cisco.ise.allowed_protocols module – Resource module for Allowed Protocols
Note
This module is part of the cisco.ise collection (version 2.9.3).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install cisco.ise. You need further requirements to be able to use this module, see Requirements for details.
To use it in a playbook, specify: cisco.ise.allowed_protocols.
New in cisco.ise 1.0.0
Synopsis
- Manage operations create, update and delete of the resource Allowed Protocols.
- This API creates an allowed protocol.
- This API deletes an allowed protocol.
- This API allows the client to update an allowed protocol.
Note
This module has a corresponding action plugin.
Requirements
The below requirements are needed on the host that executes this module.
- ciscoisesdk >= 2.2.3
- python >= 3.5
Parameters
Parameter | Comments |
|---|---|
allowChap boolean | AllowChap flag. Choices:
|
allowEapFast boolean | AllowEapFast flag. Choices:
|
allowEapMd5 boolean | AllowEapMd5 flag. Choices:
|
allowEapTls boolean | AllowEapTls flag. Choices:
|
allowEapTtls boolean | AllowEapTtls flag. Choices:
|
allowLeap boolean | AllowLeap flag. Choices:
|
allowMsChapV1 boolean | AllowMsChapV1 flag. Choices:
|
allowMsChapV2 boolean | AllowMsChapV2 flag. Choices:
|
allowPapAscii boolean | AllowPapAscii flag. Choices:
|
allowPeap boolean | AllowPeap flag. Choices:
|
allowPreferredEapProtocol boolean | AllowPreferredEapProtocol flag. Choices:
|
allowTeap boolean | AllowTeap flag. Choices:
|
allowWeakCiphersForEap boolean | AllowWeakCiphersForEap flag. Choices:
|
description string | Allowed Protocols’s description. |
eapFast dictionary | The eapFast is required only if allowEapFast is true, otherwise it must be ignored. The object eapFast contains the settings for EAP FAST protocol. |
|
allowEapFastEapGtc boolean |
AllowEapFastEapGtc flag. Choices:
|
|
allowEapFastEapGtcPwdChange boolean |
The allowEapFastEapGtcPwdChange is required only if allowEapFastEapGtc is true, otherwise it must be ignored. Choices:
|
|
allowEapFastEapGtcPwdChangeRetries integer |
The allowEapFastEapGtcPwdChangeRetries is required only if allowEapFastEapGtc is true, otherwise it must be ignored. Valid range is 0-3. |
|
allowEapFastEapMsChapV2 boolean |
AllowEapFastEapMsChapV2 flag. Choices:
|
|
allowEapFastEapMsChapV2PwdChange boolean |
The allowEapFastEapMsChapV2PwdChange is required only if allowEapFastEapMsChapV2 is true, otherwise it must be ignored. Choices:
|
|
allowEapFastEapMsChapV2PwdChangeRetries integer |
The allowEapFastEapMsChapV2PwdChangeRetries is required only if eapTtlsEapMsChapV2 is true, otherwise it must be ignored. Valid range is 0-3. |
|
allowEapFastEapTls boolean |
AllowEapFastEapTls flag. Choices:
|
|
allowEapFastEapTlsAuthOfExpiredCerts boolean |
The allowEapFastEapTlsAuthOfExpiredCerts is required only if allowEapFastEapTls is true, otherwise it must be ignored. Choices:
|
|
eapFastDontUsePacsAcceptClientCert boolean |
The eapFastDontUsePacsAcceptClientCert is required only if eapFastUsePacs is FALSE, otherwise it must be ignored. Choices:
|
|
eapFastDontUsePacsAllowMachineAuthentication boolean |
The eapFastDontUsePacsAllowMachineAuthentication is required only if eapFastUsePacs is FALSE, otherwise it must be ignored. Choices:
|
|
eapFastEnableEAPChaining boolean |
EapFastEnableEAPChaining flag. Choices:
|
|
eapFastUsePacs boolean |
EapFastUsePacs flag. Choices:
|
|
eapFastUsePacsAcceptClientCert boolean |
The eapFastUsePacsAcceptClientCert is required only if eapFastUsePacsAllowAuthenProvisioning is true, otherwise it must be ignored. Choices:
|
|
eapFastUsePacsAllowAnonymProvisioning boolean |
