cisco.ise.allowed_protocols module – Resource module for Allowed Protocols
Note
This module is part of the cisco.ise collection (version 2.5.12).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cisco.ise
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: cisco.ise.allowed_protocols
.
New in cisco.ise 1.0.0
Synopsis
Manage operations create, update and delete of the resource Allowed Protocols.
This API creates an allowed protocol.
This API deletes an allowed protocol.
This API allows the client to update an allowed protocol.
Note
This module has a corresponding action plugin.
Requirements
The below requirements are needed on the host that executes this module.
ciscoisesdk >= 2.0.8
python >= 3.5
Parameters
Parameter |
Comments |
---|---|
AllowChap flag. Choices:
|
|
AllowEapFast flag. Choices:
|
|
AllowEapMd5 flag. Choices:
|
|
AllowEapTls flag. Choices:
|
|
AllowEapTtls flag. Choices:
|
|
AllowLeap flag. Choices:
|
|
AllowMsChapV1 flag. Choices:
|
|
AllowMsChapV2 flag. Choices:
|
|
AllowPapAscii flag. Choices:
|
|
AllowPeap flag. Choices:
|
|
AllowPreferredEapProtocol flag. Choices:
|
|
AllowTeap flag. Choices:
|
|
AllowWeakCiphersForEap flag. Choices:
|
|
Allowed Protocols’s description. |
|
The eapFast is required only if allowEapFast is true, otherwise it must be ignored. The object eapFast contains the settings for EAP FAST protocol. |
|
AllowEapFastEapGtc flag. Choices:
|
|
The allowEapFastEapGtcPwdChange is required only if allowEapFastEapGtc is true, otherwise it must be ignored. Choices:
|
|
The allowEapFastEapGtcPwdChangeRetries is required only if allowEapFastEapGtc is true, otherwise it must be ignored. Valid range is 0-3. |
|
AllowEapFastEapMsChapV2 flag. Choices:
|
|
The allowEapFastEapMsChapV2PwdChange is required only if allowEapFastEapMsChapV2 is true, otherwise it must be ignored. Choices:
|
|
The allowEapFastEapMsChapV2PwdChangeRetries is required only if eapTtlsEapMsChapV2 is true, otherwise it must be ignored. Valid range is 0-3. |
|
AllowEapFastEapTls flag. Choices:
|
|
The allowEapFastEapTlsAuthOfExpiredCerts is required only if allowEapFastEapTls is true, otherwise it must be ignored. Choices:
|
|
The eapFastDontUsePacsAcceptClientCert is required only if eapFastUsePacs is FALSE, otherwise it must be ignored. Choices:
|
|
The eapFastDontUsePacsAllowMachineAuthentication is required only if eapFastUsePacs is FALSE, otherwise it must be ignored. Choices:
|
|
EapFastEnableEAPChaining flag. Choices:
|
|
EapFastUsePacs flag. Choices:
|
|
The eapFastUsePacsAcceptClientCert is required only if eapFastUsePacsAllowAuthenProvisioning is true, otherwise it must be ignored. Choices:
|
|
The eapFastUsePacsAllowAnonymProvisioning is required only if eapFastUsePacs is true, otherwise it must be ignored. Choices:
|
|
The eapFastUsePacsAllowAuthenProvisioning is required only if eapFastUsePacs is true, otherwise it must be ignored. Choices:
|
|
EapFastUsePacsAllowMachineAuthentication flag. Choices:
|
|
The eapFastUsePacsAuthorizationPacTtl is required only if eapFastUsePacsStatelessSessionResume is true, otherwise it must be ignored. |
|
The eapFastUsePacsAuthorizationPacTtlUnits is required only if eapFastUsePacsStatelessSessionResume is true, otherwise it must be ignored. Allowed Values - SECONDS, - MINUTES, - HOURS, - DAYS, - WEEKS. |
|
The eapFastUsePacsMachinePacTtl is required only if eapFastUsePacsAllowMachineAuthentication is true, otherwise it must be ignored. |
|
The eapFastUsePacsMachinePacTtlUnits is required only if eapFastUsePacsAllowMachineAuthentication is true, otherwise it must be ignored. Allowed Values - SECONDS, - MINUTES, - HOURS, - DAYS, - WEEKS. |
