eos_acl_interfaces¶
Collection Note
This module is part of the arista.eos collection. To install the collection, use:
Added in version1.0.0.
Synopsis¶
- This module manages adding and removing Access Control Lists (ACLs) from interfaces on devices running EOS software.
Parameters¶
| Parameter | Defaults / Choices | Comments |
|---|---|---|
| config list / elements=dict |
A dictionary of ACL options for interfaces. | |
| config.access_groups | Specifies ACLs attached to the interfaces. | |
| config.name | Name/Identifier for the interface. | |
| running_config str |
The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The I(running_config) argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command | |
| state str |
Default: merged Choices: merged, replaced, overridden, deleted, gathered, parsed, rendered |
The state the configuration should be left in. |
Examples¶
# Using Merged
# Before state:
# -------------
#
# eos#sh running-config | include interface|access-group
# interface Ethernet1
# interface Ethernet2
# interface Ethernet3
- name: Merge module attributes of given access-groups
arista.eos.eos_acl_interfaces:
config:
- name: Ethernet2
access_groups:
- afi: ipv4
acls:
name: acl01
direction: in
- afi: ipv6
acls:
name: acl03
direction: out
state: merged
# Commands Fired:
# ---------------
#
# interface Ethernet2
# ip access-group acl01 in
# ipv6 access-group acl03 out
# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 in
# ipv6 access-group acl03 out
# interface Ethernet3
# Using Replaced
# Before state:
# -------------
#
# eos#sh running-config | include interface|access-group
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 in
# ipv6 access-group acl03 out
# interface Ethernet3
# ip access-group acl01 in
- name: Replace module attributes of given access-groups
arista.eos.eos_acl_interfaces:
config:
- name: Ethernet2
access_groups:
- afi: ipv4
acls:
name: acl01
direction: out
state: replaced
# Commands Fired:
# ---------------
#
# interface Ethernet2
# no ip access-group acl01 in
# no ipv6 access-group acl03 out
# ip access-group acl01 out
# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 out
# interface Ethernet3
# ip access-group acl01 in
# Using Overridden
# Before state:
# -------------
#
# eos#sh running-config | include interface|access-group
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 in
# ipv6 access-group acl03 out
# interface Ethernet3
# ip access-group acl01 in
- name: Override module attributes of given access-groups
arista.eos.eos_acl_interfaces:
config:
- name: Ethernet2
access_groups:
- afi: ipv4
acls:
name: acl01
direction: out
state: overridden
# Commands Fired:
# ---------------
#
# interface Ethernet2
# no ip access-group acl01 in
# no ipv6 access-group acl03 out
# ip access-group acl01 out
# interface Ethernet3
# no ip access-group acl01 in
# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 out
# interface Ethernet3
# Using Deleted
# Before state:
# -------------
#
# eos#sh running-config | include interface|access-group
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 in
# ipv6 access-group acl03 out
# interface Ethernet3
# ip access-group acl01 out
- name: Delete module attributes of given access-groups
arista.eos.eos_acl_interfaces:
config:
- name: Ethernet2
access_groups:
- afi: ipv4
acls:
name: acl01
direction: in
- afi: ipv6
acls:
name: acl03
direction: out
state: deleted
# Commands Fired:
# ---------------
#
# interface Ethernet2
# no ip access-group acl01 in
# no ipv6 access-group acl03 out
# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
# interface Ethernet3
# ip access-group acl01 out
# Before state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 in
# ipv6 access-group acl03 out
# interface Ethernet3
# ip access-group acl01 out
- name: Delete module attributes of given access-groups from ALL Interfaces
arista.eos.eos_acl_interfaces:
config:
state: deleted
# Commands Fired:
# ---------------
#
# interface Ethernet2
# no ip access-group acl01 in
# no ipv6 access-group acl03 out
# interface Ethernet3
# no ip access-group acl01 out
# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
# interface Ethernet3
# Before state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 in
# ipv6 access-group acl03 out
# interface Ethernet3
# ip access-group acl01 out
- name: Delete acls under afi
arista.eos.eos_acl_interfaces:
config:
- name: Ethernet3
access_groups:
- afi: ipv4
- name: Ethernet2
access_groups:
- afi: ipv6
state: deleted
# Commands Fired:
# ---------------
#
# interface Ethernet2
# no ipv6 access-group acl03 out
# interface Ethernet3
# no ip access-group acl01 out
# After state:
# -------------
#
# eos#sh running-config | include interface| access-group
# interface Loopback888
# interface Ethernet1
# interface Ethernet2
# ip access-group acl01 in
# interface Ethernet3
Return Values¶
| Key | Data Type | Description | Returned |
|---|---|---|---|
| after | list | The resulting configuration model invocation. | when changed |
| before | list | The configuration prior to the model invocation. | always |
| commands | list | The set of commands pushed to the remote device. | always |
Authors¶
- Gomathiselvi S (@gomathiselvis)