Configuring DSCP Wildcard Mask
You can classify traffic that is based on the DSCP value in the DiffServ field of the IP header. To filter the classification further, include a DSCP wildcard mask.
For more information, see the Cisco Nexus 3000 Series NX-OS QoS Configuration Guide:
https://www.cisco.com/c/en/us/support/switches/nexus-3000-series-switches/series.html
Configuring DSCP Wildcard Mask for IPv4
Configuring DSCP Wildcard Mask for IPv4
POST http://<mgmt0_IP>/api/mo/sys/acl/ipv4.json
{
"ipv4aclAF": {
"children": [
{
"ipv4aclACL": {
"attributes": {
"name": "acl-01"
},
"children": [
{
"ipv4aclACE": {
"attributes": {
"action": "permit",
"dscp": "33",
"dscpMask": "30",
"dstPrefix": "20.1.1.2",
"dstPrefixLength": "24",
"protocol": "ip",
"seqNum": "10",
"srcPrefix": "10.1.1.1",
"srcPrefixLength": "24"
}}}]}}]}}
{
imdata:[]
}
<System>
<acl-items>
<ipv4-items>
<name-items>
<ACL-list>
<name>acl-01</name>
<seq-items>
<ACE-list>
<seqNum>10</seqNum>
<action>permit</action>
<dscp>33</dscp>
<dscpMask>30</dscpMask>
<dstPrefix>20.1.1.2</dstPrefix>
<dstPrefixLength>24</dstPrefixLength>
<protocol>0</protocol>
<srcPrefix>10.1.1.1</srcPrefix>
<srcPrefixLength>24</srcPrefixLength>
</ACE-list>
</seq-items>
</ACL-list>
</name-items>
</ipv4-items>
</acl-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ip access-list acl-01
10 permit ip 10.1.1.1/24 20.1.1.2/24 dscp 33 30
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| ipv4aclAF | sys/acl/ipv4 |
| ipv4aclACL | sys/acl/ipv4/name-acl-01 |
| ipv4aclACE | sys/acl/ipv4/name-acl-01/seq-10 |
ipv4aclACE Properties
The following table contains information about the ipv4aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| action | acl:ActionType (scalar:Enum8) | Specify packets to forward or reject | SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid |
| dscp | scalar:UByte | dscp | RANGE: [0 , 63] |
| dscpMask | scalar:UByte | dscpMask | RANGE: [0 , 63] |
| dstPrefix | ipv4acl:IPv4Prefix (address:IPv4) | Destination IPv4 prefix | Value must match ipv4 format |
| dstPrefixLength | ipv4acl:IPv4PrefixLen (scalar:UByte) | Destination IPv4 prefix length | RANGE: [0 , 32] DEFAULT: 0 |
| protocol | ipv4acl:Protocol (scalar:UByte) | Protocol for access-list entry | SELECTION: 0 - ip 1 - icmp 2 - igmp 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp 254 - udf DEFAULT: 255 |
| seqNum | acl:SequenceNumber (scalar:Uint32) | Sequence number | RANGE: [0 , 4294967295] |
| srcPrefix | ipv4acl:IPv4Prefix (address:IPv4) | Source IPv4 prefix | Value must match ipv4 format |
| srcPrefixLength | ipv4acl:IPv4PrefixLen (scalar:UByte) | Source IPv4 prefix length | RANGE: [0 , 32] DEFAULT: 0 |
ipv4aclACL Properties
The following table contains information about the ipv4aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | acl:Name (string:Basic) | Name of Access lists | MAX SIZE: 63 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting DSCP Wildcard Mask for IPv4
Deleting DSCP Wildcard Mask for IPv4
POST http://<mgmt0_IP>/api/mo/sys/acl/ipv4.json
{
"ipv4aclAF": {
"children": [
{
"ipv4aclACL": {
"attributes": {
"name": "acl-01"
},
"children": [
{
"ipv4aclACE": {
"attributes": {
"seqNum": "10",
"status": "deleted"
}}}]}}]}}
{
imdata:[]
}
<System>
<acl-items>
<ipv4-items>
<name-items>
<ACL-list>
<name>acl-01</name>
<seq-items>
<ACE-list nc:operation="delete">
<seqNum>10</seqNum>
</ACE-list>
</seq-items>
</ACL-list>
</name-items>
</ipv4-items>
