cisco.dnac.ise_radius_integration_workflow_manager module – Resource module for Authentication and Policy Servers
Note
This module is part of the cisco.dnac collection (version 6.25.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cisco.dnac
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: cisco.dnac.ise_radius_integration_workflow_manager
.
New in cisco.dnac 6.14.0
Synopsis
Manage operations on Authentication and Policy Servers.
API to create Authentication and Policy Server Access Configuration.
API to update Authentication and Policy Server Access Configuration.
API to delete Authentication and Policy Server Access Configuration.
Requirements
The below requirements are needed on the host that executes this module.
dnacentersdk >= 2.7.2
python >= 3.9
Parameters
Parameter |
Comments |
---|---|
List of details of Authentication and Policy Servers being managed. |
|
Manages the Authentication and Policy Servers. |
|
Accounting port of RADIUS server. Updation of accounting port is not possible. Accounting port should be from 1 to 65535. Default: |
|
Authentication port of RADIUS server. Updation of authentication port is not possible. Authentication port should be from 1 to 65535. Default: |
|
List of Cisco ISE Data Transfer Objects (DTOs). Required when server_type is set to ISE. |
|
Description about the Cisco ISE server. |
|
Fully-qualified domain name of the Cisco ISE server. Required for passing the cisco_ise_dtos. |
|
IP Address of the Cisco ISE Server. Required for passing the cisco_ise_dtos. |
|
Password of the Cisco ISE server. Password must have 4 to 127 characters with no spaces or the following characters - “<”. Required for passing the cisco_ise_dtos. |
|
SSH key of the Cisco ISE server. |
|
User name of the Cisco ISE server. Required for passing the cisco_ise_dtos. |
|
Encryption key used to encrypt shared secret. Updation of encryption scheme is not possible. Required when encryption_scheme is provided. When ASCII format is selected, Encryption Key may contain alphanumeric and special characters. Key must be 16 char long. |
|
Type of encryption scheme for additional security. If encryption scheme is given, then message authenticator code and encryption keys need to be required. Updation of encryption scheme is not possible. KEYWRAP is used for securely wrapping and unwrapping encryption keys, ensuring their confidentiality during transmission or storage. RADSEC is an extension of RADIUS that provides secure communication between RADIUS clients and servers over TLS/SSL. Enhances enhancing the confidentiality and integrity of authentication and accounting data exchange. Choices:
|
|
External Cisco ISE IP address data transfer objects for future use. |
|
External Cisco ISE IP addresses. |
|
External Cisco ISE IP address. |
|
Type of the Authentication and Policy Server. |
|
Indicates the sleep time after initiating the Cisco ISE integration process. Maximum sleep time should be less or equal to 120 seconds. Default: |
|
Message key used to encrypt shared secret. Updation of message key is not possible. Required when encryption_scheme is provided. Message Authentication Code Key may contain alphanumeric and special characters. Key must be 20 char long. |
|
Type of protocol for authentication and policy server. RADIUS provides centralized services (AAA) for users in remote access scenarios. TACACS focuses on access control and administrative authentication for network devices. Choices:
|
|
Set True to enable the Pxgrid and False to disable the Pxgrid. Pxgrid is available only for the Cisco ISE Servers. PxGrid facilitates seamless integration and information sharing across products, enhancing threat detection and response capabilities within the network ecosystem. Choices:
|
|
Number of communication retries between devices and authentication and policy server. Retries should be from 1 to 3. Default: |
|
Role of authentication and policy server. Updation of role is not possible Default: |
|
IP Address of the Authentication and Policy Server. |
|
Type of the Authentication and Policy Server. ISE for Cisco ISE servers. AAA for Non-Cisco ISE servers. Choices:
|
|
Shared secret between devices and authentication and policy server. Shared secret must have 4 to 100 characters with no spaces or the following characters - [”<”, “?”]. Shared secret is a Read-Only parameter. |
|
Number of seconds before timing out between devices and authentication and policy server. Timeout should be from 2 to 20. Default: |
|
Indicates whether the certificate is trustworthy for the server. Serves as a validation of its authenticity and reliability in secure connections. Choices:
|
|
Set True to use the Cisco Catalyst Center certificate for the Pxgrid. Choices:
|
|
Set to True to verify the Cisco Catalyst Center after applying the playbook config. Choices:
|
|
Defines the timeout in seconds for API calls to retrieve task details. If the task details are not received within this period, the process will end, and a timeout notification will be logged. Default: |
|
Indicates whether debugging is enabled in the Cisco Catalyst Center SDK. Choices:
|
|
The hostname of the Cisco Catalyst Center. |
|
Flag to enable/disable playbook execution logging. When true and dnac_log_file_path is provided, - Create the log file at the execution location with the specified name. When true and dnac_log_file_path is not provided, - Create the log file at the execution location with the name ‘dnac.log’. When false, - Logging is disabled. If the log file doesn’t exist, - It is created in append or write mode based on the “dnac_log_append” flag. If the log file exists, - It is overwritten or appended based on the “dnac_log_append” flag. Choices:
|
|
Determines the mode of the file. Set to True for ‘append’ mode. Set to False for ‘write’ mode. Choices:
|
|
