community.network.ce_acl module – Manages base ACL configuration on HUAWEI CloudEngine switches.
Note
This module is part of the community.network collection (version 5.1.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.network.
To use it in a playbook, specify: community.network.ce_acl.
Note
The community.network collection has been deprecated and will be removed from Ansible 12. See the discussion thread for more information.
DEPRECATED
- Removed in:
version 6.0.0
- Why:
This collection and all content in it is unmaintained and deprecated.
- Alternative:
Unknown.
Synopsis
Manages base ACL configurations on HUAWEI CloudEngine switches.
Aliases: network.cloudengine.ce_acl
Parameters
Parameter |
Comments |
|---|---|
ACL description. The value is a string of 1 to 127 characters. |
|
ACL number or name. For a numbered rule group, the value ranging from 2000 to 2999 indicates a basic ACL. For a named rule group, the value is a string of 1 to 32 case-sensitive characters starting with a letter, spaces not supported. |
|
ACL number. The value is an integer ranging from 2000 to 2999. |
|
ACL step. The value is an integer ranging from 1 to 20. The default value is 5. |
|
Type of packet fragmentation. Choices:
|
|
Flag of logging matched data packets. Choices:
|
|
Matching mode of basic ACL rules. Choices:
|
|
Description about an ACL rule. The value is a string of 1 to 127 characters. |
|
ID of a basic ACL rule in configuration mode. The value is an integer ranging from 0 to 4294967294. |
|
Name of a basic ACL rule. The value is a string of 1 to 32 characters. The value is case-insensitive, and cannot contain spaces or begin with an underscore (_). |
|
Source IP address. The value is a string of 0 to 255 characters.The default value is 0.0.0.0. The value is in dotted decimal notation. |
|
Mask of a source IP address. The value is an integer ranging from 1 to 32. |
|
Specify desired state of the resource. Choices:
|
|
Name of a time range in which an ACL rule takes effect. The value is a string of 1 to 32 characters. The value is case-insensitive, and cannot contain spaces. The name must start with an uppercase or lowercase letter. In addition, the word “all” cannot be specified as a time range name. |
|
VPN instance name. The value is a string of 1 to 31 characters.The default value is _public_. |
Notes
Note
This module requires the netconf system service be enabled on the remote device being managed.
Recommended connection is
netconf.This module also works with
localconnections for legacy playbooks.
Examples
- name: CloudEngine acl test
hosts: cloudengine
connection: local
gather_facts: false
tasks:
- name: "Config ACL"
community.network.ce_acl:
state: present
acl_name: 2200
- name: "Undo ACL"
community.network.ce_acl:
state: delete_acl
acl_name: 2200
- name: "Config ACL base rule"
community.network.ce_acl:
state: present
acl_name: 2200
rule_name: test_rule
rule_id: 111
rule_action: permit
source_ip: 10.10.10.10
src_mask: 24
frag_type: fragment
time_range: wdz_acl_time
- name: "undo ACL base rule"
community.network.ce_acl:
state: absent
acl_name: 2200
rule_name: test_rule
rule_id: 111
rule_action: permit
source_ip: 10.10.10.10
src_mask: 24
frag_type: fragment
time_range: wdz_acl_time
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
check to see if a change was made on the device Returned: always Sample: |
|
k/v pairs of aaa params after module execution Returned: always Sample: |
|
k/v pairs of existing aaa server Returned: always Sample: |
|
k/v pairs of parameters passed into module Returned: always Sample: |
|
command sent to the device Returned: always Sample: |
Status
This module will be removed in version 6.0.0. [deprecated]
For more information see DEPRECATED.