fortinet.fortimanager.fmgr_fsp_vlan_dynamicmapping – no description

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.3).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_fsp_vlan_dynamicmapping.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
adom
string / required
the parameter (adom) in requested url
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
fsp_vlan_dynamicmapping
dictionary
the top level parameters set
_dhcp-status
string
    Choices:
  • disable
  • enable
no description
_scope
list / elements=string
no description
name
string
no description
vdom
string
no description
dhcp-server
dictionary
no description
auto-configuration
string
    Choices:
  • disable
  • enable
Enable/disable auto configuration.
auto-managed-status
string
    Choices:
  • disable
  • enable
Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM.
conflicted-ip-timeout
integer
Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused.
ddns-auth
string
    Choices:
  • disable
  • tsig
DDNS authentication mode.
ddns-key
string
DDNS update key (base 64 encoding).
ddns-keyname
string
DDNS update key name.
ddns-server-ip
string
DDNS server IP.
ddns-ttl
integer
TTL.
ddns-update
string
    Choices:
  • disable
  • enable
Enable/disable DDNS update for DHCP.
ddns-update-override
string
    Choices:
  • disable
  • enable
Enable/disable DDNS update override for DHCP.
ddns-zone
string
Zone of your domain name (ex. DDNS.com).
default-gateway
string
Default gateway IP address assigned by the DHCP server.
dhcp-settings-from-fortiipam
string
    Choices:
  • disable
  • enable
Enable/disable populating of DHCP server settings from FortiIPAM.
dns-server1
string
DNS server 1.
dns-server2
string
DNS server 2.
dns-server3
string
DNS server 3.
dns-server4
string
DNS server 4.
dns-service
string
    Choices:
  • default
  • specify
  • local
Options for assigning DNS servers to DHCP clients.
domain
string
Domain name suffix for the IP addresses that the DHCP server assigns to clients.
enable
string
    Choices:
  • disable
  • enable
no description
exclude-range
list / elements=string
no description
end-ip
string
End of IP range.
id
integer
ID.
start-ip
string
Start of IP range.
filename
string
Name of the boot file on the TFTP server.
forticlient-on-net-status
string
    Choices:
  • disable
  • enable
Enable/disable FortiClient-On-Net service for this DHCP server.
id
integer
ID.
ip-mode
string
    Choices:
  • range
  • usrgrp
Method used to assign client IP.
ip-range
list / elements=string
no description
end-ip
string
End of IP range.
id
integer
ID.
start-ip
string
Start of IP range.
ipsec-lease-hold
integer
DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry).
lease-time
integer
Lease time in seconds, 0 means unlimited.
mac-acl-default-action
string
    Choices:
  • assign
  • block
MAC access control default action (allow or block assigning IP settings).
netmask
string
Netmask assigned by the DHCP server.
next-server
string
IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from.
ntp-server1
string
NTP server 1.
ntp-server2
string
NTP server 2.
ntp-server3
string
NTP server 3.
ntp-service
string
    Choices:
  • default
  • specify
  • local
Options for assigning Network Time Protocol (NTP) servers to DHCP clients.
option1
string
no description
option2
string
no description
option3
string
no description
option4
string
no description
option5
string
no description
option6
string
no description
options
list / elements=string
no description
code
integer
DHCP option code.
id
integer
ID.
ip
string
no description
type
string
    Choices:
  • hex
  • string
  • ip
  • fqdn
DHCP option type.
value
string
DHCP option value.
reserved-address
list / elements=string
no description
action
string
    Choices:
  • assign
  • block
  • reserved
Options for the DHCP server to configure the client with the reserved MAC address.
circuit-id
string
Option 82 circuit-ID of the client that will get the reserved IP address.
circuit-id-type
string
    Choices:
  • hex
  • string
DHCP option type.
description
string
Description.
id
integer
ID.
ip
string
IP address to be reserved for the MAC address.