The eapFastUsePacsAllowAnonymProvisioning is required only if eapFastUsePacs is true, otherwise it must be ignored. Choices:
|
|
eapFastUsePacsAllowAuthenProvisioning boolean |
The eapFastUsePacsAllowAuthenProvisioning is required only if eapFastUsePacs is true, otherwise it must be ignored. Choices:
|
|
eapFastUsePacsAllowMachineAuthentication boolean |
EapFastUsePacsAllowMachineAuthentication flag. Choices:
|
|
eapFastUsePacsAuthorizationPacTtl integer |
The eapFastUsePacsAuthorizationPacTtl is required only if eapFastUsePacsStatelessSessionResume is true, otherwise it must be ignored. |
|
eapFastUsePacsAuthorizationPacTtlUnits string |
The eapFastUsePacsAuthorizationPacTtlUnits is required only if eapFastUsePacsStatelessSessionResume is true, otherwise it must be ignored. Allowed Values - SECONDS, - MINUTES, - HOURS, - DAYS, - WEEKS. |
|
eapFastUsePacsMachinePacTtl integer |
The eapFastUsePacsMachinePacTtl is required only if eapFastUsePacsAllowMachineAuthentication is true, otherwise it must be ignored. |
|
eapFastUsePacsMachinePacTtlUnits string |
The eapFastUsePacsMachinePacTtlUnits is required only if eapFastUsePacsAllowMachineAuthentication is true, otherwise it must be ignored. Allowed Values - SECONDS, - MINUTES, - HOURS, - DAYS, - WEEKS. |
|
eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning boolean |
The eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning is required only if eapFastUsePacsAllowAuthenProvisioning is true, otherwise it must be ignored. Choices:
|
|
eapFastUsePacsStatelessSessionResume boolean |
The eapFastUsePacsStatelessSessionResume is required only if eapFastUsePacs is true, otherwise it must be ignored. Choices:
|
|
eapFastUsePacsTunnelPacTtl integer |
The eapFastUsePacsTunnelPacTtl is required only if eapFastUsePacs is true, otherwise it must be ignored. |
|
eapFastUsePacsTunnelPacTtlUnits string |
The eapFastUsePacsTunnelPacTtlUnits is required only if eapFastUsePacs is true, otherwise it must be ignored. Allowed Values - SECONDS, - MINUTES, - HOURS, - DAYS, - WEEKS. |
|
eapFastUsePacsUseProactivePacUpdatePrecentage integer |
The eapFastUsePacsUseProactivePacUpdatePrecentage is required only if eapFastUsePacs is true, otherwise it must be ignored. |
eapTls dictionary | The eapTls is required only if allowEapTls is true, otherwise it must be ignored. The object eapTls contains the settings for EAP TLS protocol. |
|
allowEapTlsAuthOfExpiredCerts boolean |
AllowEapTlsAuthOfExpiredCerts flag. Choices:
|
|
eapTlsEnableStatelessSessionResume boolean |
EapTlsEnableStatelessSessionResume flag. Choices:
|
|
eapTlsSessionTicketPrecentage integer |
The eapTlsSessionTicketPrecentage is required only if eapTlsEnableStatelessSessionResume is true, otherwise it must be ignored. |
|
eapTlsSessionTicketTtl integer |
Time to live. The eapTlsSessionTicketTtl is required only if eapTlsEnableStatelessSessionResume is true, otherwise it must be ignored. |
|
eapTlsSessionTicketTtlUnits string |
Time to live time units. The eapTlsSessionTicketTtlUnits is required only if eapTlsEnableStatelessSessionResume is true, otherwise it must be ignored. Allowed Values - SECONDS, - MINUTES, - HOURS, - DAYS, - WEEKS. |
eapTlsLBit boolean | EapTlsLBit flag. Choices:
|
eapTtls dictionary | The eapTtls is required only if allowEapTtls is true, otherwise it must be ignored. The object eapTtls contains the settings for EAP TTLS protocol. |
|
eapTtlsChap boolean |
EapTtlsChap flag. Choices:
|
|
eapTtlsEapMd5 boolean |
EapTtlsEapMd5 flag. Choices:
|
|
eapTtlsEapMsChapV2 boolean |
EapTtlsEapMsChapV2 flag. Choices:
|
|
