fortios_router_isis – Configure IS-IS in Fortinet’s FortiOS and FortiGate

New in version 2.9.

Synopsis

  • This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and isis category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5

Requirements

The below requirements are needed on the host that executes this module.

  • fortiosapi>=0.9.8

Parameters

Parameter Choices/Defaults Comments
host
string
FortiOS or FortiGate IP address.
https
boolean
    Choices:
  • no
  • yes ←
Indicates if the requests towards FortiGate must use HTTPS protocol.
password
string
Default:
""
FortiOS or FortiGate password.
router_isis
dictionary
Default:
null
Configure IS-IS.
adjacency_check
string
    Choices:
  • enable
  • disable
Enable/disable adjacency check.
adjacency_check6
string
    Choices:
  • enable
  • disable
Enable/disable IPv6 adjacency check.
adv_passive_only
string
    Choices:
  • enable
  • disable
Enable/disable IS-IS advertisement of passive interfaces only.
adv_passive_only6
string
    Choices:
  • enable
  • disable
Enable/disable IPv6 IS-IS advertisement of passive interfaces only.
auth_keychain_l1
string
Authentication key-chain for level 1 PDUs. Source router.key-chain.name.
auth_keychain_l2
string
Authentication key-chain for level 2 PDUs. Source router.key-chain.name.
auth_mode_l1
string
    Choices:
  • password
  • md5
Level 1 authentication mode.
auth_mode_l2
string
    Choices:
  • password
  • md5
Level 2 authentication mode.
auth_password_l1
string
Authentication password for level 1 PDUs.
auth_password_l2
string
Authentication password for level 2 PDUs.
auth_sendonly_l1
string
    Choices:
  • enable
  • disable
Enable/disable level 1 authentication send-only.
auth_sendonly_l2
string
    Choices:
  • enable
  • disable
Enable/disable level 2 authentication send-only.
default_originate
string
    Choices:
  • enable
  • disable
Enable/disable distribution of default route information.
default_originate6
string
    Choices:
  • enable
  • disable
Enable/disable distribution of default IPv6 route information.
dynamic_hostname
string
    Choices:
  • enable
  • disable
Enable/disable dynamic hostname.
ignore_lsp_errors
string
    Choices:
  • enable
  • disable
Enable/disable ignoring of LSP errors with bad checksums.
is_type
string
    Choices:
  • level-1-2
  • level-1
  • level-2-only
IS type.
isis_interface
list
IS-IS interface configuration.
auth_keychain_l1
string
Authentication key-chain for level 1 PDUs. Source router.key-chain.name.
auth_keychain_l2
string
Authentication key-chain for level 2 PDUs. Source router.key-chain.name.
auth_mode_l1
string
    Choices:
  • md5
  • password
Level 1 authentication mode.
auth_mode_l2
string
    Choices:
  • md5
  • password
Level 2 authentication mode.
auth_password_l1
string
Authentication password for level 1 PDUs.
auth_password_l2
string
Authentication password for level 2 PDUs.
auth_send_only_l1
string
    Choices:
  • enable
  • disable
Enable/disable authentication send-only for level 1 PDUs.
auth_send_only_l2
string
    Choices:
  • enable
  • disable
Enable/disable authentication send-only for level 2 PDUs.
circuit_type
string
    Choices:
  • level-1-2
  • level-1
  • level-2
IS-IS interface's circuit type
csnp_interval_l1
integer
Level 1 CSNP interval.
csnp_interval_l2
integer
Level 2 CSNP interval.
hello_interval_l1
integer
Level 1 hello interval.
hello_interval_l2
integer
Level 2 hello interval.
hello_multiplier_l1
integer
Level 1 multiplier for Hello holding time.
hello_multiplier_l2
integer
Level 2 multiplier for Hello holding time.
hello_padding
string
    Choices:
  • enable
  • disable
Enable/disable padding to IS-IS hello packets.
lsp_interval
integer
LSP transmission interval (milliseconds).
lsp_retransmit_interval
integer
LSP retransmission interval (sec).
mesh_group
string
    Choices:
  • enable
  • disable
Enable/disable IS-IS mesh group.
mesh_group_id
integer
Mesh group ID <0-4294967295>, 0: mesh-group blocked.
metric_l1
integer
Level 1 metric for interface.
metric_l2
integer
Level 2 metric for interface.
