cisco.ise.allowedprotocols module – Resource module for Allowedprotocols

Note

This module is part of the cisco.ise collection (version 3.0.0).

To install it, use: ansible-galaxy collection install cisco.ise. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: cisco.ise.allowedprotocols.

New in cisco.ise 1.0.0

Synopsis

• Manage operation create of the resource Allowedprotocols.

Note

This module has a corresponding action plugin.

Requirements

The below requirements are needed on the host that executes this module.

• ciscoisesdk >= 2.0.1

• python >= 3.5

Parameters

Parameter	Comments
allowChap boolean	AllowChap flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowEapFast boolean	AllowEapFast flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowEapMd5 boolean	AllowEapMd5 flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowEapTls boolean	AllowEapTls flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowEapTtls boolean	AllowEapTtls flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowLeap boolean	AllowLeap flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowMsChapV1 boolean	AllowMsChapV1 flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowMsChapV2 boolean	AllowMsChapV2 flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowPapAscii boolean	AllowPapAscii flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowPeap boolean	AllowPeap flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowPreferredEapProtocol boolean	AllowPreferredEapProtocol flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowTeap boolean	AllowTeap flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowWeakCiphersForEap boolean	AllowWeakCiphersForEap flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
description string	Description.
displayAdditionalTLSParams boolean	DisplayAdditionalTLSParams flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapFast dictionary	Allowedprotocols’s eapFast.
allowEapFastEapGtc boolean	AllowEapFastEapGtc flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowEapFastEapGtcPwdChange boolean	The allowEapFastEapGtcPwdChange is required only if allowEapFastEapGtc is true, otherwise it must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowEapFastEapGtcPwdChangeRetries dictionary	The allowEapFastEapGtcPwdChangeRetries is required only if allowEapFastEapGtc is true, otherwise it must be ignored. Valid range is 0-3.
allowEapFastEapMsChapV2 boolean	AllowEapFastEapMsChapV2 flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowEapFastEapMsChapV2PwdChange boolean	The allowEapFastEapMsChapV2PwdChange is required only if allowEapFastEapMsChapV2 is true, otherwise it must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowEapFastEapMsChapV2PwdChangeRetries dictionary	The allowEapFastEapMsChapV2PwdChangeRetries is required only if eapTtlsEapMsChapV2 is true, otherwise it must be ignored. Valid range is 0-3.
allowEapFastEapTls boolean	AllowEapFastEapTls flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowEapFastEapTlsAuthOfExpiredCerts boolean	The allowEapFastEapTlsAuthOfExpiredCerts is required only if allowEapFastEapTls is true, otherwise it must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapFastDontUsePacsAcceptClientCert boolean	The eapFastDontUsePacsAcceptClientCert is required only if eapFastUsePacs is FALSE, otherwise it must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapFastDontUsePacsAllowMachineAuthentication boolean	The eapFastDontUsePacsAllowMachineAuthentication is required only if eapFastUsePacs is FALSE, otherwise it must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapFastEnableEAPChaining boolean	EapFastEnableEAPChaining flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapFastUsePacs boolean	EapFastUsePacs flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapFastUsePacsAcceptClientCert boolean	The eapFastUsePacsAcceptClientCert is required only if eapFastUsePacsAllowAuthenProvisioning is true, otherwise it must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapFastUsePacsAllowAnonymProvisioning boolean	The eapFastUsePacsAllowAnonymProvisioning is required only if eapFastUsePacs is true, otherwise it must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapFastUsePacsAllowAuthenProvisioning boolean	The eapFastUsePacsAllowAuthenProvisioning is required only if eapFastUsePacs is true, otherwise it must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapFastUsePacsAllowMachineAuthentication boolean	The eapFastUsePacsAllowMachineAuthentication is required only if eapFastUsePacs is true, otherwise it must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapFastUsePacsAuthorizationPacTtl dictionary	The eapFastUsePacsAuthorizationPacTtl is required only if eapFastUsePacsStatelessSessionResume is true, otherwise it must be ignored.