</acl-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ip access-list acl-01
no 10 permit ip 10.1.1.1/24 20.1.1.2/24 dscp 33 30
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| ipv4aclAF | sys/acl/ipv4 |
| ipv4aclACL | sys/acl/ipv4/name-acl-01 |
| ipv4aclACE | sys/acl/ipv4/name-acl-01/seq-10 |
ipv4aclACL Properties
The following table contains information about the ipv4aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | acl:Name (string:Basic) | Name of Access lists | MAX SIZE: 63 |
ipv4aclACE Properties
The following table contains information about the ipv4aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| seqNum | acl:SequenceNumber (scalar:Uint32) | Sequence number | RANGE: [0 , 4294967295] |
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the DSCP Bit Mask on Which to Match or Filter Traffic for IPv4
Configuring the DSCP Bit Mask on Which to Match or Filter Traffic for IPv4
POST http://<mgmt0_IP>/api/mo/sys/acl/ipv4.json
{
"ipv4aclAF": {
"children": [
{
"ipv4aclACL": {
"attributes": {
"name": "acl-01"
},
"children": [
{
"ipv4aclACE": {
"attributes": {
"action": "permit",
"dscp": "33",
"dstPrefix": "20.1.2.3",
"dstPrefixLength": "24",
"protocol": "ip",
"seqNum": "10",
"srcPrefix": "10.2.3.4",
"srcPrefixLength": "24"
}}}]}}]}}
{
imdata:[]
}
<System>
<acl-items>
<ipv4-items>
<name-items>
<ACL-list>
<name>acl-01</name>
<seq-items>
<ACE-list>
<seqNum>10</seqNum>
<action>permit</action>
<dscp>33</dscp>
<dstPrefix>20.1.2.3</dstPrefix>
<dstPrefixLength>24</dstPrefixLength>
<protocol>0</protocol>
<srcPrefix>10.2.3.4</srcPrefix>
<srcPrefixLength>24</srcPrefixLength>
</ACE-list>
</seq-items>
</ACL-list>
</name-items>
</ipv4-items>
</acl-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ip access-list acl-01
10 permit ip 10.2.3.4/24 20.1.2.3/24 dscp 33
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| ipv4aclAF | sys/acl/ipv4 |
| ipv4aclACL | sys/acl/ipv4/name-acl-01 |
| ipv4aclACE | sys/acl/ipv4/name-acl-01/seq-10 |
ipv4aclACE Properties
The following table contains information about the ipv4aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| action | acl:ActionType (scalar:Enum8) | Specify packets to forward or reject | SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid |
| dscp | scalar:UByte | dscp | RANGE: [0 , 63] |
| dstPrefix | ipv4acl:IPv4Prefix (address:IPv4) | Destination IPv4 prefix | Value must match ipv4 format |
| dstPrefixLength | ipv4acl:IPv4PrefixLen (scalar:UByte) | Destination IPv4 prefix length | RANGE: [0 , 32] DEFAULT: 0 |
| protocol | ipv4acl:Protocol (scalar:UByte) | Protocol for access-list entry | SELECTION: 0 - ip 1 - icmp 2 - igmp 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp 254 - udf DEFAULT: 255 |
| seqNum | acl:SequenceNumber (scalar:Uint32) | Sequence number | RANGE: [0 , 4294967295] |
| srcPrefix | ipv4acl:IPv4Prefix (address:IPv4) | Source IPv4 prefix | Value must match ipv4 format |
| srcPrefixLength | ipv4acl:IPv4PrefixLen (scalar:UByte) | Source IPv4 prefix length | RANGE: [0 , 32] DEFAULT: 0 |
ipv4aclACL Properties
The following table contains information about the ipv4aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | acl:Name (string:Basic) | Name of Access lists | MAX SIZE: 63 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the DSCP Bit Mask on Which to Match or Filter Traffic for IPv4
Deleting the DSCP Bit Mask on Which to Match or Filter Traffic for IPv4
POST http://<mgmt0_IP>/api/mo/sys/acl/ipv4.json
{
"ipv4aclAF": {
"children": [