name
string / required
IS-IS interface name. Source system.interface.name.
network_type
string
    Choices:
  • broadcast
  • point-to-point
  • loopback
IS-IS interface's network type
priority_l1
integer
Level 1 priority.
priority_l2
integer
Level 2 priority.
status
string
    Choices:
  • enable
  • disable
Enable/disable interface for IS-IS.
status6
string
    Choices:
  • enable
  • disable
Enable/disable IPv6 interface for IS-IS.
wide_metric_l1
integer
Level 1 wide metric for interface.
wide_metric_l2
integer
Level 2 wide metric for interface.
isis_net
list
IS-IS net configuration.
id
integer / required
isis-net ID.
net
string
IS-IS net xx.xxxx. ... .xxxx.xx.
lsp_gen_interval_l1
integer
Minimum interval for level 1 LSP regenerating.
lsp_gen_interval_l2
integer
Minimum interval for level 2 LSP regenerating.
lsp_refresh_interval
integer
LSP refresh time in seconds.
max_lsp_lifetime
integer
Maximum LSP lifetime in seconds.
metric_style
string
    Choices:
  • narrow
  • wide
  • transition
  • narrow-transition
  • narrow-transition-l1
  • narrow-transition-l2
  • wide-l1
  • wide-l2
  • wide-transition
  • wide-transition-l1
  • wide-transition-l2
  • transition-l1
  • transition-l2
Use old-style (ISO 10589) or new-style packet formats
overload_bit
string
    Choices:
  • enable
  • disable
Enable/disable signal other routers not to use us in SPF.
overload_bit_on_startup
integer
Overload-bit only temporarily after reboot.
overload_bit_suppress
string
    Choices:
  • external
  • interlevel
Suppress overload-bit for the specific prefixes.
redistribute
list
IS-IS redistribute protocols.
level
string
    Choices:
  • level-1-2
  • level-1
  • level-2
Level.
metric
integer
Metric.
metric_type
string
    Choices:
  • external
  • internal
Metric type.
protocol
string / required
Protocol name.
routemap
string
Route map name. Source router.route-map.name.
status
string
    Choices:
  • enable
  • disable
Status.
redistribute6
list
IS-IS IPv6 redistribution for routing protocols.
level
string
    Choices:
  • level-1-2
  • level-1
  • level-2
Level.
metric
integer
Metric.
metric_type
string
    Choices:
  • external
  • internal
Metric type.
protocol
string / required
Protocol name.
routemap
string
Route map name. Source router.route-map.name.
status
string
    Choices:
  • enable
  • disable
Enable/disable redistribution.
redistribute6_l1
string
    Choices:
  • enable
  • disable
Enable/disable redistribution of level 1 IPv6 routes into level 2.
redistribute6_l1_list
string
Access-list for IPv6 route redistribution from l1 to l2. Source router.access-list6.name.
redistribute6_l2
string
    Choices:
  • enable
  • disable
Enable/disable redistribution of level 2 IPv6 routes into level 1.
redistribute6_l2_list
string
Access-list for IPv6 route redistribution from l2 to l1. Source router.access-list6.name.
redistribute_l1
string
    Choices:
  • enable
  • disable
Enable/disable redistribution of level 1 routes into level 2.
redistribute_l1_list
string
Access-list for route redistribution from l1 to l2. Source router.access-list.name.
redistribute_l2
string
    Choices:
  • enable
  • disable
Enable/disable redistribution of level 2 routes into level 1.
redistribute_l2_list
string
Access-list for route redistribution from l2 to l1. Source router.access-list.name.
spf_interval_exp_l1
string
Level 1 SPF calculation delay.
spf_interval_exp_l2
string
Level 2 SPF calculation delay.
summary_address
list
IS-IS summary addresses.
id
integer / required
Summary address entry ID.
level
string
    Choices:
  • level-1-2
  • level-1
  • level-2
Level.
prefix
string
Prefix.
summary_address6
list
IS-IS IPv6 summary address.
id
integer / required
Prefix entry ID.
level
string
    Choices:
  • level-1-2
  • level-1
  • level-2
Level.
prefix6
string
IPv6 prefix.
ssl_verify
boolean
    Choices:
  • no
  • yes ←
Ensures FortiGate certificate must be verified by a proper CA.
username
string
FortiOS or FortiGate username.
vdom
string
Default:
"root"
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.