eapTtlsEapMsChapV2PwdChange boolean |
The eapTtlsEapMsChapV2PwdChange is required only if eapTtlsEapMsChapV2 is true, otherwise it must be ignored. Choices:
|
|
eapTtlsEapMsChapV2PwdChangeRetries integer |
The eapTtlsEapMsChapV2PwdChangeRetries is required only if eapTtlsEapMsChapV2 is true, otherwise it must be ignored. Valid range is 0-3. |
|
eapTtlsMsChapV1 boolean |
EapTtlsMsChapV1 flag. Choices:
|
|
eapTtlsMsChapV2 boolean |
EapTtlsMsChapV2 flag. Choices:
|
|
eapTtlsPapAscii boolean |
EapTtlsPapAscii flag. Choices:
|
id string | Resource UUID, Mandatory for update. |
ise_debug boolean | Flag for Identity Services Engine SDK to enable debugging. Choices:
|
ise_hostname string / required | The Identity Services Engine hostname. |
ise_password string / required | The Identity Services Engine password to authenticate. |
ise_single_request_timeout integer added in cisco.ise 3.0.0 | Timeout (in seconds) for RESTful HTTP requests. Default: |
ise_username string / required | The Identity Services Engine username to authenticate. |
ise_uses_api_gateway boolean added in cisco.ise 1.1.0 | Flag that informs the SDK whether to use the Identity Services Engine’s API Gateway to send requests. If it is true, it uses the ISE’s API Gateway and sends requests to https://{{ise_hostname}}. If it is false, it sends the requests to https://{{ise_hostname}}:{{port}}, where the port value depends on the Service used (ERS, Mnt, UI, PxGrid). Choices:
|
ise_uses_csrf_token boolean added in cisco.ise 3.0.0 | Flag that informs the SDK whether we send the CSRF token to ISE’s ERS APIs. If it is True, the SDK assumes that your ISE CSRF Check is enabled. If it is True, it assumes you need the SDK to manage the CSRF token automatically for you. Choices:
|
ise_verify boolean | Flag to enable or disable SSL certificate verification. Choices:
|
ise_version string | Informs the SDK which version of Identity Services Engine to use. Default: |
ise_wait_on_rate_limit boolean | Flag for Identity Services Engine SDK to enable automatic rate-limit handling. Choices:
|
name string | Resource Name. |
peap dictionary | Allowed Protocols’s peap. |
|
allowPeapEapGtc boolean |
AllowPeapEapGtc flag. Choices:
|
|
allowPeapEapGtcPwdChange boolean |
The allowPeapEapGtcPwdChange is required only if allowPeapEapGtc is true, otherwise it must be ignored. Choices:
|
|
allowPeapEapGtcPwdChangeRetries integer |
The allowPeapEapGtcPwdChangeRetries is required only if allowPeapEapGtc is true, otherwise it must be ignored. Valid range is 0-3. |
|
allowPeapEapMsChapV2 boolean |
AllowPeapEapMsChapV2 flag. Choices:
|
|
allowPeapEapMsChapV2PwdChange boolean |
The allowPeapEapMsChapV2PwdChange is required only if allowPeapEapMsChapV2 is true, otherwise it must be ignored. Choices:
|
|
allowPeapEapMsChapV2PwdChangeRetries integer |
The allowPeapEapMsChapV2PwdChangeRetries is required only if allowPeapEapMsChapV2 is true, otherwise it must be ignored. Valid range is 0-3. |
|
allowPeapEapTls boolean |
AllowPeapEapTls flag. Choices:
|
|
allowPeapEapTlsAuthOfExpiredCerts boolean |
The allowPeapEapTlsAuthOfExpiredCerts is required only if allowPeapEapTls is true, otherwise it must be ignored. Choices:
|
|
allowPeapV0 boolean |
AllowPeapV0 flag. Choices:
|
|
requireCryptobinding boolean |
RequireCryptobinding flag. Choices:
|
preferredEapProtocol string | The preferredEapProtocol is required only if allowPreferredEapProtocol is true, otherwise it must be ignored. Allowed Values - EAP_FAST, - PEAP, - LEAP, - EAP_MD5, - EAP_TLS, - EAP_TTLS, - TEAP. |
processHostLookup boolean | ProcessHostLookup flag. Choices:
|
