Cisco Nexus 3000 and 9000 Series NX-API REST SDK API, Release 9.3(x)

NX-OS 9.3(x)

Cisco Nexus 3000 and 9000 Series NX-API REST Documentation

Configuring DSCP Wildcard Mask for IPv4

DME

YANG

Copy
POST http://<mgmt0_IP>/api/mo/sys/acl/ipv4.json
{
  "ipv4aclAF": {
    "children": [
      {
        "ipv4aclACL": {
          "attributes": {
            "name": "acl-01"
          },
          "children": [
            {
              "ipv4aclACE": {
                "attributes": {
                  "action": "permit",
                  "dscp": "33",
                  "dscpMask": "30",
                  "dstPrefix": "20.1.1.2",
                  "dstPrefixLength": "24",
                  "protocol": "ip",
                  "seqNum": "10",
                  "srcPrefix": "10.1.1.1",
                  "srcPrefixLength": "24"
}}}]}}]}}
Response
{
    imdata:[]
}

Copy
<System>
  <acl-items>
    <ipv4-items>
      <name-items>
        <ACL-list>
          <name>acl-01</name>
          <seq-items>
            <ACE-list>
              <seqNum>10</seqNum>
              <action>permit</action>
              <dscp>33</dscp>
              <dscpMask>30</dscpMask>
              <dstPrefix>20.1.1.2</dstPrefix>
              <dstPrefixLength>24</dstPrefixLength>
              <protocol>0</protocol>
              <srcPrefix>10.1.1.1</srcPrefix>
              <srcPrefixLength>24</srcPrefixLength>
            </ACE-list>
          </seq-items>
        </ACL-list>
      </name-items>
    </ipv4-items>
  </acl-items>
</System>

Configuring DSCP Wildcard Mask

You can classify traffic that is based on the DSCP value in the DiffServ field of the IP header. To filter the classification further, include a DSCP wildcard mask.

For more information, see the Cisco Nexus 3000 Series NX-OS QoS Configuration Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-3000-series-switches/series.html

Configuring DSCP Wildcard Mask for IPv4

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ip access-list acl-01
10 permit ip 10.1.1.1/24 20.1.1.2/24 dscp 33 30

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
ipv4aclAF	sys/acl/ipv4
ipv4aclACL	sys/acl/ipv4/name-acl-01
ipv4aclACE	sys/acl/ipv4/name-acl-01/seq-10

ipv4aclACE Properties

The following table contains information about the ipv4aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
action	acl:ActionType (scalar:Enum8)	Specify packets to forward or reject	SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid
dscp	scalar:UByte	dscp	RANGE: [0 , 63]
dscpMask	scalar:UByte	dscpMask	RANGE: [0 , 63]
dstPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Destination IPv4 prefix	Value must match ipv4 format
dstPrefixLength	ipv4acl:IPv4PrefixLen (scalar:UByte)	Destination IPv4 prefix length	RANGE: [0 , 32] DEFAULT: 0
protocol	ipv4acl:Protocol (scalar:UByte)	Protocol for access-list entry	SELECTION: 0 - ip 1 - icmp 2 - igmp 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp 254 - udf DEFAULT: 255
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
srcPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Source IPv4 prefix	Value must match ipv4 format
srcPrefixLength	ipv4acl:IPv4PrefixLen (scalar:UByte)	Source IPv4 prefix length	RANGE: [0 , 32] DEFAULT: 0

ipv4aclACL Properties

The following table contains information about the ipv4aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting DSCP Wildcard Mask for IPv4

Note: This example was added in Release 9.3(5).

CLI Commands

ip access-list acl-01
no 10 permit ip 10.1.1.1/24 20.1.1.2/24 dscp 33 30

Verifying a DME Configuration

MO	DN
ipv4aclAF	sys/acl/ipv4
ipv4aclACL	sys/acl/ipv4/name-acl-01
ipv4aclACE	sys/acl/ipv4/name-acl-01/seq-10

ipv4aclACL Properties

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

ipv4aclACE Properties

Property Name	Data Type	Description	Values
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the DSCP Bit Mask on Which to Match or Filter Traffic for IPv4

Note: This example was added in Release 9.3(5).

