Skip to content
No description, website, or topics provided.
Ruby Other
  1. Ruby 98.8%
  2. Other 1.2%
Branch: master
Clone or download
Pull request Compare This branch is 1 commit behind develop.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin/git
docs
examples
files
lib
manifests
spec
templates
tests
utilities
.fixtures.yml
.gitattributes
.gitignore
.gitlab-ci.yml
.pdkignore
.puppet-lint.rc
.rspec
.rubocop.yml
.rubocop_todo.yml
.sync.yml
.travis.yml
.yardopts
CHANGELOG.md
CONTRIBUTING.md
Gemfile
LICENSE
NOTICE
README.md
Rakefile
SUPPORT.md
appveyor.yml
metadata.json

README.md

ciscopuppet

Table of Contents

  1. Module Description
  2. Setup
  3. Example Manifests
  4. Resource Reference
  5. Documentation Guide

Module Description

The ciscopuppet module allows a network administrator to manage Cisco Nexus Network Elements using Puppet. This module bundles a set of Puppet Types, Providers, Beaker Tests, Sample Manifests and Installation Tools for effective network management. The resources and capabilities provided by this Puppet Module will grow with contributions from Cisco, Puppet Labs and the open source community.

The Cisco Nexus Network Elements and Operating Systems managed by this Puppet Module are continuously expanding. See Resource Platform Support Matrix for a list of currently supported hardware and software.

This GitHub repository contains the latest version of the ciscopuppet module source code. Supported versions of the ciscopuppet module are available at Puppet Forge. Please refer to SUPPORT.md for additional details.

Dependencies

The ciscopuppet module has a dependency on the cisco_node_utils and the puppet-resource_api Ruby gem. See the Setup section that follows for more information on cisco_node_utils and puppet-resource_api.

The NXAPI feature will need to be enabled on the device in order for the ciscopuppet module to be able to manage the device.

Contributing

Contributions to the ciscopuppet module are welcome. See CONTRIBUTING.md for guidelines.

Setup

Before getting started with the setup needed to manage Cisco Nexus Network Elements using Puppet choose one of the following workflows.

  • Puppet Agentless (Manage devices over a remote proxy connection)
  • Puppet Agent (Manage devices by installing an agent directly onto the device)

Version 2.0.0 of this module introduces the ability to manage Cisco Nexus devices without the need to install an agent directly onto the device. This option is not available for ciscopuppet module version 1.10.0 and earlier.

Puppet Master

‼️REQUIRED FOR BOTH AGENTLESS and AGENT WORKFLOWS ‼️

The ciscopuppet module must be installed on the Puppet Master server.

puppet module install puppetlabs-ciscopuppet

The module dependencies listed below will be installed automatically. For more information on Puppet module installation see Puppet Labs: Installing Modules

The puppetlabs-netdev-stdlib module
The puppetlabs-resource_api module

On each puppetserver or PE master that needs to serve catalogs for NX-OS devices, classify or apply the ciscopuppet::server class. Using this class assumes that your puppetserver or PE Master is managed by Puppet.

Puppet Agent (LTS)

‼️NOT REQUIRED FOR AGENTLESS WORKFLOW ‼️

The Puppet Agent requires installation and setup on each device. Agent setup can be performed as a manual process or it may be automated. For more information please see the README-agent-install.md document for detailed instructions on agent installation and configuration on Cisco Nexus devices.

The cisco_node_utils Ruby Gem

The cisco_node_utils Ruby gem is a required component of the ciscopuppet module. This gem contains platform APIs for interfacing between Cisco CLI and Puppet resources. The gem can be automatically installed by Puppet agent by using the ciscopuppet::agent class. Automatic dependency installs are preferred; manual gem installs should be reserved for exceptional circumstances.

The puppet-resource_api Ruby Gem

The puppet-resource_api Ruby gem is a required component of the ciscopuppet module. The gem can be automatically installed by a Puppet agent by using the ciscopuppet::agent class. Automatic dependency installs are preferred; manual gem installs should be reserved for exceptional circumstances.

Automatic Gem Install Using ciscopuppet::agent
  • The ciscopuppet::agent class is defined in the agent.pp file in the manifests subdirectory.

  • Update site.pp to use the install class

Example

node 'n9k' {
  include ciscopuppet::agent
}

The preceding configuration will cause the next puppet agent run to automatically download the current cisco_node_utils and puppet-resource_api gems from https://rubygems.org/ and install them on the node.

Optional Parameters for ciscopuppet::install
  • Override the default rubygems repository to use a custom repository
  • Provide a proxy server

Example

node 'n9k' {
  class {'ciscopuppet::agent':
    repo  => 'http://gemserver.domain.com:8808',
    proxy => 'http://proxy.domain.com:8080',
  }
}
Gem Persistence

Once installed, the gems will remain persistent across system reloads within the Guestshell or OAC environments; however, the bash-shell environment does not share this persistent behavior, in which case the ciscopuppet::agent class automatically downloads and re-installs the gem after each system reload.

See General Documentation for information on Guestshell and OAC.

Puppet Agent Authentication

Puppet makes use of the nxos admin user by default for all types in this module. If a different user is required for puppet agent runs then the following procedure can be used to override admin with the desired user.

NOTE: The user you select must already be configured on your device with the role network-admin.

First create a different user with the role network-admin.

config term
  username puppetuser password puppet role network-admin
end

Next create a file called cisco_node_utils.yaml under the modules/ciscopuppet/files directory on the puppet server and add a cookie puppetuser:local under the default: yaml key.

puppetserver:> cat /etc/puppetlabs/code/environments/production/modules/ciscopuppet/files/cisco_node_utils.yaml
default:
  cookie: 'puppetuser:local'
puppetserver:>

Now create and apply the following manifest on your nxos devices.

  $cookie_src = "puppet:///modules/ciscopuppet/cisco_node_utils.yaml"
  $cookie_tgt = "/${::identity['user']}/cisco_node_utils.yaml"

  file { $cookie_tgt :
    ensure => file,
    source => $cookie_src,
    owner  => 'root',
    group  => 'root',
    mode   => 'ug+rwx',
  }

Puppet Device (Agentless)

‼️NOT REQUIRED FOR AGENT WORKFLOW ‼️

The module (version 2.0.0 or later) supports remote management through the usage of puppet device, which communicates with the device remotely via the nxapi through HTTP/HTTPS. In order to use the ciscopuppet module agentlessly then the following dependencies will need to be met.

The cisco_node_utils Ruby Gem

The cisco_node_utils Ruby gem is a required component of the ciscopuppet module. This gem contains platform APIs for interfacing between Cisco CLI and Puppet resources. The gem will need to be installed on any Puppet agent which will be managing a NX-OS device. It can be automatically installed by Puppet by using the ciscopuppet::proxy class. Automatic gem installs are preferred; manual gem installs should be reserved for exceptional circumstances.

The puppet-resource_api Ruby Gem

The puppet-resource_api Ruby gem is a required component of the ciscopuppet module. The gem will need to be installed on any Puppet agent which will be managing a NX-OS device. It can be automatically installed by Puppet by using the ciscopuppet::proxy class. Automatic gem installs are preferred; manual gem installs should be reserved for exceptional circumstances.

The net_http_unix Ruby Gem

The net_http_unix Ruby gem is a required component of the ciscopuppet module. The gem will need to be installed on any Puppet agent which will be managing a NX-OS device. It can be automatically installed by Puppet by using the ciscopuppet::proxy class. Automatic gem installs are preferred; manual gem installs should be reserved for exceptional circumstances.

Getting started with remote management (puppet device)

To get started, create or edit /etc/puppetlabs/puppet/device.conf, add a section for the device (this will become the device's certname), specify a type of cisco_nexus, and specify a url to a credentials file. For example:

[cisco.example.com]
type cisco_nexus
url file:////etc/puppetlabs/puppet/devices/cisco.example.com.conf

Next, create a credentials file. See the HOCON documentation for information on quoted/unquoted strings and connecting the device.

host: cisco.nexus.net
user: admin
password: admin
port: 8280
transport: http

Alternatively devices can be managed through the puppetlabs-device_manager module, for example:

node 'proxy-agent' {
  device_manager { 'cisco.example.com':
    type => 'cisco_nexus',
    credentials => {
      host => 'cisco.example.com',
      user => 'admin',
      password => 'admin',
      port => 8280,
      transport => 'http',
    }
  }
}

Test your setup and get the certificate signed:

puppet device --verbose --target cisco.example.com

See the puppet device documentation

Please note:: In order for the NX-OS device to be managed then the nxapi feature will need enabled on the device and the selected ports for HTTP/HTTPS will need to be accessible by the proxy-agent choosen to manage the device.

‼️AGENTLESS AND AGENT WORKFLOWS ‼️

For additiona details on agentless and agent based configuration see the following guide

Example Manifests

OSPF Example Manifest

The following example demonstrates how to define a manifest that uses ciscopuppet to configure OSPF on a Cisco Nexus switch. Three resource types are used to define an OSPF instance, basic OSPF router settings, and OSPF interface settings:

The first manifest type should define the router instance using cisco_ospf. The title 'Sample' becomes the router instance name.

cisco_ospf {"Sample":
   ensure => present,
}

The next type to define is cisco_ospf_vrf. The title includes the OSPF router instance name and the VRF name. Note that a non-VRF configuration uses 'default' as the VRF name.

cisco_ospf_vrf {"Sample default":
   ensure => 'present',
   default_metric => '5',
   auto_cost => '46000',
}

Finally, define the OSPF interface settings. The title here includes the Interface name and the OSPF router instance name.

cisco_interface_ospf {"Ethernet1/2 Sample":
   ensure => present,
   area => 200,
   cost => "200",
}

Resource Reference

The following resources include cisco types and providers along with cisco provider support for netdev stdlib types. Installing the ciscopuppet module will install both the ciscopuppet and netdev_stdlib modules.

Resource Type Catalog (by Technology)

--

Cisco Resource Type Catalog (by Name)

NetDev StdLib Resource Type Catalog (by Name)

Resource Platform Support Matrix

The Nexus family of switches support various hardware and software features depending on the model and version. The following table will guide you through the provider support matrix.

Platform Models

Platform Description Environments
N9k Support includes all N9xxx models agentless, bash-shell, guestshell
N3k Support includes N30xx and N31xx models only.
The N35xx model is not supported.
agentless, bash-shell, guestshell
N3k-F Support includes all N3xxx models running os version 7.0(3)Fx(x) agentless, bash-shell, guestshell
N5k Support includes N56xx models only.
The N50xx and N55xx models are not supported at this time.
Open Agent Container (OAC)
N6k Support includes all N6xxx models agentless, Open Agent Container (OAC)
N7k Support includes all N7xxx models agentless, Open Agent Container (OAC)
N9k-F Support includes all N95xx models running os version 7.0(3)Fx(x) agentless, bash-shell, guestshell

Matrix Legend

Symbol Meaning Description
Supported The provider has been validated to work on the platform.
An asterisk '*' indicates that some provider properties may have software or hardware limitations, caveats, or other noted behaviors.
Click on the associated caveat link for more information.
Not Applicable The provider is not supported on the platform because of hardware or software limitations.

Support Matrix

= Supported
= Not Applicable
N9k N3k N5k N6k N7k N9k-F N3k-F Caveats
cisco_aaa_
authentication_login
cisco_aaa_
authorization_login_cfg_svc
cisco_aaa_
authorization_login_exec_svc
cisco_aaa_group_tacacs
cisco_acl
cisco_ace * * * * * * * *caveats
cisco_bfd_global * * * * * * * *caveats
cisco_command_config
cisco_bgp * * * *caveats
cisco_bgp_af * * * *caveats
cisco_bgp_af_aa
cisco_bgp_neighbor
cisco_bgp_neighbor_af
cisco_bridge_domain
cisco_bridge_domain_vni
cisco_dhcp_relay_global * * * * * * * *caveats
cisco_encapsulation
cisco_evpn_multicast *
cisco_evpn_multisite * *caveats
cisco_evpn_stormcontrol * *caveats
cisco_evpn_vni * * *caveats
cisco_fabricpath_global * *caveats
cisco_fabricpath_topology
cisco_hsrp_global * *caveats
cisco_interface * * * * * * * *caveats
cisco_interface_channel_group *caveats
cisco_interface_evpn_multisite * *caveats
cisco_interface_hsrp_group * *caveats
cisco_interface_ospf
cisco_interface_portchannel * * * * * *caveats
cisco_interface_service_vni
cisco_ip_multicast * *caveats
cisco_itd_device_group
cisco_itd_device_group_node
cisco_itd_service *caveats
cisco_object_group
cisco_object_group_entry
cisco_ospf
cisco_ospf_vrf *caveats
= Supported
= Not Applicable
N9k N3k N5k N6k N7k N9k-F N3k-F Caveats
cisco_overlay_global * *caveats
cisco_pim *caveats
cisco_pim_rp_address
cisco_pim_grouplist
cisco_portchannel_global * * * * * * * *caveats
cisco_route_map * * * * * * * *caveats
cisco_stp_global * * * * *caveats
cisco_snmp_community
cisco_snmp_group
cisco_snmp_server
cisco_snmp_user
cisco_tacacs_server
cisco_tacacs_server_host
cisco_upgrade * * * * *caveats
cisco_vdc
cisco_vlan * * *caveats
cisco_vpc_domain * * * * * *caveats
cisco_vrf * *caveats
cisco_vrf_af * * * * * * *caveats
cisco_vtp
cisco_vxlan_vtep * *caveats
cisco_vxlan_vtep_vni *caveats
NetDev Providers
= Supported
= Not Applicable
N9k N3k N5k N6k N7k N9k-F N3k-F Caveats
banner *caveats
domain_name
name_server
network_dns *caveats
network_interface
network_snmp
network_trunk
network_vlan
ntp_auth_key
ntp_config *caveats
ntp_server *caveats
port_channel
radius
radius_global
radius_server_group
radius_server
search_domain
snmp_community
snmp_notification
snmp_notification_receiver
snmp_user
syslog_facility
syslog_server
syslog_settings *caveats
tacacs
tacacs_global
tacacs_server
tacacs_server_group

--

Cisco Resource Type Details

The following resources are listed alphabetically.

--

Type: cisco_command_config

Allows execution of configuration commands.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.0.1
N3k 7.0(3)I2(5) 1.0.1
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Parameters

command

Configuration command(s) to be applied to the network element. Valid values are string.

This provider allows raw configurations to be managed by Puppet. It serves as a stopgap until specialized types are created. It has the following limitations:

  • The input message buffer is limited to 500KB. Large configurations are often easier to debug if broken up into multiple smaller resource blocks.
  • The cisco_command_config configuration block must use the same syntax as displayed by the show running-config command on the switch. In some cases, configuration commands that omit optional keywords when entered may actually appear with a different syntax when displayed by show running-config; for example, some access-list entries may be configured without a sequence number but yet an implicit sequence number is created regardless. This then creates an idempotency problem because there is a mismatch between show running-config and the manifest. The solution in this case is for the manifest to include explicit sequence numbers for the affected access-list entries.
  • Order is important. Some dependent commands may fail if their associated feature configuration is not enabled first. Use Puppet's before, after, or require keywords to establish dependencies between blocks.
  • Indentation counts! It implies sub-mode configuration. Use the switch's running-config as a guide and do not indent configurations that are not normally indented. Do not use tabs to indent.
  • Inline comments must be prefixed by '!' or '#'.
  • Negating a submode will also remove configuratons under that submode, without having to specify every submode config statement: no router ospf RED removes all configuration under router ospf RED.
  • Syntax does not auto-complete: use Ethernet1/1, not Eth1/1.
  • If a CLI command is rejected during configuration, the resource will abort at that point and will not issue any remaining CLI. For this reason, we recommend limiting the scope of each instance of this resource.

--

Type: cisco_aaa_authentication_login

Manages AAA Authentication Login configuration.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.2.0
N3k 7.0(3)I2(5) 1.2.0
N5k 7.3(0)N1(1) 1.3.0
N6k 7.3(0)N1(1) 1.3.0
N7k 7.3(0)D1(1) 1.3.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Parameters

name

The name of the AAA Authentication Login instance. Must be 'default'

ascii_authentication

Enable/disable ascii_authentication for AAA Authentication Login. Valid values are true, false, keyword 'default'

chap

Enable/disable chap for AAA Authentication Login.

error_display

Enable/disable error_display for AAA Authentication Login.

mschap

Enable/disable mschap for AAA Authentication Login.

mschapv2

Enable/disable mschapv2 for AAA Authentication Login.

--

Type: cisco_aaa_authorization_login_cfg_svc

Manages configuration for Authorization Login Config Service.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.2.0
N3k 7.0(3)I2(5) 1.2.0
N5k 7.3(0)N1(1) 1.3.0
N6k 7.3(0)N1(1) 1.3.0
N7k 7.3(0)D1(1) 1.3.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Parameters

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

name

Name of the config login service. Valid values are 'console' or 'default'.

groups

Tacacs+ groups configured for this service. Valid values are an array of strings, keyword 'default'.

method

Authentication methods on this device. Valid values are 'local', 'unselected', 'default'.

--

Type: cisco_aaa_authorization_login_exec_svc

Manages configuration for Authorization Login Exec Service.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.2.0
N3k 7.0(3)I2(5) 1.2.0
N5k 7.3(0)N1(1) 1.3.0
N6k 7.3(0)N1(1) 1.3.0
N7k 7.3(0)D1(1) 1.3.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Parameters

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

name

Name of the exec login service. Valid values are 'console' or 'default'.

groups

Tacacs+ groups configured for this service. Valid values are an array of strings, keyword 'default'.

method

Authentication methods on this device. Valid values are 'local', 'unselected', 'default'.

