The ciscopuppet module allows a network administrator to manage Cisco Network Elements using Puppet. This module bundles a set of Puppet Types, Providers, Beaker Tests, Sample Manifests and Installation Tools for effective network management. The resources and capabilities provided by this Puppet Module will grow with contributions from Cisco, Puppet Labs and the open source community.
The Cisco Network Elements and Operating Systems managed by this Puppet Module are continuously expanding. See Resource Platform Support Matrix for a list of currently supported hardware and software.
This GitHub repository contains the latest version of the ciscopuppet module source code. Supported versions of the ciscopuppet module are available at Puppet Forge. Please refer to SUPPORT.md for additional details.
The ciscopuppet
module has a dependency on the cisco_node_utils
ruby gem. See the Setup section that follows for more information on cisco_node_utils
.
Contributions to the ciscopuppet
module are welcome. See CONTRIBUTING.md for guidelines.
The ciscopuppet
module must be installed on the Puppet Master server.
puppet module install puppetlabs-ciscopuppet
For more information on Puppet module installation see Puppet Labs: Installing Modules
PuppetLabs provides NetDev resource support for Cisco Nexus devices with their puppetlabs-netdev-stdlib
module. Installing the ciscopuppet
module automatically installs both the ciscopuppet
and netdev_stdlib
modules.
The Puppet Agent requires installation and setup on each device. Agent setup can be performed as a manual process or it may be automated. For more information please see the README-agent-install.md document for detailed instructions on agent installation and configuration on Cisco Nexus devices.
The cisco_node_utils
ruby gem is a required component of the ciscopuppet
module. This gem contains platform APIs for interfacing between Cisco CLI and Puppet agent resources. The gem can be automatically installed by Puppet agent by simply using the ciscopuppet::install
helper class, or it can be installed manually.
- The
ciscopuppet::install
class is defined in theinstall.pp
file in theexamples
subdirectory. Copy this file into themanifests
directory as shown:
cd /etc/puppetlabs/code/environments/production/modules/ciscopuppet/
cp examples/install.pp manifests/
- Next, update
site.pp
to use the install class
Example
node 'default' {
include ciscopuppet::install
}
The preceding configuration will cause the next puppet agent
run to automatically download the current cisco_node_utils
gem from https://rubygems.org/gems/cisco_node_utils and install it on the node.
- Override the default rubygems repository to use a custom repository
- Provide a proxy server
Example
node 'default' {
class {'ciscopuppet::install':
repo => 'http://gemserver.domain.com:8808',
proxy => 'http://proxy.domain.com:8080',
}
}
Once installed, the GEM will remain persistent across system reloads within the Guestshell or OAC environments; however, the bash-shell environment does not share this persistent behavior, in which case the ciscopuppet::install
helper class automatically downloads and re-installs the gem after each system reload.
See General Documentation for information on Guestshell and OAC.
Puppet makes use of the nxos admin
user by default for all types in this module. If a different user is required for puppet agent runs then the following procedure can be used to override admin
with the desired user.
NOTE: The user you select must already be configured on your device with the role network-admin
.
First create a different user with the role network-admin
.
config term
username puppetuser password puppet role network-admin
end
Next create a file called cisco_node_utils.yaml
under the modules/ciscopuppet/files
directory on the puppet server and add a cookie puppetuser:local
under the default:
yaml key.
puppetserver:> cat /etc/puppetlabs/code/environments/production/modules/ciscopuppet/files/cisco_node_utils.yaml
default:
cookie: 'puppetuser:local'
puppetserver:>
Now create and apply the following manifest on your nxos devices.
$cookie_src = "puppet:///modules/ciscopuppet/cisco_node_utils.yaml"
$cookie_tgt = "/${::identity['user']}/cisco_node_utils.yaml"
file { $cookie_tgt :
ensure => file,
source => $cookie_src,
owner => 'root',
group => 'root',
mode => 'ug+rwx',
}
This module has dependencies on the cisco_node_utils
ruby gem. After installing the Puppet Agent software, use Puppet's built-in Package
provider to install the gem.
A helper class ciscopuppet::install
is provided in the examples subdirectory of this module. Simply add an include ciscopuppet::install
statement at the beginning of the manifest to install the latest cisco_node_utils
gem from rubygems.org. Including the aforementioned class with additional parameters
overrides the default rubygems.org repository with a custom repository.
For Puppet Agents running within the GuestShell or OAC environment, the installed GEM remains persistent across system reloads, however, agents running in the NX-OS bash-shell environment will automatically download and reinstall the GEM after a system reload.
The following example demonstrates how to define a manifest that uses ciscopuppet
to configure OSPF on a Cisco Nexus switch. Three resource types are used to define an OSPF instance, basic OSPF router settings, and OSPF interface settings:
The first manifest type should define the router instance using cisco_ospf
. The title 'Sample
' becomes the router instance name.
cisco_ospf {"Sample":
ensure => present,
}
The next type to define is cisco_ospf_vrf
. The title includes the OSPF router instance name and the VRF name. Note that a non-VRF configuration uses 'default' as the VRF name.
cisco_ospf_vrf {"Sample default":
ensure => 'present',
default_metric => '5',
auto_cost => '46000',
}
Finally, define the OSPF interface settings. The title here includes the Interface name and the OSPF router instance name.
cisco_interface_ospf {"Ethernet1/2 Sample":
ensure => present,
area => 200,
cost => "200",
}
The following resources include cisco types and providers along with cisco provider support for netdev stdlib types. Installing the ciscopuppet
module will install both the ciscopuppet
and netdev_stdlib
modules.
-
Miscellaneous Types
-
AAA Types
-
ACL Types
-
BFD Types
-
BGP Types
-
Bridge_Domain Types
-
DHCP Types
-
Domain Types
-
EVPN Multisite Types
-
Fabricpath Types
-
HSRP Types
-
Interface Types
-
ITD (Intelligent Traffic Director) Types
-
Multicast Types
-
NTP Types
-
ObjectGroup Types
-
OSPF Types
-
Portchannel Types
-
RADIUS Types
-
RouteMap Types
-
STP Types
-
SNMP Types
-
SYSLOG Types
-
TACACS Types
-
TRM Types
-
VLAN Types
-
VPC Types
-
VRF Types
-
VNI Types
-
VXLAN Types
--
cisco_command_config
cisco_aaa_authentication_login
cisco_aaa_authorization_login_cfg_svc
cisco_aaa_authorization_login_exec_svc
cisco_aaa_group_tacacs
cisco_acl
cisco_ace
cisco_bfd_global
cisco_bgp
cisco_bgp_af
cisco_bgp_af_aa
cisco_bgp_neighbor
cisco_bgp_neighbor_af
cisco_bridge_domain
cisco_bridge_domain_vni
cisco_dhcp_relay_global
cisco_encapsulation
cisco_evpn_multicast
cisco_evpn_multisite
cisco_evpn_stormcontrol
cisco_evpn_vni
cisco_fabricpath_global
cisco_fabricpath_topology
cisco_hsrp_global
cisco_interface
cisco_interface_channel_group
cisco_interface_evpn_multisite
cisco_interface_hsrp_group
cisco_interface_ospf
cisco_interface_portchannel
cisco_interface_service_vni
cisco_ip_multicast
cisco_itd_device_group
cisco_itd_device_group_node
cisco_itd_service
cisco_object_group
cisco_object_group_entry
cisco_ospf
cisco_ospf_area
cisco_ospf_area_vlink
cisco_ospf_vrf
cisco_overlay_global
cisco_pim
cisco_pim_grouplist
cisco_pim_rp_address
cisco_portchannel_global
cisco_route_map
cisco_stp_global
cisco_snmp_community
cisco_snmp_group
cisco_snmp_server
cisco_snmp_user
cisco_tacacs_server
cisco_tacacs_server_host
cisco_upgrade
cisco_vdc
cisco_vlan
cisco_vpc_domain
cisco_vni
cisco_vrf
cisco_vrf_af
cisco_vtp
cisco_vxlan_vtep
cisco_vxlan_vtep_vni
banner
domain_name
name_server
network_dns
network_interface
network_snmp
network_trunk
network_vlan
ntp_auth_key
ntp_config
ntp_server
port_channel
radius
radius_global
radius_server_group
radius_server
search_domain
snmp_community
snmp_notification
snmp_notification_receiver
snmp_user
syslog_facility
syslog_server
syslog_settings
tacacs
tacacs_global
tacacs_server_group
tacacs_server
The Nexus family of switches support various hardware and software features depending on the model and version. The following table will guide you through the provider support matrix.
Platform Models
Platform | Description | Environments |
---|---|---|
N9k | Support includes all N9xxx models | bash-shell, guestshell |
N3k | Support includes N30xx and N31xx models only. The N35xx model is not supported. |
bash-shell, guestshell |
N3k-F | Support includes all N3xxx models running os version 7.0(3)Fx(x) | bash-shell, guestshell |
N5k | Support includes N56xx models only. The N50xx and N55xx models are not supported at this time. |
Open Agent Container (OAC) |
N6k | Support includes all N6xxx models | Open Agent Container (OAC) |
N7k | Support includes all N7xxx models | Open Agent Container (OAC) |
N9k-F | Support includes all N95xx models running os version 7.0(3)Fx(x) | bash-shell, guestshell |
Matrix Legend
Symbol | Meaning | Description |
---|---|---|
✅ | Supported | The provider has been validated to work on the platform. An asterisk '*' indicates that some provider properties may have software or hardware limitations, caveats, or other noted behaviors. Click on the associated caveat link for more information. |
➖ | Not Applicable | The provider is not supported on the platform because of hardware or software limitations. |
Support Matrix
✅ = Supported ➖ = Not Applicable |
N9k | N3k | N5k | N6k | N7k | N9k-F | N3k-F | Caveats |
---|---|---|---|---|---|---|---|---|
banner | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | *caveats |
domain_name | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
name_server | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
network_dns | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | *caveats |
network_interface | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
network_snmp | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
network_trunk | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
network_vlan | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
ntp_auth_key | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
ntp_config | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | *caveats |
ntp_server | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | *caveats |
port_channel | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
radius | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
radius_global | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
radius_server_group | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
radius_server | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
search_domain | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
snmp_community | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
snmp_notification | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
snmp_notification_receiver | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
snmp_user | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
syslog_facility | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
syslog_server | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
syslog_settings | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | *caveats |
tacacs | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
tacacs_global | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
tacacs_server | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
tacacs_server_group | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
--
The following resources are listed alphabetically.
--
Allows execution of configuration commands.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.0.1 |
N3k | 7.0(3)I2(5) | 1.0.1 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Configuration command(s) to be applied to the network element. Valid values are string.
This provider allows raw configurations to be managed by Puppet. It serves as a stopgap until specialized types are created. It has the following limitations:
- The input message buffer is limited to 500KB. Large configurations are often easier to debug if broken up into multiple smaller resource blocks.
- The cisco_command_config configuration block must use the same syntax as displayed by the
show running-config
command on the switch. In some cases, configuration commands that omit optional keywords when entered may actually appear with a different syntax when displayed byshow running-config
; for example, some access-list entries may be configured without a sequence number but yet an implicit sequence number is created regardless. This then creates an idempotency problem because there is a mismatch betweenshow running-config
and the manifest. The solution in this case is for the manifest to include explicit sequence numbers for the affected access-list entries. - Order is important. Some dependent commands may fail if their associated
feature
configuration is not enabled first. Use Puppet'sbefore
,after
, orrequire
keywords to establish dependencies between blocks. - Indentation counts! It implies sub-mode configuration. Use the switch's running-config as a guide and do not indent configurations that are not normally indented. Do not use tabs to indent.
- Inline comments must be prefixed by '!' or '#'.
- Negating a submode will also remove configuratons under that submode, without having to specify every submode config statement:
no router ospf RED
removes all configuration under router ospf RED. - Syntax does not auto-complete: use
Ethernet1/1
, notEth1/1
. - If a CLI command is rejected during configuration, the resource will abort at that point and will not issue any remaining CLI. For this reason, we recommend limiting the scope of each instance of this resource.
--
Manages AAA Authentication Login configuration.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
The name of the AAA Authentication Login instance. Must be 'default'
Enable/disable ascii_authentication for AAA Authentication Login. Valid values are true, false, keyword 'default'
Enable/disable chap for AAA Authentication Login.
Enable/disable error_display for AAA Authentication Login.
Enable/disable mschap for AAA Authentication Login.
Enable/disable mschapv2 for AAA Authentication Login.
--
Manages configuration for Authorization Login Config Service.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.
Name of the config login service. Valid values are 'console' or 'default'.
Tacacs+ groups configured for this service. Valid values are an array of strings, keyword 'default'.
Authentication methods on this device. Valid values are 'local', 'unselected', 'default'.
--
Manages configuration for Authorization Login Exec Service.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.
Name of the exec login service. Valid values are 'console' or 'default'.
Tacacs+ groups configured for this service. Valid values are an array of strings, keyword 'default'.
Authentication methods on this device. Valid values are 'local', 'unselected', 'default'.
--
Manages configuration for a TACACS+ server group.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.
Name of the aaa group TACACS instance. Valid values are string.
Deadtime interval for this TACACS+ server group. Valid values are integer, in minutes, keyword 'default'
An array of TACACS+ server hosts associated with this TACACS+ server group. Valid values are an array, or the keyword 'default'.
Source interface for TACACS+ servers in this TACACS+ server group Valid values are string, keyword 'default'.
Specifies the virtual routing and forwarding instance (VRF) to use to contact this TACACS server group. Valid values are string, the keyword 'default'.
--
Manages configuration of a Access Control List (ACL) instance.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 9.2.1 | 1.10.0 |
N3k-F | 9.2.1 | 1.10.0 |
Property | Caveat Description |
---|---|
fragments |
Not supported on N5k, N6k, N9k-F, N3k-F |
Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.
Address Family Identifier (AFI). Required. Valid values are 'ipv4' and 'ipv6'.
Name of the acl instance. Valid values are string.
Enable/disable Statistics Per Entry for ACL. Valid values are true, false, keyword 'default'.
Permit or deny Fragments for ACL. Valid values are 'permit-all' and 'deny-all'
--
Manages configuration of an Access Control List (ACL) Access Control Entry (ACE) instance.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
Property | Caveat Description |
---|---|
http_method |
ipv4 only Not supported on N5k, N6k, N7k |
packet_length |
Not supported on N5k, N6k |
precedence |
ipv4 only |
redirect |
ipv4 only Not supported on N5k, N6k, N7k |
time_range |
Not supported on N5k, N6k |
ttl |
Not supported on N5k, N6k, N7k |
tcp_option_length |
ipv4 only Not supported on N5k, N6k, N7k |
vlan |
Not supported on N5k, N6k, N7k. Minimum puppet module version 1.10.0 |
set_erspan_gre_proto |
Not supported on N5k, N6k, N7k. Minimum puppet module version 1.10.0 |
set_erspan_dscp |
Not supported on N5k, N6k, N7k. Minimum puppet module version 1.10.0 |
proto_option |
Not supported on N5k, N6k. Minimum puppet module version 1.10.0 |
cisco_ace { 'ipv4 my_acl 42':
ensure => 'present',
remark => 'East Branch',
action => 'permit',
proto => 'tcp',
src_addr => '10.0.0.0/8',
src_port => 'eq 40',
dst_addr => 'any',
dst_port => 'neq 80',
dscp => 'af11',
established => 'true',
log => 'true',
packet_length => 'range 512 1024'
precedence => 'flash',
redirect => 'Ethernet1/2,Port-Channel42',
tcp_flags => 'ack psh',
time_range => 'my_time_range',
ttl => '128',
}
cisco_ace { 'ipv6 my_v6_acl 42':
ensure => 'present',
remark => 'East Branch',
action => 'permit',
proto => 'tcp',
src_addr => '1:1::1/128',
dst_addr => 'any',
}
Example Parameter Usage |
---|
cisco_ace { '<afi> <acl_name> <seqno>': |
cisco_ace { 'ipv4 my_acl 42': |
Address Family Identifier (AFI). Required. Valid values are 'ipv4' and 'ipv6'.
Access Control List (ACL) name. Required. Valid values are type String.
Access Control Entry (ACE) Sequence Number. Required. Valid values are type Integer.
Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.
The action to perform with this ACE. Valid values are keywords permit
or deny
.
Example |
---|
action => 'permit' |
Allows matching by Differentiated Services Code Point (DSCP) value. Valid values are type String, which must be one of the following forms:
- A numeric dscp value
- One of the dscp keyword names
af11
af12
af13
af21
af22
af23
af31
af32
af33
af41
af42
af43
cs1
cs2
cs3
cs4
cs5
cs6
cs7
ef
default
Example |
---|
dscp => 'af11' |
The Destination Address to match against. This property shares the same syntax as src_addr
. Valid values are type String, which must be one of the following forms:
- An IPv4/IPv6 address or subnet
- The keyword
host
and a host address - The keyword
addrgroup
and its object group name - The keyword
any
Examples |
---|
dst_addr => '10.0.0.0/8' |
dst_addr => 'host 10.0.0.1' |
dst_addr => '128:1::/64' |
dst_addr => 'addrgroup my_addrgroup' |
dst_addr => 'any' |
See src_addr
.
The TCP or UDP Destination Port to match against. This property shares the same syntax as src_port
. Valid values are type String, which must be one of the following forms:
- A comparison operator (
eq
,neq
,lt
,gt
) and value - The keyword
range
and a range value - The keyword
portgroup
and its object group name
Examples |
---|
dst_port => 'neq 40' |
dst_port => 'range 68 69' |
dst_port => 'portgroup my_portgroup' |
See src_port
.
Allows matching against TCP Established connections. Valid values are true or false.
Example |
---|
established => true |
(ipv4 only) Allows matching based on http-method. Valid values are String, which must be one of the following forms:
- A numeric http-method value
- One of the http-method keyword names
connect
delete
get
head
post
put
trace
Examples |
---|
http_method => 'post' |
Enables logging for the ACE. Valid values are true or false.