mac
string
MAC address of the client that will get the reserved IP address.
remote-id
string
Option 82 remote-ID of the client that will get the reserved IP address.
remote-id-type
string
    Choices:
  • hex
  • string
DHCP option type.
type
string
    Choices:
  • mac
  • option82
DHCP reserved-address type.
server-type
string
    Choices:
  • regular
  • ipsec
DHCP server can be a normal DHCP server or an IPsec DHCP server.
status
string
    Choices:
  • disable
  • enable
Enable/disable this DHCP configuration.
tftp-server
string
no description
timezone
string
    Choices:
  • 00
  • 01
  • 02
  • 03
  • 04
  • 05
  • 06
  • 07
  • 08
  • 09
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
Select the time zone to be assigned to DHCP clients.
timezone-option
string
    Choices:
  • disable
  • default
  • specify
Options for the DHCP server to set the clients time zone.
vci-match
string
    Choices:
  • disable
  • enable
Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served.
vci-string
string
no description
wifi-ac-service
string
    Choices:
  • specify
  • local
Options for assigning WiFi Access Controllers to DHCP clients
wifi-ac1
string
WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417).
wifi-ac2
string
WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417).
wifi-ac3
string
WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417).
wins-server1
string
WINS server 1.
wins-server2
string
WINS server 2.
interface
dictionary
no description
dhcp-relay-agent-option
string
    Choices:
  • disable
  • enable
no description
dhcp-relay-ip
string
no description
dhcp-relay-service
string
    Choices:
  • disable
  • enable
no description
dhcp-relay-type
string
    Choices:
  • regular
  • ipsec
no description
ip
string
no description
ipv6
dictionary
no description
autoconf
string
    Choices:
  • disable
  • enable
Enable/disable address auto config.
cli-conn6-status
integer
no description
dhcp6-client-options
list / elements=string
    Choices:
  • rapid
  • iapd
  • iana
  • dns
  • dnsname
no description
dhcp6-information-request
string
    Choices:
  • disable
  • enable
Enable/disable DHCPv6 information request.
dhcp6-prefix-delegation
string
    Choices:
  • disable
  • enable
Enable/disable DHCPv6 prefix delegation.
dhcp6-prefix-hint
string
DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.
dhcp6-prefix-hint-plt
integer
DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time.
dhcp6-prefix-hint-vlt
integer
DHCPv6 prefix hint valid life time (sec).
dhcp6-relay-ip
string
DHCPv6 relay IP address.
dhcp6-relay-service
string
    Choices:
  • disable
  • enable
Enable/disable DHCPv6 relay.
dhcp6-relay-type
string
    Choices:
  • regular
DHCPv6 relay type.
icmp6-send-redirect
string
    Choices:
  • disable
  • enable
Enable/disable sending of ICMPv6 redirects.
interface-identifier
string
IPv6 interface identifier.
ip6-address
string
Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx
ip6-allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • capwap
  • fabric
no description
ip6-default-life
integer
Default life (sec).
ip6-delegated-prefix-list
list / elements=string
no description
autonomous-flag
string
    Choices:
  • disable
  • enable
Enable/disable the autonomous flag.
onlink-flag
string
    Choices:
  • disable
  • enable
Enable/disable the onlink flag.
prefix-id
integer
Prefix ID.
rdnss
string
no description
rdnss-service
string
    Choices:
  • delegated
  • default
  • specify
Recursive DNS service option.
subnet
string
Add subnet ID to routing prefix.
upstream-interface
string
Name of the interface that provides delegated information.
ip6-dns-server-override
string
    Choices:
  • disable
  • enable
Enable/disable using the DNS server acquired by DHCP.
ip6-extra-addr
list / elements=string
no description
prefix
string
IPv6 address prefix.
ip6-hop-limit
integer
Hop limit (0 means unspecified).
ip6-link-mtu
integer
IPv6 link MTU.