|
The eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning is required only if eapFastUsePacsAllowAuthenProvisioning is true, otherwise it must be ignored. Choices:
|
|
The eapFastUsePacsStatelessSessionResume is required only if eapFastUsePacs is true, otherwise it must be ignored. Choices:
|
|
The eapFastUsePacsTunnelPacTtl is required only if eapFastUsePacs is true, otherwise it must be ignored. |
|
The eapFastUsePacsTunnelPacTtlUnits is required only if eapFastUsePacs is true, otherwise it must be ignored. Allowed Values - SECONDS, - MINUTES, - HOURS, - DAYS, - WEEKS. |
|
The eapFastUsePacsUseProactivePacUpdatePrecentage is required only if eapFastUsePacs is true, otherwise it must be ignored. |
|
The eapTls is required only if allowEapTls is true, otherwise it must be ignored. The object eapTls contains the settings for EAP TLS protocol. |
|
AllowEapTlsAuthOfExpiredCerts flag. Choices:
|
|
EapTlsEnableStatelessSessionResume flag. Choices:
|
|
The eapTlsSessionTicketPrecentage is required only if eapTlsEnableStatelessSessionResume is true, otherwise it must be ignored. |
|
Time to live. The eapTlsSessionTicketTtl is required only if eapTlsEnableStatelessSessionResume is true, otherwise it must be ignored. |
|
Time to live time units. The eapTlsSessionTicketTtlUnits is required only if eapTlsEnableStatelessSessionResume is true, otherwise it must be ignored. Allowed Values - SECONDS, - MINUTES, - HOURS, - DAYS, - WEEKS. |
|
EapTlsLBit flag. Choices:
|
|
The eapTtls is required only if allowEapTtls is true, otherwise it must be ignored. The object eapTtls contains the settings for EAP TTLS protocol. |
|
EapTtlsChap flag. Choices:
|
|
EapTtlsEapMd5 flag. Choices:
|
|
EapTtlsEapMsChapV2 flag. Choices:
|
|
The eapTtlsEapMsChapV2PwdChange is required only if eapTtlsEapMsChapV2 is true, otherwise it must be ignored. Choices:
|
|
The eapTtlsEapMsChapV2PwdChangeRetries is required only if eapTtlsEapMsChapV2 is true, otherwise it must be ignored. Valid range is 0-3. |
|
EapTtlsMsChapV1 flag. Choices:
|
|
EapTtlsMsChapV2 flag. Choices:
|
|
EapTtlsPapAscii flag. Choices:
|
|
Resource UUID, Mandatory for update. |
|
Flag for Identity Services Engine SDK to enable debugging. Choices:
|
|
The Identity Services Engine hostname. |
|
The Identity Services Engine password to authenticate. |
|
The Identity Services Engine username to authenticate. |
|
Flag that informs the SDK whether to use the Identity Services Engine’s API Gateway to send requests. If it is true, it uses the ISE’s API Gateway and sends requests to https://{{ise_hostname}}. If it is false, it sends the requests to https://{{ise_hostname}}:{{port}}, where the port value depends on the Service used (ERS, Mnt, UI, PxGrid). Choices:
|
|
Flag that informs the SDK whether we send the CSRF token to ISE’s ERS APIs. If it is True, the SDK assumes that your ISE CSRF Check is enabled. If it is True, it assumes you need the SDK to manage the CSRF token automatically for you. Choices:
|
|
Flag to enable or disable SSL certificate verification. Choices:
|
|
Informs the SDK which version of Identity Services Engine to use. Default: |
|
Flag for Identity Services Engine SDK to enable automatic rate-limit handling. Choices:
|
|
Resource Name. |
|
Allowed Protocols’s peap. |
|
AllowPeapEapGtc flag. Choices:
|
|
The allowPeapEapGtcPwdChange is required only if allowPeapEapGtc is true, otherwise it must be ignored. Choices:
|
|
The allowPeapEapGtcPwdChangeRetries is required only if allowPeapEapGtc is true, otherwise it must be ignored. Valid range is 0-3. |
|
AllowPeapEapMsChapV2 flag. Choices:
|
|
