:source: fortios_switch_controller_security_policy_802_1x.py
:orphan:
.. fortios_switch_controller_security_policy_802_1x:
fortios_switch_controller_security_policy_802_1x -- Configure 802.1x MAC Authentication Bypass (MAB) policies in Fortinet's FortiOS and FortiGate.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.. versionadded:: 2.0.0
.. contents::
:local:
:depth: 1
Synopsis
--------
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify switch_controller_security_policy feature and 802_1x category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
------------
The below requirements are needed on the host that executes this module.
- ansible>=2.16
Tips
----
Using member operation to add an element to an existing object.
FortiOS Version Compatibility
-----------------------------
Supported Version Ranges: v6.0.0 -> v7.6.6
Parameters
----------
.. raw:: html
access_token - Token-based authentication. Generated from GUI of Fortigate. type: strrequired: false
enable_log - Enable/Disable logging for task. type: boolrequired: falsedefault: False
vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: strdefault: root
member_path - Member attribute path to operate on. type: str
member_state - Add or delete a member under specified attribute path. type: strchoices: present, absent
state - Indicates whether to create or remove the object. type: strrequired: truechoices: present, absent
authserver_timeout_period - Authentication server timeout period (3 - 15 sec). type: int more...
Supported Version Ranges
authserver_timeout_period
v6.4.4 -> 7.6.6
authserver_timeout_tagged - Configure timeout option for the tagged VLAN which allows limited access when the authentication server is unavailable. type: strchoices: disable, lldp-voice, static more...
Supported Version Ranges
authserver_timeout_tagged
v7.4.4 -> 7.6.6
[disable]
v7.4.4 -> 7.6.6
[lldp-voice]
v7.4.4 -> 7.6.6
[static]
v7.4.4 -> 7.6.6
authserver_timeout_tagged_vlanid - Tagged VLAN name for which the timeout option is applied to (only one VLAN ID). Source system.interface.name. type: str more...
Supported Version Ranges
authserver_timeout_tagged_vlanid
v7.4.4 -> 7.6.6
authserver_timeout_vlan - Enable/disable the authentication server timeout VLAN to allow limited access when RADIUS is unavailable. type: strchoices: disable, enable more...
eap_passthru - Enable/disable EAP pass-through mode, allowing protocols (such as LLDP) to pass through ports for more flexible authentication. type: strchoices: disable, enable more...
Supported Version Ranges
eap_passthru
v6.0.0 -> 7.6.6
[disable]
v6.0.0 -> 7.6.6
[enable]
v6.0.0 -> 7.6.6
framevid_apply - Enable/disable the capability to apply the EAP/MAB frame VLAN to the port native VLAN. type: strchoices: disable, enable more...
radius_timeout_overwrite - Enable to override the global RADIUS session timeout. type: strchoices: disable, enable more...
Supported Version Ranges
radius_timeout_overwrite
v6.0.0 -> 7.6.6
[disable]
v6.0.0 -> 7.6.6
[enable]
v6.0.0 -> 7.6.6
security_mode - Port or MAC based 802.1X security mode. type: strchoices: 802.1X, 802.1X-mac-based more...
Supported Version Ranges
security_mode
v6.0.0 -> 7.6.6
[802.1X]
v6.0.0 -> 7.6.6
[802.1X-mac-based]
v6.0.0 -> 7.6.6
user_group - Name of user-group to assign to this MAC Authentication Bypass (MAB) policy. type: listmember_path: user_group:name more...
Supported Version Ranges
user_group
v6.0.0 -> 7.6.6
name - Group name. Source user.group.name. type: strrequired: true more...
Supported Version Ranges
name
v6.0.0 -> 7.6.6
Notes
-----
.. note::
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
- The module supports check_mode.
Examples
--------
.. code-block:: yaml+jinja
- name: Configure 802.1x MAC Authentication Bypass (MAB) policies.
fortinet.fortios.fortios_switch_controller_security_policy_802_1x:
vdom: "{{ vdom }}"
state: "present"
access_token: ""
switch_controller_security_policy_802_1x:
auth_fail_vlan: "disable"
auth_fail_vlan_id: " (source system.interface.name)"
auth_fail_vlanid: "32767"
auth_order: "dot1x-mab"
auth_priority: "legacy"
authserver_timeout_period: "3"
authserver_timeout_tagged: "disable"
authserver_timeout_tagged_vlanid: " (source system.interface.name)"
authserver_timeout_vlan: "disable"
authserver_timeout_vlanid: " (source system.interface.name)"
dacl: "disable"
eap_auto_untagged_vlans: "disable"
eap_passthru: "disable"
framevid_apply: "disable"
guest_auth_delay: "30"
guest_vlan: "disable"
guest_vlan_id: " (source system.interface.name)"
guest_vlanid: "32767"
mac_auth_bypass: "disable"
name: "default_name_22"
open_auth: "disable"
policy_type: "802.1X"
radius_timeout_overwrite: "disable"
security_mode: "802.1X"
user_group:
-
name: "default_name_28 (source user.group.name)"
Return Values
-------------
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
.. raw:: html
build - Build number of the fortigate image returned: alwaystype: strsample: 1547
http_method - Last method used to provision the content into FortiGate returned: alwaystype: strsample: PUT
http_status - Last result given by FortiGate on last operation applied returned: alwaystype: strsample: 200
mkey - Master key (id) used in the last call to FortiGate returned: successtype: strsample: id
name - Name of the table used to fulfill the request returned: alwaystype: strsample: urlfilter
path - Path of the table used to fulfill the request returned: alwaystype: strsample: webfilter
revision - Internal revision number returned: alwaystype: strsample: 17.0.2.10658
serial - Serial number of the unit returned: alwaystype: strsample: FGVMEVYYQT3AB5352
status - Indication of the operation's result returned: alwaystype: strsample: success
vdom - Virtual domain used returned: alwaystype: strsample: root
version - Version of the FortiGate returned: alwaystype: strsample: v5.6.3
Status
------
- This module is not guaranteed to have a backwards compatible interface.
Authors
-------
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
.. hint::
If you notice any issues in this documentation, you can create a pull request to improve it.