ciscopuppet

Table of Contents

1. Module Description
2. Setup
   • Puppet Master
   • Puppet Agent
     • Puppet Agent Authentication
   • Puppet Device (Agentless)
     • Getting Started with Puppet Device
3. Example Manifests
4. Resource Reference
   • Resource Type Catalog (by Technology)
   • Resource Type Catalog (by Name)
   • Resource Platform Support Matrix
5. Documentation Guide

Module Description

The ciscopuppet module allows a network administrator to manage Cisco Nexus Network Elements using Puppet. This module bundles a set of Puppet Types, Providers, Beaker Tests, Sample Manifests and Installation Tools for effective network management. The resources and capabilities provided by this Puppet Module will grow with contributions from Cisco, Puppet Labs and the open source community.

The Cisco Nexus Network Elements and Operating Systems managed by this Puppet Module are continuously expanding. See Resource Platform Support Matrix for a list of currently supported hardware and software.

This GitHub repository contains the latest version of the ciscopuppet module source code. Supported versions of the ciscopuppet module are available at Puppet Forge. Please refer to [SUPPORT.md][MAINT-2] for additional details.

Dependencies

The ciscopuppet module has a dependency on the cisco_node_utils and the puppet-resource_api Ruby gem. See the Setup section that follows for more information on cisco_node_utils and puppet-resource_api.

The NXAPI feature will need to be enabled on the device in order for the ciscopuppet module to be able to manage the device.

Contributing

Contributions to the ciscopuppet module are welcome. See [CONTRIBUTING.md][DEV-1] for guidelines.

Setup

Before getting started with the setup needed to manage Cisco Nexus Network Elements using Puppet choose one of the following workflows.

• Puppet Agentless (Manage devices over a remote proxy connection)
• Puppet Agent (Manage devices by installing an agent directly onto the device)

Version 2.0.0 of this module introduces the ability to manage Cisco Nexus devices without the need to install an agent directly onto the device. This option is not available for ciscopuppet module version 1.10.0 and earlier.

Puppet Master

‼️REQUIRED FOR BOTH AGENTLESS and AGENT WORKFLOWS ‼️

The ciscopuppet module must be installed on the Puppet Master server.

puppet module install puppetlabs-ciscopuppet

The module dependencies listed below will be installed automatically. For more information on Puppet module installation see Puppet Labs: Installing Modules

The puppetlabs-netdev-stdlib module

The puppetlabs-resource_api module

On each puppetserver or PE master that needs to serve catalogs for NX-OS devices, classify or apply the ciscopuppet::server class. Using this class assumes that your puppetserver or PE Master is managed by Puppet.

Puppet Agent (LTS)

‼️NOT REQUIRED FOR AGENTLESS WORKFLOW ‼️

The Puppet Agent requires installation and setup on each device. Agent setup can be performed as a manual process or it may be automated. For more information please see the [README-agent-install.md][USER-1] document for detailed instructions on agent installation and configuration on Cisco Nexus devices.

The cisco_node_utils Ruby Gem

The cisco_node_utils Ruby gem is a required component of the ciscopuppet module. This gem contains platform APIs for interfacing between Cisco CLI and Puppet resources. The gem can be automatically installed by Puppet agent by using the ciscopuppet::agent class. Automatic dependency installs are preferred; manual gem installs should be reserved for exceptional circumstances.

The puppet-resource_api Ruby Gem

The puppet-resource_api Ruby gem is a required component of the ciscopuppet module. The gem can be automatically installed by a Puppet agent by using the ciscopuppet::agent class. Automatic dependency installs are preferred; manual gem installs should be reserved for exceptional circumstances.

Automatic Gem Install Using ciscopuppet::agent

• The ciscopuppet::agent class is defined in the agent.pp file in the manifests subdirectory.

• Update site.pp to use the install class

Example

node 'n9k' {
  include ciscopuppet::agent
}

The preceding configuration will cause the next puppet agent run to automatically download the current cisco_node_utils and puppet-resource_api gems from https://rubygems.org/ and install them on the node.

Optional Parameters for ciscopuppet::install

• Override the default rubygems repository to use a custom repository
• Provide a proxy server

Example

node 'n9k' {
  class {'ciscopuppet::agent':
    repo  => 'http://gemserver.domain.com:8808',
    proxy => 'http://proxy.domain.com:8080',
  }
}

Gem Persistence

Once installed, the gems will remain persistent across system reloads within the Guestshell or OAC environments; however, the bash-shell environment does not share this persistent behavior, in which case the ciscopuppet::agent class automatically downloads and re-installs the gem after each system reload.

See General Documentation for information on Guestshell and OAC.

Puppet Agent Authentication

Puppet makes use of the nxos admin user by default for all types in this module. If a different user is required for puppet agent runs then the following procedure can be used to override admin with the desired user.

NOTE: The user you select must already be configured on your device with the role network-admin.

First create a different user with the role network-admin.

config term
  username puppetuser password puppet role network-admin
end

Next create a file called cisco_node_utils.yaml under the modules/ciscopuppet/files directory on the puppet server and add a cookie puppetuser:local under the default: yaml key.

puppetserver:> cat /etc/puppetlabs/code/environments/production/modules/ciscopuppet/files/cisco_node_utils.yaml
default:
  cookie: 'puppetuser:local'
puppetserver:>

Now create and apply the following manifest on your nxos devices.

  $cookie_src = "puppet:///modules/ciscopuppet/cisco_node_utils.yaml"
  $cookie_tgt = "/${::identity['user']}/cisco_node_utils.yaml"

  file { $cookie_tgt :
    ensure => file,
    source => $cookie_src,
    owner  => 'root',
    group  => 'root',
    mode   => 'ug+rwx',
  }

Puppet Device (Agentless)

‼️NOT REQUIRED FOR AGENT WORKFLOW ‼️

The module (version 2.0.0 or later) supports remote management through the usage of puppet device, which communicates with the device remotely via the nxapi through HTTP/HTTPS. In order to use the ciscopuppet module agentlessly then the following dependencies will need to be met.

The cisco_node_utils Ruby Gem

The cisco_node_utils Ruby gem is a required component of the ciscopuppet module. This gem contains platform APIs for interfacing between Cisco CLI and Puppet resources. The gem will need to be installed on any Puppet agent which will be managing a NX-OS device. It can be automatically installed by Puppet by using the ciscopuppet::proxy class. Automatic gem installs are preferred; manual gem installs should be reserved for exceptional circumstances.

The puppet-resource_api Ruby Gem

The puppet-resource_api Ruby gem is a required component of the ciscopuppet module. The gem will need to be installed on any Puppet agent which will be managing a NX-OS device. It can be automatically installed by Puppet by using the ciscopuppet::proxy class. Automatic gem installs are preferred; manual gem installs should be reserved for exceptional circumstances.

The net_http_unix Ruby Gem

The net_http_unix Ruby gem is a required component of the ciscopuppet module. The gem will need to be installed on any Puppet agent which will be managing a NX-OS device. It can be automatically installed by Puppet by using the ciscopuppet::proxy class. Automatic gem installs are preferred; manual gem installs should be reserved for exceptional circumstances.

Getting started with remote management (puppet device)

To get started, create or edit /etc/puppetlabs/puppet/device.conf, add a section for the device (this will become the device's certname), specify a type of cisco_nexus, and specify a url to a credentials file. For example:

[cisco.example.com]
type cisco_nexus
url file:////etc/puppetlabs/puppet/devices/cisco.example.com.conf

Next, create a credentials file. See the HOCON documentation for information on quoted/unquoted strings and connecting the device.

host: cisco.nexus.net
user: admin
password: admin
port: 8280
transport: http

Alternatively devices can be managed through the puppetlabs-device_manager module, for example:

node 'proxy-agent' {
  device_manager { 'cisco.example.com':
    type => 'cisco_nexus',
    credentials => {
      host => 'cisco.example.com',
      user => 'admin',
      password => 'admin',
      port => 8280,
      transport => 'http',
    }
  }
}

Test your setup and get the certificate signed:

puppet device --verbose --target cisco.example.com

See the puppet device documentation

Please note:: In order for the NX-OS device to be managed then the nxapi feature will need enabled on the device and the selected ports for HTTP/HTTPS will need to be accessible by the proxy-agent choosen to manage the device.

‼️AGENTLESS AND AGENT WORKFLOWS ‼️

For additiona details on agentless and agent based configuration see the following guide

Example Manifests

OSPF Example Manifest

The following example demonstrates how to define a manifest that uses ciscopuppet to configure OSPF on a Cisco Nexus switch. Three resource types are used to define an OSPF instance, basic OSPF router settings, and OSPF interface settings:

• cisco_ospf
• cisco_ospf_vrf
• cisco_interface_ospf

The first manifest type should define the router instance using cisco_ospf. The title 'Sample' becomes the router instance name.

cisco_ospf {"Sample":
   ensure => present,
}

The next type to define is cisco_ospf_vrf. The title includes the OSPF router instance name and the VRF name. Note that a non-VRF configuration uses 'default' as the VRF name.

cisco_ospf_vrf {"Sample default":
   ensure => 'present',
   default_metric => '5',
   auto_cost => '46000',
}

Finally, define the OSPF interface settings. The title here includes the Interface name and the OSPF router instance name.

cisco_interface_ospf {"Ethernet1/2 Sample":
   ensure => present,
   area => 200,
   cost => "200",
}

Resource Reference

The following resources include cisco types and providers along with cisco provider support for netdev stdlib types. Installing the ciscopuppet module will install both the ciscopuppet and netdev_stdlib modules.