requireMessageAuth boolean | RequireMessageAuth flag. Choices:
|
teap dictionary | The teap is required only if allowTeap is true, otherwise it must be ignored. The object teap contains the settings for TEAP protocol. |
|
acceptClientCertDuringTunnelEst boolean |
AcceptClientCertDuringTunnelEst flag. Choices:
|
|
allowDowngradeMsk boolean |
AllowDowngradeMsk flag. Choices:
|
|
allowTeapEapMsChapV2 boolean |
AllowTeapEapMsChapV2 flag. Choices:
|
|
allowTeapEapMsChapV2PwdChange boolean |
The allowTeapEapMsChapV2PwdChange is required only if allowTeapEapMsChapV2 is true, otherwise it must be ignored. Choices:
|
|
allowTeapEapMsChapV2PwdChangeRetries integer |
The allowTeapEapMsChapV2PwdChangeRetries is required only if allowTeapEapMsChapV2 is true, otherwise it must be ignored. Valid range is 0-3. |
|
allowTeapEapTls boolean |
AllowTeapEapTls flag. Choices:
|
|
allowTeapEapTlsAuthOfExpiredCerts boolean |
The allowTeapEapTlsAuthOfExpiredCerts is required only if allowTeapEapTls is true, otherwise it must be ignored. Choices:
|
|
enableEapChaining boolean |
EnableEapChaining flag. Choices:
|
Notes
Note
- SDK Method used are allowed_protocols.AllowedProtocols.create_allowed_protocol, allowed_protocols.AllowedProtocols.delete_allowed_protocol_by_id, allowed_protocols.AllowedProtocols.update_allowed_protocol_by_id,
- Paths used are post /ers/config/allowedprotocols, delete /ers/config/allowedprotocols/{id}, put /ers/config/allowedprotocols/{id},
- Does not support
check_mode - The plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco ISE SDK
- The parameters starting with ise_ are used by the Cisco ISE Python SDK to establish the connection
Examples
- name: Update by id
cisco.ise.allowed_protocols:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: present
allowChap: true
allowEapFast: true
allowEapMd5: true
allowEapTls: true
allowEapTtls: true
allowLeap: true
allowMsChapV1: true
allowMsChapV2: true
allowPapAscii: true
allowPeap: true
allowPreferredEapProtocol: true
allowTeap: true
allowWeakCiphersForEap: true
description: string
eapFast:
allowEapFastEapGtc: true
allowEapFastEapGtcPwdChange: true
allowEapFastEapGtcPwdChangeRetries: 0
allowEapFastEapMsChapV2: true
allowEapFastEapMsChapV2PwdChange: true
allowEapFastEapMsChapV2PwdChangeRetries: 0
allowEapFastEapTls: true
allowEapFastEapTlsAuthOfExpiredCerts: true
eapFastDontUsePacsAcceptClientCert: true
eapFastDontUsePacsAllowMachineAuthentication: true
eapFastEnableEAPChaining: true
eapFastUsePacs: true
eapFastUsePacsAcceptClientCert: true
eapFastUsePacsAllowAnonymProvisioning: true
eapFastUsePacsAllowAuthenProvisioning: true
eapFastUsePacsAllowMachineAuthentication: true
eapFastUsePacsAuthorizationPacTtl: 0
eapFastUsePacsAuthorizationPacTtlUnits: string
eapFastUsePacsMachinePacTtl: 0
eapFastUsePacsMachinePacTtlUnits: string
eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning: true
eapFastUsePacsStatelessSessionResume: true
eapFastUsePacsTunnelPacTtl: 0
eapFastUsePacsTunnelPacTtlUnits: string
eapFastUsePacsUseProactivePacUpdatePrecentage: 0
eapTls:
allowEapTlsAuthOfExpiredCerts: true
eapTlsEnableStatelessSessionResume: true
eapTlsSessionTicketPrecentage: 0
eapTlsSessionTicketTtl: 0
eapTlsSessionTicketTtlUnits: string
eapTlsLBit: true
eapTtls:
eapTtlsChap: true
eapTtlsEapMd5: true
eapTtlsEapMsChapV2: true
eapTtlsEapMsChapV2PwdChange: true
eapTtlsEapMsChapV2PwdChangeRetries: 0
eapTtlsMsChapV1: true
eapTtlsMsChapV2: true
eapTtlsPapAscii: true
id: string
name: string
peap:
allowPeapEapGtc: true
allowPeapEapGtcPwdChange: true
allowPeapEapGtcPwdChangeRetries: 0
allowPeapEapMsChapV2: true
allowPeapEapMsChapV2PwdChange: true