eapFastUsePacsAuthorizationPacTtlUnits string	The eapFastUsePacsAuthorizationPacTtlUnits is required only if eapFastUsePacsStatelessSessionResume is true, otherwise it must be ignored. Allowed Values SECONDS, MINUTES, HOURS, DAYS, WEEKS.
eapFastUsePacsMachinePacTtl dictionary	The eapFastUsePacsMachinePacTtl is required only if eapFastUsePacsAllowMachineAuthentication is true, otherwise it must be ignored.
eapFastUsePacsMachinePacTtlUnits string	The eapFastUsePacsMachinePacTtlUnits is required only if eapFastUsePacsAllowMachineAuthentication is true, otherwise it must be ignored. Allowed Values SECONDS, MINUTES, HOURS, DAYS, WEEKS.
eapFastUsePacsServerReturns boolean	The eapFastUsePacsServerReturns is required only if eapFastUsePacsAllowAuthenProvisioning is true, otherwise it must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapFastUsePacsStatelessSessionResume boolean	The eapFastUsePacsStatelessSessionResume is required only if eapFastUsePacs is true, otherwise it must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapFastUsePacsTunnelPacTtl dictionary	The eapFastUsePacsTunnelPacTtl is required only if eapFastUsePacs is true, otherwise it must be ignored.
eapFastUsePacsTunnelPacTtlUnits string	The eapFastUsePacsTunnelPacTtlUnits is required only if eapFastUsePacs is true, otherwise it must be ignored. Allowed Values SECONDS, MINUTES, HOURS, DAYS, WEEKS.
eapFastUsePacsUseProactivePacUpdatePrecentage dictionary	The eapFastUsePacsUseProactivePacUpdatePrecentage is required only if eapFastUsePacs is true, otherwise it must be ignored.
eapTls dictionary	Allowedprotocols’s eapTls.
allowEapTlsAuthOfExpiredCerts boolean	AllowEapTlsAuthOfExpiredCerts flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapTlsEnableStatelessSessionResume boolean	EapTlsEnableStatelessSessionResume flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapTlsSessionTicketPrecentage dictionary	The eapTlsSessionTicketPrecentage is required only if eapTlsEnableStatelessSessionResume is true, otherwise it must be ignored.
eapTlsSessionTicketTtl dictionary	Time to live. The eapTlsSessionTicketTtl is required only if eapTlsEnableStatelessSessionResume is true, otherwise it must be ignored.
eapTlsSessionTicketTtlUnits dictionary	Time to live time units. The eapTlsSessionTicketTtlUnits is required only if eapTlsEnableStatelessSessionResume is true, otherwise it must be ignored. Allowed Values SECONDS, MINUTES, HOURS, DAYS, WEEKS.
eapTlsLBit boolean	EapTlsLBit flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapTtls dictionary	Allowedprotocols’s eapTtls.
eapTtlsChap boolean	EapTtlsChap flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapTtlsEapMd5 boolean	EapTtlsEapMd5 flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapTtlsEapMsChapV2 boolean	EapTtlsEapMsChapV2 flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapTtlsEapMsChapV2PwdChange boolean	The eapTtlsEapMsChapV2PwdChange is required only if eapTtlsEapMsChapV2 is true, otherwise it must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapTtlsEapMsChapV2PwdChangeRetries dictionary	The eapTtlsEapMsChapV2PwdChangeRetries is required only if eapTtlsEapMsChapV2 is true, otherwise it must be ignored. Valid range is 0-3.
eapTtlsMsChapV1 boolean	EapTtlsMsChapV1 flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapTtlsMsChapV2 boolean	EapTtlsMsChapV2 flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
eapTtlsPapAscii boolean	EapTtlsPapAscii flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
fiveG boolean	FiveG flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
id string	Id.
ise_debug boolean	Flag for Identity Services Engine SDK to enable debugging. Choices: :ansible-option-choices-entry-default:`false` ← (default) :ansible-option-choices-entry:`true`
ise_hostname string / required	The Identity Services Engine hostname.
ise_password string / required	The Identity Services Engine password to authenticate.
ise_single_request_timeout integer added in cisco.ise 3.0.0	Timeout (in seconds) for RESTful HTTP requests. Default: :ansible-option-default:`60`
ise_username string / required	The Identity Services Engine username to authenticate.
