dellemc.enterprise_sonic.sonic_pms module – Configure interface mode port security settings on SONiC.
Note
This module is part of the dellemc.enterprise_sonic collection (version 3.2.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install dellemc.enterprise_sonic.
To use it in a playbook, specify: dellemc.enterprise_sonic.sonic_pms.
New in dellemc.enterprise_sonic 3.1.0
Synopsis
This module provides configuration management of port security interface mode parameters on devices running SONiC.
Configure switchport before configuring port security in interfaces.
Parameters
Parameter |
Comments |
|---|---|
Specifies the port security interface configurations. |
|
Maximum no. of secure MACs allowed on the interface. (1 to 4097) If port_security_enable=True and max_allowed_macs not configured, default is |
|
Full name of the interface, i.e. Ethernet1. |
|
Enables port security at interface level. If port_security_enable=False, entire port security configurations will be deleted. Choices:
|
|
Enable sticky MAC feature on the interface. If port_security_enable=True and sticky_mac not configured, default is Choices:
|
|
Configure the action to be taken in the event of security violation.
If port_security_enable=True and violation not configured, default is Choices:
|
|
Specifies the operation to be performed on the port security related interfaces configured on the device. In case of merged, the input configuration will be merged with the existing port security interfaces related configuration on the device. In case of deleted, the existing OSPFv2 interfaces configuration will be removed from the device. In case of overridden, all the existing OSPFv2 interfaces configuration will be deleted and the specified input configuration will be installed. In case of replaced, the existing interface configuration on the device will be replaced by the configuration in the playbook for each interface group configured by the playbook. Choices:
|
Notes
Note
Supports
check_mode.Tested against Enterprise SONiC Distribution by Dell Technologies.
Examples
# Using "deleted" state
# Before state:
# -------------
#
# sonic# show port-security
#
# Secure Port isEnabled MaxSecureAddr FdbCount ViolationCount SecurityAction StickyMac
# ---------------------------------------------------------------------------------------------------------
# Ethernet0 Y 1 0 0 PROTECT N
# Ethernet10 N 1 0 0 PROTECT Y
# sonic#
- name: Delete the PMS configurations
sonic_pms:
config:
- name: 'Ethernet0'
port_security_enable: true
- name: 'Ethernet10'
port_security_enable: false
sticky_mac: true
state: deleted
# After state:
# ------------
#
# sonic# show port-security
#
# Secure Port isEnabled MaxSecureAddr FdbCount ViolationCount SecurityAction StickyMac
# ---------------------------------------------------------------------------------------------------------
# Ethernet10 N 1 0 0 PROTECT N
# sonic#
# Using "deleted" state
# Before state:
# -------------
#
# sonic# show port-security
#
# Secure Port isEnabled MaxSecureAddr FdbCount ViolationCount SecurityAction StickyMac
# ---------------------------------------------------------------------------------------------------------
# Ethernet0 Y 1 0 0 PROTECT N
# Ethernet3 Y 10 0 0 PROTECT N
# Ethernet4 N 15 0 0 SHUTDOWN N
# Ethernet5 Y 30 0 0 SHUTDOWN N
# Ethernet10 N 1 0 0 PROTECT Y
# sonic#
- name: Delete all the PMS configurations
sonic_pms:
config: []
state: deleted
# After state:
# ------------
#
# sonic# show port-security
# sonic#
# Using "merged" state
# Before state:
# -------------
#
# sonic# show port-security
# sonic#
- name: Add the PMS configurations new to interfaces
sonic_pms:
config:
- name: 'Ethernet0'
sticky_mac: true
port_security_enable: true
max_allowed_macs: 10
- name: 'Ethernet3'
port_security_enable: false
max_allowed_macs: 10
- name: 'Ethernet4'
port_security_enable: true
violation: SHUTDOWN
state: merged
