cisco.ise.allowed_protocols – Resource module for Allowed Protocols

Note

This plugin is part of the cisco.ise collection (version 1.0.2).

To install it use: ansible-galaxy collection install cisco.ise.

To use it in a playbook, specify: cisco.ise.allowed_protocols.

New in version 1.0.0: of cisco.ise

Synopsis

  • Manage operations create, update and delete of the resource Allowed Protocols.

Note

This module has a corresponding action plugin.

Requirements

The below requirements are needed on the host that executes this module.

  • ciscoisesdk

Parameters

Parameter Choices/Defaults Comments
allowChap
boolean
    Choices:
  • no
  • yes
AllowChap flag.
allowEapFast
boolean
    Choices:
  • no
  • yes
AllowEapFast flag.
allowEapMd5
boolean
    Choices:
  • no
  • yes
AllowEapMd5 flag.
allowEapTls
boolean
    Choices:
  • no
  • yes
AllowEapTls flag.
allowEapTtls
boolean
    Choices:
  • no
  • yes
AllowEapTtls flag.
allowLeap
boolean
    Choices:
  • no
  • yes
AllowLeap flag.
allowMsChapV1
boolean
    Choices:
  • no
  • yes
AllowMsChapV1 flag.
allowMsChapV2
boolean
    Choices:
  • no
  • yes
AllowMsChapV2 flag.
allowPapAscii
boolean
    Choices:
  • no
  • yes
AllowPapAscii flag.
allowPeap
boolean
    Choices:
  • no
  • yes
AllowPeap flag.
allowPreferredEapProtocol
boolean
    Choices:
  • no
  • yes
AllowPreferredEapProtocol flag.
allowTeap
boolean
    Choices:
  • no
  • yes
AllowTeap flag.
allowWeakCiphersForEap
boolean
    Choices:
  • no
  • yes
AllowWeakCiphersForEap flag.
description
string
Allowed Protocols's description.
eapFast
dictionary
The eapFast is required only if allowEapFast is true, otherwise it must be ignored. The object eapFast contains the settings for EAP FAST protocol.
allowEapFastEapGtc
boolean
    Choices:
  • no
  • yes
AllowEapFastEapGtc flag.
allowEapFastEapGtcPwdChange
boolean
    Choices:
  • no
  • yes
The allowEapFastEapGtcPwdChange is required only if allowEapFastEapGtc is true, otherwise it must be ignored.
allowEapFastEapGtcPwdChangeRetries
integer
The allowEapFastEapGtcPwdChangeRetries is required only if allowEapFastEapGtc is true, otherwise it must be ignored. Valid range is 0-3.
allowEapFastEapMsChapV2
boolean
    Choices:
  • no
  • yes
AllowEapFastEapMsChapV2 flag.
allowEapFastEapMsChapV2PwdChange
boolean
    Choices:
  • no
  • yes
The allowEapFastEapMsChapV2PwdChange is required only if allowEapFastEapMsChapV2 is true, otherwise it must be ignored.
allowEapFastEapMsChapV2PwdChangeRetries
integer
The allowEapFastEapMsChapV2PwdChangeRetries is required only if eapTtlsEapMsChapV2 is true, otherwise it must be ignored. Valid range is 0-3.
allowEapFastEapTls
boolean
    Choices:
  • no
  • yes
AllowEapFastEapTls flag.
allowEapFastEapTlsAuthOfExpiredCerts
boolean
    Choices:
  • no
  • yes
The allowEapFastEapTlsAuthOfExpiredCerts is required only if allowEapFastEapTls is true, otherwise it must be ignored.
eapFastDontUsePacsAcceptClientCert
boolean
    Choices:
  • no
  • yes
The eapFastDontUsePacsAcceptClientCert is required only if eapFastUsePacs is FALSE, otherwise it must be ignored.
eapFastDontUsePacsAllowMachineAuthentication
boolean
    Choices:
  • no
  • yes
The eapFastDontUsePacsAllowMachineAuthentication is required only if eapFastUsePacs is FALSE, otherwise it must be ignored.
eapFastEnableEAPChaining
boolean
    Choices:
  • no
  • yes
EapFastEnableEAPChaining flag.
eapFastUsePacs
boolean
    Choices:
  • no
  • yes
EapFastUsePacs flag.
eapFastUsePacsAcceptClientCert
boolean
    Choices:
  • no
  • yes
The eapFastUsePacsAcceptClientCert is required only if eapFastUsePacsAllowAuthenProvisioning is true, otherwise it must be ignored.
