junipernetworks.junos.junos_acl_interfaces 模块 – ACL 接口资源模块
注意
此模块是 junipernetworks.junos 集合 (版本 9.1.0) 的一部分。
如果您使用的是 ansible 软件包,则可能已经安装了此集合。它不包含在 ansible-core 中。要检查它是否已安装,请运行 ansible-galaxy collection list。
要安装它,请使用:ansible-galaxy collection install junipernetworks.junos。您需要其他要求才能使用此模块,有关详细信息,请参阅 要求。
要在剧本中使用它,请指定:junipernetworks.junos.junos_acl_interfaces。
junipernetworks.junos 1.0.0 中的新增功能
概要
此模块管理在运行 Juniper JUNOS 的设备上向接口添加和删除访问控制列表 (ACL)。
要求
执行此模块的主机需要以下要求。
ncclient (>=v0.6.4)
xmltodict (>=0.12.0)
参数
参数 |
注释 |
|---|---|
接口的 ACL 选项字典。 |
|
指定附加到接口的 ACL。 |
|
指定提供的 AFI 的 ACL。 |
|
指定将应用 ACL 的数据包的方向。 选项
|
|
指定接口的 IPv4/IPv6 ACL 的名称。 |
|
指定要在该接口上配置的 ACL 的 AFI。 选项
|
|
接口的名称/标识符。 |
|
此选项仅与状态 parsed 一起使用。 此选项的值应为通过执行命令 **show interfaces** 从 Junos 设备接收到的输出。 状态 parsed 从 |
|
配置应保留的状态。 选项
|
备注
注意
此模块要求在被管理的设备上启用 netconf 系统服务。
此模块与连接
netconf配合使用。请参阅 Junos OS 平台选项。针对 JunOS v18.4R1 进行了测试
示例
# Using deleted
# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# filter {
# input inbound_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
- name: Delete JUNOS L3 interface filter
junipernetworks.junos.junos_acl_interfaces:
config:
- name: ge-1/0/0
access_groups:
- afi: ipv4
acls:
- name: inbound_acl
direction: in
- name: outbound_acl
direction: out
state: deleted
# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
# Using merged
# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface without filter";
# unit 0 {
# family inet {
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
- name: Merge JUNOS L3 interface filter
junipernetworks.junos.junos_acl_interfaces:
config:
- name: ge-1/0/0
access_groups:
- afi: ipv4
acls:
- name: inbound_acl
direction: in
- name: outbound_acl
direction: out
state: merged
# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# filter {
# input inbound_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
# Using overridden
# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface without filter";
# unit 0 {
# family inet {
# filter {
# input foo_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
- name: Override JUNOS L3 interface filter
junipernetworks.junos.junos_acl_interfaces:
config:
- name: ge-1/0/0
access_groups:
- afi: ipv4
acls:
- name: inbound_acl
direction: in
- name: outbound_acl
direction: out
state: overridden
# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# filter {
# input inbound_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
# Using replaced
# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface without filter";
# unit 0 {
# family inet {
# filter {
# input foo_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
- name: Replace JUNOS L3 interface filter
junipernetworks.junos.junos_acl_interfaces:
config:
- name: ge-1/0/0
access_groups:
- afi: ipv4
acls:
- name: inbound_acl
direction: in
state: replaced
# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
# description "L3 interface with filter";
# unit 0 {
# family inet {
# filter {
# input inbound_acl;
# output outbound_acl;
# }
# address 100.64.0.1/10;
# address 100.64.0.2/10;
# }
# family inet6;
# }
返回值
常见返回值在此处有记录 此处,以下是此模块特有的字段
键 |
描述 |
|---|---|
生成的配置模型调用。 返回:已更改时 示例: |
|
模型调用之前的配置。 返回:始终返回 示例: |
|
推送到远程设备的命令集。 返回:始终返回 示例: |