--

Type: cisco_aaa_group_tacacs

Manages configuration for a TACACS+ server group.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.2.0
N3k 7.0(3)I2(5) 1.2.0
N5k 7.3(0)N1(1) 1.3.0
N6k 7.3(0)N1(1) 1.3.0
N7k 7.3(0)D1(1) 1.3.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Parameters

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

group

Name of the aaa group TACACS instance. Valid values are string.

deadtime

Deadtime interval for this TACACS+ server group. Valid values are integer, in minutes, keyword 'default'

server_hosts

An array of TACACS+ server hosts associated with this TACACS+ server group. Valid values are an array, or the keyword 'default'.

source_interface

Source interface for TACACS+ servers in this TACACS+ server group Valid values are string, keyword 'default'.

vrf_name

Specifies the virtual routing and forwarding instance (VRF) to use to contact this TACACS server group. Valid values are string, the keyword 'default'.

--

Type: cisco_acl

Manages configuration of a Access Control List (ACL) instance.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.2.0
N3k 7.0(3)I2(5) 1.2.0
N5k 7.3(0)N1(1) 1.3.0
N6k 7.3(0)N1(1) 1.3.0
N7k 7.3(0)D1(1) 1.3.0
N9k-F 9.2.1 1.10.0
N3k-F 9.2.1 1.10.0

Caveats

Property Caveat Description
fragments Not supported on N5k, N6k, N9k-F, N3k-F

Parameters

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

afi

Address Family Identifier (AFI). Required. Valid values are 'ipv4' and 'ipv6'.

acl_name

Name of the acl instance. Valid values are string.

stats_per_entry

Enable/disable Statistics Per Entry for ACL. Valid values are true, false, keyword 'default'.

fragments

Permit or deny Fragments for ACL. Valid values are 'permit-all' and 'deny-all'

--

Type: cisco_ace

Manages configuration of an Access Control List (ACL) Access Control Entry (ACE) instance.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.2.0
N3k 7.0(3)I2(5) 1.2.0
N5k 7.3(0)N1(1) 1.3.0
N6k 7.3(0)N1(1) 1.3.0
N7k 7.3(0)D1(1) 1.3.0

Caveats

Property Caveat Description
http_method ipv4 only
Not supported on N5k, N6k, N7k
packet_length Not supported on N5k, N6k
precedence ipv4 only
redirect ipv4 only
Not supported on N5k, N6k, N7k
time_range Not supported on N5k, N6k
ttl Not supported on N5k, N6k, N7k
tcp_option_length ipv4 only
Not supported on N5k, N6k, N7k
vlan Not supported on N5k, N6k, N7k. Minimum puppet module version 1.10.0
set_erspan_gre_proto Not supported on N5k, N6k, N7k. Minimum puppet module version 1.10.0
set_erspan_dscp Not supported on N5k, N6k, N7k. Minimum puppet module version 1.10.0
proto_option Not supported on N5k, N6k. Minimum puppet module version 1.10.0

Example Usage

cisco_ace { 'ipv4 my_acl 42':
  ensure              => 'present',
  remark              => 'East Branch',
  action              => 'permit',
  proto               => 'tcp',
  src_addr            => '10.0.0.0/8',
  src_port            => 'eq 40',
  dst_addr            => 'any',
  dst_port            => 'neq 80',

  dscp                => 'af11',
  established         => 'true',
  log                 => 'true',
  packet_length       => 'range 512 1024'
  precedence          => 'flash',
  redirect            => 'Ethernet1/2,Port-Channel42',
  tcp_flags           => 'ack psh',
  time_range          => 'my_time_range',
  ttl                 => '128',
}

cisco_ace { 'ipv6 my_v6_acl 42':
  ensure              => 'present',
  remark              => 'East Branch',
  action              => 'permit',
  proto               => 'tcp',
  src_addr            => '1:1::1/128',
  dst_addr            => 'any',
}

Parameters

Example Parameter Usage
cisco_ace { '<afi> <acl_name> <seqno>':
cisco_ace { 'ipv4 my_acl 42':
afi

Address Family Identifier (AFI). Required. Valid values are 'ipv4' and 'ipv6'.

acl_name

Access Control List (ACL) name. Required. Valid values are type String.

seqno

Access Control Entry (ACE) Sequence Number. Required. Valid values are type Integer.

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

Properties

action

The action to perform with this ACE. Valid values are keywords permit or deny.

Example
action => 'permit'
dscp

Allows matching by Differentiated Services Code Point (DSCP) value. Valid values are type String, which must be one of the following forms:

  • A numeric dscp value
  • One of the dscp keyword names
    • af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43
    • cs1 cs2 cs3 cs4 cs5 cs6 cs7
    • ef
    • default
Example
dscp => 'af11'
dst_addr

The Destination Address to match against. This property shares the same syntax as src_addr. Valid values are type String, which must be one of the following forms:

  • An IPv4/IPv6 address or subnet
  • The keyword host and a host address
  • The keyword addrgroup and its object group name
  • The keyword any
Examples
dst_addr => '10.0.0.0/8'
dst_addr => 'host 10.0.0.1'
dst_addr => '128:1::/64'
dst_addr => 'addrgroup my_addrgroup'
dst_addr => 'any'

See src_addr.

dst_port

The TCP or UDP Destination Port to match against. This property shares the same syntax as src_port. Valid values are type String, which must be one of the following forms:

  • A comparison operator (eq, neq, lt, gt) and value
  • The keyword range and a range value
  • The keyword portgroup and its object group name
Examples
dst_port => 'neq 40'
dst_port => 'range 68 69'
dst_port => 'portgroup my_portgroup'

See src_port.

established

Allows matching against TCP Established connections. Valid values are true or false.

Example
established => true
http_method

(ipv4 only) Allows matching based on http-method. Valid values are String, which must be one of the following forms:

  • A numeric http-method value
  • One of the http-method keyword names
    • connect delete get head post put trace
Examples
http_method => 'post'
log

Enables logging for the ACE. Valid values are true or false.

Examples
'log' => true
packet_length

Allows matching based on Layer 3 Packet Length. Valid values are type String, which must be one of the following forms:

  • A comparison operator (eq, neq, lt, gt) and value
  • The keyword range and range values
Examples
packet_length => 'gt 512'
packet_length => 'range 512 1024'
precedence

(ipv4 only) Allows matching by precedence value. Valid values are String, which must be one of the following forms:

  • A numeric precedence value
  • One of the precedence keyword names
    • critical flash flash-override immediate internet network priority routine
Example
precedence => 'flash'
proto

The protocol to match against. Valid values are String or Integer. Examples are: tcp, udp, ip, 6.

Example
proto => 'tcp'
proto_option

Any protocol option which is valid for that protocol. Valid values are string. Currently this is valid only for icmp protocol.

Example
proto_option => 'time-exceeded'
redirect

(ipv4 only) Allows for redirecting traffic to one or more interfaces. This property is only useful with VLAN ACL (VACL) applications. Valid values are a String containing a list of interface names.

Examples
redirect => 'Ethernet1/1'
redirect => 'Ethernet1/2,Port-Channel42'
remark

This is a Remark description for the ACL or ACE. Valid values are string.

Example
remark => 'East Branch'
set_erspan_dscp

Sets ERSPAN outer IP DSCP value. Valid values are beween 1 and 63. Currently this is valid only for icmp protocol.

Example
set_erspan_dscp => '3'
set_erspan_gre_proto

Sets ERSPAN GRE protocol. Valid values are beween 1 and 65535. Currently this is valid only for icmp protocol.

Example
set_erspan_gre_proto => '300'
src_addr

The Source Address to match against. Valid values are type String, which must be one of the following forms:

  • An IPv4/IPv6 address or subnet
  • The keyword host and a host address
  • The keyword addrgroup and its object group name
  • The keyword any
Examples
src_addr => '10.0.0.0/8'
src_addr => 'host 10.0.0.1'
src_addr => '128:1::/64'
src_addr => 'addrgroup my_addrgroup'
src_addr => 'any'

See dst_addr.

src_port

The TCP or UDP Source Port to match against. Valid values are type String, which must be one of the following forms:

  • A comparison operator (eq, neq, lt, gt) and value
  • The keyword range and range values
  • The keyword portgroup and its object group name
Examples
src_port => 'neq 40'
src_port => 'range 68 69'
src_port => 'portgroup my_portgroup'

See dst_port.

tcp_flags

The TCP flags or control bits. Valid values are a String of some or all of flags: urg, ack, psh, rst, syn, or fin.

Example
tcp_flags => 'ack psh'
tcp_option_length

(ipv4 only) Allows matching on TCP options length. Valid values are type Integer or String, which must be a multiple of 4 in the range 0-40.

Examples
tcp_option_length => '0'
tcp_option_length => '36'
time_range

Allows matching by Time Range. Valid values are String, which references a time-range name.

Example
time_range => 'my_time_range'
ttl

Allows matching based on Time-To-Live (TTL) value. Valid values are type Integer or String.

Example
ttl => '128'
vlan

Configure match based on vlan. Valid values are between 0 and 4095. Currently this is valid only for icmp protocol.

Example
vlan => '100'

--

Type: cisco_bfd_global

Manages configuration of a BFD (Bidirectional Forwarding Detection) instance.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.4.0
N3k 7.0(3)I2(5) 1.4.0
N5k 7.3(0)N1(1) 1.4.0
N6k 7.3(0)N1(1) 1.4.0
N7k 7.3(0)D1(1) 1.4.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Caveats

Property Caveat Description
echo_rx_interval Not supported on N5k, N6k
fabricpath_interval Not supported on N3k, N3k-F, N9k-F, N9k
fabricpath_slow_timer Not supported on N3k, N3k-F, N9k-F, N9k
fabricpath_vlan Not supported on N3k, N3k-F, N9k-F, N9k
interval Supported on N3k, N5k, N6k, N7k
Supported in OS Version 7.0(3)F2(1) and later on N9k-F
Supported in OS Version 7.0(3)I6(1) and later on N9k
ipv4_echo_rx_interval Not supported on N5k, N6k
ipv4_interval Not supported on N5k, N6k
ipv4_slow_timer Not supported on N5k, N6k
ipv6_echo_rx_interval Not supported on N5k, N6k
ipv6_interval Not supported on N5k, N6k
ipv6_slow_timer Not supported on N5k, N6k
startup_timer Not supported on N5k, N6k, N7k

Parameters

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

echo_interface

Loopback interface used for echo frames. Valid values are String, and 'default'.

echo_rx_interval

Echo receive interval in milliseconds. Valid values are integer, and 'default'.

fabricpath_interval

BFD fabricpath interval. Valid values are an array of [fabricpath_interval, fabricpath_min_rx, fabricpath_multiplier] or 'default'.

Example: fabricpath_interval => [100, 120, 4]

fabricpath_slow_timer

BFD fabricpath slow rate timer in milliseconds. Valid values are integer, and 'default'.

fabricpath_vlan

BFD fabricpath control vlan. Valid values are integer, and 'default'.

interval

BFD interval. Valid values are an array of [interval, min_rx, multiplier] or 'default'.

Example: interval => [100, 120, 4]

ipv4_echo_rx_interval

IPv4 session echo receive interval in milliseconds. Valid values are integer, and 'default'.

ipv4_interval

BFD IPv4 session interval. Valid values are an array of [ipv4_interval, ipv4_min_rx, ipv4_multiplier] or 'default'.

Example: ipv4_interval => [100, 120, 4]

ipv4_slow_timer

BFD IPv4 session slow rate timer in milliseconds. Valid values are integer, and 'default'.

ipv6_echo_rx_interval

IPv6 session echo receive interval in milliseconds. Valid values are integer, and 'default'.

ipv6_interval

BFD IPv6 session interval. Valid values are an array of [ipv6_interval, ipv6_min_rx, ipv6_multiplier] or 'default'.

Example: ipv6_interval => [100, 120, 4]

ipv6_slow_timer

BFD IPv6 session slow rate timer in milliseconds. Valid values are integer, and 'default'.

slow_timer

BFD slow rate timer in milliseconds. Valid values are integer, and 'default'.

startup_timer

BFD delayed startup timer in seconds. Valid values are integer, and 'default'.

--

Type: cisco_bgp

Manages configuration of a BGP instance.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.1.0
N3k 7.0(3)I2(5) 1.1.0
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-f 7.3(0)F3(2) 1.8.0
N3k-F 7.0(3)F3(2) 1.8.0

Caveats

Property Caveat Description
disable_policy_batching_ipv4 Not supported on N5k, N6k
Supported in OS Version 8.1.1 and later on N7k
disable_policy_batching_ipv6 Not supported on N5k, N6k
Supported in OS Version 8.1.1 and later on N7k
event_history_errors Supported in OS Version 8.0.1 and later on N7k
Supported in OS Version 7.0(3)I5(1) and later on N3
event_history_objstore Supported in OS Version 8.0.1 and later on N7k
Supported in OS Version 7.0(3)I5(1) and later on N3
neighbor_down_fib_accelerate Not supported on N5k, N6k
Supported in OS Version 8.1.1 and later on N7k
reconnect_interval Not supported on N5k, N6k
Supported in OS Version 8.1.1 and later on N7k
suppress_fib_pending Idempotence supported only on 7.0(3)I5(1) and later images N3

Parameters

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

asn

BGP autonomous system number. Valid values are String, Integer in ASPLAIN or ASDOT notation.

vrf

Name of the resource instance. Valid values are string. The name 'default' is a valid VRF representing the global bgp.

Properties

bestpath_always_compare_med

Enable/Disable MED comparison on paths from different autonomous systems. Valid values are 'true', 'false', and 'default'.

bestpath_aspath_multipath_relax

Enable/Disable load sharing across the providers with different (but equal-length) AS paths. Valid values are 'true', 'false', and 'default'

bestpath_compare_routerid

Enable/Disable comparison of router IDs for identical eBGP paths. Valid values are 'true', 'false', and 'default'

bestpath_cost_community_ignore

Enable/Disable Ignores the cost community for BGP best-path calculations. Valid values are 'true', 'false', and 'default'

bestpath_med_confed

Enable/Disable enforcement of bestpath to do a MED comparison only between paths originated within a confederation. Valid values are 'true', 'false', and 'default'.

bestpath_med_missing_as_worst

Enable/Disable assigns the value of infinity to received routes that do not carry the MED attribute, making these routes the least desirable. Valid values are 'true', 'false', and 'default'.

bestpath_med_non_deterministic

Enable/Disable deterministic selection of the best MED path from among the paths from the same autonomous system. Valid values are 'true', 'false', and 'default'.

cluster_id

Route Reflector Cluster-ID. Valid values are String, keyword 'default'.

confederation_id

Routing domain confederation AS. Valid values are String, keyword 'default'.

confederation_peers

AS confederation parameters. Valid values are String, keyword 'default'.

disable_policy_batching

Enable/Disable the batching evaluation of prefix advertisements to all peers. Valid values are 'true', 'false', and 'default'.

disable_policy_batching_ipv4

Enable/Disable the batching evaluation of prefix advertisements to all peers with prefix list. Valid values are String, keyword 'default'.

disable_policy_batching_ipv6

Enable/Disable the batching evaluation of prefix advertisements to all peers with prefix list. Valid values are String, keyword 'default'.

enforce_first_as

Enable/Disable enforces the neighbor autonomous system to be the first AS number listed in the AS path attribute for eBGP. Valid values are 'true', 'false', and 'default'. On NX-OS, this property is only supported in the global BGP context.

event_history_cli

Enable/Disable/specify size of cli event history buffer. Valid values are false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.

event_history_detail

Enable/Disable/specify size of detail event history buffer. Valid values are 'false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.

event_history_errors

Enable/Disable/specify size of error history buffer. Valid values are 'false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.

event_history_events

Enable/Disable/specify size of event history buffer. Valid values are 'false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.

event_history_objstore

Enable/Disable/specify size of objstore history buffer. Valid values are 'false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.

event_history_periodic

Enable/Disable/specify size of periodic event history buffer. Valid values are 'false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.

fast_external_fallover

Enable/Disable immediately reset the session if the link to a directly connected BGP peer goes down. Valid values are 'true', 'false', and 'default'. On NX-OS, this property is only supported in the global BGP context.

flush_routes

Enable/Disable flush routes in RIB upon controlled restart. Valid values are 'true', 'false', and 'default'. On NX-OS, this property is only supported in the global BGP context.

graceful_restart

Enable/Disable graceful restart. Valid values are 'true', 'false', and 'default'.

graceful_restart_helper

Enable/Disable graceful restart helper mode. Valid values are 'true', 'false', and 'default'.

graceful_restart_timers_restart

Set maximum time for a restart sent to the BGP peer. Valid values are Integer, keyword 'default'.

graceful_restart_timers_stalepath_time

Set maximum time that BGP keeps the stale routes from the restarting BGP peer. Valid values are Integer, keyword 'default'.

isolate

Enable/Disable isolate this router from BGP perspective. Valid values are 'true', 'false', and 'default'.

log_neighbor_changes

Enable/Disable message logging for neighbor up/down event. Valid values are 'true', 'false', and 'default'

maxas_limit

Specify Maximum number of AS numbers allowed in the AS-path attribute. Valid values are integers between 1 and 512, or keyword 'default' to disable this property.

neighbor_down_fib_accelerate

Enable/Disable handle BGP neighbor down event, due to various reasons. Valid values are 'true', 'false', and 'default'.

nsr

Enable/Disable Non-Stop Routing (NSR). Valid values are 'true', 'false', and 'default'. This property is not supported on Nexus.

reconnect_interval

The BGP reconnection interval for dropped sessions. Valid values are Integer or keyword 'default'.

route_distinguisher

VPN Route Distinguisher (RD). The RD is combined with the IPv4 or IPv6 prefix learned by the PE router to create a globally unique address. Valid values are a String in one of the route-distinguisher formats (ASN2:NN, ASN4:NN, or IPV4:NN); the keyword 'auto', or the keyword 'default'.

