cisco.intersight.intersight_vlan_policy module – Manage VLAN Policies and VLANs for Cisco Intersight

Note

This module is part of the cisco.intersight collection (version 2.2.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cisco.intersight.

To use it in a playbook, specify: cisco.intersight.intersight_vlan_policy.

Synopsis

  • Create, update, and delete VLAN Policies on Cisco Intersight.

  • Manage individual VLANs within VLAN policies.

  • Supports both regular VLANs and Private VLANs (Primary, Isolated, Community) configurations.

  • VLAN policies define network segmentation and can be attached to LAN Connectivity policies and Server Profiles.

  • For more information see Cisco Intersight.

Parameters

Parameter

Comments

api_key_id

string / required

Public API Key ID associated with the private key.

If not set, the value of the INTERSIGHT_API_KEY_ID environment variable is used.

api_private_key

path / required

Filename (absolute path) or string of PEM formatted private key data to be used for Intersight API authentication.

If a string is used, Ansible vault should be used to encrypt string data.

Ex. ansible-vault encrypt_string –vault-id tme@/Users/dsoper/Documents/vault_password_file ‘—–BEGIN EC PRIVATE KEY—–

<your private key data>

—–END EC PRIVATE KEY—–’

If not set, the value of the INTERSIGHT_API_PRIVATE_KEY environment variable is used.

api_uri

string

URI used to access the Intersight API.

If not set, the value of the INTERSIGHT_API_URI environment variable is used.

Default: "https://intersight.com/api/v1"

description

aliases: descr

string

The user-defined description for the VLAN Policy.

Description can contain letters(a-z, A-Z), numbers(0-9), hyphen(-), period(.), colon(:), or an underscore(_).

name

string / required

The name assigned to the VLAN Policy.

Must be unique within the organization.

The name must be between 1 and 62 alphanumeric characters, allowing special characters :-_.

organization

string

The name of the Organization this resource is assigned to.

Policies created within a Custom Organization are applicable only to devices in the same Organization.

Use ‘default’ for the default organization.

Default: "default"

state

string

If present, will verify the resource is present and will create if needed.

If absent, will verify the resource is absent and will delete if needed.

Choices:

  • "present" ← (default)

  • "absent"

tags

list / elements=dictionary

List of tags in Key:<user-defined key> Value:<user-defined value> format.

use_proxy

boolean

If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts.

Choices:

  • false

  • true ← (default)

validate_certs

boolean

Boolean control for verifying the api_uri TLS certificate

Choices:

  • false

  • true ← (default)

vlans

list / elements=dictionary

List of VLANs to be created and attached to the VLAN policy.

Each VLAN will be named as prefix_vlan_id (e.g., prod_100).

Leave empty to create a policy without VLANs for manual configuration later.

boolean

Whether to automatically allow this VLAN on uplinks.

Choices:

  • false

  • true ← (default)

enable_sharing

boolean

When selected, enables Private VLAN sharing options.

Choices:

  • false ← (default)

  • true

is_native

boolean

Whether this VLAN is the native VLAN for the fabric interconnect domain.

Choices:

  • false ← (default)

  • true

multicast_policy_name

string

Name of the multicast policy to associate with this VLAN.

Required when enable_sharing is false.

prefix

string / required

Prefix for the VLAN name.

Combined with vlan_id to create the full VLAN name (prefix_vlan_id).

primary_vlan_id

integer

The Primary VLAN ID of the VLAN, if the sharing type of the VLAN is Isolated or Community.

sharing_type

string

Type of VLAN sharing when enable_sharing is true.

Choices:

  • "Primary"

  • "Isolated"

  • "Community"

state

string

Whether to create/update or delete the VLAN.

Choices:

  • "present" ← (default)

  • "absent"

vlan_id

integer / required

Enter a valid VLAN ID or ID range between 2 and 4093. You can enter a range of IDs using a hyphen, and you can enter multiple IDs or ID ranges separated by commas.

Examples of valid VLAN IDs or ID ranges are 50, 200, 2000-2100. You cannot use VLANs from 4043-4047, 4094, and 4095 because these IDs are reserved for system use.

You can create a maximum of 3000 VLANs at a time.

VLAN ID number (1-4094).

Must be unique within the fabric interconnect domain.

