Documentation

aci_filter_entry - Manage filter entries on Cisco ACI fabrics (vz:Entry)

New in version 2.4.

Synopsis

Requirements (on host that executes module)

  • Tested with ACI Fabric 1.0(3f)+

Options

parameter required default choices comments
arp_flag
 no unspecified
  • arp_reply
  • arp_request
  • unspecified
The arp flag to use when the ether_type is arp.
The APIC defaults new Filter Entries to unspecified.
description
 no
Description for the Filter Entry.

aliases: descr
dst_port
 no unspecified
  • Valid TCP/UDP Port Ranges
Used to set both destination start and end ports to the same value when ip_protocol is tcp or udp.
The APIC defaults new Filter Entries to unspecified.
dst_port_end
 no unspecified
  • Valid TCP/UDP Port Ranges
Used to set the destination end port when ip_protocol is tcp or udp.
The APIC defaults new Filter Entries to unspecified.
dst_port_start
 no unspecified
  • Valid TCP/UDP Port Ranges
Used to set the destination start port when ip_protocol is tcp or udp.
The APIC defaults new Filter Entries to unspecified.
entry
 no
Then name of the Filter Entry.

aliases: entry_name, filter_entry, name
ether_type
 no unspecified
  • arp
  • fcoe
  • ip
  • mac_security
  • mpls_ucast
  • trill
  • unspecified
The Ethernet type.
The APIC defaults new Filter Entries to unspecified.
filter
 no
The name of Filter that the entry should belong to.

aliases: filter_name
hostname
 yes
IP Address or hostname of APIC resolvable by Ansible control host.

aliases: host
icmp6_msg_type
 no unspecified
  • dst_unreachable
  • echo_request
  • echo_reply
  • neighbor_advertisement
  • neighbor_solicitation
  • redirect
  • time_exceeded
  • unspecified
ICMPv6 message type; used when ip_protocol is icmpv6.
The APIC defaults new Filter Entries to unspecified.
icmp_msg_type
 no unspecified
  • dst_unreachable
  • echo
  • echo_reply
  • src_quench
  • time_exceeded
  • unspecified
ICMPv4 message type; used when ip_protocol is icmp.
The APIC defaults new Filter Entries to unspecified.
ip_protocol
 no unspecified
  • eigrp
  • egp
  • icmp
  • icmpv6
  • igmp
  • igp
  • l2tp
  • ospfigp
  • pim
  • tcp
  • udp
  • unspecified
The IP Protocol type when ether_type is ip.
The APIC defaults new Filter Entries to unspecified.
password
 yes
The password to use for authentication.
state
 no present
  • absent
  • present
  • query
present, absent, query
stateful
 no
Determines the statefulness of the filter entry.
tenant
 no
The name of the tenant.

aliases: tenant_name
timeout
 no 30
The socket level timeout in seconds.
use_proxy
 no yes
  • yes
  • no
If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts.
use_ssl
 no yes
  • yes
  • no
If no, an HTTP connection will be used instead of the default HTTPS connection.
username
 yes admin
The username to use for authentication.

aliases: user
validate_certs
 no yes
  • yes
  • no
If no, SSL certificates will not be validated.
This should only set to no used on personally controlled sites using self-signed certificates.

Examples

- aci_filter_entry:
    action: "{{ action }}"
    entry: "{{ entry }}"
    tenant: "{{ tenant }}"
    ether_name: "{{  ether_name }}"
    icmp_msg_type: "{{ icmp_msg_type }}"
    filter: "{{ filter }}"
    descr: "{{ descr }}"
    host: "{{ inventory_hostname }}"
    username: "{{ user }}"
    password: "{{ pass }}"
    protocol: "{{ protocol }}"

Notes

Note

  • The tenant and filter used must exist before using this module in your playbook. The aci_tenant and aci_filter modules can be used for this.
  • By default, if an environment variable <protocol>_proxy is set on the target host, requests will be sent through that proxy. This behaviour can be overridden by setting a variable for this task (see setting the environment), or by using the use_proxy option.
  • HTTP redirects can redirect from HTTP to HTTPS so you should be sure that your proxy environment for both protocols is correct.

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.