Please note: The route_distinguisher property is typically configured within the VRF context configuration on most platforms (including NXOS) but it is tightly coupled to bgp and therefore configured within the BGP configuration on some non-NXOS platforms. For this reason the route_distinguisher property has support (with limitations) in both cisco_vrf and cisco_bgp providers:

  • cisco_bgp: The property is supported on NXOS and some non-NXOS platforms.
  • cisco_vrf: The property is only supported on NXOS. See: cisco_vrf: route_distinguisher

IMPORTANT: Choose only one provider to configure the route_distinguisher property on a given device. Using both providers simultaneously on the same device may have unpredictable results.

router_id

Router Identifier (ID) of the BGP router VRF instance. Valid values are string, and keyword 'default'.

shutdown

Administratively shutdown the BGP protocol. Valid values are 'true', 'false', and 'default'.

suppress_fib_pending

Enable/Disable advertise only routes programmed in hardware to peers. Valid values are 'true', 'false', and 'default'.

timer_bestpath_limit

Specify timeout for the first best path after a restart, in seconds. Valid values are Integer, keyword 'default'.

timer_bestpath_limit_always

Enable/Disable update-delay-always option. Valid values are 'true', 'false', and 'default'.

timer_bgp_holdtime

Set bgp hold timer. Valid values are Integer, keyword 'default'.

timer_bgp_keepalive

Set bgp keepalive timer. Valid values are Integer, keyword 'default'.

--

Type: cisco_bgp_af

Manages configuration of a BGP Address-family instance.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.1.0
N3k 7.0(3)I2(5) 1.1.0
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Caveats

Property Caveat Description
additional_paths_install Not supported on N3k, N3k-F, N9k-F, N9k
advertise_l2vpn_evpn Not supported on N3k, N6k
address-family l2vpn/evpn Module Minimum Version 1.3.2
OS Minimum Version 7.0(3)I3(1)
Not supported on N3k

Parameters

ensure

Determine whether the interface config should be present or not. Valid values are 'present' and 'absent'.

asn

BGP autonomous system number. Required. Valid values are String, Integer in ASPLAIN or ASDOT notation.

vrf

VRF name. Required. Valid values are string. The name 'default' is a valid VRF representing the global bgp.

afi

Address Family Identifier (AFI). Required. Valid values are ipv4, ipv6, vpnv4, vpnv6 and l2vpn.

safi

Sub Address Family Identifier (SAFI). Required. Valid values are unicast, multicast and evpn.

Properties

additional_paths_install

Install a backup path into the forwarding table and provide prefix 'independent convergence (PIC) in case of a PE-CE link failure. Valid values are true, false, or 'default'.

additional_paths_receive

Enables the receive capability of additional paths for all of the neighbors under this address family for which the capability has not been disabled. Valid values are true, false, or 'default'

additional_paths_selection

Configures the capability of selecting additional paths for a prefix. Valid values are a string defining the name of the route-map.

additional_paths_send

Enables the send capability of additional paths for all of the neighbors under this address family for which the capability has not been disabled. Valid values are true, false, or 'default'

advertise_l2vpn_evpn

Advertise evpn routes. Valid values are true and false.

client_to_client

Configure client-to-client route reflection. Valid values are true and false.

dampen_igp_metric

Specify dampen value for IGP metric-related changes, in seconds. Valid values are Integer, keyword 'default'.

dampening_state

Enable/disable route-flap dampening. Valid values are true, false or 'default'.

dampening_half_time

Specify decay half-life in minutes for route-flap dampening. Valid values are Integer, keyword 'default'.

dampening_max_suppress_time

Specify max suppress time for route-flap dampening stable route. Valid values are Integer, keyword 'default'.

dampening_reuse_time

Specify route reuse time for route-flap dampening. Valid values are Integer, keyword 'default'.

dampening_routemap

Specify route-map for route-flap dampening. Valid values are a string defining the name of the route-map.

dampening_suppress_time

Specify route suppress time for route-flap dampening. Valid values are Integer, keyword 'default'.

Dampening Properties

Note: dampening_routemap is mutually exclusive with dampening_half_time, reuse_time, suppress_time and max_suppress_time.

default_information_originate

default-information originate. Valid values are true and false.

default_metric

Sets default metrics for routes redistributed into BGP. Valid values are Integer or keyword 'default'.

distance_ebgp

Sets the administrative distance for eBGP routes. Valid values are Integer or keyword 'default'.

distance_ibgp

Sets the administrative distance for iBGP routes. Valid values are Integer or keyword 'default'.

distance_local

Sets the administrative distance for local BGP routes. Valid values are Integer or keyword 'default'.

inject_map

An array of route-map names which will specify prefixes to inject. Each array entry must first specify the inject-map name, secondly an exist-map name, and optionally the copy-attributes keyword which indicates that attributes should be copied from the aggregate.

For example, the following array will create three separate inject-maps for lax_inject_map, nyc_inject_map (with copy-attributes), and fsd_exist_map:

[
 ['lax_inject_map', 'lax_exist_map'],
 ['nyc_inject_map', 'nyc_exist_map', 'copy-attributes'],
 ['fsd_inject_map', 'fsd_exist_map']
]
maximum_paths

Configures the maximum number of equal-cost paths for load sharing. Valid value is an integer in the range 1-64. Default value is 1.

maximum_paths_ibgp

Configures the maximum number of ibgp equal-cost paths for load sharing. Valid value is an integer in the range 1-64. Default value is 1.

networks

Networks to configure. Valid value is a list of network prefixes to advertise. The list must be in the form of an array. Each entry in the array must include a prefix address and an optional route-map.

Example: IPv4 Networks Array

[
 ['10.0.0.0/16', 'routemap_LA'],
 ['192.168.1.1', 'Chicago'],
 ['192.168.2.0/24],
 ['192.168.3.0/24', 'routemap_NYC']
]

Example: IPv6 Networks Array

[
 ['10::0/64', 'routemap_LA'],
 ['192:168::1', 'Chicago'],
 ['192:168::/32]
]
next_hop_route_map

Configure a route-map for valid nexthops. Valid values are a string defining the name of the route-map.

redistribute

A list of redistribute directives. Multiple redistribute entries are allowed. The list must be in the form of a nested array: the first entry of each array defines the source-protocol to redistribute from; the second entry defines a route-map name. A route-map is highly advised but may be optional on some platforms, in which case it may be omitted from the array list.

Example: Platform requiring route-maps

redistribute => [['direct',  'rm_direct'],
                 ['lisp',    'rm_lisp'],
                 ['static',  'rm_static'],
                 ['eigrp 1', 'rm_eigrp'],
                 ['isis 2',  'rm_isis'],
                 ['ospf 3',  'rm_ospf'],
                 ['rip 4',   'rm_rip']]

Example: Platform with optional route-maps

redistribute => [['direct'],
                 ['lisp',    'rm_lisp'],
                 ['static'],
                 ['eigrp 1', 'rm_eigrp'],
                 ['isis 2',  'rm_isis'],
                 ['ospf 3',  'rm_ospf'],
                 ['rip 4']]
suppress_inactive

Advertises only active routes to peers. Valid values are true, false, or 'default'.

table_map

Apply table-map to filter routes downloaded into URIB. Valid values are a string.

table_map_filter

Filters routes rejected by the route-map and does not download them to the RIB. Valid values are true, false, or 'default'.

--

Type: cisco_bgp_af_aa

Manages configuration of a BGP Address-family Aggregate-address instance.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.7.0
N3k 7.0(3)I2(5) 1.7.0
N5k 7.3(0)N1(1) 1.7.0
N6k 7.3(0)N1(1) 1.7.0
N7k 7.3(0)D1(1) 1.7.0
N9k-F 7.0(3)F1(1) 1.7.0
N3k-F 7.0(3)F3(2) 1.8.0

Parameters

ensure

Determine whether the BGP address family aggregate address should be present or not. Valid values are 'present' and 'absent'.

asn

BGP autonomous system number. Required. Valid values are String, Integer in ASPLAIN or ASDOT notation.

vrf

VRF name. Required. Valid values are string. The name 'default' is a valid VRF representing the global bgp.

afi

Address Family Identifier (AFI). Required. Valid values are ipv4, ipv6, vpnv4, vpnv6 and l2vpn.

safi

Sub Address Family Identifier (SAFI). Required. Valid values are unicast, multicast and evpn.

aa

Aggregate address mask in ipv4/ipv6 format. Required. Valid values are string. Examples: 1.1.1.1/32 or 2000:1/128.

Properties

as_set

Generates autonomous system set path information. Valid values are true, false or 'default'.

advertise_map

Name of the route map used to select the routes to create AS_SET origin communities. Valid values are string or 'default'.

attribute_map

Name of the route map used to set the attribute of the aggregate route. Valid values are string or 'default'.

summary_only

Filters all more-specific routes from updates. Valid values are true, false or 'default'.

suppress_map

Name of the route map used to select the routes to be suppressed. Valid values are string or 'default'.

--

Type: cisco_bgp_neighbor

Manages configuration of a BGP Neighbor.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.1.0
N3k 7.0(3)I2(5) 1.1.0
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Caveats

Property Caveat Description
log_neighbor_changes Not supported on N5k, N6k
Minimum puppet module version 1.7.0 for N7k
Supported in OS Version 8.1.1 and later on N7k
bfd (ciscopuppet v1.4.0) BFD support added for all platforms
bfd on IPv6 Not supported on N5k, N6k
peer_type Only supported on N9K-EX and N9K-FX devices. For eg: N9K-C93180YC-EX. Minimum OS version 7.0(3)I7(1) and minimum Module Version 1.9.0

Parameters

ensure

Determine whether the neighbor config should be present or not. Valid values are 'present' and 'absent'.

asn

BGP autonomous system number. Required. Valid values are String, Integer in ASPLAIN or ASDOT notation.

vrf

VRF name. Required. Valid values are string. The name 'default' is a valid VRF representing the global bgp.

neighbor

Neighbor Identifier. Required. Valid values are string. Neighbors may use IPv4 or IPv6 notation, with or without prefix length.

Properties

description

Description of the neighbor. Valid value is string.

bfd

Enable Bidirectional Forwarding Detection (BFD). Valid values are true, false and keyword 'default'.

connected_check

Configure whether or not to check for directly connected peer. Valid values are true and false.

capability_negotiation

Configure whether or not to negotiate capability with this neighbor. Valid values are true and false.

dynamic_capability

Configure whether or not to enable dynamic capability. Valid values are true and false.

ebgp_multihop

Specify multihop TTL for a remote peer. Valid values are integers between 2 and 255, or keyword 'default' to disable this property.

local_as

Specify the local-as number for the eBGP neighbor. Valid values are String or Integer in ASPLAIN or ASDOT notation, or 'default', which means not to configure it.

log_neighbor_changes

Specify whether or not to enable log messages for neighbor up/down event. Valid values are 'enable', to enable it, 'disable' to disable it, or 'inherit' to use the configuration in the cisco_bgp type.

low_memory_exempt

Specify whether or not to shut down this neighbor under memory pressure. Valid values are 'true' to exempt the neighbor from being shutdown, 'false' to shut it down, or 'default' to perform the default shutdown behavior.

maximum_peers

Specify Maximum number of peers for this neighbor prefix. Valid values are between 1 and 1000, or 'default', which does not impose the limit.

password

Specify the password for neighbor. Valid value is string.

password_type

Specify the encryption type the password will use. Valid values for Nexus are 'cleartext', '3des' or 'cisco_type_7' encryption, and 'default', which defaults to 'cleartext'.

peer_type

Specify the peer type for EVPN multisite. Valid value are 'fabric-border-leaf' or 'fabric-external'.

remote_as

Specify Autonomous System Number of the neighbor. Valid values are String or Integer in ASPLAIN or ASDOT notation, or 'default', which means not to configure it.

remove_private_as

Specify the config to remove private AS number from outbound updates. Valid values are 'enable' to enable this config, 'disable' to disable this config, 'all' to remove all private AS number, or 'replace-as', to replace the private AS number.

shutdown

Configure to administratively shutdown this neighbor. Valid values are true and false.

suppress_4_byte_as

Configure to suppress 4-byte AS Capability. Valid values are 'true', 'false', and 'default', which sets to the default 'false' value.

timers_keepalive

Specify keepalive timer value. Valid values are integers between 0 and 3600 in terms of seconds, or 'default', which is 60.

timers_holdtime

Specify holdtime timer value. Valid values are integers between 0 and 3600 in terms of seconds, or 'default', which is 180.

transport_passive_mode

Specify whether BGP sessions can be established from incoming or outgoing TCP connection requests (or both). Valid values for Nexus are 'passive_only', 'both', 'clear' and 'default', which defaults to 'clear'. This property can only be configured when the neighbor is in 'ip' address format without prefix length. This property and the transport_passive_only property are mutually exclusive.

transport_passive_only

Specify whether or not to only allow passive connection setup. Valid values are 'true', 'false', and 'default', which defaults to 'false'. This property can only be configured when the neighbor is in 'ip' address format without prefix length. This property and the transport_passive_mode property are mutually exclusive.

update_source

Specify source interface of BGP session and updates. Valid value is a string of the interface name.

--

Type: cisco_bgp_neighbor_af

Manages configuration of a BGP Neighbor Address-family instance.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.1.0
N3k 7.0(3)I2(5) 1.1.0
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Caveats

Property Caveat Description
rewrite_evpn_rt_asn Only supported on N9K-EX and N9K-FX devices. For eg: N9K-C93180YC-EX. Minimum OS version 7.0(3)I7(1) and minimum Module Version 1.9.0

Parameters

ensure

Determine whether the neighbor address family config should be present or not. Valid values are 'present' and 'absent'.

asn

BGP autonomous system number. Required. Valid values are String, Integer in ASPLAIN or ASDOT notation.

vrf

VRF name. Required. Valid values are string. The name 'default' is a valid VRF representing the global bgp.

neighbor

Neighbor Identifier. Required. Valid values are string. Neighbors may use IPv4 or IPv6 notation, with or without a subnet mask.

afi

Neighbor Address Family Identifier (AFI). Required. Valid values are string. Valid neighbor AFIs are ipv4, ipv6, vpnv4, vpnv6 and l2vpn. Note that some AFI/SAFI address-families may not be supported with some neighbors; e.g. an ipv6 neighbor may not support an ipv4 multicast address-family.

safi

Neighbor Sub Address Family Identifier (SAFI). Required. Valid values are string. Valid neighbor SAFIs are unicast, multicast and evpn. Note that some AFI/SAFI address-families may not be supported with some neighbors; e.g. an ipv6 neighbor may not support an ipv4 multicast address-family.

Properties

additional_paths_receive

capability additional-paths receive. Valid values are enable for basic command enablement; disable for disabling the command at the neighbor_af level (it adds the disable keyword to the basic command); and inherit to remove the command at this level (the command value is inherited from a higher BGP layer).

additional_paths_send

capability additional-paths send. Valid values are enable for basic command enablement; disable for disabling the command at the neighbor_af level (it adds the disable keyword to the basic command); and inherit to remove the command at this level (the command value is inherited from a higher BGP layer).

advertise_map_exist

Conditional route advertisement. This property requires two route maps: an advertise-map and an exist-map. Valid values are an array specifying both the advertise-map name and the exist-map name, or simply 'default'; e.g. ['my_advertise_map', 'my_exist_map']. This command is mutually exclusive with the advertise_map_non_exist property.

advertise_map_non_exist

Conditional route advertisement. This property requires two route maps: an advertise-map and a non-exist-map. Valid values are an array specifying both the advertise-map name and the non-exist-map name, or simply 'default'; e.g. ['my_advertise_map', 'my_non_exist_map']. This command is mutually exclusive with the advertise_map_exist property.

allowas_in

allowas-in. Valid values are true, false, or an integer value, which enables the command with a specific max-occurrences value. Related: allowas_in_max.

allowas_in_max

Optional max-occurrences value for allowas_in. Valid values are an integer value or 'default'. Can be used independently or in conjunction with allowas_in.

as_override

as-override. Valid values are true, false, or 'default'.

default_originate

default-originate. Valid values are True, False, or 'default'. Related: default_originate_route_map.

default_originate_route_map

Optional route-map for the default_originate property. Can be used independently or in conjunction with default_originate. Valid values are a string defining a route-map name, or 'default'.

filter_list_in

Valid values are a string defining a filter-list name, or 'default'.

filter_list_out

Valid values are a string defining a filter-list name, or 'default'.

max_prefix_limit

maximum-prefix limit value. Valid values are an integer value or 'default'. Related: max_prefix_threshold, max_prefix_interval, and max_prefix_warning.

max_prefix_interval

Optional restart interval. Valid values are an integer value or 'default'. Requires max_prefix_limit.

max_prefix_threshold

Optional threshold percentage at which to generate a warning. Valid values are an integer value or 'default'. Requires max_prefix_limit.

max_prefix_warning

Optional warning-only keyword. Valid values are True, False, or 'default'. Requires max_prefix_limit.

next_hop_self

next-hop-self. Valid values are True, False, or 'default'.

next_hop_third_party

next-hop-third-party. Valid values are True, False, or 'default'.

prefix_list_in

Valid values are a string defining a prefix-list name, or 'default'.

prefix_list_out

Valid values are a string defining a prefix-list name, or 'default'.

rewrite_evpn_rt_asn

rewrite_evpn_rt_asn state. Valid values are True, False or 'default'.

route_map_in

Valid values are a string defining a route-map name, or 'default'.

route_map_out

Valid values are a string defining a route-map name, or 'default'.

route_reflector_client

route-reflector-client. Valid values are True, False, or 'default'.

send_community

send-community attribute. Valid values are 'none', 'both', 'extended', 'standard', or 'default'.

soft_reconfiguration_in

soft-reconfiguration inbound. Valid values are enable for basic command enablement; always to add the always keyword to the basic command; and inherit to remove the command at this level (the command value is inherited from a higher BGP layer).

soo

Site-of-origin. Valid values are a string defining a VPN extcommunity or 'default'.

suppress_inactive

suppress-inactive Valid values are True, False, or 'default'.

unsuppress_map

unsuppress-map. Valid values are a string defining a route-map name or 'default'.

weight

weight value. Valid values are an integer value or 'default'.