Examples

- name: Create a VLAN Policy with multiple VLANs
  cisco.intersight.intersight_vlan_policy:
    api_private_key: "{{ api_private_key }}"
    api_key_id: "{{ api_key_id }}"
    organization: "default"
    name: "datacenter-vlan-policy"
    description: "VLAN policy for datacenter infrastructure"
    tags:
      - Key: "Environment"
        Value: "Production"
      - Key: "Site"
        Value: "DataCenter-A"
    vlans:
      - prefix: "prod"
        vlan_id: 100
        auto_allow_on_uplinks: true
        enable_sharing: false
        multicast_policy_name: "default-multicast-policy"
      - prefix: "dev"
        vlan_id: 200
        auto_allow_on_uplinks: false
        enable_sharing: false
        multicast_policy_name: "default-multicast-policy"
      - prefix: "mgmt"
        vlan_id: 300
        auto_allow_on_uplinks: true
        enable_sharing: false
        multicast_policy_name: "default-multicast-policy"
        is_native: true
    state: present

- name: Create a VLAN Policy with VLAN sharing (Private VLANs)
  cisco.intersight.intersight_vlan_policy:
    api_private_key: "{{ api_private_key }}"
    api_key_id: "{{ api_key_id }}"
    organization: "default"
    name: "private-vlan-policy"
    description: "Policy with private VLAN configuration"
    vlans:
      - prefix: "primary"
        vlan_id: 79
        enable_sharing: true
        sharing_type: "Primary"
        auto_allow_on_uplinks: true
      - prefix: "isolated"
        vlan_id: 90
        enable_sharing: true
        sharing_type: "Isolated"
        primary_vlan_id: 79
        auto_allow_on_uplinks: true
      - prefix: "community"
        vlan_id: 91
        enable_sharing: true
        sharing_type: "Community"
        primary_vlan_id: 79
        auto_allow_on_uplinks: true
    state: present

- name: Create a VLAN Policy with mixed configurations
  cisco.intersight.intersight_vlan_policy:
    api_private_key: "{{ api_private_key }}"
    api_key_id: "{{ api_key_id }}"
    organization: "Engineering"
    name: "mixed-vlan-policy"
    description: "Mixed configuration with shared and non-shared VLANs"
    vlans:
      - prefix: "web"
        vlan_id: 10
        auto_allow_on_uplinks: true
        enable_sharing: false
        multicast_policy_name: "web-multicast-policy"
      - prefix: "db"
        vlan_id: 20
        auto_allow_on_uplinks: false
        enable_sharing: false
        state: absent
        multicast_policy_name: "db-multicast-policy"
      - prefix: "dmz_primary"
        vlan_id: 50
        enable_sharing: true
        sharing_type: "Primary"
        auto_allow_on_uplinks: true
        state: present
      - prefix: "dmz_isolated"
        vlan_id: 51
        enable_sharing: true
        sharing_type: "Isolated"
        primary_vlan_id: 50
        auto_allow_on_uplinks: true
    state: present

- name: Create a VLAN Policy with minimal configuration (policy only)
  cisco.intersight.intersight_vlan_policy:
    api_private_key: "{{ api_private_key }}"
    api_key_id: "{{ api_key_id }}"
    name: "empty-vlan-policy"
    description: "Empty policy for manual VLAN configuration"
    state: present

- name: Update an existing VLAN Policy
  cisco.intersight.intersight_vlan_policy:
    api_private_key: "{{ api_private_key }}"
    api_key_id: "{{ api_key_id }}"
    name: "datacenter-vlan-policy"
    description: "Updated description for datacenter infrastructure"
    tags:
      - Key: "Environment"
        Value: "Production"
      - Key: "Site"
        Value: "DataCenter-A"
      - Key: "Updated"
        Value: "2024-01-01"
    state: present

- name: Delete a VLAN Policy
  cisco.intersight.intersight_vlan_policy:
    api_private_key: "{{ api_private_key }}"
    api_key_id: "{{ api_key_id }}"
    name: "datacenter-vlan-policy"
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

api_repsonse

dictionary

The API response output returned by the specified resource.

Returned: always

Sample: {"api_response": {"Name": "test_vlan_policy", "ObjectType": "fabric.EthNetworkPolicy", "Tags": [{"Key": "Site", "Value": "DataCenter-A"}]}}

Authors

  • Ron Gershburg (@rgershbu)