cisco.dnac.authentication_policy_servers module – Resource module for Authentication Policy Servers
Note
This module is part of the cisco.dnac collection (version 6.22.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install cisco.dnac.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: cisco.dnac.authentication_policy_servers.
New in cisco.dnac 3.1.0
Synopsis
Manage operations create, update and delete of the resource Authentication Policy Servers.
API to add AAA/ISE server access configuration. Protocol can be configured as either RADIUS OR TACACS OR RADIUS_TACACS. If configuring Cisco ISE server, after configuration, use ‘Cisco ISE Server Integration Status’ Intent API to check the integration status. Based on integration status, if require use ‘Accept Cisco ISE Server Certificate for Cisco ISE Server Integration’ Intent API to accept the Cisco ISE certificate for Cisco ISE server integration, then use again ‘Cisco ISE Server Integration Status’ Intent API to check the integration status.
API to delete AAA/ISE server access configuration.
API to edit AAA/ISE server access configuration. After edit, use ‘Cisco ISE Server Integration Status’ Intent API to check the integration status.
Note
This module has a corresponding action plugin.
Requirements
The below requirements are needed on the host that executes this module.
dnacentersdk >= 2.7.2
python >= 3.5
Parameters
Parameter |
Comments |
|---|---|
Accounting port of RADIUS server (readonly). The range is from 1 to 65535. E.g. 1813. |
|
Authentication port of RADIUS server (readonly). The range is from 1 to 65535. E.g. 1812. |
|
Authentication Policy Servers’s ciscoIseDtos. |
|
Description about the Cisco ISE server. |
|
Fully-qualified domain name of the Cisco ISE server (readonly). E.g. Xi-62.my.com. |
|
IP Address of the Cisco ISE Server (readonly). |
|
Password of the Cisco ISE server. |
|
SSH key of the Cisco ISE server. |
|
Subscriber name of the Cisco ISE server (readonly). E.g. Pxgrid_client_1662589467. |
|
User name of the Cisco ISE server. |
|
Flag for Cisco DNA Center SDK to enable debugging. Choices:
|
|
The Cisco DNA Center hostname. |
|
The Cisco DNA Center password to authenticate. |
|
The Cisco DNA Center port. Default: |
|
The Cisco DNA Center username to authenticate. Default: |
|
Flag to enable or disable SSL certificate verification. Choices:
|
|
Informs the SDK which version of Cisco DNA Center to use. Default: |
|
Encryption key used to encrypt shared secret (readonly). |
|
Type of encryption scheme for additional security (readonly). |
|
Authentication Policy Servers’s externalCiscoIseIpAddrDtos. |
|
Authentication Policy Servers’s externalCiscoIseIpAddresses. |
|
External IP Address. |
|
Type. |
|
Id path parameter. Authentication and Policy Server Identifier. Use ‘Get Authentication and Policy Servers’ intent API to find the identifier. |
|
IP address of authentication and policy server (readonly). |
|
Value true for Cisco ISE Server (readonly). Default value is false. Choices:
|
|
Message key used to encrypt shared secret (readonly). |
|
Port of TACACS server (readonly). The range is from 1 to 65535. |
|
Type of protocol for authentication and policy server. If already saved with RADIUS, can update to RADIUS_TACACS. If already saved with TACACS, can update to RADIUS_TACACS. |
|
Value true for enable, false for disable. Default value is true. Choices:
|
|
Number of communication retries between devices and authentication and policy server. The range is from 1 to 3. |
|
Role of authentication and policy server (readonly). E.g. Primary, secondary. |
|
Shared secret between devices and authentication and policy server (readonly). |
|
Number of seconds before timing out between devices and authentication and policy server. The range is from 2 to 20. |
|
Value true to use DNAC certificate for Pxgrid. Default value is false. Choices:
|
|
Flag for Cisco DNA Center SDK to enable the validation of request bodies against a JSON schema. Choices:
|
Notes
Note
SDK Method used are system_settings.SystemSettings.add_authentication_and_policy_server_access_configuration, system_settings.SystemSettings.delete_authentication_and_policy_server_access_configuration, system_settings.SystemSettings.edit_authentication_and_policy_server_access_configuration,
Paths used are post /dna/intent/api/v1/authentication-policy-servers, delete /dna/intent/api/v1/authentication-policy-servers/{id}, put /dna/intent/api/v1/authentication-policy-servers/{id},
Does not support
check_modeThe plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco DNAC SDK
The parameters starting with dnac_ are used by the Cisco DNAC Python SDK to establish the connection
See Also
See also
- Cisco DNA Center documentation for System Settings AddAuthenticationAndPolicyServerAccessConfiguration
Complete reference of the AddAuthenticationAndPolicyServerAccessConfiguration API.
- Cisco DNA Center documentation for System Settings DeleteAuthenticationAndPolicyServerAccessConfiguration
Complete reference of the DeleteAuthenticationAndPolicyServerAccessConfiguration API.
- Cisco DNA Center documentation for System Settings EditAuthenticationAndPolicyServerAccessConfiguration
Complete reference of the EditAuthenticationAndPolicyServerAccessConfiguration API.
Examples
- name: Create
cisco.dnac.authentication_policy_servers:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
state: present
accountingPort: 0
authenticationPort: 0
ciscoIseDtos:
- description: string
fqdn: string
ipAddress: string
password: string
sshkey: string
subscriberName: string
userName: string
encryptionKey: string
encryptionScheme: string
externalCiscoIseIpAddrDtos:
- externalCiscoIseIpAddresses:
- externalIpAddress: string
type: string
ipAddress: string
isIseEnabled: true
messageKey: string
port: 0
protocol: string
pxgridEnabled: true
retries: string
role: string
sharedSecret: string
timeoutSeconds: string
useDnacCertForPxgrid: true
- name: Delete by id
cisco.dnac.authentication_policy_servers:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
state: absent
id: string
- name: Update by id
cisco.dnac.authentication_policy_servers:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
state: present
accountingPort: 0
authenticationPort: 0
ciscoIseDtos:
- description: string
fqdn: string
ipAddress: string
password: string
sshkey: string
subscriberName: string
userName: string
encryptionKey: string
encryptionScheme: string
externalCiscoIseIpAddrDtos:
- externalCiscoIseIpAddresses:
- externalIpAddress: string
type: string
id: string
ipAddress: string
isIseEnabled: true
messageKey: string
port: 0
protocol: string
pxgridEnabled: true
retries: string
role: string
sharedSecret: string
timeoutSeconds: string
useDnacCertForPxgrid: true
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
A dictionary or list with the response returned by the Cisco DNAC Python SDK Returned: always Sample: |