allowPeapEapMsChapV2PwdChangeRetries: 0
allowPeapEapTls: true
allowPeapEapTlsAuthOfExpiredCerts: true
allowPeapV0: true
requireCryptobinding: true
preferredEapProtocol: string
processHostLookup: true
requireMessageAuth: true
teap:
acceptClientCertDuringTunnelEst: true
allowDowngradeMsk: true
allowTeapEapMsChapV2: true
allowTeapEapMsChapV2PwdChange: true
allowTeapEapMsChapV2PwdChangeRetries: 0
allowTeapEapTls: true
allowTeapEapTlsAuthOfExpiredCerts: true
enableEapChaining: true
- name: Delete by id
cisco.ise.allowed_protocols:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: absent
id: string
- name: Create
cisco.ise.allowed_protocols:
ise_hostname: "{{ise_hostname}}"
ise_username: "{{ise_username}}"
ise_password: "{{ise_password}}"
ise_verify: "{{ise_verify}}"
state: present
allowChap: true
allowEapFast: true
allowEapMd5: true
allowEapTls: true
allowEapTtls: true
allowLeap: true
allowMsChapV1: true
allowMsChapV2: true
allowPapAscii: true
allowPeap: true
allowPreferredEapProtocol: true
allowTeap: true
allowWeakCiphersForEap: true
description: string
eapFast:
allowEapFastEapGtc: true
allowEapFastEapGtcPwdChange: true
allowEapFastEapGtcPwdChangeRetries: 0
allowEapFastEapMsChapV2: true
allowEapFastEapMsChapV2PwdChange: true
allowEapFastEapMsChapV2PwdChangeRetries: 0
allowEapFastEapTls: true
allowEapFastEapTlsAuthOfExpiredCerts: true
eapFastDontUsePacsAcceptClientCert: true
eapFastDontUsePacsAllowMachineAuthentication: true
eapFastEnableEAPChaining: true
eapFastUsePacs: true
eapFastUsePacsAcceptClientCert: true
eapFastUsePacsAllowAnonymProvisioning: true
eapFastUsePacsAllowAuthenProvisioning: true
eapFastUsePacsAllowMachineAuthentication: true
eapFastUsePacsAuthorizationPacTtl: 0
eapFastUsePacsAuthorizationPacTtlUnits: string
eapFastUsePacsMachinePacTtl: 0
eapFastUsePacsMachinePacTtlUnits: string
eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning: true
eapFastUsePacsStatelessSessionResume: true
eapFastUsePacsTunnelPacTtl: 0
eapFastUsePacsTunnelPacTtlUnits: string
eapFastUsePacsUseProactivePacUpdatePrecentage: 0
eapTls:
allowEapTlsAuthOfExpiredCerts: true
eapTlsEnableStatelessSessionResume: true
eapTlsSessionTicketPrecentage: 0
eapTlsSessionTicketTtl: 0
eapTlsSessionTicketTtlUnits: string
eapTlsLBit: true
eapTtls:
eapTtlsChap: true
eapTtlsEapMd5: true
eapTtlsEapMsChapV2: true
eapTtlsEapMsChapV2PwdChange: true
eapTtlsEapMsChapV2PwdChangeRetries: 0
eapTtlsMsChapV1: true
eapTtlsMsChapV2: true
eapTtlsPapAscii: true
name: string
peap:
allowPeapEapGtc: true
allowPeapEapGtcPwdChange: true
allowPeapEapGtcPwdChangeRetries: 0
allowPeapEapMsChapV2: true
allowPeapEapMsChapV2PwdChange: true
allowPeapEapMsChapV2PwdChangeRetries: 0
allowPeapEapTls: true
allowPeapEapTlsAuthOfExpiredCerts: true
allowPeapV0: true
requireCryptobinding: true
preferredEapProtocol: string
processHostLookup: true
requireMessageAuth: true
teap:
acceptClientCertDuringTunnelEst: true
allowDowngradeMsk: true
allowTeapEapMsChapV2: true
allowTeapEapMsChapV2PwdChange: true
allowTeapEapMsChapV2PwdChangeRetries: 0
allowTeapEapTls: true
allowTeapEapTlsAuthOfExpiredCerts: true
enableEapChaining: true
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Description |
|---|---|
ise_response dictionary | A dictionary or list with the response returned by the Cisco ISE Python SDK Returned: always Sample: |
ise_update_response dictionary added in cisco.ise 1.1.0 | A dictionary or list with the response returned by the Cisco ISE Python SDK Returned: always Sample: |
Collection links
© 2012–2018 Michael DeHaan
© 2018–2024 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/cisco/ise/allowed_protocols_module.html