Try SpotterPrefix-Lists resource module.
| "added in version" 2.4.0 of cisco.nxos"
Authors: Nilashish Chakraborty (@NilashishC)
Install with ansible-galaxy collection install cisco.nxos:==7.0.0
collections:
- name: cisco.nxos
version: 7.0.0This module manages prefix-lists configuration on devices running Cisco NX-OS.
# Using merged
# Before state:
# -------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# nxos-9k-rdo#
- name: Merge the provided configuration with the existing running configuration
cisco.nxos.nxos_prefix_lists:
config:
- afi: ipv4
prefix_lists:
- name: AllowPrefix
description: allows engineering IPv4 networks
entries:
- sequence: 10
action: permit
prefix: 192.0.2.0/23
eq: 24
- sequence: 20
action: permit
prefix: 198.51.100.128/26
- name: DenyPrefix
description: denies lab IPv4 networks
entries:
- sequence: 20
action: deny
prefix: 203.0.113.0/24
le: 25
- afi: ipv6
prefix_lists:
- name: AllowIPv6Prefix
description: allows engineering IPv6 networks
entries:
- sequence: 8
action: permit
prefix: "2001:db8:400::/38"
- sequence: 20
action: permit
prefix: "2001:db8:8000::/35"
le: 37
# Task output
# -------------
# before: []
#
# commands:
# - "ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks"
# - "ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38"
# - "ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37"
# - "ip prefix-list AllowPrefix description allows engineering IPv4 networks"
# - "ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24"
# - "ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26"
# - "ip prefix-list DenyPrefix description denies lab IPv4 networks"
# - "ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25"
#
# after:
# - afi: ipv4
# prefix_lists:
# - description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 192.0.2.0/23
# eq: 24
# - sequence: 20
# action: permit
# prefix: 198.51.100.128/26
# name: AllowPrefix
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
# After state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24
# ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
# Using replaced
# Before state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24
# ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
- name: Replace prefix-lists configurations of listed prefix-lists with provided configurations
cisco.nxos.nxos_prefix_lists:
config:
- afi: ipv4
prefix_lists:
- name: AllowPrefix
description: allows engineering IPv4 networks
entries:
- sequence: 10
action: permit
prefix: 203.0.113.64/27
- sequence: 30
action: permit
prefix: 203.0.113.96/27
- name: AllowPrefix2Stub
description: allow other engineering IPv4 network
state: replaced
# Task output
# -------------
# before:
# - afi: ipv4
# prefix_lists:
# - description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 192.0.2.0/23
# eq: 24
# - sequence: 20
# action: permit
# prefix: 198.51.100.128/26
# name: AllowPrefix
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
#
# commands:
# - "no ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24"
# - "ip prefix-list AllowPrefix seq 10 permit 203.0.113.64/27"
# - "ip prefix-list AllowPrefix seq 30 permit 203.0.113.96/27"
# - "no ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26"
# - "ip prefix-list AllowPrefix2Stub description allow other engineering IPv4 network"
#
# after:
# - afi: ipv4
# prefix_lists:
# - description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 203.0.113.64/27
# - sequence: 30
# action: permit
# prefix: 203.0.113.96/27
# name: AllowPrefix
# - description: allow other engineering IPv4 network
# name: AllowPrefix2Stub
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
#
# After state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 203.0.113.64/27
# ip prefix-list AllowPrefix seq 30 permit 203.0.113.96/27
# ip prefix-list AllowPrefix2Stub description allow other engineering IPv4 network
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
# Using overridden
# Before state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24
# ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
- name: Override all prefix-lists configuration with provided configuration