Examples |
---|
'log' => true |
Allows matching based on Layer 3 Packet Length. Valid values are type String, which must be one of the following forms:
- A comparison operator (
eq
,neq
,lt
,gt
) and value - The keyword
range
and range values
Examples |
---|
packet_length => 'gt 512' |
packet_length => 'range 512 1024' |
(ipv4 only) Allows matching by precedence value. Valid values are String, which must be one of the following forms:
- A numeric precedence value
- One of the precedence keyword names
critical
flash
flash-override
immediate
internet
network
priority
routine
Example |
---|
precedence => 'flash' |
The protocol to match against. Valid values are String or Integer. Examples are: tcp
, udp
, ip
, 6
.
Example |
---|
proto => 'tcp' |
Any protocol option which is valid for that protocol. Valid values are string. Currently this is valid only for icmp protocol.
Example |
---|
proto_option => 'time-exceeded' |
(ipv4 only) Allows for redirecting traffic to one or more interfaces. This property is only useful with VLAN ACL (VACL) applications. Valid values are a String containing a list of interface names.
Examples |
---|
redirect => 'Ethernet1/1' |
redirect => 'Ethernet1/2,Port-Channel42' |
This is a Remark description for the ACL or ACE. Valid values are string.
Example |
---|
remark => 'East Branch' |
Sets ERSPAN outer IP DSCP value. Valid values are beween 1 and 63. Currently this is valid only for icmp protocol.
Example |
---|
set_erspan_dscp => '3' |
Sets ERSPAN GRE protocol. Valid values are beween 1 and 65535. Currently this is valid only for icmp protocol.
Example |
---|
set_erspan_gre_proto => '300' |
The Source Address to match against. Valid values are type String, which must be one of the following forms:
- An IPv4/IPv6 address or subnet
- The keyword
host
and a host address - The keyword
addrgroup
and its object group name - The keyword
any
Examples |
---|
src_addr => '10.0.0.0/8' |
src_addr => 'host 10.0.0.1' |
src_addr => '128:1::/64' |
src_addr => 'addrgroup my_addrgroup' |
src_addr => 'any' |
See dst_addr
.
The TCP or UDP Source Port to match against. Valid values are type String, which must be one of the following forms:
- A comparison operator (
eq
,neq
,lt
,gt
) and value - The keyword
range
and range values - The keyword
portgroup
and its object group name
Examples |
---|
src_port => 'neq 40' |
src_port => 'range 68 69' |
src_port => 'portgroup my_portgroup' |
See dst_port
.
The TCP flags or control bits. Valid values are a String of some or all of flags: urg
, ack
, psh
, rst
, syn
, or fin
.
Example |
---|
tcp_flags => 'ack psh' |
(ipv4 only) Allows matching on TCP options length. Valid values are type Integer or String, which must be a multiple of 4 in the range 0-40.
Examples |
---|
tcp_option_length => '0' |
tcp_option_length => '36' |
Allows matching by Time Range. Valid values are String, which references a time-range
name.
Example |
---|
time_range => 'my_time_range' |
Allows matching based on Time-To-Live (TTL) value. Valid values are type Integer or String.
Example |
---|
ttl => '128' |
Configure match based on vlan. Valid values are between 0 and 4095. Currently this is valid only for icmp protocol.
Example |
---|
vlan => '100' |
--
Manages configuration of a BFD (Bidirectional Forwarding Detection) instance.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.4.0 |
N3k | 7.0(3)I2(5) | 1.4.0 |
N5k | 7.3(0)N1(1) | 1.4.0 |
N6k | 7.3(0)N1(1) | 1.4.0 |
N7k | 7.3(0)D1(1) | 1.4.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
echo_rx_interval |
Not supported on N5k, N6k |
fabricpath_interval |
Not supported on N3k, N3k-F, N9k-F, N9k |
fabricpath_slow_timer |
Not supported on N3k, N3k-F, N9k-F, N9k |
fabricpath_vlan |
Not supported on N3k, N3k-F, N9k-F, N9k |
interval |
Supported on N3k, N5k, N6k, N7k Supported in OS Version 7.0(3)F2(1) and later on N9k-F Supported in OS Version 7.0(3)I6(1) and later on N9k |
ipv4_echo_rx_interval |
Not supported on N5k, N6k |
ipv4_interval |
Not supported on N5k, N6k |
ipv4_slow_timer |
Not supported on N5k, N6k |
ipv6_echo_rx_interval |
Not supported on N5k, N6k |
ipv6_interval |
Not supported on N5k, N6k |
ipv6_slow_timer |
Not supported on N5k, N6k |
startup_timer |
Not supported on N5k, N6k, N7k |
Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.
Loopback interface used for echo frames. Valid values are String, and 'default'.
Echo receive interval in milliseconds. Valid values are integer, and 'default'.
BFD fabricpath interval. Valid values are an array of [fabricpath_interval, fabricpath_min_rx, fabricpath_multiplier] or 'default'.
Example: fabricpath_interval => [100, 120, 4]
BFD fabricpath slow rate timer in milliseconds. Valid values are integer, and 'default'.
BFD fabricpath control vlan. Valid values are integer, and 'default'.
BFD interval. Valid values are an array of [interval, min_rx, multiplier] or 'default'.
Example: interval => [100, 120, 4]
IPv4 session echo receive interval in milliseconds. Valid values are integer, and 'default'.
BFD IPv4 session interval. Valid values are an array of [ipv4_interval, ipv4_min_rx, ipv4_multiplier] or 'default'.
Example: ipv4_interval => [100, 120, 4]
BFD IPv4 session slow rate timer in milliseconds. Valid values are integer, and 'default'.
IPv6 session echo receive interval in milliseconds. Valid values are integer, and 'default'.
BFD IPv6 session interval. Valid values are an array of [ipv6_interval, ipv6_min_rx, ipv6_multiplier] or 'default'.
Example: ipv6_interval => [100, 120, 4]
BFD IPv6 session slow rate timer in milliseconds. Valid values are integer, and 'default'.
BFD slow rate timer in milliseconds. Valid values are integer, and 'default'.
BFD delayed startup timer in seconds. Valid values are integer, and 'default'.
--
Manages configuration of a BGP instance.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.1.0 |
N3k | 7.0(3)I2(5) | 1.1.0 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-f | 7.3(0)F3(2) | 1.8.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
disable_policy_batching_ipv4 |
Not supported on N5k, N6k Supported in OS Version 8.1.1 and later on N7k |
disable_policy_batching_ipv6 |
Not supported on N5k, N6k Supported in OS Version 8.1.1 and later on N7k |
event_history_errors |
Supported in OS Version 8.0.1 and later on N7k Supported in OS Version 7.0(3)I5(1) and later on N3 |
event_history_objstore |
Supported in OS Version 8.0.1 and later on N7k Supported in OS Version 7.0(3)I5(1) and later on N3 |
neighbor_down_fib_accelerate |
Not supported on N5k, N6k Supported in OS Version 8.1.1 and later on N7k |
reconnect_interval |
Not supported on N5k, N6k Supported in OS Version 8.1.1 and later on N7k |
suppress_fib_pending |
Idempotence supported only on 7.0(3)I5(1) and later images N3 |
Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.
BGP autonomous system number. Valid values are String, Integer in ASPLAIN or ASDOT notation.
Name of the resource instance. Valid values are string. The name 'default' is a valid VRF representing the global bgp.
Enable/Disable MED comparison on paths from different autonomous systems. Valid values are 'true', 'false', and 'default'.
Enable/Disable load sharing across the providers with different (but equal-length) AS paths. Valid values are 'true', 'false', and 'default'
Enable/Disable comparison of router IDs for identical eBGP paths. Valid values are 'true', 'false', and 'default'
Enable/Disable Ignores the cost community for BGP best-path calculations. Valid values are 'true', 'false', and 'default'
Enable/Disable enforcement of bestpath to do a MED comparison only between paths originated within a confederation. Valid values are 'true', 'false', and 'default'.
Enable/Disable assigns the value of infinity to received routes that do not carry the MED attribute, making these routes the least desirable. Valid values are 'true', 'false', and 'default'.
Enable/Disable deterministic selection of the best MED path from among the paths from the same autonomous system. Valid values are 'true', 'false', and 'default'.
Route Reflector Cluster-ID. Valid values are String, keyword 'default'.
Routing domain confederation AS. Valid values are String, keyword 'default'.
AS confederation parameters. Valid values are String, keyword 'default'.
Enable/Disable the batching evaluation of prefix advertisements to all peers. Valid values are 'true', 'false', and 'default'.
Enable/Disable the batching evaluation of prefix advertisements to all peers with prefix list. Valid values are String, keyword 'default'.
Enable/Disable the batching evaluation of prefix advertisements to all peers with prefix list. Valid values are String, keyword 'default'.
Enable/Disable enforces the neighbor autonomous system to be the first AS number listed in the AS path attribute for eBGP. Valid values are 'true', 'false', and 'default'. On NX-OS, this property is only supported in the global BGP context.
Enable/Disable/specify size of cli event history buffer. Valid values are false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.
Enable/Disable/specify size of detail event history buffer. Valid values are 'false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.
Enable/Disable/specify size of error history buffer. Valid values are 'false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.
Enable/Disable/specify size of event history buffer. Valid values are 'false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.
Enable/Disable/specify size of objstore history buffer. Valid values are 'false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.
Enable/Disable/specify size of periodic event history buffer. Valid values are 'false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.
Enable/Disable immediately reset the session if the link to a directly connected BGP peer goes down. Valid values are 'true', 'false', and 'default'. On NX-OS, this property is only supported in the global BGP context.
Enable/Disable flush routes in RIB upon controlled restart. Valid values are 'true', 'false', and 'default'. On NX-OS, this property is only supported in the global BGP context.
Enable/Disable graceful restart. Valid values are 'true', 'false', and 'default'.
Enable/Disable graceful restart helper mode. Valid values are 'true', 'false', and 'default'.
Set maximum time for a restart sent to the BGP peer. Valid values are Integer, keyword 'default'.
Set maximum time that BGP keeps the stale routes from the restarting BGP peer. Valid values are Integer, keyword 'default'.
Enable/Disable isolate this router from BGP perspective. Valid values are 'true', 'false', and 'default'.
Enable/Disable message logging for neighbor up/down event. Valid values are 'true', 'false', and 'default'
Specify Maximum number of AS numbers allowed in the AS-path attribute. Valid values are integers between 1 and 512, or keyword 'default' to disable this property.
Enable/Disable handle BGP neighbor down event, due to various reasons. Valid values are 'true', 'false', and 'default'.
Enable/Disable Non-Stop Routing (NSR). Valid values are 'true', 'false', and 'default'. This property is not supported on Nexus.
The BGP reconnection interval for dropped sessions. Valid values are Integer or keyword 'default'.
VPN Route Distinguisher (RD). The RD is combined with the IPv4 or IPv6 prefix learned by the PE router to create a globally unique address. Valid values are a String in one of the route-distinguisher formats (ASN2:NN, ASN4:NN, or IPV4:NN); the keyword 'auto', or the keyword 'default'.
Please note: The route_distinguisher
property is typically configured within the VRF context configuration on most platforms (including NXOS) but it is tightly coupled to bgp and therefore configured within the BGP configuration on some non-NXOS platforms. For this reason the route_distinguisher
property has support (with limitations) in both cisco_vrf
and cisco_bgp
providers:
cisco_bgp
: The property is supported on NXOS and some non-NXOS platforms.cisco_vrf
: The property is only supported on NXOS. See: cisco_vrf: route_distinguisher
IMPORTANT: Choose only one provider to configure the route_distinguisher
property on a given device. Using both providers simultaneously on the same device may have unpredictable results.
Router Identifier (ID) of the BGP router VRF instance. Valid values are string, and keyword 'default'.
Administratively shutdown the BGP protocol. Valid values are 'true', 'false', and 'default'.
Enable/Disable advertise only routes programmed in hardware to peers. Valid values are 'true', 'false', and 'default'.
Specify timeout for the first best path after a restart, in seconds. Valid values are Integer, keyword 'default'.
Enable/Disable update-delay-always option. Valid values are 'true', 'false', and 'default'.
Set bgp hold timer. Valid values are Integer, keyword 'default'.
Set bgp keepalive timer. Valid values are Integer, keyword 'default'.
--
Manages configuration of a BGP Address-family instance.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.1.0 |
N3k | 7.0(3)I2(5) | 1.1.0 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
additional_paths_install |
Not supported on N3k, N3k-F, N9k-F, N9k |
advertise_l2vpn_evpn |
Not supported on N3k, N6k |
address-family l2vpn/evpn |
Module Minimum Version 1.3.2 OS Minimum Version 7.0(3)I3(1) Not supported on N3k |
Determine whether the interface config should be present or not. Valid values are 'present' and 'absent'.
BGP autonomous system number. Required. Valid values are String, Integer in ASPLAIN or ASDOT notation.
VRF name. Required. Valid values are string. The name 'default' is a valid VRF representing the global bgp.
Address Family Identifier (AFI). Required. Valid values are ipv4
, ipv6
, vpnv4
, vpnv6
and l2vpn
.
Sub Address Family Identifier (SAFI). Required. Valid values are unicast
, multicast
and evpn
.
Install a backup path into the forwarding table and provide prefix 'independent convergence (PIC) in case of a PE-CE link failure. Valid values are true, false, or 'default'.
Enables the receive capability of additional paths for all of the neighbors under this address family for which the capability has not been disabled. Valid values are true, false, or 'default'
Configures the capability of selecting additional paths for a prefix. Valid values are a string defining the name of the route-map.
Enables the send capability of additional paths for all of the neighbors under this address family for which the capability has not been disabled. Valid values are true, false, or 'default'
Advertise evpn routes. Valid values are true and false.
Configure client-to-client route reflection. Valid values are true and false.
Specify dampen value for IGP metric-related changes, in seconds. Valid values are Integer, keyword 'default'.
Enable/disable route-flap dampening. Valid values are true, false or 'default'.
Specify decay half-life in minutes for route-flap dampening. Valid values are Integer, keyword 'default'.
Specify max suppress time for route-flap dampening stable route. Valid values are Integer, keyword 'default'.
Specify route reuse time for route-flap dampening. Valid values are Integer, keyword 'default'.
Specify route-map for route-flap dampening. Valid values are a string defining the name of the route-map.
Specify route suppress time for route-flap dampening. Valid values are Integer, keyword 'default'.
Note: dampening_routemap is mutually exclusive with dampening_half_time, reuse_time, suppress_time and max_suppress_time.
default-information originate
. Valid values are true and false.
Sets default metrics for routes redistributed into BGP. Valid values are Integer or keyword 'default'.
Sets the administrative distance for eBGP routes. Valid values are Integer or keyword 'default'.
Sets the administrative distance for iBGP routes. Valid values are Integer or keyword 'default'.
Sets the administrative distance for local BGP routes. Valid values are Integer or keyword 'default'.
An array of route-map names which will specify prefixes to inject. Each array entry must first specify the inject-map name, secondly an exist-map name, and optionally the copy-attributes
keyword which indicates that attributes should be copied from the aggregate.
For example, the following array will create three separate inject-maps for lax_inject_map
, nyc_inject_map
(with copy-attributes), and fsd_exist_map
:
[
['lax_inject_map', 'lax_exist_map'],
['nyc_inject_map', 'nyc_exist_map', 'copy-attributes'],
['fsd_inject_map', 'fsd_exist_map']
]
Configures the maximum number of equal-cost paths for load sharing. Valid value is an integer in the range 1-64. Default value is 1.
Configures the maximum number of ibgp equal-cost paths for load sharing. Valid value is an integer in the range 1-64. Default value is 1.
Networks to configure. Valid value is a list of network prefixes to advertise. The list must be in the form of an array. Each entry in the array must include a prefix address and an optional route-map.
Example: IPv4 Networks Array
[
['10.0.0.0/16', 'routemap_LA'],
['192.168.1.1', 'Chicago'],
['192.168.2.0/24],
['192.168.3.0/24', 'routemap_NYC']
]
Example: IPv6 Networks Array
[
['10::0/64', 'routemap_LA'],
['192:168::1', 'Chicago'],
['192:168::/32]
]
Configure a route-map for valid nexthops. Valid values are a string defining the name of the route-map.
A list of redistribute directives. Multiple redistribute entries are allowed. The list must be in the form of a nested array: the first entry of each array defines the source-protocol to redistribute from; the second entry defines a route-map name. A route-map is highly advised but may be optional on some platforms, in which case it may be omitted from the array list.
Example: Platform requiring route-maps
redistribute => [['direct', 'rm_direct'],
['lisp', 'rm_lisp'],
['static', 'rm_static'],
['eigrp 1', 'rm_eigrp'],
['isis 2', 'rm_isis'],
['ospf 3', 'rm_ospf'],
['rip 4', 'rm_rip']]
Example: Platform with optional route-maps
redistribute => [['direct'],
['lisp', 'rm_lisp'],
['static'],
['eigrp 1', 'rm_eigrp'],
['isis 2', 'rm_isis'],
['ospf 3', 'rm_ospf'],
['rip 4']]
Advertises only active routes to peers. Valid values are true, false, or 'default'.
Apply table-map to filter routes downloaded into URIB. Valid values are a string.
Filters routes rejected by the route-map and does not download them to the RIB. Valid values are true, false, or 'default'.
--
Manages configuration of a BGP Address-family Aggregate-address instance.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.7.0 |
N3k | 7.0(3)I2(5) | 1.7.0 |
N5k | 7.3(0)N1(1) | 1.7.0 |
N6k | 7.3(0)N1(1) | 1.7.0 |
N7k | 7.3(0)D1(1) | 1.7.0 |
N9k-F | 7.0(3)F1(1) | 1.7.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determine whether the BGP address family aggregate address should be present or not. Valid values are 'present' and 'absent'.
BGP autonomous system number. Required. Valid values are String, Integer in ASPLAIN or ASDOT notation.
VRF name. Required. Valid values are string. The name 'default' is a valid VRF representing the global bgp.
Address Family Identifier (AFI). Required. Valid values are ipv4
, ipv6
, vpnv4
, vpnv6
and l2vpn
.
Sub Address Family Identifier (SAFI). Required. Valid values are unicast
, multicast
and evpn
.
Aggregate address mask in ipv4/ipv6 format. Required. Valid values are string. Examples: 1.1.1.1/32 or 2000:1/128.
Generates autonomous system set path information. Valid values are true, false or 'default'.
Name of the route map used to select the routes to create AS_SET origin communities. Valid values are string or 'default'.