ip6-manage-flag
string
    Choices:
  • disable
  • enable
Enable/disable the managed flag.
ip6-max-interval
integer
IPv6 maximum interval (4 to 1800 sec).
ip6-min-interval
integer
IPv6 minimum interval (3 to 1350 sec).
ip6-mode
string
    Choices:
  • static
  • dhcp
  • pppoe
  • delegated
Addressing mode (static, DHCP, delegated).
ip6-other-flag
string
    Choices:
  • disable
  • enable
Enable/disable the other IPv6 flag.
ip6-prefix-list
list / elements=string
no description
autonomous-flag
string
    Choices:
  • disable
  • enable
Enable/disable the autonomous flag.
dnssl
string
no description
onlink-flag
string
    Choices:
  • disable
  • enable
Enable/disable the onlink flag.
preferred-life-time
integer
Preferred life time (sec).
prefix
string
IPv6 prefix.
rdnss
string
no description
valid-life-time
integer
Valid life time (sec).
ip6-prefix-mode
string
    Choices:
  • dhcp6
  • ra
Assigning a prefix from DHCP or RA.
ip6-reachable-time
integer
IPv6 reachable time (milliseconds; 0 means unspecified).
ip6-retrans-time
integer
IPv6 retransmit time (milliseconds; 0 means unspecified).
ip6-send-adv
string
    Choices:
  • disable
  • enable
Enable/disable sending advertisements about the interface.
ip6-subnet
string
Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx
ip6-upstream-interface
string
Interface name providing delegated information.
nd-cert
string
Neighbor discovery certificate.
nd-cga-modifier
string
Neighbor discovery CGA modifier.
nd-mode
string
    Choices:
  • basic
  • SEND-compatible
Neighbor discovery mode.
nd-security-level
integer
Neighbor discovery security level (0 - 7; 0 = least secure, default = 0).
nd-timestamp-delta
integer
Neighbor discovery timestamp delta value (1 - 3600 sec; default = 300).
nd-timestamp-fuzz
integer
Neighbor discovery timestamp fuzz factor (1 - 60 sec; default = 1).
ra-send-mtu
string
    Choices:
  • disable
  • enable
Enable/disable sending link MTU in RA packet.
unique-autoconf-addr
string
    Choices:
  • disable
  • enable
Enable/disable unique auto config address.
vrip6_link_local
string
Link-local IPv6 address of virtual router.
vrrp-virtual-mac6
string
    Choices:
  • disable
  • enable
Enable/disable virtual MAC for VRRP.
vrrp6
list / elements=string
no description
accept-mode
string
    Choices:
  • disable
  • enable
Enable/disable accept mode.
adv-interval
integer
Advertisement interval (1 - 255 seconds).
preempt
string
    Choices:
  • disable
  • enable
Enable/disable preempt mode.
priority
integer
Priority of the virtual router (1 - 255).
start-time
integer
Startup time (1 - 255 seconds).
status
string
    Choices:
  • disable
  • enable
Enable/disable VRRP.
vrdst6
string
Monitor the route to this destination.
vrgrp
integer
VRRP group ID (1 - 65535).
vrid
integer
Virtual router identifier (1 - 255).
vrip6
string
IPv6 address of the virtual router.
secondary-IP
string
    Choices:
  • disable
  • enable
no description
secondaryip
list / elements=string
no description
allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • auto-ipsec
  • radius-acct
  • probe-response
  • capwap
  • dnp
  • ftm
  • fabric
no description
detectprotocol
list / elements=string
    Choices:
  • ping
  • tcp-echo
  • udp-echo
no description
detectserver
string
Gateways ping server for this IP.
gwdetect
string
    Choices:
  • disable
  • enable
Enable/disable detect gateway alive for first.
ha-priority
integer
HA election priority for the PING server.
id
integer
ID.
ip
string
Secondary IP address of the interface.