eapFastUsePacsAllowAnonymProvisioning
boolean
    Choices:
  • no
  • yes
The eapFastUsePacsAllowAnonymProvisioning is required only if eapFastUsePacs is true, otherwise it must be ignored.
eapFastUsePacsAllowAuthenProvisioning
boolean
    Choices:
  • no
  • yes
The eapFastUsePacsAllowAuthenProvisioning is required only if eapFastUsePacs is true, otherwise it must be ignored.
eapFastUsePacsAllowMachineAuthentication
boolean
    Choices:
  • no
  • yes
EapFastUsePacsAllowMachineAuthentication flag.
eapFastUsePacsAuthorizationPacTtl
integer
The eapFastUsePacsAuthorizationPacTtl is required only if eapFastUsePacsStatelessSessionResume is true, otherwise it must be ignored.
eapFastUsePacsAuthorizationPacTtlUnits
string
The eapFastUsePacsAuthorizationPacTtlUnits is required only if eapFastUsePacsStatelessSessionResume is true, otherwise it must be ignored. Allowed Values - SECONDS, - MINUTES, - HOURS, - DAYS, - WEEKS.
eapFastUsePacsMachinePacTtl
integer
The eapFastUsePacsMachinePacTtl is required only if eapFastUsePacsAllowMachineAuthentication is true, otherwise it must be ignored.
eapFastUsePacsMachinePacTtlUnits
string
The eapFastUsePacsMachinePacTtlUnits is required only if eapFastUsePacsAllowMachineAuthentication is true, otherwise it must be ignored. Allowed Values - SECONDS, - MINUTES, - HOURS, - DAYS, - WEEKS.
eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning
boolean
    Choices:
  • no
  • yes
The eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning is required only if eapFastUsePacsAllowAuthenProvisioning is true, otherwise it must be ignored.
eapFastUsePacsStatelessSessionResume
boolean
    Choices:
  • no
  • yes
The eapFastUsePacsStatelessSessionResume is required only if eapFastUsePacs is true, otherwise it must be ignored.
eapFastUsePacsTunnelPacTtl
integer
The eapFastUsePacsTunnelPacTtl is required only if eapFastUsePacs is true, otherwise it must be ignored.
eapFastUsePacsTunnelPacTtlUnits
string
The eapFastUsePacsTunnelPacTtlUnits is required only if eapFastUsePacs is true, otherwise it must be ignored. Allowed Values - SECONDS, - MINUTES, - HOURS, - DAYS, - WEEKS.
eapFastUsePacsUseProactivePacUpdatePrecentage
integer
The eapFastUsePacsUseProactivePacUpdatePrecentage is required only if eapFastUsePacs is true, otherwise it must be ignored.
eapTls
dictionary
The eapTls is required only if allowEapTls is true, otherwise it must be ignored. The object eapTls contains the settings for EAP TLS protocol.
allowEapTlsAuthOfExpiredCerts
boolean
    Choices:
  • no
  • yes
AllowEapTlsAuthOfExpiredCerts flag.
eapTlsEnableStatelessSessionResume
boolean
    Choices:
  • no
  • yes
EapTlsEnableStatelessSessionResume flag.
eapTlsSessionTicketPrecentage
integer
The eapTlsSessionTicketPrecentage is required only if eapTlsEnableStatelessSessionResume is true, otherwise it must be ignored.
eapTlsSessionTicketTtl
integer
Time to live. The eapTlsSessionTicketTtl is required only if eapTlsEnableStatelessSessionResume is true, otherwise it must be ignored.
eapTlsSessionTicketTtlUnits
string
Time to live time units. The eapTlsSessionTicketTtlUnits is required only if eapTlsEnableStatelessSessionResume is true, otherwise it must be ignored. Allowed Values - SECONDS, - MINUTES, - HOURS, - DAYS, - WEEKS.
eapTlsLBit
boolean
    Choices:
  • no
  • yes
EapTlsLBit flag.
eapTtls
dictionary
The eapTtls is required only if allowEapTtls is true, otherwise it must be ignored. The object eapTtls contains the settings for EAP TTLS protocol.
eapTtlsChap
boolean
    Choices:
  • no
  • yes
EapTtlsChap flag.
