cisco.meraki.networks_switch_access_policies module – Resource module for networks _switch _accesspolicies
Note
This module is part of the cisco.meraki collection (version 2.17.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cisco.meraki
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: cisco.meraki.networks_switch_access_policies
.
New in cisco.meraki 2.16.0
Synopsis
Manage operations create, update and delete of the resource networks _switch _accesspolicies.
Create an access policy for a switch network. If you would like to enable Meraki Authentication, set radiusServers to empty array.
Delete an access policy for a switch network.
Update an access policy for a switch network. If you would like to enable Meraki Authentication, set radiusServers to empty array.
Note
This module has a corresponding action plugin.
Requirements
The below requirements are needed on the host that executes this module.
meraki >= 2.4.9
python >= 3.5
Parameters
Parameter |
Comments |
---|---|
AccessPolicyNumber path parameter. Access policy number. |
|
Access Type of the policy. Automatically ‘Hybrid authentication’ when hostMode is ‘Multi-Domain’. |
|
802.1x Settings. |
|
Supports either ‘both’ or ‘inbound’. Set to ‘inbound’ to allow unauthorized egress on the switchport. Set to ‘both’ to control both traffic directions with authorization. Defaults to ‘both’. |
|
If enabled, Meraki devices will periodically send access-request messages to these RADIUS servers. Choices:
|
|
ID for the guest VLAN allow unauthorized devices access to limited network resources. |
|
Choose the Host Mode for the access policy. |
|
Enabling this option will make switches execute 802.1X and MAC-bypass authentication simultaneously so that clients authenticate faster. Only required when accessPolicyType is ‘Hybrid Authentication. Choices:
|
|
meraki_action_batch_retry_wait_time (integer), action batch concurrency error retry wait time Default: |
|
meraki_api_key (string), API key generated in dashboard; can also be set as an environment variable MERAKI_DASHBOARD_API_KEY |
|
meraki_base_url (string), preceding all endpoint resources Default: |
|
meraki_be_geo_id (string), optional partner identifier for API usage tracking; can also be set as an environment variable BE_GEO_ID Default: |
|
meraki_caller (string), optional identifier for API usage tracking; can also be set as an environment variable MERAKI_PYTHON_SDK_CALLER Default: |
|
meraki_certificate_path (string), path for TLS/SSL certificate verification if behind local proxy Default: |
|
meraki_inherit_logging_config (boolean), Inherits your own logger instance Choices:
|
|
meraki_log_file_prefix (string), log file name appended with date and timestamp Default: |
|
log_path (string), path to output log; by default, working directory of script if not specified Default: |
|
meraki_maximum_retries (integer), retry up to this many times when encountering 429s or other server-side errors Default: |
|
meraki_nginx_429_retry_wait_time (integer), Nginx 429 retry wait time Default: |
|
meraki_output_log (boolean), create an output log file? Choices:
|
|
meraki_print_console (boolean), print logging output to console? Choices:
|
|
meraki_requests_proxy (string), proxy server and port, if needed, for HTTPS Default: |
|
meraki_retry_4xx_error (boolean), retry if encountering other 4XX error (besides 429)? Choices:
|
|
meraki_retry_4xx_error_wait_time (integer), other 4XX error retry wait time Default: |
|
meraki_simulate (boolean), simulate POST/PUT/DELETE calls to prevent changes? Choices:
|
|
meraki_single_request_timeout (integer), maximum number of seconds for each API call Default: |
|
meraki_suppress_logging (boolean), disable all logging? you’re on your own then! Choices:
|
|
meraki_use_iterator_for_get_pages (boolean), list* methods will return an iterator with each object instead of a complete list with all items Choices:
|
|
meraki_wait_on_rate_limit (boolean), retry if 429 rate limit error encountered? Choices:
|
|
Name of the access policy. |
|
NetworkId path parameter. Network ID. |
|