--

Type: cisco_bridge_domain

Manages a cisco Bridge-Domain

Platform OS Minimum Version Module Minimum Version
N9k not applicable not applicable
N3k not applicable not applicable
N5k not applicable not applicable
N6k not applicable not applicable
N7k 7.3(0)D1(1) 1.3.0
N9k-F not applicable not applicable
N3k-F not applicable not applicable

Parameters

ensure

Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.

bd

ID of the Bridge Domain. Valid values are integer.

bd_name

The bridge-domain name. Valid values are String or keyword 'default'. When the bd_name is set to 'default', this property is NOT idempotent.

shutdown

Specifies the shutdown state of the bridge-domain. Valid values are true, false, 'default'.

fabric_control

Specifies this bridge-domain as the fabric control bridge-domain. Only one bridge-domain or VLAN can be configured as fabric-control. Valid values are true, false, keyword 'default.

--

Type: cisco_bridge_domain_vni

Creates a Virtual Network Identifier member (VNI) mapping for cisco Bridge-Domain.

Platform OS Minimum Version Module Minimum Version
N9k not applicable not applicable
N3k not applicable not applicable
N5k not applicable not applicable
N6k not applicable not applicable
N7k 7.3(0)D1(1) 1.3.0
N9k-F not applicable not applicable
N3k-F not applicable not applicable

Parameters

ensure

Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.

bd

The bridge-domain ID. Valid values are one or range of integers.

member_vni

The Virtual Network Identifier (VNI) id that is mapped to the VLAN. Valid values are one or range of integers

--

Type: cisco_dhcp_relay_global

Manages configuration of a DHCP relay global configuration.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(2e) 1.4.0
N3k 7.0(3)I2(2e) 1.4.0
N5k 7.3(0)N1(1) 1.4.0
N6k 7.3(0)N1(1) 1.4.0
N7k 7.3(0)D1(1) 1.4.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Caveats

Property Caveat Description
ipv4_information_option_trust Not supported on N5k, N6k
ipv4_information_trust_all Not supported on N5k, N6k
ipv4_src_addr_hsrp Not supported on N3k, N3k-F, N9k, N9k-F
ipv4_sub_option_circuit_id_custom Not supported on N7k, N3k-F, N9k-F(TBD) and supported on N3k and N9k running os version 7.0(3)I3.1 and later
ipv4_sub_option_circuit_id_string Supported on N3k
Supported in OS Version 7.0(3)I6(1) and later on N9k
ipv6_option_cisco Not supported on N5k, N6k

Parameters

ipv4_information_option

Enables inserting relay information in BOOTREQUEST. Valid values are true, false, 'default'.

ipv4_information_option_trust

Enables relay trust functionality on the system. Valid values are true, false, 'default'.

ipv4_information_option_vpn

Enables relay support across VRFs. Valid values are true, false, 'default'.

ipv4_information_trust_all

Enables relay trust on all the interfaces. Valid values are true, false, 'default'.

ipv4_relay

Enables DHCP relay agent. Valid values are true, false, 'default'.

ipv4_smart_relay

Enables DHCP smart relay. Valid values are true, false, 'default'.

ipv4_src_addr_hsrp

Enables Virtual IP instead of SVI address. Valid values are true, false, 'default'.

ipv4_src_intf

Source interface for the DHCPV4 relay. Valid values are string, keyword 'default'.

ipv4_sub_option_circuit_id_custom

Enables circuit id customized to include vlan id, slot and port info. Valid values are true, false, 'default'.

ipv4_sub_option_circuit_id_string

Specifies suboption format type string. Valid values are string, keyword 'default'.

ipv4_sub_option_cisco

Enables cisco propritery suboptions. Valid values are true, false, 'default'.

ipv6_option_cisco

Enables cisco propritery suboptions for DHCPV6. Valid values are true, false, 'default'.

ipv6_option_vpn

Enables DHCPv6 relay support across VRFs. Valid values are true, false, 'default'.

ipv6_relay

Enables DHCPv6 relay agent. Valid values are true, false, 'default'.

ipv6_src_intf

Source interface for the DHCPV6 relay. Valid values are string, keyword 'default'.

--

Type: cisco_encapsulation

Manages a Global VNI Encapsulation profile

Platform OS Minimum Version Module Minimum Version
N9k not applicable not applicable
N3k not applicable not applicable
N5k not applicable not applicable
N6k not applicable not applicable
N7k 7.3(0)D1(1) 1.3.0
N9k-F not applicable not applicable
N3k-F not applicable not applicable

Parameters

ensure

Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.

encap

Profile name of the Encapsulation. Valid values are String only.

Properties

dot1q_map

The encapsulation profile dot1q vlan-to-vni mapping. Valid values are an array of [vlans, vnis] pairs.

--

Type: cisco_evpn_multicast

Manages advertise evpn multicast configurations of a Cisco device.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I7(1) 1.9.0
N3k not applicable not applicable
N5k not applicable not applicable
N6k not applicable not applicable
N7k not applicable not applicable
N9k-F not applicable not applicable
N3k-F not applicable not applicable

Parameters

ensure

Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'. Default value is 'present'.

name

The EVPN Multicast identifier. Valid values are 'default' only.

--

Type: cisco_evpn_multisite

Manages Cisco Ethernet Virtual Private Network (EVPN) Multisite configurations of a Cisco device.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I7(1) 1.9.0
N3k not applicable not applicable
N5k not applicable not applicable
N6k not applicable not applicable
N7k not applicable not applicable
N9k-F not applicable not applicable
N3k-F not applicable not applicable

Caveats

The cisco_evpn_multisite is only supported on N9K-EX and N9K-FX devices. For eg: N9K-C93180YC-EX.

Parameters

ensure

Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'. Default value is 'present'.

multisite

The EVPN Multisite identifier. Valid values are Integer.

Properties

delay_restore

Delay restore time in seconds. Valid values are Integer or keyword default.

--

Type: cisco_evpn_stormcontrol

Manages Cisco Ethernet Virtual Private Network (EVPN) stormcontrol configurations of a Cisco device.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I7(1) 1.9.0
N3k not applicable not applicable
N5k not applicable not applicable
N6k not applicable not applicable
N7k not applicable not applicable
N9k-F not applicable not applicable
N3k-F not applicable not applicable

Caveats

The cisco_evpn_stormcontrol is only supported on N9K-EX and N9K-FX devices. For eg: N9K-C93180YC-EX.

Parameters

ensure

Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'. Default value is 'present'.

packet_type

The packet type to apply stormcontol on. Valid values are 'unicast', 'multicast' or 'broadcast'.

Properties

level

Stormcontrol level. Valid values are Integer.

--

Type: cisco_evpn_vni

Manages Cisco Ethernet Virtual Private Network (EVPN) VXLAN Network Identifier (VNI) configurations of a Cisco device. This provider is no longer needed for N9k and N9k-F running versions 9.2.1 or later.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I3(1) 1.3.0
N3k not applicable not applicable
N5k 7.3(0)N1(1) 1.3.0
N6k 7.3(0)N1(1) 1.3.0
N7k 7.3(0)D1(1) 1.3.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Caveats

Property Caveat Description
route_target_both Supported on most Nexus platforms but usage is discouraged. See route_target_both below.

Parameters

ensure

Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'. Default value is 'present'.

vni

The EVPN VXLAN Network Identifier. Valid values are Integer.

Properties

route_distinguisher

The VPN Route Distinguisher (RD). The RD is combined with the IPv4 or IPv6 prefix learned by the PE router to create a globally unique address. Valid values are a String in one of the route-distinguisher formats (ASN2:NN, ASN4:NN, or IPV4:NN); the keyword 'auto', or the keyword 'default'.

route_target_both

Enables/Disables route-target settings for both import and export target communities using a single property. Valid values are an Array or space-separated String of extended communities, or the keywords 'auto' or 'default'."

Caveat: The route_target_both property is discouraged due to the inconsistent behavior of the property across Nexus platforms and image versions. The 'both' keyword has a transformative behavior on some platforms/versions in which it creates two cli configurations: one for import targets, a second for export targets, while the 'both' command itself may not appear at all. When the 'both' keyword does not appear in the configuration it causes an idempotency problem for puppet. For this reason it is recommended to use explicit 'route_target_export' and 'route_target_import' properties instead of route_target_both.

route_target_import

Sets the route-target 'import' extended communities. Valid values are an Array or space-separated String of extended communities, or the keywords 'auto' or 'default'.

route_target Examples:

route_target_import => ['1.2.3.4:5', '33:55'] route_target_export => '4:4 66:66'

route_target_export

Sets the route-target 'export' extended communities. Valid values are an Array or space-separated String of extended communities, or the keywords 'auto' or 'default'.

--

Type: cisco_fabricpath_global

Manages Cisco fabricpath global parameters.

Platform OS Minimum Version Module Minimum Version
N9k not applicable not applicable
N3k not applicable not applicable
N5k 7.3(0)N1(1) 1.3.0
N6k 7.3(0)N1(1) 1.3.0
N7k 7.3(0)D1(1) 1.3.0

Caveats

Property Caveat Description
loadbalance_multicast_has_vlan Supported only on N7k
loadbalance_multicast_rotate Supported only on N7k
ttl_multicast Supported only on N7k
ttl_unicast Supported only on N7k

Parameters

name

ID of the fabricpath global config. The only valid value is keyword 'default'.

aggregate_multicast_routes

Aggregate Multicast Routes on same tree in the topology. Valid values are true/false and keyword 'default'. Default value: false.

allocate_delay

Fabricpath Timers Allocate Delay in seconds. Valid values are integers from 1..1200 and keyword 'default'. Default value: 10.

graceful_merge

Graceful merge for conflicting switch-id or FTAG allocation. Valid values are enable/disable and keyword 'default'. Default value: true.

linkup_delay

Fabricpath Timers Link-up Delay in seconds. Valid values are integers from 1..1200 and keyword 'default'. Default value: 10.

loadbalance_algorithm

Fabricpath ECMP loadbalancing alogorithm. Valid values are 'destination', 'source', 'source-destination', 'symmetric' and the keyword 'default'. Default is symmetric for Nexus 7000 series and source-destination for others.

loadbalance_multicast_has_vlan

Multicast Loadbalance flow parameters - include vlan or not. Valid values are true or false and keyword 'default'. Default value: true.

loadbalance_multicast_rotate

Multicast Loadbalance flow parameters - rotate amount in bytes. Valid values are integer in range 0..15 and keyword 'default'. Default value: 1.

loadbalance_unicast_has_vlan

Unicast Loadbalance flow parameters - include vlan or not. Valid values are true/false and keyword 'default'. Default value: 1.

loadbalance_unicast_layer

Unicast Loadbalance flow parameters - layer. Valid values are : layer2, layer3, layer4, mixed, and keyword 'default'. Default value: mixed.

loadbalance_unicast_rotate

Unicast Loadbalance flow parameters - rotate amount in bytes. Valid values are Integers in range 0..15 and keyword 'default'. Default value: 1.

linkup_delay_always

Fabricpath Timers Link-up delay always. This configuration introduces a linkup delay always whether the link is administratively brought up or whether it is restored after events such as a module reload. Valid values are true/false. Default: true.

linkup_delay_enable

Fabricpath Timers Link-up delay enable. Valid values are true/false and keyword 'default'. Default value: true.

mode

Mode of operation of this switch w.r.t to segmentation. Valid values are normal/transit and keyword 'default'. Default: normal.

switch_id

The fabricpath switch_id. This parameter can be used to over-ride the automatically assigned switch-id for this switch. Valid values are integers from 1..4094.

transition_delay

Fabricpath Timers Transition Delay in seconds. Valid values are integers from 1..1200 and keyword 'default'. Default value: 10.

ttl_multicast

Fabricpath Multicast TTL value. Valid values are integers from 1..64 and keyword 'default'. Default value: 32.

ttl_unicast

Fabricpath Unicast TTL value. Valid values are integers from 1..64 and keyword 'default'. Default value: 32.

--

Type: cisco_fabricpath_topology

Manages a Cisco fabricpath Topology

Platform OS Minimum Version Module Minimum Version
N9k not applicable not applicable
N3k not applicable not applicable
N5k 7.3(0)N1(1) 1.3.0
N6k 7.3(0)N1(1) 1.3.0
N7k 7.3(0)D1(1) 1.3.0
N9k-F not applicable not applicable
N3k-F not applicable not applicable

Parameters

topo_id

ID of the fabricpath topology. Valid values are integers in the range 1-63. Value of 0 is reserved for default topology.

member_vlans

ID of the VLAN(s) tha are members of this topology. Valid values are integer/integer ranges.

topo_name

Descriptive name of the topology. Valid values are string

--

Type: cisco_hsrp_global

Manages Cisco Hot Standby Router Protocol (HSRP) global parameters.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.5.0
N3k 7.0(3)I2(5) 1.5.0
N5k 7.3(0)N1(1) 1.5.0
N6k 7.3(0)N1(1) 1.5.0
N7k 7.3(0)D1(1) 1.5.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Caveats

Property Caveat Description
bfd_all_intf Not supported on N3k

Parameters

bfd_all_intf

Enables BFD for all HSRP sessions on all interfaces. Valid values are 'true', 'false', and 'default'.

extended_hold

Configures extended hold on global timers. Valid values are integer, keyword 'default'.

--

Type: cisco_interface

Manages a Cisco Network Interface. Any resource dependency should be run before the interface resource.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.0.1
N3k 7.0(3)I2(5) 1.0.1
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Caveats

Property Caveat Description
ipv4_dhcp_relay_info_trust Not supported on N5k,N6k
ipv4_dhcp_relay_src_addr_hsrp Not supported on N3k,N3k-F,N9k-F,N9k
storm_control_broadcast Not supported on N7k
storm_control_multicast Not supported on N7k
pvlan_mapping Not supported on N3k-F,N9k-F
switchport_pvlan_host Not supported on N3k-F,N9k-F
switchport_pvlan_host_association Not supported on N3k-F,N9k-F
switchport_pvlan_mapping Not supported on N3k-F,N9k-F
switchport_pvlan_mapping_trunk Not supported on N3k,N3k-F,N9k-F
switchport_pvlan_promiscuous Not supported on N3k-F,N9k-F
switchport_pvlan_trunk_allowed_vlan Not supported on N3k-F,N9k-F
switchport_pvlan_trunk_association Not supported on N3k,N3k-F,N9k-F
switchport_pvlan_trunk_native_vlan Not supported on N3k-F,N9k-F
switchport_pvlan_trunk_promiscuous Not supported on N3k,N3k-F,N9k-F
switchport_pvlan_trunk_secondary Not supported on N3k,N3k-F,N9k-F
svi_autostate Only supported on N3k,N7k,N9k
vlan_mapping Only supported on N7k
vlan_mapping_enable Only supported on N7k
hsrp_bfd Not supported on N5k,N6k
Minimum puppet module version 1.5.0
Supported in OS Version 8.0 and later on N7k
hsrp_delay_minimum Not supported on N5k,N6k
Minimum puppet module version 1.5.0
Supported in OS Version 8.0 and later on N7k
hsrp_delay_reload Not supported on N5k,N6k
Minimum puppet module version 1.5.0
Supported in OS Version 8.0 and later on N7k
hsrp_mac_refresh Not supported on N5k,N6k
Minimum puppet module version 1.5.0
Supported in OS Version 8.0 and later on N7k
hsrp_use_bia Not supported on N5k,N6k
Minimum puppet module version 1.5.0
Supported in OS Version 8.0 and later on N7k
hsrp_version Not supported on N5k,N6k
Minimum puppet module version 1.5.0
Supported in OS Version 8.0 and later on N7k
pim_bfd Minimum puppet module version 1.5.0
load_interval_counter_1_delay Minimum puppet module version 1.6.0
load_interval_counter_2_delay Minimum puppet module version 1.6.0
load_interval_counter_3_delay Minimum puppet module version 1.6.0
Ensure absent for ethernet interfaces Minimum puppet module version 1.8.0
ipv6_redirects Minimum puppet module version 1.10.0

Parameters

Basic interface config attributes
ensure

Determine whether the interface config should be present or not. Valid values are 'present' and 'absent'.

Version 1.8.0 of the module allows physical ethernet interfaces to be managed as ensurable resources.

Notes about ensure => present and ensure => absent on physical ethernet interfaces:

  • ensure => present along with non-default property values will put the interface into a non-default state.
  • ensure => absent will put the interface into a default state.
  • Physical interfaces will be displayed as ensure => absent by the puppet resource command when they are in a default state.
interface

Name of the interface on the network element. No white space allowed in the name. Valid value is a string.

Properties

bfd_echo

Enables bfd echo function for all address families. Valid values are 'true', 'false', and 'default'. This property is not applicable for loopback interfaces.

description

Description of the interface. Valid values are a string or the keyword 'default'.

duplex

Duplex of the interface. Valid values are 'full', and 'auto'.

speed

Speed of the interface. Valid values are 100, 1000, 10000, 40000, 100000, and 'auto'.

shutdown

Shutdown state of the interface. Valid values are 'true', 'false', and 'default'.

switchport_mode

Switchport mode of the interface. Interfaces that support switchport_mode may default to layer 2 or layer 3 depending on platform, interface type, or the system default switchport setting. An interface may be explicitly set to Layer 3 by setting switchport_mode to 'disabled'. Valid values are 'disabled', 'access', 'tunnel', 'fex_fabric', 'trunk', 'fabricpath' and 'default'.

L2 interface config attributes
access_vlan

The VLAN ID assigned to the interface. Valid values are an integer or the keyword 'default'.

encapsulation_dot1q

Enable IEEE 802.1Q encapsulation of traffic on a specified subinterface. Valid values are integer, keyword 'default'.

mtu

Maximum Trasnmission Unit size for frames received and sent on the specified interface. Valid value is an integer.

switchport_autostate_exclude

Exclude this port for the SVI link calculation. Valid values are 'true', 'false', and 'default'.

pvlan_mapping

Maps secondary VLANs to the VLAN interface of a primary VLAN. Valid inputs are a String containing a range of secondary vlans or keyword 'default'.

