for prefixes of value less than 31 for ipv4 and 127 for ipv6. Prefixes of 32 (ipv4) and 128 (ipv6) should be given in the 'host' key. type: str wildcard_bits: description: Destination wildcard bits. type: str type: dict dscp: description: Match packets with given DSCP value. type: str fragments: description: Check non-initial fragments. type: bool grant: choices: - permit - deny description: Action to be applied on the rule. type: str log: description: Log matches against this entry. type: bool precedence: description: Match packets with given precedence value. type: str protocol: description: Specify the protocol. type: str protocol_options: description: All possible suboptions for the protocol chosen. suboptions: icmp: description: ICMP protocol options. suboptions: administratively_prohibited: description: Administratively prohibited type: bool alternate_address: description: Alternate address type: bool conversion_error: description: Datagram conversion type: bool dod_host_prohibited: description: Host prohibited type: bool dod_net_prohibited: description: Net prohibited type: bool echo: description: Echo (ping) type: bool echo_reply: description: Echo reply type: bool echo_request: description: Echo request (ping) type: bool general_parameter_problem: description: Parameter problem type: bool host_isolated: description: Host isolated type: bool host_precedence_unreachable: description: Host unreachable for precedence type: bool host_redirect: description: Host redirect type: bool host_tos_redirect: description: Host redirect for TOS type: bool host_tos_unreachable: description: Host unreachable for TOS type: bool host_unknown: description: Host unknown type: bool host_unreachable: description: Host unreachable type: bool information_reply: description: Information replies type: bool information_request: description: Information requests type: bool mask_reply: description: Mask replies type: bool mask_request: description: Mask requests type: bool message_code: description: ICMP message code type: int message_type: description: ICMP message type type: int mobile_redirect: description: Mobile host redirect type: bool net_redirect: description: Network redirect type: bool net_tos_redirect: description: Net redirect for TOS type: bool net_tos_unreachable: description: Network unreachable for TOS type: bool net_unreachable: description: Net unreachable type: bool network_unknown: description: Network unknown type: bool no_room_for_option: description: Parameter required but no room type: bool option_missing: description: Parameter required but not present type: bool packet_too_big: description: Fragmentation needed and DF set type: bool parameter_problem: description: All parameter problems type: bool port_unreachable: description: Port unreachable type: bool precedence_unreachable: description: Precedence cutoff type: bool protocol_unreachable: description: Protocol unreachable type: bool reassembly_timeout: description: Reassembly timeout type: bool redirect: description: All redirects type: bool router_advertisement: description: Router discovery advertisements type: bool router_solicitation: description: Router discovery solicitations type: bool source_quench: description: Source quenches type: bool source_route_failed: description: Source route failed type: bool time_exceeded: description: All time exceeded. type: bool timestamp_reply: description: Timestamp replies type: bool timestamp_request: description: Timestamp requests type: bool traceroute: description: Traceroute type: bool ttl_exceeded: description: TTL exceeded type: bool unreachable: description: All unreachables type: bool type: dict icmpv6: description: ICMPv6 protocol options. suboptions: beyond_scope: description: Destination beyond scope. type: bool destination_unreachable: description: Destination address is unreachable. type: bool echo_reply: description: Echo reply. type: bool echo_request: description: Echo request (ping). type: bool fragments: description: Check non-initial fragments. type: bool header: description: Parameter header problem. type: bool hop_limit: description: Hop limit exceeded in transit. type: bool mld_query: description: Multicast Listener Discovery Query. type: bool mld_reduction: description: Multicast Listener Discovery Reduction. type: bool mld_report: description: Multicast Listener Discovery Report. type: bool mldv2: description: Multicast Listener Discovery Protocol. type: bool nd_na: description: Neighbor discovery neighbor advertisements. type: bool nd_ns: description: Neighbor discovery neighbor solicitations. type: bool next_header: description: Parameter next header problems. type: bool no_admin: description: Administration prohibited destination. type: bool no_route: description: No route to destination. type: bool packet_too_big: description: Packet too big. type: bool