Object for RADIUS Settings. |
|
Critical auth settings for when authentication is rejected by the RADIUS server. |
|
VLAN that clients who use data will be placed on when RADIUS authentication fails. Will be null if hostMode is Multi-Auth. |
|
Enable to suspend port bounce when RADIUS servers are unreachable. Choices:
|
|
VLAN that clients who use voice will be placed on when RADIUS authentication fails. Will be null if hostMode is Multi-Auth. |
|
VLAN that clients will be placed on when RADIUS authentication fails. Will be null if hostMode is Multi-Auth. |
|
Re-authentication period in seconds. Will be null if hostMode is Multi-Auth. |
|
Enable to send start, interim-update and stop messages to a configured RADIUS accounting server for tracking connected clients. Choices:
|
|
List of RADIUS accounting servers to require connecting devices to authenticate against before granting network access. |
|
Public IP address of the RADIUS accounting server. |
|
UDP port that the RADIUS Accounting server listens on for access requests. |
|
RADIUS client shared secret. |
|
Change of authentication for RADIUS re-authentication and disconnection. Choices:
|
|
Acceptable values are `””` for None, or `”11”` for Group Policies ACL. |
|
List of RADIUS servers to require connecting devices to authenticate against before granting network access. |
|
Public IP address of the RADIUS server. |
|
UDP port that the RADIUS server listens on for access requests. |
|
RADIUS client shared secret. |
|
If enabled, Meraki devices will periodically send access-request messages to these RADIUS servers. Choices:
|
|
Enable to restrict access for clients to a specific set of IP addresses or hostnames prior to authentication. Choices:
|
|
IP address ranges, in CIDR notation, to restrict access for clients to a specific set of IP addresses or hostnames prior to authentication. |
|
CDP/LLDP capable voice clients will be able to use this VLAN. Automatically true when hostMode is ‘Multi-Domain’. Choices:
|
Notes
Note
SDK Method used are switch.Switch.create_network_switch_access_policy, switch.Switch.delete_network_switch_access_policy, switch.Switch.update_network_switch_access_policy,
Paths used are post /networks/{networkId}/switch/accessPolicies, delete /networks/{networkId}/switch/accessPolicies/{accessPolicyNumber}, put /networks/{networkId}/switch/accessPolicies/{accessPolicyNumber},
Does not support
check_mode
The plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco DNAC SDK
The parameters starting with dnac_ are used by the Cisco DNAC Python SDK to establish the connection
See Also
See also
- Cisco Meraki documentation for switch createNetworkSwitchAccessPolicy
Complete reference of the createNetworkSwitchAccessPolicy API.
- Cisco Meraki documentation for switch deleteNetworkSwitchAccessPolicy
Complete reference of the deleteNetworkSwitchAccessPolicy API.
- Cisco Meraki documentation for switch updateNetworkSwitchAccessPolicy
Complete reference of the updateNetworkSwitchAccessPolicy API.
Examples
- name: Create
cisco.meraki.networks_switch_access_policies:
meraki_api_key: "{{meraki_api_key}}"
meraki_base_url: "{{meraki_base_url}}"
meraki_single_request_timeout: "{{meraki_single_request_timeout}}"
meraki_certificate_path: "{{meraki_certificate_path}}"
meraki_requests_proxy: "{{meraki_requests_proxy}}"
meraki_wait_on_rate_limit: "{{meraki_wait_on_rate_limit}}"
meraki_nginx_429_retry_wait_time: "{{meraki_nginx_429_retry_wait_time}}"
meraki_action_batch_retry_wait_time: "{{meraki_action_batch_retry_wait_time}}"
meraki_retry_4xx_error: "{{meraki_retry_4xx_error}}"
meraki_retry_4xx_error_wait_time: "{{meraki_retry_4xx_error_wait_time}}"
meraki_maximum_retries: "{{meraki_maximum_retries}}"
meraki_output_log: "{{meraki_output_log}}"
meraki_log_file_prefix: "{{meraki_log_file_prefix}}"
meraki_log_path: "{{meraki_log_path}}"
meraki_print_console: "{{meraki_print_console}}"
meraki_suppress_logging: "{{meraki_suppress_logging}}"
meraki_simulate: "{{meraki_simulate}}"
meraki_be_geo_id: "{{meraki_be_geo_id}}"
