Try SpotterConfigures ACL in Ruckus ICX 7000 series switches.
Authors: Ruckus Wireless (@Commscope)
Install with ansible-galaxy collection install sushma_alethea.test:==1.0.0
collections:
- name: sushma_alethea.test
version: 1.0.0Configures ACL Assign in Ruckus ICX 7000 series switches.
- name: ipv4,ipv6,MAC ACLs assign to same ethernet interface
community.network.icx_acl_assign:
ip_access_group:
acl_name: scale12
in_out: in
ethernet: 1/1/3
ipv6_access_group:
acl_name: scale12
in_out: in
ethernet: 1/1/3
logging: enable
mac_access_group:
mac_acl_name: mac_acl
ethernet: 1/1/3
register: output
- name: ipv4,ipv6,MAC ACLs assign to same lag interface
community.network.icx_acl_assign:
ip_access_group:
acl_name: scale12
in_out: in
lag: 3
ipv6_access_group:
acl_name: scale12
in_out: in
lag: 3
logging: enable
mac_access_group:
mac_acl_name: mac_acl
lag: 3
logging: disable
register: output
- name: ipv4,ipv6,MAC ACLs assign to vlan interfaces
community.network.icx_acl_assign:
ip_access_group:
acl_name: scale12
in_out: in
vlan:
vlan_num: 10
ipv6_access_group:
acl_name: scale12
in_out: in
vlan:
vlan_num: 2066
logging: enable
mac_access_group:
mac_acl_name: mac_acl
vlan:
vlan_num: 20
register: output
- name: Each acl assigned to same vlan, but different ethernet and lag of the vlan
community.network.icx_acl_assign:
ip_access_group:
acl_name: scale12
in_out: in
vlan:
vlan_num: 555
interfaces:
- lag 10
ipv6_access_group:
acl_name: scale12
in_out: in
vlan:
vlan_num: 555
interfaces:
- ethernet 1/1/3
logging: enable
mac_access_group:
mac_acl_name: mac_acl
vlan:
vlan_num: 555
interfaces:
- ethernet 1/1/15 to 1/1/16
default_acl:
ip_type: ipv4
acl_id: 10
in_out: in
register: output
- name: show command
debug:
msg: '{{ output }}'
default_acl:
description: Configures the default ACL for failed, timed-out, or guest user sessions.
suboptions:
acl_id:
description: ID of standard or numbered ACL (IPv4 only).
type: int
acl_name:
description: Name or extended name of the ACL.
type: str
in_out:
choices:
- in
- out
description: Specifies incoming or outgoing authentication.
type: str
ip_type:
choices:
- ipv4
- ipv6
description: Specifies an IPv4 or IPv6 ACL.
required: true
type: str
state:
choices:
- present
- absent
default: present
description: Specifies whether to configure or remove rule.
type: str
type: dict
ip_access_group:
description: Applies IPv4 access control lists (ACLs) to traffic entering or exiting
an interface. Specify acl_name/acl_num. Specify ethernet/lag/vlan
suboptions:
acl_name:
description: Specifies a valid ACL name.
type: str
acl_num:
description: Specifies an ACL number. You can specify from 1 through 99 for standard
ACLs and from 100 through 199 for extended ACLs. Valid only in 8090.
type: int
ethernet:
description: Applies ACL to ethernet interface. Format - 1/1/1
type: str
frag_deny:
default: false
description: Denies all IP fragments on the port.
type: bool
in_out:
choices:
- in
- out
description: Applies the ACL to inbound or outbound traffic on the port.
type: str
lag:
description: Applies ACL to lag interface.
type: int
logging:
choices:
- enable
- disable
description: Enables/Disables logging for matched statements in the ACL that also
include a log action.
type: str
mirror_port:
description: Configures ACL-based inbound mirroring.
suboptions:
ethernet:
description: Specifies the mirror port to which the monitored port traffic
is copied.
type: str
state:
choices:
- present
- absent
default: present
description: Configures/Removes the ACL mirror port.
type: str
type: dict
state:
choices:
- present
- absent
default: present
description: Specifies whether to configure or remove ip access-group.
type: str
vlan:
description: Applies ACL to vlan through virtual routing interface.
suboptions:
interfaces:
description: Applies ACL to single/range of ethernet and lag interfaces of
the vlan. For eg - [ethernet 1/1/2, ethernet 1/1/20 to 1/1/30, lag 10, lag
10 to 20]
elements: str
type: list
vlan_num:
description: Router interface ve
type: int
type: dict
type: dict
mac_access_group:
description: Binds an access-list filter to an interface. Added in 8095.Specify ethernet/lag/vlan
suboptions:
ethernet:
description: Applies ACL to ethernet interface. Format- 1/1/1
type: str
lag:
description: Applies ACL to lag interface.
type: int
logging:
choices:
- enable
- disable
description: Enables/Disables logging for matched statements in the ACL that also
include a log action.
type: str
mac_acl_name:
description: MAC ACL name.
required: true
type: str
mirror_port:
description: Configures ACL-based inbound mirroring.
suboptions:
ethernet:
description: Specifies the mirror port to which the monitored port traffic
is copied.
type: str
state:
choices:
- present
- absent
default: present
description: Configures/Removes the ACL mirror port.
type: str
type: dict
state:
choices:
- present
- absent
default: present
description: Specifies whether to configure or remove MAC access-group.
type: str
vlan:
description: Applies ACL to vlan through virtual routing interface.
suboptions:
interfaces:
description: Applies ACL to single/range of ethernet and lag interfaces of
the vlan. For eg-[ethernet 1/1/2, ethernet 1/1/20 to 1/1/30, lag 10, lag
10 to 20]
elements: str
type: list
vlan_num:
description: Router interface ve
type: int
type: dict
type: dict
ipv6_access_group:
description: Applies an IPv6 ACL to an interface. Added in 8095. Specify acl_name/acl_num.
Specify ethernet/lag/vlan
suboptions:
acl_name:
description: Specifies a valid ACL name.
type: str
ethernet:
description: Applies ACL to ethernet interface. Format-1/1/1
type: str
in_out:
choices:
- in
- out
description: Applies the ACL to inbound or outbound traffic on the port.
type: str
lag:
description: Applies ACL to lag interface.
type: int
logging:
choices:
- enable
- disable
description: Enables/Disables logging for matched statements in the ACL that also
include a log action.
type: str
mirror_port:
description: Configures ACL-based inbound mirroring.
suboptions:
ethernet:
description: Specifies the mirror port to which the monitored port traffic
is copied.
type: str
state:
choices:
- present
- absent
default: present
description: Configures/Removes the ACL mirror port.
type: str
type: dict
state:
choices:
- present
- absent
default: present
description: Specifies whether to configure or remove ip access-group.
type: str
vlan:
description: Applies ACL to vlan through virtual routing interface.
suboptions:
interfaces:
description: Applies ACL to single/range of ethernet and lag interfaces of
the vlan. For eg - [ethernet 1/1/2, ethernet 1/1/20 to 1/1/30, lag 10, lag
10 to 20]
elements: str
type: list
vlan_num:
description: Router interface ve
type: int
type: dict
type: dict