community.network.ce_acl_advance module – Manages advanced ACL configuration on HUAWEI CloudEngine switches.
Note
This module is part of the community.network collection (version 5.0.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.network
.
To use it in a playbook, specify: community.network.ce_acl_advance
.
Synopsis
Manages advanced ACL configurations on HUAWEI CloudEngine switches.
Parameters
Parameter |
Comments |
---|---|
ACL description. The value is a string of 1 to 127 characters. |
|
ACL number or name. For a numbered rule group, the value ranging from 3000 to 3999 indicates a advance ACL. For a named rule group, the value is a string of 1 to 32 case-sensitive characters starting with a letter, spaces not supported. |
|
ACL number. The value is an integer ranging from 3000 to 3999. |
|
ACL step. The value is an integer ranging from 1 to 20. The default value is 5. |
|
Destination IP address. The value is a string of 0 to 255 characters.The default value is 0.0.0.0. The value is in dotted decimal notation. |
|
Destination IP address mask. The value is an integer ranging from 1 to 32. |
|
Name of a destination pool. The value is a string of 1 to 32 characters. |
|
Start port number of the destination port. The value is an integer ranging from 0 to 65535. |
|
End port number of the destination port. The value is an integer ranging from 0 to 65535. |
|
Range type of the destination port. Choices:
|
|
Name of a destination port pool. The value is a string of 1 to 32 characters. |
|
Differentiated Services Code Point. The value is an integer ranging from 0 to 63. |
|
Match established connections. Choices:
|
|
Type of packet fragmentation. Choices:
|
|
ICMP message code. Data packets can be filtered based on the ICMP message code. The value is an integer ranging from 0 to 255. |
|
ICMP name. Choices:
|
|
ICMP type. This parameter is available only when the packet protocol is ICMP. The value is an integer ranging from 0 to 255. |
|
Internet Group Management Protocol. Choices:
|
|
Flag of logging matched data packets. Choices:
|
|
Data packets can be filtered based on the priority field. The value is an integer ranging from 0 to 7. |
|
Protocol type. Choices:
|
|
Matching mode of basic ACL rules. Choices:
|
|
Description about an ACL rule. |
|
ID of a basic ACL rule in configuration mode. The value is an integer ranging from 0 to 4294967294. |
|
Name of a basic ACL rule. The value is a string of 1 to 32 characters. |
|
Source IP address. The value is a string of 0 to 255 characters.The default value is 0.0.0.0. The value is in dotted decimal notation. |
|
Source IP address mask. The value is an integer ranging from 1 to 32. |
|
Name of a source pool. The value is a string of 1 to 32 characters. |
|
Start port number of the source port. The value is an integer ranging from 0 to 65535. |
|
End port number of the source port. The value is an integer ranging from 0 to 65535. |
|
Range type of the source port. Choices:
|
|
Name of a source port pool. The value is a string of 1 to 32 characters. |
|
Specify desired state of the resource. Choices:
|
|
TCP flag value. The value is an integer ranging from 0 to 63. |
|
TCP flag mask value. The value is an integer ranging from 0 to 63. |
|
Name of a time range in which an ACL rule takes effect. |
|
ToS value on which data packet filtering is based. The value is an integer ranging from 0 to 15. |
|
Whether TTL Expired is matched, with the TTL value of 1. Choices:
|
|
VPN instance name. The value is a string of 1 to 31 characters.The default value is _public_. |
Notes
Note
This module requires the netconf system service be enabled on the remote device being managed.
Recommended connection is
netconf
.This module also works with
local
connections for legacy playbooks.
Examples
- name: CloudEngine advance acl test
hosts: cloudengine
connection: local
gather_facts: no
vars:
cli:
host: "{{ inventory_hostname }}"
port: "{{ ansible_ssh_port }}"
username: "{{ username }}"
password: "{{ password }}"
transport: cli
tasks:
- name: "Config ACL"
community.network.ce_acl_advance:
state: present
acl_name: 3200
provider: "{{ cli }}"
- name: "Undo ACL"
community.network.ce_acl_advance:
state: delete_acl
acl_name: 3200
provider: "{{ cli }}"
- name: "Config ACL advance rule"
community.network.ce_acl_advance:
state: present
acl_name: test
rule_name: test_rule
rule_id: 111
rule_action: permit
protocol: tcp
source_ip: 10.10.10.10
src_mask: 24
frag_type: fragment
provider: "{{ cli }}"
- name: "Undo ACL advance rule"
community.network.ce_acl_advance:
state: absent
acl_name: test
rule_name: test_rule
rule_id: 111
rule_action: permit
protocol: tcp
source_ip: 10.10.10.10
src_mask: 24
frag_type: fragment
provider: "{{ cli }}"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
check to see if a change was made on the device Returned: always Sample: |
|
k/v pairs of aaa params after module execution Returned: always Sample: |
|
k/v pairs of existing aaa server Returned: always Sample: |
|
k/v pairs of parameters passed into module Returned: always Sample: |
|
command sent to the device Returned: always Sample: |