{
"ipv4aclACL": {
"attributes": {
"name": "acl-01"
},
"children": [
{
"ipv4aclACE": {
"attributes": {
"seqNum": "10",
"status": "deleted"
}}}]}}]}}
{
imdata:[]
}
<System>
<acl-items>
<ipv4-items>
<name-items>
<ACL-list>
<name>acl-01</name>
<seq-items>
<ACE-list nc:operation="delete">
<seqNum>10</seqNum>
</ACE-list>
</seq-items>
</ACL-list>
</name-items>
</ipv4-items>
</acl-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ip access-list acl-01
no 10 permit ip 10.2.3.4/24 20.1.2.3/24 dscp 33
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| ipv4aclAF | sys/acl/ipv4 |
| ipv4aclACL | sys/acl/ipv4/name-acl-01 |
| ipv4aclACE | sys/acl/ipv4/name-acl-01/seq-10 |
ipv4aclACL Properties
The following table contains information about the ipv4aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | acl:Name (string:Basic) | Name of Access lists | MAX SIZE: 63 |
ipv4aclACE Properties
The following table contains information about the ipv4aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| seqNum | acl:SequenceNumber (scalar:Uint32) | Sequence number | RANGE: [0 , 4294967295] |
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring DSCP Wildcard Mask for IPv6
Configuring DSCP Wildcard Mask for IPv6
POST http://<mgmt0_IP>/api/mo/sys/acl/ipv6.json
{
"ipv6aclAF": {
"children": [
{
"ipv6aclACL": {
"attributes": {
"name": "acl-01"
},
"children": [
{
"ipv6aclACE": {
"attributes": {
"action": "permit",
"dscp": "33",
"dscpMask": "30",
"dstPrefix": "2:4::6:8",
"dstPrefixLength": "24",
"protocol": "ipv6",
"seqNum": "10",
"srcPrefix": "1:2::3:4",
"srcPrefixLength": "24"
}}}]}}]}}
{
imdata:[]
}
<System>
<acl-items>
<ipv6-items>
<name-items>
<ACL-list>
<name>acl-01</name>
<seq-items>
<ACE-list>
<seqNum>10</seqNum>
<action>permit</action>
<dscp>33</dscp>
<dscpMask>30</dscpMask>
<dstPrefix>2:4::6:8</dstPrefix>
<dstPrefixLength>24</dstPrefixLength>
<protocol>0</protocol>
<srcPrefix>1:2::3:4</srcPrefix>
<srcPrefixLength>24</srcPrefixLength>
</ACE-list>
</seq-items>
</ACL-list>
</name-items>
</ipv6-items>
</acl-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 access-list acl-01
10 permit ipv6 1:2::3:4/24 2:4::6:8/24 dscp 33 30
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| ipv6aclAF | sys/acl/ipv6 |
| ipv6aclACL | sys/acl/ipv6/name-acl-01 |
| ipv6aclACE | sys/acl/ipv6/name-acl-01/seq-10 |
ipv6aclACE Properties
The following table contains information about the ipv6aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| action | acl:ActionType (scalar:Enum8) | Specify packets to forward or reject | SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid |
| dscp | scalar:UByte | dscp | RANGE: [0 , 63] |
| dscpMask | scalar:UByte | dscpMask | RANGE: [0 , 63] |
| dstPrefix | ipv6acl:IPv6Prefix (address:IPv6) | Destination IPv6 prefix | Value must match ipv6 format |
| dstPrefixLength | ipv6acl:IPv6PrefixLen (scalar:UByte) | Destination IPv6 prefix length | RANGE: [0 , 128] DEFAULT: 0 |
| protocol | ipv6acl:Protocol (scalar:UByte) | Protocol for access-list entry | SELECTION: 0 - ipv6 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 58 - icmp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp 132 - sctp 254 - udf DEFAULT: 255 |
| seqNum | acl:SequenceNumber (scalar:Uint32) | Sequence number | RANGE: [0 , 4294967295] |
| srcPrefix | ipv6acl:IPv6Prefix (address:IPv6) | Source IPv6 prefix | Value must match ipv6 format |
| srcPrefixLength | ipv6acl:IPv6PrefixLen (scalar:UByte) | Source IPv6 prefix length | RANGE: [0 , 128] DEFAULT: 0 |
