You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

cisco.meraki.meraki_ms_access_policies module – Manage Switch Access Policies in the Meraki cloud

Note

This module is part of the cisco.meraki collection (version 2.13.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cisco.meraki.

To use it in a playbook, specify: cisco.meraki.meraki_ms_access_policies.

Synopsis

• Module for managing a Switch Access Policies in the Meraki cloud

Parameters

Parameter	Comments
access_policy_type string	Set type of the access policy Choices: "802.1x" "MAC authentication bypass" "Hybrid authentication"
auth_key string / required	Authentication key provided by the dashboard. Required if environmental variable MERAKI_KEY is not set.
auth_method string	Set authentication method in the policy. Choices: "Meraki authentication" "my RADIUS server"
data_vlan_id integer	Set a Data VLAN ID for Critical Auth VLAN
guest_vlan integer	Guest Vlan
host string	Hostname for Meraki dashboard. Can be used to access regional Meraki environments, such as China. Default: "api.meraki.com"
host_mode string	Choose the Host Mode for the access policy. Choices: "Single-Host" "Multi-Domain" "Multi-Host" "Multi-Auth"
internal_error_retry_time integer	Number of seconds to retry if server returns an internal server error. Default: 60
name string	Name of Access Policy.
net_id string	ID of network.
net_name aliases: name, network string	Name of a network.
number aliases: access_policy_number integer	Number of the access_policy.
org_id string	ID of organization associated to a network.
org_name aliases: organization string	Name of organization.
output_format string	Instructs module whether response keys should be snake case (ex. net_id) or camel case (ex. netId). Choices: "snakecase" ← (default) "camelcase"
output_level string	Set amount of debug output during module execution. Choices: "debug" "normal" ← (default)
radius_accounting_enabled boolean	Enable or disable RADIUS accounting. Choices: false true
radius_accounting_servers list / elements=dictionary	List of RADIUS servers for RADIUS accounting.
host string / required	IP address or hostname of RADIUS server.
port integer	Port number RADIUS server is listening to.
secret string	RADIUS password.
radius_attribute_group_policy_name string	Enable that attribute for a RADIUS Choices: "Filter-Id" "" ← (default)
radius_coa_enabled boolean	Enable or disable RADIUS CoA (Change of Authorization). Choices: false true
radius_servers list / elements=dictionary	List of RADIUS servers.
host string / required	IP address or hostname of RADIUS server.
port integer	Port number RADIUS server is listening to.
secret string	RADIUS password. Setting password is not idempotent.
radius_testing boolean	Set status of testing a radius. Choices: false true ← (default)
rate_limit_retry_time integer	Number of seconds to retry if rate limiter is triggered. Default: 165
state string	Specifies whether SNMP information should be queried or modified. Choices: "absent" "query" "present" ← (default)
suspend_port_bounce boolean	Enable or disable the Suspend Port Bounce when RADIUS servers are unreachable. Choices: false ← (default) true
systems_management_enrollment boolean	Set if the Systems Management Enrollemnt is enabled or disabled Choices: false ← (default) true
timeout integer	Time to timeout for HTTP requests. Default: 30
use_https boolean	If no, it will use HTTP. Otherwise it will use HTTPS. Only useful for internal Meraki developers. Choices: false true ← (default)
use_proxy boolean	If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts. Choices: false ← (default) true
validate_certs boolean	Whether to validate HTTP certificates. Choices: false true ← (default)
voice_vlan_clients boolean	If is enabled that means Voice VLAN client require authentication Choices: false true ← (default)
voice_vlan_id integer	Set a Voice VLAN ID for Critical Auth VLAN

Notes

Note

• More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.

• Some of the options are likely only used for developers within Meraki.

• As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the ANSIBLE_MERAKI_FORMAT environment variable to camelcase.

• Ansible’s Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks.

• Check Mode downloads the current configuration from the dashboard, then compares changes against this download. Check Mode will report changed if there are differences in the configurations, but does not submit changes to the API for validation of change.

Examples

- name: Create access policy with auth_method is "Meraki authentication"
  cisco.meraki.meraki_ms_access_policies:
    auth_key: abc123
    state: present
    name: "Meraki authentication policy"
    auth_method: "Meraki authentication"
    net_name: YourNet
    org_name: YourOrg
  delegate_to: localhost

- name: Create access policy with auth_method is "my Radius Server"
  cisco.meraki.meraki_ms_access_policies:
    auth_key: abc123
    access_policy_type: "802.1x"
    host_mode: "Single-Host"
    state: present
    name: "Meraki authentication policy"
    auth_method: "my RADIUS server"
    radius_servers:
      - host: 192.0.1.18
        port: 7890
        secret: secret123
    net_name: YourNet
    org_name: YourOrg
    radius_coa_enabled: False
    radius_accounting_enabled: False
    guest_vlan: 10
    voice_vlan_clients: False

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
data complex	List of Access Policies Returned: success
access_policy_type string	Type of the access policy Returned: success Sample: "802.1x"
guest_vlan_id integer	ID of the Guest Vlan Returned: success Sample: 10
host_mode string	Choosen teh Host Mode for the access policy Returned: success Sample: "Single-Host"
name string	Name of the Access Policy Returned: success Sample: "Policy with 802.1x"
number integer	Number of the Access Policy Returned: success Sample: 1
radius complex	List of radius specific list Returned: success
critial_auth complex	Critial Auth List Returned: success
data_vlan_id integer	VLAN ID for data Returned: success Sample: 10
suspend_port_bounce boolean	Enable or disable suspend port bounce Returned: success Sample: false
voice_vlan_id integer	VLAN ID for voice Returned: success Sample: 10
failed_auth_vlan_id integer	VLAN ID when failed auth Returned: success Sample: 11
re_authentication_interval integer	Interval of re-authentication Returned: success
radius_accounting_enabled boolean	Enable or disable RADIUS accounting. Returned: success
radius_accounting_servers list / elements=dictionary	List of RADIUS servers for RADIUS accounting. Returned: success
radius_attribute_group_policy_name string	Enable the radius group attribute Returned: success Can only return: "11" "" Sample: "11"
radius_coa_enabled boolean	Enable or disable RADIUS CoA (Change of Authorization). Returned: success
radius_servers list / elements=dictionary	List of RADIUS servers. Returned: success
radius_testing_enabled boolean	Enable or disable Radius Testing Returned: success Sample: true
voice_vlan_clients boolean	Enable or disable Voice Vlan Clients Returned: success Sample: false

Authors

• Marcin Woźniak (@y0rune)

Collection links

Issue Tracker Repository (Sources)