Example: pvlan_mapping => '3-4,6'

switchport_pvlan_host

Configures a Layer 2 interface as a private VLAN host port. Valid values are 'true', 'false', and 'default'

switchport_pvlan_host_association

Associates the Layer 2 host port with the primary and secondary VLANs of a private VLAN. Valid inputs are: An array containing the primary and secondary vlans, or keyword 'default'.

Example: switchport_pvlan_host_association => ['44', '144']

switchport_pvlan_mapping

Associates the specified port with a primary VLAN and a selected list of secondary VLANs. Valid inputs are an array containing both the primary vlan and a range of secondary vlans, or keyword 'default'.

Example: switchport_pvlan_mapping => ['44', '3-4,6']

switchport_pvlan_mapping_trunk

Maps the promiscuous trunk port with the primary VLAN and a selected list of associated secondary VLANs. Valid inputs are: An array containing both the primary vlan and a range of secondary vlans, a nested array if there are multiple mappings, or keyword 'default'.

Examples:

 switchport_pvlan_mapping_trunk => [['44', '3-4,6'], ['99', '199']]

   -or-

 switchport_pvlan_mapping_trunk => ['44', '3-4,6']
switchport_pvlan_trunk_allowed_vlan

Sets the allowed VLANs for the private VLAN isolated trunk interface. Valid values are a String range of vlans or keyword 'default'.

Example: switchport_pvlan_trunk_allowed_vlan => '3-4,6'

switchport_pvlan_trunk_association

Associates the Layer 2 isolated trunk port with the primary and secondary VLANs of private VLANs. Valid inputs are: An array containing an association of primary and secondary vlans, a nested array if there are multiple associations, or the keyword 'default'.

Examples:

switchport_pvlan_trunk_association => [['44', '244'], ['45', '245']]

   -or-

switchport_pvlan_trunk_association => ['44', '244']
switchport_pvlan_trunk_native_vlan

Sets the native VLAN for the 802.1Q trunk. Valid values are Integer, String, or keyword 'default'.

switchport_pvlan_promiscuous

Configures a Layer 2 interface as a private VLAN promiscuous port. Valid values are 'true', 'false', and 'default'.

switchport_pvlan_trunk_promiscuous

Configures a Layer 2 interface as a private VLAN promiscuous trunk port. Valid values are 'true', 'false', and 'default'.

switchport_pvlan_trunk_secondary

Configures a Layer 2 interface as a private VLAN isolated trunk port. Valid values are 'true', 'false', and 'default'.

switchport_trunk_allowed_vlan

The allowed VLANs for the specified Ethernet interface. Valid values are string, keyword 'default'.

switchport_trunk_native_vlan

The Native VLAN assigned to the switch port. Valid values are integer, keyword 'default'.

switchport_vtp

Enable or disable VTP on the interface. Valid values are 'true', 'false', and 'default'.

negotiate_auto

Enable/Disable negotiate auto on the interface. Valid values are 'true', 'false', and 'default'.

storm_control_broadcast

Allowed broadcast traffic level. Valid values are a string representing the broadcast level or keyword 'default'.

storm_control_multicast

Allowed multicast traffic level. Valid values are a string representing the multicast level or keyword 'default'.

storm_control_unicast

Allowed unicast traffic level. Valid values are a string representing the unicast level or keyword 'default'.

L3 interface config attributes
ipv4_acl_in

Applies an ipv4 access list on the interface in the ingress direction. An access-list should be present on the network device prior to this configuration. Valid values are string, keyword 'default'.

ipv4_acl_out

Applies an ipv4 access list on the interface in the egress direction. An access-list should be present on the network device prior to this configuration. Valid values are string, keyword 'default'.

ipv4_pim_sparse_mode

Enables or disables ipv4 pim sparse mode on the interface. Valid values are 'true', 'false', and 'default'.

ipv4_proxy_arp

Enables or disables proxy arp on the interface. Valid values are 'true', 'false', and 'default'.

ipv4_address

IP address of the interface. Valid values are a string of ipv4 address or the keyword 'default'.

ipv4_netmask_length

Network mask length of the IP address on the interface. Valid values are integer and keyword 'default'.

ipv4_address_secondary

Secondary IP address of the interface. Valid values are a string of ipv4 address or the keyword 'default'.

ipv4_netmask_length_secondary

Network mask length of the secondary IP address on the interface. Valid values are integer and keyword 'default'.

ipv4_arp_timeout

Address Resolution Protocol (ARP) timeout value. Valid values are integer and keyword 'default'. Currently only supported on vlan interfaces.

ipv4_forwarding

IP forwarding state. Valid values are string or keyword 'default'.

ipv4_pim_sparse_mode

Enables or disables ipv4 pim sparse mode on the interface. Valid values are 'true', 'false', and 'default'.

ipv4_proxy_arp

Enables or disables proxy arp on the interface. Valid values are 'true', 'false', and 'default'.

ipv4_redirects

Enables or disables sending of IP redirect messages. Valid values are 'true', 'false', and 'default'.

ipv6_acl_in

Applies an ipv6 access list on the interface in the ingress direction. An access-list should be present on the network device prior to this configuration. Valid values are string, keyword 'default'.

ipv6_acl_out

Applies an ipv6 access list on the interface in the egress direction. An access-list should be present on the network device prior to this configuration. Valid values are string, keyword 'default'.

ipv4_dhcp_relay_addr

This property is an array of dhcp relay addresses. Valid values are an array specifying the dhcp relay addresses or keyword 'default'; e.g.:

ipv4_dhcp_relay_addr => ['1.1.1.1', '2.2.2.2']
ipv4_dhcp_relay_info_trust

Enable/Disable relay trust on the interface. Valid values are 'true', 'false', and 'default'.

ipv4_dhcp_relay_src_addr_hsrp

Enable/Disable virtual IP instead of SVI address on the interface. Valid values are 'true', 'false', and 'default'.

ipv4_dhcp_relay_src_intf

Source interface for the DHCPV4 relay. Valid values are string, keyword 'default'.

ipv4_dhcp_relay_info_trust

Enable/Disable DHCP relay subnet-broadcast on the interface. Valid values are 'true', 'false', and 'default'.

ipv4_dhcp_smart_relay

Enable/Disable DHCP smart relay on the interface. Valid values are 'true', 'false', and 'default'.

ipv6_dhcp_relay_addr

This property is an array of ipv6 dhcp relay addresses. Valid values are an array specifying the ipv6 dhcp relay addresses or keyword 'default'; e.g.:

ipv6_dhcp_relay_addr => ['2000::11', '2001::22']
ipv6_dhcp_relay_src_intf

Source interface for the DHCPV6 relay. Valid values are string, keyword 'default'.

ipv6_redirects

Enables or disables sending of IPv6 redirect messages. Valid values are 'true', 'false', and 'default'.

pim_bfd

Enables PIM BFD on the interface. Valid values are 'true', 'false', and 'default'.

vlan_mapping

This property is a nested array of [original_vlan, translated_vlan] pairs. Valid values are an array specifying the mapped vlans or keyword 'default'; e.g.:

vlan_mapping => [[20, 21], [30, 31]]
vlan_mapping_enable

Allows disablement of vlan_mapping on a given interface. Valid values are 'true', 'false', and 'default'.

vpc_id

Configure the vPC ID on this interface to make it a vPC link. The peer switch should configure a corresponding interface with the same vPC ID in order for the downstream device to add these links as part of the same port-channel. The vpc_id can generally be configured only on interfaces which are themselves port-channels (usually a single member port-channel). However, on the Nexus 7000 series a physical port can be configured as a vPC link. Valid values are integers in the range 1..4096. By default, interface is not configured with any vpc_id.

vpc_peer_link

Configure this port-channel interface to be a vPC peer-link. A vPC peer-link is essential to the working of the vPC complex, not only for establishing the peer connectivity for control message exchange, but also for providing redundancy when vPC links fail. Valid values are 'true' or 'false'. Default value: false.

vrf

VRF member of the interface. Valid values are a string or the keyword 'default'.

STP config attributes
stp_bpdufilter

Enable/Disable BPDU (Bridge Protocol Data Unit) filter for this interface. Valid values are enable, disable or 'default'.

stp_bpduguard

Enable/Disable BPDU (Bridge Protocol Data Unit) guard for this interface. Valid values are enable, disable or 'default'.

stp_cost

Path cost. Valid values are integer, 'auto' or 'default'.

stp_guard

Guard mode. Valid values are loop, none, root or 'default'.

stp_link_type

Link type. Valid values are auto, shared, point-to-point or 'default'.

stp_mst_cost

Mst cost. Valid values are an array of [mst_range, cost] pairs or 'default'.

stp_mst_port_priority

Mst port priority. Valid values are an array of [mst_range, port_priority] pairs or 'default'.

stp_port_priority

Port priority. Valid values are integer or 'default'.

stp_port_type

Port type. Valid values are edge, network, normal, edge_trunk or 'default'.

stp_vlan_cost

Vlan path cost. Valid values are an array of [vlan_range, cost] pairs or 'default'.

stp_vlan_port_priority

Vlan port priority. Valid values are an array of [vlan_range, port_priority] pairs or 'default'.

SVI interface config attributes
fabric_forwarding_anycast_gateway

Associate SVI with anycast gateway under VLAN configuration mode. The cisco_overlay_global anycast_gateway_mac must be set before setting this property. Valid values are 'true', 'false', and 'default'.

svi_autostate

Enable/Disable autostate on the SVI interface. Valid values are 'true', 'false', and 'default'.

svi_management

Enable/Disable management on the SVI interface. Valid values are 'true', 'false', and 'default'.

HSRP config attributes
hsrp_bfd

Enable HSRP BFD on this interface. Valid values are true, false or 'default'.

hsrp_delay_minimum

HSRP intialization minimim delay in seconds. Valid values are integer, keyword 'default'

hsrp_delay_reload

HSRP intialization delay after reload in seconds. Valid values are integer, keyword 'default'

hsrp_mac_refresh

HSRP mac refresh time in seconds. Valid values are integer, keyword 'default'

hsrp_use_bia

HSRP uses this interface's burned in address. Valid values are 'use_bia', 'use_bia_intf' or 'default'. 'use_bia' uses interface's burned in address. 'use_bia_intf' will increase the scope and applies this configuration to all groups on this interface.

hsrp_version

HSRP version for this interface. Valid values are integer, keyword 'default'.

load-interval config attributes
load_interval_counter_1_delay

Load interval delay for counter 1 in seconds. Valid values are integer, keyword 'default'

load_interval_counter_2_delay

Load interval delay for counter 2 in seconds. Valid values are integer, keyword 'default'

load_interval_counter_3_delay

Load interval delay for counter 3 in seconds. Valid values are integer, keyword 'default'

--

Type: cisco_interface_channel_group

Manages a Cisco Network Interface Channel-group.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.2.0
N3k 7.0(3)I2(5) 1.2.0
N5k 7.3(0)N1(1) 1.3.0
N6k 7.3(0)N1(1) 1.3.0
N7k 7.3(0)D1(1) 1.3.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Caveats

Property Caveat Description
channel_group_mode Minimum puppet module version 1.7.0

Parameters

Basic interface channel-group config attributes
ensure

Determine whether the interface config should be present or not. Valid values are 'present' and 'absent'.

interface

Name of the interface where the service resides. Valid value is a string.

channel_group

channel_group is an aggregation of multiple physical interfaces that creates a logical interface. Valid values are 1 to 4096 and 'default'.

Note: On some platforms a normal side-effect of adding the channel-group property is that an independent port-channel interface will be created; however, removing the channel-group configuration by itself will not also remove the port-channel interface. Therefore, the port-channel interface itself may be explicitly removed by using the cisco_interface provider with ensure => absent.

channel_group_mode

channel_group_mode is the port-channel mode of the interface. Valid values are 'active', 'passive', 'on', and 'default'.

description

Description of the interface. Valid values are a string or the keyword 'default'.

shutdown

Shutdown state of the interface. Valid values are 'true', 'false', and 'default'.

--

Type: cisco_interface_evpn_multisite

Manages Cisco Interface Ethernet Virtual Private Network (EVPN) Multisite configurations of a Cisco device.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I7(1) 1.9.0
N3k not applicable not applicable
N5k not applicable not applicable
N6k not applicable not applicable
N7k not applicable not applicable
N9k-F not applicable not applicable
N3k-F not applicable not applicable

Caveats

The cisco_interface_evpn_multisite is only supported on N9K-EX and N9K-FX devices. For eg: N9K-C93180YC-EX.

Parameters

ensure

Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'. Default value is 'present'.

interface

Name of the interface on the network element. Valid value is a string.

Properties

tracking

The type of tracking to use with multisite interface. Valid values are String.

--

Type: cisco_interface_hsrp_group

Manages a Cisco Network Interface HSRP group.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.5.0
N3k 7.0(3)I2(5) 1.5.0
N5k not applicable not applicable
N6k not applicable not applicable
N7k 8.0 1.5.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Caveats

Property Caveat Description
all properties Supported in OS Version 8.0 and later on N7k

Parameters

Interface hsrp-group config attributes
ensure

Determine whether the interface hsrp group config should be present or not. Valid values are 'present' and 'absent'.

authentication_auth_type

Authentication type for the HSRP group. Valid values are 'cleartext', 'md5', keyword 'default'.

authentication_compatibility

Turn on compatibility mode for MD5 type-7 authentication. Valid values are 'true', 'false', keyword 'default'.

authentication_enc_type

Scheme used for encrypting authentication key string. Valid values are 'clear', 'encrypted', keyword 'default'.

authentication_key_type

Authentication key type. Valid values are 'key-chain', 'key-string', keyword 'default'.

authentication_string

Specifies password or key chain name or key string name. Valid values are string, keyword 'default'.

authentication_timeout

Specifies authentication timeout. Valid values are integer, keyword 'default'.

ipv4_enable

Enables HSRP ipv4. Valid values are 'true', 'false', keyword 'default'.

ipv4_vip

Sets HSRP IPv4 virtual IP addressing name. Valid values are string, keyword 'default'.

ipv6_autoconfig

Obtains ipv6 address using autoconfiguration. Valid values are 'true', 'false', keyword 'default'.

ipv6_vip

Enables HSRP IPv6 and sets an array of virtual IPv6 addresses. Valid values are array of ipv6 addresses, keyword 'default'.

mac_addr

Virtual mac address. Valid values are string specifying the mac address, keyword 'default'.

group_name

Redundancy name string. Valid values are string, keyword 'default'.

preempt

Overthrows lower priority Active routers. Valid values are 'true', 'false', keyword 'default'.

preempt_delay_minimum

Specifies amount of time to wait before pre-empting. Valid values are integer, keyword 'default'.

preempt_delay_reload

Specifies time to wait after reload. Valid values are integer, keyword 'default'.

preempt_delay_sync

Specifies time to wait for IP redundancy clients. Valid values are integer, keyword 'default'.

priority

Sets priority value for this interface hsrp group. Valid values are integer, keyword 'default'.

priority_forward_thresh_lower

Sets priority forwarding lower threshold value. Valid values are integer, keyword 'default'.

priority_forward_thresh_upper

Sets priority forwarding upper threshold value. Valid values are integer, keyword 'default'.

timers_hello_msec

Specify hello interval in milliseconds. Valid values are 'true', 'false', keyword 'default'.

timers_hold_msec

Specify hold interval in milliseconds. Valid values are 'true', 'false', keyword 'default'.

timers_hello

Sets hello interval. Valid values are integer, keyword 'default'.

timers_hold

Sets hold interval. Valid values are integer, keyword 'default'.

--

Type: cisco_interface_service_vni

Manages a Cisco Network Interface Service VNI.

Platform OS Minimum Version Module Minimum Version
N9k not applicable not applicable
N3k not applicable not applicable
N5k not applicable not applicable
N6k not applicable not applicable
N7k 7.3(0)D1(1) 1.2.0
N9k-F not applicable not applicable
N3k-F not applicable not applicable

Parameters

Basic interface service vni config attributes
ensure

Determine whether the interface config should be present or not. Valid values are 'present' and 'absent'.

interface

Name of the interface where the service resides. Valid value is a string.

sid

The Service ID number. Valid value is an Integer.

Properties

encapsulation_profile_vni

The VNI Encapsulation Profile Name. Valid values are String or the keyword 'default'

shutdown

Shutdown state of the interface service vni. Valid values are 'true', 'false', or 'default'.

--

Type: cisco_interface_ospf

Manages configuration of an OSPF interface instance.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.2.0
N3k 7.0(3)I2(5) 1.2.0
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Parameters

ensure

Determine whether the config should be present or not. Valid values are 'present' and 'absent'.

interface

Name of this cisco_interface resource. Valid value is a string.

ospf

Name of the cisco_ospf resource. Valid value is a string.

bfd

Enables bfd at interface level. This overrides the bfd variable set at the ospf router level. Valid values are 'true', 'false', or 'default'.

cost

The cost associated with this cisco_interface_ospf instance. Valid value is an integer or the keyword 'default'.

hello_interval

The hello_interval associated with this cisco_interface_ospf instance. Time between sending successive hello packets. Valid values are an integer or the keyword 'default'.

dead_interval

The dead_interval associated with the cisco_interface_ospf instance. Time interval an ospf neighbor waits for a hello packet before tearing down adjacencies. Valid values are an integer or the keyword 'default'.

passive_interface

Passive interface associated with the cisco_interface_ospf instance. Setting to true will prevent this interface from receiving HELLO packets. Valid values are 'true' and 'false' or the keyword 'default'.

message_digest

Enables or disables the usage of message digest authentication. Valid values are 'true' and 'false' or the keyword 'default'.

message_digest_key_id

md5 authentication key-id associated with the cisco_interface_ospf instance. If this is present in the manifest, message_digest_encryption_type, message_digest_algorithm_type and message_digest_password are mandatory. Valid value is an integer or the keyword 'default'.

message_digest_algorithm_type

Algorithm used for authentication among neighboring routers within an area. Valid values are 'md5' and keyword 'default'.

message_digest_encryption_type

Specifies the scheme used for encrypting message_digest_password. Valid values are 'cleartext', '3des' or 'cisco_type_7' encryption, and 'default', which defaults to 'cleartext'.

message_digest_password

Specifies the message_digest password. Valid value is a string or the keyword 'default'.

mtu_ignore

Disables OSPF MTU mismatch detection. Valid values are 'true', 'false', or 'default'.

network_type

Specifies the network type of this interface. Valid values are 'broadcast', 'p2p' or the keyword 'default'. 'broadcast' type is not applicable on loopback interfaces.

priority

The router priority associated with this cisco_interface_ospf instance. Valid values are an integer or the keyword 'default'.

shutdown

Shuts down ospf on this interface. Valid values are 'true', 'false', or 'default'.

transmit_delay

Packet transmission delay in seconds. Valid values are an integer or the keyword 'default'.

area

Required. Ospf area associated with this cisco_interface_ospf instance. Valid values are a string, formatted as an IP address (i.e. "0.0.0.0") or as an integer.