Governs logging. Logs are recorded if dnac_log is True. If path is not specified, - When ‘dnac_log_append’ is True, ‘dnac.log’ is generated in the current Ansible directory; logs are appended. - When ‘dnac_log_append’ is False, ‘dnac.log’ is generated; logs are overwritten. If path is specified, - When ‘dnac_log_append’ is True, the file opens in append mode. - When ‘dnac_log_append’ is False, the file opens in write (w) mode. - In shared file scenarios, without append mode, content is overwritten after each module execution. - For a shared log file, set append to False for the 1st module (to overwrite); for subsequent modules, set append to True. Default: |
|
Sets the threshold for log level. Messages with a level equal to or higher than this will be logged. Levels are listed in order of severity [CRITICAL, ERROR, WARNING, INFO, DEBUG]. CRITICAL indicates serious errors halting the program. Displays only CRITICAL messages. ERROR indicates problems preventing a function. Displays ERROR and CRITICAL messages. WARNING indicates potential future issues. Displays WARNING, ERROR, CRITICAL messages. INFO tracks normal operation. Displays INFO, WARNING, ERROR, CRITICAL messages. DEBUG provides detailed diagnostic info. Displays all log messages. Default: |
|
The password for authentication at the Cisco Catalyst Center. |
|
Specifies the port number associated with the Cisco Catalyst Center. Default: |
|
Specifies the interval in seconds between successive calls to the API to retrieve task details. Default: |
|
The username for authentication at the Cisco Catalyst Center. Default: |
|
Flag to enable or disable SSL certificate verification. Choices:
|
|
Specifies the version of the Cisco Catalyst Center that the SDK should use. Default: |
|
The state of Cisco Catalyst Center after module completion. Choices:
|
|
Flag for Cisco Catalyst Center SDK to enable the validation of request bodies against a JSON schema. Choices:
|
Notes
Note
SDK Method used are system_settings.SystemSettings.add_authentication_and_policy_server_access_configuration, system_settings.SystemSettings.edit_authentication_and_policy_server_access_configuration, system_settings.SystemSettings.accept_cisco_ise_server_certificate_for_cisco_ise_server_integration, system_settings.SystemSettings.delete_authentication_and_policy_server_access_configuration, system_settings.SystemSettings.get_authentication_and_policy_servers, system_settings.SystemSettings.cisco_ise_server_integration_status,
Paths used are post /dna/intent/api/v1/authentication-policy-servers, put /dna/intent/api/v1/authentication-policy-servers/${id}, put /dna/intent/api/v1/integrate-ise/${id}, delete /dna/intent/api/v1/authentication-policy-servers/${id} get /dna/intent/api/v1/authentication-policy-servers get /dna/intent/api/v1/ise-integration-status
Does not support
check_mode
The plugin runs on the control node and does not use any ansible connection plugins instead embedded connection manager from Cisco Catalyst Center SDK
The parameters starting with dnac_ are used by the Cisco Catalyst Center Python SDK to establish the connection
Examples
- name: Create an AAA server.
cisco.dnac.ise_radius_integration_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log: True
dnac_log_level: "{{ dnac_log_level }}"
state: merged
config_verify: True
config:
- authentication_policy_server:
- server_type: AAA
server_ip_address: 10.0.0.1
shared_secret: "12345"
protocol: RADIUS_TACACS
encryption_scheme: KEYWRAP
encryption_key: "1234567890123456"
message_authenticator_code_key: asdfghjklasdfghjklas
authentication_port: 1812
accounting_port: 1813
retries: 3
timeout: 4
role: secondary
- name: Create an Cisco ISE server.
cisco.dnac.ise_radius_integration_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log: True
dnac_log_level: "{{ dnac_log_level }}"
state: merged
config_verify: True
config:
- authentication_policy_server:
- server_type: ISE
server_ip_address: 10.0.0.2
shared_secret: "12345"
protocol: RADIUS_TACACS
encryption_scheme: KEYWRAP
encryption_key: "1234567890123456"
message_authenticator_code_key: asdfghjklasdfghjklas
authentication_port: 1812
accounting_port: 1813
retries: 3
timeout: 4
role: primary
use_dnac_cert_for_pxgrid: False
pxgrid_enabled: True
cisco_ise_dtos:
- user_name: Cisco ISE
password: "12345"
fqdn: abs.cisco.com
ip_address: 10.0.0.2
description: Cisco ISE
trusted_server: True
ise_integration_wait_time: 20
- name: Update an AAA server.
cisco.dnac.ise_radius_integration_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log: True
dnac_log_level: "{{ dnac_log_level }}"
state: merged
config_verify: True
config:
- authentication_policy_server:
- server_type: AAA
server_ip_address: 10.0.0.1
protocol: RADIUS_TACACS
retries: 3
timeout: 5
- name: Update an Cisco ISE server.
cisco.dnac.ise_radius_integration_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log: True
dnac_log_level: "{{ dnac_log_level }}"
state: merged
config_verify: True
config:
- authentication_policy_server:
- server_type: ISE
server_ip_address: 10.0.0.2
protocol: RADIUS_TACACS
retries: 3
timeout: 5
use_dnac_cert_for_pxgrid: False
pxgrid_enabled: True
cisco_ise_dtos:
- user_name: Cisco ISE
password: "12345"
fqdn: abs.cisco.com
ip_address: 10.0.0.2
description: Cisco ISE
- name: Delete an Authentication and Policy server.
cisco.dnac.ise_radius_integration_workflow_manager:
dnac_host: "{{dnac_host}}"
dnac_username: "{{dnac_username}}"
dnac_password: "{{dnac_password}}"
dnac_verify: "{{dnac_verify}}"
dnac_port: "{{dnac_port}}"
dnac_version: "{{dnac_version}}"
dnac_debug: "{{dnac_debug}}"
dnac_log: True
dnac_log_level: "{{ dnac_log_level }}"
state: deleted
config_verify: True
config:
- authentication_policy_server:
- server_ip_address: 10.0.0.1
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
A dictionary or list with the response returned by the Cisco Catalyst Center Python SDK Returned: always Sample: |
|
A dictionary or list with the response returned by the Cisco Catalyst Center Python SDK Returned: always Sample: |
|
A dictionary or list with the response returned by the Cisco Catalyst Center Python SDK Returned: always Sample: |