Name of the route map used to set the attribute of the aggregate route. Valid values are string or 'default'.
Filters all more-specific routes from updates. Valid values are true, false or 'default'.
Name of the route map used to select the routes to be suppressed. Valid values are string or 'default'.
--
Manages configuration of a BGP Neighbor.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.1.0 |
N3k | 7.0(3)I2(5) | 1.1.0 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
log_neighbor_changes |
Not supported on N5k, N6k Minimum puppet module version 1.7.0 for N7k Supported in OS Version 8.1.1 and later on N7k |
bfd |
(ciscopuppet v1.4.0) BFD support added for all platforms |
bfd on IPv6 |
Not supported on N5k, N6k |
peer_type |
Only supported on N9K-EX and N9K-FX devices. For eg: N9K-C93180YC-EX. Minimum OS version 7.0(3)I7(1) and minimum Module Version 1.9.0 |
Determine whether the neighbor config should be present or not. Valid values are 'present' and 'absent'.
BGP autonomous system number. Required. Valid values are String, Integer in ASPLAIN or ASDOT notation.
VRF name. Required. Valid values are string. The name 'default' is a valid VRF representing the global bgp.
Neighbor Identifier. Required. Valid values are string. Neighbors may use IPv4 or IPv6 notation, with or without prefix length.
Description of the neighbor. Valid value is string.
Enable Bidirectional Forwarding Detection (BFD). Valid values are true, false and keyword 'default'.
Configure whether or not to check for directly connected peer. Valid values are true and false.
Configure whether or not to negotiate capability with this neighbor. Valid values are true and false.
Configure whether or not to enable dynamic capability. Valid values are true and false.
Specify multihop TTL for a remote peer. Valid values are integers between 2 and 255, or keyword 'default' to disable this property.
Specify the local-as number for the eBGP neighbor. Valid values are String or Integer in ASPLAIN or ASDOT notation, or 'default', which means not to configure it.
Specify whether or not to enable log messages for neighbor up/down event. Valid values are 'enable', to enable it, 'disable' to disable it, or 'inherit' to use the configuration in the cisco_bgp type.
Specify whether or not to shut down this neighbor under memory pressure. Valid values are 'true' to exempt the neighbor from being shutdown, 'false' to shut it down, or 'default' to perform the default shutdown behavior.
Specify Maximum number of peers for this neighbor prefix. Valid values are between 1 and 1000, or 'default', which does not impose the limit.
Specify the password for neighbor. Valid value is string.
Specify the encryption type the password will use. Valid values for Nexus are 'cleartext', '3des' or 'cisco_type_7' encryption, and 'default', which defaults to 'cleartext'.
Specify the peer type for EVPN multisite. Valid value are 'fabric-border-leaf' or 'fabric-external'.
Specify Autonomous System Number of the neighbor. Valid values are String or Integer in ASPLAIN or ASDOT notation, or 'default', which means not to configure it.
Specify the config to remove private AS number from outbound updates. Valid values are 'enable' to enable this config, 'disable' to disable this config, 'all' to remove all private AS number, or 'replace-as', to replace the private AS number.
Configure to administratively shutdown this neighbor. Valid values are true and false.
Configure to suppress 4-byte AS Capability. Valid values are 'true', 'false', and 'default', which sets to the default 'false' value.
Specify keepalive timer value. Valid values are integers between 0 and 3600 in terms of seconds, or 'default', which is 60.
Specify holdtime timer value. Valid values are integers between 0 and 3600 in terms of seconds, or 'default', which is 180.
Specify whether BGP sessions can be established from incoming or outgoing TCP connection requests (or both). Valid values for Nexus are 'passive_only', 'both', 'clear' and 'default', which defaults to 'clear'. This property can only be configured when the neighbor is in 'ip' address format without prefix length. This property and the transport_passive_only property are mutually exclusive.
Specify whether or not to only allow passive connection setup. Valid values are 'true', 'false', and 'default', which defaults to 'false'. This property can only be configured when the neighbor is in 'ip' address format without prefix length. This property and the transport_passive_mode property are mutually exclusive.
Specify source interface of BGP session and updates. Valid value is a string of the interface name.
--
Manages configuration of a BGP Neighbor Address-family instance.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.1.0 |
N3k | 7.0(3)I2(5) | 1.1.0 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
rewrite_evpn_rt_asn | Only supported on N9K-EX and N9K-FX devices. For eg: N9K-C93180YC-EX. Minimum OS version 7.0(3)I7(1) and minimum Module Version 1.9.0 |
Determine whether the neighbor address family config should be present or not. Valid values are 'present' and 'absent'.
BGP autonomous system number. Required. Valid values are String, Integer in ASPLAIN or ASDOT notation.
VRF name. Required. Valid values are string. The name 'default' is a valid VRF representing the global bgp.
Neighbor Identifier. Required. Valid values are string. Neighbors may use IPv4 or IPv6 notation, with or without a subnet mask.
Neighbor Address Family Identifier (AFI). Required. Valid values are string. Valid neighbor AFIs are ipv4
, ipv6
, vpnv4
, vpnv6
and l2vpn
. Note that some AFI/SAFI address-families may not be supported with some neighbors; e.g. an ipv6 neighbor may not support an ipv4 multicast address-family.
Neighbor Sub Address Family Identifier (SAFI). Required. Valid values are string. Valid neighbor SAFIs are unicast
, multicast
and evpn
. Note that some AFI/SAFI address-families may not be supported with some neighbors; e.g. an ipv6 neighbor may not support an ipv4 multicast address-family.
capability additional-paths receive
. Valid values are enable
for basic command enablement; disable
for disabling the command at the neighbor_af level (it adds the disable
keyword to the basic command); and inherit
to remove the command at this level (the command value is inherited from a higher BGP layer).
capability additional-paths send
. Valid values are enable
for basic command enablement; disable
for disabling the command at the neighbor_af level (it adds the disable
keyword to the basic command); and inherit
to remove the command at this level (the command value is inherited from a higher BGP layer).
Conditional route advertisement. This property requires two route maps: an advertise-map and an exist-map. Valid values are an array specifying both the advertise-map name and the exist-map name, or simply 'default'; e.g. ['my_advertise_map', 'my_exist_map']
. This command is mutually exclusive with the advertise_map_non_exist property.
Conditional route advertisement. This property requires two route maps: an advertise-map and a non-exist-map. Valid values are an array specifying both the advertise-map name and the non-exist-map name, or simply 'default'; e.g. ['my_advertise_map', 'my_non_exist_map']
. This command is mutually exclusive with the advertise_map_exist property.
allowas-in
. Valid values are true, false, or an integer value, which enables the command with a specific max-occurrences value. Related: allowas_in_max
.
Optional max-occurrences value for allowas_in
. Valid values are an integer value or 'default'. Can be used independently or in conjunction with allowas_in
.
as-override
. Valid values are true, false, or 'default'.
default-originate
. Valid values are True, False, or 'default'. Related: default_originate_route_map
.
Optional route-map for the default_originate
property. Can be used independently or in conjunction with default_originate
. Valid values are a string defining a route-map name, or 'default'.
Valid values are a string defining a filter-list name, or 'default'.
Valid values are a string defining a filter-list name, or 'default'.
maximum-prefix
limit value. Valid values are an integer value or 'default'. Related: max_prefix_threshold
, max_prefix_interval
, and max_prefix_warning
.
Optional restart interval. Valid values are an integer value or 'default'. Requires max_prefix_limit
.
Optional threshold percentage at which to generate a warning. Valid values are an integer value or 'default'. Requires max_prefix_limit
.
Optional warning-only keyword. Valid values are True, False, or 'default'. Requires max_prefix_limit
.
next-hop-self
. Valid values are True, False, or 'default'.
next-hop-third-party
. Valid values are True, False, or 'default'.
Valid values are a string defining a prefix-list name, or 'default'.
Valid values are a string defining a prefix-list name, or 'default'.
rewrite_evpn_rt_asn
state. Valid values are True, False or 'default'.
Valid values are a string defining a route-map name, or 'default'.
Valid values are a string defining a route-map name, or 'default'.
route-reflector-client
. Valid values are True, False, or 'default'.
send-community
attribute. Valid values are 'none', 'both', 'extended', 'standard', or 'default'.
soft-reconfiguration inbound
. Valid values are enable
for basic command enablement; always
to add the always
keyword to the basic command; and inherit
to remove the command at this level (the command value is inherited from a higher BGP layer).
Site-of-origin. Valid values are a string defining a VPN extcommunity or 'default'.
suppress-inactive
Valid values are True, False, or 'default'.
unsuppress-map
. Valid values are a string defining a route-map name or 'default'.
weight
value. Valid values are an integer value or 'default'.
--
Manages a cisco Bridge-Domain
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | not applicable | not applicable |
N3k | not applicable | not applicable |
N5k | not applicable | not applicable |
N6k | not applicable | not applicable |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | not applicable | not applicable |
N3k-F | not applicable | not applicable |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
ID of the Bridge Domain. Valid values are integer.
The bridge-domain name. Valid values are String or keyword 'default'. When the bd_name is set to 'default', this property is NOT idempotent.
Specifies the shutdown state of the bridge-domain. Valid values are true, false, 'default'.
Specifies this bridge-domain as the fabric control bridge-domain. Only one bridge-domain or VLAN can be configured as fabric-control. Valid values are true, false, keyword 'default.
--
Creates a Virtual Network Identifier member (VNI) mapping for cisco Bridge-Domain.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | not applicable | not applicable |
N3k | not applicable | not applicable |
N5k | not applicable | not applicable |
N6k | not applicable | not applicable |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | not applicable | not applicable |
N3k-F | not applicable | not applicable |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
The bridge-domain ID. Valid values are one or range of integers.
The Virtual Network Identifier (VNI) id that is mapped to the VLAN. Valid values are one or range of integers
--
Manages configuration of a DHCP relay global configuration.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(2e) | 1.4.0 |
N3k | 7.0(3)I2(2e) | 1.4.0 |
N5k | 7.3(0)N1(1) | 1.4.0 |
N6k | 7.3(0)N1(1) | 1.4.0 |
N7k | 7.3(0)D1(1) | 1.4.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
ipv4_information_option_trust |
Not supported on N5k, N6k |
ipv4_information_trust_all |
Not supported on N5k, N6k |
ipv4_src_addr_hsrp |
Not supported on N3k, N3k-F, N9k, N9k-F |
ipv4_sub_option_circuit_id_custom |
Not supported on N7k, N3k-F, N9k-F(TBD) and supported on N3k and N9k running os version 7.0(3)I3.1 and later |
ipv4_sub_option_circuit_id_string |
Supported on N3k Supported in OS Version 7.0(3)I6(1) and later on N9k |
ipv6_option_cisco |
Not supported on N5k, N6k |
Enables inserting relay information in BOOTREQUEST. Valid values are true, false, 'default'.
Enables relay trust functionality on the system. Valid values are true, false, 'default'.
Enables relay support across VRFs. Valid values are true, false, 'default'.
Enables relay trust on all the interfaces. Valid values are true, false, 'default'.
Enables DHCP relay agent. Valid values are true, false, 'default'.
Enables DHCP smart relay. Valid values are true, false, 'default'.
Enables Virtual IP instead of SVI address. Valid values are true, false, 'default'.
Source interface for the DHCPV4 relay. Valid values are string, keyword 'default'.
Enables circuit id customized to include vlan id, slot and port info. Valid values are true, false, 'default'.
Specifies suboption format type string. Valid values are string, keyword 'default'.
Enables cisco propritery suboptions. Valid values are true, false, 'default'.
Enables cisco propritery suboptions for DHCPV6. Valid values are true, false, 'default'.
Enables DHCPv6 relay support across VRFs. Valid values are true, false, 'default'.
Enables DHCPv6 relay agent. Valid values are true, false, 'default'.
Source interface for the DHCPV6 relay. Valid values are string, keyword 'default'.
--
Manages a Global VNI Encapsulation profile
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | not applicable | not applicable |
N3k | not applicable | not applicable |
N5k | not applicable | not applicable |
N6k | not applicable | not applicable |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | not applicable | not applicable |
N3k-F | not applicable | not applicable |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
Profile name of the Encapsulation. Valid values are String only.
The encapsulation profile dot1q vlan-to-vni mapping. Valid values are an array of [vlans, vnis] pairs.
--
Manages advertise evpn multicast
configurations of a Cisco device.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I7(1) | 1.9.0 |
N3k | not applicable | not applicable |
N5k | not applicable | not applicable |
N6k | not applicable | not applicable |
N7k | not applicable | not applicable |
N9k-F | not applicable | not applicable |
N3k-F | not applicable | not applicable |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'. Default value is 'present'.
The EVPN Multicast identifier. Valid values are 'default' only.
--
Manages Cisco Ethernet Virtual Private Network (EVPN) Multisite configurations of a Cisco device.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I7(1) | 1.9.0 |
N3k | not applicable | not applicable |
N5k | not applicable | not applicable |
N6k | not applicable | not applicable |
N7k | not applicable | not applicable |
N9k-F | not applicable | not applicable |
N3k-F | not applicable | not applicable |
The cisco_evpn_multisite
is only supported on N9K-EX and N9K-FX devices. For eg: N9K-C93180YC-EX.
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'. Default value is 'present'.
The EVPN Multisite identifier. Valid values are Integer.
Delay restore time in seconds. Valid values are Integer or keyword default.
--
Manages Cisco Ethernet Virtual Private Network (EVPN) stormcontrol configurations of a Cisco device.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I7(1) | 1.9.0 |
N3k | not applicable | not applicable |
N5k | not applicable | not applicable |
N6k | not applicable | not applicable |
N7k | not applicable | not applicable |
N9k-F | not applicable | not applicable |
N3k-F | not applicable | not applicable |
The cisco_evpn_stormcontrol
is only supported on N9K-EX and N9K-FX devices. For eg: N9K-C93180YC-EX.
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'. Default value is 'present'.
The packet type to apply stormcontol on. Valid values are 'unicast', 'multicast' or 'broadcast'.
Stormcontrol level. Valid values are Integer.
--
Manages Cisco Ethernet Virtual Private Network (EVPN) VXLAN Network Identifier (VNI) configurations of a Cisco device.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I3(1) | 1.3.0 |
N3k | not applicable | not applicable |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
route_target_both |
Supported on most Nexus platforms but usage is discouraged. See route_target_both below. |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'. Default value is 'present'.
The EVPN VXLAN Network Identifier. Valid values are Integer.
The VPN Route Distinguisher (RD). The RD is combined with the IPv4 or IPv6 prefix learned by the PE router to create a globally unique address. Valid values are a String in one of the route-distinguisher formats (ASN2:NN, ASN4:NN, or IPV4:NN); the keyword 'auto', or the keyword 'default'.
Enables/Disables route-target settings for both import and export target communities using a single property. Valid values are an Array or space-separated String of extended communities, or the keywords 'auto' or 'default'."
Caveat: The route_target_both
property is discouraged due to the inconsistent behavior of the property across Nexus platforms and image versions. The 'both' keyword has a transformative behavior on some platforms/versions in which it creates two cli configurations: one for import targets, a second for export targets, while the 'both' command itself may not appear at all. When the 'both' keyword does not appear in the configuration it causes an idempotency problem for puppet. For this reason it is recommended to use explicit 'route_target_export' and 'route_target_import' properties instead of route_target_both
.
Sets the route-target 'import' extended communities. Valid values are an Array or space-separated String of extended communities, or the keywords 'auto' or 'default'.
route_target Examples:
route_target_import => ['1.2.3.4:5', '33:55'] route_target_export => '4:4 66:66'
Sets the route-target 'export' extended communities. Valid values are an Array or space-separated String of extended communities, or the keywords 'auto' or 'default'.
--
Manages Cisco fabricpath global parameters.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | not applicable | not applicable |
N3k | not applicable | not applicable |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
Property | Caveat Description |
---|---|
loadbalance_multicast_has_vlan |
Supported only on N7k |
loadbalance_multicast_rotate |
Supported only on N7k |
ttl_multicast |
Supported only on N7k |
ttl_unicast |
Supported only on N7k |
ID of the fabricpath global config. The only valid value is keyword 'default'.
Aggregate Multicast Routes on same tree in the topology. Valid values are true/false and keyword 'default'. Default value: false.
Fabricpath Timers Allocate Delay in seconds. Valid values are integers from 1..1200 and keyword 'default'. Default value: 10.
Graceful merge for conflicting switch-id or FTAG allocation. Valid values are enable/disable and keyword 'default'. Default value: true.
Fabricpath Timers Link-up Delay in seconds. Valid values are integers from 1..1200 and keyword 'default'. Default value: 10.
Fabricpath ECMP loadbalancing alogorithm. Valid values are 'destination', 'source', 'source-destination', 'symmetric' and the keyword 'default'. Default is symmetric for Nexus 7000 series and source-destination for others.
Multicast Loadbalance flow parameters - include vlan or not. Valid values are true or false and keyword 'default'. Default value: true.
Multicast Loadbalance flow parameters - rotate amount in bytes. Valid values are integer in range 0..15 and keyword 'default'. Default value: 1.
Unicast Loadbalance flow parameters - include vlan or not. Valid values are true/false and keyword 'default'. Default value: 1.
Unicast Loadbalance flow parameters - layer. Valid values are : layer2, layer3, layer4, mixed, and keyword 'default'. Default value: mixed.
Unicast Loadbalance flow parameters - rotate amount in bytes. Valid values are Integers in range 0..15 and keyword 'default'. Default value: 1.
Fabricpath Timers Link-up delay always. This configuration introduces a linkup delay always whether the link is administratively brought up or whether it is restored after events such as a module reload. Valid values are true/false. Default: true.
Fabricpath Timers Link-up delay enable. Valid values are true/false and keyword 'default'. Default value: true.
Mode of operation of this switch w.r.t to segmentation. Valid values are normal/transit and keyword 'default'. Default: normal.
The fabricpath switch_id. This parameter can be used to over-ride the automatically assigned switch-id for this switch. Valid values are integers from 1..4094.
Fabricpath Timers Transition Delay in seconds. Valid values are integers from 1..1200 and keyword 'default'. Default value: 10.
Fabricpath Multicast TTL value. Valid values are integers from 1..64 and keyword 'default'. Default value: 32.
