Try SpotterManages base ACL configuration on HUAWEI CloudEngine switches.
Authors: wangdezhuang (@QijunPan)
preview | supported by community
Install with ansible-galaxy collection install community.general:==0.1.1
collections:
- name: community.general
version: 0.1.1Manages base ACL configurations on HUAWEI CloudEngine switches.
- name: CloudEngine acl test
hosts: cloudengine
connection: local
gather_facts: no
vars:
cli:
host: "{{ inventory_hostname }}"
port: "{{ ansible_ssh_port }}"
username: "{{ username }}"
password: "{{ password }}"
transport: cli
tasks:
- name: "Config ACL"
ce_acl:
state: present
acl_name: 2200
provider: "{{ cli }}"
- name: "Undo ACL"
ce_acl:
state: delete_acl
acl_name: 2200
provider: "{{ cli }}"
- name: "Config ACL base rule"
ce_acl:
state: present
acl_name: 2200
rule_name: test_rule
rule_id: 111
rule_action: permit
source_ip: 10.10.10.10
src_mask: 24
frag_type: fragment
time_range: wdz_acl_time
provider: "{{ cli }}"
- name: "undo ACL base rule"
ce_acl:
state: absent
acl_name: 2200
rule_name: test_rule
rule_id: 111
rule_action: permit
source_ip: 10.10.10.10
src_mask: 24
frag_type: fragment
time_range: wdz_acl_time
provider: "{{ cli }}"
state:
choices:
- present
- absent
- delete_acl
default: present
description:
- Specify desired state of the resource.
acl_num:
description:
- ACL number. The value is an integer ranging from 2000 to 2999.
rule_id:
description:
- ID of a basic ACL rule in configuration mode. The value is an integer ranging from
0 to 4294967294.
acl_name:
description:
- ACL number or name. For a numbered rule group, the value ranging from 2000 to 2999
indicates a basic ACL. For a named rule group, the value is a string of 1 to 32
case-sensitive characters starting with a letter, spaces not supported.
required: true
acl_step:
description:
- ACL step. The value is an integer ranging from 1 to 20. The default value is 5.
log_flag:
default: 'no'
description:
- Flag of logging matched data packets.
type: bool
src_mask:
description:
- Mask of a source IP address. The value is an integer ranging from 1 to 32.
vrf_name:
description:
- VPN instance name. The value is a string of 1 to 31 characters.The default value
is _public_.
frag_type:
choices:
- fragment
- clear_fragment
description:
- Type of packet fragmentation.
rule_name:
description:
- Name of a basic ACL rule. The value is a string of 1 to 32 characters. The value
is case-insensitive, and cannot contain spaces or begin with an underscore (_).
source_ip:
description:
- Source IP address. The value is a string of 0 to 255 characters.The default value
is 0.0.0.0. The value is in dotted decimal notation.
time_range:
description:
- Name of a time range in which an ACL rule takes effect. The value is a string of
1 to 32 characters. The value is case-insensitive, and cannot contain spaces. The
name must start with an uppercase or lowercase letter. In addition, the word "all"
cannot be specified as a time range name.
rule_action:
choices:
- permit
- deny
description:
- Matching mode of basic ACL rules.
acl_description:
description:
- ACL description. The value is a string of 1 to 127 characters.
rule_description:
description:
- Description about an ACL rule. The value is a string of 1 to 127 characters.
changed:
description: check to see if a change was made on the device
returned: always
sample: true
type: bool
end_state:
description: k/v pairs of aaa params after module execution
returned: always
sample: {}
type: dict
existing:
description: k/v pairs of existing aaa server
returned: always
sample:
aclNumOrName: test
aclType: Basic
type: dict
proposed:
description: k/v pairs of parameters passed into module
returned: always
sample:
acl_name: test
state: delete_acl
type: dict
updates:
description: command sent to the device
returned: always
sample:
- undo acl name test
type: list