Try SpotterConfigures ACL in Ruckus ICX 7000 series switches.
Authors: Ruckus Wireless (@Commscope)
Install with ansible-galaxy collection install sushma_alethea.test:==1.0.0
collections:
- name: sushma_alethea.test
version: 1.0.0Configures ACL in Ruckus ICX 7000 series switches.
- name: create ipv6 acl and add rules
community.network.icx_acl_ipv6:
acl_name: acl1
rules: |
- rule_type: permit
seq_num: 10
ip_protocol_name: ipv6
source:
any: yes
destination:
any: yes
- rule_type: permit
ip_protocol_name: tcp
source:
host_ipv6_address: 2001:DB8:e0ac::2
destination:
host_ipv6_address: 2001:DB8:e0aa:0::24
source_comparison_operators:
operator: eq
port_num: 22
destination_comparison_operators:
operator: range
port_name: ftp
high_port_name: http
established: yes
dscp_matching: 32
state: absent
state: present
- name: remove ipv6 acl
community.network.icx_acl_ipv6:
acl_name: acl1
state: absent
rules:
description: Inserts filtering rules in IPv6 access control lists.
elements: dict
suboptions:
destination:
description: ipv6-source-prefix/prefix-length | host source-ipv6_address | any.
required: true
suboptions:
any:
description: Specifies all destination addresses.
type: bool
host_ipv6_address:
description: Specifies a host destination IPv6 address. A prefix length of
128 is implied.
type: str
ipv6_prefix_prefix_length:
description: Specifies a destination prefix and prefix length that a packet
must match for the specified action (deny or permit) to occur.
type: str
type: dict
destination_comparison_operators:
description: If you specified tcp or udp, the following optional operators are
available. Specify either port number or name for the operation.
suboptions:
high_port_name:
choices:
- ftp-data
- ftp
- ssh
- telnet
- smtp
- dns
- http
- gppitnp
- pop2
- pop3
- sftp
- sqlserv
- bgp
- ldap
- ssl
- tftp
- snmp
description: For range operator, specifies higher port name.
type: str
high_port_num:
description: For range operator, specifies high port number.
type: int
operator:
choices:
- eq
- gt
- lt
- neq
- range
description: Specifies comparison operator.
type: str
port_name:
choices:
- ftp-data
- ftp
- ssh
- telnet
- smtp
- dns
- http
- gppitnp
- pop2
- pop3
- sftp
- sqlserv
- bgp
- ldap
- ssl
- tftp
- snmp
description: Specifies port numbers that satisfy the operation with the numeric
equivalent of the port name.
type: str
port_num:
description: Specifies port numbers that satisfy the operation with the port
number you enter.
type: int
type: dict
dscp_marking:
description: Assigns the DSCP value that you specify to the packet. Values range
from 0 through 63.
type: int
dscp_matching:
description: Filters by DSCP value. Values range from 0 through 63.
type: int
established:
default: false
description: (For TCP rules only) Filter packets that have the Acknowledgment
(ACK) or Reset (RST) flag set.
type: bool
fragments:
default: false
description: Filters on IPv6 fragments with a non-zero fragment offset. Available
only in IPv6 ACLs.
type: bool
icmp_num:
description: Specifies a numbered message type. Use either icmp_num or icmp_type.
type: int
icmp_type:
choices:
- beyond-scope
- destination-unreachable
- echo-reply
- echo-request
- header
- hop-limit
- mld-query
- mld-reduction
- mld-report
- nd-na
- nd-ns
- next-header
- no-admin
- no-route
- packet-too-big
- parameter-option
- parameter-problem
- port-unreachable
- reassembly-timeout
- renum-command
- renum-result
- renum-seq-number
- router-advertisement
- router-renumbering
- router-solicitation
- time-exceeded
- unreachable
description: Specifies icmp type.
type: str
internal_priority_marking:
description: Assigns the identical 802.1p value and internal queuing priority
(traffic class) that you specify to the packet [0-7].
type: int
ip_protocol_name:
choices:
- ahp
- esp
- icmp
- ipv6
- sctp
- tcp
- udp
description: Specifies the type of IPv6 packet to filter.
type: str
ip_protocol_num:
description: Protocol number (from 0 to 255).
type: int
log:
default: false
description: Enables SNMP traps and syslog messages for the rule.
type: bool
mirror:
default: false
description: Mirrors packets matching the rule.
type: bool
priority_marking:
description: Assigns the 802.1p value that you specify to the packet. Values range
from 0 through 7.
type: int
priority_matching:
description: Filters by 802.1p priority, for rate limiting. Values range from
0 through 7.
type: int
remark:
description: Adds a comment to describe entries in IPv6 ACL.
suboptions:
comment_text:
description: Specifies the comment for the ACL entry, up to 256 alphanumeric
characters.
type: str
state:
choices:
- present
- absent
default: present
description: Add/Delete the comment text for an ACL entry.
type: str
type: dict
routing:
default: false
description: Filters on IPv6 packets routed from the source. Available only in
IPv6 ACLs.
type: bool
rule_type:
choices:
- deny
- permit
description: Inserts filtering rules in IPv4 standard named or numbered ACLs that
will deny/permit packets.
required: true
type: str
seq_num:
description: Enables you to assign a sequence number to the rule. Valid values
range from 1 through 65000.
type: int
source:
description: ipv6-source-prefix/prefix-length | host source-ipv6_address | any.
required: true
suboptions:
any:
description: Specifies all source addresses.
type: bool
host_ipv6_address:
description: Specifies a host source IPv6 address. A prefix length of 128
is implied.
type: str
ipv6_prefix_prefix_length:
description: Specifies a source prefix and prefix length that a packet must
match for the specified action (deny or permit) to occur.
type: str
type: dict
source_comparison_operators:
description: If you specified tcp or udp, the following optional operators are
available. Specify either port number or name for the operation.
suboptions:
high_port_name:
choices:
- ftp-data
- ftp
- ssh
- telnet
- smtp
- dns
- http
- gppitnp
- pop2
- pop3
- sftp
- sqlserv
- bgp
- ldap
- ssl
- tftp
- snmp
description: For range operator, specifies higher port name.
type: str
high_port_num:
description: For range operator, specifies high port number.
type: int
operator:
choices:
- eq
- gt
- lt
- neq
- range
description: Specifies comparison operator.
type: str
port_name:
choices:
- ftp-data
- ftp
- ssh
- telnet
- smtp
- dns
- http
- gppitnp
- pop2
- pop3
- sftp
- sqlserv
- bgp
- ldap
- ssl
- tftp
- snmp
description: Specifies port numbers that satisfy the operation with the numeric
equivalent of the port name.
type: str
port_num:
description: Specifies port numbers that satisfy the operation with the port
number you enter.
type: int
type: dict
state:
choices:
- present
- absent
default: present
description: Specifies whether to configure or remove rule.
type: str
traffic_policy_name:
description: Enables the device to limit rate of inbound traffic and to count
packets and bytes per packet to which ACL deny clauses are applied.
type: str
type: list
state:
choices:
- present
- absent
default: present
description: Create/Remove an IPv6 access control list (ACL).
type: str
acl_name:
description: Specifies a unique ACL name.
required: true
type: str
accounting:
choices:
- enable
- disable
description: Enables/Disables accounting for the ipv6 ACL.
type: str