--

Type: cisco_interface_portchannel

Manages configuration of a portchannel interface instance.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.2.0
N3k 7.0(3)I2(5) 1.2.0
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0

Caveats

Property Caveat Description
port_hash_distribution
port_load_defer
Not supported on N5k, N6k
lacp_suspend_individual WARNING: On N9k, the portchannel interface must be shutdown before the property can be set. This provider automatically shuts the interface down if needed.
The interface is automatically restored to the original state after the property is set.

Parameters

ensure

Determine whether the config should be present or not. Valid values are 'present' and 'absent'.

bfd_per_link

Enables BFD sessions on each port-channel link. Valid values are true, false or 'default'.

lacp_graceful_convergence

port-channel lacp graceful convergence. Valid values are true, false or 'default'.

lacp_max_bundle

port-channel max-bundle. Valid values are Integer, keyword 'default'.

lacp_min_links

port-channel min-links. Valid values are Integer, keyword 'default'.

lacp_suspend_individual

lacp port-channel state. Valid values are true and false or 'default'.

port_hash_distribution

port-channel per port hash-distribution. Valid values are 'adaptive', 'fixed' or the keyword 'default'. This property is not supported on (Nexus 5|6k)

port_load_defer

port-channel per port load-defer. Valid values are true, false or 'default'. This property is not supported on (Nexus 5|6k)

--

Type: cisco_ip_multicast

Manages ip multicast configurations of a Cisco device.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I7(1) 1.9.0
N3k not applicable not applicable
N5k not applicable not applicable
N6k not applicable not applicable
N7k not applicable not applicable
N9k-F not applicable not applicable
N3k-F not applicable not applicable

Caveats

Property Caveat Description
ensure WARNING Setting ensure to absent disables the feature ngmvpn.

Parameters

ensure

Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'. Default value is 'present'.

name

The IP Multicast resource identifier. Valid values are 'default' only.

Properties

overlay_distributed_dr

Configure node as Distributed-DR. Valid values are true, false or keyword default.

overlay_spt_only

Enable L3-overlay shortest path tree only. Valid values are true, false or keyword default.

--

Type: cisco_itd_device_group

Manages configuration of ITD (Intelligent Traffic Director) device group

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I3(1) 1.3.0
N3k not applicable not applicable
N5k not applicable not applicable
N6k not applicable not applicable
N7k 7.3(0)D1(1) 1.3.0
N9k-F not applicable not applicable
N3k-F not applicable not applicable

Parameters

ensure

Determine whether the config should be present or not. Valid values are 'present' and 'absent'.

probe_control

Enable control protocol for probe. Valid values are true, false or 'default'. This is applicable only when the probe type is 'tcp' or 'udp'

probe_dns_host

Host name or target address when the probe type is 'dns'. Valid values are String.

probe_frequency

Probe frequency in seconds. Valid values are Integer, keyword 'default'.

probe_port

Probe port number when the type is 'tcp' or 'udp'. Valid values are Integer.

probe_retry_down

Probe retry count when the node goes down. Valid values are Integer, keyword 'default'.

probe_retry_up

Probe retry count when the node comes back up. Valid values are Integer, keyword 'default'.

probe_timeout

Probe timeout in seconds. Valid values are Integer, keyword 'default'.

probe_type

Probe type. Valid values are 'icmp', 'dns', 'tcp', 'udp' or keyword 'default'.

--

Type: cisco_itd_device_group_node

Manages configuration of ITD (Intelligent Traffic Director) device group node

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I3(1) 1.3.0
N3k not applicable not applicable
N5k not applicable not applicable
N6k not applicable not applicable
N7k 7.3(0)D1(1) 1.3.0
N9k-F not applicable not applicable
N3k-F not applicable not applicable

Parameters

ensure

Determine whether the config should be present or not. Valid values are 'present' and 'absent'.

hot_standby

Change mode of this node as hot-standby. Valid values are true, false or 'default'.

node_type

Type of the device group node. Valid values are ip and IPv6. It defaults to ip if not specified. IPv6 is not supported for N9k.

probe_control

Enable control protocol for probe. Valid values are true, false or 'default'. This is applicable only when the probe type is 'tcp' or 'udp'

probe_dns_host

Host name or target address when the probe type is 'dns'. Valid values are String.

probe_frequency

Probe frequency in seconds. Valid values are Integer, keyword 'default'.

probe_port

Probe port number when the type is 'tcp' or 'udp'. Valid values are Integer.

probe_retry_down

Probe retry count when the node goes down. Valid values are Integer, keyword 'default'.

probe_retry_up

Probe retry count when the node comes back up. Valid values are Integer, keyword 'default'.

probe_timeout

Probe timeout in seconds. Valid values are Integer, keyword 'default'.

probe_type

Probe type. Valid values are 'icmp', 'dns', 'tcp', 'udp' or keyword 'default'.

weight

Weight for traffic distribution. Valid values are Integer, keyword 'default'.

--

Type: cisco_itd_service

Manages configuration of ITD (Intelligent Traffic Director) service.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I3(1) 1.3.0
N3k not applicable not applicable
N5k not applicable not applicable
N6k not applicable not applicable
N7k 7.3(0)D1(1) 1.3.0

Caveats

Property Caveat Description
This provider requires the following commands to be applied as prerequisites using the cisco_command_config provider.

  cisco_command_config { 'prerequisites':
    command => "
      feature pbr
      feature sla sender
      feature sla responder
      ip sla responder
    "
  }
nat_destination Supported only on N7k
peer_local Supported only on N9k
peer_vdc Supported only on N7k

Parameters

ensure

Determine whether the config should be present or not. Valid values are 'present' and 'absent'.

access_list

ITD access-list name. Valid values are String or 'default'.

device_group

Device group name where this service belongs. Valid values are String or 'default'.

exclude_access_list

ITD exclude-access-list name. Valid values are String or 'default'.

fail_action

ITD failaction to reassign node. This enables traffic on failed nodes to be reassigned to the first available active node. Valid values are true, false or 'default'.

ingress_interface

Ingress interface. Valid values are an array of [interface, next-hop] pairs or 'default'.

load_bal_enable

Enable or disable load balance. Valid values are true, false or 'default'.

load_bal_buckets

Buckets for traffic distribution (in powers of 2). Valid values are Integer, or keyword 'default'.

load_bal_mask_pos

Loadbalance mask position. Valid values are Integer, keyword 'default'.

load_bal_method_bundle_select

Loadbalance bundle select. Valid values are 'src, 'dst' or keyword 'default'.

load_bal_method_bundle_hash

Loadbalance bundle hash. Valid values are 'ip, 'ip-l4port' or keyword 'default'.

load_bal_method_proto

Loadbalance protocol. This is valid only when the bundle hash is 'ip-l4port'. Valid values are 'tcp, 'udp' or keyword 'default'.

load_bal_method_start_port

Starting port in range (to match only packets in the range of port numbers). This is valid only when the bundle hash is 'ip-l4port'. Valid values are Integer, keyword 'default'.

load_bal_method_end_port

Ending port in range (to match only packets in the range of port numbers). This is valid only when the bundle hash is 'ip-l4port'. Valid values are Integer, keyword 'default'.

nat_destination

Destination NAT. Valid values are true, false or 'default'.

peer_local

Peer involved in sandwich mode. Valid values are String or 'default'.

peer_vdc

Peer involved in sandwich mode. Valid values are an array of [vdc, service] or 'default'.

shutdown

Whether or not the service is shutdown. Valid values are 'true', 'false' and keyword 'default'.

virtual_ip

Virtual ip configuration. Valid values are an array of Strings or 'default'.

--

Type: cisco_object_group

Manages configuration of an ObjectGroup instance. This has no properties and it is the parent of ObjectGroupEntry.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(2e) 1.8.0
N3k 7.0(3)I2(2e) 1.8.0
N5k not applicable not applicable
N6k not applicable not applicable
N7k 7.3(0)D1(1) 1.8.0
N9k-F 7.0(3)F1(1) 1.8.0
N3k-F 7.0(3)F3(2) 1.8.0

Parameters

Example Parameter Usage
cisco_object_group { '<afi> <type> <grp_name>':
cisco_object_group { 'ipv4 address myog_v4_addr':
afi

Address Family Identifier (AFI). Required. Valid values are 'ipv4' and 'ipv6'.

type

Type of the object_group instance. Required. Valid values are 'address' and 'port'.

grp_name

Name of the object_group instance. Required. Valid values are type String.

Properties
ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

--

Type: cisco_object_group_entry

Manages configuration of an ObjectGroupEntry instance.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(2e) 1.8.0
N3k 7.0(3)I2(2e) 1.8.0
N5k not applicable not applicable
N6k not applicable not applicable
N7k 7.3(0)D1(1) 1.8.0
N9k-F 7.0(3)F1(1) 1.8.0
N3k-F 7.0(3)F3(2) 1.8.0

Example Usage

cisco_object_group_entry { 'ipv4 address myoge_v4_addr 10':
  ensure              => 'present',
  address             => '10.10.10.1/24',
}

cisco_object_group_entry { 'ipv4 port myoge_v4_port 20':
  ensure              => 'present',
  port                => 'neq 40',
}

cisco_object_group_entry { 'ipv6 address myoge_v6_addr 30':
  ensure              => 'present',
  address             => '2000::1/64',
}

Parameters

Example Parameter Usage
cisco_object_group_entry { '<afi> <type> <grp_name> <seqno>':
cisco_object_group_entry { 'ipv4 address myoge_v4_addr 10':
afi

Address Family Identifier (AFI). Required. Valid values are 'ipv4' and 'ipv6'.

type

Type of the object_group instance. Required. Valid values are 'address' and 'port'.

grp_name

Name of the object_group instance. Required. Valid values are type String.

seqno

Object Group Entry Sequence Number. Required. Valid values are type Integer.

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

Properties

address

The Address to match against. Valid values are type String, which must be one of the following forms:

  • An IPv4/IPv6 address/prefix length
  • The keyword host and a host address
  • An IPv4 Address and wildcard
Examples
address => '10.10.10.1/24'
address => '10.10.10.1 11.12.13.14'
address => 'host 10.0.0.1'
address => '2000::1/64'
address => 'host 2001::1'
port

The TCP or UDP Port to match against. Valid values are type String, which must be one of the following forms:

  • A comparison operator (eq, neq, lt, gt) and value
  • The keyword range and a range value
Examples
port => 'neq 40'
port => 'range 68 69'
port => 'lt 400'

--

Type: cisco_ospf

Manages configuration of an ospf instance.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.0.1
N3k 7.0(3)I2(5) 1.0.1
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Parameters

ensure

Determine if the config should be present or not. Valid values are 'present', and 'absent'.

ospf

Name of the ospf router. Valid value is a string.

--

Type: cisco_ospf_area

Manages an area for an OSPF router.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.4.0
N3k 7.0(3)I2(5) 1.4.0
N5k 7.3(0)N1(1) 1.4.0
N6k 7.3(0)N1(1) 1.4.0
N7k 7.3(0)D1(1) 1.4.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Example Usage

cisco_ospf_area { 'my_ospf_instance default 10':
  ensure          => 'present',
  range           => [['10.3.0.0/16', 'not_advertise', '23'],
                      ['10.3.3.0/24', '450']
                     ],
}

cisco_ospf_area { 'my_ospf_instance my_vrf 1.1.1.1':
  ensure          => 'present',
  authentication  => 'md5',
  default_cost    => 1000,
  filter_list_in  => 'fin',
  filter_list_out => 'fout',
  stub            => true,
}

cisco_ospf_area { 'my_ospf_instance my_vrf 1000':
  ensure                 => 'present',
  nssa                   => true,
  nssa_default_originate => true,
  nssa_no_redistribution => true,
  nssa_no_summary        => true,
  nssa_route_map         => 'rmap',
  nssa_translate_type7   => 'always',
}

Parameters

| Example Parameter Usage | |:--|:-- |cisco_ospf_area { '<ospf_process_id> <vrf> <area_id>': |cisco_ospf_area { '1 my_vrf 10': |cisco_ospf_area { 'my_ospf default 10.1.1.1':

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

authentication

Enables authentication for the area. Valid values are 'cleartext', 'md5' or 'default'.

default_cost

Default_cost for default summary Link-State Advertisement (LSA). Valid values are integer or keyword 'default'.

filter_list_in

This is a route-map for filtering networks sent to this area. Valid values are string or keyword 'default'.

filter_list_out

This is a route-map for filtering networks sent from this area. Valid values are string or keyword 'default'.

nssa

This property defines the area as NSSA (not so stubby area). Valid values are true, false or keyword 'default'. This property is mutually exclusive with stub and stub_no_summary.

nssa_default_originate

Generates an NSSA External (type 7) LSA for use as a default route to the external autonomous system. Valid values are true, false or keyword 'default'.

nssa_no_redistribution

Disable redistribution within the NSSA. Valid values are true, false or keyword 'default'.

nssa_no_summary

Disables summary LSA flooding within the NSSA. Valid values are true, false or keyword 'default'.

nssa_route_map

Controls distribution of the default route. This property can only be used when the nssa_default_originate property is set to true. Valid values are String (the route-map name) or keyword 'default'.

nssa_translate_type7

Translates NSSA external (type 7) LSAs to standard external (type 5) LSAs for use outside the NSSA. Valid values are one of the following keyword strings:

Keyword Description
always Always translate
suppress_fa Forwarding Address Suppression
always_suppress_fa Always translate & use Forwarding Address Suppression
never Never translate
default Translation is not configured
range

Summarizes routes at an area boundary. Optionally sets the area range status to DoNotAdvertise as well as setting per-summary cost values. Valid values are a nested array of [summary_address, 'not_advertise', cost], or keyword 'default'. The summary-address is mandatory.

Example: range => [['10.3.0.0/16', 'not_advertise', '23'], ['10.3.0.0/32', 'not_advertise'], ['10.3.0.1/32'], ['10.3.3.0/24', '450']]

stub

Defines the area as a stub area. Valid values are true, false or keyword 'default'. This property is not necessary when the stub_no_summary property is set to true, which also defines the area as a stub area. This property is mutually exclusive with nssa.

stub_no_summary

Stub areas flood summary LSAs. This property disables summary flooding into the area. This property can be used in place of the stub property or in conjunction with it. Valid values are true, false or keyword 'default'. This property is mutually exclusive with nssa.

--

Type: cisco_ospf_area_vlink

Manages an area virtual link for an OSPF router.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.4.0
N3k 7.0(3)I2(5) 1.4.0
N5k 7.3(0)N1(1) 1.4.0
N6k 7.3(0)N1(1) 1.4.0
N7k 7.3(0)D1(1) 1.4.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Example Usage

cisco_ospf_area_vlink { 'my_ospf_instance default 10 1.1.1.1':
  ensure                             => 'present',
  auth_key_chain                     => 'keyChain',
  authentication                     => 'md5',
  authentication_key_encryption_type => cisco_type_7,
  authentication_key_password        => '98765432109876543210',
  dead_interval                      => 500,
  hello_interval                     => 2000,
  message_digest_algorithm_type      => 'md5',
  message_digest_encryption_type     => cisco_type_7,
  message_digest_key_id              => 123,
  message_digest_password            => '12345678901234567890',
  retransmit_interval                => 777,
  transmit_delay                     => 333,
}

Parameters

| Example Parameter Usage | |:--|:-- |cisco_ospf_area_vlink { '<ospf_process_id> <vrf> <area_id> <vlink_id>': |cisco_ospf_area_vlink { '1 my_vrf 10 1.1.1.1': |cisco_ospf_area_vlink { 'my_ospf default 10.1.1.1 2.2.2.2':

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

auth_key_chain

Authentication password key chain name. Valid values are string, or 'default'.

authentication

Enables authentication for the virtual link. Valid values are 'cleartext', 'md5', 'null', or 'default'.

authentication_key_encryption_type

Specifies the scheme used for encrypting authentication_key_password. Valid values are 'cleartext', '3des' or 'cisco_type_7' encryption, and 'default', which defaults to 'cleartext'.

authentication_key_password

Specifies the authentication_key password. Valid value is a string, or 'default'.

dead_interval

Time in seconds that a neighbor waits for a Hello packet before declaring the local router as dead and tearing down adjacencies. Valid values are integer, keyword 'default'.

hello_interval

Time in seconds between successive Hello packets. Valid values are integer, keyword 'default'.

message_digest_algorithm_type

Algorithm used for authentication among neighboring routers within an area virtual link. Valid values are 'md5' and keyword 'default'.

message_digest_encryption_type

Specifies the scheme used for encrypting message_digest_password. Valid values are 'cleartext', '3des' or 'cisco_type_7' encryption, and 'default', which defaults to 'cleartext'.

message_digest_key_id

md5 authentication key id. Valid values are integer.

message_digest_password

Specifies the message_digest password. Valid value is a string.

retransmit_interval

Estimated time in seconds between successive LSAs. Valid values are integer, keyword 'default'.

transmit_delay

Estimated time in seconds to transmit an LSA to a neighbor. Valid values are integer, keyword 'default'.

