1.. _cisco.iosxr.iosxr_acl_interfaces_module: 2 3 4******************************** 5cisco.iosxr.iosxr_acl_interfaces 6******************************** 7 8**ACL interfaces resource module** 9 10 11Version added: 1.0.0 12 13.. contents:: 14 :local: 15 :depth: 1 16 17 18Synopsis 19-------- 20- This module manages adding and removing Access Control Lists (ACLs) from interfaces on devices running IOS-XR software. 21 22 23 24 25Parameters 26---------- 27 28.. raw:: html 29 30 <table border=0 cellpadding=0 class="documentation-table"> 31 <tr> 32 <th colspan="4">Parameter</th> 33 <th>Choices/<font color="blue">Defaults</font></th> 34 <th width="100%">Comments</th> 35 </tr> 36 <tr> 37 <td colspan="4"> 38 <div class="ansibleOptionAnchor" id="parameter-"></div> 39 <b>config</b> 40 <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> 41 <div style="font-size: small"> 42 <span style="color: purple">list</span> 43 / <span style="color: purple">elements=dictionary</span> 44 </div> 45 </td> 46 <td> 47 </td> 48 <td> 49 <div>A dictionary of ACL options for interfaces.</div> 50 </td> 51 </tr> 52 <tr> 53 <td class="elbow-placeholder"></td> 54 <td colspan="3"> 55 <div class="ansibleOptionAnchor" id="parameter-"></div> 56 <b>access_groups</b> 57 <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> 58 <div style="font-size: small"> 59 <span style="color: purple">list</span> 60 / <span style="color: purple">elements=dictionary</span> 61 </div> 62 </td> 63 <td> 64 </td> 65 <td> 66 <div>Specifies ACLs attached to the interfaces.</div> 67 </td> 68 </tr> 69 <tr> 70 <td class="elbow-placeholder"></td> 71 <td class="elbow-placeholder"></td> 72 <td colspan="2"> 73 <div class="ansibleOptionAnchor" id="parameter-"></div> 74 <b>acls</b> 75 <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> 76 <div style="font-size: small"> 77 <span style="color: purple">list</span> 78 / <span style="color: purple">elements=dictionary</span> 79 </div> 80 </td> 81 <td> 82 </td> 83 <td> 84 <div>Specifies the ACLs for the provided AFI.</div> 85 </td> 86 </tr> 87 <tr> 88 <td class="elbow-placeholder"></td> 89 <td class="elbow-placeholder"></td> 90 <td class="elbow-placeholder"></td> 91 <td colspan="1"> 92 <div class="ansibleOptionAnchor" id="parameter-"></div> 93 <b>direction</b> 94 <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> 95 <div style="font-size: small"> 96 <span style="color: purple">string</span> 97 / <span style="color: red">required</span> 98 </div> 99 </td> 100 <td> 101 <ul style="margin: 0; padding: 0"><b>Choices:</b> 102 <li>in</li> 103 <li>out</li> 104 </ul> 105 </td> 106 <td> 107 <div>Specifies the direction of packets that the ACL will be applied on.</div> 108 </td> 109 </tr> 110 <tr> 111 <td class="elbow-placeholder"></td> 112 <td class="elbow-placeholder"></td> 113 <td class="elbow-placeholder"></td> 114 <td colspan="1"> 115 <div class="ansibleOptionAnchor" id="parameter-"></div> 116 <b>name</b> 117 <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> 118 <div style="font-size: small"> 119 <span style="color: purple">string</span> 120 / <span style="color: red">required</span> 121 </div> 122 </td> 123 <td> 124 </td> 125 <td> 126 <div>Specifies the name of the IPv4/IPv6 ACL for the interface.</div> 127 </td> 128 </tr> 129 130 <tr> 131 <td class="elbow-placeholder"></td> 132 <td class="elbow-placeholder"></td> 133 <td colspan="2"> 134 <div class="ansibleOptionAnchor" id="parameter-"></div> 135 <b>afi</b> 136 <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> 137 <div style="font-size: small"> 138 <span style="color: purple">string</span> 139 / <span style="color: red">required</span> 140 </div> 141 </td> 142 <td> 143 <ul style="margin: 0; padding: 0"><b>Choices:</b> 144 <li>ipv4</li> 145 <li>ipv6</li> 146 </ul> 147 </td> 148 <td> 149 <div>Specifies the AFI for the ACL(s) to be configured on this interface.