The allowPeapEapMsChapV2PwdChange is required only if allowPeapEapMsChapV2 is true, otherwise it must be ignored. Choices:
|
|
The allowPeapEapMsChapV2PwdChangeRetries is required only if allowPeapEapMsChapV2 is true, otherwise it must be ignored. Valid range is 0-3. |
|
AllowPeapEapTls flag. Choices:
|
|
The allowPeapEapTlsAuthOfExpiredCerts is required only if allowPeapEapTls is true, otherwise it must be ignored. Choices:
|
|
AllowPeapV0 flag. Choices:
|
|
RequireCryptobinding flag. Choices:
|
|
The preferredEapProtocol is required only if allowPreferredEapProtocol is true, otherwise it must be ignored. Allowed Values - EAP_FAST, - PEAP, - LEAP, - EAP_MD5, - EAP_TLS, - EAP_TTLS, - TEAP. |
|
ProcessHostLookup flag. Choices:
|
|
RequireMessageAuth flag. Choices:
|
|
The teap is required only if allowTeap is true, otherwise it must be ignored. The object teap contains the settings for TEAP protocol. |
|
AcceptClientCertDuringTunnelEst flag. Choices:
|
|
AllowDowngradeMsk flag. Choices:
|
|
AllowTeapEapMsChapV2 flag. Choices:
|
|
The allowTeapEapMsChapV2PwdChange is required only if allowTeapEapMsChapV2 is true, otherwise it must be ignored. Choices:
|
|
The allowTeapEapMsChapV2PwdChangeRetries is required only if allowTeapEapMsChapV2 is true, otherwise it must be ignored. Valid range is 0-3. |
|
AllowTeapEapTls flag. Choices:
|
|
The allowTeapEapTlsAuthOfExpiredCerts is required only if allowTeapEapTls is true, otherwise it must be ignored. Choices:
|
|
EnableEapChaining flag. Choices:
|
Notes
Note
SDK Method used are allowed_protocols.AllowedProtocols.create_allowed_protocol, allowed_protocols.AllowedProtocols.delete_allowed_protocol_by_id, allowed_protocols.AllowedProtocols.update_allowed_protocol_by_id,
Paths used are post /ers/config/allowedprotocols, delete /ers/config/allowedprotocols/{id}, put /ers/config/allowedprotocols/{id},
Does not support
check_mode
The plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco ISE SDK
The parameters starting with ise_ are used by the Cisco ISE Python SDK to establish the connection
Examples
- name: Update by id
cisco.ise.allowed_protocols:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: present
allowChap: true
allowEapFast: true
allowEapMd5: true
allowEapTls: true
allowEapTtls: true
allowLeap: true
allowMsChapV1: true
allowMsChapV2: true
allowPapAscii: true
allowPeap: true
allowPreferredEapProtocol: true
allowTeap: true
allowWeakCiphersForEap: true
description: string
eapFast:
allowEapFastEapGtc: true
allowEapFastEapGtcPwdChange: true
allowEapFastEapGtcPwdChangeRetries: 0
allowEapFastEapMsChapV2: true
allowEapFastEapMsChapV2PwdChange: true
allowEapFastEapMsChapV2PwdChangeRetries: 0
allowEapFastEapTls: true
allowEapFastEapTlsAuthOfExpiredCerts: true
eapFastDontUsePacsAcceptClientCert: true
eapFastDontUsePacsAllowMachineAuthentication: true
eapFastEnableEAPChaining: true
eapFastUsePacs: true
eapFastUsePacsAcceptClientCert: true
eapFastUsePacsAllowAnonymProvisioning: true
eapFastUsePacsAllowAuthenProvisioning: true
eapFastUsePacsAllowMachineAuthentication: true
eapFastUsePacsAuthorizationPacTtl: 0
eapFastUsePacsAuthorizationPacTtlUnits: string
eapFastUsePacsMachinePacTtl: 0
eapFastUsePacsMachinePacTtlUnits: string
eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning: true
eapFastUsePacsStatelessSessionResume: true
eapFastUsePacsTunnelPacTtl: 0
eapFastUsePacsTunnelPacTtlUnits: string
eapFastUsePacsUseProactivePacUpdatePrecentage: 0
eapTls:
allowEapTlsAuthOfExpiredCerts: true
eapTlsEnableStatelessSessionResume: true
eapTlsSessionTicketPrecentage: 0
eapTlsSessionTicketTtl: 0
eapTlsSessionTicketTtlUnits: string
eapTlsLBit: true
eapTtls:
eapTtlsChap: true
eapTtlsEapMd5: true