eapTtlsEapMd5
boolean
    Choices:
  • no
  • yes
EapTtlsEapMd5 flag.
eapTtlsEapMsChapV2
boolean
    Choices:
  • no
  • yes
EapTtlsEapMsChapV2 flag.
eapTtlsEapMsChapV2PwdChange
boolean
    Choices:
  • no
  • yes
The eapTtlsEapMsChapV2PwdChange is required only if eapTtlsEapMsChapV2 is true, otherwise it must be ignored.
eapTtlsEapMsChapV2PwdChangeRetries
integer
The eapTtlsEapMsChapV2PwdChangeRetries is required only if eapTtlsEapMsChapV2 is true, otherwise it must be ignored. Valid range is 0-3.
eapTtlsMsChapV1
boolean
    Choices:
  • no
  • yes
EapTtlsMsChapV1 flag.
eapTtlsMsChapV2
boolean
    Choices:
  • no
  • yes
EapTtlsMsChapV2 flag.
eapTtlsPapAscii
boolean
    Choices:
  • no
  • yes
EapTtlsPapAscii flag.
id
string
Resource UUID, Mandatory for update.
name
string
Resource Name.
peap
dictionary
Allowed Protocols's peap.
allowPeapEapGtc
boolean
    Choices:
  • no
  • yes
AllowPeapEapGtc flag.
allowPeapEapGtcPwdChange
boolean
    Choices:
  • no
  • yes
The allowPeapEapGtcPwdChange is required only if allowPeapEapGtc is true, otherwise it must be ignored.
allowPeapEapGtcPwdChangeRetries
integer
The allowPeapEapGtcPwdChangeRetries is required only if allowPeapEapGtc is true, otherwise it must be ignored. Valid range is 0-3.
allowPeapEapMsChapV2
boolean
    Choices:
  • no
  • yes
AllowPeapEapMsChapV2 flag.
allowPeapEapMsChapV2PwdChange
boolean
    Choices:
  • no
  • yes
The allowPeapEapMsChapV2PwdChange is required only if allowPeapEapMsChapV2 is true, otherwise it must be ignored.
allowPeapEapMsChapV2PwdChangeRetries
integer
The allowPeapEapMsChapV2PwdChangeRetries is required only if allowPeapEapMsChapV2 is true, otherwise it must be ignored. Valid range is 0-3.
allowPeapEapTls
boolean
    Choices:
  • no
  • yes
AllowPeapEapTls flag.
allowPeapEapTlsAuthOfExpiredCerts
boolean
    Choices:
  • no
  • yes
The allowPeapEapTlsAuthOfExpiredCerts is required only if allowPeapEapTls is true, otherwise it must be ignored.
allowPeapV0
boolean
    Choices:
  • no
  • yes
AllowPeapV0 flag.
requireCryptobinding
boolean
    Choices:
  • no
  • yes
RequireCryptobinding flag.
preferredEapProtocol
string
The preferredEapProtocol is required only if allowPreferredEapProtocol is true, otherwise it must be ignored. Allowed Values - EAP_FAST, - PEAP, - LEAP, - EAP_MD5, - EAP_TLS, - EAP_TTLS, - TEAP.
processHostLookup
boolean
    Choices:
  • no
  • yes
ProcessHostLookup flag.
requireMessageAuth
boolean
    Choices:
  • no
  • yes
RequireMessageAuth flag.
teap
dictionary
The teap is required only if allowTeap is true, otherwise it must be ignored. The object teap contains the settings for TEAP protocol.
acceptClientCertDuringTunnelEst
boolean
    Choices:
  • no
  • yes
AcceptClientCertDuringTunnelEst flag.
allowDowngradeMsk
boolean
    Choices:
  • no
  • yes
AllowDowngradeMsk flag.
allowTeapEapMsChapV2
boolean
    Choices:
  • no
  • yes
AllowTeapEapMsChapV2 flag.
allowTeapEapMsChapV2PwdChange
boolean
    Choices:
  • no
  • yes
The allowTeapEapMsChapV2PwdChange is required only if allowTeapEapMsChapV2 is true, otherwise it must be ignored.
allowTeapEapMsChapV2PwdChangeRetries
integer
The allowTeapEapMsChapV2PwdChangeRetries is required only if allowTeapEapMsChapV2 is true, otherwise it must be ignored. Valid range is 0-3.
allowTeapEapTls
boolean
    Choices:
  • no
  • yes
AllowTeapEapTls flag.
allowTeapEapTlsAuthOfExpiredCerts
boolean
    Choices:
  • no
  • yes
The allowTeapEapTlsAuthOfExpiredCerts is required only if allowTeapEapTls is true, otherwise it must be ignored.
enableEapChaining
boolean
    Choices:
  • no
  • yes
EnableEapChaining flag.