ise_uses_api_gateway boolean added in cisco.ise 1.1.0	Flag that informs the SDK whether to use the Identity Services Engine’s API Gateway to send requests. If it is true, it uses the ISE’s API Gateway and sends requests to https://{{ise_hostname}}. If it is false, it sends the requests to https://{{ise_hostname}}:{{port}}, where the port value depends on the Service used (ERS, Mnt, UI, PxGrid). Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry-default:`true` ← (default)
ise_uses_csrf_token boolean added in cisco.ise 3.0.0	Flag that informs the SDK whether we send the CSRF token to ISE’s ERS APIs. If it is True, the SDK assumes that your ISE CSRF Check is enabled. If it is True, it assumes you need the SDK to manage the CSRF token automatically for you. Choices: :ansible-option-choices-entry-default:`false` ← (default) :ansible-option-choices-entry:`true`
ise_verify boolean	Flag to enable or disable SSL certificate verification. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry-default:`true` ← (default)
ise_version string	Informs the SDK which version of Identity Services Engine to use. Default: :ansible-option-default:`"3.1\_Patch\_1"`
ise_wait_on_rate_limit boolean	Flag for Identity Services Engine SDK to enable automatic rate-limit handling. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry-default:`true` ← (default)
name string	Name.
peap dictionary	Allowedprotocols’s peap.
allowPeapEapGtc boolean	AllowPeapEapGtc flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowPeapEapGtcPwdChange boolean	The allowPeapEapGtcPwdChange is required only if allowPeapEapGtc is true, otherwise it must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowPeapEapGtcPwdChangeRetries dictionary	The allowPeapEapGtcPwdChangeRetries is required only if allowPeapEapGtc is true, otherwise it must be ignored. Valid range is 0-3.
allowPeapEapMsChapV2 boolean	AllowPeapEapMsChapV2 flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowPeapEapMsChapV2PwdChange boolean	The allowPeapEapMsChapV2PwdChange is required only if allowPeapEapMsChapV2 is true, otherwise it must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowPeapEapMsChapV2PwdChangeRetries dictionary	The allowPeapEapMsChapV2PwdChangeRetries is required only if allowPeapEapMsChapV2 is true, otherwise it must be ignored. Valid range is 0-3.
allowPeapEapTls boolean	AllowPeapEapTls flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowPeapEapTlsAuthOfExpiredCerts boolean	The allowPeapEapTlsAuthOfExpiredCerts is required only if allowPeapEapTls is true, otherwise it must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowPeapV0 boolean	AllowPeapV0 flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
requireCryptobinding boolean	RequireCryptobinding flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
preferredEapProtocol string	The preferredEapProtocol is required only if allowPreferredEapProtocol is true, otherwise it must be ignored. Allowed Values EAP_FAST, PEAP, LEAP, EAP_MD5, EAP_TLS, EAP_TTLS, TEAP.
processHostLookup boolean	ProcessHostLookup flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
requireMessageAuth boolean	RequireMessageAuth flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
rsaPss boolean	RsaPss flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
teap dictionary	Allowedprotocols’s teap.
acceptClientCertDuringTunnelEst boolean	AcceptClientCertDuringTunnelEst flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowDowngradeMsk boolean	AllowDowngradeMsk flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowTeapEapMsChapV2 boolean	AllowTeapEapMsChapV2 flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowTeapEapMsChapV2PwdChange boolean	The allowTeapEapMsChapV2PwdChange is required only if allowTeapEapMsChapV2 is true, otherwise it must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowTeapEapMsChapV2PwdChangeRetries dictionary	The allowTeapEapMsChapV2PwdChangeRetries is required only if allowTeapEapMsChapV2 is true, otherwise it must be ignored. Valid range is 0-3.
allowTeapEapTls boolean	AllowTeapEapTls flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
allowTeapEapTlsAuthOfExpiredCerts boolean	The allowTeapEapTlsAuthOfExpiredCerts is required only if allowTeapEapTls is true, otherwise it must be ignored. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
enableEapChaining boolean	EnableEapChaining flag. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`