--

Type: cisco_ospf_vrf

Manages a VRF for an OSPF router.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.0.1
N3k 7.0(3)I2(5) 1.0.1
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Caveats

Property Caveat Description
redistribute Minimum Module Version 2.0.0
No support for redistribute maximum-prefixes

Parameters

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

vrf

Name of the resource instance. Valid value is a string. The name 'default' is a valid VRF representing the global ospf.

ospf

Name of the ospf instance. Valid value is a string.

router_id

Router Identifier (ID) of the OSPF router VRF instance. Valid values are a string or the keyword 'default'.

bfd

Enables bfd on all the OSPF interfaces on this router. The individual interfaces can override this. Valid values are true, false or keyword 'default'

default_metric

Specify the default Metric value. Valid values are an integer or the keyword 'default'.

log_adjacency

Controls the level of log messages generated whenever a neighbor changes state. Valid values are 'log', 'detail', 'none', and 'default'.

redistribute

A list of redistribute directives. Multiple redistribute entries are allowed. The list must be in the form of a nested array: the first entry of each array defines the source-protocol to redistribute from; the second entry defines a route-map name.

Example:

redistribute => [['direct',  'rm_direct'],
                 ['lisp',    'rm_lisp'],
                 ['static',  'rm_static'],
                 ['eigrp 1', 'rm_eigrp'],
                 ['isis 2',  'rm_isis'],
                 ['ospf 3',  'rm_ospf'],
                 ['rip 4',   'rm_rip']]

Note: redistribute maximum-prefixes is not currently supported for cisco_ospf_vrf.

timer_throttle_lsa_start

Specify the start interval for rate-limiting Link-State Advertisement (LSA) generation. Valid values are an integer, in milliseconds, or the keyword 'default'.

timer_throttle_lsa_hold

Specifies the hold interval for rate-limiting Link-State Advertisement (LSA) generation. Valid values are an integer, in milliseconds, or the keyword 'default'.

timer_throttle_lsa_max

Specifies the max interval for rate-limiting Link-State Advertisement (LSA) generation. Valid values are an integer, in milliseconds, or the keyword 'default'.

timer_throttle_spf_start

Specify initial Shortest Path First (SPF) schedule delay. Valid values are an integer, in milliseconds, or the keyword 'default'.

timer_throttle_spf_hold

Specify minimum hold time between Shortest Path First (SPF) calculations. Valid values are an integer, in milliseconds, or the keyword 'default'.

timer_throttle_spf_max

Specify the maximum wait time between Shortest Path First (SPF) calculations. Valid values are an integer, in milliseconds, or the keyword 'default'.

auto_cost

Specifies the reference bandwidth used to assign OSPF cost. Valid values are an integer, in Mbps, or the keyword 'default'.

--

Type: cisco_overlay_global

Handles the detection of duplicate IP or MAC addresses based on the number of moves in a given time-interval (seconds). Also configures anycast gateway MAC of the switch.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.2.0
N3k 7.0(3)I6(1) 1.7.0
N5k 7.3(0)N1(1) 1.3.0
N6k 7.3(0)N1(1) 1.3.0
N7k 7.3(0)D1(1) 1.3.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Caveats

Property Caveat Description
anycast_gateway_mac Not supported on N3k
dup_host_ip_addr_detection_host_moves Not supported on N3k
dup_host_ip_addr_detection_timeout Not supported on N3k
dup_host_mac_detection_host_moves Supported in OS Version 7.0(3)I6(1) and later on N3k
dup_host_mac_detection_timeout Supported in OS Version 7.0(3)I6(1) and later on N3k

Parameters

name

Instance of cisco_overlay_global, only allow the value 'default'

anycast_gateway_mac

Anycast gateway mac of the switch

dup_host_ip_addr_detection_host_moves

The number of host moves allowed in n seconds. The range is 1 to 1000 moves; default is 5 moves.

dup_host_ip_addr_detection_timeout

The duplicate detection timeout in seconds for the number of host moves. The range is 2 to 36000 seconds; default is 180 seconds.

dup_host_mac_detection_host_moves

The number of host moves allowed in n seconds. The range is 1 to 1000 moves; default is 5 moves.

dup_host_mac_detection_timeout

The duplicate detection timeout in seconds for the number of host moves. The range is 2 to 36000 seconds; default is 180 seconds.

--

Type: cisco_pim

Manages configuration of an Protocol Independent Multicast (PIM) instance.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.2.0
N3k 7.0(3)I2(5) 1.2.0
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Caveats

Property Caveat Description
bfd Minimum puppet module version 1.5.0

Parameters

afi

Address Family Identifier (AFI). Required. Valid value is ipv4.

vrf

Name of the resource instance. Required. Valid values are string. The name 'default' is a valid VRF representing the global vrf.

Properties

bfd

Enables BFD for all PIM interfaces in the current VRF. Valid values are true, false or 'default'.

ssm_range

Configure group ranges for Source Specific Multicast (SSM). Valid values are multicast addresses or the keyword ‘none’.

--

Type: cisco_pim_grouplist

Manages configuration of an Protocol Independent Multicast (PIM) static route processor (RP) address for a multicast group range.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.2.0
N3k 7.0(3)I2(5) 1.2.0
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Parameters

afi

Address Family Identifier (AFI). Required. Valid values are ipv4 and ipv6.

vrf

Name of the resource instance. Required. Valid values are string. The name 'default' is a valid VRF representing the global vrf.

rp_addr

IP address of a router which is the route processor (RP) for a group range.. Required. Valid values are unicast addresses.

group

Specifies a group range for a static route processor (RP) address. Required. Valid values are multicast addresses.

--

Type: cisco_pim_rp_address

Manages configuration of an Protocol Independent Multicast (PIM) static route processor (RP) address instance.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.2.0
N3k 7.0(3)I2(5) 1.2.0
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Parameters

afi

Address Family Identifier (AFI). Required. Valid values are ipv4 and ipv6.

vrf

Name of the resource instance. Required. Valid values are string. The name 'default' is a valid VRF representing the global vrf.

rp_addr

Configures a Protocol Independent Multicast (PIM) static route processor (RP) address. Required. Valid values are unicast addresses.

--

Type: cisco_portchannel_global

Manages configuration of a portchannel global parameters

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.2.0
N3k 7.0(3)I2(5) 1.3.0
N5k 7.3(0)N1(1) 1.3.0
N6k 7.3(0)N1(1) 1.3.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

cisco_portchannel_global is not currently supported on N9K-EX and N9K-FX devices.

Caveats

Property Caveat Description
asymmetric
hash_distribution
load_defer
Supported only on N7k
bundle_hash values: port, ip-only, port-only Only supported on N3k, N5k, N6k
bundle_hash values: ip-gre Only supported on N3k, N9k
bundle_hash values: ip-l4port, ip-l4port-vlan, ip-vlan, l4port Only supported on N7k, N9k
concatenation Supported only on N9k
hash_poly Supported only on N5k, N6k
resilient
symmetry
Supported only on N3k, N9k
rotate Supported only on N3k-F, N7k, N9k-F, N9k

Parameters

asymmetric

port-channel asymmetric hash. Valid values are true, false or 'default'.

bundle_hash

port-channel bundle hash. Valid values are 'ip', 'ip-l4port', 'ip-l4port-vlan', 'ip-vlan', 'l4port', 'mac', 'port', 'ip-only', 'port-only', 'ip-gre' or 'default'.

bundle_select

port-channel bundle select. Valid values are 'src', 'dst', 'src-dst' or 'default'.

concatenation

port-channel concatenation enable or disable. Valid values are true, false or 'default'.

hash_distribution

port-channel hash-distribution. Valid values are 'adaptive', 'fixed' or the keyword 'default'.

hash_poly

port-channel hash-polynomial. Valid values are 'CRC10a', 'CRC10b', 'CRC10c' or 'CRC10d'. Note: This property does not support the keyword 'default'.

load_defer

port-channel load-defer time interval. Valid values are integer or 'default'.

resilient

port-channel resilient mode. Valid values are true, false or 'default'.

rotate

port-channel hash input offset. Valid values are integer or 'default'.

symmetry

port-channel symmetry hash. Valid values are true, false or 'default'.

--

Type: cisco_route_map

Manages a Cisco Route Map.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.6.0
N3k 7.0(3)I2(5) 1.6.0
N5k 7.3(0)N1(1) 1.6.0
N6k 7.3(0)N1(1) 1.6.0
N7k 7.3(0)D1(1) 1.6.0
N9k-F 7.0(3)F1(1) 1.6.0
N3k-F 7.0(3)F3(2) 1.8.0

Caveats

Property Caveat Description
match_evpn_route_type_1 Not supported on N3k,N3k-F,N9k-F,N9k
match_evpn_route_type_2_all Not supported on N3k,N3k-F,N9k-F,N9k
match_evpn_route_type_2_mac_ip Not supported on N3k,N3k-F,N9k-F,N9k
match_evpn_route_type_2_mac_only Not supported on N3k,N3k-F,N9k-F,N9k
match_evpn_route_type_3 Not supported on N3k,N3k-F,N9k-F,N9k
match_evpn_route_type_4 Not supported on N3k,N3k-F,N9k-F,N9k
match_evpn_route_type_5 Not supported on N3k,N3k-F,N9k-F,N9k
match_evpn_route_type_6 Not supported on N3k,N3k-F,N9k-F,N9k
match_evpn_route_type_all Not supported on N3k,N3k-F,N9k-F,N9k
match_length Not supported on N3k,N3k-F,N9k-F,N9k
match_mac_list Not supported on N3k,N3k-F,N9k-F,N9k
match_metric Supported in OS Version 7.0(3)F2(1) and later on N9k-F
match_ospf_area Not supported on N5k,N6k,N7k,N3k-F,N9k-F
Supported in OS version 7.0(3)I5.1 and later on N3k, N9k
match_vlan Not supported on N3k,N3k-F,N9k-F,N9k
set_extcommunity_4bytes_additive Supported in OS Version 7.0(3)F2(1) and later on N9k-F
set_extcommunity_4bytes_non_transitive Supported in OS Version 7.0(3)F2(1) and later on N9k-F
set_extcommunity_4bytes_transitive Supported in OS Version 7.0(3)F2(1) and later on N9k-F
set_extcommunity_cost_igp Not supported on N3k-F,N9k-F
set_extcommunity_cost_pre_bestpath Not supported on N3k-F,N9k-F
set_extcommunity_rt_additive Not supported on N3k-F,N9k-F
set_extcommunity_rt_asn Not supported on N3k-F,N9k-F,N9k
set_forwarding_addr Not supported on N3k-F,N9k-F
set_ipv4_default_next_hop Not supported on N5k,N6k,N3k-F,N9k-F,N9k
set_ipv4_default_next_hop_load_share Not supported on N5k,N6k,N3k-F,N9k-F,N9k
set_ipv4_next_hop Not supported on N3k-F,N9k-F
set_ipv4_next_hop_load_share Not supported on N5k,N6k
Supported in OS Version 7.0(3)I5.1 and later on N9k
Supported in OS Version 7.0(3)F2(1) and later on N9k-F
set_ipv4_next_hop_redist Supported on N5k,N6k,N7k,N3k-F,N9k-F
Supported in OS Version 7.0(3)I5.1 and later on N3k,N9k
set_ipv4_precedence Not supported on N3k-F,N9k-F
set_ipv4_prefix Not supported on N5k,N6k,N3k-F,N9k-F
set_ipv6_default_next_hop Not supported on N5k,N6k,N3k-F,N9k-F,N9k
set_ipv6_default_next_hop_load_share Not supported on N5k,N6k,N3k-F,N9k-F,N9k
set_ipv6_next_hop Not supported on N3k-F,N9k-F
set_ipv6_next_hop_load_share Not supported on N5k,N6k
Supported in OS Version 7.0(3)I5.1 and later on N9k
Supported in OS Version 7.0(3)F2(1) and later on N9k-F
set_ipv6_next_hop_redist Supported on N5k,N6k,N7k,N3k-F,N9k-F
Supported in OS Version 7.0(3)I5.1 and later on N3k,N9k
set_ipv6_prefix Not supported on N5k,N6k,N3k-F,N9k-F
set_vrf Supported on N7k
Example Parameter Usage
match_as_number { '<AA4>, <AA4>-<AA4>, ..':
match_as_number { '['3', '22-34', '38', '101-110', '120']':
Basic interface config attributes
ensure

Determine whether the route map config should be present or not. Valid values are 'present' and 'absent'.

description

Description of the route-map. Valid values are string, or keyword 'default'

match_as_number

Match BGP peer AS number. Valid values are an array of ranges or keyword 'default'

match_as_number_as_path_list

Match BGP AS path list. Valid values are an array of list names or keyword 'default'

match_community

Match BGP community list. Valid values are an array of communities or keyword 'default'

match_community_exact_match

Enable exact matching of communities. Valid values 'true', 'false' or keyword 'default'

match_evpn_route_type_1

Enable match BGP EVPN route type-1. Valid values are 'true', 'false' or keyword 'default'

match_evpn_route_type_2_all

Enable match all BGP EVPN route in type-2. Valid values are 'true', false or keyword 'default'

match_evpn_route_type_2_mac_ip

Enable match mac-ip BGP EVPN route in type-2. Valid values are 'true', 'false' or keyword 'default'

match_evpn_route_type_2_mac_only

Enable match mac-only BGP EVPN route in type-2. Valid values are 'true', 'false' or keyword 'default'

match_evpn_route_type_3

Enable match BGP EVPN route type-3. Valid values are 'true', 'false' or keyword 'default'

match_evpn_route_type_4

Enable match BGP EVPN route type-4. Valid values are 'true', 'false' or keyword 'default'

match_evpn_route_type_5

Enable match BGP EVPN route type-5. Valid values are 'true', 'false' or keyword 'default'

match_evpn_route_type_6

Enable match BGP EVPN route type-6. Valid values are 'true', 'false' or keyword 'default'

match_evpn_route_type_all

Enable match BGP EVPN route type 1-6. Valid values are 'true', 'false' or keyword 'default'

match_ext_community

Match BGP extended community list. Valid values are an array of extended communities or keyword 'default'

match_ext_community_exact_match

Enable exact matching of extended communities. Valid values are 'true', 'false' or keyword 'default'

match_interface

Match first hop interface of route. Valid values are array of interfaces or keyword 'default'

match_ipv4_addr_access_list

Match IPv4 access-list name. Valid values are String or keyword 'default'

match_ipv4_addr_prefix_list

Match entries of prefix-lists for IPv4. Valid values are array of prefixes or keyword 'default'

match_ipv4_multicast_enable

Enable match IPv4 multicast. This property should be set to 'true' before setting any IPv4 multicast properties. Valid values are are 'true', 'false' or keyword 'default'

match_ipv4_multicast_group_addr

Match IPv4 multicast group prefix. Valid values are string, or keyword 'default'

match_ipv4_multicast_group_range_begin_addr

Match IPv4 multicast group address begin range. Valid values are string, or keyword 'default'

match_ipv4_multicast_group_range_end_addr

Match IPv4 multicast group address end range. Valid values are string, or keyword 'default'

match_ipv4_multicast_rp_addr

Match IPv4 multicast rendezvous prefix. Valid values are string, or keyword 'default'

match_ipv4_multicast_rp_type

Match IPv4 multicast rendezvous point type. Valid values are 'ASM', 'Bidir' or keyword 'default'

match_ipv4_multicast_src_addr

Match IPv4 multicast source prefix. Valid values are string or keyword 'default'

match_ipv4_next_hop_prefix_list

Match entries of prefix-lists for next-hop address of route for IPv4. Valid values are an array of prefixes or keyword 'default'

match_ipv4_route_src_prefix_list

Match entries of prefix-lists for advertising source address of route for IPv4. Valid values are an array of prefixes or keyword 'default'

match_ipv6_addr_access_list

Match IPv6 access-list name. Valid values are string or keyword 'default'

match_ipv6_addr_prefix_list

Match entries of prefix-lists for IPv6. Valid values are array of prefixes or keyword 'default'

match_ipv6_multicast_enable

Enable match IPv6 multicast. This property should be set to 'true' before setting any IPv6 multicast properties. Valid values are 'true', 'false' or keyword 'default'

match_ipv6_multicast_group_addr

Match IPv6 multicast group prefix. Valid values are string, or keyword 'default'

match_ipv6_multicast_group_range_begin_addr

Match IPv6 multicast group address begin range. Valid values are string, or keyword 'default'

match_ipv6_multicast_group_range_end_addr

Match IPv6 multicast group address end range. Valid values are string, or keyword 'default'

match_ipv6_multicast_rp_addr

Match IPv6 multicast rendezvous prefix. Valid values are string, or keyword 'default'

match_ipv6_multicast_rp_type

Match IPv6 multicast rendezvous point type. Valid values are 'ASM', 'Bidir' or keyword 'default'

match_ipv6_multicast_src_addr

Match IPv6 multicast source prefix. Valid values are string or keyword 'default'

match_ipv6_next_hop_prefix_list

Match entries of prefix-lists for next-hop address of route for IPv6. Valid values are array of prefixes or keyword 'default'

match_ipv6_route_src_prefix_list

Match entries of prefix-lists for advertising source address of route for IPv6. Valid values are array of prefixes or keyword 'default'

match_length

Match packet length. Valid values are array of minimum and maximum lengths or keyword 'default'

match_mac_list

Match entries of mac-lists. Valid values are array of mac list names or keyword 'default'

match_metric

Match metric of route. Valid values are array of [metric, deviation] pairs or keyword 'default'

match_ospf_area

Match entries of ospf area IDs. Valid values are array of ids or keyword 'default'

match_route_type_external

Enable match external route type (BGP, EIGRP and OSPF type 1/2). Valid values are 'true', 'false' or keyword 'default'

match_route_type_inter_area

Enable match OSPF inter area type. Valid values are 'true', 'false' or keyword 'default'

match_route_type_internal

Enable match OSPF inter area type (OSPF intra/inter area). Valid values are 'true', 'false' or keyword 'default'

match_route_type_intra_area

Enable match OSPF intra area route. Valid values are 'true', 'false' or keyword 'default'

