Try SpotterConfigures ACL in Ruckus ICX 7000 series switches.
Authors: Ruckus Wireless (@Commscope)
Install with ansible-galaxy collection install sushma_alethea.test:==1.0.0
collections:
- name: sushma_alethea.test
version: 1.0.0Configures ACL in Ruckus ICX 7000 series switches.
- name: create ipv4 acl and add rules
community.network.icx_acl_ip:
acl_type: standard
acl_name: acl1
standard_rules:
- rule_type: permit
seq_num: 10
any: yes
log: yes
- name: create ipv4 acl and add rules
community.network.icx_acl_ip:
acl_type: extended
acl_id: 112
extended_rules:
- rule_type: deny
ip_protocol_name: tcp
source:
host: yes
ip_address: 1.1.1.1
destination:
any: yes
precedence: routine
state: absent
- name: remove ipv4 acl
community.network.icx_acl_ip:
acl_type: standard
acl_name: acl1
state: absent
state:
choices:
- present
- absent
default: present
description: Specifies whether to create or delete ACL.
type: str
acl_id:
description: Specifies a unique ACL number.
type: int
acl_name:
description: Specifies a unique ACL name.
type: str
acl_type:
choices:
- standard
- extended
description: Specifies standard/extended access control list. Standard - Contains
rules that permit or deny traffic based on source addresses that you specify. The
rules are applicable to all ports of the specified address. Extended - Contains
rules that permit or deny traffic according to source and destination addresses,
as well as other parameters. For example, you can also filter by port, protocol
(TCP or UDP), and TCP flags.
required: true
type: str
accounting:
choices:
- enable
- disable
description: Enables/Disables accounting for the ipv6 ACL.
type: str
extended_rules:
description: Inserts filtering rules in extended named or numbered ACLs. Specify either
protocol name or number.
elements: dict
suboptions:
destination:
description: host hostname or A.B.C.D | A.B.C.D or A.B.C.D/L | any
required: true
suboptions:
any:
description: Specifies all destination addresses.
type: bool
host:
description: Specifies the destination as host.
type: bool
hostname:
description: Specifies the known hostname of the destination host.
type: str
ip_address:
description: Specifies a destination address for which you want to filter
the subnet. Format - IPv4address/mask | IPv4 address | IPv6 address | ipv6-source-prefix/prefix-length
type: str
mask:
description: Defines a subnet mask that includes the destination address that
you specified.
type: str
type: dict
destination_comparison_operators:
description: If you specified tcp or udp, the following optional operators are
available. Specify either port number or name for the operation.
suboptions:
high_port_name:
choices:
- ftp-data
- ftp
- ssh
- telnet
- smtp
- dns
- http
- gppitnp
- pop2
- pop3
- sftp
- sqlserv
- bgp
- ldap
- ssl
- tftp
- snmp
description: For range operator, specifies higher port name.
type: str
high_port_num:
description: For range operator, specifies high port number.
type: int
operator:
choices:
- eq
- gt
- lt
- neq
- range
description: Specifies comparison operator.
type: str
port_name:
choices:
- ftp-data
- ftp
- ssh
- telnet
- smtp
- dns
- http
- gppitnp
- pop2
- pop3
- sftp
- sqlserv
- bgp
- ldap
- ssl
- tftp
- snmp
description: Specifies port numbers that satisfy the operation with the numeric
equivalent of the port name.
type: str
port_num:
description: Specifies port numbers that satisfy the operation with the port
number you enter.
type: int
type: dict
dscp_marking:
description: Assigns the DSCP value that you specify to the packet. Values range
from 0 through 63.
type: int
dscp_matching:
description: Filters by DSCP value. Values range from 0 through 63.
type: int
established:
default: false
description: (For TCP rules only) Filter packets that have the Acknowledgment
(ACK) or Reset (RST) flag set.
type: bool
icmp_num:
description: Specifies a numbered message type. Use this format if the rule also
needs to include precedence, tos , one of the DSCP options, one of the 802.1p
options, internal-priority-marking , or traffic-policy.
type: int
icmp_type:
choices:
- any-icmp-type
- echo
- echo-reply
- information-request
- mask-reply
- mask-request
- parameter-problem
- redirect
- source-quench
- time-exceeded
- timestamp-reply
- timestamp-request
- unreachable
description: Specifies icmp type.
type: str
internal_marking:
description: Assigns the identical 802.1p value and internal queuing priority
(traffic class) that you specify to the packet [0-7]
type: int
internal_priority_marking:
description: Assigns the internal queuing priority (traffic class) that you specify
to the packet. Values range from 0 through 7.
type: int
ip_protocol_name:
choices:
- icmp
- igmp
- ip
- ospf
- tcp
- udp
- esp
- gre
- ipv6
- pim
- rsvp
description: Specifies the type of IPv4 packet to filter.
type: str
ip_protocol_num:
description: Protocol number (from 0 to 255).
type: int
log:
default: false
description: Enables SNMP traps and Syslog messages for the rule. In addition,
logging must be enabled using the logging enable command.
type: bool
mirror:
default: false
description: Mirrors packets matching the rule.
type: bool
precedence:
choices:
- routine
- priority
- immediate
- flash
- flash-override
- critical
- internet
- network
description: Specifies a precedence-name. 0 or routine - Specifies routine precedence.
