sushma_alethea / sushma_alethea.test / 1.0.0 / module / icx_acl_ip Configures ACL in Ruckus ICX 7000 series switches. Authors: Ruckus Wireless (@Commscope)sushma_alethea.test.icx_acl_ip (1.0.0) — module
Install with ansible-galaxy collection install sushma_alethea.test:==1.0.0
collections: - name: sushma_alethea.test version: 1.0.0
Configures ACL in Ruckus ICX 7000 series switches.
- name: create ipv4 acl and add rules community.network.icx_acl_ip: acl_type: standard acl_name: acl1 standard_rules: - rule_type: permit seq_num: 10 any: yes log: yes
- name: create ipv4 acl and add rules community.network.icx_acl_ip: acl_type: extended acl_id: 112 extended_rules: - rule_type: deny ip_protocol_name: tcp source: host: yes ip_address: 1.1.1.1 destination: any: yes precedence: routine state: absent
- name: remove ipv4 acl community.network.icx_acl_ip: acl_type: standard acl_name: acl1 state: absent
state: choices: - present - absent default: present description: Specifies whether to create or delete ACL. type: str acl_id: description: Specifies a unique ACL number. type: int acl_name: description: Specifies a unique ACL name. type: str acl_type: choices: - standard - extended description: Specifies standard/extended access control list. Standard - Contains rules that permit or deny traffic based on source addresses that you specify. The rules are applicable to all ports of the specified address. Extended - Contains rules that permit or deny traffic according to source and destination addresses, as well as other parameters. For example, you can also filter by port, protocol (TCP or UDP), and TCP flags. required: true type: str accounting: choices: - enable - disable description: Enables/Disables accounting for the ipv6 ACL. type: str extended_rules: description: Inserts filtering rules in extended named or numbered ACLs. Specify either protocol name or number. elements: dict suboptions: destination: description: host hostname or A.B.C.D | A.B.C.D or A.B.C.D/L | any required: true suboptions: any: description: Specifies all destination addresses. type: bool host: description: Specifies the destination as host. type: bool hostname: description: Specifies the known hostname of the destination host. type: str ip_address: description: Specifies a destination address for which you want to filter the subnet. Format - IPv4address/mask | IPv4 address | IPv6 address | ipv6-source-prefix/prefix-length type: str mask: description: Defines a subnet mask that includes the destination address that you specified. type: str type: dict destination_comparison_operators: description: If you specified tcp or udp, the following optional operators are available. Specify either port number or name for the operation. suboptions: high_port_name: choices: - ftp-data - ftp - ssh - telnet - smtp - dns - http - gppitnp - pop2 - pop3 - sftp - sqlserv - bgp - ldap - ssl - tftp - snmp description: For range operator, specifies higher port name. type: str high_port_num: description: For range operator, specifies high port number. type: int operator: choices: - eq - gt - lt - neq - range description: Specifies comparison operator. type: str port_name: choices: - ftp-data - ftp - ssh - telnet - smtp - dns - http - gppitnp - pop2 - pop3 - sftp - sqlserv - bgp - ldap - ssl - tftp - snmp description: Specifies port numbers that satisfy the operation with the numeric equivalent of the port name. type: str port_num: description: Specifies port numbers that satisfy the operation with the port number you enter. type: int type: dict dscp_marking: description: Assigns the DSCP value that you specify to the packet. Values range from 0 through 63. type: int dscp_matching: description: Filters by DSCP value. Values range from 0 through 63. type: int established: default: false description: (For TCP rules only) Filter packets that have the Acknowledgment (ACK) or Reset (RST) flag set. type: bool icmp_num: description: Specifies a numbered message type. Use this format if the rule also needs to include precedence, tos , one of the DSCP options, one of the 802.1p options, internal-priority-marking , or traffic-policy. type: int icmp_type: choices: - any-icmp-type - echo - echo-reply - information-request - mask-reply - mask-request - parameter-problem - redirect - source-quench - time-exceeded - timestamp-reply - timestamp-request - unreachable description: Specifies icmp type. type: str internal_marking: description: Assigns the identical 802.1p value and internal queuing priority (traffic class) that you specify to the packet [0-7] type: int internal_priority_marking: description: Assigns the internal queuing priority (traffic class) that you specify to the packet. Values range from 0 through 7. type: int ip_protocol_name: choices: - icmp - igmp - ip - ospf - tcp - udp - esp - gre - ipv6 - pim - rsvp description: Specifies the type of IPv4 packet to filter. type: str ip_protocol_num: description: Protocol number (from 0 to 255). type: int log: default: false description: Enables SNMP traps and Syslog messages for the rule. In addition, logging must be enabled using the logging enable command. type: bool mirror: default: false description: Mirrors packets matching the rule. type: bool precedence: choices: - routine - priority - immediate - flash - flash-override - critical - internet - network description: Specifies a precedence-name. 0 or routine - Specifies routine precedence. 