cisco.nxos.nxos_prefix_lists: &id003
config:
- afi: ipv4
prefix_lists:
- name: AllowPrefix
description: allows engineering IPv4 networks
entries:
- sequence: 10
action: permit
prefix: 203.0.113.64/27
- sequence: 30
action: permit
prefix: 203.0.113.96/27
- name: AllowPrefix2Stub
description: allow other engineering IPv4 network
state: overridden
# Task output
# -------------
# before:
# - afi: ipv4
# prefix_lists:
# - description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 192.0.2.0/23
# eq: 24
# - sequence: 20
# action: permit
# prefix: 198.51.100.128/26
# name: AllowPrefix
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
#
# commands:
# - "no ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24"
# - "ip prefix-list AllowPrefix seq 10 permit 203.0.113.64/27"
# - "ip prefix-list AllowPrefix seq 30 permit 203.0.113.96/27"
# - "no ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26"
# - "ip prefix-list AllowPrefix2Stub description allow other engineering IPv4 network"
# - "no ip prefix-list DenyPrefix"
# - "no ipv6 prefix-list AllowIPv6Prefix"
#
# after:
# - afi: ipv4
# prefix_lists:
# - name: AllowPrefix
# description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 203.0.113.64/27
#
# - sequence: 30
# action: permit
# prefix: 203.0.113.96/27
# - name: AllowPrefix2Stub
# description: allow other engineering IPv4 network
#
# After state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 203.0.113.64/27
# ip prefix-list AllowPrefix seq 30 permit 203.0.113.96/27
# ip prefix-list AllowPrefix2Stub description allow other engineering IPv4 network
# Using deleted to delete a all prefix lists for an AFI
# Before state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24
# ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
- name: Delete all prefix-lists for an AFI
cisco.nxos.nxos_prefix_lists:
config:
- afi: ipv4
state: deleted
register: result
# Task output
# -------------
# before:
# - afi: ipv4
# prefix_lists:
# - description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 192.0.2.0/23
# eq: 24
# - sequence: 20
# action: permit
# prefix: 198.51.100.128/26
# name: AllowPrefix
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
#
# commands:
# - "no ip prefix-list AllowPrefix"
# - "no ip prefix-list DenyPrefix"
#
# after:
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
#
# After state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
# Using deleted to delete a single prefix-list
# Before state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24
# ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
- name: Delete a single prefix-list
cisco.nxos.nxos_prefix_lists:
config:
- afi: ipv4
prefix_lists:
- name: AllowPrefix
state: deleted
# Task output
# -------------
# before:
# - afi: ipv4
# prefix_lists:
# - description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 192.0.2.0/23
# eq: 24
# - sequence: 20
# action: permit
# prefix: 198.51.100.128/26
# name: AllowPrefix
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
#
# commands:
# - "no ip prefix-list AllowPrefix"
#
# after:
# - afi: ipv4
# prefix_lists:
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
#
# After state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
# Using deleted to delete all prefix-lists from the device
# Before state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24
# ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
- name: Delete all prefix-lists
cisco.nxos.nxos_prefix_lists:
state: deleted
# Task output
# -------------
# before:
# - afi: ipv4
# prefix_lists:
# - description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 192.0.2.0/23
# eq: 24
# - sequence: 20
# action: permit
# prefix: 198.51.100.128/26
# name: AllowPrefix
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
#
# commands:
# - "no ip prefix-list AllowPrefix"
# - "no ip prefix-list DenyPrefix"
# - "no ipv6 prefix-list AllowIPv6Prefix"
#
# after: []
#
# After state:
# ------------
# nxos-9k-rdo# show running-config | section 'ip(.*) prefix-list'
# nxos-9k-rdo#
# Using rendered
- name: Render platform specific configuration lines with state rendered (without connecting to the device)
