:source: fortiswitch_switch_macsec_profile.py :orphan: .. fortiswitch_switch_macsec_profile: fortiswitch_switch_macsec_profile -- MACsec configuration profiles in Fortinet's FortiSwitch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. versionadded:: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module is able to configure a FortiSwitch device by allowing the user to set and modify switch_macsec feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v7.0.0 Requirements ------------ The below requirements are needed on the host that executes this module. - ansible>=2.16 FortiSwitch Version Compatibility --------------------------------- .. raw:: html

	Supported Version Ranges
fortiswitch_switch_macsec_profile	`v7.0.0 -> 7.4.3`

Parameters ---------- .. raw:: html

enable_log - Enable/Disable logging for task. type: bool required: false default: False
member_path - Member attribute path to operate on. type: str
member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
switch_macsec_profile - MACsec configuration profiles. type: dict

cipher_suite - MACsec cipher suite. type: str choices: GCM-AES-128
confident_offset - Choose different confident offset bytes. type: str choices: 0, 30, 50
eap_tls_ca_cert - CA certificate for MACSEC CAK EAP-TLS. type: str
eap_tls_cert - Client certificate for MACSEC CAK EAP-TLS. type: str
eap_tls_identity - Client identity for MACSEC CAK EAP-TLS. type: str
eap_tls_radius_server - Radius Server for MACSEC CAK EAP-TLS. type: str
encrypt_traffic - Enable/disable Encryption of MACsec traffic. type: str choices: enable, disable
include_macsec_sci - Include MACsec TX SCI. type: str choices: enable, disable
include_mka_icv_ind - Include MKA ICV indicator. type: str choices: enable, disable
macsec_mode - Set mode of the MACsec Profile. type: str choices: static-cak, dynamic-cak, fortilink
macsec_validate - Choose different MACsec validate mode. type: str choices: strict
mka_priority - MACsec MKA priority. type: int
mka_psk - MACsec MKA pre-shared key configuration. type: list

crypto_alg - PSK crypto algorithm. type: str choices: AES_128_CMAC, AES_256_CMAC
mka_cak - MKA CAK pre-shared key hex string. type: str
mka_ckn - MKA CKN pre-shared key hex string. type: str
name - pre-shared-key name. type: str
status - Status of this PSK. type: str choices: active

mka_sak_rekey_time - MACsec MKA Session SAK rekey timer. type: int
name - Profile name. type: str required: true
replay_protect - Enable/disable MACsec replay protection. type: str choices: enable, disable
replay_window - MACsec replay window size. type: int
status - Enable/disable this Profile. type: str choices: enable, disable
traffic_policy - MACsec traffic policy configuration. type: list

exclude_protocol - Exclude protocols that should not be MACsec-secured. type: str choices: ipv4, ipv6, dot1q, qinq, fortilink, arp, stp, lldp, lacp
name - Traffic policy type name. type: str
security_policy - Must/Should secure the traffic. type: str choices: must-secure
status - Enable/disable this Traffic policy. type: str choices: enable

Examples -------- .. code-block:: yaml+jinja - name: MACsec configuration profiles. fortinet.fortiswitch.fortiswitch_switch_macsec_profile: state: "present" switch_macsec_profile: cipher_suite: "GCM-AES-128" confident_offset: "0" eap_tls_ca_cert: "" eap_tls_cert: "" eap_tls_identity: "" eap_tls_radius_server: "" encrypt_traffic: "enable" include_macsec_sci: "enable" include_mka_icv_ind: "enable" macsec_mode: "static-cak" macsec_validate: "strict" mka_priority: "127" mka_psk: - crypto_alg: "AES_128_CMAC" mka_cak: "" mka_ckn: "" name: "default_name_19" status: "active" mka_sak_rekey_time: "500000" name: "default_name_22" replay_protect: "enable" replay_window: "8388607" status: "enable" traffic_policy: - exclude_protocol: "ipv4" name: "default_name_28" security_policy: "must-secure" status: "enable" Return Values ------------- Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: .. raw:: html

build - Build number of the fortiSwitch image returned: always type: str sample: 1547
http_method - Last method used to provision the content into FortiSwitch returned: always type: str sample: PUT
http_status - Last result given by FortiSwitch on last operation applied returned: always type: str sample: 200
mkey - Master key (id) used in the last call to FortiSwitch returned: success type: str sample: id
name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
serial - Serial number of the unit returned: always type: str sample: FS1D243Z13000122
status - Indication of the operation's result returned: always type: str sample: success
version - Version of the FortiSwitch returned: always type: str sample: v7.0.0

Status ------ - This module is not guaranteed to have a backwards compatible interface. Authors ------- - Link Zheng (@chillancezen) - Jie Xue (@JieX19) - Hongbin Lu (@fgtdev-hblu) - Frank Shen (@frankshen01) - Miguel Angel Munoz (@mamunozgonzalez) .. hint:: If you notice any issues in this documentation, feel free to create a pull request to improve it.