fortinet / fortinet.fortios / 1.1.7 / module / fortios_switch_controller_security_policy_802_1x Configure 802.1x MAC Authentication Bypass (MAB) policies in Fortinet's FortiOS and FortiGate. | "added in version" 2.10 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_switch_controller_security_policy_802_1x (1.1.7) — module
Install with ansible-galaxy collection install fortinet.fortios:==1.1.7
collections: - name: fortinet.fortios version: 1.1.7
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_security_policy feature and 802_1x category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.4.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure 802.1x MAC Authentication Bypass (MAB) policies. fortios_switch_controller_security_policy_802_1x: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" switch_controller_security_policy_802_1x: auth_fail_vlan: "disable" auth_fail_vlan_id: "<your_own_value> (source system.interface.name)" eap_auto_untagged_vlans: "disable" eap_passthru: "disable" framevid_apply: "disable" guest_auth_delay: "8" guest_vlan: "disable" guest_vlan_id: "<your_own_value> (source system.interface.name)" mac_auth_bypass: "disable" name: "default_name_12" open_auth: "disable" policy_type: "802.1X" radius_timeout_overwrite: "disable" security_mode: "802.1X" user_group: - name: "default_name_18 (source user.group.name)"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str switch_controller_security_policy_802_1x: default: null description: - Configure 802.1x MAC Authentication Bypass (MAB) policies. suboptions: auth_fail_vlan: choices: - disable - enable description: - Enable to allow limited access to clients that cannot authenticate. type: str auth_fail_vlan_id: description: - VLAN ID on which authentication failed. Source system.interface.name. type: str eap_auto_untagged_vlans: choices: - disable - enable description: - Enable/disable automatic inclusion of untagged VLANs. type: str eap_passthru: choices: - disable - enable description: - Enable/disable EAP pass-through mode, allowing protocols (such as LLDP) to pass through ports for more flexible authentication. type: str framevid_apply: choices: - disable - enable description: - Enable/disable the capability to apply the EAP/MAB frame VLAN to the port native VLAN. type: str guest_auth_delay: description: - Guest authentication delay (1 - 900 sec). type: int guest_vlan: choices: - disable - enable description: - Enable the guest VLAN feature to allow limited access to non-802.1X-compliant clients. type: str guest_vlan_id: description: - Guest VLAN name. Source system.interface.name. type: str mac_auth_bypass: choices: - disable - enable description: - Enable/disable MAB for this policy. type: str name: description: - Policy name. required: true type: str open_auth: choices: - disable - enable description: - Enable/disable open authentication for this policy. type: str policy_type: choices: - 802.1X description: - Policy type. type: str radius_timeout_overwrite: choices: - disable - enable description: - Enable to override the global RADIUS session timeout. type: str security_mode: choices: - 802.1X - 802.1X-mac-based description: - Port or MAC based 802.1X security mode. type: str user_group: description: - Name of user-group to assign to this MAC Authentication Bypass (MAB) policy. suboptions: name: description: - Group name. Source user.group.name. required: true type: str type: list type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str