Fabricpath Unicast TTL value. Valid values are integers from 1..64 and keyword 'default'. Default value: 32.
--
Manages a Cisco fabricpath Topology
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | not applicable | not applicable |
N3k | not applicable | not applicable |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | not applicable | not applicable |
N3k-F | not applicable | not applicable |
ID of the fabricpath topology. Valid values are integers in the range 1-63. Value of 0 is reserved for default topology.
ID of the VLAN(s) tha are members of this topology. Valid values are integer/integer ranges.
Descriptive name of the topology. Valid values are string
--
Manages Cisco Hot Standby Router Protocol (HSRP) global parameters.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.5.0 |
N3k | 7.0(3)I2(5) | 1.5.0 |
N5k | 7.3(0)N1(1) | 1.5.0 |
N6k | 7.3(0)N1(1) | 1.5.0 |
N7k | 7.3(0)D1(1) | 1.5.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
bfd_all_intf |
Not supported on N3k |
Enables BFD for all HSRP sessions on all interfaces. Valid values are 'true', 'false', and 'default'.
Configures extended hold on global timers. Valid values are integer, keyword 'default'.
--
Manages a Cisco Network Interface. Any resource dependency should be run before the interface resource.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.0.1 |
N3k | 7.0(3)I2(5) | 1.0.1 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
ipv4_dhcp_relay_info_trust |
Not supported on N5k,N6k |
ipv4_dhcp_relay_src_addr_hsrp |
Not supported on N3k,N3k-F,N9k-F,N9k |
storm_control_broadcast |
Not supported on N7k |
storm_control_multicast |
Not supported on N7k |
pvlan_mapping |
Not supported on N3k-F,N9k-F |
switchport_pvlan_host |
Not supported on N3k-F,N9k-F |
switchport_pvlan_host_association |
Not supported on N3k-F,N9k-F |
switchport_pvlan_mapping |
Not supported on N3k-F,N9k-F |
switchport_pvlan_mapping_trunk |
Not supported on N3k,N3k-F,N9k-F |
switchport_pvlan_promiscuous |
Not supported on N3k-F,N9k-F |
switchport_pvlan_trunk_allowed_vlan |
Not supported on N3k-F,N9k-F |
switchport_pvlan_trunk_association |
Not supported on N3k,N3k-F,N9k-F |
switchport_pvlan_trunk_native_vlan |
Not supported on N3k-F,N9k-F |
switchport_pvlan_trunk_promiscuous |
Not supported on N3k,N3k-F,N9k-F |
switchport_pvlan_trunk_secondary |
Not supported on N3k,N3k-F,N9k-F |
svi_autostate |
Only supported on N3k,N7k,N9k |
vlan_mapping |
Only supported on N7k |
vlan_mapping_enable |
Only supported on N7k |
hsrp_bfd |
Not supported on N5k,N6k Minimum puppet module version 1.5.0 Supported in OS Version 8.0 and later on N7k |
hsrp_delay_minimum |
Not supported on N5k,N6k Minimum puppet module version 1.5.0 Supported in OS Version 8.0 and later on N7k |
hsrp_delay_reload |
Not supported on N5k,N6k Minimum puppet module version 1.5.0 Supported in OS Version 8.0 and later on N7k |
hsrp_mac_refresh |
Not supported on N5k,N6k Minimum puppet module version 1.5.0 Supported in OS Version 8.0 and later on N7k |
hsrp_use_bia |
Not supported on N5k,N6k Minimum puppet module version 1.5.0 Supported in OS Version 8.0 and later on N7k |
hsrp_version |
Not supported on N5k,N6k Minimum puppet module version 1.5.0 Supported in OS Version 8.0 and later on N7k |
pim_bfd |
Minimum puppet module version 1.5.0 |
load_interval_counter_1_delay |
Minimum puppet module version 1.6.0 |
load_interval_counter_2_delay |
Minimum puppet module version 1.6.0 |
load_interval_counter_3_delay |
Minimum puppet module version 1.6.0 |
purge_config |
Minimum puppet module version 1.7.0 |
Ensure absent for ethernet interfaces | Minimum puppet module version 1.8.0 |
ipv6_redirects |
Minimum puppet module version 1.10.0 |
Determine whether the interface config should be present or not. Valid values are 'present' and 'absent'.
Version 1.8.0
of the module allows physical ethernet interfaces to be managed as ensurable resources.
Notes about ensure => present
and ensure => absent
on physical ethernet interfaces:
ensure => present
along with non-default property values will put the interface into a non-default state.ensure => absent
will put the interface into a default state.- Physical interfaces will be displayed as
ensure => absent
by thepuppet resource
command when they are in a default state.
Name of the interface on the network element. No white space allowed in the name. Valid value is a string.
Enables bfd echo function for all address families. Valid values are 'true', 'false', and 'default'. This property is not applicable for loopback interfaces.
Description of the interface. Valid values are a string or the keyword 'default'.
Duplex of the interface. Valid values are 'full', and 'auto'.
Puts the ethernet interface into default state. Valid value is 'true'. When this property is set to 'true', the manifest can have no other properties.
cisco_interface { 'ethernet1/10':
purge_config => true,
}
Speed of the interface. Valid values are 100, 1000, 10000, 40000, 100000, and 'auto'.
Shutdown state of the interface. Valid values are 'true', 'false', and 'default'.
Switchport mode of the interface. Interfaces that support switchport_mode
may default to layer 2 or layer 3 depending on platform, interface type, or the system default switchport
setting. An interface may be explicitly set to Layer 3 by setting switchport_mode
to 'disabled'. Valid values are 'disabled', 'access', 'tunnel', 'fex_fabric', 'trunk', 'fabricpath' and 'default'.
The VLAN ID assigned to the interface. Valid values are an integer or the keyword 'default'.
Enable IEEE 802.1Q encapsulation of traffic on a specified subinterface. Valid values are integer, keyword 'default'.
Maximum Trasnmission Unit size for frames received and sent on the specified interface. Valid value is an integer.
Exclude this port for the SVI link calculation. Valid values are 'true', 'false', and 'default'.
Maps secondary VLANs to the VLAN interface of a primary VLAN. Valid inputs are a String containing a range of secondary vlans or keyword 'default'.
Example: pvlan_mapping => '3-4,6'
Configures a Layer 2 interface as a private VLAN host port. Valid values are 'true', 'false', and 'default'
Associates the Layer 2 host port with the primary and secondary VLANs of a private VLAN. Valid inputs are: An array containing the primary and secondary vlans, or keyword 'default'.
Example: switchport_pvlan_host_association => ['44', '144']
Associates the specified port with a primary VLAN and a selected list of secondary VLANs. Valid inputs are an array containing both the primary vlan and a range of secondary vlans, or keyword 'default'.
Example: switchport_pvlan_mapping => ['44', '3-4,6']
Maps the promiscuous trunk port with the primary VLAN and a selected list of associated secondary VLANs. Valid inputs are: An array containing both the primary vlan and a range of secondary vlans, a nested array if there are multiple mappings, or keyword 'default'.
Examples:
switchport_pvlan_mapping_trunk => [['44', '3-4,6'], ['99', '199']]
-or-
switchport_pvlan_mapping_trunk => ['44', '3-4,6']
Sets the allowed VLANs for the private VLAN isolated trunk interface. Valid values are a String range of vlans or keyword 'default'.
Example: switchport_pvlan_trunk_allowed_vlan => '3-4,6'
Associates the Layer 2 isolated trunk port with the primary and secondary VLANs of private VLANs. Valid inputs are: An array containing an association of primary and secondary vlans, a nested array if there are multiple associations, or the keyword 'default'.
Examples:
switchport_pvlan_trunk_association => [['44', '244'], ['45', '245']]
-or-
switchport_pvlan_trunk_association => ['44', '244']
Sets the native VLAN for the 802.1Q trunk. Valid values are Integer, String, or keyword 'default'.
Configures a Layer 2 interface as a private VLAN promiscuous port. Valid values are 'true', 'false', and 'default'.
Configures a Layer 2 interface as a private VLAN promiscuous trunk port. Valid values are 'true', 'false', and 'default'.
Configures a Layer 2 interface as a private VLAN isolated trunk port. Valid values are 'true', 'false', and 'default'.
The allowed VLANs for the specified Ethernet interface. Valid values are string, keyword 'default'.
The Native VLAN assigned to the switch port. Valid values are integer, keyword 'default'.
Enable or disable VTP on the interface. Valid values are 'true', 'false', and 'default'.
Enable/Disable negotiate auto on the interface. Valid values are 'true', 'false', and 'default'.
Allowed broadcast traffic level. Valid values are a string representing the broadcast level or keyword 'default'.
Allowed multicast traffic level. Valid values are a string representing the multicast level or keyword 'default'.
Allowed unicast traffic level. Valid values are a string representing the unicast level or keyword 'default'.
Applies an ipv4 access list on the interface in the ingress direction. An access-list should be present on the network device prior to this configuration. Valid values are string, keyword 'default'.
Applies an ipv4 access list on the interface in the egress direction. An access-list should be present on the network device prior to this configuration. Valid values are string, keyword 'default'.
Enables or disables ipv4 pim sparse mode on the interface. Valid values are 'true', 'false', and 'default'.
Enables or disables proxy arp on the interface. Valid values are 'true', 'false', and 'default'.
IP address of the interface. Valid values are a string of ipv4 address or the keyword 'default'.
Network mask length of the IP address on the interface. Valid values are integer and keyword 'default'.
Secondary IP address of the interface. Valid values are a string of ipv4 address or the keyword 'default'.
Network mask length of the secondary IP address on the interface. Valid values are integer and keyword 'default'.
Address Resolution Protocol (ARP) timeout value. Valid values are integer and keyword 'default'. Currently only supported on vlan interfaces.
IP forwarding state. Valid values are string or keyword 'default'.
Enables or disables ipv4 pim sparse mode on the interface. Valid values are 'true', 'false', and 'default'.
Enables or disables proxy arp on the interface. Valid values are 'true', 'false', and 'default'.
Enables or disables sending of IP redirect messages. Valid values are 'true', 'false', and 'default'.
Applies an ipv6 access list on the interface in the ingress direction. An access-list should be present on the network device prior to this configuration. Valid values are string, keyword 'default'.
Applies an ipv6 access list on the interface in the egress direction. An access-list should be present on the network device prior to this configuration. Valid values are string, keyword 'default'.
This property is an array of dhcp relay addresses. Valid values are an array specifying the dhcp relay addresses or keyword 'default'; e.g.:
ipv4_dhcp_relay_addr => ['1.1.1.1', '2.2.2.2']
Enable/Disable relay trust on the interface. Valid values are 'true', 'false', and 'default'.
Enable/Disable virtual IP instead of SVI address on the interface. Valid values are 'true', 'false', and 'default'.
Source interface for the DHCPV4 relay. Valid values are string, keyword 'default'.
Enable/Disable DHCP relay subnet-broadcast on the interface. Valid values are 'true', 'false', and 'default'.
Enable/Disable DHCP smart relay on the interface. Valid values are 'true', 'false', and 'default'.
This property is an array of ipv6 dhcp relay addresses. Valid values are an array specifying the ipv6 dhcp relay addresses or keyword 'default'; e.g.:
ipv6_dhcp_relay_addr => ['2000::11', '2001::22']
Source interface for the DHCPV6 relay. Valid values are string, keyword 'default'.
Enables or disables sending of IPv6 redirect messages. Valid values are 'true', 'false', and 'default'.
Enables PIM BFD on the interface. Valid values are 'true', 'false', and 'default'.
This property is a nested array of [original_vlan, translated_vlan] pairs. Valid values are an array specifying the mapped vlans or keyword 'default'; e.g.:
vlan_mapping => [[20, 21], [30, 31]]
Allows disablement of vlan_mapping on a given interface. Valid values are 'true', 'false', and 'default'.
Configure the vPC ID on this interface to make it a vPC link. The peer switch should configure a corresponding interface with the same vPC ID in order for the downstream device to add these links as part of the same port-channel. The vpc_id can generally be configured only on interfaces which are themselves port-channels (usually a single member port-channel). However, on the Nexus 7000 series a physical port can be configured as a vPC link. Valid values are integers in the range 1..4096. By default, interface is not configured with any vpc_id.
Configure this port-channel interface to be a vPC peer-link. A vPC peer-link is essential to the working of the vPC complex, not only for establishing the peer connectivity for control message exchange, but also for providing redundancy when vPC links fail. Valid values are 'true' or 'false'. Default value: false.
VRF member of the interface. Valid values are a string or the keyword 'default'.
Enable/Disable BPDU (Bridge Protocol Data Unit) filter for this interface. Valid values are enable, disable or 'default'.
Enable/Disable BPDU (Bridge Protocol Data Unit) guard for this interface. Valid values are enable, disable or 'default'.
Path cost. Valid values are integer, 'auto' or 'default'.
Guard mode. Valid values are loop, none, root or 'default'.
Link type. Valid values are auto, shared, point-to-point or 'default'.
Mst cost. Valid values are an array of [mst_range, cost] pairs or 'default'.
Mst port priority. Valid values are an array of [mst_range, port_priority] pairs or 'default'.
Port priority. Valid values are integer or 'default'.
Port type. Valid values are edge, network, normal, edge_trunk or 'default'.
Vlan path cost. Valid values are an array of [vlan_range, cost] pairs or 'default'.
Vlan port priority. Valid values are an array of [vlan_range, port_priority] pairs or 'default'.
Associate SVI with anycast gateway under VLAN configuration mode. The cisco_overlay_global
anycast_gateway_mac
must be set before setting this property.
Valid values are 'true', 'false', and 'default'.
Enable/Disable autostate on the SVI interface. Valid values are 'true', 'false', and 'default'.
Enable/Disable management on the SVI interface. Valid values are 'true', 'false', and 'default'.
Enable HSRP BFD on this interface. Valid values are true, false or 'default'.
HSRP intialization minimim delay in seconds. Valid values are integer, keyword 'default'
HSRP intialization delay after reload in seconds. Valid values are integer, keyword 'default'
HSRP mac refresh time in seconds. Valid values are integer, keyword 'default'
HSRP uses this interface's burned in address. Valid values are 'use_bia', 'use_bia_intf' or 'default'. 'use_bia' uses interface's burned in address. 'use_bia_intf' will increase the scope and applies this configuration to all groups on this interface.
HSRP version for this interface. Valid values are integer, keyword 'default'.
Load interval delay for counter 1 in seconds. Valid values are integer, keyword 'default'
Load interval delay for counter 2 in seconds. Valid values are integer, keyword 'default'
Load interval delay for counter 3 in seconds. Valid values are integer, keyword 'default'
--
Manages a Cisco Network Interface Channel-group.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
channel_group_mode |
Minimum puppet module version 1.7.0 |
Determine whether the interface config should be present or not. Valid values are 'present' and 'absent'.
Name of the interface where the service resides. Valid value is a string.
channel_group is an aggregation of multiple physical interfaces that creates a logical interface. Valid values are 1 to 4096 and 'default'.
Note: On some platforms a normal side-effect of adding the channel-group property is that an independent port-channel interface will be created; however, removing the channel-group configuration by itself will not also remove the port-channel interface. Therefore, the port-channel interface itself may be explicitly removed by using the cisco_interface
provider with ensure => absent
.
channel_group_mode is the port-channel mode of the interface. Valid values are 'active', 'passive', 'on', and 'default'.
Description of the interface. Valid values are a string or the keyword 'default'.
Shutdown state of the interface. Valid values are 'true', 'false', and 'default'.
--
Manages Cisco Interface Ethernet Virtual Private Network (EVPN) Multisite configurations of a Cisco device.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I7(1) | 1.9.0 |
N3k | not applicable | not applicable |
N5k | not applicable | not applicable |
N6k | not applicable | not applicable |
N7k | not applicable | not applicable |
N9k-F | not applicable | not applicable |
N3k-F | not applicable | not applicable |
The cisco_interface_evpn_multisite
is only supported on N9K-EX and N9K-FX devices. For eg: N9K-C93180YC-EX.
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'. Default value is 'present'.
Name of the interface on the network element. Valid value is a string.
The type of tracking to use with multisite interface. Valid values are String.
--
Manages a Cisco Network Interface HSRP group.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.5.0 |
N3k | 7.0(3)I2(5) | 1.5.0 |
N5k | not applicable | not applicable |
N6k | not applicable | not applicable |
N7k | 8.0 | 1.5.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
all properties |
Supported in OS Version 8.0 and later on N7k |
Determine whether the interface hsrp group config should be present or not. Valid values are 'present' and 'absent'.
Authentication type for the HSRP group. Valid values are 'cleartext', 'md5', keyword 'default'.
Turn on compatibility mode for MD5 type-7 authentication. Valid values are 'true', 'false', keyword 'default'.
Scheme used for encrypting authentication key string. Valid values are 'clear', 'encrypted', keyword 'default'.
Authentication key type. Valid values are 'key-chain', 'key-string', keyword 'default'.
Specifies password or key chain name or key string name. Valid values are string, keyword 'default'.
Specifies authentication timeout. Valid values are integer, keyword 'default'.
Enables HSRP ipv4. Valid values are 'true', 'false', keyword 'default'.
Sets HSRP IPv4 virtual IP addressing name. Valid values are string, keyword 'default'.
Obtains ipv6 address using autoconfiguration. Valid values are 'true', 'false', keyword 'default'.
Enables HSRP IPv6 and sets an array of virtual IPv6 addresses. Valid values are array of ipv6 addresses, keyword 'default'.
Virtual mac address. Valid values are string specifying the mac address, keyword 'default'.
Redundancy name string. Valid values are string, keyword 'default'.
Overthrows lower priority Active routers. Valid values are 'true', 'false', keyword 'default'.
Specifies amount of time to wait before pre-empting. Valid values are integer, keyword 'default'.
Specifies time to wait after reload. Valid values are integer, keyword 'default'.
Specifies time to wait for IP redundancy clients. Valid values are integer, keyword 'default'.
Sets priority value for this interface hsrp group. Valid values are integer, keyword 'default'.
Sets priority forwarding lower threshold value. Valid values are integer, keyword 'default'.
Sets priority forwarding upper threshold value. Valid values are integer, keyword 'default'.
Specify hello interval in milliseconds. Valid values are 'true', 'false', keyword 'default'.