# After state:
# ------------
#
# sonic# show port-security
#
# Secure Port isEnabled MaxSecureAddr FdbCount ViolationCount SecurityAction StickyMac
# ---------------------------------------------------------------------------------------------------------
# Ethernet0 Y 10 0 0 PROTECT Y
# Ethernet3 N 10 0 0 PROTECT N
# Ethernet4 Y 1 0 0 SHUTDOWN N
# sonic#
# Using "merged" state
# Before state:
# -------------
#
# sonic# show port-security
#
# Secure Port isEnabled MaxSecureAddr FdbCount ViolationCount SecurityAction StickyMac
# ---------------------------------------------------------------------------------------------------------
# Ethernet0 Y 10 0 0 PROTECT Y
# Ethernet3 N 10 0 0 PROTECT N
# Ethernet4 Y 1 0 0 SHUTDOWN N
# sonic#
- name: Disable a PMS interface by merge
sonic_pms:
config:
- name: 'Ethernet10'
port_security_enable: false
max_allowed_macs: 12
violation: SHUTDOWN
sticky_mac: true
- name: 'Ethernet4'
port_security_enable: false
state: merged
# After state:
# ------------
#
# sonic# show port-security
#
# Secure Port isEnabled MaxSecureAddr FdbCount ViolationCount SecurityAction StickyMac
# ---------------------------------------------------------------------------------------------------------
# Ethernet0 Y 10 0 0 PROTECT Y
# Ethernet3 N 10 0 0 PROTECT N
# Ethernet10 N 12 0 0 SHUTDOWN Y
# sonic#
# Using "replaced" state
# Before state:
# -------------
#
# sonic# show port-security
#
# Secure Port isEnabled MaxSecureAddr FdbCount ViolationCount SecurityAction StickyMac
# ---------------------------------------------------------------------------------------------------------
# Ethernet0 Y 1 0 0 PROTECT N
# Ethernet3 Y 10 0 0 PROTECT N
# Ethernet4 N 15 0 0 SHUTDOWN N
# Ethernet5 Y 30 0 0 SHUTDOWN N
# Ethernet10 N 12 0 0 SHUTDOWN Y
# sonic#
- name: Replace the PMS configurations by interface level
sonic_pms:
config:
- name: 'Ethernet10'
port_security_enable: true
- name: 'Ethernet3'
port_security_enable: false
violation: 'PROTECT'
sticky_mac: true
- name: 'Ethernet7'
port_security_enable: true
state: replaced
# After state:
# ------------
#
# sonic# show port-security
#
# Secure Port isEnabled MaxSecureAddr FdbCount ViolationCount SecurityAction StickyMac
# ---------------------------------------------------------------------------------------------------------
# Ethernet0 Y 1 0 0 PROTECT N
# Ethernet3 N 10 0 0 PROTECT Y
# Ethernet4 N 15 0 0 SHUTDOWN N
# Ethernet5 Y 30 0 0 SHUTDOWN N
# Ethernet7 Y 1 0 0 PROTECT N
# Ethernet10 Y 1 0 0 PROTECT N
# sonic#
# Using "overridden" state
# Before state:
# -------------
#
# sonic# show port-security
#
# Secure Port isEnabled MaxSecureAddr FdbCount ViolationCount SecurityAction StickyMac
# ---------------------------------------------------------------------------------------------------------
# Ethernet0 Y 1 0 0 PROTECT N
# Ethernet3 Y 10 0 0 PROTECT N
# Ethernet4 N 15 0 0 SHUTDOWN N
# Ethernet5 Y 30 0 0 SHUTDOWN N
# Ethernet10 N 12 0 0 SHUTDOWN Y
# sonic#
- name: Override the PMS configurations
sonic_pms:
config:
- name: 'Ethernet7'
port_security_enable: true
- name: 'Ethernet10'
port_security_enable: false
max_allowed_macs: 12
violation: SHUTDOWN
sticky_mac: true
state: overridden
# After state:
# ------------
#
# sonic# show port-security
#
# Secure Port isEnabled MaxSecureAddr FdbCount ViolationCount SecurityAction StickyMac
# ---------------------------------------------------------------------------------------------------------
# Ethernet7 Y 1 0 0 PROTECT N
# Ethernet10 N 12 0 0 SHUTDOWN Y
# sonic#
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The configuration resulting from module invocation. Returned: when changed Sample: |
|
The configuration that would be generated by non-check-mode module invocation. Returned: when Sample: |
|
The configuration prior to the module invocation. Returned: always Sample: |
|
The set of commands pushed to the remote device. Returned: always Sample: |