CLI Commands

ip access-list acl-01
10 permit ip 10.2.3.4/24 20.1.2.3/24 dscp 33

Verifying a DME Configuration

MO	DN
ipv4aclAF	sys/acl/ipv4
ipv4aclACL	sys/acl/ipv4/name-acl-01
ipv4aclACE	sys/acl/ipv4/name-acl-01/seq-10

ipv4aclACE Properties

Property Name	Data Type	Description	Values
action	acl:ActionType (scalar:Enum8)	Specify packets to forward or reject	SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid
dscp	scalar:UByte	dscp	RANGE: [0 , 63]
dstPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Destination IPv4 prefix	Value must match ipv4 format
dstPrefixLength	ipv4acl:IPv4PrefixLen (scalar:UByte)	Destination IPv4 prefix length	RANGE: [0 , 32] DEFAULT: 0
protocol	ipv4acl:Protocol (scalar:UByte)	Protocol for access-list entry	SELECTION: 0 - ip 1 - icmp 2 - igmp 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp 254 - udf DEFAULT: 255
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
srcPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Source IPv4 prefix	Value must match ipv4 format
srcPrefixLength	ipv4acl:IPv4PrefixLen (scalar:UByte)	Source IPv4 prefix length	RANGE: [0 , 32] DEFAULT: 0

ipv4aclACL Properties

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the DSCP Bit Mask on Which to Match or Filter Traffic for IPv4

Note: This example was added in Release 9.3(5).

CLI Commands

ip access-list acl-01
no 10 permit ip 10.2.3.4/24 20.1.2.3/24 dscp 33

Verifying a DME Configuration

MO	DN
ipv4aclAF	sys/acl/ipv4
ipv4aclACL	sys/acl/ipv4/name-acl-01
ipv4aclACE	sys/acl/ipv4/name-acl-01/seq-10

ipv4aclACL Properties

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

ipv4aclACE Properties

Property Name	Data Type	Description	Values
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring DSCP Wildcard Mask for IPv6

Note: This example was added in Release 9.3(5).

CLI Commands

ipv6 access-list acl-01
10 permit ipv6 1:2::3:4/24 2:4::6:8/24 dscp 33 30

Verifying a DME Configuration

MO	DN
ipv6aclAF	sys/acl/ipv6
ipv6aclACL	sys/acl/ipv6/name-acl-01
ipv6aclACE	sys/acl/ipv6/name-acl-01/seq-10

ipv6aclACE Properties

The following table contains information about the ipv6aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
action	acl:ActionType (scalar:Enum8)	Specify packets to forward or reject	SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid
dscp	scalar:UByte	dscp	RANGE: [0 , 63]
dscpMask	scalar:UByte	dscpMask	RANGE: [0 , 63]
dstPrefix	ipv6acl:IPv6Prefix (address:IPv6)	Destination IPv6 prefix	Value must match ipv6 format
dstPrefixLength	ipv6acl:IPv6PrefixLen (scalar:UByte)	Destination IPv6 prefix length	RANGE: [0 , 128] DEFAULT: 0
protocol	ipv6acl:Protocol (scalar:UByte)	Protocol for access-list entry	SELECTION: 0 - ipv6 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 58 - icmp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp 132 - sctp 254 - udf DEFAULT: 255
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
srcPrefix	ipv6acl:IPv6Prefix (address:IPv6)	Source IPv6 prefix	Value must match ipv6 format
srcPrefixLength	ipv6acl:IPv6PrefixLen (scalar:UByte)	Source IPv6 prefix length	RANGE: [0 , 128] DEFAULT: 0

ipv6aclACL Properties

The following table contains information about the ipv6aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting DSCP Wildcard Mask for IPv6

Note: This example was added in Release 9.3(5).