See Also

See also

Allowed Protocols reference

Complete reference of the Allowed Protocols object model.

Examples

- name: Update by id
  cisco.ise.allowed_protocols:
    ise_hostname: "{{ise_hostname}}"
    ise_username: "{{ise_username}}"
    ise_password: "{{ise_password}}"
    ise_verify: "{{ise_verify}}"
    state: present
    allowChap: true
    allowEapFast: true
    allowEapMd5: true
    allowEapTls: true
    allowEapTtls: true
    allowLeap: true
    allowMsChapV1: true
    allowMsChapV2: true
    allowPapAscii: true
    allowPeap: true
    allowPreferredEapProtocol: true
    allowTeap: true
    allowWeakCiphersForEap: true
    description: string
    eapFast:
      allowEapFastEapGtc: true
      allowEapFastEapGtcPwdChange: true
      allowEapFastEapGtcPwdChangeRetries: 0
      allowEapFastEapMsChapV2: true
      allowEapFastEapMsChapV2PwdChange: true
      allowEapFastEapMsChapV2PwdChangeRetries: 0
      allowEapFastEapTls: true
      allowEapFastEapTlsAuthOfExpiredCerts: true
      eapFastDontUsePacsAcceptClientCert: true
      eapFastDontUsePacsAllowMachineAuthentication: true
      eapFastEnableEAPChaining: true
      eapFastUsePacs: true
      eapFastUsePacsAcceptClientCert: true
      eapFastUsePacsAllowAnonymProvisioning: true
      eapFastUsePacsAllowAuthenProvisioning: true
      eapFastUsePacsAllowMachineAuthentication: true
      eapFastUsePacsAuthorizationPacTtl: 0
      eapFastUsePacsAuthorizationPacTtlUnits: string
      eapFastUsePacsMachinePacTtl: 0
      eapFastUsePacsMachinePacTtlUnits: string
      eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning: true
      eapFastUsePacsStatelessSessionResume: true
      eapFastUsePacsTunnelPacTtl: 0
      eapFastUsePacsTunnelPacTtlUnits: string
      eapFastUsePacsUseProactivePacUpdatePrecentage: 0
    eapTls:
      allowEapTlsAuthOfExpiredCerts: true
      eapTlsEnableStatelessSessionResume: true
      eapTlsSessionTicketPrecentage: 0
      eapTlsSessionTicketTtl: 0
      eapTlsSessionTicketTtlUnits: string
    eapTlsLBit: true
    eapTtls:
      eapTtlsChap: true
      eapTtlsEapMd5: true
      eapTtlsEapMsChapV2: true
      eapTtlsEapMsChapV2PwdChange: true
      eapTtlsEapMsChapV2PwdChangeRetries: 0
      eapTtlsMsChapV1: true
      eapTtlsMsChapV2: true
      eapTtlsPapAscii: true
    id: string
    name: string
    peap:
      allowPeapEapGtc: true
      allowPeapEapGtcPwdChange: true
      allowPeapEapGtcPwdChangeRetries: 0
      allowPeapEapMsChapV2: true
      allowPeapEapMsChapV2PwdChange: true
      allowPeapEapMsChapV2PwdChangeRetries: 0
      allowPeapEapTls: true
      allowPeapEapTlsAuthOfExpiredCerts: true
      allowPeapV0: true
      requireCryptobinding: true
    preferredEapProtocol: string
    processHostLookup: true
    requireMessageAuth: true
    teap:
      acceptClientCertDuringTunnelEst: true
      allowDowngradeMsk: true
      allowTeapEapMsChapV2: true
      allowTeapEapMsChapV2PwdChange: true
      allowTeapEapMsChapV2PwdChangeRetries: 0
      allowTeapEapTls: true
      allowTeapEapTlsAuthOfExpiredCerts: true
      enableEapChaining: true