</div> 150 </td> 151 </tr> 152 153 <tr> 154 <td class="elbow-placeholder"></td> 155 <td colspan="3"> 156 <div class="ansibleOptionAnchor" id="parameter-"></div> 157 <b>name</b> 158 <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> 159 <div style="font-size: small"> 160 <span style="color: purple">string</span> 161 / <span style="color: red">required</span> 162 </div> 163 </td> 164 <td> 165 </td> 166 <td> 167 <div>Name/Identifier for the interface</div> 168 </td> 169 </tr> 170 171 <tr> 172 <td colspan="4"> 173 <div class="ansibleOptionAnchor" id="parameter-"></div> 174 <b>running_config</b> 175 <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> 176 <div style="font-size: small"> 177 <span style="color: purple">string</span> 178 </div> 179 </td> 180 <td> 181 </td> 182 <td> 183 <div>This option is used only with state <em>parsed</em>.</div> 184 <div>The value of this option should be the output received from the IOS-XR device by executing the command <b>show running-config interface</b>.</div> 185 <div>The state <em>parsed</em> reads the configuration from <code>running_config</code> option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the <em>parsed</em> key within the result.</div> 186 </td> 187 </tr> 188 <tr> 189 <td colspan="4"> 190 <div class="ansibleOptionAnchor" id="parameter-"></div> 191 <b>state</b> 192 <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> 193 <div style="font-size: small"> 194 <span style="color: purple">string</span> 195 </div> 196 </td> 197 <td> 198 <ul style="margin: 0; padding: 0"><b>Choices:</b> 199 <li><div style="color: blue"><b>merged</b> ←</div></li> 200 <li>replaced</li> 201 <li>overridden</li> 202 <li>deleted</li> 203 <li>gathered</li> 204 <li>parsed</li> 205 <li>rendered</li> 206 </ul> 207 </td> 208 <td> 209 <div>The state the configuration should be left in.</div> 210 </td> 211 </tr> 212 </table> 213 <br/> 214 215 216 217 218Examples 219-------- 220 221.. code-block:: yaml 222 223 # Using merged 224 225 # Before state: 226 # ------------- 227 # 228 # RP/0/RP0/CPU0:ios#sh running-config interface 229 # Wed Jan 15 12:22:32.911 UTC 230 # interface MgmtEth0/RP0/CPU0/0 231 # ipv4 address dhcp 232 # ! 233 # interface GigabitEthernet0/0/0/0 234 # shutdown 235 # ! 236 # interface GigabitEthernet0/0/0/1 237 # shutdown 238 # ! 239 240 - name: Merge the provided configuration with the existing running configuration 241 cisco.iosxr.iosxr_acl_interfaces: 242 config: 243 - name: GigabitEthernet0/0/0/0 244 access_groups: 245 - afi: ipv4 246 acls: 247 - name: acl_1 248 direction: in 249 - name: acl_2 250 direction: out 251 - afi: ipv6 252 acls: 253 - name: acl6_1 254 direction: in 255 - name: acl6_2 256 direction: out 257 258 - name: GigabitEthernet0/0/0/1 259 access_groups: 260 - afi: ipv4 261 acls: 262 - name: acl_1 263 direction: out 264 state: merged 265 266 # After state: 267 # ------------- 268 # 269 # RP/0/RP0/CPU0:ios#sh running-config interface 270 # Wed Jan 15 12:27:49.378 UTC 271 # interface MgmtEth0/RP0/CPU0/0 272 # ipv4 address dhcp 273 # ! 274 # interface GigabitEthernet0/0/0/0 275 # shutdown 276 # ipv4 access-group acl_1 ingress 277 # ipv4 access-group acl_2 egress 278 # ipv6 access-group acl6_1 ingress 279 # ipv6 access-group acl6_2 egress 280 # ! 281 # interface GigabitEthernet0/0/0/1 282 # shutdown 283 # ipv4 access-group acl_1 egress 284 # ! 285 286 # Using merged to update interface ACL configuration 287 288 # Before state: 289 # ------------- 290 # 291 # RP/0/RP0/CPU0:ios#sh running-config interface 292 # Wed Jan 15 12:27:49.378 UTC 293 # interface MgmtEth0/RP0/CPU0/0 294 # ipv4 address dhcp 295 # ! 