CLI Commands

ipv6 access-list acl-01
no 10 permit ipv6 1:2::3:4/24 2:4::6:8/24 dscp 33 30

Verifying a DME Configuration

MO	DN
ipv6aclAF	sys/acl/ipv6
ipv6aclACL	sys/acl/ipv6/name-acl-01
ipv6aclACE	sys/acl/ipv6/name-acl-01/seq-10

ipv6aclACE Properties

Property Name	Data Type	Description	Values
action	acl:ActionType (scalar:Enum8)	Specify packets to forward or reject	SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid
dscp	scalar:UByte	dscp	RANGE: [0 , 63]
dscpMask	scalar:UByte	dscpMask	RANGE: [0 , 63]
dstPrefix	ipv6acl:IPv6Prefix (address:IPv6)	Destination IPv6 prefix	Value must match ipv6 format
dstPrefixLength	ipv6acl:IPv6PrefixLen (scalar:UByte)	Destination IPv6 prefix length	RANGE: [0 , 128] DEFAULT: 0
protocol	ipv6acl:Protocol (scalar:UByte)	Protocol for access-list entry	SELECTION: 0 - ipv6 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 58 - icmp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp 132 - sctp 254 - udf DEFAULT: 255
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
srcPrefix	ipv6acl:IPv6Prefix (address:IPv6)	Source IPv6 prefix	Value must match ipv6 format
srcPrefixLength	ipv6acl:IPv6PrefixLen (scalar:UByte)	Source IPv6 prefix length	RANGE: [0 , 128] DEFAULT: 0

ipv6aclACL Properties

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the DSCP Bit Mask on Which to Match or Filter Traffic for IPv6

Note: This example was added in Release 9.3(5).

CLI Commands

ipv6 access-list acl-01
10 permit ipv6 1:2::3:4/24 2:4::6:8/24 dscp 33

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
topSystem	sys
aclEntity	sys/acl
ipv6aclAF	sys/acl/ipv6
ipv6aclACL	sys/acl/ipv6/name-{name}
ipv6aclACE	sys/acl/ipv6/name-{name}/seq-{seqNum}

ipv6aclACL Properties

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

ipv6aclACE Properties

Property Name	Data Type	Description	Values
action	acl:ActionType (scalar:Enum8)	Specify packets to forward or reject	SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid
dscp	scalar:UByte	dscp	RANGE: [0 , 63]
dstPrefix	ipv6acl:IPv6Prefix (address:IPv6)	Destination IPv6 prefix	Value must match ipv6 format
dstPrefixLength	ipv6acl:IPv6PrefixLen (scalar:UByte)	Destination IPv6 prefix length	RANGE: [0 , 128] DEFAULT: 0
protocol	ipv6acl:Protocol (scalar:UByte)	Protocol for access-list entry	SELECTION: 0 - ipv6 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 58 - icmp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp 132 - sctp 254 - udf DEFAULT: 255
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
srcPrefix	ipv6acl:IPv6Prefix (address:IPv6)	Source IPv6 prefix	Value must match ipv6 format
srcPrefixLength	ipv6acl:IPv6PrefixLen (scalar:UByte)	Source IPv6 prefix length	RANGE: [0 , 128] DEFAULT: 0

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the DSCP Bit Mask on Which to Match or Filter Traffic for IPv6

Note: This example was added in Release 9.3(5).

CLI Commands

ipv6 access-list acl-01
no 10 permit ipv6 1:2::3:4/24 2:4::6:8/24 dscp 33

MO	DN
topSystem	sys
aclEntity	sys/acl
ipv6aclAF	sys/acl/ipv6
ipv6aclACL	sys/acl/ipv6/name-{name}
ipv6aclACE	sys/acl/ipv6/name-{name}/seq-{seqNum}

ipv6aclACL Properties

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

ipv6aclACE Properties

Property Name	Data Type	Description	Values
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html