ping-serv-status
integer
no description
seq
integer
no description
vlanid
integer
no description
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
vlan
string / required
the parameter (vlan) in requested url
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: no description
     fmgr_fsp_vlan_dynamicmapping:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        vlan: <your own value>
        state: <value in [present, absent]>
        fsp_vlan_dynamicmapping:
           _dhcp-status: <value in [disable, enable]>
           _scope:
             -
                 name: <value of string>
                 vdom: <value of string>
           dhcp-server:
              auto-configuration: <value in [disable, enable]>
              auto-managed-status: <value in [disable, enable]>
              conflicted-ip-timeout: <value of integer>
              ddns-auth: <value in [disable, tsig]>
              ddns-key: <value of string>
              ddns-keyname: <value of string>
              ddns-server-ip: <value of string>
              ddns-ttl: <value of integer>
              ddns-update: <value in [disable, enable]>
              ddns-update-override: <value in [disable, enable]>
              ddns-zone: <value of string>
              default-gateway: <value of string>
              dhcp-settings-from-fortiipam: <value in [disable, enable]>
              dns-server1: <value of string>
              dns-server2: <value of string>
              dns-server3: <value of string>
              dns-server4: <value of string>
              dns-service: <value in [default, specify, local]>
              domain: <value of string>
              enable: <value in [disable, enable]>
              exclude-range:
                -
                    end-ip: <value of string>
                    id: <value of integer>
                    start-ip: <value of string>
              filename: <value of string>
              forticlient-on-net-status: <value in [disable, enable]>
              id: <value of integer>
              ip-mode: <value in [range, usrgrp]>
              ip-range:
                -
                    end-ip: <value of string>
                    id: <value of integer>
                    start-ip: <value of string>
              ipsec-lease-hold: <value of integer>
              lease-time: <value of integer>
              mac-acl-default-action: <value in [assign, block]>
              netmask: <value of string>
              next-server: <value of string>
              ntp-server1: <value of string>
              ntp-server2: <value of string>
              ntp-server3: <value of string>
              ntp-service: <value in [default, specify, local]>
              option1: <value of string>
              option2: <value of string>
              option3: <value of string>
              option4: <value of string>
              option5: <value of string>
              option6: <value of string>
              options:
                -
                    code: <value of integer>
                    id: <value of integer>
                    ip: <value of string>
                    type: <value in [hex, string, ip, ...]>
                    value: <value of string>
              reserved-address:
                -
                    action: <value in [assign, block, reserved]>
                    circuit-id: <value of string>
                    circuit-id-type: <value in [hex, string]>
                    description: <value of string>
                    id: <value of integer>
                    ip: <value of string>
                    mac: <value of string>
                    remote-id: <value of string>
                    remote-id-type: <value in [hex, string]>
                    type: <value in [mac, option82]>
              server-type: <value in [regular, ipsec]>
              status: <value in [disable, enable]>
              tftp-server: <value of string>
              timezone: <value in [00, 01, 02, ...]>
              timezone-option: <value in [disable, default, specify]>
              vci-match: <value in [disable, enable]>
              vci-string: <value of string>
              wifi-ac-service: <value in [specify, local]>
              wifi-ac1: <value of string>
              wifi-ac2: <value of string>
              wifi-ac3: <value of string>
              wins-server1: <value of string>
              wins-server2: <value of string>
           interface:
              dhcp-relay-agent-option: <value in [disable, enable]>
              dhcp-relay-ip: <value of string>
              dhcp-relay-service: <value in [disable, enable]>
              dhcp-relay-type: <value in [regular, ipsec]>
              ip: <value of string>
              ipv6:
                 autoconf: <value in [disable, enable]>
                 dhcp6-client-options:
                   - rapid
                   - iapd
                   - iana
                   - dns
                   - dnsname
                 dhcp6-information-request: <value in [disable, enable]>