Resource Type Catalog (by Technology)

• Miscellaneous Types

  • [banner](#type-banner)
  • [cisco_command_config](#type-cisco_command_config)
  • [cisco_vdc](#type-cisco_vdc)
  • [cisco_upgrade](#type-cisco_upgrade)

• AAA Types

  • [cisco_aaa_authentication_login](#type-cisco_aaa_authentication_login)
  • [cisco_aaa_authorization_login_cfg_svc](#type-cisco_aaa_authorization_login_cfg_svc)
  • [cisco_aaa_authorization_login_exec_svc](#type-cisco_aaa_authorization_login_exec_svc)
  • [cisco_aaa_group_tacacs](#type-cisco_aaa_group_tacacs)

• ACL Types

  • [cisco_ace](#type-cisco_ace)
  • [cisco_acl](#type-cisco_acl)

• BFD Types

  • [cisco_bfd_global](#type-cisco_bfd_global)

• BGP Types

  • [cisco_vrf](#type-cisco_vrf)
  • [cisco_vrf_af](#type-cisco_vrf_af)
  • [cisco_bgp](#type-cisco_bgp)
  • [cisco_bgp_af](#type-cisco_bgp_af)
  • [cisco_bgp_af_aa](#type-cisco_bgp_af_aa)
  • [cisco_bgp_neighbor](#type-cisco_bgp_neighbor)
  • [cisco_bgp_neighbor_af](#type-cisco_bgp_neighbor_af)

• Bridge_Domain Types

  • [cisco_bridge_domain](#type-cisco_bridge_domain)
  • [cisco_bridge_domain_vni](#type-cisco_bridge_domain_vni)

• DHCP Types

  • [cisco_dhcp_relay_global](#type-cisco_dhcp_relay_global)

• Domain Types

  • [domain_name (netdev_stdlib)](#type-domain_name)
  • [name_server (netdev_stdlib)](#type-name_server)
  • [network_dns (netdev_stdlib)](#type-network_dns)
  • [search_domain (netdev_stdlib)](#type-search_domain)

• EVPN Multisite Types

  • [cisco_evpn_multisite](#type-cisco_evpn_multisite)
  • [cisco_evpn_stormcontrol](#type-cisco_evpn_stormcontrol)
  • [cisco_interface_evpn_multisite](#type-cisco_interface_evpn_multisite)

• Fabricpath Types

  • [cisco_fabricpath_global](#type-cisco_fabricpath_global)
  • [cisco_fabricpath_topology](#type-cisco_fabricpath_topology)

• HSRP Types

  • [cisco_hsrp_global](#type-cisco_hsrp_global)
  • [cisco_interface_hsrp_group](#type-cisco_interface_hsrp_group)

• Interface Types

  • [cisco_interface](#type-cisco_interface)
  • [cisco_interface_channel_group](#type-cisco_interface_channel_group)
  • [cisco_interface_ospf](#type-cisco_interface_ospf)
  • [cisco_interface_portchannel](#type-cisco_interface_portchannel)
  • [cisco_interface_service_vni](#type-cisco_interface_service_vni)
  • [network_interface (netdev_stdlib)](#type-network_interface)

• ITD (Intelligent Traffic Director) Types

  • [cisco_itd_device_group](#type-cisco_itd_device_group)
  • [cisco_itd_device_group_node](#type-cisco_itd_device_group_node)
  • [cisco_itd_service](#type-cisco_itd_service)

• Multicast Types

  • [cisco_pim](#type-cisco_pim)
  • [cisco_pim_grouplist](#type-cisco_pim_grouplist)
  • [cisco_pim_rp_address](#type-cisco_pim_rp_address)

• NTP Types

  • [ntp_auth_key (netdev_stdlib)](#type-ntp_auth_key)
  • [ntp_config (netdev_stdlib)](#type-ntp_config)
  • [ntp_server (netdev_stdlib)](#type-ntp_server)

• ObjectGroup Types

  • [cisco_object_group](#type-cisco_object_group)
  • [cisco_object_group_entry](#type-cisco_object_group_entry)

• OSPF Types

  • [cisco_vrf](#type-cisco_vrf)
  • [cisco_ospf](#type-cisco_ospf)
  • [cisco_ospf_area](#type-cisco_ospf_area)
  • [cisco_ospf_area_vlink](#type-cisco_ospf_area_vlink)
  • [cisco_ospf_vrf](#type-cisco_ospf_vrf)
  • [cisco_interface_ospf](#type-cisco_interface_ospf)

• Portchannel Types

  • [cisco_interface_channel_group](#type-cisco_interface_channel_group)
  • [cisco_interface_portchannel](#type-cisco_interface_portchannel)
  • [cisco_portchannel_global](#type-cisco_portchannel_global)
  • [port_channel (netdev_stdlib)](#type-port_channel)

• RADIUS Types

  • [radius (netdev_stdlib)](#type-radius)
  • [radius_global (netdev_stdlib)](#type-radius_global)
  • [radius_server (netdev_stdlib)](#type-radius_server)
  • [radius_server_group (netdev_stdlib)](#type-radius_server_group)

• RouteMap Types

  • [cisco_route_map](#type-cisco_route_map)

• STP Types

  • [cisco_stp_global](#type-cisco_stp_global)

• SNMP Types

  • [cisco_snmp_community](#type-cisco_snmp_community)
  • [cisco_snmp_group](#type-cisco_snmp_group)
  • [cisco_snmp_server](#type-cisco_snmp_server)
  • [cisco_snmp_user](#type-cisco_snmp_user)
  • [network_snmp (netdev_stdlib)](#type-network_snmp)
  • [snmp_community (netdev_stdlib)](#type-snmp_community)
  • [snmp_notification (netdev_stdlib)](#type-snmp_notification)
  • [snmp_notification_receiver (netdev_stdlib)](#type-snmp_notification_receiver)
  • [snmp_user (netdev_stdlib)](#type-snmp_user)

• SYSLOG Types

  • [syslog_facility (netdev_stdlib)](#type-syslog_facility)
  • [syslog_server (netdev_stdlib)](#type-syslog_server)
  • [syslog_settings (netdev_stdlib)](#type-syslog_settings)

• TACACS Types

  • [cisco_tacacs_server](#type-cisco_tacacs_server)
  • [cisco_tacacs_server_host](#type-cisco_tacacs_server_host)
  • [tacacs (netdev_stdlib)](#type-tacacs)
  • [tacacs_global (netdev_stdlib)](#type-tacacs_global)
  • [tacacs_server (netdev_stdlib)](#type-tacacs_server)
  • [tacacs_server_group (netdev_stdlib)](#type-tacacs_server_group)

• TRM Types

  • [cisco_evpn_multicast](#type-cisco_evpn_multicast)
  • [cisco_ip_multicast](#type-cisco_ip_multicast)

• VLAN Types

  • [cisco_vlan](#type-cisco_vlan)
  • [cisco_vtp](#type-cisco_vtp)
  • [network_trunk (netdev_stdlib)](#type-network_trunk)
  • [network_vlan (netdev_stdlib)](#type-network_vlan)

• VPC Types

  • [cisco_vpc_domain](#type-cisco_vpc_domain)

• VRF Types

  • [cisco_vrf](#type-cisco_vrf)
  • [cisco_vrf_af](#type-cisco_vrf_af)

• VNI Types

  • [cisco_interface_service_vni](#type-cisco_interface_service_vni)
  • [cisco_vni](#type-cisco_vni)
  • [cisco_encapsulation](#type-cisco_encapsulation)

• VXLAN Types

  • [cisco_evpn_vni](#type-cisco_evpn_vni)
  • [cisco_overlay_global](#type-cisco_overlay_global)
  • [cisco_vxlan_vtep](#type-cisco_vxlan_vtep)
  • [cisco_vxlan_vtep_vni](#type-cisco_vxlan_vtep_vni)

--

Cisco Resource Type Catalog (by Name)

• [cisco_command_config](#type-cisco_command_config)
• [cisco_aaa_authentication_login](#type-cisco_aaa_authentication_login)
• [cisco_aaa_authorization_login_cfg_svc](#type-cisco_aaa_authorization_login_cfg_svc)
• [cisco_aaa_authorization_login_exec_svc](#type-cisco_aaa_authorization_login_exec_svc)
• [cisco_aaa_group_tacacs](#type-cisco_aaa_group_tacacs)
• [cisco_acl](#type-cisco_acl)
• [cisco_ace](#type-cisco_ace)
• [cisco_bfd_global](#type-cisco_bfd_global)
• [cisco_bgp](#type-cisco_bgp)
• [cisco_bgp_af](#type-cisco_bgp_af)
• [cisco_bgp_af_aa](#type-cisco_bgp_af_aa)
• [cisco_bgp_neighbor](#type-cisco_bgp_neighbor)
• [cisco_bgp_neighbor_af](#type-cisco_bgp_neighbor_af)
• [cisco_bridge_domain](#type-cisco_bridge_domain)
• [cisco_bridge_domain_vni](#type-cisco_bridge_domain_vni)
• [cisco_dhcp_relay_global](#type-cisco_dhcp_relay_global)
• [cisco_encapsulation](#type-cisco_encapsulation)
• [cisco_evpn_multicast](#type-cisco_evpn_multicast)
• [cisco_evpn_multisite](#type-cisco_evpn_multisite)
• [cisco_evpn_stormcontrol](#type-cisco_evpn_stormcontrol)
• [cisco_evpn_vni](#type-cisco_evpn_vni)
• [cisco_fabricpath_global](#type-cisco_fabricpath_global)
• [cisco_fabricpath_topology](#type-cisco_fabricpath_topology)
• [cisco_hsrp_global](#type-cisco_hsrp_global)
• [cisco_interface](#type-cisco_interface)
• [cisco_interface_channel_group](#type-cisco_interface_channel_group)
• [cisco_interface_evpn_multisite](#type-cisco_interface_evpn_multisite)
• [cisco_interface_hsrp_group](#type-cisco_interface_hsrp_group)
• [cisco_interface_ospf](#type-cisco_interface_ospf)
• [cisco_interface_portchannel](#type-cisco_interface_portchannel)
• [cisco_interface_service_vni](#type-cisco_interface_service_vni)
• [cisco_ip_multicast](#type-cisco_ip_multicast)
• [cisco_itd_device_group](#type-cisco_itd_device_group)
• [cisco_itd_device_group_node](#type-cisco_itd_device_group_node)
• [cisco_itd_service](#type-cisco_itd_service)
• [cisco_object_group](#type-cisco_object_group)
• [cisco_object_group_entry](#type-cisco_object_group_entry)
• [cisco_ospf](#type-cisco_ospf)
• [cisco_ospf_area](#type-cisco_ospf_area)
• [cisco_ospf_area_vlink](#type-cisco_ospf_area_vlink)
• [cisco_ospf_vrf](#type-cisco_ospf_vrf)
• [cisco_overlay_global](#type-cisco_overlay_global)
• [cisco_pim](#type-cisco_pim)
• [cisco_pim_grouplist](#type-cisco_pim_grouplist)
• [cisco_pim_rp_address](#type-cisco_pim_rp_address)
• [cisco_portchannel_global](#type-cisco_portchannel_global)
• [cisco_route_map](#type-cisco_route_map)
• [cisco_stp_global](#type-cisco_stp_global)
• [cisco_snmp_community](#type-cisco_snmp_community)
• [cisco_snmp_group](#type-cisco_snmp_group)
• [cisco_snmp_server](#type-cisco_snmp_server)
• [cisco_snmp_user](#type-cisco_snmp_user)
• [cisco_tacacs_server](#type-cisco_tacacs_server)
• [cisco_tacacs_server_host](#type-cisco_tacacs_server_host)
• [cisco_upgrade](#type-cisco_upgrade)
• [cisco_vdc](#type-cisco_vdc)
• [cisco_vlan](#type-cisco_vlan)
• [cisco_vpc_domain](#type-cisco_vpc_domain)
• [cisco_vni](#type-cisco_vni)
• [cisco_vrf](#type-cisco_vrf)
• [cisco_vrf_af](#type-cisco_vrf_af)
• [cisco_vtp](#type-cisco_vtp)
• [cisco_vxlan_vtep](#type-cisco_vxlan_vtep)
• [cisco_vxlan_vtep_vni](#type-cisco_vxlan_vtep_vni)

