cisco.iosxr.iosxr_acl_interfaces – ACL interfaces resource module¶

Note

This plugin is part of the cisco.iosxr collection (version 1.2.1).

To install it use: ansible-galaxy collection install cisco.iosxr.

To use it in a playbook, specify: cisco.iosxr.iosxr_acl_interfaces.

New in version 1.0.0: of cisco.iosxr

Synopsis
Parameters
Examples
Return Values

Synopsis ¶

This module manages adding and removing Access Control Lists (ACLs) from interfaces on devices running IOS-XR software.

Note

This module has a corresponding action plugin.

Parameters ¶

Parameter				Choices/Defaults	Comments
config list / elements=dictionary					A dictionary of ACL options for interfaces.
	access_groups list / elements=dictionary				Specifies ACLs attached to the interfaces.
		acls list / elements=dictionary			Specifies the ACLs for the provided AFI.
			direction string / required	Choices: in out	Specifies the direction of packets that the ACL will be applied on.
			name string / required		Specifies the name of the IPv4/IPv6 ACL for the interface.
		afi string / required		Choices: ipv4 ipv6	Specifies the AFI for the ACL(s) to be configured on this interface.
	name string / required				Name/Identifier for the interface
running_config string					This option is used only with state parsed. The value of this option should be the output received from the IOS-XR device by executing the command show running-config interface. The state parsed reads the configuration from `running_config` option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
state string				Choices: merged ← replaced overridden deleted gathered parsed rendered	The state the configuration should be left in.

Examples ¶

# Using merged

# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:22:32.911 UTC
# interface MgmtEth0/RP0/CPU0/0
#  ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
#  shutdown
# !
# interface GigabitEthernet0/0/0/1
#  shutdown
# !

- name: Merge the provided configuration with the existing running configuration
  cisco.iosxr.iosxr_acl_interfaces:
    config:
    - name: GigabitEthernet0/0/0/0
      access_groups:
      - afi: ipv4
        acls:
        - name: acl_1
          direction: in
        - name: acl_2
          direction: out
      - afi: ipv6
        acls:
        - name: acl6_1
          direction: in
        - name: acl6_2
          direction: out

    - name: GigabitEthernet0/0/0/1
      access_groups:
      - afi: ipv4
        acls:
        - name: acl_1
          direction: out
    state: merged

# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:27:49.378 UTC
# interface MgmtEth0/RP0/CPU0/0
#  ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
#  shutdown
#  ipv4 access-group acl_1 ingress
#  ipv4 access-group acl_2 egress
#  ipv6 access-group acl6_1 ingress
#  ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
#  shutdown
#  ipv4 access-group acl_1 egress
# !

# Using merged to update interface ACL configuration

# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:27:49.378 UTC
# interface MgmtEth0/RP0/CPU0/0
#  ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
#  shutdown
#  ipv4 access-group acl_1 ingress
#  ipv4 access-group acl_2 egress
#  ipv6 access-group acl6_1 ingress
#  ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
#  shutdown
#  ipv4 access-group acl_1 egress
# !
#

- name: Update acl_interfaces configuration using merged
  cisco.iosxr.iosxr_acl_interfaces:
    config:
    - name: GigabitEthernet0/0/0/1
      access_groups:
      - afi: ipv4
        acls:
        - name: acl_2
          direction: out
        - name: acl_1
          direction: in
    state: merged

# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:27:49.378 UTC
# interface MgmtEth0/RP0/CPU0/0
#  ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
#  shutdown
#  ipv4 access-group acl_1 ingress
#  ipv4 access-group acl_2 egress
#  ipv6 access-group acl6_1 ingress
#  ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
#  shutdown
#  ipv4 access-group acl_1 ingress
#  ipv4 access-group acl_2 egress
# !
#

# Using replaced

# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
#  ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
#  shutdown
#  ipv4 access-group acl_1 ingress
#  ipv4 access-group acl_2 egress
#  ipv6 access-group acl6_1 ingress
#  ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
#  shutdown
#  ipv4 access-group acl_1 egress
# !

- name: Replace device configurations of listed interface with provided configurations
  cisco.iosxr.iosxr_acl_interfaces:
    config:
    - name: GigabitEthernet0/0/0/0
      access_groups:
      - afi: ipv6
        acls:
        - name: acl6_3
          direction: in
    state: replaced

# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
#  ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
#  shutdown
#  ipv6 access-group acl6_3 ingress
# !
# interface GigabitEthernet0/0/0/1
#  shutdown
#  ipv4 access-group acl_1 egress
# !
#

# Using overridden

# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
#  ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
#  shutdown
#  ipv4 access-group acl_1 ingress
#  ipv4 access-group acl_2 egress
#  ipv6 access-group acl6_1 ingress
#  ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
#  shutdown
#  ipv4 access-group acl_1 egress
# !
#

- name: Overridde all interface ACL configuration with provided configuration
  cisco.iosxr.iosxr_acl_interfaces:
    config:
    - name: GigabitEthernet0/0/0/1
      access_groups:
      - afi: ipv4
        acls:
        - name: acl_2
          direction: in
      - afi: ipv6
        acls:
        - name: acl6_3
          direction: out
    state: overridden

# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
#  ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
#  shutdown
# !
# interface GigabitEthernet0/0/0/1
#  shutdown
#  ipv4 access-group acl_2 ingress
#  ipv6 access-group acl6_3 egress
# !
#

# Using 'deleted' to delete all ACL attributes of a single interface

# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
#  ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
#  shutdown
#  ipv4 access-group acl_1 ingress
#  ipv4 access-group acl_2 egress
#  ipv6 access-group acl6_1 ingress
#  ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
#  shutdown
#  ipv4 access-group acl_1 egress
# !
#