                 dhcp6-prefix-delegation: <value in [disable, enable]>
                 dhcp6-prefix-hint: <value of string>
                 dhcp6-prefix-hint-plt: <value of integer>
                 dhcp6-prefix-hint-vlt: <value of integer>
                 dhcp6-relay-ip: <value of string>
                 dhcp6-relay-service: <value in [disable, enable]>
                 dhcp6-relay-type: <value in [regular]>
                 icmp6-send-redirect: <value in [disable, enable]>
                 interface-identifier: <value of string>
                 ip6-address: <value of string>
                 ip6-allowaccess:
                   - https
                   - ping
                   - ssh
                   - snmp
                   - http
                   - telnet
                   - fgfm
                   - capwap
                   - fabric
                 ip6-default-life: <value of integer>
                 ip6-delegated-prefix-list:
                   -
                       autonomous-flag: <value in [disable, enable]>
                       onlink-flag: <value in [disable, enable]>
                       prefix-id: <value of integer>
                       rdnss: <value of string>
                       rdnss-service: <value in [delegated, default, specify]>
                       subnet: <value of string>
                       upstream-interface: <value of string>
                 ip6-dns-server-override: <value in [disable, enable]>
                 ip6-extra-addr:
                   -
                       prefix: <value of string>
                 ip6-hop-limit: <value of integer>
                 ip6-link-mtu: <value of integer>
                 ip6-manage-flag: <value in [disable, enable]>
                 ip6-max-interval: <value of integer>
                 ip6-min-interval: <value of integer>
                 ip6-mode: <value in [static, dhcp, pppoe, ...]>
                 ip6-other-flag: <value in [disable, enable]>
                 ip6-prefix-list:
                   -
                       autonomous-flag: <value in [disable, enable]>
                       dnssl: <value of string>
                       onlink-flag: <value in [disable, enable]>
                       preferred-life-time: <value of integer>
                       prefix: <value of string>
                       rdnss: <value of string>
                       valid-life-time: <value of integer>
                 ip6-reachable-time: <value of integer>
                 ip6-retrans-time: <value of integer>
                 ip6-send-adv: <value in [disable, enable]>
                 ip6-subnet: <value of string>
                 ip6-upstream-interface: <value of string>
                 nd-cert: <value of string>
                 nd-cga-modifier: <value of string>
                 nd-mode: <value in [basic, SEND-compatible]>
                 nd-security-level: <value of integer>
                 nd-timestamp-delta: <value of integer>
                 nd-timestamp-fuzz: <value of integer>
                 unique-autoconf-addr: <value in [disable, enable]>
                 vrip6_link_local: <value of string>
                 vrrp-virtual-mac6: <value in [disable, enable]>
                 vrrp6:
                   -
                       accept-mode: <value in [disable, enable]>
                       adv-interval: <value of integer>
                       preempt: <value in [disable, enable]>
                       priority: <value of integer>
                       start-time: <value of integer>
                       status: <value in [disable, enable]>
                       vrdst6: <value of string>
                       vrgrp: <value of integer>
                       vrid: <value of integer>
                       vrip6: <value of string>
                 cli-conn6-status: <value of integer>
                 ip6-prefix-mode: <value in [dhcp6, ra]>
                 ra-send-mtu: <value in [disable, enable]>
              secondary-IP: <value in [disable, enable]>
              secondaryip:
                -
                    allowaccess:
                      - https
                      - ping
                      - ssh
                      - snmp
                      - http
                      - telnet
                      - fgfm
                      - auto-ipsec
                      - radius-acct
                      - probe-response
                      - capwap
                      - dnp
                      - ftm
                      - fabric
                    detectprotocol:
                      - ping
                      - tcp-echo
                      - udp-echo
                    detectserver: <value of string>
                    gwdetect: <value in [disable, enable]>
                    ha-priority: <value of integer>
                    id: <value of integer>
                    ip: <value of string>
                    ping-serv-status: <value of integer>
                    seq: <value of integer>
              vlanid: <value of integer>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)