NetDev StdLib Resource Type Catalog (by Name)

• [banner](#type-banner)
• [domain_name](#type-domain_name)
• [name_server](#type-name_server)
• [network_dns](#type-network_dns)
• [network_interface](#type-network_interface)
• [network_snmp](#type-network_snmp)
• [network_trunk](#type-network_trunk)
• [network_vlan](#type-network_vlan)
• [ntp_auth_key](#type-ntp_auth_key)
• [ntp_config](#type-ntp_config)
• [ntp_server](#type-ntp_server)
• [port_channel](#type-port_channel)
• [radius](#type-radius)
• [radius_global](#type-radius_global)
• [radius_server_group](#type-radius_server_group)
• [radius_server](#type-radius_server)
• [search_domain](#type-search_domain)
• [snmp_community](#type-snmp_community)
• [snmp_notification](#type-snmp_notification)
• [snmp_notification_receiver](#type-snmp_notification_receiver)
• [snmp_user](#type-snmp_user)
• [syslog_facility](#type-syslog_facility)
• [syslog_server](#type-syslog_server)
• [syslog_settings](#type-syslog_settings)
• [tacacs](#type-tacacs)
• [tacacs_global](#type-tacacs_global)
• [tacacs_server_group](#type-tacacs_server_group)
• [tacacs_server](#type-tacacs_server)

Resource Platform Support Matrix

The Nexus family of switches support various hardware and software features depending on the model and version. The following table will guide you through the provider support matrix.

Platform Models

Platform	Description	Environments
N9k	Support includes all N9xxx models	agentless, bash-shell, guestshell
N3k	Support includes N30xx and N31xx models only.The N35xx model is not supported.	agentless, bash-shell, guestshell
N3k-F	Support includes all N3xxx models running os version 7.0(3)Fx(x)	agentless, bash-shell, guestshell
N5k	Support includes N56xx models only.The N50xx and N55xx models are not supported at this time.	Open Agent Container (OAC)
N6k	Support includes all N6xxx models	agentless, Open Agent Container (OAC)
N7k	Support includes all N7xxx models	agentless, Open Agent Container (OAC)
N9k-F	Support includes all N95xx models running os version 7.0(3)Fx(x)	agentless, bash-shell, guestshell

Matrix Legend

Symbol	Meaning	Description
✅	Supported	The provider has been validated to work on the platform.An asterisk '*' indicates that some provider properties may have software or hardware limitations, caveats, or other noted behaviors.Click on the associated caveat link for more information.
➖	Not Applicable	The provider is not supported on the platform because of hardware or software limitations.

Support Matrix

✅ = Supported ➖ = Not Applicable	N9k	N3k	N5k	N6k	N7k	N9k-F	N3k-F	Caveats
ciscoaaaauthentication_login	✅	✅	✅	✅	✅	✅	✅
ciscoaaaauthorization_login_cfg_svc	✅	✅	✅	✅	✅	✅	✅
ciscoaaaauthorization_login_exec_svc	✅	✅	✅	✅	✅	✅	✅
cisco_aaa_group_tacacs	✅	✅	✅	✅	✅	✅	✅
cisco_acl	✅	✅	✅	✅	✅	✅	✅
cisco_ace	✅*	✅*	✅*	✅*	✅*	✅*	✅*	*caveats
cisco_bfd_global	✅*	✅*	✅*	✅*	✅*	✅*	✅*	*caveats
cisco_command_config	✅	✅	✅	✅	✅	✅	✅
cisco_bgp	✅	✅	✅*	✅*	✅*	✅	✅	*caveats
cisco_bgp_af	✅*	✅*	✅	✅*	✅	✅	✅	*caveats
cisco_bgp_af_aa	✅	✅	✅	✅	✅	✅	✅
cisco_bgp_neighbor	✅	✅	✅	✅	✅	✅	✅
cisco_bgp_neighbor_af	✅	✅	✅	✅	✅	✅	✅
cisco_bridge_domain	➖	➖	➖	➖	✅	➖	➖
cisco_bridge_domain_vni	➖	➖	➖	➖	✅	➖	➖
cisco_dhcp_relay_global	✅*	✅*	✅*	✅*	✅*	✅*	✅*	*caveats
cisco_encapsulation	➖	➖	➖	➖	✅	➖	➖
cisco_evpn_multicast	✅*	➖	➖	➖	➖	➖	➖
cisco_evpn_multisite	✅*	➖	➖	➖	➖	➖	➖	*caveats
cisco_evpn_stormcontrol	✅*	➖	➖	➖	➖	➖	➖	*caveats
cisco_evpn_vni	✅*	➖	✅	✅	✅	✅*	✅	*caveats
cisco_fabricpath_global	➖	➖	✅	✅	✅*	➖	➖	*caveats
cisco_fabricpath_topology	➖	➖	✅	✅	✅	➖	➖
cisco_hsrp_global	✅	✅*	✅	✅	✅	✅	✅	*caveats
cisco_interface	✅*	✅*	✅*	✅*	✅*	✅*	✅*	*caveats
cisco_interface_channel_group	✅	✅	✅	✅	✅	✅	✅	*caveats
cisco_interface_evpn_multisite	✅*	➖	➖	➖		➖	➖	*caveats
cisco_interface_hsrp_group	✅	✅	➖	➖	✅*	✅	✅	*caveats
cisco_interface_ospf	✅	✅	✅	✅	✅	✅	✅
cisco_interface_portchannel	✅*	✅*	✅*	✅*	✅*	✅	✅	*caveats
cisco_interface_service_vni	➖	➖	➖	➖	✅	➖	➖
cisco_ip_multicast	✅ *	➖	➖	➖	➖	➖	➖	*caveats
cisco_itd_device_group	✅	➖	➖	➖	✅	➖	➖
cisco_itd_device_group_node	✅	➖	➖	➖	✅	➖	➖
cisco_itd_service	✅	➖	➖	➖	✅	➖	➖	*caveats
cisco_object_group	✅	✅	➖	➖	✅	✅	✅
cisco_object_group_entry	✅	✅	➖	➖	✅	✅	✅
cisco_ospf	✅	✅	✅	✅	✅	✅	✅
cisco_ospf_vrf	✅	✅	✅	✅	✅	✅	✅	*caveats
✅ = Supported ➖ = Not Applicable	N9k	N3k	N5k	N6k	N7k	N9k-F	N3k-F	Caveats
cisco_overlay_global	✅	✅*	✅	✅	✅	✅	✅	*caveats
cisco_pim	✅	✅	✅	✅	✅	✅	✅	*caveats
cisco_pim_rp_address	✅	✅	✅	✅	✅	✅	✅
cisco_pim_grouplist	✅	✅	✅	✅	✅	✅	✅
cisco_portchannel_global	✅*	✅*	✅*	✅*	✅*	✅*	✅*	*caveats
cisco_route_map	✅*	✅*	✅*	✅*	✅*	✅*	✅*	*caveats
cisco_stp_global	✅*	✅*	✅*	✅*	✅	✅	✅	*caveats
cisco_snmp_community	✅	✅	✅	✅	✅	✅	✅
cisco_snmp_group	✅	✅	✅	✅	✅	✅	✅
cisco_snmp_server	✅	✅	✅	✅	✅	✅	✅
cisco_snmp_user	✅	✅	✅	✅	✅	✅	✅
cisco_tacacs_server	✅	✅	✅	✅	✅	✅	✅
cisco_tacacs_server_host	✅	✅	✅	✅	✅	✅	✅
cisco_upgrade	✅*	✅*	➖	➖	➖	✅*	✅*	*caveats
cisco_vdc	➖	➖	➖	➖	✅	➖	➖	➖
cisco_vlan	✅*	✅*	✅	✅	✅	✅	✅	*caveats
cisco_vpc_domain	✅*	✅*	✅*	✅*	✅*	➖	*caveats
cisco_vrf	✅	✅*	✅	✅	✅	✅	✅	*caveats
cisco_vrf_af	✅*	✅*	✅*	✅*	✅*	✅*	✅	*caveats
cisco_vtp	✅	✅	✅	✅	✅	➖	➖
cisco_vxlan_vtep	✅	➖	✅	✅	✅*	✅	✅	*caveats
cisco_vxlan_vtep_vni	✅	➖	✅	✅	✅	✅	✅	*caveats

NetDev Providers

✅ = Supported ➖ = Not Applicable	N9k	N3k	N5k	N6k	N7k	N9k-F	N3k-F	Caveats
banner	✅	✅	✅	✅	✅	✅	✅	*caveats
domain_name	✅	✅	✅	✅	✅	✅	✅
name_server	✅	✅	✅	✅	✅	✅	✅
network_dns	✅	✅	✅	✅	✅	✅	✅	*caveats
network_interface	✅	✅	✅	✅	✅	✅	✅
network_snmp	✅	✅	✅	✅	✅	✅	✅
network_trunk	✅	✅	✅	✅	✅	✅	✅
network_vlan	✅	✅	✅	✅	✅	✅	✅
ntp_auth_key	✅	✅	✅	✅	✅	✅	✅
ntp_config	✅	✅	✅	✅	✅	✅	✅	*caveats
ntp_server	✅	✅	✅	✅	✅	✅	✅	*caveats
port_channel	✅	✅	✅	✅	✅	✅	✅
radius	✅	✅	✅	✅	✅	✅	✅
radius_global	✅	✅	✅	✅	✅	✅	✅
radius_server_group	✅	✅	✅	✅	✅	✅	✅
radius_server	✅	✅	✅	✅	✅	✅	✅
search_domain	✅	✅	✅	✅	✅	✅	✅
snmp_community	✅	✅	✅	✅	✅	✅	✅
snmp_notification	✅	✅	✅	✅	✅	✅	✅
snmp_notification_receiver	✅	✅	✅	✅	✅	✅	✅
snmp_user	✅	✅	✅	✅	✅	✅	✅
syslog_facility	✅	✅	✅	✅	✅	✅	✅
syslog_server	✅	✅	✅	✅	✅	✅	✅
syslog_settings	✅	✅	✅	✅	✅	✅	✅	*caveats
tacacs	✅	✅	✅	✅	✅	✅	✅
tacacs_global	✅	✅	✅	✅	✅	✅	✅
tacacs_server	✅	✅	✅	✅	✅	✅	✅
tacacs_server_group	✅	✅	✅	✅	✅	✅	✅

--

Cisco Resource Type Details

The following resources are listed alphabetically.

