:source: fortiswitch_switch_acl_ingress.py :orphan: .. fortiswitch_switch_acl_ingress: fortiswitch_switch_acl_ingress -- Ingress Policy configuration in Fortinet's FortiSwitch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. versionadded:: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module is able to configure a FortiSwitch device by allowing the user to set and modify switch_acl feature and ingress category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v7.0.0 Requirements ------------ The below requirements are needed on the host that executes this module. - ansible>=2.16 FortiSwitch Version Compatibility --------------------------------- .. raw:: html

	Supported Version Ranges
fortiswitch_switch_acl_ingress	`v7.0.0 -> 7.4.3`

Parameters ---------- .. raw:: html

enable_log - Enable/Disable logging for task. type: bool required: false default: False
member_path - Member attribute path to operate on. type: str
member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
switch_acl_ingress - Ingress Policy configuration. type: dict

action - Actions for the policy. type: dict

cos_queue - COS queue number (0 - 7), or unset to disable. type: int
count - Count enable/disable action. type: str choices: enable, disable
count_type - Count-type(two colors): all, green, yellow, or red. type: str choices: all, green, yellow, red
cpu_cos_queue - CPU COS queue number(17 - 25). Only if packets reach to CPU. type: int
drop - Drop enable/disable action. type: str choices: enable, disable
egress_mask - List of physical ports to be configured in egress mask. type: list

member_name - Physical port name. type: str

mirror - Mirror session name. type: str
outer_vlan_tag - Outer vlan tag. type: int
policer - Policer id. type: int
redirect - Redirect interface name. type: str
redirect_bcast_cpu - Redirect broadcast to all ports including CPU. type: str choices: enable, disable
redirect_bcast_no_cpu - Redirect broadcast to all ports excluding CPU. type: str choices: enable, disable
redirect_physical_port - List of physical ports to redirect. type: list

member_name - Physical port name. type: str

remark_cos - Remark CoS value (0 - 7), or unset to disable. type: int
remark_dscp - Remark DSCP value (0 - 63), or unset to disable. type: int

classifier - Match-conditions for the policy. type: dict

cos - 802.1Q CoS value to be matched. type: int
dscp - DSCP value to be matched. type: int
dst_ip6_prefix - Destination-ip6 address to be matched. type: str
dst_ip_prefix - Destination-ip address to be matched. type: str
dst_mac - Destination mac address to be matched. type: str
ether_type - Ether type to be matched. type: int
l3_interface - l3 interface name. type: str
service - Service name. type: str
src_ip6_prefix - Source-ip6 address to be matched. type: str
src_ip_prefix - Source-ip address to be matched. type: str
src_mac - Source mac address to be matched. type: str
vlan_id - Vlan id to be matched. type: int

description - Description of the policy. type: str
group - Group ID of the policy. type: int
id - Ingress policy ID. type: int required: true
ingress_interface - Interface list to which policy is bound on the ingress. type: list

member_name - Interface name. type: str

ingress_interface_all - Select all interface. type: str choices: enable, disable
schedule - schedule list. type: list

schedule_name - Schedule name. type: str

status - Set policy status. type: str choices: active, inactive

Examples -------- .. code-block:: yaml+jinja - name: Ingress Policy configuration. fortinet.fortiswitch.fortiswitch_switch_acl_ingress: state: "present" switch_acl_ingress: action: cos_queue: "3" count: "enable" count_type: "all" cpu_cos_queue: "12" drop: "enable" egress_mask: - member_name: " (source switch.physical-port.name)" mirror: " (source switch.mirror.name)" outer_vlan_tag: "2047" policer: "13 (source switch.acl.policer.id)" redirect: " (source switch.physical-port.name switch.trunk.name)" redirect_bcast_cpu: "enable" redirect_bcast_no_cpu: "enable" redirect_physical_port: - member_name: " (source switch.physical-port.name)" remark_cos: "3" remark_dscp: "31" classifier: cos: "3" dscp: "31" dst_ip6_prefix: "" dst_ip_prefix: "" dst_mac: "" ether_type: "32767" l3_interface: " (source system.interface.name)" service: " (source switch.acl.service.custom.name)" src_ip6_prefix: "" src_ip_prefix: "" src_mac: "" vlan_id: "2047" description: "" group: "35" id: "36" ingress_interface: - member_name: " (source switch.physical-port.name switch.trunk.name)" ingress_interface_all: "enable" schedule: - schedule_name: " (source system.schedule.onetime.name system.schedule.recurring.name system.schedule.group.name)" status: "active" Return Values ------------- Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: .. raw:: html

build - Build number of the fortiSwitch image returned: always type: str sample: 1547
http_method - Last method used to provision the content into FortiSwitch returned: always type: str sample: PUT
http_status - Last result given by FortiSwitch on last operation applied returned: always type: str sample: 200
mkey - Master key (id) used in the last call to FortiSwitch returned: success type: str sample: id
name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
serial - Serial number of the unit returned: always type: str sample: FS1D243Z13000122
status - Indication of the operation's result returned: always type: str sample: success
version - Version of the FortiSwitch returned: always type: str sample: v7.0.0

Status ------ - This module is not guaranteed to have a backwards compatible interface. Authors ------- - Link Zheng (@chillancezen) - Jie Xue (@JieX19) - Hongbin Lu (@fgtdev-hblu) - Frank Shen (@frankshen01) - Miguel Angel Munoz (@mamunozgonzalez) .. hint:: If you notice any issues in this documentation, feel free to create a pull request to improve it.