cl_interface_policy - Configure interface enforcement policy on Cumulus Linux

New in version 2.1.


Deprecated in 2.3. Use nclu instead.


  • This module affects the configuration files located in the interfaces folder defined by ifupdown2. Interfaces port and port ranges listed in the “allowed” parameter define what interfaces will be available on the switch. If the user runs this module and has an interface configured on the switch, but not found in the “allowed” list, this interface will be unconfigured. By default this is /etc/network/interface.d For more details go the Configuring Interfaces at


parameter required default choices comments
List of ports to run initial run at 10G.
no /etc/network/interfaces.d/
Directory to store interface files.


# Example playbook entries using the cl_interface_policy module.

    - name: shows types of interface ranges supported
          allowed: "lo eth0 swp1-9, swp11, swp12-13s0, swp12-30s1, swp12-30s2, bond0-12"

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
msg human-readable report of success or failure always string interface bond0 config updated
changed whether the interface was changed changed bool True



  • lo must be included in the allowed list.
  • eth0 must be in allowed list if out of band management is done

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.