ipv6aclACL Properties
The following table contains information about the ipv6aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | acl:Name (string:Basic) | Name of Access lists | MAX SIZE: 63 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting DSCP Wildcard Mask for IPv6
Deleting DSCP Wildcard Mask for IPv6
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"aclEntity": {
"children": [
{
"ipv6aclAF": {
"children": [
{
"ipv6aclACL": {
"attributes": {
"name": "acl-01"
},
"children": [
{
"ipv6aclACE": {
"attributes": {
"seqNum": "10",
"status": "deleted"
}
}
}
]
}
}
]
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<acl-items>
<ipv6-items>
<name-items>
<ACL-list>
<name>acl-01</name>
<seq-items>
<ACE-list>
<seqNum>10</seqNum>
<action>permit</action>
<dscp>33</dscp>
<dscpMask>30</dscpMask>
<dstPrefix>2:4::6:8</dstPrefix>
<dstPrefixLength>24</dstPrefixLength>
<protocol>0</protocol>
<srcPrefix>1:2::3:4</srcPrefix>
<srcPrefixLength>24</srcPrefixLength>
</ACE-list>
</seq-items>
</ACL-list>
</name-items>
</ipv6-items>
</acl-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 access-list acl-01
no 10 permit ipv6 1:2::3:4/24 2:4::6:8/24 dscp 33 30
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| ipv6aclAF | sys/acl/ipv6 |
| ipv6aclACL | sys/acl/ipv6/name-acl-01 |
| ipv6aclACE | sys/acl/ipv6/name-acl-01/seq-10 |
ipv6aclACE Properties
The following table contains information about the ipv6aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| action | acl:ActionType (scalar:Enum8) | Specify packets to forward or reject | SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid |
| dscp | scalar:UByte | dscp | RANGE: [0 , 63] |
| dscpMask | scalar:UByte | dscpMask | RANGE: [0 , 63] |
| dstPrefix | ipv6acl:IPv6Prefix (address:IPv6) | Destination IPv6 prefix | Value must match ipv6 format |
| dstPrefixLength | ipv6acl:IPv6PrefixLen (scalar:UByte) | Destination IPv6 prefix length | RANGE: [0 , 128] DEFAULT: 0 |
| protocol | ipv6acl:Protocol (scalar:UByte) | Protocol for access-list entry | SELECTION: 0 - ipv6 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 58 - icmp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp 132 - sctp 254 - udf DEFAULT: 255 |
| seqNum | acl:SequenceNumber (scalar:Uint32) | Sequence number | RANGE: [0 , 4294967295] |
| srcPrefix | ipv6acl:IPv6Prefix (address:IPv6) | Source IPv6 prefix | Value must match ipv6 format |
| srcPrefixLength | ipv6acl:IPv6PrefixLen (scalar:UByte) | Source IPv6 prefix length | RANGE: [0 , 128] DEFAULT: 0 |
ipv6aclACL Properties
The following table contains information about the ipv6aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | acl:Name (string:Basic) | Name of Access lists | MAX SIZE: 63 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the DSCP Bit Mask on Which to Match or Filter Traffic for IPv6
Configuring the DSCP Bit Mask on Which to Match or Filter Traffic for IPv6
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"aclEntity": {
"children": [
{
"ipv6aclAF": {
"children": [
{
"ipv6aclACL": {
"attributes": {
"name": "acl-01"
},
"children": [
{
"ipv6aclACE": {
"attributes": {
"action": "permit",
"dscp": "33",
"dstPrefix": "2:4::6:8",
"dstPrefixLength": "24",
"protocol": "ipv6",
"seqNum": "10",
"srcPrefix": "1:2::3:4",
"srcPrefixLength": "24"
}
}
}
]
}
}
]
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<acl-items>
<ipv6-items>
<name-items>
<ACL-list>
<name>acl-01</name>