296 # interface GigabitEthernet0/0/0/0 297 # shutdown 298 # ipv4 access-group acl_1 ingress 299 # ipv4 access-group acl_2 egress 300 # ipv6 access-group acl6_1 ingress 301 # ipv6 access-group acl6_2 egress 302 # ! 303 # interface GigabitEthernet0/0/0/1 304 # shutdown 305 # ipv4 access-group acl_1 egress 306 # ! 307 # 308 309 - name: Update acl_interfaces configuration using merged 310 cisco.iosxr.iosxr_acl_interfaces: 311 config: 312 - name: GigabitEthernet0/0/0/1 313 access_groups: 314 - afi: ipv4 315 acls: 316 - name: acl_2 317 direction: out 318 - name: acl_1 319 direction: in 320 state: merged 321 322 # After state: 323 # ------------- 324 # 325 # RP/0/RP0/CPU0:ios#sh running-config interface 326 # Wed Jan 15 12:27:49.378 UTC 327 # interface MgmtEth0/RP0/CPU0/0 328 # ipv4 address dhcp 329 # ! 330 # interface GigabitEthernet0/0/0/0 331 # shutdown 332 # ipv4 access-group acl_1 ingress 333 # ipv4 access-group acl_2 egress 334 # ipv6 access-group acl6_1 ingress 335 # ipv6 access-group acl6_2 egress 336 # ! 337 # interface GigabitEthernet0/0/0/1 338 # shutdown 339 # ipv4 access-group acl_1 ingress 340 # ipv4 access-group acl_2 egress 341 # ! 342 # 343 344 # Using replaced 345 346 # Before state: 347 # ------------- 348 # 349 # RP/0/RP0/CPU0:ios#sh running-config interface 350 # Wed Jan 15 12:34:56.689 UTC 351 # interface MgmtEth0/RP0/CPU0/0 352 # ipv4 address dhcp 353 # ! 354 # interface GigabitEthernet0/0/0/0 355 # shutdown 356 # ipv4 access-group acl_1 ingress 357 # ipv4 access-group acl_2 egress 358 # ipv6 access-group acl6_1 ingress 359 # ipv6 access-group acl6_2 egress 360 # ! 361 # interface GigabitEthernet0/0/0/1 362 # shutdown 363 # ipv4 access-group acl_1 egress 364 # ! 365 366 - name: Replace device configurations of listed interface with provided configurations 367 cisco.iosxr.iosxr_acl_interfaces: 368 config: 369 - name: GigabitEthernet0/0/0/0 370 access_groups: 371 - afi: ipv6 372 acls: 373 - name: acl6_3 374 direction: in 375 state: replaced 376 377 # After state: 378 # ------------- 379 # 380 # RP/0/RP0/CPU0:ios#sh running-config interface 381 # Wed Jan 15 12:34:56.689 UTC 382 # interface MgmtEth0/RP0/CPU0/0 383 # ipv4 address dhcp 384 # ! 385 # interface GigabitEthernet0/0/0/0 386 # shutdown 387 # ipv6 access-group acl6_3 ingress 388 # ! 389 # interface GigabitEthernet0/0/0/1 390 # shutdown 391 # ipv4 access-group acl_1 egress 392 # ! 393 # 394 395 # Using overridden 396 397 # Before state: 398 # ------------- 399 # 400 # RP/0/RP0/CPU0:ios#sh running-config interface 401 # Wed Jan 15 12:34:56.689 UTC 402 # interface MgmtEth0/RP0/CPU0/0 403 # ipv4 address dhcp 404 # ! 405 # interface GigabitEthernet0/0/0/0 406 # shutdown 407 # ipv4 access-group acl_1 ingress 408 # ipv4 access-group acl_2 egress 409 # ipv6 access-group acl6_1 ingress 410 # ipv6 access-group acl6_2 egress 411 # ! 412 # interface GigabitEthernet0/0/0/1 413 # shutdown 414 # ipv4 access-group acl_1 egress 415 # ! 416 # 417 418 - name: Overridde all interface ACL configuration with provided configuration 419 cisco.iosxr.iosxr_acl_interfaces: 420 config: 421 - name: GigabitEthernet0/0/0/1 422 access_groups: 423 - afi: ipv4 424 acls: 425 - name: acl_2 426 direction: in 427 - afi: ipv6 428 acls: 429 - name: acl6_3 430 direction: out 431 state: overridden 432 433 # After state: 434 # ------------- 435 # 436 # RP/0/RP0/CPU0:ios#sh running-config interface 437 # Wed Jan 15 12:34:56.689 UTC 438 # interface MgmtEth0/RP0/CPU0/0 439 # ipv4 address dhcp 440 # ! 441 # interface GigabitEthernet0/0/0/0 442 # shutdown 443 # ! 444 # interface GigabitEthernet0/0/0/1 445 # shutdown 446 # ipv4 access-group acl_2 ingress 447 # ipv6 access-group acl6_3 egress 448 # ! 