aci_filter_entry – Manage filter entries (vz:Entry)

New in version 2.4.

Synopsis

  • Manage filter entries for a filter on Cisco ACI fabrics.

Parameters

Parameter Choices/Defaults Comments
arp_flag
string
    Choices:
  • arp_reply
  • arp_request
  • unspecified
The arp flag to use when the ether_type is arp.
The APIC defaults to unspecified when unset during creation.
certificate_name
string
The X.509 certificate name attached to the APIC AAA user used for signature-based authentication.
If a private_key filename was provided, this defaults to the private_key basename, without extension.
If PEM-formatted content was provided for private_key, this defaults to the username value.

aliases: cert_name
description
string
Description for the Filter Entry.

aliases: descr
dst_port
string
Used to set both destination start and end ports to the same value when ip_protocol is tcp or udp.
Accepted values are any valid TCP/UDP port range.
The APIC defaults to unspecified when unset during creation.
dst_port_end
string
Used to set the destination end port when ip_protocol is tcp or udp.
Accepted values are any valid TCP/UDP port range.
The APIC defaults to unspecified when unset during creation.
dst_port_start
string
Used to set the destination start port when ip_protocol is tcp or udp.
Accepted values are any valid TCP/UDP port range.
The APIC defaults to unspecified when unset during creation.
entry
string
Then name of the Filter Entry.

aliases: entry_name, filter_entry, name
ether_type
string
    Choices:
  • arp
  • fcoe
  • ip
  • mac_security
  • mpls_ucast
  • trill
  • unspecified
The Ethernet type.
The APIC defaults to unspecified when unset during creation.
filter
string
The name of Filter that the entry should belong to.

aliases: filter_name
host
string / required
IP Address or hostname of APIC resolvable by Ansible control host.

aliases: hostname
icmp6_msg_type
string
    Choices:
  • dst_unreachable
  • echo_request
  • echo_reply
  • neighbor_advertisement
  • neighbor_solicitation
  • redirect
  • time_exceeded
  • unspecified
ICMPv6 message type; used when ip_protocol is icmpv6.
The APIC defaults to unspecified when unset during creation.
icmp_msg_type
string
    Choices:
  • dst_unreachable
  • echo
  • echo_reply
  • src_quench
  • time_exceeded
  • unspecified
ICMPv4 message type; used when ip_protocol is icmp.
The APIC defaults to unspecified when unset during creation.
ip_protocol
string
    Choices:
  • eigrp
  • egp
  • icmp
  • icmpv6
  • igmp
  • igp
  • l2tp
  • ospfigp
  • pim
  • tcp
  • udp
  • unspecified
The IP Protocol type when ether_type is ip.
The APIC defaults to unspecified when unset during creation.
output_level
string
    Choices:
  • debug
  • info
  • normal ←
Influence the output of this ACI module.
normal means the standard output, incl. current dict
info adds informational output, incl. previous, proposed and sent dicts
debug adds debugging output, incl. filter_string, method, response, status and url information
password
string / required
The password to use for authentication.
This option is mutual exclusive with private_key. If private_key is provided too, it will be used instead.
port
integer
Port number to be used for REST connection.
The default value depends on parameter use_ssl.
private_key
string / required
Either a PEM-formatted private key file or the private key content used for signature-based authentication.
This value also influences the default certificate_name that is used.
This option is mutual exclusive with password. If password is provided too, it will be ignored.

aliases: cert_key
state
string
    Choices:
  • absent
  • present ←
  • query
present, absent, query
stateful
boolean
    Choices:
  • no
  • yes
Determines the statefulness of the filter entry.
tenant
string
The name of the tenant.

aliases: tenant_name
timeout
integer
Default:
30
The socket level timeout in seconds.
use_proxy
boolean
    Choices:
  • no
  • yes ←
If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts.
use_ssl
boolean
    Choices:
  • no
  • yes ←
If no, an HTTP connection will be used instead of the default HTTPS connection.
username
string
Default:
"admin"
The username to use for authentication.

aliases: user
validate_certs
boolean
    Choices:
  • no
  • yes ←
If no, SSL certificates will not be validated.
This should only set to no when used on personally controlled sites using self-signed certificates.

Notes

Note

  • The tenant and filter used must exist before using this module in your playbook. The aci_tenant and aci_filter modules can be used for this.

See Also

See also

aci_tenant – Manage tenants (fv:Tenant)

The official documentation on the aci_tenant module.

aci_filter – Manages top level filter objects (vz:Filter)

The official documentation on the aci_filter module.

APIC Management Information Model reference

More information about the internal APIC class vz:Entry.

Cisco ACI Guide

Detailed information on how to manage your ACI infrastructure using Ansible.

Developing Cisco ACI modules

Detailed guide on how to write your own Cisco ACI modules to contribute.

Examples

- aci_filter_entry:
    host: "{{ inventory_hostname }}"
    username: "{{ user }}"
    password: "{{ pass }}"
    state: "{{ state }}"
    entry: "{{ entry }}"
    tenant: "{{ tenant }}"
    ether_name: "{{  ether_name }}"
    icmp_msg_type: "{{ icmp_msg_type }}"
    filter: "{{ filter }}"
    descr: "{{ descr }}"
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
current
list
success
The existing configuration from the APIC after the module has finished

Sample:
[{'fvTenant': {'attributes': {'descr': 'Production environment', 'dn': 'uni/tn-production', 'name': 'production', 'nameAlias': '', 'ownerKey': '', 'ownerTag': ''}}}]
error
dictionary
failure
The error information as returned from the APIC

Sample:
{'code': '122', 'text': 'unknown managed object class foo'}
filter_string
string
failure or debug
The filter string used for the request

Sample:
?rsp-prop-include=config-only
method
string
failure or debug
The HTTP method used for the request to the APIC

Sample:
POST
previous
list
info
The original configuration from the APIC before the module has started

Sample:
[{'fvTenant': {'attributes': {'descr': 'Production', 'dn': 'uni/tn-production', 'name': 'production', 'nameAlias': '', 'ownerKey': '', 'ownerTag': ''}}}]
proposed
dictionary
info
The assembled configuration from the user-provided parameters

Sample:
{'fvTenant': {'attributes': {'descr': 'Production environment', 'name': 'production'}}}
raw
string
parse error
The raw output returned by the APIC REST API (xml or json)

Sample:
<?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>
response
string
failure or debug
The HTTP response from the APIC

Sample:
OK (30 bytes)
sent
list
info
The actual/minimal configuration pushed to the APIC

Sample:
{'fvTenant': {'attributes': {'descr': 'Production environment'}}}
status
integer
failure or debug
The HTTP status from the APIC

Sample:
200
url
string
failure or debug
The HTTP url used for the request to the APIC

Sample:
https://10.11.12.13/api/mo/uni/tn-production.json


Status

Authors

  • Jacob McGill (@jmcgill298)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.