meraki_use_iterator_for_get_pages: "{{meraki_use_iterator_for_get_pages}}"
meraki_inherit_logging_config: "{{meraki_inherit_logging_config}}"
state: present
accessPolicyType: Hybrid authentication
dot1x:
controlDirection: inbound
guestPortBouncing: false
guestVlanId: 100
hostMode: Single-Host
increaseAccessSpeed: false
name: 'Access policy #1'
networkId: string
radius:
criticalAuth:
dataVlanId: 100
suspendPortBounce: true
voiceVlanId: 100
failedAuthVlanId: 100
reAuthenticationInterval: 120
radiusAccountingEnabled: true
radiusAccountingServers:
- host: 1.2.3.4
port: 22
secret: secret
radiusCoaSupportEnabled: false
radiusGroupAttribute: '11'
radiusServers:
- host: 1.2.3.4
port: 22
secret: secret
radiusTestingEnabled: false
urlRedirectWalledGardenEnabled: true
urlRedirectWalledGardenRanges:
- 192.168.1.0/24
voiceVlanClients: true
- name: Update by id
cisco.meraki.networks_switch_access_policies:
meraki_api_key: "{{meraki_api_key}}"
meraki_base_url: "{{meraki_base_url}}"
meraki_single_request_timeout: "{{meraki_single_request_timeout}}"
meraki_certificate_path: "{{meraki_certificate_path}}"
meraki_requests_proxy: "{{meraki_requests_proxy}}"
meraki_wait_on_rate_limit: "{{meraki_wait_on_rate_limit}}"
meraki_nginx_429_retry_wait_time: "{{meraki_nginx_429_retry_wait_time}}"
meraki_action_batch_retry_wait_time: "{{meraki_action_batch_retry_wait_time}}"
meraki_retry_4xx_error: "{{meraki_retry_4xx_error}}"
meraki_retry_4xx_error_wait_time: "{{meraki_retry_4xx_error_wait_time}}"
meraki_maximum_retries: "{{meraki_maximum_retries}}"
meraki_output_log: "{{meraki_output_log}}"
meraki_log_file_prefix: "{{meraki_log_file_prefix}}"
meraki_log_path: "{{meraki_log_path}}"
meraki_print_console: "{{meraki_print_console}}"
meraki_suppress_logging: "{{meraki_suppress_logging}}"
meraki_simulate: "{{meraki_simulate}}"
meraki_be_geo_id: "{{meraki_be_geo_id}}"
meraki_use_iterator_for_get_pages: "{{meraki_use_iterator_for_get_pages}}"
meraki_inherit_logging_config: "{{meraki_inherit_logging_config}}"
state: present
accessPolicyNumber: string
accessPolicyType: Hybrid authentication
dot1x:
controlDirection: inbound
guestPortBouncing: false
guestVlanId: 100
hostMode: Single-Host
increaseAccessSpeed: false
name: 'Access policy #1'
networkId: string
radius:
criticalAuth:
dataVlanId: 100
suspendPortBounce: true
voiceVlanId: 100
failedAuthVlanId: 100
reAuthenticationInterval: 120
radiusAccountingEnabled: true
radiusAccountingServers:
- host: 1.2.3.4
port: 22
secret: secret
radiusCoaSupportEnabled: false
radiusGroupAttribute: '11'
radiusServers:
- host: 1.2.3.4
port: 22
secret: secret
radiusTestingEnabled: false
urlRedirectWalledGardenEnabled: true
urlRedirectWalledGardenRanges:
- 192.168.1.0/24
voiceVlanClients: true
- name: Delete by id
cisco.meraki.networks_switch_access_policies:
meraki_api_key: "{{meraki_api_key}}"
meraki_base_url: "{{meraki_base_url}}"
meraki_single_request_timeout: "{{meraki_single_request_timeout}}"
meraki_certificate_path: "{{meraki_certificate_path}}"
meraki_requests_proxy: "{{meraki_requests_proxy}}"
meraki_wait_on_rate_limit: "{{meraki_wait_on_rate_limit}}"
meraki_nginx_429_retry_wait_time: "{{meraki_nginx_429_retry_wait_time}}"
meraki_action_batch_retry_wait_time: "{{meraki_action_batch_retry_wait_time}}"
meraki_retry_4xx_error: "{{meraki_retry_4xx_error}}"
meraki_retry_4xx_error_wait_time: "{{meraki_retry_4xx_error_wait_time}}"
meraki_maximum_retries: "{{meraki_maximum_retries}}"
meraki_output_log: "{{meraki_output_log}}"
meraki_log_file_prefix: "{{meraki_log_file_prefix}}"
meraki_log_path: "{{meraki_log_path}}"
meraki_print_console: "{{meraki_print_console}}"
meraki_suppress_logging: "{{meraki_suppress_logging}}"
meraki_simulate: "{{meraki_simulate}}"
meraki_be_geo_id: "{{meraki_be_geo_id}}"
meraki_use_iterator_for_get_pages: "{{meraki_use_iterator_for_get_pages}}"
meraki_inherit_logging_config: "{{meraki_inherit_logging_config}}"
state: absent
accessPolicyNumber: string
networkId: string
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
A dictionary or list with the response returned by the Cisco Meraki Python SDK Returned: always Sample: |