- name: Delete all ACL attributes of GigabitEthernet0/0/0/1
  cisco.iosxr.iosxr_acl_interfaces:
    config:
    - name: GigabitEthernet0/0/0/1
    state: deleted

# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
#  ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
#  shutdown
#  ipv4 access-group acl_1 ingress
#  ipv4 access-group acl_2 egress
#  ipv6 access-group acl6_1 ingress
#  ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
#  shutdown
# !
#

# Using 'deleted' to remove all ACLs attached to all the interfaces in the device

# Before state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
#  ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
#  shutdown
#  ipv4 access-group acl_1 ingress
#  ipv4 access-group acl_2 egress
#  ipv6 access-group acl6_1 ingress
#  ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
#  shutdown
#  ipv4 access-group acl_1 egress
# !
#

- name: Delete all ACL interfaces configuration from the device
  cisco.iosxr.iosxr_acl_interfaces:
    state: deleted

# After state:
# -------------
#
# RP/0/RP0/CPU0:ios#sh running-config interface
# Wed Jan 15 12:34:56.689 UTC
# interface MgmtEth0/RP0/CPU0/0
#  ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
#  shutdown
# !
# interface GigabitEthernet0/0/0/1
#  shutdown
# !
#

# Using parsed

# parsed.cfg
# ------------
#
# interface MgmtEth0/RP0/CPU0/0
#  ipv4 address dhcp
# !
# interface GigabitEthernet0/0/0/0
#  shutdown
#  ipv4 access-group acl_1 ingress
#  ipv4 access-group acl_2 egress
#  ipv6 access-group acl6_1 ingress
#  ipv6 access-group acl6_2 egress
# !
# interface GigabitEthernet0/0/0/1
#  shutdown
#  ipv4 access-group acl_1 egress
# !

# - name: Convert ACL interfaces config to argspec without connecting to the appliance
#   cisco.iosxr.iosxr_acl_interfaces:
#     running_config: "{{ lookup('file', './parsed.cfg') }}"
#     state: parsed


# Task Output (redacted)
# -----------------------

# "parsed": [
#        {
#            "name": "MgmtEth0/RP0/CPU0/0"
#        },
#        {
#            "access_groups": [
#                {
#                    "acls": [
#                        {
#                            "direction": "in",
#                            "name": "acl_1"
#                        },
#                        {
#                            "direction": "out",
#                            "name": "acl_2"
#                        }
#                    ],
#                    "afi": "ipv4"
#                },
#                {
#                    "acls": [
#                        {
#                            "direction": "in",
#                            "name": "acl6_1"
#                        },
#                        {
#                            "direction": "out",
#                            "name": "acl6_2"
#                        }
#                    ],
#                    "afi": "ipv6"
#                }
#            ],
#            "name": "GigabitEthernet0/0/0/0"
#        },
#        {
#            "access_groups": [
#                {
#                    "acls": [
#                        {
#                            "direction": "out",
#                            "name": "acl_1"
#                        }
#                    ],
#                    "afi": "ipv4"
#                }
#            ],
#            "name": "GigabitEthernet0/0/0/1"
#        }
#    ]
# }


# Using gathered

- name: Gather ACL interfaces facts using gathered state
  cisco.iosxr.iosxr_acl_interfaces:
    state: gathered


# Task Output (redacted)
# -----------------------
#
# "gathered": [
#   {
#      "name": "MgmtEth0/RP0/CPU0/0"
#   },
#   {
#      "access_groups": [
#          {
#              "acls": [
#                  {
#                      "direction": "in",
#                      "name": "acl_1"
#                  },
#                  {
#                      "direction": "out",
#                      "name": "acl_2"
#                  }
#              ],
#              "afi": "ipv4"
#          }
#      "name": "GigabitEthernet0/0/0/0"
#  },
#  {
#      "access_groups": [
#          {
#              "acls": [
#                  {
#                      "direction": "in",
#                      "name": "acl6_1"
#                  }
#              ],
#              "afi": "ipv6"
#          }
#       "name": "GigabitEthernet0/0/0/1"
#   }
# ]


# Using rendered

- name: Render platform specific commands from task input using rendered state
  cisco.iosxr.iosxr_acl_interfaces:
    config:
    - name: GigabitEthernet0/0/0/0
      access_groups:
      - afi: ipv4
        acls:
        - name: acl_1
          direction: in
        - name: acl_2
          direction: out
    state: rendered

# Task Output (redacted)
# -----------------------

# "rendered": [
#     "interface GigabitEthernet0/0/0/0",
#     "ipv4 access-group acl_1 ingress",
#     "ipv4 access-group acl_2 egress"
# ]

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
after list / elements=string	when changed	The resulting configuration model invocation. Sample: The configuration returned will always be in the same format of the parameters above.
before list / elements=string	always	The configuration prior to the model invocation. Sample: The configuration returned will always be in the same format of the parameters above.
commands list / elements=string	always	The set of commands pushed to the remote device. Sample: ['interface GigabitEthernet0/0/0/1', 'ipv4 access-group acl_1 ingress', 'ipv4 access-group acl_2 egress', 'ipv6 access-group acl6_1 ingress', 'interface GigabitEthernet0/0/0/2', 'no ipv4 access-group acl_3 ingress', 'ipv4 access-group acl_4 egress']

Authors¶

Nilashish Chakraborty (@NilashishC)

cisco.iosxr.iosxr_acl_interfaces – ACL interfaces resource module¶

Synopsis¶

Parameters¶

Examples¶