sushma_alethea / sushma_alethea.test / 1.0.0 / module / icx_acl_ipv6 Configures ACL in Ruckus ICX 7000 series switches. Authors: Ruckus Wireless (@Commscope)sushma_alethea.test.icx_acl_ipv6 (1.0.0) — module
Install with ansible-galaxy collection install sushma_alethea.test:==1.0.0
collections: - name: sushma_alethea.test version: 1.0.0
Configures ACL in Ruckus ICX 7000 series switches.
- name: create ipv6 acl and add rules community.network.icx_acl_ipv6: acl_name: acl1 rules: | - rule_type: permit seq_num: 10 ip_protocol_name: ipv6 source: any: yes destination: any: yes - rule_type: permit ip_protocol_name: tcp source: host_ipv6_address: 2001:DB8:e0ac::2 destination: host_ipv6_address: 2001:DB8:e0aa:0::24 source_comparison_operators: operator: eq port_num: 22 destination_comparison_operators: operator: range port_name: ftp high_port_name: http established: yes dscp_matching: 32 state: absent state: present
- name: remove ipv6 acl community.network.icx_acl_ipv6: acl_name: acl1 state: absent
rules: description: Inserts filtering rules in IPv6 access control lists. elements: dict suboptions: destination: description: ipv6-source-prefix/prefix-length | host source-ipv6_address | any. required: true suboptions: any: description: Specifies all destination addresses. type: bool host_ipv6_address: description: Specifies a host destination IPv6 address. A prefix length of 128 is implied. type: str ipv6_prefix_prefix_length: description: Specifies a destination prefix and prefix length that a packet must match for the specified action (deny or permit) to occur. type: str type: dict destination_comparison_operators: description: If you specified tcp or udp, the following optional operators are available. Specify either port number or name for the operation. suboptions: high_port_name: choices: - ftp-data - ftp - ssh - telnet - smtp - dns - http - gppitnp - pop2 - pop3 - sftp - sqlserv - bgp - ldap - ssl - tftp - snmp description: For range operator, specifies higher port name. type: str high_port_num: description: For range operator, specifies high port number. type: int operator: choices: - eq - gt - lt - neq - range description: Specifies comparison operator. type: str port_name: choices: - ftp-data - ftp - ssh - telnet - smtp - dns - http - gppitnp - pop2 - pop3 - sftp - sqlserv - bgp - ldap - ssl - tftp - snmp description: Specifies port numbers that satisfy the operation with the numeric equivalent of the port name. type: str port_num: description: Specifies port numbers that satisfy the operation with the port number you enter. type: int type: dict dscp_marking: description: Assigns the DSCP value that you specify to the packet. Values range from 0 through 63. type: int dscp_matching: description: Filters by DSCP value. Values range from 0 through 63. type: int established: default: false description: (For TCP rules only) Filter packets that have the Acknowledgment (ACK) or Reset (RST) flag set. type: bool fragments: default: false description: Filters on IPv6 fragments with a non-zero fragment offset. Available only in IPv6 ACLs. type: bool icmp_num: description: Specifies a numbered message type. Use either icmp_num or icmp_type. type: int icmp_type: choices: - beyond-scope - destination-unreachable - echo-reply - echo-request - header - hop-limit - mld-query - mld-reduction - mld-report - nd-na - nd-ns - next-header - no-admin - no-route - packet-too-big - parameter-option - parameter-problem - port-unreachable - reassembly-timeout - renum-command - renum-result - renum-seq-number - router-advertisement - router-renumbering - router-solicitation - time-exceeded - unreachable description: Specifies icmp type. type: str internal_priority_marking: description: Assigns the identical 802.1p value and internal queuing priority (traffic class) that you specify to the packet [0-7]. type: int ip_protocol_name: choices: - ahp - esp - icmp - ipv6 - sctp - tcp - udp description: Specifies the type of IPv6 packet to filter. type: str ip_protocol_num: description: Protocol number (from 0 to 255). type: int log: default: false description: Enables SNMP traps and syslog messages for the rule. type: bool mirror: default: false description: Mirrors packets matching the rule. type: bool priority_marking: description: Assigns the 802.1p value that you specify to the packet. Values range from 0 through 7. type: int priority_matching: description: Filters by 802.1p priority, for rate limiting. Values range from 0 through 7. type: int remark: description: Adds a comment to describe entries in IPv6 ACL. suboptions: comment_text: description: Specifies the comment for the ACL entry, up to 256 alphanumeric characters. type: str state: choices: - present - absent default: present description: Add/Delete the comment text for an ACL entry. type: str type: dict routing: default: false description: Filters on IPv6 packets routed from the source. Available only in IPv6 ACLs. type: bool rule_type: choices: - deny - permit description: Inserts filtering rules in IPv4 standard named or numbered ACLs that will deny/permit packets. required: true type: str seq_num: description: Enables you to assign a sequence number to the rule. Valid values range from 1 through 65000. type: int source: description: ipv6-source-prefix/prefix-length | host source-ipv6_address | any. required: true suboptions: any: description: Specifies all source addresses. type: bool host_ipv6_address: description: Specifies a host source IPv6 address. A prefix length of 128 is implied. type: str ipv6_prefix_prefix_length: description: Specifies a source prefix and prefix length that a packet must match for the specified action (deny or permit) to occur. type: str type: dict source_comparison_operators: description: If you specified tcp or udp, the following optional operators are available. Specify either port number or name for the operation. suboptions: high_port_name: choices: - ftp-data - ftp - ssh - telnet - smtp - dns - http - gppitnp - pop2 - pop3 - sftp - sqlserv - bgp - ldap - ssl - tftp - snmp description: For range operator, specifies higher port name. type: str high_port_num: description: For range operator, specifies high port number. type: int operator: choices: - eq - gt - lt - neq - range description: Specifies comparison operator. type: str port_name: choices: - ftp-data - ftp - ssh - telnet - smtp - dns - http - gppitnp - pop2 - pop3 - sftp - sqlserv - bgp - ldap - ssl - tftp - snmp description: Specifies port numbers that satisfy the operation with the numeric equivalent of the port name. type: str port_num: description: Specifies port numbers that satisfy the operation with the port number you enter. type: int type: dict state: choices: - present - absent default: present description: Specifies whether to configure or remove rule. type: str traffic_policy_name: description: Enables the device to limit rate of inbound traffic and to count packets and bytes per packet to which ACL deny clauses are applied. type: str type: list state: choices: - present - absent default: present description: Create/Remove an IPv6 access control list (ACL). type: str acl_name: description: Specifies a unique ACL name. required: true type: str accounting: choices: - enable - disable description: Enables/Disables accounting for the ipv6 ACL. type: str