--

Type: cisco_command_config

Allows execution of configuration commands.

Platform	OS Minimum Version	Module Minimum Version
N9k	7.0(3)I2(5)	1.0.1
N3k	7.0(3)I2(5)	1.0.1
N5k	7.3(0)N1(1)	1.2.0
N6k	7.3(0)N1(1)	1.2.0
N7k	7.3(0)D1(1)	1.2.0
N9k-F	7.0(3)F1(1)	1.5.0
N3k-F	7.0(3)F3(2)	1.8.0

Parameters

command

Configuration command(s) to be applied to the network element. Valid values are string.

This provider allows raw configurations to be managed by Puppet. It serves as a stopgap until specialized types are created. It has the following limitations:

• The input message buffer is limited to 500KB. Large configurations are often easier to debug if broken up into multiple smaller resource blocks.
• The cisco_command_config configuration block must use the same syntax as displayed by the show running-config command on the switch. In some cases, configuration commands that omit optional keywords when entered may actually appear with a different syntax when displayed by show running-config; for example, some access-list entries may be configured without a sequence number but yet an implicit sequence number is created regardless. This then creates an idempotency problem because there is a mismatch between show running-config and the manifest. The solution in this case is for the manifest to include explicit sequence numbers for the affected access-list entries.
• Order is important. Some dependent commands may fail if their associated feature configuration is not enabled first. Use Puppet's before, after, or require keywords to establish dependencies between blocks.
• Indentation counts! It implies sub-mode configuration. Use the switch's running-config as a guide and do not indent configurations that are not normally indented. Do not use tabs to indent.
• Inline comments must be prefixed by '!' or '#'.
• Negating a submode will also remove configuratons under that submode, without having to specify every submode config statement: no router ospf RED removes all configuration under router ospf RED.
• Syntax does not auto-complete: use Ethernet1/1, not Eth1/1.
• If a CLI command is rejected during configuration, the resource will abort at that point and will not issue any remaining CLI. For this reason, we recommend limiting the scope of each instance of this resource.

--

Type: cisco_aaa_authentication_login

Manages AAA Authentication Login configuration.

Platform	OS Minimum Version	Module Minimum Version
N9k	7.0(3)I2(5)	1.2.0
N3k	7.0(3)I2(5)	1.2.0
N5k	7.3(0)N1(1)	1.3.0
N6k	7.3(0)N1(1)	1.3.0
N7k	7.3(0)D1(1)	1.3.0
N9k-F	7.0(3)F1(1)	1.5.0
N3k-F	7.0(3)F3(2)	1.8.0

Parameters

name

The name of the AAA Authentication Login instance. Must be 'default'

ascii_authentication

Enable/disable ascii_authentication for AAA Authentication Login. Valid values are true, false, keyword 'default'

chap

Enable/disable chap for AAA Authentication Login.

error_display

Enable/disable error_display for AAA Authentication Login.

mschap

Enable/disable mschap for AAA Authentication Login.

mschapv2

Enable/disable mschapv2 for AAA Authentication Login.

--

Type: cisco_aaa_authorization_login_cfg_svc

Manages configuration for Authorization Login Config Service.

Platform	OS Minimum Version	Module Minimum Version
N9k	7.0(3)I2(5)	1.2.0
N3k	7.0(3)I2(5)	1.2.0
N5k	7.3(0)N1(1)	1.3.0
N6k	7.3(0)N1(1)	1.3.0
N7k	7.3(0)D1(1)	1.3.0
N9k-F	7.0(3)F1(1)	1.5.0
N3k-F	7.0(3)F3(2)	1.8.0

Parameters

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

name

Name of the config login service. Valid values are 'console' or 'default'.

groups

Tacacs+ groups configured for this service. Valid values are an array of strings, keyword 'default'.

method

Authentication methods on this device. Valid values are 'local', 'unselected', 'default'.

--

Type: cisco_aaa_authorization_login_exec_svc

Manages configuration for Authorization Login Exec Service.

Platform	OS Minimum Version	Module Minimum Version
N9k	7.0(3)I2(5)	1.2.0
N3k	7.0(3)I2(5)	1.2.0
N5k	7.3(0)N1(1)	1.3.0
N6k	7.3(0)N1(1)	1.3.0
N7k	7.3(0)D1(1)	1.3.0
N9k-F	7.0(3)F1(1)	1.5.0
N3k-F	7.0(3)F3(2)	1.8.0

Parameters

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

name

Name of the exec login service. Valid values are 'console' or 'default'.

groups

Tacacs+ groups configured for this service. Valid values are an array of strings, keyword 'default'.

method

Authentication methods on this device. Valid values are 'local', 'unselected', 'default'.

--

Type: cisco_aaa_group_tacacs

Manages configuration for a TACACS+ server group.

Platform	OS Minimum Version	Module Minimum Version
N9k	7.0(3)I2(5)	1.2.0
N3k	7.0(3)I2(5)	1.2.0
N5k	7.3(0)N1(1)	1.3.0
N6k	7.3(0)N1(1)	1.3.0
N7k	7.3(0)D1(1)	1.3.0
N9k-F	7.0(3)F1(1)	1.5.0
N3k-F	7.0(3)F3(2)	1.8.0

Parameters

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

group

Name of the aaa group TACACS instance. Valid values are string.

deadtime

Deadtime interval for this TACACS+ server group. Valid values are integer, in minutes, keyword 'default'

server_hosts

An array of TACACS+ server hosts associated with this TACACS+ server group. Valid values are an array, or the keyword 'default'.

source_interface

Source interface for TACACS+ servers in this TACACS+ server group Valid values are string, keyword 'default'.

vrf_name

Specifies the virtual routing and forwarding instance (VRF) to use to contact this TACACS server group. Valid values are string, the keyword 'default'.

--

Type: cisco_acl

Manages configuration of a Access Control List (ACL) instance.

Platform	OS Minimum Version	Module Minimum Version
N9k	7.0(3)I2(5)	1.2.0
N3k	7.0(3)I2(5)	1.2.0
N5k	7.3(0)N1(1)	1.3.0
N6k	7.3(0)N1(1)	1.3.0
N7k	7.3(0)D1(1)	1.3.0
N9k-F	9.2.1	1.10.0
N3k-F	9.2.1	1.10.0

Caveats

Property	Caveat Description
fragments	Not supported on N5k, N6k, N9k-F, N3k-F

Parameters

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

afi

Address Family Identifier (AFI). Required. Valid values are 'ipv4' and 'ipv6'.

acl_name

Name of the acl instance. Valid values are string.

stats_per_entry

Enable/disable Statistics Per Entry for ACL. Valid values are true, false, keyword 'default'.

fragments

Permit or deny Fragments for ACL. Valid values are 'permit-all' and 'deny-all'

--

Type: cisco_ace

Manages configuration of an Access Control List (ACL) Access Control Entry (ACE) instance.

Platform	OS Minimum Version	Module Minimum Version
N9k	7.0(3)I2(5)	1.2.0
N3k	7.0(3)I2(5)	1.2.0
N5k	7.3(0)N1(1)	1.3.0
N6k	7.3(0)N1(1)	1.3.0
N7k	7.3(0)D1(1)	1.3.0

Caveats

Property	Caveat Description
http_method	ipv4 only Not supported on N5k, N6k, N7k
packet_length	Not supported on N5k, N6k
precedence	ipv4 only
redirect	ipv4 only Not supported on N5k, N6k, N7k
time_range	Not supported on N5k, N6k
ttl	Not supported on N5k, N6k, N7k
tcp_option_length	ipv4 only Not supported on N5k, N6k, N7k
vlan	Not supported on N5k, N6k, N7k. Minimum puppet module version 1.10.0
set_erspan_gre_proto	Not supported on N5k, N6k, N7k. Minimum puppet module version 1.10.0
set_erspan_dscp	Not supported on N5k, N6k, N7k. Minimum puppet module version 1.10.0
proto_option	Not supported on N5k, N6k. Minimum puppet module version 1.10.0

Example Usage

cisco_ace { 'ipv4 my_acl 42':
  ensure              => 'present',
  remark              => 'East Branch',
  action              => 'permit',
  proto               => 'tcp',
  src_addr            => '10.0.0.0/8',
  src_port            => 'eq 40',
  dst_addr            => 'any',
  dst_port            => 'neq 80',

  dscp                => 'af11',
  established         => 'true',
  log                 => 'true',
  packet_length       => 'range 512 1024'
  precedence          => 'flash',
  redirect            => 'Ethernet1/2,Port-Channel42',
  tcp_flags           => 'ack psh',
  time_range          => 'my_time_range',
  ttl                 => '128',
}

cisco_ace { 'ipv6 my_v6_acl 42':
  ensure              => 'present',
  remark              => 'East Branch',
  action              => 'permit',
  proto               => 'tcp',
  src_addr            => '1:1::1/128',
  dst_addr            => 'any',
}

Parameters

| Example Parameter Usage |:-- | cisco_ace { '<afi> <acl_name> <seqno>': | cisco_ace { 'ipv4 my_acl 42':

afi

Address Family Identifier (AFI). Required. Valid values are 'ipv4' and 'ipv6'.

acl_name

Access Control List (ACL) name. Required. Valid values are type String.

seqno

Access Control Entry (ACE) Sequence Number. Required. Valid values are type Integer.