449 # 450 451 # Using 'deleted' to delete all ACL attributes of a single interface 452 453 # Before state: 454 # ------------- 455 # 456 # RP/0/RP0/CPU0:ios#sh running-config interface 457 # Wed Jan 15 12:34:56.689 UTC 458 # interface MgmtEth0/RP0/CPU0/0 459 # ipv4 address dhcp 460 # ! 461 # interface GigabitEthernet0/0/0/0 462 # shutdown 463 # ipv4 access-group acl_1 ingress 464 # ipv4 access-group acl_2 egress 465 # ipv6 access-group acl6_1 ingress 466 # ipv6 access-group acl6_2 egress 467 # ! 468 # interface GigabitEthernet0/0/0/1 469 # shutdown 470 # ipv4 access-group acl_1 egress 471 # ! 472 # 473 474 - name: Delete all ACL attributes of GigabitEthernet0/0/0/1 475 cisco.iosxr.iosxr_acl_interfaces: 476 config: 477 - name: GigabitEthernet0/0/0/1 478 state: deleted 479 480 # After state: 481 # ------------- 482 # 483 # RP/0/RP0/CPU0:ios#sh running-config interface 484 # Wed Jan 15 12:34:56.689 UTC 485 # interface MgmtEth0/RP0/CPU0/0 486 # ipv4 address dhcp 487 # ! 488 # interface GigabitEthernet0/0/0/0 489 # shutdown 490 # ipv4 access-group acl_1 ingress 491 # ipv4 access-group acl_2 egress 492 # ipv6 access-group acl6_1 ingress 493 # ipv6 access-group acl6_2 egress 494 # ! 495 # interface GigabitEthernet0/0/0/1 496 # shutdown 497 # ! 498 # 499 500 # Using 'deleted' to remove all ACLs attached to all the interfaces in the device 501 502 # Before state: 503 # ------------- 504 # 505 # RP/0/RP0/CPU0:ios#sh running-config interface 506 # Wed Jan 15 12:34:56.689 UTC 507 # interface MgmtEth0/RP0/CPU0/0 508 # ipv4 address dhcp 509 # ! 510 # interface GigabitEthernet0/0/0/0 511 # shutdown 512 # ipv4 access-group acl_1 ingress 513 # ipv4 access-group acl_2 egress 514 # ipv6 access-group acl6_1 ingress 515 # ipv6 access-group acl6_2 egress 516 # ! 517 # interface GigabitEthernet0/0/0/1 518 # shutdown 519 # ipv4 access-group acl_1 egress 520 # ! 521 # 522 523 - name: Delete all ACL interfaces configuration from the device 524 cisco.iosxr.iosxr_acl_interfaces: 525 state: deleted 526 527 # After state: 528 # ------------- 529 # 530 # RP/0/RP0/CPU0:ios#sh running-config interface 531 # Wed Jan 15 12:34:56.689 UTC 532 # interface MgmtEth0/RP0/CPU0/0 533 # ipv4 address dhcp 534 # ! 535 # interface GigabitEthernet0/0/0/0 536 # shutdown 537 # ! 538 # interface GigabitEthernet0/0/0/1 539 # shutdown 540 # ! 541 # 542 543 # Using parsed 544 545 # parsed.cfg 546 # ------------ 547 # 548 # interface MgmtEth0/RP0/CPU0/0 549 # ipv4 address dhcp 550 # ! 551 # interface GigabitEthernet0/0/0/0 552 # shutdown 553 # ipv4 access-group acl_1 ingress 554 # ipv4 access-group acl_2 egress 555 # ipv6 access-group acl6_1 ingress 556 # ipv6 access-group acl6_2 egress 557 # ! 558 # interface GigabitEthernet0/0/0/1 559 # shutdown 560 # ipv4 access-group acl_1 egress 561 # ! 562 563 # - name: Convert ACL interfaces config to argspec without connecting to the appliance 564 # cisco.iosxr.iosxr_acl_interfaces: 565 # running_config: "{{ lookup('file', './parsed.cfg') }}" 566 # state: parsed 567 568 569 # Task Output (redacted) 570 # ----------------------- 571 572 # "parsed": [ 573 # { 574 # "name": "MgmtEth0/RP0/CPU0/0" 575 # }, 576 # { 577 # "access_groups": [ 578 # { 579 # "acls": [ 580 # { 581 # "direction": "in", 582 # "name": "acl_1" 583 # }, 584 # { 585 # "direction": "out", 586 # "name": "acl_2" 587 # } 588 # ], 589 # "afi": "ipv4" 590 # }, 591 # { 592 # "acls": [ 593 # { 594 # "direction": "in", 595 # "name": "acl6_1" 596 # }, 597 # { 598 # "direction": "out", 599 # "name": "acl6_2" 600 # } 601 # ], 602 # "afi": "ipv6" 603 # } 604 # ], 605 # "name": "GigabitEthernet0/0/0/0" 606 # }, 607 # { 608 # "access_groups": [ 609 # { 610 # "acls": [ 611 # { 612 # "direction": "out", 613 # "name": "acl_1" 614 # } 615 # ], 616 # "afi": "ipv4" 617 # } 618 # ], 619 # "name": "GigabitEthernet0/0/0/1" 620 # } 621 # ] 622 # } 623 624 625 # Using gathered 626 627 - name: Gather ACL interfaces facts using gathered state 628 cisco.iosxr.iosxr_acl_interfaces: 629 state: gathered 630 631 632 # Task Output (redacted) 633 # ----------------------- 634 # 635 # "gathered": [ 636 # { 637 # "name": "MgmtEth0/RP0/CPU0/0" 638 # }, 639 # { 640 # "access_groups": [ 641 # { 642 # "acls": [ 643 # { 644 # "direction": "in", 645 # "name": "acl_1" 646 # }, 647 # { 648 # "direction": "out", 649 # "name": "acl_2" 650 # } 651 # ], 652 # "afi": "ipv4" 653 # } 654 # "name": "GigabitEthernet0/0/0/0" 655 # }, 656 # { 657 # "access_groups": [ 658 # { 659 # "acls": [ 660 # { 661 # "direction": "in", 662 # "name": "acl6_1" 663 # } 664 # ], 665 # "afi": "ipv6" 666 # } 667 # "name": "GigabitEthernet0/0/0/1" 668 # } 669 # ] 670 671 672 # Using rendered 673 674 - name: Render platform specific commands from task input using rendered state 675 cisco.iosxr.iosxr_acl_interfaces: 676 config: 677 - name: GigabitEthernet0/0/0/0 678 access_groups: 679 - afi: ipv4 680 acls: 681 - name: acl_1 682 direction: in 683 - name: acl_2 684 direction: out 685 state: rendered 686 687 # Task Output (redacted) 688 # ----------------------- 689 690 # "rendered": [ 691 # "interface GigabitEthernet0/0/0/0", 692 # "ipv4 access-group acl_1 ingress", 693 # "ipv4 access-group acl_2 egress" 694 # ] 695 696 697 698Return Values 699------------- 700Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module: 701 702.. raw:: html 703 704 <table border=0 cellpadding=0 class="documentation-table"> 705 <tr> 706 <th colspan="1">Key</th> 707 <th>Returned</th> 708 <th width="100%">Description</th> 709 </tr> 710 <tr> 711 <td colspan="1"> 712 <div class="ansibleOptionAnchor" id="return-"></div> 713 <b>after</b> 714 <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> 715 <div style="font-size: small"> 716 <span style="color: purple">list</span> 717 </div> 718 </td> 719 <td>when changed</td> 720 <td> 721 <div>The resulting configuration model invocation.</div> 722 <br/> 723 <div style="font-size: smaller"><b>Sample:</b></div> 724 <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">The configuration returned will always be in the same format 725 of the parameters above.</div> 726 </td> 727 </tr> 728 <tr> 729 <td colspan="1"> 730 <div class="ansibleOptionAnchor" id="return-"></div> 731 <b>before</b> 732 <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> 733 <div style="font-size: small"> 734 <span style="color: purple">list</span> 735 </div> 736 </td> 737 <td>always</td> 738 <td> 739 <div>The configuration prior to the model invocation.</div> 740 <br/> 741 <div style="font-size: smaller"><b>Sample:</b></div> 742 <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">The configuration returned will always be in the same format 743 of the parameters above.</div> 744 </td> 745 </tr> 746 <tr> 747 <td colspan="1"> 748 <div class="ansibleOptionAnchor" id="return-"></div> 749 <b>commands</b> 750 <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> 751 <div style="font-size: small"> 752 <span style="color: purple">list</span> 753 </div> 754 </td> 755 <td>always</td> 756 <td> 757 <div>The set of commands pushed to the remote device.</div> 758 <br/> 759 <div style="font-size: smaller"><b>Sample:</b></div> 760 <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">['interface GigabitEthernet0/0/0/1', 'ipv4 access-group acl_1 ingress', 'ipv4 access-group acl_2 egress', 'ipv6 access-group acl6_1 ingress', 'interface GigabitEthernet0/0/0/2', 'no ipv4 access-group acl_3 ingress', 'ipv4 access-group acl_4 egress']</div> 761 </td> 762 </tr> 763 </table> 764 <br/><br/> 765 766 767Status 768------ 769 770 771Authors 772~~~~~~~ 773 774- Nilashish Chakraborty (@NilashishC) 775