parameter_option: description: Parameter option problems. type: bool parameter_problem: description: All parameter problems. type: bool port_unreachable: description: Port unreachable. type: bool reassembly_timeout: description: Reassembly timeout. type: bool renum_command: description: Router renumbering command. type: bool renum_result: description: Router renumbering result. type: bool renum_seq_number: description: Router renumbering sequence number reset. type: bool router_advertisement: description: Neighbor discovery router advertisements. type: bool router_renumbering: description: All router renumbering. type: bool router_solicitation: description: Neighbor discovery router solicitations. type: bool telemetry_path: description: IPT enabled. type: bool telemetry_queue: description: Flow of interest for BDC/HDC. type: bool time_exceeded: description: All time exceeded. type: bool unreachable: description: All unreachable. type: bool type: dict igmp: description: IGMP protocol options. suboptions: dvmrp: description: Distance Vector Multicast Routing Protocol type: bool host_query: description: Host Query type: bool host_report: description: Host Report type: bool type: dict tcp: description: TCP flags. suboptions: ack: description: Match on the ACK bit type: bool established: description: Match established connections type: bool fin: description: Match on the FIN bit type: bool psh: description: Match on the PSH bit type: bool rst: description: Match on the RST bit type: bool syn: description: Match on the SYN bit type: bool urg: description: Match on the URG bit type: bool type: dict type: dict remark: description: Access list entry comment. type: str sequence: description: Sequence number. type: int source: description: Specify the packet source. suboptions: address: description: Source network address. type: str any: description: Any source address. type: bool host: description: Host IP address. type: str port_protocol: description: Specify the destination port or protocol (only for TCP and UDP). suboptions: eq: description: Match only packets on a given port number. type: str gt: description: Match only packets with a greater port number. type: str lt: description: Match only packets with a lower port number. type: str neq: description: Match only packets not on a given port number. type: str range: description: Match only packets in the range of port numbers. suboptions: end: description: Specify the end of the port range. type: str start: description: Specify the start of the port range. type: str type: dict type: dict prefix: description: Source network prefix. Only for prefixes of mask value less than 31 for ipv4 and 127 for ipv6. Prefixes of mask 32 (ipv4) and 128 (ipv6) should be given in the 'host' key. type: str wildcard_bits: description: Source wildcard bits. type: str type: dict type: list name: description: Name of the ACL. required: true type: str type: list afi: choices: - ipv4 - ipv6 description: The Address Family Indicator (AFI) for the ACL. required: true type: str type: list running_config: description: - This option is used only with state I(parsed). - The value of this option should be the output received from the NX-OS device by executing the command B(show running-config | section 'ip(v6)* access-list). - The state I(parsed) reads the configuration from C(running_config) option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the I(parsed) key within the result. type: str
after: description: The resulting configuration model invocation. returned: when changed sample: "The configuration returned will always be in the same format\n of the parameters\ \ above.\n" type: dict before: description: The configuration prior to the model invocation. returned: always sample: "The configuration returned will always be in the same format\n of the parameters\ \ above.\n" type: dict commands: description: The set of commands pushed to the remote device. returned: always sample: - ip access-list ACL1v4 - 10 permit ip any any precedence critical log - 20 deny tcp any lt smtp host 192.0.2.64 ack fin type: list gathered: description: Facts about the network resource gathered from the remote device as structured data. returned: when I(state) is C(gathered) sample: 'This output will always be in the same format as the module argspec. ' type: list parsed: description: The device native config provided in I(running_config) option parsed into structured data as per module argspec. returned: when I(state) is C(parsed) sample: 'This output will always be in the same format as the module argspec. ' type: list rendered: description: The provided configuration in the task rendered in device-native format (offline). returned: when I(state) is C(rendered) sample: - ip access-list ACL1v4 - 10 permit ip any any precedence critical log - 20 deny tcp any lt smtp host 192.0.2.64 ack fin type: list