<seq-items>
<ACE-list>
<seqNum>10</seqNum>
<action>permit</action>
<dscp>33</dscp>
<dstPrefix>2:4::6:8</dstPrefix>
<dstPrefixLength>24</dstPrefixLength>
<protocol>0</protocol>
<srcPrefix>1:2::3:4</srcPrefix>
<srcPrefixLength>24</srcPrefixLength>
</ACE-list>
</seq-items>
</ACL-list>
</name-items>
</ipv6-items>
</acl-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 access-list acl-01
10 permit ipv6 1:2::3:4/24 2:4::6:8/24 dscp 33
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| aclEntity | sys/acl |
| ipv6aclAF | sys/acl/ipv6 |
| ipv6aclACL | sys/acl/ipv6/name-{name} |
| ipv6aclACE | sys/acl/ipv6/name-{name}/seq-{seqNum} |
ipv6aclACL Properties
The following table contains information about the ipv6aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | acl:Name (string:Basic) | Name of Access lists | MAX SIZE: 63 |
ipv6aclACE Properties
The following table contains information about the ipv6aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| action | acl:ActionType (scalar:Enum8) | Specify packets to forward or reject | SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid |
| dscp | scalar:UByte | dscp | RANGE: [0 , 63] |
| dstPrefix | ipv6acl:IPv6Prefix (address:IPv6) | Destination IPv6 prefix | Value must match ipv6 format |
| dstPrefixLength | ipv6acl:IPv6PrefixLen (scalar:UByte) | Destination IPv6 prefix length | RANGE: [0 , 128] DEFAULT: 0 |
| protocol | ipv6acl:Protocol (scalar:UByte) | Protocol for access-list entry | SELECTION: 0 - ipv6 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 58 - icmp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp 132 - sctp 254 - udf DEFAULT: 255 |
| seqNum | acl:SequenceNumber (scalar:Uint32) | Sequence number | RANGE: [0 , 4294967295] |
| srcPrefix | ipv6acl:IPv6Prefix (address:IPv6) | Source IPv6 prefix | Value must match ipv6 format |
| srcPrefixLength | ipv6acl:IPv6PrefixLen (scalar:UByte) | Source IPv6 prefix length | RANGE: [0 , 128] DEFAULT: 0 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the DSCP Bit Mask on Which to Match or Filter Traffic for IPv6
Deleting the DSCP Bit Mask on Which to Match or Filter Traffic for IPv6
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"aclEntity": {
"children": [
{
"ipv6aclAF": {
"children": [
{
"ipv6aclACL": {
"attributes": {
"name": "acl-01"
},
"children": [
{
"ipv6aclACE": {
"attributes": {
"seqNum": "10",
"status": "deleted"
}
}
}
]
}
}
]
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<acl-items>
<ipv6-items>
<name-items>
<ACL-list>
<name>acl-01</name>
<seq-items>
<ACE-list nc:operation="delete">
<seqNum>10</seqNum>
</ACE-list>
</seq-items>
</ACL-list>
</name-items>
</ipv6-items>
</acl-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 access-list acl-01
no 10 permit ipv6 1:2::3:4/24 2:4::6:8/24 dscp 33
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| aclEntity | sys/acl |
| ipv6aclAF | sys/acl/ipv6 |
| ipv6aclACL | sys/acl/ipv6/name-{name} |
| ipv6aclACE | sys/acl/ipv6/name-{name}/seq-{seqNum} |
ipv6aclACL Properties
The following table contains information about the ipv6aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | acl:Name (string:Basic) | Name of Access lists | MAX SIZE: 63 |
ipv6aclACE Properties
The following table contains information about the ipv6aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| seqNum | acl:SequenceNumber (scalar:Uint32) | Sequence number | RANGE: [0 , 4294967295] |
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide: