cisco.dnac.authentication_policy_servers module -- Resource module for Authentication Policy Servers

Note

This module is part of the cisco.dnac collection (version 6.30.2).

To install it, use: ansible-galaxy collection install cisco.dnac. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: cisco.dnac.authentication_policy_servers.

New in cisco.dnac 3.1.0

Synopsis

  • This module represents an alias of the module authentication_policy_servers_v1

Note

This module has a corresponding action plugin.

Requirements

The below requirements are needed on the host that executes this module.

  • dnacentersdk >= 2.4.9

  • python >= 3.5

Parameters

Parameter

Comments

accountingPort

integer

Accounting port of RADIUS server. It is required for RADIUS server. The range is from 1 to 65535. E.g. 1813.

authenticationPort

integer

Authentication port of RADIUS server. It is required for RADIUS server. The range is from 1 to 65535. E.g. 1812.

ciscoIseDtos

list / elements=dictionary

Authentication Policy Servers's ciscoIseDtos.

description

string

Description about the Cisco ISE server.

fqdn

string

Fully-qualified domain name of the Cisco ISE server. E.g. Xi-62.my.com.

ipAddress

string

IP Address of the Cisco ISE Server.

password

string

Password of the Cisco ISE server.

sshkey

string

SSH key of the Cisco ISE server.

subscriberName

string

Subscriber name of the Cisco ISE server. E.g. Pxgrid_client_1662589467.

userName

string

User name of the Cisco ISE server.

dnac_debug

boolean

Flag for Cisco DNA Center SDK to enable debugging.

Choices:

dnac_host

string / required

The Cisco DNA Center hostname.

dnac_password

string

The Cisco DNA Center password to authenticate.

dnac_port

integer

The Cisco DNA Center port.

Default: :ansible-option-default:`443`

dnac_username

aliases: user

string

The Cisco DNA Center username to authenticate.

Default: :ansible-option-default:`"admin"`

dnac_verify

boolean

Flag to enable or disable SSL certificate verification.

Choices:

dnac_version

string

Informs the SDK which version of Cisco DNA Center to use.

Default: :ansible-option-default:`"2.3.7.6"`

encryptionKey

string

Encryption key used to encrypt shared secret.

encryptionScheme

string

Type of encryption scheme for additional security.

externalCiscoIseIpAddrDtos

list / elements=dictionary

Authentication Policy Servers's externalCiscoIseIpAddrDtos.

externalCiscoIseIpAddresses

list / elements=dictionary

Authentication Policy Servers's externalCiscoIseIpAddresses.

externalIpAddress

string

External IP Address.

type

string

Type.

id

string

Id path parameter. Authentication and Policy Server Identifier. Use 'Get Authentication and Policy Servers' intent API to find the identifier.

ipAddress

string

IP address of authentication and policy server.

isIseEnabled

boolean

Value true for Cisco ISE Server. Default value is false.

Choices:

messageKey

string

Message key used to encrypt shared secret.

port

integer

Port of TACACS server. It is required for TACACS server. The range is from 1 to 65535.

protocol

string

Type of protocol for authentication and policy server. If already saved with RADIUS, can update to RADIUS_TACACS. If already saved with TACACS, can update to RADIUS_TACACS.

pxgridEnabled

boolean

Value true for enable, false for disable. Default value is true.

Choices:

retries

string

Number of communication retries between devices and authentication and policy server. The range is from 1 to 3.

role

string

Role of authentication and policy server. E.g. Primary, secondary.

sharedSecret

string

Shared secret between devices and authentication and policy server.

timeoutSeconds

string

Number of seconds before timing out between devices and authentication and policy server. The range is from 2 to 20.

useDnacCertForPxgrid

boolean

Value true to use Catalyst Center certificate for Pxgrid. Default value is false.

Choices:

validate_response_schema

boolean

Flag for Cisco DNA Center SDK to enable the validation of request bodies against a JSON schema.

Choices:

Notes

Note

  • SDK Method used are system_settings.SystemSettings.add_authentication_and_policy_server_access_configuration_v1, system_settings.SystemSettings.delete_authentication_and_policy_server_access_configuration_v1, system_settings.SystemSettings.edit_authentication_and_policy_server_access_configuration_v1,

  • Paths used are post /dna/intent/api/v1/authentication-policy-servers, delete /dna/intent/api/v1/authentication-policy-servers/{id}, put /dna/intent/api/v1/authentication-policy-servers/{id},

  • It should be noted that this module is an alias of authentication_policy_servers_v1

  • Does not support check_mode

  • The plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco DNAC SDK

  • The parameters starting with dnac_ are used by the Cisco DNAC Python SDK to establish the connection

See Also

See also

Cisco DNA Center documentation for System Settings AddAuthenticationAndPolicyServerAccessConfigurationV1

Complete reference of the AddAuthenticationAndPolicyServerAccessConfigurationV1 API.

Cisco DNA Center documentation for System Settings DeleteAuthenticationAndPolicyServerAccessConfigurationV1

Complete reference of the DeleteAuthenticationAndPolicyServerAccessConfigurationV1 API.

Cisco DNA Center documentation for System Settings EditAuthenticationAndPolicyServerAccessConfigurationV1

Complete reference of the EditAuthenticationAndPolicyServerAccessConfigurationV1 API.

Examples

- name: Create
  cisco.dnac.authentication_policy_servers:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    state: present
    accountingPort: 0
    authenticationPort: 0
    ciscoIseDtos:
    - description: string
      fqdn: string
      ipAddress: string
      password: string
      sshkey: string
      subscriberName: string
      userName: string
    encryptionKey: string
    encryptionScheme: string
    externalCiscoIseIpAddrDtos:
    - externalCiscoIseIpAddresses:
      - externalIpAddress: string
      type: string
    ipAddress: string
    isIseEnabled: true
    messageKey: string
    port: 0
    protocol: string
    pxgridEnabled: true
    retries: string
    role: string
    sharedSecret: string
    timeoutSeconds: string
    useDnacCertForPxgrid: true

- name: Delete by id
  cisco.dnac.authentication_policy_servers:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    state: absent
    id: string

- name: Update by id
  cisco.dnac.authentication_policy_servers:
    dnac_host: "{{dnac_host}}"
    dnac_username: "{{dnac_username}}"
    dnac_password: "{{dnac_password}}"
    dnac_verify: "{{dnac_verify}}"
    dnac_port: "{{dnac_port}}"
    dnac_version: "{{dnac_version}}"
    dnac_debug: "{{dnac_debug}}"
    state: present
    accountingPort: 0
    authenticationPort: 0
    ciscoIseDtos:
    - fqdn: string
      password: string
      sshkey: string
      userName: string
    externalCiscoIseIpAddrDtos:
    - externalCiscoIseIpAddresses:
      - externalIpAddress: string
      type: string
    id: string
    port: 0
    protocol: string
    pxgridEnabled: true
    retries: string
    timeoutSeconds: string
    useDnacCertForPxgrid: true

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

dnac_response

dictionary

A dictionary or list with the response returned by the Cisco DNAC Python SDK

Returned: always

Sample: :ansible-rv-sample-value:`{"response": {"taskId": "string", "url": "string"}, "version": "string"}`

Authors

  • Rafael Campos (@racampos)