Added in version 1.8
-Configure the acl issue to be applied to the interface.
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| name | no | Full name of the interface | ||
| state | no | present |
|
Desired state for the interface configuration |
| ruleid | no | The ID of rule | ||
| scripaddr | no | Ip source address of rule | ||
| action | no |
|
Action of the rule | |
| appdirec | no |
|
Direction Applied to the interface | |
| groupcg | no |
|
ACL groupacategory | |
| hostname | yes | IP Address or hostname of the Comware v7 device that has NETCONF enabled | ||
| username | yes | Username used to login to the switch | ||
| password | yes | Password used to login to the switch | ||
| port | no | 830 | The Comware port used to connect to the switch | |
| look_for_keys | no | False | Whether searching for discoverable private key files in ~/.ssh/ |
# deploy advanced ACL (IPv4 advanced ACL 3000 to 3999)
- comware_acl: aclid=3010 groupcg=advanced appdirec=inbound username={{ username }} password={{ password }} hostname={{ inventory_hostname }}
# deploy basic ACL (IPv4 basic ACL 2000 to 2999)
- comware_acl: aclid=2010 groupcg=advanced appdirec=inbound username={{ username }} password={{ password }} hostname={{ inventory_hostname }}
# delete advanced ACL
- comware_acl: aclid=3010 groupcg=advanced state=absent username={{ username }} password={{ password }} hostname={{ inventory_hostname }}
# create rule
- comware_acl: aclid=3010 groupcg=advanced ruleid=0 action=deny scripaddr=10.1.1.1 username={{ username }} password={{ password }} hostname={{ inventory_hostname }}
# apply ACL to interface
- comware_acl: aclid=3010 groupcg=advanced name=hun1/2/2 appdirec=inbound username={{ username }} password={{ password }} hostname={{ inventory_hostname }}
# delete rule
- comware_acl: aclid=3010 ruleid=0 state=absent username={{ username }} password={{ password }} hostname={{ inventory_hostname }}
#delete interface ACL application
- comware_acl: aclid=3010 name=hun1/2/2 appdirec=inbound state=absent username={{ username }} password={{ password }} hostname={{ inventory_hostname }}
Note
When using this feature, "acliid" and "groupcg" are required parameters.You must select a groupcategory when configurating the acl.If you want to configure rule,you need to configure the acl first.The rule value range 0 to 65535.The value 65535 is an invalid rule ID.If you want to configure acl advanded,the acl id rang from 3000 to 3999.If you want to configure acl basic,the acl id rang from 2000 to 2999.When you want to create an rule, you must have a "aclid" and "action" and "scripaddr".When you want to apply an rule to the interface, you must configure "aclid" and "groupcg".You cannot have a "groupcg" parameter when deleting a rule.