arista.eos.eos_acl_interfaces 模块 – ACL 接口资源模块
注意
此模块是 arista.eos 集合(版本 10.0.1)的一部分。
如果您使用的是 ansible 包,您可能已经安装了此集合。它不包含在 ansible-core 中。要检查它是否已安装,请运行 ansible-galaxy collection list。
要安装它,请使用: ansible-galaxy collection install arista.eos。
要在 playbook 中使用它,请指定: arista.eos.eos_acl_interfaces。
arista.eos 1.0.0 中的新增功能
概要
此模块管理在运行 EOS 软件的设备上添加和删除接口上的访问控制列表 (ACL)。
参数
参数 |
注释 |
|---|---|
接口的 ACL 选项字典。 |
|
指定附加到接口的 ACL。 |
|
指定提供的 AFI 的 ACL。 |
|
指定 ACL 将应用的数据包方向。 选择
|
|
指定接口的 IPv4/IPv4 ACL 的名称。 |
|
指定要在此接口上配置的 ACL 的 AFI。 选择
|
|
接口的名称/标识符。 |
|
默认情况下,该模块将连接到远程设备并检索当前的运行配置,以用作与源内容进行比较的基础。有时,不希望任务在 playbook 中的每个任务都获取当前的运行配置。running_config 参数允许实施者传入配置,以用作比较的基础配置。此选项的值应该是通过执行命令从设备接收的输出。 |
|
配置应保持的状态。 选择
|
示例
# Using Merged
# Before state:
# -------------
#
# eos#sh running-config | include interface|access-group
# interface Ethernet1
# interface Ethernet2
# interface Ethernet3
- name: Merge module attributes of given access-groups
arista.eos.eos_acl_interfaces:
config:
- name: Ethernet2
access_groups:
- afi: ipv4
acls:
name: acl01
direction: in
- afi: ipv6
acls:
name: acl03
direction: out
state: merged
# Commands Fired:
# ---------------
#
# interface Ethernet2
# ip access-group acl01 in
# ipv6 access-group acl03 out
# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 in
# ipv6 access-group acl03 out
# interface Ethernet3
# Using Replaced
# Before state:
# -------------
#
# eos#sh running-config | include interface|access-group
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 in
# ipv6 access-group acl03 out
# interface Ethernet3
# ip access-group acl01 in
- name: Replace module attributes of given access-groups
arista.eos.eos_acl_interfaces:
config:
- name: Ethernet2
access_groups:
- afi: ipv4
acls:
name: acl01
direction: out
state: replaced
# Commands Fired:
# ---------------
#
# interface Ethernet2
# no ip access-group acl01 in
# no ipv6 access-group acl03 out
# ip access-group acl01 out
# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 out
# interface Ethernet3
# ip access-group acl01 in
# Using Overridden
# Before state:
# -------------
#
# eos#sh running-config | include interface|access-group
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 in
# ipv6 access-group acl03 out
# interface Ethernet3
# ip access-group acl01 in
- name: Override module attributes of given access-groups
arista.eos.eos_acl_interfaces:
config:
- name: Ethernet2
access_groups:
- afi: ipv4
acls:
name: acl01
direction: out
state: overridden
# Commands Fired:
# ---------------
#
# interface Ethernet2
# no ip access-group acl01 in
# no ipv6 access-group acl03 out
# ip access-group acl01 out
# interface Ethernet3
# no ip access-group acl01 in
# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 out
# interface Ethernet3
# Using Deleted
# Before state:
# -------------
#
# eos#sh running-config | include interface|access-group
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 in
# ipv6 access-group acl03 out
# interface Ethernet3
# ip access-group acl01 out
- name: Delete module attributes of given access-groups
arista.eos.eos_acl_interfaces:
config:
- name: Ethernet2
access_groups:
- afi: ipv4
acls:
name: acl01
direction: in
- afi: ipv6
acls:
name: acl03
direction: out
state: deleted
# Commands Fired:
# ---------------
#
# interface Ethernet2
# no ip access-group acl01 in
# no ipv6 access-group acl03 out
# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
# interface Ethernet3
# ip access-group acl01 out
# Before state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 in
# ipv6 access-group acl03 out
# interface Ethernet3
# ip access-group acl01 out
- name: Delete module attributes of given access-groups from ALL Interfaces
arista.eos.eos_acl_interfaces:
config:
state: deleted
# Commands Fired:
# ---------------
#
# interface Ethernet2
# no ip access-group acl01 in
# no ipv6 access-group acl03 out
# interface Ethernet3
# no ip access-group acl01 out
# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
# interface Ethernet3
# Before state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 in
# ipv6 access-group acl03 out
# interface Ethernet3
# ip access-group acl01 out
- name: Delete acls under afi
arista.eos.eos_acl_interfaces:
config:
- name: Ethernet3
access_groups:
- afi: ipv4
- name: Ethernet2
access_groups:
- afi: ipv6
state: deleted
# Commands Fired:
# ---------------
#
# interface Ethernet2
# no ipv6 access-group acl03 out
# interface Ethernet3
# no ip access-group acl01 out
# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 in
# interface Ethernet3
返回值
常见的返回值记录在此处,以下是此模块特有的字段
键 |
描述 |
|---|---|
生成的配置模型调用。 返回:当更改时 示例: |
|
模型调用之前的配置。 返回:总是 示例: |
|
推送到远程设备的命令集。 返回:总是 示例: |