Specify hold interval in milliseconds. Valid values are 'true', 'false', keyword 'default'.
Sets hello interval. Valid values are integer, keyword 'default'.
Sets hold interval. Valid values are integer, keyword 'default'.
--
Manages a Cisco Network Interface Service VNI.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | not applicable | not applicable |
N3k | not applicable | not applicable |
N5k | not applicable | not applicable |
N6k | not applicable | not applicable |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | not applicable | not applicable |
N3k-F | not applicable | not applicable |
Determine whether the interface config should be present or not. Valid values are 'present' and 'absent'.
Name of the interface where the service resides. Valid value is a string.
The Service ID number. Valid value is an Integer.
The VNI Encapsulation Profile Name. Valid values are String or the keyword 'default'
Shutdown state of the interface service vni. Valid values are 'true', 'false', or 'default'.
--
Manages configuration of an OSPF interface instance.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determine whether the config should be present or not. Valid values are 'present' and 'absent'.
Name of this cisco_interface resource. Valid value is a string.
Name of the cisco_ospf resource. Valid value is a string.
Enables bfd at interface level. This overrides the bfd variable set at the ospf router level. Valid values are 'true', 'false', or 'default'.
The cost associated with this cisco_interface_ospf instance. Valid value is an integer or the keyword 'default'.
The hello_interval associated with this cisco_interface_ospf instance. Time between sending successive hello packets. Valid values are an integer or the keyword 'default'.
The dead_interval associated with the cisco_interface_ospf instance. Time interval an ospf neighbor waits for a hello packet before tearing down adjacencies. Valid values are an integer or the keyword 'default'.
Passive interface associated with the cisco_interface_ospf instance. Setting to true will prevent this interface from receiving HELLO packets. Valid values are 'true' and 'false' or the keyword 'default'.
Enables or disables the usage of message digest authentication. Valid values are 'true' and 'false' or the keyword 'default'.
md5 authentication key-id associated with the cisco_interface_ospf instance. If this is present in the manifest, message_digest_encryption_type, message_digest_algorithm_type and message_digest_password are mandatory. Valid value is an integer or the keyword 'default'.
Algorithm used for authentication among neighboring routers within an area. Valid values are 'md5' and keyword 'default'.
Specifies the scheme used for encrypting message_digest_password. Valid values are 'cleartext', '3des' or 'cisco_type_7' encryption, and 'default', which defaults to 'cleartext'.
Specifies the message_digest password. Valid value is a string or the keyword 'default'.
Disables OSPF MTU mismatch detection. Valid values are 'true', 'false', or 'default'.
Specifies the network type of this interface. Valid values are 'broadcast', 'p2p' or the keyword 'default'. 'broadcast' type is not applicable on loopback interfaces.
The router priority associated with this cisco_interface_ospf instance. Valid values are an integer or the keyword 'default'.
Shuts down ospf on this interface. Valid values are 'true', 'false', or 'default'.
Packet transmission delay in seconds. Valid values are an integer or the keyword 'default'.
Required. Ospf area associated with this cisco_interface_ospf instance. Valid values are a string, formatted as an IP address (i.e. "0.0.0.0") or as an integer.
--
Manages configuration of a portchannel interface instance.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
Property | Caveat Description |
---|---|
port_hash_distribution port_load_defer |
Not supported on N5k, N6k |
lacp_suspend_individual |
WARNING: On N9k, the portchannel interface must be shutdown before the property can be set. This provider automatically shuts the interface down if needed. The interface is automatically restored to the original state after the property is set. |
Determine whether the config should be present or not. Valid values are 'present' and 'absent'.
Enables BFD sessions on each port-channel link. Valid values are true, false or 'default'.
port-channel lacp graceful convergence. Valid values are true, false or 'default'.
port-channel max-bundle. Valid values are Integer, keyword 'default'.
port-channel min-links. Valid values are Integer, keyword 'default'.
lacp port-channel state. Valid values are true and false or 'default'.
port-channel per port hash-distribution. Valid values are 'adaptive', 'fixed' or the keyword 'default'. This property is not supported on (Nexus 5|6k)
port-channel per port load-defer. Valid values are true, false or 'default'. This property is not supported on (Nexus 5|6k)
--
Manages ip multicast
configurations of a Cisco device.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I7(1) | 1.9.0 |
N3k | not applicable | not applicable |
N5k | not applicable | not applicable |
N6k | not applicable | not applicable |
N7k | not applicable | not applicable |
N9k-F | not applicable | not applicable |
N3k-F | not applicable | not applicable |
Property | Caveat Description |
---|---|
ensure |
WARNING Setting ensure to absent disables the feature ngmvpn . |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'. Default value is 'present'.
The IP Multicast resource identifier. Valid values are 'default' only.
Configure node as Distributed-DR. Valid values are true, false or keyword default
.
Enable L3-overlay shortest path tree only. Valid values are true, false or keyword default
.
--
Manages configuration of ITD (Intelligent Traffic Director) device group
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I3(1) | 1.3.0 |
N3k | not applicable | not applicable |
N5k | not applicable | not applicable |
N6k | not applicable | not applicable |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | not applicable | not applicable |
N3k-F | not applicable | not applicable |
Determine whether the config should be present or not. Valid values are 'present' and 'absent'.
Enable control protocol for probe. Valid values are true, false or 'default'. This is applicable only when the probe type is 'tcp' or 'udp'
Host name or target address when the probe type is 'dns'. Valid values are String.
Probe frequency in seconds. Valid values are Integer, keyword 'default'.
Probe port number when the type is 'tcp' or 'udp'. Valid values are Integer.
Probe retry count when the node goes down. Valid values are Integer, keyword 'default'.
Probe retry count when the node comes back up. Valid values are Integer, keyword 'default'.
Probe timeout in seconds. Valid values are Integer, keyword 'default'.
Probe type. Valid values are 'icmp', 'dns', 'tcp', 'udp' or keyword 'default'.
--
Manages configuration of ITD (Intelligent Traffic Director) device group node
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I3(1) | 1.3.0 |
N3k | not applicable | not applicable |
N5k | not applicable | not applicable |
N6k | not applicable | not applicable |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | not applicable | not applicable |
N3k-F | not applicable | not applicable |
Determine whether the config should be present or not. Valid values are 'present' and 'absent'.
Change mode of this node as hot-standby. Valid values are true, false or 'default'.
Type of the device group node. Valid values are ip and IPv6. It defaults to ip if not specified. IPv6 is not supported for N9k.
Enable control protocol for probe. Valid values are true, false or 'default'. This is applicable only when the probe type is 'tcp' or 'udp'
Host name or target address when the probe type is 'dns'. Valid values are String.
Probe frequency in seconds. Valid values are Integer, keyword 'default'.
Probe port number when the type is 'tcp' or 'udp'. Valid values are Integer.
Probe retry count when the node goes down. Valid values are Integer, keyword 'default'.
Probe retry count when the node comes back up. Valid values are Integer, keyword 'default'.
Probe timeout in seconds. Valid values are Integer, keyword 'default'.
Probe type. Valid values are 'icmp', 'dns', 'tcp', 'udp' or keyword 'default'.
Weight for traffic distribution. Valid values are Integer, keyword 'default'.
--
Manages configuration of ITD (Intelligent Traffic Director) service.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I3(1) | 1.3.0 |
N3k | not applicable | not applicable |
N5k | not applicable | not applicable |
N6k | not applicable | not applicable |
N7k | 7.3(0)D1(1) | 1.3.0 |
Property | Caveat Description |
---|---|
This provider requires the following commands to be applied as prerequisites using the cisco_command_config provider. cisco_command_config { 'prerequisites': command => " feature pbr feature sla sender feature sla responder ip sla responder " } |
|
nat_destination |
Supported only on N7k |
peer_local |
Supported only on N9k |
peer_vdc |
Supported only on N7k |
Determine whether the config should be present or not. Valid values are 'present' and 'absent'.
ITD access-list name. Valid values are String or 'default'.
Device group name where this service belongs. Valid values are String or 'default'.
ITD exclude-access-list name. Valid values are String or 'default'.
ITD failaction to reassign node. This enables traffic on failed nodes to be reassigned to the first available active node. Valid values are true, false or 'default'.
Ingress interface. Valid values are an array of [interface, next-hop]
pairs or 'default'.
Enable or disable load balance. Valid values are true, false or 'default'.
Buckets for traffic distribution (in powers of 2). Valid values are Integer, or keyword 'default'.
Loadbalance mask position. Valid values are Integer, keyword 'default'.
Loadbalance bundle select. Valid values are 'src, 'dst' or keyword 'default'.
Loadbalance bundle hash. Valid values are 'ip, 'ip-l4port' or keyword 'default'.
Loadbalance protocol. This is valid only when the bundle hash is 'ip-l4port'. Valid values are 'tcp, 'udp' or keyword 'default'.
Starting port in range (to match only packets in the range of port numbers). This is valid only when the bundle hash is 'ip-l4port'. Valid values are Integer, keyword 'default'.
Ending port in range (to match only packets in the range of port numbers). This is valid only when the bundle hash is 'ip-l4port'. Valid values are Integer, keyword 'default'.
Destination NAT. Valid values are true, false or 'default'.
Peer involved in sandwich mode. Valid values are String or 'default'.
Peer involved in sandwich mode. Valid values are an array of [vdc, service]
or 'default'.
Whether or not the service is shutdown. Valid values are 'true', 'false' and keyword 'default'.
Virtual ip configuration. Valid values are an array of Strings or 'default'.
--
Manages configuration of an ObjectGroup instance. This has no properties and it is the parent of ObjectGroupEntry.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(2e) | 1.8.0 |
N3k | 7.0(3)I2(2e) | 1.8.0 |
N5k | not applicable | not applicable |
N6k | not applicable | not applicable |
N7k | 7.3(0)D1(1) | 1.8.0 |
N9k-F | 7.0(3)F1(1) | 1.8.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Example Parameter Usage |
---|
cisco_object_group { '<afi> <type> <grp_name>': |
cisco_object_group { 'ipv4 address myog_v4_addr': |
Address Family Identifier (AFI). Required. Valid values are 'ipv4' and 'ipv6'.
Type of the object_group instance. Required. Valid values are 'address' and 'port'.
Name of the object_group instance. Required. Valid values are type String.
Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.
--
Manages configuration of an ObjectGroupEntry instance.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(2e) | 1.8.0 |
N3k | 7.0(3)I2(2e) | 1.8.0 |
N5k | not applicable | not applicable |
N6k | not applicable | not applicable |
N7k | 7.3(0)D1(1) | 1.8.0 |
N9k-F | 7.0(3)F1(1) | 1.8.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
cisco_object_group_entry { 'ipv4 address myoge_v4_addr 10':
ensure => 'present',
address => '10.10.10.1/24',
}
cisco_object_group_entry { 'ipv4 port myoge_v4_port 20':
ensure => 'present',
port => 'neq 40',
}
cisco_object_group_entry { 'ipv6 address myoge_v6_addr 30':
ensure => 'present',
address => '2000::1/64',
}
Example Parameter Usage |
---|
cisco_object_group_entry { '<afi> <type> <grp_name> <seqno>': |
cisco_object_group_entry { 'ipv4 address myoge_v4_addr 10': |
Address Family Identifier (AFI). Required. Valid values are 'ipv4' and 'ipv6'.
Type of the object_group instance. Required. Valid values are 'address' and 'port'.
Name of the object_group instance. Required. Valid values are type String.
Object Group Entry Sequence Number. Required. Valid values are type Integer.
Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.
The Address to match against. Valid values are type String, which must be one of the following forms:
- An IPv4/IPv6 address/prefix length
- The keyword
host
and a host address - An IPv4 Address and wildcard
Examples |
---|
address => '10.10.10.1/24' |
address => '10.10.10.1 11.12.13.14' |
address => 'host 10.0.0.1' |
address => '2000::1/64' |
address => 'host 2001::1' |
The TCP or UDP Port to match against. Valid values are type String, which must be one of the following forms:
- A comparison operator (
eq
,neq
,lt
,gt
) and value - The keyword
range
and a range value
Examples |
---|
port => 'neq 40' |
port => 'range 68 69' |
port => 'lt 400' |
--
Manages configuration of an ospf instance.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.0.1 |
N3k | 7.0(3)I2(5) | 1.0.1 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determine if the config should be present or not. Valid values are 'present', and 'absent'.
Name of the ospf router. Valid value is a string.
--
Manages an area for an OSPF router.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.4.0 |
N3k | 7.0(3)I2(5) | 1.4.0 |
N5k | 7.3(0)N1(1) | 1.4.0 |
N6k | 7.3(0)N1(1) | 1.4.0 |
N7k | 7.3(0)D1(1) | 1.4.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
cisco_ospf_area { 'my_ospf_instance default 10':
ensure => 'present',
range => [['10.3.0.0/16', 'not_advertise', '23'],
['10.3.3.0/24', '450']
],
}
cisco_ospf_area { 'my_ospf_instance my_vrf 1.1.1.1':
ensure => 'present',
authentication => 'md5',
default_cost => 1000,
filter_list_in => 'fin',
filter_list_out => 'fout',
stub => true,
}
cisco_ospf_area { 'my_ospf_instance my_vrf 1000':
ensure => 'present',
nssa => true,
nssa_default_originate => true,
nssa_no_redistribution => true,
nssa_no_summary => true,
nssa_route_map => 'rmap',
nssa_translate_type7 => 'always',
}
| Example Parameter Usage |
|:--|:--
|cisco_ospf_area { '<ospf_process_id> <vrf> <area_id>':
|cisco_ospf_area { '1 my_vrf 10':
|cisco_ospf_area { 'my_ospf default 10.1.1.1':
Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.
Enables authentication for the area. Valid values are 'cleartext', 'md5' or 'default'.
Default_cost for default summary Link-State Advertisement (LSA). Valid values are integer or keyword 'default'.
This is a route-map for filtering networks sent to this area. Valid values are string or keyword 'default'.
This is a route-map for filtering networks sent from this area. Valid values are string or keyword 'default'.
This property defines the area as NSSA (not so stubby area). Valid values are true, false or keyword 'default'. This property is mutually exclusive with stub
and stub_no_summary
.
Generates an NSSA External (type 7) LSA for use as a default route to the external autonomous system. Valid values are true, false or keyword 'default'.
Disable redistribution within the NSSA. Valid values are true, false or keyword 'default'.
Disables summary LSA flooding within the NSSA. Valid values are true, false or keyword 'default'.
Controls distribution of the default route. This property can only be used when the nssa_default_originate
property is set to true. Valid values are String (the route-map name) or keyword 'default'.
Translates NSSA external (type 7) LSAs to standard external (type 5) LSAs for use outside the NSSA. Valid values are one of the following keyword strings:
Keyword | Description |
---|---|
always |
Always translate |
suppress_fa |
Forwarding Address Suppression |
always_suppress_fa |
Always translate & use Forwarding Address Suppression |
never |
Never translate |
default |
Translation is not configured |
Summarizes routes at an area boundary. Optionally sets the area range status to DoNotAdvertise as well as setting per-summary cost values. Valid values are a nested array of [summary_address, 'not_advertise', cost], or keyword 'default'. The summary-address is mandatory.
Example: range => [['10.3.0.0/16', 'not_advertise', '23'], ['10.3.0.0/32', 'not_advertise'], ['10.3.0.1/32'], ['10.3.3.0/24', '450']]
Defines the area as a stub area. Valid values are true, false or keyword 'default'. This property is not necessary when the stub_no_summary
property is set to true, which also defines the area as a stub area. This property is mutually exclusive with nssa
.
Stub areas flood summary LSAs. This property disables summary flooding into the area. This property can be used in place of the stub
property or in conjunction with it. Valid values are true, false or keyword 'default'. This property is mutually exclusive with nssa
.
--
Manages an area virtual link for an OSPF router.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.4.0 |
N3k | 7.0(3)I2(5) | 1.4.0 |
N5k | 7.3(0)N1(1) | 1.4.0 |
N6k | 7.3(0)N1(1) | 1.4.0 |
N7k | 7.3(0)D1(1) | 1.4.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
cisco_ospf_area_vlink { 'my_ospf_instance default 10 1.1.1.1':
ensure => 'present',
auth_key_chain => 'keyChain',
authentication => 'md5',
authentication_key_encryption_type => cisco_type_7,
authentication_key_password => '98765432109876543210',
dead_interval => 500,
hello_interval => 2000,
message_digest_algorithm_type => 'md5',
message_digest_encryption_type => cisco_type_7,
message_digest_key_id => 123,
message_digest_password => '12345678901234567890',
retransmit_interval => 777,
transmit_delay => 333,
}
| Example Parameter Usage |
|:--|:--
|cisco_ospf_area_vlink { '<ospf_process_id> <vrf> <area_id> <vlink_id>':
|cisco_ospf_area_vlink { '1 my_vrf 10 1.1.1.1':
|cisco_ospf_area_vlink { 'my_ospf default 10.1.1.1 2.2.2.2':
Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.
Authentication password key chain name. Valid values are string, or 'default'.
Enables authentication for the virtual link. Valid values are 'cleartext', 'md5', 'null', or 'default'.
Specifies the scheme used for encrypting authentication_key_password. Valid values are 'cleartext', '3des' or 'cisco_type_7' encryption, and 'default', which defaults to 'cleartext'.
Specifies the authentication_key password. Valid value is a string, or 'default'.
Time in seconds that a neighbor waits for a Hello packet before declaring the local router as dead and tearing down adjacencies. Valid values are integer, keyword 'default'.
Time in seconds between successive Hello packets. Valid values are integer, keyword 'default'.
Algorithm used for authentication among neighboring routers within an area virtual link. Valid values are 'md5' and keyword 'default'.
Specifies the scheme used for encrypting message_digest_password. Valid values are 'cleartext', '3des' or 'cisco_type_7' encryption, and 'default', which defaults to 'cleartext'.
md5 authentication key id. Valid values are integer.
Specifies the message_digest password. Valid value is a string.
Estimated time in seconds between successive LSAs. Valid values are integer, keyword 'default'.
Estimated time in seconds to transmit an LSA to a neighbor. Valid values are integer, keyword 'default'.
--
Manages a VRF for an OSPF router.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.0.1 |
N3k | 7.0(3)I2(5) | 1.0.1 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.
Name of the resource instance. Valid value is a string. The name 'default' is a valid VRF representing the global ospf.
Name of the ospf instance. Valid value is a string.
Router Identifier (ID) of the OSPF router VRF instance. Valid values are a string or the keyword 'default'.
Enables bfd on all the OSPF interfaces on this router. The individual interfaces can override this. Valid values are true, false or keyword 'default'
Specify the default Metric value. Valid values are an integer or the keyword 'default'.
Controls the level of log messages generated whenever a neighbor changes state. Valid values are 'log', 'detail', 'none', and 'default'.
Specify the start interval for rate-limiting Link-State Advertisement (LSA) generation. Valid values are an integer, in milliseconds, or the keyword 'default'.
Specifies the hold interval for rate-limiting Link-State Advertisement (LSA) generation. Valid values are an integer, in milliseconds, or the keyword 'default'.
Specifies the max interval for rate-limiting Link-State Advertisement (LSA) generation. Valid values are an integer, in milliseconds, or the keyword 'default'.
Specify initial Shortest Path First (SPF) schedule delay. Valid values are an integer, in milliseconds, or the keyword 'default'.
Specify minimum hold time between Shortest Path First (SPF) calculations. Valid values are an integer, in milliseconds, or the keyword 'default'.
Specify the maximum wait time between Shortest Path First (SPF) calculations. Valid values are an integer, in milliseconds, or the keyword 'default'.
Specifies the reference bandwidth used to assign OSPF cost. Valid values are an integer, in Mbps, or the keyword 'default'.
--
Handles the detection of duplicate IP or MAC addresses based on the number of moves in a given time-interval (seconds). Also configures anycast gateway MAC of the switch.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I6(1) | 1.7.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
anycast_gateway_mac |
Not supported on N3k |
dup_host_ip_addr_detection_host_moves |
Not supported on N3k |
dup_host_ip_addr_detection_timeout |
Not supported on N3k |
dup_host_mac_detection_host_moves |
Supported in OS Version 7.0(3)I6(1) and later on N3k |
dup_host_mac_detection_timeout |
Supported in OS Version 7.0(3)I6(1) and later on N3k |
Instance of cisco_overlay_global, only allow the value 'default'
Anycast gateway mac of the switch
The number of host moves allowed in n seconds. The range is 1 to 1000 moves; default is 5 moves.
The duplicate detection timeout in seconds for the number of host moves. The range is 2 to 36000 seconds; default is 180 seconds.
The number of host moves allowed in n seconds. The range is 1 to 1000 moves; default is 5 moves.
The duplicate detection timeout in seconds for the number of host moves. The range is 2 to 36000 seconds; default is 180 seconds.
--
Manages configuration of an Protocol Independent Multicast (PIM) instance.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
bfd |
Minimum puppet module version 1.5.0 |
Address Family Identifier (AFI). Required. Valid value is ipv4.
Name of the resource instance. Required. Valid values are string. The name 'default' is a valid VRF representing the global vrf.
Enables BFD for all PIM interfaces in the current VRF. Valid values are true, false or 'default'.
Configure group ranges for Source Specific Multicast (SSM). Valid values are multicast addresses or the keyword ‘none’.
--
Manages configuration of an Protocol Independent Multicast (PIM) static route processor (RP) address for a multicast group range.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Address Family Identifier (AFI). Required. Valid values are ipv4 and ipv6.
Name of the resource instance. Required. Valid values are string. The name 'default' is a valid VRF representing the global vrf.
IP address of a router which is the route processor (RP) for a group range.. Required. Valid values are unicast addresses.
Specifies a group range for a static route processor (RP) address. Required. Valid values are multicast addresses.
--
Manages configuration of an Protocol Independent Multicast (PIM) static route processor (RP) address instance.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Address Family Identifier (AFI). Required. Valid values are ipv4 and ipv6.
Name of the resource instance. Required. Valid values are string. The name 'default' is a valid VRF representing the global vrf.
Configures a Protocol Independent Multicast (PIM) static route processor (RP) address. Required. Valid values are unicast addresses.
--
Manages configuration of a portchannel global parameters
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.3.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
cisco_portchannel_global
is not currently supported on N9K-EX and N9K-FX devices.
Property | Caveat Description |
---|---|
asymmetric hash_distribution load_defer |
Supported only on N7k |
bundle_hash values: port , ip-only , port-only |
Only supported on N3k, N5k, N6k |
bundle_hash values: ip-gre |
Only supported on N3k, N9k |
bundle_hash values: ip-l4port , ip-l4port-vlan , ip-vlan , l4port |
Only supported on N7k, N9k |
concatenation |
Supported only on N9k |
hash_poly |
Supported only on N5k, N6k |
resilient symmetry |
Supported only on N3k, N9k |
rotate |
Supported only on N3k-F, N7k, N9k-F, N9k |
port-channel asymmetric hash. Valid values are true, false or 'default'.
port-channel bundle hash. Valid values are 'ip', 'ip-l4port', 'ip-l4port-vlan', 'ip-vlan', 'l4port', 'mac', 'port', 'ip-only', 'port-only', 'ip-gre' or 'default'.
port-channel bundle select. Valid values are 'src', 'dst', 'src-dst' or 'default'.
port-channel concatenation enable or disable. Valid values are true, false or 'default'.
port-channel hash-distribution. Valid values are 'adaptive', 'fixed' or the keyword 'default'.
port-channel hash-polynomial. Valid values are 'CRC10a', 'CRC10b', 'CRC10c' or 'CRC10d'. Note: This property does not support the keyword 'default'.
port-channel load-defer time interval. Valid values are integer or 'default'.
port-channel resilient mode. Valid values are true, false or 'default'.
port-channel hash input offset. Valid values are integer or 'default'.
port-channel symmetry hash. Valid values are true, false or 'default'.
--
Manages a Cisco Route Map.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.6.0 |
N3k | 7.0(3)I2(5) | 1.6.0 |
N5k | 7.3(0)N1(1) | 1.6.0 |
N6k | 7.3(0)N1(1) | 1.6.0 |
N7k | 7.3(0)D1(1) | 1.6.0 |
N9k-F | 7.0(3)F1(1) | 1.6.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
match_evpn_route_type_1 |
Not supported on N3k,N3k-F,N9k-F,N9k |
match_evpn_route_type_2_all |
Not supported on N3k,N3k-F,N9k-F,N9k |
match_evpn_route_type_2_mac_ip |
Not supported on N3k,N3k-F,N9k-F,N9k |
match_evpn_route_type_2_mac_only |
Not supported on N3k,N3k-F,N9k-F,N9k |
match_evpn_route_type_3 |
Not supported on N3k,N3k-F,N9k-F,N9k |
match_evpn_route_type_4 |
Not supported on N3k,N3k-F,N9k-F,N9k |
match_evpn_route_type_5 |
Not supported on N3k,N3k-F,N9k-F,N9k |
match_evpn_route_type_6 |
Not supported on N3k,N3k-F,N9k-F,N9k |
match_evpn_route_type_all |
Not supported on N3k,N3k-F,N9k-F,N9k |
match_length |
Not supported on N3k,N3k-F,N9k-F,N9k |
match_mac_list |
Not supported on N3k,N3k-F,N9k-F,N9k |
match_metric |
Supported in OS Version 7.0(3)F2(1) and later on N9k-F |
match_ospf_area |
Not supported on N5k,N6k,N7k,N3k-F,N9k-F Supported in OS version 7.0(3)I5.1 and later on N3k, N9k |
match_vlan |
Not supported on N3k,N3k-F,N9k-F,N9k |
set_extcommunity_4bytes_additive |
Supported in OS Version 7.0(3)F2(1) and later on N9k-F |
set_extcommunity_4bytes_non_transitive |
Supported in OS Version 7.0(3)F2(1) and later on N9k-F |
set_extcommunity_4bytes_transitive |
Supported in OS Version 7.0(3)F2(1) and later on N9k-F |
set_extcommunity_cost_igp |
Not supported on N3k-F,N9k-F |
set_extcommunity_cost_pre_bestpath |
Not supported on N3k-F,N9k-F |
set_extcommunity_rt_additive |
Not supported on N3k-F,N9k-F |
set_extcommunity_rt_asn |
Not supported on N3k-F,N9k-F,N9k |
set_forwarding_addr |
Not supported on N3k-F,N9k-F |
set_ipv4_default_next_hop |
Not supported on N5k,N6k,N3k-F,N9k-F,N9k |
set_ipv4_default_next_hop_load_share |
Not supported on N5k,N6k,N3k-F,N9k-F,N9k |
set_ipv4_next_hop |
Not supported on N3k-F,N9k-F |
set_ipv4_next_hop_load_share |
Not supported on N5k,N6k Supported in OS Version 7.0(3)I5.1 and later on N9k Supported in OS Version 7.0(3)F2(1) and later on N9k-F |
set_ipv4_next_hop_redist |
Supported on N5k,N6k,N7k,N3k-F,N9k-F Supported in OS Version 7.0(3)I5.1 and later on N3k,N9k |
set_ipv4_precedence |
Not supported on N3k-F,N9k-F |
set_ipv4_prefix |
Not supported on N5k,N6k,N3k-F,N9k-F |
set_ipv6_default_next_hop |
Not supported on N5k,N6k,N3k-F,N9k-F,N9k |
set_ipv6_default_next_hop_load_share |
Not supported on N5k,N6k,N3k-F,N9k-F,N9k |
set_ipv6_next_hop |
Not supported on N3k-F,N9k-F |
set_ipv6_next_hop_load_share |
Not supported on N5k,N6k Supported in OS Version 7.0(3)I5.1 and later on N9k Supported in OS Version 7.0(3)F2(1) and later on N9k-F |
set_ipv6_next_hop_redist |
Supported on N5k,N6k,N7k,N3k-F,N9k-F Supported in OS Version 7.0(3)I5.1 and later on N3k,N9k |
set_ipv6_prefix |
Not supported on N5k,N6k,N3k-F,N9k-F |
set_vrf |
Supported on N7k |
Example Parameter Usage |
---|
match_as_number { '<AA4>, <AA4>-<AA4>, ..': |
match_as_number { '['3', '22-34', '38', '101-110', '120']': |
Determine whether the route map config should be present or not. Valid values are 'present' and 'absent'.
Description of the route-map. Valid values are string, or keyword 'default'
Match BGP peer AS number. Valid values are an array of ranges or keyword 'default'
Match BGP AS path list. Valid values are an array of list names or keyword 'default'
Match BGP community list. Valid values are an array of communities or keyword 'default'
Enable exact matching of communities. Valid values 'true', 'false' or keyword 'default'
Enable match BGP EVPN route type-1. Valid values are 'true', 'false' or keyword 'default'
Enable match all BGP EVPN route in type-2. Valid values are 'true', false or keyword 'default'
Enable match mac-ip BGP EVPN route in type-2. Valid values are 'true', 'false' or keyword 'default'
Enable match mac-only BGP EVPN route in type-2. Valid values are 'true', 'false' or keyword 'default'
Enable match BGP EVPN route type-3. Valid values are 'true', 'false' or keyword 'default'
Enable match BGP EVPN route type-4. Valid values are 'true', 'false' or keyword 'default'
Enable match BGP EVPN route type-5. Valid values are 'true', 'false' or keyword 'default'
Enable match BGP EVPN route type-6. Valid values are 'true', 'false' or keyword 'default'
Enable match BGP EVPN route type 1-6. Valid values are 'true', 'false' or keyword 'default'
Match BGP extended community list. Valid values are an array of extended communities or keyword 'default'
Enable exact matching of extended communities. Valid values are 'true', 'false' or keyword 'default'
Match first hop interface of route. Valid values are array of interfaces or keyword 'default'
Match IPv4 access-list name. Valid values are String or keyword 'default'
Match entries of prefix-lists for IPv4. Valid values are array of prefixes or keyword 'default'
Enable match IPv4 multicast. This property should be set to 'true' before setting any IPv4 multicast properties. Valid values are are 'true', 'false' or keyword 'default'
Match IPv4 multicast group prefix. Valid values are string, or keyword 'default'
Match IPv4 multicast group address begin range. Valid values are string, or keyword 'default'
Match IPv4 multicast group address end range. Valid values are string, or keyword 'default'
Match IPv4 multicast rendezvous prefix. Valid values are string, or keyword 'default'
Match IPv4 multicast rendezvous point type. Valid values are 'ASM', 'Bidir' or keyword 'default'
Match IPv4 multicast source prefix. Valid values are string or keyword 'default'
Match entries of prefix-lists for next-hop address of route for IPv4. Valid values are an array of prefixes or keyword 'default'
Match entries of prefix-lists for advertising source address of route for IPv4. Valid values are an array of prefixes or keyword 'default'
Match IPv6 access-list name. Valid values are string or keyword 'default'
Match entries of prefix-lists for IPv6. Valid values are array of prefixes or keyword 'default'
Enable match IPv6 multicast. This property should be set to 'true' before setting any IPv6 multicast properties. Valid values are 'true', 'false' or keyword 'default'
Match IPv6 multicast group prefix. Valid values are string, or keyword 'default'
Match IPv6 multicast group address begin range. Valid values are string, or keyword 'default'
Match IPv6 multicast group address end range. Valid values are string, or keyword 'default'
Match IPv6 multicast rendezvous prefix. Valid values are string, or keyword 'default'
Match IPv6 multicast rendezvous point type. Valid values are 'ASM', 'Bidir' or keyword 'default'
Match IPv6 multicast source prefix. Valid values are string or keyword 'default'
Match entries of prefix-lists for next-hop address of route for IPv6. Valid values are array of prefixes or keyword 'default'
Match entries of prefix-lists for advertising source address of route for IPv6. Valid values are array of prefixes or keyword 'default'
Match packet length. Valid values are array of minimum and maximum lengths or keyword 'default'
Match entries of mac-lists. Valid values are array of mac list names or keyword 'default'
Match metric of route. Valid values are array of [metric, deviation] pairs or keyword 'default'
Match entries of ospf area IDs. Valid values are array of ids or keyword 'default'
Enable match external route type (BGP, EIGRP and OSPF type 1/2). Valid values are 'true', 'false' or keyword 'default'
Enable match OSPF inter area type. Valid values are 'true', 'false' or keyword 'default'
Enable match OSPF inter area type (OSPF intra/inter area). Valid values are 'true', 'false' or keyword 'default'
Enable match OSPF intra area route. Valid values are 'true', 'false' or keyword 'default'
Enable match IS-IS level-1 route. Valid values are 'true', 'false' or keyword 'default'
Enable match IS-IS level-2 route. Valid values are 'true', 'false' or keyword 'default'
Enable match locally generated route. Valid values are 'true', 'false' or keyword 'default'
Enable match nssa-external route (OSPF type 1/2). Valid values are 'true', 'false' or keyword 'default'
Enable match OSPF external type 1 route. Valid values are 'true', 'false' or keyword 'default'
Enable match OSPF external type 2 route. Valid values are 'true', 'false' or keyword 'default'
Match source protocol. Valid values are array of protocols or keyword 'default'
Match tag of route. Valid values are array of tags or keyword 'default'
Match VLAN Id. Valid values are array of string of VLAN ranges or keyword 'default'
Prepend string for a BGP AS-path attribute. Valid values are array of AS numbers or keyword 'default'
Number of last-AS prepends. Valid values are integer or keyword 'default'
Set the tag as an AS-path attribute. Valid values are 'true', 'false' or keyword 'default'
Set BGP community list (for deletion). Valid values are String or keyword 'default'
Add to existing BGP community. Valid values are 'true', 'false' or keyword 'default'
Set community number. Valid values are array of AS numbers or keyword 'default'
Set Internet community. Valid values are 'true', 'false' or keyword 'default'
Do not send outside local AS. Valid values are 'true', 'false' or keyword 'default'
Do not advertise to any peer. Valid values are 'true', 'false' or keyword 'default'
Do not export to next AS. Valid values are 'true', 'false' or keyword 'default'
Set no community attribute. Valid values are 'true', 'false' or keyword 'default'
Set half-life time for the penalty of BGP route flap dampening. Valid values are integer or keyword 'default'
Set maximum duration to suppress a stable route of BGP route flap dampening. Valid values are integer or keyword 'default'
Set penalty to start reusing a route of BGP route flap dampening. Valid values are integer or keyword 'default'
Set penalty to start suppressing a route of BGP route flap dampening. Valid values are integer or keyword 'default'
Set administrative distance for IGP or EBGP routes. Valid values are integer or keyword 'default'
Set administrative distance for internal routes. Valid values are integer or keyword 'default'
Set administrative distance for local routes. Valid values are integer or keyword 'default'
Set BGP extended community list (for deletion). Valid values are string or keyword 'default'
Add to existing generic extcommunity. Valid values are 'true', 'false' or keyword 'default'
Set non-transitive extended community. Valid values are array of communities, or keyword 'default'
Set no extcommunity generic attribute. Valid values are 'true', 'false' or keyword 'default'
Set transitive extended community. Valid values are array of communities, or keyword 'default'
Compare following IGP cost comparison. Valid values are array of [communityId, cost] pairs or keyword 'default'
Compare before all other steps in bestpath calculation. Valid values are array of [communityId, cost] pairs or keyword 'default'
Set add to existing route target extcommunity. Valid values are 'true', 'false' or keyword 'default'
Set community number. Valid values are array of AS numbers or keyword 'default'
Set the forwarding address. Valid values are 'true', 'false' or keyword 'default'
Set output interface. Valid values are 'Null0' or keyword 'default'
Set default next-hop IPv4 address. Valid values are array of next hops or keyword 'default'
Enable default IPv4 next-hop load-sharing. Valid values are 'true', 'false' or keyword 'default'
Set next-hop IPv4 address. Valid values are array of next hops or keyword 'default'
Enable IPv4 next-hop load-sharing. Valid values are 'true', 'false' or keyword 'default'
Enable IPv4 next-hop peer address. Valid values are 'true', 'false' or keyword 'default'
Enable IPv4 next-hop unchanged address during redistribution. Valid values are 'true', 'false' or keyword 'default'
Enable IPv4 next-hop unchanged address. Valid values are 'true', 'false' or keyword 'default'
Set IPv4 precedence field. Valid values are 'critical', 'flash', 'flash-override', 'immediate', 'internet', 'network', 'priority', 'routine' or keyword 'default'
Set IPv4 prefix-list. Valid values are string or keyword 'default'
Set default next-hop IPv6 address. Valid values are array of next hops or keyword 'default'
Enable default IPv6 next-hop load-sharing. Valid values are 'true', 'false' or keyword 'default'
Set next-hop IPv6 address. Valid values are array of next hops or keyword 'default'
Enable IPv6 next-hop load-sharing. Valid values are 'true', 'false' or keyword 'default'
Enable IPv6 next-hop peer address. Valid values are 'true', 'false' or keyword 'default'
Enable IPv6 next-hop unchanged address during redistribution. Valid values are 'true', 'false' or keyword 'default'
Enable IPv6 next-hop unchanged address. Valid values are 'true', 'false' or keyword 'default'
Set IPv6 precedence field. Valid values are 'critical', 'flash', 'flash-override', 'immediate', 'internet', 'network', 'priority', 'routine' or keyword 'default'
Set IPv6 prefix-list. Valid values are string or keyword 'default'
Set where to import route. Valid values are 'level-1', 'level-1-2', 'level-2' or keyword 'default'
Set BGP local preference path attribute. Valid values are integer or keyword 'default'
Set add to metric. Valid values are 'true', 'false' or keyword 'default'
Set metric value or Bandwidth in kbps. Valid values are integer or keyword 'default'
Set IGRP delay metric. Valid values are integer or keyword 'default'
Set IGRP Effective bandwidth metric. Valid values are integer or keyword 'default'
Set IGRP MTU of the path. Valid values are integer or keyword 'default'
Set IGRP reliability metric. Valid values are integer or keyword 'default'
Set type of metric for destination routing protocol. Valid values are 'external, 'internal', 'type-1, 'type-2, or keyword 'default'
Set OSPF NSSA Areas. Valid values are 'true, 'false' or keyword 'default'
Set BGP origin code. Valid values are 'egp, 'igp', 'incomplete', or keyword 'default'
Set path selection criteria for BGP. Valid values are 'true, 'false' or keyword 'default'
Set tag value for destination routing protocol. Valid values are integer or keyword 'default'
Set the VRF for next-hop resolution. Valid values are string or keyword 'default'
Set BGP weight for routing table. Valid values are integer or keyword 'default'
--
Manages spanning tree global parameters
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.3.0 |
N3k | 7.0(3)I2(5) | 1.3.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
cisco_stp_global
is not currently supported on N9K-EX and N9K-FX devices.