1 or priority - Specifies priority precedence. 2 or immediate - Specifies immediate precedence. 3 or flash - Specifies flash precedence. 4 or flash-override - Specifies flash-override precedence. 5 or critical - Specifies critical precedence. 6 or internet - Specifies internetwork control precedence. 7 or network - Specifies network control precedence. type: str priority_marking: description: Assigns the 802.1p value that you specify to the packet. Values range from 0 through 7. type: int priority_matching: description: Filters by 802.1p priority, for rate limiting. Values range from 0 through 7. type: int remark: description: Adds a comment to describe entries in IPv6 ACL. suboptions: comment_text: description: Specifies the comment for the ACL entry, up to 256 alphanumeric characters. type: str state: choices: - present - absent default: present description: Add/Delete the comment text for an ACL entry. type: str type: dict rule_type: choices: - deny - permit description: Inserts filtering rules in IPv4 standard named or numbered ACLs that will deny/permit packets. required: true type: str seq_num: description: Enables you to assign a sequence number to the rule. Valid values range from 1 through 65000. type: int source: description: host hostname or A.B.C.D | A.B.C.D or A.B.C.D/L | any. required: true suboptions: any: description: Specifies all source addresses. type: bool host: description: Specifies the source as host. type: bool hostname: description: Specifies the known hostname of the source host type: str ip_address: description: Specifies a source IPv4 address for which you want to filter the subnet. type: str mask: description: Defines a mask, whose effect is to specify a subnet that includes the source address that you specified. type: str type: dict source_comparison_operators: description: If you specified tcp or udp, the following optional operators are available. Specify either port number or name for the operation. suboptions: high_port_name: choices: - ftp-data - ftp - ssh - telnet - smtp - dns - http - gppitnp - pop2 - pop3 - sftp - sqlserv - bgp - ldap - ssl - tftp - snmp description: For range operator, specifies higher port name. type: str high_port_num: description: For range operator, specifies high port number. type: int operator: choices: - eq - gt - lt - neq - range description: Specifies comparison operator type: str port_name: choices: - ftp-data - ftp - ssh - telnet - smtp - dns - http - gppitnp - pop2 - pop3 - sftp - sqlserv - bgp - ldap - ssl - tftp - snmp description: Specifies port numbers that satisfy the operation with the numeric equivalent of the port name. type: str port_num: description: Specifies port numbers that satisfy the operation with the port number you enter. type: int type: dict state: choices: - present - absent default: present description: Specifies whether to configure or remove rule. type: str tos: choices: - normal - min-monetary-cost - max-reliability - max-throughput - min-delay description: Specifies a type of service (ToS). Enter either a supported tos-name or the equivalent tos-value. 0 or normal - Specifies normal ToS. 1 or min-monetary-cost - Specifies min monetary cost ToS. 2 or max-reliability - Specifies max reliability ToS. 4 or max-throughput - Specifies max throughput ToS. 8 or min-delay - Specifies min-delay ToS. type: str traffic_policy_name: description: Enables the device to limit rate of inbound traffic and to count packets and bytes per packet to which ACL deny clauses are applied. type: str type: list standard_rules: description: Inserts filtering rules in standard named or numbered ACLs that will deny or permit packets. elements: dict suboptions: any: description: Specifies all source addresses. type: bool host: description: Specifies the source as host. type: bool hostname: description: Specifies the known hostname of the source host type: str log: default: false description: Enables logging for the rule. Used in conjunction with the logging enable command at the ip access-list command configuration level. type: bool mask: description: Defines a mask, whose effect is to specify a subnet that includes the source address that you specified. type: str mirror: default: false description: Mirrors packets matching the rule. type: bool remark: description: Adds a comment to describe entries in IPv6 ACL. suboptions: comment_text: description: Specifies the comment for the ACL entry, up to 256 alphanumeric characters. type: str state: choices: - present - absent default: present description: Add/Delete the comment text for an ACL entry. type: str type: dict rule_type: choices: - deny - permit description: Inserts filtering rules in IPv4 standard named or numbered ACLs that will deny/permit packets. required: true type: str seq_num: description: Enables you to assign a sequence number to the rule. Valid values range from 1 through 65000. type: int source_ip: description: Specifies a source address for which you want to filter the subnet. Format - IPv4address/mask | IPv4 address | IPv6 address | ipv6-source-prefix/prefix-length type: str state: choices: - present - absent default: present description: Specifies whether to configure or remove rule. type: str type: list