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

Properties

action

The action to perform with this ACE. Valid values are keywords permit or deny.

| Example |:-- | action => 'permit'

dscp

Allows matching by Differentiated Services Code Point (DSCP) value. Valid values are type String, which must be one of the following forms:

• A numeric dscp value
• One of the dscp keyword names
  • af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43
  • cs1 cs2 cs3 cs4 cs5 cs6 cs7
  • ef
  • default

| Example |:-- | dscp => 'af11'

dst_addr

The Destination Address to match against. This property shares the same syntax as src_addr. Valid values are type String, which must be one of the following forms:

• An IPv4/IPv6 address or subnet
• The keyword host and a host address
• The keyword addrgroup and its object group name
• The keyword any

| Examples |:-- | dst_addr => '10.0.0.0/8' | dst_addr => 'host 10.0.0.1' | dst_addr => '128:1::/64' | dst_addr => 'addrgroup my_addrgroup' | dst_addr => 'any'

See src_addr.

dst_port

The TCP or UDP Destination Port to match against. This property shares the same syntax as src_port. Valid values are type String, which must be one of the following forms:

• A comparison operator (eq, neq, lt, gt) and value
• The keyword range and a range value
• The keyword portgroup and its object group name

| Examples |:-- | dst_port => 'neq 40' | dst_port => 'range 68 69' | dst_port => 'portgroup my_portgroup'

See src_port.

established

Allows matching against TCP Established connections. Valid values are true or false.

| Example |:-- | established => true

http_method

(ipv4 only) Allows matching based on http-method. Valid values are String, which must be one of the following forms:

• A numeric http-method value
• One of the http-method keyword names
  • connect delete get head post put trace

| Examples |:-- | http_method => 'post'

log

Enables logging for the ACE. Valid values are true or false.

| Examples |:-- | 'log' => true

packet_length

Allows matching based on Layer 3 Packet Length. Valid values are type String, which must be one of the following forms:

• A comparison operator (eq, neq, lt, gt) and value
• The keyword range and range values

| Examples |:-- | packet_length => 'gt 512' | packet_length => 'range 512 1024'

precedence

(ipv4 only) Allows matching by precedence value. Valid values are String, which must be one of the following forms:

• A numeric precedence value
• One of the precedence keyword names
  • critical flash flash-override immediate internet network priority routine

| Example |:-- | precedence => 'flash'

proto

The protocol to match against. Valid values are String or Integer. Examples are: tcp, udp, ip, 6.

| Example |:-- | proto => 'tcp'

proto_option

Any protocol option which is valid for that protocol. Valid values are string. Currently this is valid only for icmp protocol.

| Example |:-- | proto_option => 'time-exceeded'

redirect

(ipv4 only) Allows for redirecting traffic to one or more interfaces. This property is only useful with VLAN ACL (VACL) applications. Valid values are a String containing a list of interface names.

| Examples |:-- | redirect => 'Ethernet1/1' | redirect => 'Ethernet1/2,Port-Channel42'

remark

This is a Remark description for the ACL or ACE. Valid values are string.

| Example |:-- | remark => 'East Branch'

set_erspan_dscp

Sets ERSPAN outer IP DSCP value. Valid values are beween 1 and 63. Currently this is valid only for icmp protocol.

| Example |:-- | set_erspan_dscp => '3'

set_erspan_gre_proto

Sets ERSPAN GRE protocol. Valid values are beween 1 and 65535. Currently this is valid only for icmp protocol.

| Example |:-- | set_erspan_gre_proto => '300'

src_addr

The Source Address to match against. Valid values are type String, which must be one of the following forms:

• An IPv4/IPv6 address or subnet
• The keyword host and a host address
• The keyword addrgroup and its object group name
• The keyword any

| Examples |:-- | src_addr => '10.0.0.0/8' | src_addr => 'host 10.0.0.1' | src_addr => '128:1::/64' | src_addr => 'addrgroup my_addrgroup' | src_addr => 'any'

See dst_addr.

src_port

The TCP or UDP Source Port to match against. Valid values are type String, which must be one of the following forms:

• A comparison operator (eq, neq, lt, gt) and value
• The keyword range and range values
• The keyword portgroup and its object group name

| Examples |:-- | src_port => 'neq 40' | src_port => 'range 68 69' | src_port => 'portgroup my_portgroup'

See dst_port.

tcp_flags

The TCP flags or control bits. Valid values are a String of some or all of flags: urg, ack, psh, rst, syn, or fin.

| Example |:-- | tcp_flags => 'ack psh'

tcp_option_length

(ipv4 only) Allows matching on TCP options length. Valid values are type Integer or String, which must be a multiple of 4 in the range 0-40.

| Examples |:-- | tcp_option_length => '0' | tcp_option_length => '36'

time_range

Allows matching by Time Range. Valid values are String, which references a time-range name.

| Example |:-- | time_range => 'my_time_range'

ttl

Allows matching based on Time-To-Live (TTL) value. Valid values are type Integer or String.

| Example |:-- | ttl => '128'

vlan

Configure match based on vlan. Valid values are between 0 and 4095. Currently this is valid only for icmp protocol.

| Example |:-- | vlan => '100'

--

Type: cisco_bfd_global

Manages configuration of a BFD (Bidirectional Forwarding Detection) instance.

Platform	OS Minimum Version	Module Minimum Version
N9k	7.0(3)I2(5)	1.4.0
N3k	7.0(3)I2(5)	1.4.0
N5k	7.3(0)N1(1)	1.4.0
N6k	7.3(0)N1(1)	1.4.0
N7k	7.3(0)D1(1)	1.4.0
N9k-F	7.0(3)F1(1)	1.5.0
N3k-F	7.0(3)F3(2)	1.8.0

Caveats

Property	Caveat Description
echo_rx_interval	Not supported on N5k, N6k
fabricpath_interval	Not supported on N3k, N3k-F, N9k-F, N9k
fabricpath_slow_timer	Not supported on N3k, N3k-F, N9k-F, N9k
fabricpath_vlan	Not supported on N3k, N3k-F, N9k-F, N9k
interval	Supported on N3k, N5k, N6k, N7k Supported in OS Version 7.0(3)F2(1) and later on N9k-F Supported in OS Version 7.0(3)I6(1) and later on N9k
ipv4_echo_rx_interval	Not supported on N5k, N6k
ipv4_interval	Not supported on N5k, N6k
ipv4_slow_timer	Not supported on N5k, N6k
ipv6_echo_rx_interval	Not supported on N5k, N6k
ipv6_interval	Not supported on N5k, N6k
ipv6_slow_timer	Not supported on N5k, N6k
startup_timer	Not supported on N5k, N6k, N7k

Parameters

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

echo_interface

Loopback interface used for echo frames. Valid values are String, and 'default'.

echo_rx_interval

Echo receive interval in milliseconds. Valid values are integer, and 'default'.

fabricpath_interval

BFD fabricpath interval. Valid values are an array of [fabricpath_interval, fabricpath_min_rx, fabricpath_multiplier] or 'default'.

Example: fabricpath_interval => [100, 120, 4]

fabricpath_slow_timer

BFD fabricpath slow rate timer in milliseconds. Valid values are integer, and 'default'.

fabricpath_vlan

BFD fabricpath control vlan. Valid values are integer, and 'default'.

interval

BFD interval. Valid values are an array of [interval, min_rx, multiplier] or 'default'.

Example: interval => [100, 120, 4]

ipv4_echo_rx_interval

IPv4 session echo receive interval in milliseconds. Valid values are integer, and 'default'.

ipv4_interval

BFD IPv4 session interval. Valid values are an array of [ipv4_interval, ipv4_min_rx, ipv4_multiplier] or 'default'.

Example: ipv4_interval => [100, 120, 4]

ipv4_slow_timer

BFD IPv4 session slow rate timer in milliseconds. Valid values are integer, and 'default'.

ipv6_echo_rx_interval

IPv6 session echo receive interval in milliseconds. Valid values are integer, and 'default'.

ipv6_interval

BFD IPv6 session interval. Valid values are an array of [ipv6_interval, ipv6_min_rx, ipv6_multiplier] or 'default'.

Example: ipv6_interval => [100, 120, 4]

ipv6_slow_timer

BFD IPv6 session slow rate timer in milliseconds. Valid values are integer, and 'default'.

slow_timer

BFD slow rate timer in milliseconds. Valid values are integer, and 'default'.

startup_timer

BFD delayed startup timer in seconds. Valid values are integer, and 'default'.

--

Type: cisco_bgp

Manages configuration of a BGP instance.

Platform	OS Minimum Version	Module Minimum Version
N9k	7.0(3)I2(5)	1.1.0
N3k	7.0(3)I2(5)	1.1.0
N5k	7.3(0)N1(1)	1.2.0
N6k	7.3(0)N1(1)	1.2.0
N7k	7.3(0)D1(1)	1.2.0
N9k-f	7.3(0)F3(2)	1.8.0
N3k-F	7.0(3)F3(2)	1.8.0

Caveats

Property	Caveat Description
disable_policy_batching_ipv4	Not supported on N5k, N6k Supported in OS Version 8.1.1 and later on N7k
disable_policy_batching_ipv6	Not supported on N5k, N6k Supported in OS Version 8.1.1 and later on N7k
event_history_errors	Supported in OS Version 8.0.1 and later on N7k Supported in OS Version 7.0(3)I5(1) and later on N3
event_history_objstore	Supported in OS Version 8.0.1 and later on N7k Supported in OS Version 7.0(3)I5(1) and later on N3
neighbor_down_fib_accelerate	Not supported on N5k, N6k Supported in OS Version 8.1.1 and later on N7k
reconnect_interval	Not supported on N5k, N6k Supported in OS Version 8.1.1 and later on N7k
suppress_fib_pending	Idempotence supported only on 7.0(3)I5(1) and later images N3

Parameters

ensure

Determines whether the config should be present or not on the device. Valid values are 'present' and 'absent'.

asn

BGP autonomous system number. Valid values are String, Integer in ASPLAIN or ASDOT notation.

vrf

Name of the resource instance. Valid values are string. The name 'default' is a valid VRF representing the global bgp.