Property | Caveat Description |
---|---|
bd_designated_priority |
Supported only on N7k |
bd_forward_time |
Supported only on N7k |
bd_hello_time |
Supported only on N7k |
bd_max_age |
Supported only on N7k |
bd_priority |
Supported only on N7k |
bd_root_priority |
Supported only on N7k |
domain |
Supported only on N5k, N6k, N7k Supported in OS Version 7.0(3)I6(1) and later on N3k, N9k |
fcoe |
Supported only on N9k |
Designated bridge priority. Valid values are an array of [bd_range, designated_priority] pairs or 'default'.
Forward delay. Valid values are an array of [bd_range, forward_time] pairs or 'default'.
Hello interval. Valid values are an array of [bd_range, hello_time] pairs or 'default'.
Max age interval. Valid values are an array of [bd_range, max_age] pairs or 'default'.
Bridge priority. Valid values are an array of [bd_range, priority] pairs or 'default'.
Root bridge priority. Valid values are an array of [bd_range, root_priority] pairs or 'default'.
Edge port (portfast) bpdu filter. Valid values are true, false or 'default'.
Edge port (portfast) bpdu guard. Valid values are true, false or 'default'.
Bridge Assurance on all network ports. Valid values are true, false or 'default'.
Domain. Valid values are integer or 'default'.
Spanning tree protocol for FCoE VLAN. Valid values are true, false or 'default'.
Enable loopguard by default on all ports. Valid values are true, false or 'default'.
Operating mode. Valid values are mst, rapid-pvst or 'default'.
Designated priority for multiple spanning tree configuration. Valid values are an array of [mst_range, designated_priority] pairs or 'default'
Hello interval for multiple spanning tree configuration. Valid values are integer or 'default'.
Map vlans to an MST instance. Valid values are an array of [mst_instance, vlan_range] pairs or 'default'
Max age interval for multiple spanning tree configuration. Valid values are integer or 'default'.
Max hops for multiple spanning tree configuration. Valid values are integer or 'default'
Name for multiple spanning tree configuration. Valid values are String or 'default'
Priority for multiple spanning tree configuration. Valid values are an array of [mst_range, priority] pairs or 'default'
Configuration revision number for multiple spanning tree configuration. Valid values are String or 'default'
Root priority for multiple spanning tree configuration. Valid values are an array of [mst_range, root_priority] pairs or 'default'
Pathcost option. Valid values are long, short or 'default'.
Designated priority for vlan. Valid values are an array of [vlan_range, designated_priority] pairs or 'default'
Forward delay for vlan. Valid values are an array of [vlan_range, forward_time] pairs or 'default'
Hello interval for vlan. Valid values are an array of [vlan_range, hello_time] pairs or 'default'
Max age interval for vlan. Valid values are an array of [vlan_range, max_age] pairs or 'default'
Priority for vlan. Valid values are an array of [vlan_range, priority] pairs or 'default'
Root priority for vlan. Valid values are an array of [vlan_range, root_priority] pairs or 'default'
--
Manages an SNMP community on a Cisco SNMP server.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.0.1 |
N3k | 7.0(3)I2(5) | 1.0.1 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determine whether the config should be present or not on the device. Valid values are 'present' and 'absent'.
Name of the SNMP community. Valid value is a string.
Group that the SNMP community belongs to. Valid values are a string or the keyword 'default'.
Assigns an Access Control List (ACL) to an SNMP community to filter SNMP requests. Valid values are a string or the keyword 'default'.
--
Manages a Cisco SNMP Group on a Cisco SNMP Server.
The term 'group' is a standard SNMP term, but in NXOS role it serves the purpose of group; thus this provider utility does not create snmp groups and only reports group (role) existence.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.0.1 |
N3k | 7.0(3)I2(5) | 1.0.1 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determines whether the config should be present on the device or not. Valid values are 'present', and 'absent'.
Name of the snmp group. Valid value is a string.
--
Manages a Cisco SNMP Server. There can only be one instance of the cisco_snmp_server.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.0.1 |
N3k | 7.0(3)I2(5) | 1.0.1 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
The name of the SNMP Server instance. Only 'default' is accepted as a valid name.
SNMP location (sysLocation). Valid values are a string or the keyword 'default'.
SNMP system contact (sysContact). Valid values are a string or the keyword 'default'.
Configures how long the AAA synchronized user configuration stays in the local cache. Valid values are an integer or the keyword 'default'.
Size of SNMP packet. Valid values are an integer, in bytes, or the keyword 'default'.
Enable/disable SNMP message encryption for all users. Valid values are 'true', 'false', and 'default'.
Enable/disable SNMP protocol. Valid values are 'true', 'false', and 'default'.
Enable/disable a one time authentication for SNMP over TCP session. Valid values are 'true', 'false', and 'default'.
--
Manages an SNMP user on an cisco SNMP server.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.0.1 |
N3k | 7.0(3)I2(5) | 1.0.1 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determines whether the config should be present or not on the device. Valid values are 'present', and 'absent'.
Name of the SNMP user. Valid value is a string.
Engine ID of the SNMP user. Valid values are empty string or 5 to 32 octets seprated by colon.
Groups that the SNMP user belongs to. Valid value is a string.
Authentication protocol for the SNMP user. Valid values are 'md5', 'sha', and 'none'.
Authentication password for the SNMP user. Valid value is string.
Privacy protocol for the SNMP user. Valid values are 'aes128', 'des', and 'none'.
Privacy password for SNMP user. Valid value is a string.
Specifies whether the passwords specified in manifest are in localized key format (in case of true) or cleartext (in case of false). Valid values are 'true', and 'false'.
--
Manages a Cisco TACACS+ Server global configuration. There can only be one instance of the cisco_tacacs_server.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.0.1 |
N3k | 7.0(3)I2(5) | 1.0.1 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Instance of the tacacs_server, only allows the value 'default'.
Global timeout interval for TACACS+ servers. Valid value is an integer, in seconds, or the keyword 'default'.
Allows users to specify a TACACS+ server to send the authentication request when logging in. Valid values are 'true', and 'false'.
Specifies the global deadtime interval for TACACS+ servers. Valid values are Integer, in minutes, and keyword 'default'.
Specifies the global preshared key type for TACACS+ servers. Valid values are 'clear', 'encrypted', 'none', and 'default'.
Specifies the global TACACS+ servers preshared key password. Valid values are string, and keyword 'default'.
Global source interface for all TACACS+ server groups configured on the device. Valid values are string, and keyword 'default'.
--
Configures Cisco TACACS+ server hosts.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.0.1 |
N3k | 7.0(3)I2(5) | 1.0.1 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
Name of the tacacs_server_host instance. Valid value is a string.
Server port for the host. Valid values are an integer or the keyword 'default'.
Timeout interval for the host. Valid values are an integer, in seconds, or the keyword 'default'.
Specifies a preshared key for the host. Valid values are 'clear', 'encrypted', 'none', and keyword 'default'.
"Specifies the preshared key password for the host. Valid value is a string.
--
Manages the upgrade of a Cisco device.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(2e) | 1.6.0 |
N3k | 7.0(3)I2(2e) | 1.6.0 |
N5k | not applicable | not applicable |
N6k | not applicable | not applicable |
N7k | not applicable | not applicable |
N9k-F | 7.0(3)F1(1) | 1.6.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
The cisco_upgrade
is only supported on simplex N3k, N3k-F, N9k and N9k-F devices. HA devices are currently not supported.
Property | Caveat Description |
---|---|
package |
Only images on bootflash , tftp and usb (if available) are supported. The puppet file provider can be used to copy the image file to bootflash . Refer to Demo Upgrade for an example. |
Name of cisco_upgrade instance. Valid values are string. Only 'image' is a valid name for the cisco_upgrade resource.
Delete the booted image. Valid values are true
, false
.
Force upgrade the device.Valid values are true
, false
.
Package to install on the device. Format <uri>:<image>
. Valid values are strings.
Example --> bootflash:nxos.7.0.3.I5.2.bin
--> tftp://x.x.x.x/path/to/nxos.7.0.3.I5.2.bin
NOTE: Only images on bootflash:
, tftp:
and usb
(if available) are supported.
--
Manages a Cisco VDC (Virtual Device Context).
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | not applicable | not applicable |
N3k | not applicable | not applicable |
N5k | not applicable | not applicable |
N6k | not applicable | not applicable |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | not applicable | not applicable |
N3k-F | not applicable | not applicable |
Name of the VDC. Valid value is a String or optional keyword 'default' when referencing the default VDC. The current implementation restricts changes to the default VDC.
Determines whether the config should be present or not. Valid values are 'present' and 'absent'.
This command restricts the allowed module-types in a given VDC. Valid values are String or keyword 'default'.
--
Manages a Cisco VLAN.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.0.1 |
N3k | 7.0(3)I2(5) | 1.0.1 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
Property | Caveat Description |
---|---|
fabric_control |
Only supported on N7k (support added in ciscopuppet 1.3.0) |
mode |
Only supported on N5k,N6k,N7k |
pvlan_type |
Not supported on N3k-F,N9k-F |
pvlan_association |
Not supported on N3k-F,N9k-F |
ID of the Virtual LAN. Valid value is an integer.
Determines whether the config should be present or not. Valid values are 'present' and 'absent'.
The Virtual Network Identifier (VNI) id that is mapped to the VLAN. Valid values are integer and keyword 'default'.
Determines mode of the VLAN. Valid values are 'CE', 'fabricpath' and keyword 'default'.
The name of the VLAN. Valid values are a string or the keyword 'default'.
State of the VLAN. Valid values are 'active', 'suspend', and keyword 'default'.
Whether or not the vlan is shutdown. Valid values are 'true', 'false' and keyword 'default'.
The private vlan type. Valid values are: 'primary', 'isolated', 'community' or 'default'.
Associates the secondary vlan(s) to the primary vlan. Valid values are an Array or String of vlan ranges, or keyword 'default'.
Examples:
pvlan_associate => ['2-5, 9']
-or-
pvlan_associate => '2-5, 9'
Specifies this vlan as the fabric control vlan. Only one bridge-domain or VLAN can be configured as fabric-control. Valid values are true, false.
--
Manages the virtual Port Channel (vPC) domain configuration of a Cisco device.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
auto_recovery |
Only supported on N3k, N7k, N9k |
fabricpath_emulated_switch_id |
Only supported on N7k |
fabricpath_multicast_load_balance |
Only supported on N7k |
layer3_peer_routing |
Only supported on N5k, N6k, N7k Supported in OS Version 7.0(3)I6(1) and later on N3k, N9k |
peer_gateway_exclude_vlan |
Only supported on N5k, N6k, N7k |
port_channel_limit |
Only supported on N7k |
self_isolation |
Only supported on N7k |
shutdown |
Only supported on N5k, N6k, N7k Supported in OS Version 7.0(3)I6(1) and later on N3k, N9k |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
vPC domain ID. Valid values are integer in the range 1-1000. There is no default value, this is a 'name' parameter.
Auto Recovery enable or disable if peer is non-operational. Valid values are true, false or default. This parameter is available only on Nexus 7000 series. Default value: true.
Delay (in secs) before peer is assumed dead before attempting to recover vPCs. Valid values are Integer or keyword 'default'
Delay (in secs) after peer link is restored to bring up vPCs. Valid values are Integer or keyword 'default'.
Delay (in secs) after peer link is restored to bring up Interface VLANs or Interface BDs. Valid values are Integer or keyword 'default'.
Interface VLANs or BDs to exclude from suspension when dual-active. Valid values are Integer or keyword 'default'.
Configure a fabricpath switch_id to enable vPC+ mode. This is also known as the Emulated switch-id. Valid values are Integer or keyword 'default'.
In vPC+ mode, enable or disable the fabricpath multicast load balance. This loadbalances the Designated Forwarder selection for multicast traffic. Valid values are true, false or default
Graceful conistency check . Valid values are true, false or default. Default value: true.
Enable or Disable Layer3 peer routing. Valid values are true/false or default. Default value: false.
Destination IPV4 address of the peer where Peer Keep-alives are terminated. Valid values are IPV4 unicast address. There is no default value.
Peer keep-alive hold timeout in secs. Valid values are Integer or keyword 'default'.
Peer keep-alive interval in millisecs. Valid values are Integer or keyword 'default'.
Peer keep-alive interval timeout. Valid Values are integers in the range 3..20. Default value: 5.
Peer keep-alive precedence. Valid Values are integers in the range 0..7. Default value: 6.
Source IPV4 address of this switch where Peer Keep-alives are Sourced. Valid values are IPV4 unicast address. There is no default value.
Peer keep-alive udp port used for hellos. Valid Values are integers in the range 1024..65000. Default value: 3200.
Peer keep-alive VRF. Valid Values are string. There is no default value.
Enable or Disable Layer3 forwarding for packets with peer gateway-mac. Valid values are true/false or default. Default: false.
Interface vlans to exclude from peer gateway functionality. Valid value is a string of integer ranges from 1..4095. This parameter is available only in Nexus 5000, Nexus 6000 and Nexus 7000 series. There is no default value.
In vPC+ mode, enable or disable the port channel scale limit of 244 vPCs. Valid values are true, false or default
Priority to be used during vPC role selection of primary vs secondary. Valid values are integers in the range 1..65535. Default value: 32667.
Enable or Disable self-isolation function for vPC. Valid values are true, false or default. This parameter is available only in Nexus 7000 series. Default value: false.
Whether or not the vPC domain is shutdown. Default value: false.
vPC system mac. Valid values are in mac addresses format. There is no default value.
vPC system priority. Valid values are integers in the range 1..65535. Default value: 32667.
--
Manages Cisco Virtual Routing and Forwarding (VRF) configuration of a Cisco device.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
mhost_ipv4_default_interface | Not supported on Nexus |
mhost_ipv6_default_interface | Not supported on Nexus |
remote_route_filtering | Not supported on Nexus |
route_distinguisher | Only supported on N3k, N9k |
shutdown | Only supported on N3k, N9k |
vni | Only supported on N9k |
vpn_id | Not supported on Nexus |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'. Default value is 'present'.
Name of the VRF. Valid value is a string of non-whitespace characters. It is not case-sensitive and overrides the title of the type.
Description of the VRF. Valid value is string.
Specify multicast ipv4 host default interface. Valid value will be a valid interface or the keyword 'default'.
Specify multicast ipv6 host default interface. Valid value will be a valid interface or the keyword 'default'.
Enable/disable remote route filtering. Valid value will be true, false or the keyword 'default'.
VPN Route Distinguisher (RD). The RD is combined with the IPv4 or IPv6 prefix learned by the PE router to create a globally unique address. Valid values are a String in one of the route-distinguisher formats (ASN2:NN, ASN4:NN, or IPV4:NN); the keyword 'auto', or the keyword 'default'.
Please note: The route_distinguisher
property is typically configured within the VRF context configuration on most platforms (including NXOS) but it is tightly coupled to bgp and therefore configured within the BGP configuration on some non-NXOS platforms. For this reason the route_distinguisher
property has support (with limitations) in both cisco_vrf
and cisco_bgp
providers:
cisco_bgp
: The property is supported on both NXOS and some non-NXOS platforms. See: cisco_bgp: route_distinguishercisco_vrf
: The property is only supported on NXOS.
IMPORTANT: Choose only one provider to configure the route_distinguisher
property on a given device. Using both providers simultaneously on the same device may have unpredictable results.
Shutdown state of the VRF. Valid values are 'true', 'false', and 'default'.
Specify virtual network identifier. Valid values are Integer or keyword 'default'.
Specify vpn_id. Valid values are <0-ffffff>:<0-ffffffff> or keyword 'default'.