match_route_type_level_1

Enable match IS-IS level-1 route. Valid values are 'true', 'false' or keyword 'default'

match_route_type_level_2

Enable match IS-IS level-2 route. Valid values are 'true', 'false' or keyword 'default'

match_route_type_local

Enable match locally generated route. Valid values are 'true', 'false' or keyword 'default'

match_route_type_nssa_external

Enable match nssa-external route (OSPF type 1/2). Valid values are 'true', 'false' or keyword 'default'

match_route_type_type_1

Enable match OSPF external type 1 route. Valid values are 'true', 'false' or keyword 'default'

match_route_type_type_2

Enable match OSPF external type 2 route. Valid values are 'true', 'false' or keyword 'default'

match_src_proto

Match source protocol. Valid values are array of protocols or keyword 'default'

match_tag

Match tag of route. Valid values are array of tags or keyword 'default'

match_vlan

Match VLAN Id. Valid values are array of string of VLAN ranges or keyword 'default'

set_as_path_prepend

Prepend string for a BGP AS-path attribute. Valid values are array of AS numbers or keyword 'default'

set_as_path_prepend_last_as

Number of last-AS prepends. Valid values are integer or keyword 'default'

set_as_path_tag

Set the tag as an AS-path attribute. Valid values are 'true', 'false' or keyword 'default'

set_comm_list

Set BGP community list (for deletion). Valid values are String or keyword 'default'

set_community_additive

Add to existing BGP community. Valid values are 'true', 'false' or keyword 'default'

set_community_asn

Set community number. Valid values are array of AS numbers or keyword 'default'

set_community_internet

Set Internet community. Valid values are 'true', 'false' or keyword 'default'

set_community_local_as

Do not send outside local AS. Valid values are 'true', 'false' or keyword 'default'

set_community_no_advtertise

Do not advertise to any peer. Valid values are 'true', 'false' or keyword 'default'

set_community_no_export

Do not export to next AS. Valid values are 'true', 'false' or keyword 'default'

set_community_none

Set no community attribute. Valid values are 'true', 'false' or keyword 'default'

set_dampening_half_life

Set half-life time for the penalty of BGP route flap dampening. Valid values are integer or keyword 'default'

set_dampening_max_duation

Set maximum duration to suppress a stable route of BGP route flap dampening. Valid values are integer or keyword 'default'

set_dampening_reuse

Set penalty to start reusing a route of BGP route flap dampening. Valid values are integer or keyword 'default'

set_dampening_suppress

Set penalty to start suppressing a route of BGP route flap dampening. Valid values are integer or keyword 'default'

set_distance_igp_ebgp

Set administrative distance for IGP or EBGP routes. Valid values are integer or keyword 'default'

set_distance_internal

Set administrative distance for internal routes. Valid values are integer or keyword 'default'

set_distance_local

Set administrative distance for local routes. Valid values are integer or keyword 'default'

set_extcomm_list

Set BGP extended community list (for deletion). Valid values are string or keyword 'default'

set_extcommunity_4bytes_additive

Add to existing generic extcommunity. Valid values are 'true', 'false' or keyword 'default'

set_extcommunity_4bytes_non_transitive

Set non-transitive extended community. Valid values are array of communities, or keyword 'default'

set_extcommunity_4bytes_none

Set no extcommunity generic attribute. Valid values are 'true', 'false' or keyword 'default'

set_extcommunity_4bytes_transitive

Set transitive extended community. Valid values are array of communities, or keyword 'default'

set_extcommunity_cost_igp

Compare following IGP cost comparison. Valid values are array of [communityId, cost] pairs or keyword 'default'

set_extcommunity_cost_pre_bestpath

Compare before all other steps in bestpath calculation. Valid values are array of [communityId, cost] pairs or keyword 'default'

set_extcommunity_rt_additive

Set add to existing route target extcommunity. Valid values are 'true', 'false' or keyword 'default'

set_extcommunity_rt_asn

Set community number. Valid values are array of AS numbers or keyword 'default'

set_forwarding_addr

Set the forwarding address. Valid values are 'true', 'false' or keyword 'default'

set_interface

Set output interface. Valid values are 'Null0' or keyword 'default'

set_ipv4_default_next_hop

Set default next-hop IPv4 address. Valid values are array of next hops or keyword 'default'

set_ipv4_default_next_hop_load_share

Enable default IPv4 next-hop load-sharing. Valid values are 'true', 'false' or keyword 'default'

set_ipv4_next_hop

Set next-hop IPv4 address. Valid values are array of next hops or keyword 'default'

set_ipv4_next_hop_load_share

Enable IPv4 next-hop load-sharing. Valid values are 'true', 'false' or keyword 'default'

set_ipv4_next_hop_peer_addr

Enable IPv4 next-hop peer address. Valid values are 'true', 'false' or keyword 'default'

set_ipv4_next_hop_redist

Enable IPv4 next-hop unchanged address during redistribution. Valid values are 'true', 'false' or keyword 'default'

set_ipv4_next_hop_unchanged

Enable IPv4 next-hop unchanged address. Valid values are 'true', 'false' or keyword 'default'

set_ipv4_precedence

Set IPv4 precedence field. Valid values are 'critical', 'flash', 'flash-override', 'immediate', 'internet', 'network', 'priority', 'routine' or keyword 'default'

set_ipv4_prefix

Set IPv4 prefix-list. Valid values are string or keyword 'default'

set_ipv6_default_next_hop

Set default next-hop IPv6 address. Valid values are array of next hops or keyword 'default'

set_ipv6_default_next_hop_load_share

Enable default IPv6 next-hop load-sharing. Valid values are 'true', 'false' or keyword 'default'

set_ipv6_next_hop

Set next-hop IPv6 address. Valid values are array of next hops or keyword 'default'

set_ipv6_next_hop_load_share

Enable IPv6 next-hop load-sharing. Valid values are 'true', 'false' or keyword 'default'

set_ipv6_next_hop_peer_addr

Enable IPv6 next-hop peer address. Valid values are 'true', 'false' or keyword 'default'

set_ipv6_next_hop_redist

Enable IPv6 next-hop unchanged address during redistribution. Valid values are 'true', 'false' or keyword 'default'

set_ipv6_next_hop_unchanged

Enable IPv6 next-hop unchanged address. Valid values are 'true', 'false' or keyword 'default'

set_ipv6_precedence

Set IPv6 precedence field. Valid values are 'critical', 'flash', 'flash-override', 'immediate', 'internet', 'network', 'priority', 'routine' or keyword 'default'

set_ipv6_prefix

Set IPv6 prefix-list. Valid values are string or keyword 'default'

set_level

Set where to import route. Valid values are 'level-1', 'level-1-2', 'level-2' or keyword 'default'

set_local_preference

Set BGP local preference path attribute. Valid values are integer or keyword 'default'

set_metric_additive

Set add to metric. Valid values are 'true', 'false' or keyword 'default'

set_metric_bandwidth

Set metric value or Bandwidth in kbps. Valid values are integer or keyword 'default'

set_metric_delay

Set IGRP delay metric. Valid values are integer or keyword 'default'

set_metric_effective_bandwidth

Set IGRP Effective bandwidth metric. Valid values are integer or keyword 'default'

set_metric_mtu

Set IGRP MTU of the path. Valid values are integer or keyword 'default'

set_metric_reliability

Set IGRP reliability metric. Valid values are integer or keyword 'default'

set_metric_type

Set type of metric for destination routing protocol. Valid values are 'external, 'internal', 'type-1, 'type-2, or keyword 'default'

set_nssa_only

Set OSPF NSSA Areas. Valid values are 'true, 'false' or keyword 'default'

set_origin

Set BGP origin code. Valid values are 'egp, 'igp', 'incomplete', or keyword 'default'

set_path_selection

Set path selection criteria for BGP. Valid values are 'true, 'false' or keyword 'default'

set_tag

Set tag value for destination routing protocol. Valid values are integer or keyword 'default'

set_vrf

Set the VRF for next-hop resolution. Valid values are string or keyword 'default'

set_weight

Set BGP weight for routing table. Valid values are integer or keyword 'default'

--

Type: cisco_stp_global

Manages spanning tree global parameters

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.3.0
N3k 7.0(3)I2(5) 1.3.0
N5k 7.3(0)N1(1) 1.3.0
N6k 7.3(0)N1(1) 1.3.0
N7k 7.3(0)D1(1) 1.3.0

Caveats

cisco_stp_global is not currently supported on N9K-EX and N9K-FX devices.

Property Caveat Description
bd_designated_priority Supported only on N7k
bd_forward_time Supported only on N7k
bd_hello_time Supported only on N7k
bd_max_age Supported only on N7k
bd_priority Supported only on N7k
bd_root_priority Supported only on N7k
domain Supported only on N5k, N6k, N7k
Supported in OS Version 7.0(3)I6(1) and later on N3k, N9k
fcoe Supported only on N9k

Parameters

bd_designated_priority

Designated bridge priority. Valid values are an array of [bd_range, designated_priority] pairs or 'default'.

bd_forward_time

Forward delay. Valid values are an array of [bd_range, forward_time] pairs or 'default'.

bd_hello_time

Hello interval. Valid values are an array of [bd_range, hello_time] pairs or 'default'.

bd_max_age

Max age interval. Valid values are an array of [bd_range, max_age] pairs or 'default'.

bd_priority

Bridge priority. Valid values are an array of [bd_range, priority] pairs or 'default'.

bd_root_priority

Root bridge priority. Valid values are an array of [bd_range, root_priority] pairs or 'default'.

bpdufilter

Edge port (portfast) bpdu filter. Valid values are true, false or 'default'.

bpduguard

Edge port (portfast) bpdu guard. Valid values are true, false or 'default'.

bridge_assurance

Bridge Assurance on all network ports. Valid values are true, false or 'default'.

domain

Domain. Valid values are integer or 'default'.

fcoe

Spanning tree protocol for FCoE VLAN. Valid values are true, false or 'default'.

loopguard

Enable loopguard by default on all ports. Valid values are true, false or 'default'.

mode

Operating mode. Valid values are mst, rapid-pvst or 'default'.

mst_designated_priority

Designated priority for multiple spanning tree configuration. Valid values are an array of [mst_range, designated_priority] pairs or 'default'

mst_hello_time

Hello interval for multiple spanning tree configuration. Valid values are integer or 'default'.

mst_inst_vlan_map

Map vlans to an MST instance. Valid values are an array of [mst_instance, vlan_range] pairs or 'default'

mst_max_age

Max age interval for multiple spanning tree configuration. Valid values are integer or 'default'.

mst_max_hops

Max hops for multiple spanning tree configuration. Valid values are integer or 'default'

mst_name

Name for multiple spanning tree configuration. Valid values are String or 'default'

mst_priority

Priority for multiple spanning tree configuration. Valid values are an array of [mst_range, priority] pairs or 'default'

mst_revision

Configuration revision number for multiple spanning tree configuration. Valid values are String or 'default'

mst_root_priority

Root priority for multiple spanning tree configuration. Valid values are an array of [mst_range, root_priority] pairs or 'default'

pathcost

Pathcost option. Valid values are long, short or 'default'.

vlan_designated_priority

Designated priority for vlan. Valid values are an array of [vlan_range, designated_priority] pairs or 'default'

vlan_forward_time

Forward delay for vlan. Valid values are an array of [vlan_range, forward_time] pairs or 'default'

vlan_hello_time

Hello interval for vlan. Valid values are an array of [vlan_range, hello_time] pairs or 'default'

vlan_max_age

Max age interval for vlan. Valid values are an array of [vlan_range, max_age] pairs or 'default'

vlan_priority

Priority for vlan. Valid values are an array of [vlan_range, priority] pairs or 'default'

vlan_root_priority

Root priority for vlan. Valid values are an array of [vlan_range, root_priority] pairs or 'default'

--

Type: cisco_snmp_community

Manages an SNMP community on a Cisco SNMP server.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.0.1
N3k 7.0(3)I2(5) 1.0.1
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Parameters

ensure

Determine whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

community

Name of the SNMP community. Valid value is a string.

group

Group that the SNMP community belongs to. Valid values are a string or the keyword 'default'.

acl

Assigns an Access Control List (ACL) to an SNMP community to filter SNMP requests. Valid values are a string or the keyword 'default'.

--

Type: cisco_snmp_group

Manages a Cisco SNMP Group on a Cisco SNMP Server.

The term 'group' is a standard SNMP term, but in NXOS role it serves the purpose of group; thus this provider utility does not create snmp groups and only reports group (role) existence.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.0.1
N3k 7.0(3)I2(5) 1.0.1
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Parameters

ensure

Determines whether the config should be present on the device or not. Valid values are 'present', and 'absent'.

group

Name of the snmp group. Valid value is a string.

--

Type: cisco_snmp_server

Manages a Cisco SNMP Server. There can only be one instance of the cisco_snmp_server.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.0.1
N3k 7.0(3)I2(5) 1.0.1
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Parameters

name

The name of the SNMP Server instance. Only 'default' is accepted as a valid name.

location

SNMP location (sysLocation). Valid values are a string or the keyword 'default'.

contact

SNMP system contact (sysContact). Valid values are a string or the keyword 'default'.

aaa_user_cache_timeout

Configures how long the AAA synchronized user configuration stays in the local cache. Valid values are an integer or the keyword 'default'.

packet_size

Size of SNMP packet. Valid values are an integer, in bytes, or the keyword 'default'.

global_enforce_priv

Enable/disable SNMP message encryption for all users. Valid values are 'true', 'false', and 'default'.

protocol

Enable/disable SNMP protocol. Valid values are 'true', 'false', and 'default'.

tcp_session_auth

Enable/disable a one time authentication for SNMP over TCP session. Valid values are 'true', 'false', and 'default'.

--

Type: cisco_snmp_user

Manages an SNMP user on an cisco SNMP server.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.0.1
N3k 7.0(3)I2(5) 1.0.1
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Parameters

ensure

Determines whether the config should be present or not on the device. Valid values are 'present', and 'absent'.

user

Name of the SNMP user. Valid value is a string.

engine_id

Engine ID of the SNMP user. Valid values are empty string or 5 to 32 octets seprated by colon.

groups

Groups that the SNMP user belongs to. Valid value is a string.

auth_protocol

Authentication protocol for the SNMP user. Valid values are 'md5', 'sha', and 'none'.

auth_password

Authentication password for the SNMP user. Valid value is string.

priv_protocol

Privacy protocol for the SNMP user. Valid values are 'aes128', 'des', and 'none'.

priv_password

Privacy password for SNMP user. Valid value is a string.

localized_key

Specifies whether the passwords specified in manifest are in localized key format (in case of true) or cleartext (in case of false). Valid values are 'true', and 'false'.

--

Type: cisco_tacacs_server

Manages a Cisco TACACS+ Server global configuration. There can only be one instance of the cisco_tacacs_server.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.0.1
N3k 7.0(3)I2(5) 1.0.1
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Parameters

name

Instance of the tacacs_server, only allows the value 'default'.

timeout

Global timeout interval for TACACS+ servers. Valid value is an integer, in seconds, or the keyword 'default'.

directed_request

Allows users to specify a TACACS+ server to send the authentication request when logging in. Valid values are 'true', and 'false'.

deadtime

Specifies the global deadtime interval for TACACS+ servers. Valid values are Integer, in minutes, and keyword 'default'.

encryption_type

Specifies the global preshared key type for TACACS+ servers. Valid values are 'clear', 'encrypted', 'none', and 'default'.

encryption_password

Specifies the global TACACS+ servers preshared key password. Valid values are string, and keyword 'default'.

source_interface

Global source interface for all TACACS+ server groups configured on the device. Valid values are string, and keyword 'default'.

--

Type: cisco_tacacs_server_host

Configures Cisco TACACS+ server hosts.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(5) 1.0.1
N3k 7.0(3)I2(5) 1.0.1
N5k 7.3(0)N1(1) 1.2.0
N6k 7.3(0)N1(1) 1.2.0
N7k 7.3(0)D1(1) 1.2.0
N9k-F 7.0(3)F1(1) 1.5.0
N3k-F 7.0(3)F3(2) 1.8.0

Parameters

ensure

Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.

host

Name of the tacacs_server_host instance. Valid value is a string.

port

Server port for the host. Valid values are an integer or the keyword 'default'.

timeout

Timeout interval for the host. Valid values are an integer, in seconds, or the keyword 'default'.

encryption_type

Specifies a preshared key for the host. Valid values are 'clear', 'encrypted', 'none', and keyword 'default'.

encryption_password

"Specifies the preshared key password for the host. Valid value is a string.

--

Type: cisco_upgrade

Manages the upgrade of a Cisco device.

Platform OS Minimum Version Module Minimum Version
N9k 7.0(3)I2(2e) 1.6.0
N3k 7.0(3)I2(2e) 1.6.0
N5k not applicable not applicable
N6k not applicable not applicable
N7k not applicable not applicable
N9k-F 7.0(3)F1(1) 1.6.0
N3k-F 7.0(3)F3(2) 1.8.0

Caveats

Only usable when running with the Puppet Agent mode.

The cisco_upgrade is only supported on simplex N3k, N3k-F, N9k and N9k-F devices. HA devices are currently not supported.

Property Caveat Description
package Only images on bootflash, tftp and usb (if available) are supported. The puppet file provider can be used to copy the image file to bootflash. Refer to Demo Upgrade for an example.

Parameters

name

Name of cisco_upgrade instance. Valid values are string. Only 'image' is a valid name for the cisco_upgrade resource.

delete_boot_image

Delete the booted image. Valid values are true, false.

force_upgrade

Force upgrade the device.Valid values are true, false.

Properties

package

Package to install on the device. Format <uri>:<image>. Valid values are strings. Example --> bootflash:nxos.7.0.3.I5.2.bin --> tftp://x.x.x.x/path/to/nxos.7.0.3.I5.2.bin NOTE: Only images on bootflash:, tftp: and usb (if available) are supported.

--

Type: cisco_vdc

Manages a Cisco VDC (Virtual Device Context).