Properties

bestpath_always_compare_med

Enable/Disable MED comparison on paths from different autonomous systems. Valid values are 'true', 'false', and 'default'.

bestpath_aspath_multipath_relax

Enable/Disable load sharing across the providers with different (but equal-length) AS paths. Valid values are 'true', 'false', and 'default'

bestpath_compare_routerid

Enable/Disable comparison of router IDs for identical eBGP paths. Valid values are 'true', 'false', and 'default'

bestpath_cost_community_ignore

Enable/Disable Ignores the cost community for BGP best-path calculations. Valid values are 'true', 'false', and 'default'

bestpath_med_confed

Enable/Disable enforcement of bestpath to do a MED comparison only between paths originated within a confederation. Valid values are 'true', 'false', and 'default'.

bestpath_med_missing_as_worst

Enable/Disable assigns the value of infinity to received routes that do not carry the MED attribute, making these routes the least desirable. Valid values are 'true', 'false', and 'default'.

bestpath_med_non_deterministic

Enable/Disable deterministic selection of the best MED path from among the paths from the same autonomous system. Valid values are 'true', 'false', and 'default'.

cluster_id

Route Reflector Cluster-ID. Valid values are String, keyword 'default'.

confederation_id

Routing domain confederation AS. Valid values are String, keyword 'default'.

confederation_peers

AS confederation parameters. Valid values are String, keyword 'default'.

disable_policy_batching

Enable/Disable the batching evaluation of prefix advertisements to all peers. Valid values are 'true', 'false', and 'default'.

disable_policy_batching_ipv4

Enable/Disable the batching evaluation of prefix advertisements to all peers with prefix list. Valid values are String, keyword 'default'.

disable_policy_batching_ipv6

Enable/Disable the batching evaluation of prefix advertisements to all peers with prefix list. Valid values are String, keyword 'default'.

enforce_first_as

Enable/Disable enforces the neighbor autonomous system to be the first AS number listed in the AS path attribute for eBGP. Valid values are 'true', 'false', and 'default'. On NX-OS, this property is only supported in the global BGP context.

event_history_cli

Enable/Disable/specify size of cli event history buffer. Valid values are false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.

event_history_detail

Enable/Disable/specify size of detail event history buffer. Valid values are 'false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.

event_history_errors

Enable/Disable/specify size of error history buffer. Valid values are 'false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.

event_history_events

Enable/Disable/specify size of event history buffer. Valid values are 'false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.

event_history_objstore

Enable/Disable/specify size of objstore history buffer. Valid values are 'false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.

event_history_periodic

Enable/Disable/specify size of periodic event history buffer. Valid values are 'false', 'size_small', 'size_medium', 'size_large', 'size_disable'. Size can also be specified in bytes. Please Note: Setting this value to 'default' or 'true' has been deprecated in module version 1.8.0. This property is only used for BGP debugging purposes and idempotency is not guaranteed.

fast_external_fallover

Enable/Disable immediately reset the session if the link to a directly connected BGP peer goes down. Valid values are 'true', 'false', and 'default'. On NX-OS, this property is only supported in the global BGP context.

flush_routes

Enable/Disable flush routes in RIB upon controlled restart. Valid values are 'true', 'false', and 'default'. On NX-OS, this property is only supported in the global BGP context.

graceful_restart

Enable/Disable graceful restart. Valid values are 'true', 'false', and 'default'.

graceful_restart_helper

Enable/Disable graceful restart helper mode. Valid values are 'true', 'false', and 'default'.

graceful_restart_timers_restart

Set maximum time for a restart sent to the BGP peer. Valid values are Integer, keyword 'default'.

graceful_restart_timers_stalepath_time

Set maximum time that BGP keeps the stale routes from the restarting BGP peer. Valid values are Integer, keyword 'default'.

isolate

Enable/Disable isolate this router from BGP perspective. Valid values are 'true', 'false', and 'default'.

log_neighbor_changes

Enable/Disable message logging for neighbor up/down event. Valid values are 'true', 'false', and 'default'

maxas_limit

Specify Maximum number of AS numbers allowed in the AS-path attribute. Valid values are integers between 1 and 512, or keyword 'default' to disable this property.

neighbor_down_fib_accelerate

Enable/Disable handle BGP neighbor down event, due to various reasons. Valid values are 'true', 'false', and 'default'.

nsr

Enable/Disable Non-Stop Routing (NSR). Valid values are 'true', 'false', and 'default'. This property is not supported on Nexus.

reconnect_interval

The BGP reconnection interval for dropped sessions. Valid values are Integer or keyword 'default'.

route_distinguisher

VPN Route Distinguisher (RD). The RD is combined with the IPv4 or IPv6 prefix learned by the PE router to create a globally unique address. Valid values are a String in one of the route-distinguisher formats (ASN2:NN, ASN4:NN, or IPV4:NN); the keyword 'auto', or the keyword 'default'.

Please note: The route_distinguisher property is typically configured within the VRF context configuration on most platforms (including NXOS) but it is tightly coupled to bgp and therefore configured within the BGP configuration on some non-NXOS platforms. For this reason the route_distinguisher property has support (with limitations) in both cisco_vrf and cisco_bgp providers:

• cisco_bgp: The property is supported on NXOS and some non-NXOS platforms.
• cisco_vrf: The property is only supported on NXOS. See: cisco_vrf: route_distinguisher

IMPORTANT: Choose only one provider to configure the route_distinguisher property on a given device. Using both providers simultaneously on the same device may have unpredictable results.

router_id

Router Identifier (ID) of the BGP router VRF instance. Valid values are string, and keyword 'default'.

shutdown

Administratively shutdown the BGP protocol. Valid values are 'true', 'false', and 'default'.

suppress_fib_pending

Enable/Disable advertise only routes programmed in hardware to peers. Valid values are 'true', 'false', and 'default'.

timer_bestpath_limit

Specify timeout for the first best path after a restart, in seconds. Valid values are Integer, keyword 'default'.

timer_bestpath_limit_always

Enable/Disable update-delay-always option. Valid values are 'true', 'false', and 'default'.

timer_bgp_holdtime

Set bgp hold timer. Valid values are Integer, keyword 'default'.

timer_bgp_keepalive

Set bgp keepalive timer. Valid values are Integer, keyword 'default'.

--

Type: cisco_bgp_af

Manages configuration of a BGP Address-family instance.

Platform	OS Minimum Version	Module Minimum Version
N9k	7.0(3)I2(5)	1.1.0
N3k	7.0(3)I2(5)	1.1.0
N5k	7.3(0)N1(1)	1.2.0
N6k	7.3(0)N1(1)	1.2.0
N7k	7.3(0)D1(1)	1.2.0
N9k-F	7.0(3)F1(1)	1.5.0
N3k-F	7.0(3)F3(2)	1.8.0

Caveats

Property	Caveat Description
additional_paths_install	Not supported on N3k, N3k-F, N9k-F, N9k
advertise_l2vpn_evpn	Not supported on N3k, N6k
address-family l2vpn/evpn	Module Minimum Version 1.3.2 OS Minimum Version 7.0(3)I3(1) Not supported on N3k

Parameters

ensure

Determine whether the interface config should be present or not. Valid values are 'present' and 'absent'.

asn

BGP autonomous system number. Required. Valid values are String, Integer in ASPLAIN or ASDOT notation.

vrf

VRF name. Required. Valid values are string. The name 'default' is a valid VRF representing the global bgp.

afi

Address Family Identifier (AFI). Required. Valid values are ipv4, ipv6, vpnv4, vpnv6 and l2vpn.

safi

Sub Address Family Identifier (SAFI). Required. Valid values are unicast, multicast and evpn.

Properties

additional_paths_install

Install a backup path into the forwarding table and provide prefix 'independent convergence (PIC) in case of a PE-CE link failure. Valid values are true, false, or 'default'.

additional_paths_receive

Enables the receive capability of additional paths for all of the neighbors under this address family for which the capability has not been disabled. Valid values are true, false, or 'default'

additional_paths_selection

Configures the capability of selecting additional paths for a prefix. Valid values are a string defining the name of the route-map.

additional_paths_send

Enables the send capability of additional paths for all of the neighbors under this address family for which the capability has not been disabled. Valid values are true, false, or 'default'

advertise_l2vpn_evpn

Advertise evpn routes. Valid values are true and false.

client_to_client

Configure client-to-client route reflection. Valid values are true and false.

dampen_igp_metric

Specify dampen value for IGP metric-related changes, in seconds. Valid values are Integer, keyword 'default'.

dampening_state

Enable/disable route-flap dampening. Valid values are true, false or 'default'.

dampening_half_time

Specify decay half-life in minutes for route-flap dampening. Valid values are Integer, keyword 'default'.

dampening_max_suppress_time

Specify max suppress time for route-flap dampening stable route. Valid values are Integer, keyword 'default'.

dampening_reuse_time

Specify route reuse time for route-flap dampening. Valid values are Integer, keyword 'default'.

dampening_routemap

Specify route-map for route-flap dampening. Valid values are a string defining the name of the route-map.

dampening_suppress_time

Specify route suppress time for route-flap dampening. Valid values are Integer, keyword 'default'.

Dampening Properties

Note: dampening_routemap is mutually exclusive with dampening_half_time, reuse_time, suppress_time and max_suppress_time.

default_information_originate

default-information originate. Valid values are true and false.

default_metric

Sets default metrics for routes redistributed into BGP. Valid values are Integer or keyword 'default'.

distance_ebgp

Sets the administrative distance for eBGP routes. Valid values are Integer or keyword 'default'.

distance_ibgp

Sets the administrative distance for iBGP routes. Valid values are Integer or keyword 'default'.

distance_local

Sets the administrative distance for local BGP routes. Valid values are Integer or keyword 'default'.

inject_map

An array of route-map names which will specify prefixes to inject. Each array entry must first specify the inject-map name, secondly an exist-map name, and optionally the copy-attributes keyword which indicates that attributes should be copied from the aggregate.