--
Manages Cisco Virtual Routing and Forwarding (VRF) Address-Family configuration.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.2.0 |
N6k | 7.3(0)N1(1) | 1.2.0 |
N7k | 7.3(0)D1(1) | 1.2.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
route_target_both_auto | Not supported on N3k |
route_target_both_auto_evpn | Not supported on N3k |
route_target_export_evpn | Not supported on N3k |
route_target_export_stitching | Not supported on Nexus |
route_target_import_evpn | Not supported on N3k |
route_target_import_stitching | Not supported on Nexus |
route_target_both_auto_mvpn | Only supported on N9K 7.0(3)I7(1) and later |
route_target_import_mvpn | Only supported on N9K 7.0(3)I7(1) and later |
route_target_export_mvpn | Only supported on N9K 7.0(3)I7(1) and later |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'. Default value is 'present'.
Name of the VRF. Required. Valid value is a string of non-whitespace characters. It is not case-sensitive and overrides the title of the type.
Address-Family Identifier (AFI). Required. Valid values are 'ipv4' or 'ipv6'.
Sub Address-Family Identifier (SAFI). Required. Valid values are unicast
or multicast
.
multicast
is not supported on some platforms.
Set route-policy (route-map) export name. Valid value is string or keyword 'default'.
Set route-policy (route-map) import name. Valid value is string or keyword 'default'.
Enable/Disable the route-target 'auto' setting for both import and export target communities. Valid values are true, false, or 'default'.
(EVPN only) Enable/Disable the EVPN route-target 'auto' setting for both import and export target communities. Valid values are true, false, or 'default'.
(MVPN only) Enable/Disable the MVPN route-target 'auto' setting for both import and export target communities. Valid values are true, false, or 'default'.
Sets the route-target import extended communities. Valid values are an Array or space-separated String of extended communities, or the keyword 'default'.
route_target Examples:
route_target_import => ['1.2.3.4:5', '33:55']
route_target_export => '4:4 66:66'
route_target_export_evpn => '5:5'
(EVPN only) Sets the route-target import extended communities for EVPN. Valid values are an Array or space-separated String of extended communities, or the keyword 'default'.
(MVPN only) Sets the route-target import extended communities for MVPN. Valid values are an Array or space-separated String of extended communities, or the keyword 'default'.
(Stitching only) Sets the route-target import extended communities for stitching. Valid values are an Array or space-separated String of extended communities, or the keyword 'default'.
Sets the route-target export extended communities. Valid values are an Array or space-separated String of extended communities, or the keyword 'default'.
(EVPN only) Sets the route-target export extended communities for EVPN. Valid values are an Array or space-separated String of extended communities, or the keyword 'default'.
(MVPN only) Sets the route-target export extended communities for MVPN. Valid values are an Array or space-separated String of extended communities, or the keyword 'default'.
(Stitching only) Sets the route-target export extended communities for stitching. Valid values are an Array or space-separated String of extended communities, or the keyword 'default'.
--
Manages the VTP (VLAN Trunking Protocol) configuration of a Cisco device. There can only be one instance of the cisco_vtp.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.0.1 |
N3k | 7.0(3)I2(5) | 1.0.1 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
Instance of vtp, only allow the value 'default'
Required. VTP administrative domain. Valid value is a string.
Version for the VTP domain. Valid values are an integer or the keyword 'default'.
VTP file name. Valid values are a string or the keyword 'default'.
Password for the VTP domain. Valid values are a string or the keyword 'default'.
--
Creates a VXLAN Network Virtualization Endpoint (NVE) overlay interface that terminates VXLAN tunnels.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | not applicable | not applicable |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
source_interface_hold_down_time | Not supported on N3k, N5k, N6k Supported in OS Version 8.1.1 and later on N7k |
multisite_border_gateway_interface | Only supported on N9K-EX and N9K-FX devices. For eg: N9K-C93180YC-EX. Minimum OS version 7.0(3)I7(1) and minimum Module Version 1.9.0 |
global_suppress_arp | Only supported on N9K and N9K-F running OS Version 9.2 and later |
global_ingress_replication_bgp | Only supported on N9K running OS Version 9.2 and later |
global_mcast_group_l2 | Only supported on N9K and N9K-F running OS Version 9.2 and later |
global_mcast_group_l3 | Only supported on N9K running OS Version 9.2 and later |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
Description of the NVE interface. Valid values are string, or keyword 'default'.
Sets ingress replication protocol to bgp for all VNIs. Valid values are true, false or keyword 'default'.
NVE Multicast Group for all L2 VNIs. Valid values are string or keyword 'default'.
NVE Multicast Group for all L3 VNIs. Valid values are string or keyword 'default'.
Enables ARP suppression for all VNIs. Valid values are true, false or keyword 'default'.
Specify mechanism for host reachability advertisement. Valid values are 'evpn', 'flood' or keyword 'default'.
Specify loopback interface to be used as VxLAN Multisite Border-gateway interface. Valid values are string, and keyword 'default'.
Administratively shutdown the NVE interface. Valid values are true, false or keyword 'default'.
Specify the loopback interface whose IP address should be used for the NVE interface. Valid values are string or keyword 'default'.
Suppresses advertisement of the NVE loopback address until the overlay has converged. Valid values are Integer or keyword 'default'.
--
Creates a Virtual Network Identifier member (VNI) for an NVE overlay interface.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | not applicable | not applicable |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
ingress_replication | Not supported on N3k, N5k, N6k, N7k, N3k-F, N9k-F |
peer_list | Not supported on N3k, N5k, N6k, N7k, N3k-F, N9k-F |
suppress_uuc | Not supported on N3k, N3k-F, N9k, N9k-F Supported in OS Version 8.1.1 and later on N7k |
multisite_ingress_replication | Only supported on N9K-EX and N9K-FX devices. For eg: N9K-C93180YC-EX. Minimum OS version 7.0(3)I7(1) and minimum Module Version 1.9.0 |
suppress_arp_disable | Only supported on N9K and N9K-F running OS Version 9.2 and later |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
Name of the nve interface on the network element. Valid values are string.
ID of the Virtual Network Identifier. Valid values are integer.
This attribute is used to identify and separate processing VNIs that are associated with a VRF and used for routing. The VRF and VNI specified with this command must match the configuration of the VNI under the VRF. Valid values are true or false.
Specifies mechanism for host reachability advertisement. Valid values are 'bgp', 'static', or 'default'.
The multicast group (range) of the VNI. Valid values are string and keyword 'default'.
Set multisite ingress replication for the VNI. Valid values are true, false, or 'default'
Set the ingress-replication static peer list. Valid values are an Array, a space-separated String of ip addresses, or the keyword 'default'.
Suppress arp under layer 2 VNI. Valid values are true, false, or 'default'.
Overrides the global ARP suppression config. Valid values are true, false, or 'default'.
Suppress uuc under layer 2 VNI. Valid values are true, false, or 'default'.
--
The following resources are listed alphabetically.
--
Configure the banner of the device
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.10.0 |
N3k | 7.0(3)I2(5) | 1.10.0 |
N5k | 7.3(0)N1(1) | 1.10.0 |
N6k | 7.3(0)N1(1) | 1.10.0 |
N7k | 7.3(0)D1(1) | 1.10.0 |
N9k-F | 7.0(3)F1(1) | 1.10.0 |
N3k-F | 7.0(3)F3(2) | 1.10.0 |
Property | Caveat Description |
---|---|
motd | multiline banners are only supported on n9k and n3k platforms running 7.0(3)I7.4 / 9.2(1) or higher |
Resource name, not used to configure the device. Should be 'default'.
MOTD Banner. Valid value is a string. Non-literal newlines will be escaped.
--
Configure the domain name of the device
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.1.0 |
N3k | 7.0(3)I2(5) | 1.1.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
Domain name of the device. Valid value is a string.
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
Hostname or address of the DNS server. Valid value is a string.
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.1.0 |
N3k | 7.0(3)I2(5) | 1.1.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
hostname |
Minimum Module Version 1.10.0 |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
Name, generally "settings", not used to manage the resource. Valid value is a string.
Default domain name to append to the device hostname. Valid value is a string.
The hostname of the device. Valid value is a string.
Array of DNS suffixes to search for FQDN entries. Valid value is an array of strings.
Array of DNS servers to use for name resolution. Valid value is an array of strings.
--
Manages a puppet netdev_stdlib Network Interface. Any resource dependency should be run before the interface resource.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Name of the interface on the network element. Valid value is a string.
Description of the interface. Valid values are a string or the keyword 'default'.
Duplex of the interface. Valid values are 'full', and 'auto'.
Speed of the interface. Valid values are 100m, 1g, 10g, 40g, 100g, and 'auto'.
Maximum Trasnmission Unit size for frames received and sent on the specified interface. Valid value is an integer.
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.1.0 |
N3k | 7.0(3)I2(5) | 1.1.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Name of the Puppet resource, not used to manage the device. Valid value is a string.
Enable or disable SNMP functionality. Valid values are 'true' or 'false'.
Contact name for this device. Valid value is a string.
Location of this device. Valid value is a string.
--
Manages a puppet netdev_stdlib Network Trunk. It should be noted that while the NetDev stdlib has certain specified accepted parameters these may not be applicable to different network devices. For example, certain Cisco devices only use dot1q encapsulation, and therefore other values will cause errors.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
The switch interface name. Valid value is a string.
The vlan-tagging encapsulation protocol, usually dot1q. Valid values are 'dot1q', 'isl', 'negotiate' and 'none'. Cisco devices use dot1q encapsulation.
The L2 interface mode, enables or disables trunking. Valid values are 'access', 'trunk', 'dynamic_auto', and 'dynamic_desirable'. The mode on a Cisco device will always be 'trunk'.
VLAN used for untagged VLAN traffic. a.k.a Native VLAN. Values must be in range of 1 to 4095.
Array of VLAN names used for tagged packets. Values must be in range of 1 to 4095.
Array of VLAN ID numbers used for VLAN pruning. Values must be in range of 1 to 4095. Cisco do not implement the concept of pruned vlans.
--
Manages a puppet netdev_stdlib Network Vlan.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
ID of the Virtual LAN. Valid value is a string.
Whether or not the vlan is shutdown. Valid values are 'true' or 'false'.
The name of the VLAN. Valid value is a string.
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.7.0 |
N3k | 7.0(3)I2(5) | 1.7.0 |
N5k | 7.3(0)N1(1) | 1.7.0 |
N6k | 7.3(0)N1(1) | 1.7.0 |
N7k | 7.3(0)D1(1) | 1.7.0 |
N9k-F | 7.0(3)F1(1) | 1.7.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Authentication scheme. Valid value is 'md5'.
Authentication key number. Valid value is a string.
Authentication mode. Valid values are '0' and '7'.
Authentication password. Valid value is a string.
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.1.0 |
N3k | 7.0(3)I2(5) | 1.1.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
authenticate |
Module minimum version 1.7.0 |
trusted_key |
Module minimum version 1.7.0 |
Enable authentication. Valid values are 'true', 'false' and 'default'.
Resource name, not used to configure the device. Valid value is a string.
Source interface for the NTP server. Valid value is a string.
Trusted key for the NTP server. Valid value is integer.
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.1.0 |
N3k | 7.0(3)I2(5) | 1.1.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
key |
Module minimum version 1.7.0 |
maxpoll |
Module minimum version 1.7.0 |
minpoll |
Module minimum version 1.7.0 |
vrf |
Module minimum version 1.7.0 |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
Key id to be used while communicating to this NTP. Valid value is an integer.
Maximum interval to poll NTP server. Valid value is an integer.
Minimum interval to poll NTP server. Valid value is an integer.
Hostname or IPv4/IPv6 address of the NTP server. Valid value is a string.
Name of the vrf. Valid value is a string.
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
Channel group ID. eg 100. Valid value is an integer.
Array of Physical Interfaces that are part of the port channel. An array of valid interface names.
Number of active links required for port channel to be up. Valid value is an integer.
Name of the port channel. eg port-channel100. Valid value is a string.
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.1.0 |
N3k | 7.0(3)I2(5) | 1.1.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Resource name, not used to manage the device. Valid value is a string.
Enable or disable radius functionality. Valid values are 'true' or 'false'.
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.1.0 |
N3k | 7.0(3)I2(5) | 1.1.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Resource identifier, not used to manage the device. Valid value is a string.
Number of seconds before the timeout period ends. Valid value is an integer.
Number of times to retransmit. Valid value is an integer.
Encryption key (plaintext or in hash form depending on key_format). Valid value is a string.
Encryption key format [0-7]. Valid value is an integer.
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.1.0 |
N3k | 7.0(3)I2(5) | 1.1.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
Property | Caveat Description |
---|
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
IPv4/IPv6 address of the radius server. Valid value is a string.
Port number to use for authentication. Valid value is an integer.
Port number to use for accounting. Valid value is an integer.
Number of seconds before the timeout period ends. Valid value is an integer.
Number of times to retransmit. Valid value is an integer.
Enable this server for accounting only. Valid values are 'true' or 'false'.
Enable this server for authentication only. Valid values are 'true' or 'false'.
Encryption key (plaintext or in hash form depending on key_format). Valid value is a string.
Encryption key format [0-7]. Valid value is an integer.
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Array of servers associated with this group.
--
Configure the search domain of the device. Note that this type is functionally equivalent to the netdev_stdlib domain_name type.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
Search domain of the device. Valid value is a string.
Manages an SNMP community on a Cisco SNMP server.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determine whether the config should be present or not on the device. Valid values are 'present' and 'absent'.
Group that the SNMP community belongs to. Valid values are a string or the keyword 'default'.
Assigns an Access Control List (ACL) to an SNMP community to filter SNMP requests. Valid values are a string or the keyword 'default'.
--
Manages an SNMP notification on a Cisco SNMP server.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determine whether the trap should be on or off. Valid values are true and false.
--
Manages an SNMP notification receiver on an cisco SNMP server.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determines whether the config should be present or not on the device. Valid values are 'present', and 'absent'.
IP address of the SNMP user. Valid value is a string.
SNMP UDP port number
Username to use for SNMPv3 privacy and authentication. This is the community string for SNMPv1 and v2.
SNMP version [v1|v2|v3]
The type of receiver [traps|informs].
SNMPv3 security mode [auto|noauth|priv].
Interface to send SNMP data from, e.g. "management"
Source interface to send SNMP data from, e.g. "ethernet 2/1".
--
Manages an SNMP user on an cisco SNMP server.
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determines whether the config should be present or not on the device. Valid values are 'present', and 'absent'.
Name of the SNMP user. Valid value is a string.
Engine ID of the SNMP user. Valid values are empty string or 5 to 32 octets seprated by colon.
Groups that the SNMP user belongs to. Valid value is a string.
Authentication protocol for the SNMP user. Valid values are 'md5' and 'sha'.
Authentication password for the SNMP user. Valid value is string.
Privacy protocol for the SNMP user. Valid values are 'aes128' and 'des'.
Privacy password for SNMP user. Valid value is a string.
Specifies whether the passwords specified in manifest are in localized key format (in case of true) or cleartext (in case of false). Valid values are 'true', and 'false'.
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.1.0 |
N3k | 7.0(3)I2(5) | 1.1.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
Hostname or IPv4/IPv6 address of the Syslog server. Valid value is a string.
Syslog severity level to log. Valid value is an integer.
Interface to send syslog data from, e.g. "management". Valid value is a string.
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.10.0 |
N3k | 7.0(3)I2(5) | 1.10.0 |
N5k | 7.3(0)N1(1) | 1.10.0 |
N6k | 7.3(0)N1(1) | 1.10.0 |
N7k | 7.3(0)D1(1) | 1.10.0 |
N9k-F | 7.0(3)F1(1) | 1.10.0 |
N3k-F | 7.0(3)F3(2) | 1.10.0 |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
Global Syslog facility. Valid value is a string.
Syslog severity level to log. Valid value is an integer 0-7.
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.1.0 |
N3k | 7.0(3)I2(5) | 1.1.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Property | Caveat Description |
---|---|
logfile_severity_level |
Minimum Module Version 1.10.0 |
logfile_name |
Minimum Module Version 1.10.0 |
logfile_size |
Minimum Module Version 1.10.0 only supported on n9k and n3k platforms running 7.0(3)I7.4 / 9.2(1) or higher |
Enable or disable syslog logging [true|false].
Console logging severity level [0-7] or 'unset'.
Monitor (terminal) logging severity level [0-7] or 'unset'.
Source interface to send syslog data from, for example, "ethernet 2/1" (array of strings for multiple).
The unit of measurement for log time values. Valid values are 'seconds' and 'milliseconds'.
The VRF associated with source_interface (array of strings for multiple).
Logfile severity level [0-7] or 'unset'
Logfile file name to use or 'unset'
Logging file maximum size or 'unset'
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Enable or disable radius functionality [true|false]
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Enable or disable radius functionality [true|false]
Encryption key (plaintext or in hash form depending on key_format)
Encryption key format [0-7]
Number of seconds before the timeout period ends. Also supports undef
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.
Encryption key (plaintext or in hash form depending on key_format)
Encryption key format [0-7]
Hostname or IPv4/IPv6 address of the Syslog server. Valid value is a string.
The port of the tacacs server.
Number of seconds before the timeout period ends
--
Platform | OS Minimum Version | Module Minimum Version |
---|---|---|
N9k | 7.0(3)I2(5) | 1.2.0 |
N3k | 7.0(3)I2(5) | 1.2.0 |
N5k | 7.3(0)N1(1) | 1.3.0 |
N6k | 7.3(0)N1(1) | 1.3.0 |
N7k | 7.3(0)D1(1) | 1.3.0 |
N9k-F | 7.0(3)F1(1) | 1.5.0 |
N3k-F | 7.0(3)F3(2) | 1.8.0 |
Array of servers associated with this group.
The following table groups ciscopuppet documentation based on the intended audience.
Audience | ciscopuppet Documentation |
---|---|
User | README.md : (This document) README-agent-install.md : Agent Installation and Configuration Guide README-beaker-agent-install.md : Automated Agent Installation and Configuration README-package-provider.md : Cisco Nexus Package Management README-example-manifest.md : Example Demo Manifest User Guide |
Developer | CONTRIBUTING.md : Contribution guidelines README-develop-types-providers.md : Developing new ciscopuppet Types & Providers README-develop-beaker-scripts.md : Developing new beaker test scripts for ciscopuppet |
Maintainer | README-maintainers.md : Guidelines for core maintainers of the ciscopuppet project (Developer guides apply to Maintainers as well) |
Copyright (c) 2014-2018 Cisco and/or its affiliates.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.