Notes

Note

  • Requires fortiosapi library developed by Fortinet
  • Run as a local_action in your playbook

Examples

- hosts: localhost
  vars:
   host: "192.168.122.40"
   username: "admin"
   password: ""
   vdom: "root"
   ssl_verify: "False"
  tasks:
  - name: Configure IS-IS.
    fortios_router_isis:
      host:  "{{ host }}"
      username: "{{ username }}"
      password: "{{ password }}"
      vdom:  "{{ vdom }}"
      https: "False"
      router_isis:
        adjacency_check: "enable"
        adjacency_check6: "enable"
        adv_passive_only: "enable"
        adv_passive_only6: "enable"
        auth_keychain_l1: "<your_own_value> (source router.key-chain.name)"
        auth_keychain_l2: "<your_own_value> (source router.key-chain.name)"
        auth_mode_l1: "password"
        auth_mode_l2: "password"
        auth_password_l1: "<your_own_value>"
        auth_password_l2: "<your_own_value>"
        auth_sendonly_l1: "enable"
        auth_sendonly_l2: "enable"
        default_originate: "enable"
        default_originate6: "enable"
        dynamic_hostname: "enable"
        ignore_lsp_errors: "enable"
        is_type: "level-1-2"
        isis_interface:
         -
            auth_keychain_l1: "<your_own_value> (source router.key-chain.name)"
            auth_keychain_l2: "<your_own_value> (source router.key-chain.name)"
            auth_mode_l1: "md5"
            auth_mode_l2: "md5"
            auth_password_l1: "<your_own_value>"
            auth_password_l2: "<your_own_value>"
            auth_send_only_l1: "enable"
            auth_send_only_l2: "enable"
            circuit_type: "level-1-2"
            csnp_interval_l1: "30"
            csnp_interval_l2: "31"
            hello_interval_l1: "32"
            hello_interval_l2: "33"
            hello_multiplier_l1: "34"
            hello_multiplier_l2: "35"
            hello_padding: "enable"
            lsp_interval: "37"
            lsp_retransmit_interval: "38"
            mesh_group: "enable"
            mesh_group_id: "40"
            metric_l1: "41"
            metric_l2: "42"
            name: "default_name_43 (source system.interface.name)"
            network_type: "broadcast"
            priority_l1: "45"
            priority_l2: "46"
            status: "enable"
            status6: "enable"
            wide_metric_l1: "49"
            wide_metric_l2: "50"
        isis_net:
         -
            id:  "52"
            net: "<your_own_value>"
        lsp_gen_interval_l1: "54"
        lsp_gen_interval_l2: "55"
        lsp_refresh_interval: "56"
        max_lsp_lifetime: "57"
        metric_style: "narrow"
        overload_bit: "enable"
        overload_bit_on_startup: "60"
        overload_bit_suppress: "external"
        redistribute:
         -
            level: "level-1-2"
            metric: "64"
            metric_type: "external"
            protocol: "<your_own_value>"
            routemap: "<your_own_value> (source router.route-map.name)"
            status: "enable"
        redistribute_l1: "enable"
        redistribute_l1_list: "<your_own_value> (source router.access-list.name)"
        redistribute_l2: "enable"
        redistribute_l2_list: "<your_own_value> (source router.access-list.name)"
        redistribute6:
         -
            level: "level-1-2"
            metric: "75"
            metric_type: "external"
            protocol: "<your_own_value>"
            routemap: "<your_own_value> (source router.route-map.name)"
            status: "enable"
        redistribute6_l1: "enable"
        redistribute6_l1_list: "<your_own_value> (source router.access-list6.name)"
        redistribute6_l2: "enable"
        redistribute6_l2_list: "<your_own_value> (source router.access-list6.name)"
        spf_interval_exp_l1: "<your_own_value>"
        spf_interval_exp_l2: "<your_own_value>"
        summary_address:
         -
            id:  "87"
            level: "level-1-2"
            prefix: "<your_own_value>"
        summary_address6:
         -
            id:  "91"
            level: "level-1-2"
            prefix6: "<your_own_value>"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
build
string
always
Build number of the fortigate image

Sample:
1547
http_method
string
always
Last method used to provision the content into FortiGate

Sample:
PUT
http_status
string
always
Last result given by FortiGate on last operation applied

Sample:
200
mkey
string
success
Master key (id) used in the last call to FortiGate

Sample:
id
name
string
always
Name of the table used to fulfill the request

Sample:
urlfilter
path
string
always
Path of the table used to fulfill the request

Sample:
webfilter
revision
string
always
Internal revision number

Sample:
17.0.2.10658
serial
string
always
Serial number of the unit

Sample:
FGVMEVYYQT3AB5352
status
string
always
Indication of the operation's result

Sample:
success
vdom
string
always
Virtual domain used

Sample:
root
version
string
always
Version of the FortiGate

Sample:
v5.6.3


Status

Authors

  • Miguel Angel Munoz (@mamunozgonzalez)
  • Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.