- name: Delete by id
  cisco.ise.allowed_protocols:
    ise_hostname: "{{ise_hostname}}"
    ise_username: "{{ise_username}}"
    ise_password: "{{ise_password}}"
    ise_verify: "{{ise_verify}}"
    state: absent
    id: string

- name: Create
  cisco.ise.allowed_protocols:
    ise_hostname: "{{ise_hostname}}"
    ise_username: "{{ise_username}}"
    ise_password: "{{ise_password}}"
    ise_verify: "{{ise_verify}}"
    state: present
    allowChap: true
    allowEapFast: true
    allowEapMd5: true
    allowEapTls: true
    allowEapTtls: true
    allowLeap: true
    allowMsChapV1: true
    allowMsChapV2: true
    allowPapAscii: true
    allowPeap: true
    allowPreferredEapProtocol: true
    allowTeap: true
    allowWeakCiphersForEap: true
    description: string
    eapFast:
      allowEapFastEapGtc: true
      allowEapFastEapGtcPwdChange: true
      allowEapFastEapGtcPwdChangeRetries: 0
      allowEapFastEapMsChapV2: true
      allowEapFastEapMsChapV2PwdChange: true
      allowEapFastEapMsChapV2PwdChangeRetries: 0
      allowEapFastEapTls: true
      allowEapFastEapTlsAuthOfExpiredCerts: true
      eapFastDontUsePacsAcceptClientCert: true
      eapFastDontUsePacsAllowMachineAuthentication: true
      eapFastEnableEAPChaining: true
      eapFastUsePacs: true
      eapFastUsePacsAcceptClientCert: true
      eapFastUsePacsAllowAnonymProvisioning: true
      eapFastUsePacsAllowAuthenProvisioning: true
      eapFastUsePacsAllowMachineAuthentication: true
      eapFastUsePacsAuthorizationPacTtl: 0
      eapFastUsePacsAuthorizationPacTtlUnits: string
      eapFastUsePacsMachinePacTtl: 0
      eapFastUsePacsMachinePacTtlUnits: string
      eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning: true
      eapFastUsePacsStatelessSessionResume: true
      eapFastUsePacsTunnelPacTtl: 0
      eapFastUsePacsTunnelPacTtlUnits: string
      eapFastUsePacsUseProactivePacUpdatePrecentage: 0
    eapTls:
      allowEapTlsAuthOfExpiredCerts: true
      eapTlsEnableStatelessSessionResume: true
      eapTlsSessionTicketPrecentage: 0
      eapTlsSessionTicketTtl: 0
      eapTlsSessionTicketTtlUnits: string
    eapTlsLBit: true
    eapTtls:
      eapTtlsChap: true
      eapTtlsEapMd5: true
      eapTtlsEapMsChapV2: true
      eapTtlsEapMsChapV2PwdChange: true
      eapTtlsEapMsChapV2PwdChangeRetries: 0
      eapTtlsMsChapV1: true
      eapTtlsMsChapV2: true
      eapTtlsPapAscii: true
    name: string
    peap:
      allowPeapEapGtc: true
      allowPeapEapGtcPwdChange: true
      allowPeapEapGtcPwdChangeRetries: 0
      allowPeapEapMsChapV2: true
      allowPeapEapMsChapV2PwdChange: true
      allowPeapEapMsChapV2PwdChangeRetries: 0
      allowPeapEapTls: true
      allowPeapEapTlsAuthOfExpiredCerts: true
      allowPeapV0: true
      requireCryptobinding: true
    preferredEapProtocol: string
    processHostLookup: true
    requireMessageAuth: true
    teap:
      acceptClientCertDuringTunnelEst: true
      allowDowngradeMsk: true
      allowTeapEapMsChapV2: true
      allowTeapEapMsChapV2PwdChange: true
      allowTeapEapMsChapV2PwdChangeRetries: 0
      allowTeapEapTls: true
      allowTeapEapTlsAuthOfExpiredCerts: true
      enableEapChaining: true

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
ise_response
dictionary
always
A dictionary or list with the response returned by the Cisco ISE Python SDK

Sample:
{ "UpdatedFieldsList": { "updatedField": { "field": "string", "oldValue": "string", "newValue": "string" }, "field": "string", "oldValue": "string", "newValue": "string" } }


Authors

  • Rafael Campos (@racampos)