For example, the following array will create three separate inject-maps for lax_inject_map, nyc_inject_map (with copy-attributes), and fsd_exist_map:

[
 ['lax_inject_map', 'lax_exist_map'],
 ['nyc_inject_map', 'nyc_exist_map', 'copy-attributes'],
 ['fsd_inject_map', 'fsd_exist_map']
]

maximum_paths

Configures the maximum number of equal-cost paths for load sharing. Valid value is an integer in the range 1-64. Default value is 1.

maximum_paths_ibgp

Configures the maximum number of ibgp equal-cost paths for load sharing. Valid value is an integer in the range 1-64. Default value is 1.

networks

Networks to configure. Valid value is a list of network prefixes to advertise. The list must be in the form of an array. Each entry in the array must include a prefix address and an optional route-map.

Example: IPv4 Networks Array

[
 ['10.0.0.0/16', 'routemap_LA'],
 ['192.168.1.1', 'Chicago'],
 ['192.168.2.0/24],
 ['192.168.3.0/24', 'routemap_NYC']
]

Example: IPv6 Networks Array

[
 ['10::0/64', 'routemap_LA'],
 ['192:168::1', 'Chicago'],
 ['192:168::/32]
]

next_hop_route_map

Configure a route-map for valid nexthops. Valid values are a string defining the name of the route-map.

redistribute

A list of redistribute directives. Multiple redistribute entries are allowed. The list must be in the form of a nested array: the first entry of each array defines the source-protocol to redistribute from; the second entry defines a route-map name. A route-map is highly advised but may be optional on some platforms, in which case it may be omitted from the array list.

Example: Platform requiring route-maps

redistribute => [['direct',  'rm_direct'],
                 ['lisp',    'rm_lisp'],
                 ['static',  'rm_static'],
                 ['eigrp 1', 'rm_eigrp'],
                 ['isis 2',  'rm_isis'],
                 ['ospf 3',  'rm_ospf'],
                 ['rip 4',   'rm_rip']]

Example: Platform with optional route-maps

redistribute => [['direct'],
                 ['lisp',    'rm_lisp'],
                 ['static'],
                 ['eigrp 1', 'rm_eigrp'],
                 ['isis 2',  'rm_isis'],
                 ['ospf 3',  'rm_ospf'],
                 ['rip 4']]

suppress_inactive

Advertises only active routes to peers. Valid values are true, false, or 'default'.

table_map

Apply table-map to filter routes downloaded into URIB. Valid values are a string.

table_map_filter

Filters routes rejected by the route-map and does not download them to the RIB. Valid values are true, false, or 'default'.

--

Type: cisco_bgp_af_aa

Manages configuration of a BGP Address-family Aggregate-address instance.

Platform	OS Minimum Version	Module Minimum Version
N9k	7.0(3)I2(5)	1.7.0
N3k	7.0(3)I2(5)	1.7.0
N5k	7.3(0)N1(1)	1.7.0
N6k	7.3(0)N1(1)	1.7.0
N7k	7.3(0)D1(1)	1.7.0
N9k-F	7.0(3)F1(1)	1.7.0
N3k-F	7.0(3)F3(2)	1.8.0

Parameters

ensure

Determine whether the BGP address family aggregate address should be present or not. Valid values are 'present' and 'absent'.

asn

BGP autonomous system number. Required. Valid values are String, Integer in ASPLAIN or ASDOT notation.

vrf

VRF name. Required. Valid values are string. The name 'default' is a valid VRF representing the global bgp.

afi

Address Family Identifier (AFI). Required. Valid values are ipv4, ipv6, vpnv4, vpnv6 and l2vpn.

safi

Sub Address Family Identifier (SAFI). Required. Valid values are unicast, multicast and evpn.

aa

Aggregate address mask in ipv4/ipv6 format. Required. Valid values are string. Examples: 1.1.1.1/32 or 2000:1/128.

Properties

as_set

Generates autonomous system set path information. Valid values are true, false or 'default'.

advertise_map

Name of the route map used to select the routes to create AS_SET origin communities. Valid values are string or 'default'.

attribute_map

Name of the route map used to set the attribute of the aggregate route. Valid values are string or 'default'.

summary_only

Filters all more-specific routes from updates. Valid values are true, false or 'default'.

suppress_map

Name of the route map used to select the routes to be suppressed. Valid values are string or 'default'.

--

Type: cisco_bgp_neighbor

Manages configuration of a BGP Neighbor.

Platform	OS Minimum Version	Module Minimum Version
N9k	7.0(3)I2(5)	1.1.0
N3k	7.0(3)I2(5)	1.1.0
N5k	7.3(0)N1(1)	1.2.0
N6k	7.3(0)N1(1)	1.2.0
N7k	7.3(0)D1(1)	1.2.0
N9k-F	7.0(3)F1(1)	1.5.0
N3k-F	7.0(3)F3(2)	1.8.0

Caveats

Property	Caveat Description
log_neighbor_changes	Not supported on N5k, N6k Minimum puppet module version 1.7.0 for N7k Supported in OS Version 8.1.1 and later on N7k
bfd	(ciscopuppet v1.4.0) BFD support added for all platforms
bfd on IPv6	Not supported on N5k, N6k
peer_type	Only supported on N9K-EX and N9K-FX devices. For eg: N9K-C93180YC-EX. Minimum OS version 7.0(3)I7(1) and minimum Module Version 1.9.0

Parameters

ensure

Determine whether the neighbor config should be present or not. Valid values are 'present' and 'absent'.

asn

BGP autonomous system number. Required. Valid values are String, Integer in ASPLAIN or ASDOT notation.

vrf

VRF name. Required. Valid values are string. The name 'default' is a valid VRF representing the global bgp.

neighbor

Neighbor Identifier. Required. Valid values are string. Neighbors may use IPv4 or IPv6 notation, with or without prefix length.

Properties

description

Description of the neighbor. Valid value is string.

bfd

Enable Bidirectional Forwarding Detection (BFD). Valid values are true, false and keyword 'default'.

connected_check

Configure whether or not to check for directly connected peer. Valid values are true and false.

capability_negotiation

Configure whether or not to negotiate capability with this neighbor. Valid values are true and false.

dynamic_capability

Configure whether or not to enable dynamic capability. Valid values are true and false.

ebgp_multihop

Specify multihop TTL for a remote peer. Valid values are integers between 2 and 255, or keyword 'default' to disable this property.

local_as

Specify the local-as number for the eBGP neighbor. Valid values are String or Integer in ASPLAIN or ASDOT notation, or 'default', which means not to configure it.

log_neighbor_changes

Specify whether or not to enable log messages for neighbor up/down event. Valid values are 'enable', to enable it, 'disable' to disable it, or 'inherit' to use the configuration in the cisco_bgp type.

low_memory_exempt

Specify whether or not to shut down this neighbor under memory pressure. Valid values are 'true' to exempt the neighbor from being shutdown, 'false' to shut it down, or 'default' to perform the default shutdown behavior.

maximum_peers

Specify Maximum number of peers for this neighbor prefix. Valid values are between 1 and 1000, or 'default', which does not impose the limit.

password

Specify the password for neighbor. Valid value is string.

password_type

Specify the encryption type the password will use. Valid values for Nexus are 'cleartext', '3des' or 'cisco_type_7' encryption, and 'default', which defaults to 'cleartext'.

peer_type

Specify the peer type for EVPN multisite. Valid value are 'fabric-border-leaf' or 'fabric-external'.

remote_as

Specify Autonomous System Number of the neighbor. Valid values are String or Integer in ASPLAIN or ASDOT notation, or 'default', which means not to configure it.

remove_private_as

Specify the config to remove private AS number from outbound updates. Valid values are 'enable' to enable this config, 'disable' to disable this config, 'all' to remove all private AS number, or 'replace-as', to replace the private AS number.

shutdown

Configure to administratively shutdown this neighbor. Valid values are true and false.

suppress_4_byte_as

Configure to suppress 4-byte AS Capability. Valid values are 'true', 'false', and 'default', which sets to the default 'false' value.

timers_keepalive

Specify keepalive timer value. Valid values are integers between 0 and 3600 in terms of seconds, or 'default', which is 60.

timers_holdtime

Specify holdtime timer value. Valid values are integers between 0 and 3600 in terms of seconds, or 'default', which is 180.

transport_passive_mode

Specify whether BGP sessions can be established from incoming or outgoing TCP connection requests (or both). Valid values for Nexus are 'passive_only', 'both', 'clear' and 'default', which defaults to 'clear'. This property can only be configured when the neighbor is in 'ip' address format without prefix length. This property and the transport_passive_only property are mutually exclusive.

transport_passive_only

Specify whether or not to only allow passive connection setup. Valid values are 'true', 'false', and 'default', which defaults to 'false'. This property can only be configured when the neighbor is in 'ip' address format without prefix length. This property and the transport_passive_mode property are mutually exclusive.

update_source

Specify source interface of BGP session and updates. Valid value is a string of the interface name.

--

Type: cisco_bgp_neighbor_af

Manages configuration of a BGP Neighbor Address-family instance.

Platform	OS Minimum Version	Module Minimum Version
N9k	7.0(3)I2(5)	1.1.0
N3k	7.0(3)I2(5)	1.1.0
N5k	7.3(0)N1(1)	1.2.0
N6k	7.3(0)N1(1)	1.2.0
N7k	7.3(0)D1(1)	1.2.0
N9k-F	7.0(3)F1(1)	1.5.0
N3k-F	7.0(3)F3(2)	1.8.0

Caveats

Property	Caveat Description
rewrite_evpn_rt_asn	Only supported on N9K-EX and N9K-FX devices. For eg: N9K-C93180YC-EX. Minimum OS version 7.0(3)I7(1) and minimum Module Version 1.9.0

Parameters

ensure

Determine whether the neighbor address family config should be present or not. Valid values are 'present' and 'absent'.

asn

BGP autonomous system number. Required. Valid values are String, Integer in ASPLAIN or ASDOT notation.

vrf

VRF name. Required. Valid values are string. The name 'default' is a valid VRF representing the global bgp.

neighbor

Neighbor Identifier. Required. Valid values are string. Neighbors may use IPv4 or IPv6 notation, with or without a subnet mask.

afi

Neighbor Address Family Identifier (AFI). Required. Valid values are string. Valid neighbor AFIs are ipv4, ipv6, vpnv4, vpnv6 and l2vpn. Note that some AFI/SAFI address-families may not be supported with some neighbors; e.g. an ipv6 neighbor may not support an ipv4 multicast address-family.

safi

Neighbor Sub Address Family Identifier (SAFI). Required. Valid values are string. Valid neighbor SAFIs are unicast, multicast and evpn. Note that some AFI/SAFI address-families may not be supported with some neighbors; e.g. an ipv6 neighbor may not support an ipv4 multicast address-family.

