ce_acl – Manages base ACL configuration on HUAWEI CloudEngine switches

New in version 2.4.

Synopsis

  • Manages base ACL configurations on HUAWEI CloudEngine switches.

Parameters

Parameter Choices/Defaults Comments
acl_description
-
ACL description. The value is a string of 1 to 127 characters.
acl_name
- / required
ACL number or name. For a numbered rule group, the value ranging from 2000 to 2999 indicates a basic ACL. For a named rule group, the value is a string of 1 to 32 case-sensitive characters starting with a letter, spaces not supported.
acl_num
-
ACL number. The value is an integer ranging from 2000 to 2999.
acl_step
-
ACL step. The value is an integer ranging from 1 to 20. The default value is 5.
frag_type
-
    Choices:
  • fragment
  • clear_fragment
Type of packet fragmentation.
log_flag
boolean
    Choices:
  • no ←
  • yes
Flag of logging matched data packets.
rule_action
-
    Choices:
  • permit
  • deny
Matching mode of basic ACL rules.
rule_description
-
Description about an ACL rule. The value is a string of 1 to 127 characters.
rule_id
-
ID of a basic ACL rule in configuration mode. The value is an integer ranging from 0 to 4294967294.
rule_name
-
Name of a basic ACL rule. The value is a string of 1 to 32 characters. The value is case-insensitive, and cannot contain spaces or begin with an underscore (_).
source_ip
-
Source IP address. The value is a string of 0 to 255 characters.The default value is 0.0.0.0. The value is in dotted decimal notation.
src_mask
-
Mask of a source IP address. The value is an integer ranging from 1 to 32.
state
-
    Choices:
  • present ←
  • absent
  • delete_acl
Specify desired state of the resource.
time_range
-
Name of a time range in which an ACL rule takes effect. The value is a string of 1 to 32 characters. The value is case-insensitive, and cannot contain spaces. The name must start with an uppercase or lowercase letter. In addition, the word "all" cannot be specified as a time range name.
vrf_name
-
VPN instance name. The value is a string of 1 to 31 characters.The default value is _public_.

Notes

Note

  • This module requires the netconf system service be enabled on the remote device being managed.

  • Recommended connection is netconf.

  • This module also works with local connections for legacy playbooks.

Examples

- name: CloudEngine acl test
  hosts: cloudengine
  connection: local
  gather_facts: no
  vars:
    cli:
      host: "{{ inventory_hostname }}"
      port: "{{ ansible_ssh_port }}"
      username: "{{ username }}"
      password: "{{ password }}"
      transport: cli

  tasks:

  - name: "Config ACL"
    ce_acl:
      state: present
      acl_name: 2200
      provider: "{{ cli }}"

  - name: "Undo ACL"
    ce_acl:
      state: delete_acl
      acl_name: 2200
      provider: "{{ cli }}"

  - name: "Config ACL base rule"
    ce_acl:
      state: present
      acl_name: 2200
      rule_name: test_rule
      rule_id: 111
      rule_action: permit
      source_ip: 10.10.10.10
      src_mask: 24
      frag_type: fragment
      time_range: wdz_acl_time
      provider: "{{ cli }}"

  - name: "undo ACL base rule"
    ce_acl:
      state: absent
      acl_name: 2200
      rule_name: test_rule
      rule_id: 111
      rule_action: permit
      source_ip: 10.10.10.10
      src_mask: 24
      frag_type: fragment
      time_range: wdz_acl_time
      provider: "{{ cli }}"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
changed
boolean
always
check to see if a change was made on the device

Sample:
True
end_state
dictionary
always
k/v pairs of aaa params after module execution
existing
dictionary
always
k/v pairs of existing aaa server

Sample:
{'aclNumOrName': 'test', 'aclType': 'Basic'}
proposed
dictionary
always
k/v pairs of parameters passed into module

Sample:
{'acl_name': 'test', 'state': 'delete_acl'}
updates
list
always
command sent to the device

Sample:
['undo acl name test']


Status

Authors

  • wangdezhuang (@QijunPan)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.