Notes

Note

• SDK Method used are allowedprotocols.Allowedprotocols.create_allowedprotocols,

• Paths used are post /allowedprotocols/,

• Does not support check_mode

• The plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco ISE SDK

• The parameters starting with ise_ are used by the Cisco ISE Python SDK to establish the connection

Examples

---
- name: Create
  cisco.ise.allowedprotocols:
    ise_hostname: "{{ise_hostname}}"
    ise_username: "{{ise_username}}"
    ise_password: "{{ise_password}}"
    ise_verify: "{{ise_verify}}"
    state: present
    allowChap: false
    allowEapFast: true
    allowEapMd5: true
    allowEapTls: true
    allowEapTtls: true
    allowLeap: false
    allowMsChapV1: false
    allowMsChapV2: false
    allowPapAscii: true
    allowPeap: true
    allowPreferredEapProtocol: true
    allowTeap: true
    allowWeakCiphersForEap: false
    description: example allowed protocols
    displayAdditionalTLSParams: false
    eapFast:
      allowEapFastEapGtc: true
      allowEapFastEapGtcPwdChange: true
      allowEapFastEapGtcPwdChangeRetries: 1
      allowEapFastEapMsChapV2: true
      allowEapFastEapMsChapV2PwdChange: true
      allowEapFastEapMsChapV2PwdChangeRetries: 1
      allowEapFastEapTls: true
      allowEapFastEapTlsAuthOfExpiredCerts: false
      eapFastEnableEAPChaining: false
      eapFastUsePacs: true
      eapFastUsePacsAllowAnonymProvisioning: false
      eapFastUsePacsAllowAuthenProvisioning: false
      eapFastUsePacsAllowMachineAuthentication: false
      eapFastUsePacsStatelessSessionResume: false
      eapFastUsePacsTunnelPacTtl: 7776000
      eapFastUsePacsTunnelPacTtlUnits: SECONDS
      eapFastUsePacsUseProactivePacUpdatePrecentage: 10
    eapTls:
      allowEapTlsAuthOfExpiredCerts: false
      eapTlsEnableStatelessSessionResume: false
    eapTlsLBit: false
    eapTtls:
      eapTtlsChap: true
      eapTtlsEapMd5: true
      eapTtlsEapMsChapV2: true
      eapTtlsEapMsChapV2PwdChange: true
      eapTtlsEapMsChapV2PwdChangeRetries: 1
      eapTtlsMsChapV1: true
      eapTtlsMsChapV2: true
      eapTtlsPapAscii: true
    fiveG: false
    id: f75760e7-a4f9-40ef-93bb-88a97e9fb171
    name: allowedprotocols1
    peap:
      allowPeapEapGtc: false
      allowPeapEapMsChapV2: true
      allowPeapEapMsChapV2PwdChange: true
      allowPeapEapMsChapV2PwdChangeRetries: 1
      allowPeapEapTls: true
      allowPeapEapTlsAuthOfExpiredCerts: false
      allowPeapV0: false
      requireCryptobinding: false
    preferredEapProtocol: PEAP
    processHostLookup: true
    requireMessageAuth: false
    rsaPss: false
    teap:
      acceptClientCertDuringTunnelEst: true
      allowDowngradeMsk: true
      allowTeapEapMsChapV2: true
      allowTeapEapMsChapV2PwdChange: true
      allowTeapEapMsChapV2PwdChangeRetries: 3
      allowTeapEapTls: true
      allowTeapEapTlsAuthOfExpiredCerts: false
      enableEapChaining: false

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
ise_response list / elements=dictionary	A dictionary or list with the response returned by the Cisco ISE Python SDK Returned: always Sample: :ansible-rv-sample-value:`"[\\n {\\n \\"id\\": \\"string\\",\\n \\"name\\": \\"string\\",\\n \\"description\\": \\"string\\",\\n \\"link\\": {\\n \\"rel\\": \\"string\\",\\n \\"href\\": \\"string\\",\\n \\"type\\": \\"string\\"\\n }\\n }\\n]\\n"`

Authors

• Rafael Campos (@racampos)

Collection links

Issue Tracker Repository (Sources)