cisco.nxos.nxos_prefix_lists: &id001
config:
- afi: ipv4
prefix_lists:
- name: AllowPrefix
description: allows engineering IPv4 networks
entries:
- sequence: 10
action: permit
prefix: 192.0.2.0/23
eq: 24
- sequence: 20
action: permit
prefix: 198.51.100.128/26
- name: DenyPrefix
description: denies lab IPv4 networks
entries:
- sequence: 20
action: deny
prefix: 203.0.113.0/24
le: 25
- afi: ipv6
prefix_lists:
- name: AllowIPv6Prefix
description: allows engineering IPv6 networks
entries:
- sequence: 8
action: permit
prefix: "2001:db8:400::/38"
- sequence: 20
action: permit
prefix: "2001:db8:8000::/35"
le: 37
state: rendered
# Task Output (redacted)
# -----------------------
# rendered:
# - afi: ipv4
# prefix_lists:
# - description: allows engineering IPv4 networks
# entries:
# - sequence: 10
# action: permit
# prefix: 192.0.2.0/23
# eq: 24
# - sequence: 20
# action: permit
# prefix: 198.51.100.128/26
# name: AllowPrefix
# - description: denies lab IPv4 networks
# entries:
# - sequence: 20
# action: deny
# prefix: 203.0.113.0/24
# le: 25
# name: DenyPrefix
#
# - afi: ipv6
# prefix_lists:
# - description: allows engineering IPv6 networks
# entries:
# - sequence: 8
# action: permit
# prefix: "2001:db8:400::/38"
# - sequence: 20
# action: permit
# prefix: "2001:db8:8000::/35"
# le: 37
# name: AllowIPv6Prefix
# Using parsed
# parsed.cfg
# ------------
# ip prefix-list AllowPrefix description allows engineering IPv4 networks
# ip prefix-list AllowPrefix seq 10 permit 192.0.2.0/23 eq 24
# ip prefix-list AllowPrefix seq 20 permit 198.51.100.128/26
# ip prefix-list DenyPrefix description denies lab IPv4 networks
# ip prefix-list DenyPrefix seq 20 deny 203.0.113.0/24 le 25
# ipv6 prefix-list AllowIPv6Prefix description allows engineering IPv6 networks
# ipv6 prefix-list AllowIPv6Prefix seq 8 permit 2001:db8:400::/38
# ipv6 prefix-list AllowIPv6Prefix seq 20 permit 2001:db8:8000::/35 le 37
- name: Parse externally provided prefix-lists configuration
register: result
cisco.nxos.nxos_prefix_lists:
running_config: "{{ lookup('file', './parsed.cfg') }}"
state: parsed
state:
choices:
- merged
- replaced
- overridden
- deleted
- parsed
- gathered
- rendered
default: merged
description:
- The state the configuration should be left in.
- Refer to examples for more details.
- With state I(replaced), for the listed prefix-lists, sequences that are in running-config
but not in the task are negated.
- With state I(overridden), all prefix-lists that are in running-config but not in
the task are negated.
- Please refer to examples for more details.
type: str
config:
description: A list of prefix-list configuration.
elements: dict
suboptions:
afi:
choices:
- ipv4
- ipv6
description:
- The Address Family Identifier (AFI) for the prefix-lists.
type: str
prefix_lists:
description: List of prefix-list configurations.
elements: dict
suboptions:
description:
description: Description of the prefix list
type: str
entries:
description: List of configurations for the specified prefix-list
elements: dict
suboptions:
action:
choices:
- permit
- deny
description: Prefix-List permit or deny.
type: str
eq:
description: Exact prefix length to be matched.
type: int
ge:
description: Minimum prefix length to be matched.
type: int
le:
description: Maximum prefix length to be matched.
type: int
mask:
description: Explicit match mask.
type: str
prefix:
description: IP or IPv6 prefix in A.B.C.D/LEN or A:B::C:D/LEN format.
type: str
sequence:
description: Sequence Number.
type: int
type: list
name:
description: Name of the prefix-list.
type: str
type: list
type: list
running_config:
description:
- This option is used only with state I(parsed).
- The value of this option should be the output received from the NX-OS device by
executing the command B(show running-config | section '^ip(.*) prefix-list').
- The state I(parsed) reads the configuration from C(running_config) option and transforms
it into Ansible structured data as per the resource module's argspec and the value
is then returned in the I(parsed) key within the result.
type: str