Resource Type: cisco_ace

Defined in:
lib/puppet/type/cisco_ace.rb
Providers:
cisco

Overview

Manages ACE configuration.

~~~puppet cisco_ace { ‘<afi> <acl_name> <seqno>’:

..attributes..

} ~~~

‘<afi> <acl_name> <seqno>` is the title of the ace resource.

Example:

~~~puppet

cisco_ace { 'ipv4 my_ipv4_acl 10':
  action                                => 'permit',
  proto                                 => 'tcp',
  src_addr                              => '1.2.3.4 2.3.4.5',
  src_port                              => 'eq 40',
  dst_addr                              => '8.9.0.4/32',
  dst_port                              => 'range 32 56',
}
cisco_ace { 'ipv6 my_ipv6_acl 30':
  remark                                => 'remark description',
}
cisco_ace { 'ipv4 my_ipv4_acl 20':
    action                                => 'permit',
    proto                                 => 'tcp',
    src_addr                              => '1.2.3.4 2.3.4.5',
    src_port                              => 'eq 40',
    dst_addr                              => '8.9.0.4/32',
    dst_port                              => 'range 32 56',
    tcp_flags                             => 'ack syn fin'
    dscp                                  => 'af11',
    established                           => false,
    http_method                           => 'post',
    packet_length                         => 'range 80 1000',
    tcp_option_length                     => '20',
    time_range                            => 'my_range',
    ttl                                   => '153',
    redirect                              => 'Ethernet1/1,Ethernet1/2,port-channel1',
    log                                   => false,
}

~~~

Properties

  • action

    Ace Action Identifier (permit|deny)

  • dscp
  • dst_addr
  • dst_port
  • ensure (defaults to: present)

    The basic property that the resource should be in.

    Supported values:
    • present
    • absent
  • established

    Match established connections

    Supported values:
    • true
    • false
  • http_method
  • log

    Log matches against this entry

    Supported values:
    • true
    • false
  • packet_length
  • precedence
  • proto

    Protocol Identifier for ACE (tcp|udp|ip etc)

  • redirect
  • remark

    A remark description for the ACL or ACE. Valid values are string

  • src_addr
  • src_port
  • tcp_flags
  • tcp_option_length

    Match on TCP options size. Valid values are multiples of 4 between 0 and 40

  • time_range

    Match on time range. Valid values are string

  • ttl

    Match packets with given TTL value. Valid values are bw 0 and 255

Parameters

  • acl_name

    Access Control List name

  • afi

    The Address-Family Identifier (ipv4|ipv6).

    Supported values:
    • ipv4
    • ipv6
  • name (namevar)
  • provider

    The specific backend to use for this ‘cisco_ace` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

  • seqno

    Sequence number of the ACE