eapTtlsEapMsChapV2: true
eapTtlsEapMsChapV2PwdChange: true
eapTtlsEapMsChapV2PwdChangeRetries: 0
eapTtlsMsChapV1: true
eapTtlsMsChapV2: true
eapTtlsPapAscii: true
id: string
name: string
peap:
allowPeapEapGtc: true
allowPeapEapGtcPwdChange: true
allowPeapEapGtcPwdChangeRetries: 0
allowPeapEapMsChapV2: true
allowPeapEapMsChapV2PwdChange: true
allowPeapEapMsChapV2PwdChangeRetries: 0
allowPeapEapTls: true
allowPeapEapTlsAuthOfExpiredCerts: true
allowPeapV0: true
requireCryptobinding: true
preferredEapProtocol: string
processHostLookup: true
requireMessageAuth: true
teap:
acceptClientCertDuringTunnelEst: true
allowDowngradeMsk: true
allowTeapEapMsChapV2: true
allowTeapEapMsChapV2PwdChange: true
allowTeapEapMsChapV2PwdChangeRetries: 0
allowTeapEapTls: true
allowTeapEapTlsAuthOfExpiredCerts: true
enableEapChaining: true
- name: Delete by id
cisco.ise.allowed_protocols:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: absent
id: string
- name: Create
cisco.ise.allowed_protocols:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: present
allowChap: true
allowEapFast: true
allowEapMd5: true
allowEapTls: true
allowEapTtls: true
allowLeap: true
allowMsChapV1: true
allowMsChapV2: true
allowPapAscii: true
allowPeap: true
allowPreferredEapProtocol: true
allowTeap: true
allowWeakCiphersForEap: true
description: string
eapFast:
allowEapFastEapGtc: true
allowEapFastEapGtcPwdChange: true
allowEapFastEapGtcPwdChangeRetries: 0
allowEapFastEapMsChapV2: true
allowEapFastEapMsChapV2PwdChange: true
allowEapFastEapMsChapV2PwdChangeRetries: 0
allowEapFastEapTls: true
allowEapFastEapTlsAuthOfExpiredCerts: true
eapFastDontUsePacsAcceptClientCert: true
eapFastDontUsePacsAllowMachineAuthentication: true
eapFastEnableEAPChaining: true
eapFastUsePacs: true
eapFastUsePacsAcceptClientCert: true
eapFastUsePacsAllowAnonymProvisioning: true
eapFastUsePacsAllowAuthenProvisioning: true
eapFastUsePacsAllowMachineAuthentication: true
eapFastUsePacsAuthorizationPacTtl: 0
eapFastUsePacsAuthorizationPacTtlUnits: string
eapFastUsePacsMachinePacTtl: 0
eapFastUsePacsMachinePacTtlUnits: string
eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning: true
eapFastUsePacsStatelessSessionResume: true
eapFastUsePacsTunnelPacTtl: 0
eapFastUsePacsTunnelPacTtlUnits: string
eapFastUsePacsUseProactivePacUpdatePrecentage: 0
eapTls:
allowEapTlsAuthOfExpiredCerts: true
eapTlsEnableStatelessSessionResume: true
eapTlsSessionTicketPrecentage: 0
eapTlsSessionTicketTtl: 0
eapTlsSessionTicketTtlUnits: string
eapTlsLBit: true
eapTtls:
eapTtlsChap: true
eapTtlsEapMd5: true
eapTtlsEapMsChapV2: true
eapTtlsEapMsChapV2PwdChange: true
eapTtlsEapMsChapV2PwdChangeRetries: 0
eapTtlsMsChapV1: true
eapTtlsMsChapV2: true
eapTtlsPapAscii: true
name: string
peap:
allowPeapEapGtc: true
allowPeapEapGtcPwdChange: true
allowPeapEapGtcPwdChangeRetries: 0
allowPeapEapMsChapV2: true
allowPeapEapMsChapV2PwdChange: true
allowPeapEapMsChapV2PwdChangeRetries: 0
allowPeapEapTls: true
allowPeapEapTlsAuthOfExpiredCerts: true
allowPeapV0: true
requireCryptobinding: true
preferredEapProtocol: string
processHostLookup: true
requireMessageAuth: true
teap:
acceptClientCertDuringTunnelEst: true
allowDowngradeMsk: true
allowTeapEapMsChapV2: true
allowTeapEapMsChapV2PwdChange: true
allowTeapEapMsChapV2PwdChangeRetries: 0
allowTeapEapTls: true
allowTeapEapTlsAuthOfExpiredCerts: true
enableEapChaining: true
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
A dictionary or list with the response returned by the Cisco ISE Python SDK Returned: always Sample: |
|
A dictionary or list with the response returned by the Cisco ISE Python SDK Returned: always Sample: |