Properties

additional_paths_receive

capability additional-paths receive. Valid values are enable for basic command enablement; disable for disabling the command at the neighbor_af level (it adds the disable keyword to the basic command); and inherit to remove the command at this level (the command value is inherited from a higher BGP layer).

additional_paths_send

capability additional-paths send. Valid values are enable for basic command enablement; disable for disabling the command at the neighbor_af level (it adds the disable keyword to the basic command); and inherit to remove the command at this level (the command value is inherited from a higher BGP layer).

advertise_map_exist

Conditional route advertisement. This property requires two route maps: an advertise-map and an exist-map. Valid values are an array specifying both the advertise-map name and the exist-map name, or simply 'default'; e.g. ['my_advertise_map', 'my_exist_map']. This command is mutually exclusive with the advertise_map_non_exist property.

advertise_map_non_exist

Conditional route advertisement. This property requires two route maps: an advertise-map and a non-exist-map. Valid values are an array specifying both the advertise-map name and the non-exist-map name, or simply 'default'; e.g. ['my_advertise_map', 'my_non_exist_map']. This command is mutually exclusive with the advertise_map_exist property.

allowas_in

allowas-in. Valid values are true, false, or an integer value, which enables the command with a specific max-occurrences value. Related: allowas_in_max.

allowas_in_max

Optional max-occurrences value for allowas_in. Valid values are an integer value or 'default'. Can be used independently or in conjunction with allowas_in.

as_override

as-override. Valid values are true, false, or 'default'.

default_originate

default-originate. Valid values are True, False, or 'default'. Related: default_originate_route_map.

default_originate_route_map

Optional route-map for the default_originate property. Can be used independently or in conjunction with default_originate. Valid values are a string defining a route-map name, or 'default'.

filter_list_in

Valid values are a string defining a filter-list name, or 'default'.

filter_list_out

Valid values are a string defining a filter-list name, or 'default'.

max_prefix_limit

maximum-prefix limit value. Valid values are an integer value or 'default'. Related: max_prefix_threshold, max_prefix_interval, and max_prefix_warning.

max_prefix_interval

Optional restart interval. Valid values are an integer value or 'default'. Requires max_prefix_limit.

max_prefix_threshold

Optional threshold percentage at which to generate a warning. Valid values are an integer value or 'default'. Requires max_prefix_limit.

max_prefix_warning

Optional warning-only keyword. Valid values are True, False, or 'default'. Requires max_prefix_limit.

next_hop_self

next-hop-self. Valid values are True, False, or 'default'.

next_hop_third_party

next-hop-third-party. Valid values are True, False, or 'default'.

prefix_list_in

Valid values are a string defining a prefix-list name, or 'default'.

prefix_list_out

Valid values are a string defining a prefix-list name, or 'default'.

rewrite_evpn_rt_asn

rewrite_evpn_rt_asn state. Valid values are True, False or 'default'.

route_map_in

Valid values are a string defining a route-map name, or 'default'.

route_map_out

Valid values are a string defining a route-map name, or 'default'.

route_reflector_client

route-reflector-client. Valid values are True, False, or 'default'.

send_community

send-community attribute. Valid values are 'none', 'both', 'extended', 'standard', or 'default'.

soft_reconfiguration_in

soft-reconfiguration inbound. Valid values are enable for basic command enablement; always to add the always keyword to the basic command; and inherit to remove the command at this level (the command value is inherited from a higher BGP layer).

soo

Site-of-origin. Valid values are a string defining a VPN extcommunity or 'default'.

suppress_inactive

suppress-inactive Valid values are True, False, or 'default'.

unsuppress_map

unsuppress-map. Valid values are a string defining a route-map name or 'default'.

weight

weight value. Valid values are an integer value or 'default'.

--

Type: cisco_bridge_domain

Manages a cisco Bridge-Domain

Platform	OS Minimum Version	Module Minimum Version
N9k	not applicable	not applicable
N3k	not applicable	not applicable
N5k	not applicable	not applicable
N6k	not applicable	not applicable
N7k	7.3(0)D1(1)	1.3.0
N9k-F	not applicable	not applicable
N3k-F	not applicable	not applicable

Parameters

ensure

Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.

bd

ID of the Bridge Domain. Valid values are integer.

bd_name

The bridge-domain name. Valid values are String or keyword 'default'. When the bd_name is set to 'default', this property is NOT idempotent.

shutdown

Specifies the shutdown state of the bridge-domain. Valid values are true, false, 'default'.

fabric_control

Specifies this bridge-domain as the fabric control bridge-domain. Only one bridge-domain or VLAN can be configured as fabric-control. Valid values are true, false, keyword 'default.

--

Type: cisco_bridge_domain_vni

Creates a Virtual Network Identifier member (VNI) mapping for cisco Bridge-Domain.

Platform	OS Minimum Version	Module Minimum Version
N9k	not applicable	not applicable
N3k	not applicable	not applicable
N5k	not applicable	not applicable
N6k	not applicable	not applicable
N7k	7.3(0)D1(1)	1.3.0
N9k-F	not applicable	not applicable
N3k-F	not applicable	not applicable

Parameters

ensure

Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.

bd

The bridge-domain ID. Valid values are one or range of integers.

member_vni

The Virtual Network Identifier (VNI) id that is mapped to the VLAN. Valid values are one or range of integers

--

Type: cisco_dhcp_relay_global

Manages configuration of a DHCP relay global configuration.

Platform	OS Minimum Version	Module Minimum Version
N9k	7.0(3)I2(2e)	1.4.0
N3k	7.0(3)I2(2e)	1.4.0
N5k	7.3(0)N1(1)	1.4.0
N6k	7.3(0)N1(1)	1.4.0
N7k	7.3(0)D1(1)	1.4.0
N9k-F	7.0(3)F1(1)	1.5.0
N3k-F	7.0(3)F3(2)	1.8.0

Caveats

Property	Caveat Description
ipv4_information_option_trust	Not supported on N5k, N6k
ipv4_information_trust_all	Not supported on N5k, N6k
ipv4_src_addr_hsrp	Not supported on N3k, N3k-F, N9k, N9k-F
ipv4_sub_option_circuit_id_custom	Not supported on N7k, N3k-F, N9k-F(TBD) and supported on N3k and N9k running os version 7.0(3)I3.1 and later
ipv4_sub_option_circuit_id_string	Supported on N3k Supported in OS Version 7.0(3)I6(1) and later on N9k
ipv6_option_cisco	Not supported on N5k, N6k

Parameters

ipv4_information_option

Enables inserting relay information in BOOTREQUEST. Valid values are true, false, 'default'.

ipv4_information_option_trust

Enables relay trust functionality on the system. Valid values are true, false, 'default'.

ipv4_information_option_vpn

Enables relay support across VRFs. Valid values are true, false, 'default'.

ipv4_information_trust_all

Enables relay trust on all the interfaces. Valid values are true, false, 'default'.

ipv4_relay

Enables DHCP relay agent. Valid values are true, false, 'default'.

ipv4_smart_relay

Enables DHCP smart relay. Valid values are true, false, 'default'.

ipv4_src_addr_hsrp

Enables Virtual IP instead of SVI address. Valid values are true, false, 'default'.

ipv4_src_intf

Source interface for the DHCPV4 relay. Valid values are string, keyword 'default'.

ipv4_sub_option_circuit_id_custom

Enables circuit id customized to include vlan id, slot and port info. Valid values are true, false, 'default'.

ipv4_sub_option_circuit_id_string

Specifies suboption format type string. Valid values are string, keyword 'default'.

ipv4_sub_option_cisco

Enables cisco propritery suboptions. Valid values are true, false, 'default'.

ipv6_option_cisco

Enables cisco propritery suboptions for DHCPV6. Valid values are true, false, 'default'.

ipv6_option_vpn

Enables DHCPv6 relay support across VRFs. Valid values are true, false, 'default'.

ipv6_relay

Enables DHCPv6 relay agent. Valid values are true, false, 'default'.

ipv6_src_intf

Source interface for the DHCPV6 relay. Valid values are string, keyword 'default'.

--

Type: cisco_encapsulation

Manages a Global VNI Encapsulation profile

Platform	OS Minimum Version	Module Minimum Version
N9k	not applicable	not applicable
N3k	not applicable	not applicable
N5k	not applicable	not applicable
N6k	not applicable	not applicable
N7k	7.3(0)D1(1)	1.3.0
N9k-F	not applicable	not applicable
N3k-F	not applicable	not applicable

Parameters

ensure

Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'.

encap

Profile name of the Encapsulation. Valid values are String only.

Properties

dot1q_map

The encapsulation profile dot1q vlan-to-vni mapping. Valid values are an array of [vlans, vnis] pairs.

--

Type: cisco_evpn_multicast

Manages advertise evpn multicast configurations of a Cisco device.

Platform	OS Minimum Version	Module Minimum Version
N9k	7.0(3)I7(1)	1.9.0
N3k	not applicable	not applicable
N5k	not applicable	not applicable
N6k	not applicable	not applicable
N7k	not applicable	not applicable
N9k-F	not applicable	not applicable
N3k-F	not applicable	not applicable

Parameters

ensure

Determines whether or not the config should be present on the device. Valid values are 'present' and 'absent'. Default value is 'present'.

name

The EVPN Multicast identifier. Valid values are 'default' only.

--

Type: cisco_evpn_multisite

Manages Cisco Ethernet Virtual Private Network (EVPN) Multisite configurations of a Cisco device.

Platform	OS Minimum Version	Module Minimum Version
N9k	7.0(3)I7(1)	1.9.0
N3k	not applicable	not applicable
N5k	not applicable	not applicable
N6k	not applicable	not applicable
N7k	not applicable	not applicable
N9k-F	not applicable	not applicable
N3k-F	not applicable	not applicable

Caveats

The cisco_evpn_multisite is only supported on N9K-EX and N9K-FX devices. For eg: N9K-C93180YC-EX.

Parameters