1 or priority - Specifies priority precedence. 2 or immediate - Specifies immediate
precedence. 3 or flash - Specifies flash precedence. 4 or flash-override - Specifies
flash-override precedence. 5 or critical - Specifies critical precedence. 6
or internet - Specifies internetwork control precedence. 7 or network - Specifies
network control precedence.
type: str
priority_marking:
description: Assigns the 802.1p value that you specify to the packet. Values range
from 0 through 7.
type: int
priority_matching:
description: Filters by 802.1p priority, for rate limiting. Values range from
0 through 7.
type: int
remark:
description: Adds a comment to describe entries in IPv6 ACL.
suboptions:
comment_text:
description: Specifies the comment for the ACL entry, up to 256 alphanumeric
characters.
type: str
state:
choices:
- present
- absent
default: present
description: Add/Delete the comment text for an ACL entry.
type: str
type: dict
rule_type:
choices:
- deny
- permit
description: Inserts filtering rules in IPv4 standard named or numbered ACLs that
will deny/permit packets.
required: true
type: str
seq_num:
description: Enables you to assign a sequence number to the rule. Valid values
range from 1 through 65000.
type: int
source:
description: host hostname or A.B.C.D | A.B.C.D or A.B.C.D/L | any.
required: true
suboptions:
any:
description: Specifies all source addresses.
type: bool
host:
description: Specifies the source as host.
type: bool
hostname:
description: Specifies the known hostname of the source host
type: str
ip_address:
description: Specifies a source IPv4 address for which you want to filter
the subnet.
type: str
mask:
description: Defines a mask, whose effect is to specify a subnet that includes
the source address that you specified.
type: str
type: dict
source_comparison_operators:
description: If you specified tcp or udp, the following optional operators are
available. Specify either port number or name for the operation.
suboptions:
high_port_name:
choices:
- ftp-data
- ftp
- ssh
- telnet
- smtp
- dns
- http
- gppitnp
- pop2
- pop3
- sftp
- sqlserv
- bgp
- ldap
- ssl
- tftp
- snmp
description: For range operator, specifies higher port name.
type: str
high_port_num:
description: For range operator, specifies high port number.
type: int
operator:
choices:
- eq
- gt
- lt
- neq
- range
description: Specifies comparison operator
type: str
port_name:
choices:
- ftp-data
- ftp
- ssh
- telnet
- smtp
- dns
- http
- gppitnp
- pop2
- pop3
- sftp
- sqlserv
- bgp
- ldap
- ssl
- tftp
- snmp
description: Specifies port numbers that satisfy the operation with the numeric
equivalent of the port name.
type: str
port_num:
description: Specifies port numbers that satisfy the operation with the port
number you enter.
type: int
type: dict
state:
choices:
- present
- absent
default: present
description: Specifies whether to configure or remove rule.
type: str
tos:
choices:
- normal
- min-monetary-cost
- max-reliability
- max-throughput
- min-delay
description: Specifies a type of service (ToS). Enter either a supported tos-name
or the equivalent tos-value. 0 or normal - Specifies normal ToS. 1 or min-monetary-cost
- Specifies min monetary cost ToS. 2 or max-reliability - Specifies max reliability
ToS. 4 or max-throughput - Specifies max throughput ToS. 8 or min-delay - Specifies
min-delay ToS.
type: str
traffic_policy_name:
description: Enables the device to limit rate of inbound traffic and to count
packets and bytes per packet to which ACL deny clauses are applied.
type: str
type: list
standard_rules:
description: Inserts filtering rules in standard named or numbered ACLs that will
deny or permit packets.
elements: dict
suboptions:
any:
description: Specifies all source addresses.
type: bool
host:
description: Specifies the source as host.
type: bool
hostname:
description: Specifies the known hostname of the source host
type: str
log:
default: false
description: Enables logging for the rule. Used in conjunction with the logging
enable command at the ip access-list command configuration level.
type: bool
mask:
description: Defines a mask, whose effect is to specify a subnet that includes
the source address that you specified.
type: str
mirror:
default: false
description: Mirrors packets matching the rule.
type: bool
remark:
description: Adds a comment to describe entries in IPv6 ACL.
suboptions:
comment_text:
description: Specifies the comment for the ACL entry, up to 256 alphanumeric
characters.
type: str
state:
choices:
- present
- absent
default: present
description: Add/Delete the comment text for an ACL entry.
type: str
type: dict
rule_type:
choices:
- deny
- permit
description: Inserts filtering rules in IPv4 standard named or numbered ACLs that
will deny/permit packets.
required: true
type: str
seq_num:
description: Enables you to assign a sequence number to the rule. Valid values
range from 1 through 65000.
type: int
source_ip:
description: Specifies a source address for which you want to filter the subnet.
Format - IPv4address/mask | IPv4 address | IPv6 address | ipv6-source-prefix/prefix-length
type: str
state:
choices:
- present
- absent
default: present
description: Specifies whether to configure or remove rule.
type: str
type: list