community.network.ce_acl – Manages base ACL configuration on HUAWEI CloudEngine switches.

Note

This plugin is part of the community.network collection (version 3.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.network.

To use it in a playbook, specify: community.network.ce_acl.

Synopsis

  • Manages base ACL configurations on HUAWEI CloudEngine switches.

Parameters

Parameter Choices/Defaults Comments
acl_description
string
ACL description. The value is a string of 1 to 127 characters.
acl_name
string / required
ACL number or name. For a numbered rule group, the value ranging from 2000 to 2999 indicates a basic ACL. For a named rule group, the value is a string of 1 to 32 case-sensitive characters starting with a letter, spaces not supported.
acl_num
string
ACL number. The value is an integer ranging from 2000 to 2999.
acl_step
string
ACL step. The value is an integer ranging from 1 to 20. The default value is 5.
frag_type
string
    Choices:
  • fragment
  • clear_fragment
Type of packet fragmentation.
log_flag
boolean
    Choices:
  • no
  • yes
Flag of logging matched data packets.
rule_action
string
    Choices:
  • permit
  • deny
Matching mode of basic ACL rules.
rule_description
string
Description about an ACL rule. The value is a string of 1 to 127 characters.
rule_id
string
ID of a basic ACL rule in configuration mode. The value is an integer ranging from 0 to 4294967294.
rule_name
string
Name of a basic ACL rule. The value is a string of 1 to 32 characters. The value is case-insensitive, and cannot contain spaces or begin with an underscore (_).
source_ip
string
Source IP address. The value is a string of 0 to 255 characters.The default value is 0.0.0.0. The value is in dotted decimal notation.
src_mask
string
Mask of a source IP address. The value is an integer ranging from 1 to 32.
state
string
    Choices:
  • present
  • absent
  • delete_acl
Specify desired state of the resource.
time_range
string
Name of a time range in which an ACL rule takes effect. The value is a string of 1 to 32 characters. The value is case-insensitive, and cannot contain spaces. The name must start with an uppercase or lowercase letter. In addition, the word "all" cannot be specified as a time range name.
vrf_name
string
VPN instance name. The value is a string of 1 to 31 characters.The default value is _public_.

Notes

Note

  • This module requires the netconf system service be enabled on the remote device being managed.
  • Recommended connection is netconf.
  • This module also works with local connections for legacy playbooks.

Examples

- name: CloudEngine acl test
  hosts: cloudengine
  connection: local
  gather_facts: no
  vars:
    cli:
      host: "{{ inventory_hostname }}"
      port: "{{ ansible_ssh_port }}"
      username: "{{ username }}"
      password: "{{ password }}"
      transport: cli

  tasks:

  - name: "Config ACL"
    community.network.ce_acl:
      state: present
      acl_name: 2200
      provider: "{{ cli }}"

  - name: "Undo ACL"
    community.network.ce_acl:
      state: delete_acl
      acl_name: 2200
      provider: "{{ cli }}"

  - name: "Config ACL base rule"
    community.network.ce_acl:
      state: present
      acl_name: 2200
      rule_name: test_rule
      rule_id: 111
      rule_action: permit
      source_ip: 10.10.10.10
      src_mask: 24
      frag_type: fragment
      time_range: wdz_acl_time
      provider: "{{ cli }}"

  - name: "undo ACL base rule"
    community.network.ce_acl:
      state: absent
      acl_name: 2200
      rule_name: test_rule
      rule_id: 111
      rule_action: permit
      source_ip: 10.10.10.10
      src_mask: 24
      frag_type: fragment
      time_range: wdz_acl_time
      provider: "{{ cli }}"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
changed
boolean
always
check to see if a change was made on the device

Sample:
True
end_state
dictionary
always
k/v pairs of aaa params after module execution

existing
dictionary
always
k/v pairs of existing aaa server

Sample:
{'aclNumOrName': 'test', 'aclType': 'Basic'}
proposed
dictionary
always
k/v pairs of parameters passed into module

Sample:
{'acl_name': 'test', 'state': 'delete_acl'}
updates
list / elements=string
always
command sent to the device

Sample:
['undo acl name test']


Authors

  • wangdezhuang (@QijunPan)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/network/ce_acl_module.html