Configuring Secure VXLAN EVPN Multi-Site using CloudSec

Secure VXLAN EVPN Multi-Site using CloudSec ensures data security and data integrity for VXLAN-basedMulti-Site fabrics. Using the cryptographic machinery of IEEE MACSec for UDP packets, this feature providesa secure tunnel between authorized VXLAN EVPN endpoints.

The Secure VXLAN EVPN Multi-Site using CloudSec session is point to point over DCI between border gateways(BGWs) on two different sites. All communication between sites uses Multi-Site PIP instead of VIP. Formigration information, see Migrating from Multi-Site with VIP to Multi-Site with PIP, on page 16.

Secure VXLAN EVPN Multi-Site using CloudSec is enabled on a per-peer basis. Peers that do not support CloudSeccan operate with peers that do support CloudSec, but the traffic is unencrypted. We recommend allowingunencrypted traffic only during migration from non-CloudSec-enabled sites to CloudSec-enabled sites.

CloudSec key exchange uses BGP while MACsec uses the MACsec Key Agreement (MKA). The CloudSeccontrol plane uses the IPv4 address family for the BGP session.

For more information, see the Cisco Nexus 9000 VXLAN Multi-Site Configuration Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-installation-and-configuration-guides-list.html

Configuring Tunnel Encryption

Configuring Tunnel Encryption
POST http://<mgmt0_IP>/api/mo/sys/fm.json
{
  "fmEntity": {
    "children": [
      {
        "fmTunnelEncryption": {
          "attributes": {
            "adminSt": "enabled"
}}}]}}
{
    imdata:[]
}
<System>
  <fm-items>
    <tunnelenc-items>
      <adminSt>enabled</adminSt>
    </tunnelenc-items>
  </fm-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

feature tunnel-encryption


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
fmEntity sys/fm
fmTunnelEncryption sys/fm/tunnelenc


fmTunnelEncryption Properties

The following table contains information about the fmTunnelEncryption properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
adminStfm:AdminState
(scalar:Enum8)
Admin statusSELECTION:
1 - enabled
2 - disabled
DEFAULT: disabled


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Tunnel Encryption

Deleting Tunnel Encryption
POST http://<mgmt0_IP>/api/mo/sys/fm.json
{
  "fmEntity": {
    "children": [
      {
        "fmTunnelEncryption": {
          "attributes": {
            "adminSt": "disabled"
}}}]}}
{
    imdata:[]
}
<System>
  <fm-items>
    <tunnelenc-items>
      <adminSt>disabled</adminSt>
    </tunnelenc-items>
  </fm-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

no feature tunnel-encryption


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
fmEntity sys/fm
fmTunnelEncryption sys/fm/tunnelenc


fmTunnelEncryption Properties

The following table contains information about the fmTunnelEncryption properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
adminStfm:AdminState
(scalar:Enum8)
Admin statusSELECTION:
1 - enabled
2 - disabled
DEFAULT: disabled


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring a Tunnel Encryption Policy

Configuring a Tunnel Encryption Policy
POST http://<mgmt0_IP>/api/mo/sys/tunnelenc.json
{
  "tunnelencEntity": {
    "children": [
      {
        "tunnelencPolicy": {
          "attributes": {
            "policyName": "Pol1"
}}}]}}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <policy-items>
      <Policy-list>
        <policyName>Pol1</policyName>
      </Policy-list>
    </policy-items>
  </tunnelenc-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption policy Pol1


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
tunnelencEntity sys/tunnelenc
tunnelencPolicy sys/tunnelenc/policy-Pol1


tunnelencPolicy Properties

The following table contains information about the tunnelencPolicy properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
policyNametunnelenc:PolicyName
(string:Basic)
Name of tunnel-encryption PolicyA sequence of characters
DEFAULT: system-default-tunenc-policy


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a Tunnel Encryption Policy

Deleting a Tunnel Encryption Policy
POST http://<mgmt0_IP>/api/mo/sys/tunnelenc.json
{
  "tunnelencEntity": {
    "children": [
      {
        "tunnelencPolicy": {
          "attributes": {
            "policyName": "Pol1",
            "status": "deleted"
}}}]}}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <policy-items>
      <Policy-list nc:operation="delete">
        <policyName>Pol1</policyName>
      </Policy-list>
    </policy-items>
  </tunnelenc-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

no tunnel-encryption policy Pol1


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
tunnelencEntity sys/tunnelenc
tunnelencPolicy sys/tunnelenc/policy-Pol1


tunnelencPolicy Properties

The following table contains information about the tunnelencPolicy properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
policyNametunnelenc:PolicyName
(string:Basic)
Name of tunnel-encryption PolicyA sequence of characters
DEFAULT: system-default-tunenc-policy
statusmo:ModificationStatus
(scalar:Bitmask32)
The upgrade status. This property is for internal use only.SELECTION:
2 - created
4 - modified
8 - deleted
16 - replaced


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Window Size

Configuring the Window Size 
POST http://<mgmt0_IP>/api/mo/sys/tunnelenc.json
{
  "tunnelencEntity": {
    "children": [
      {
        "tunnelencPolicy": {
          "attributes": {
            "policyName": "Pol1",
            "replayWindow": "319901218"
}}}]}}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <policy-items>
      <Policy-list>
        <policyName>Pol1</policyName>
        <replayWindow>319901218</replayWindow>
      </Policy-list>
    </policy-items>
  </tunnelenc-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption policy Pol1
  window-size 319901218


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
tunnelencEntity sys/tunnelenc
tunnelencPolicy sys/tunnelenc/policy-Pol1


tunnelencPolicy Properties

The following table contains information about the tunnelencPolicy properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
policyNametunnelenc:PolicyName
(string:Basic)
Name of tunnel-encryption PolicyA sequence of characters
DEFAULT: system-default-tunenc-policy
replayWindowtunnelenc:ReplayWindow
(scalar:Uint32)
Replay Window for tunnel-encryption Policy
RANGE: [134217728 , 1073741823]
DEFAULT: 268435456


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Window Size

Deleting the Window Size 
POST http://<mgmt0_IP>/api/mo/sys/tunnelenc.json
{
  "tunnelencEntity": {
    "children": [
      {
        "tunnelencPolicy": {
          "attributes": {
            "policyName": "Pol1",
            "replayWindow": "268435456"
}}}]}}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <policy-items>
      <Policy-list>
        <policyName>Pol1</policyName>
        <replayWindow>268435456</replayWindow>
      </Policy-list>
    </policy-items>
  </tunnelenc-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption policy Pol1
  no window-size 319901218


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
tunnelencEntity sys/tunnelenc
tunnelencPolicy sys/tunnelenc/policy-Pol1


tunnelencPolicy Properties

The following table contains information about the tunnelencPolicy properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
policyNametunnelenc:PolicyName
(string:Basic)
Name of tunnel-encryption PolicyA sequence of characters
DEFAULT: system-default-tunenc-policy
replayWindowtunnelenc:ReplayWindow
(scalar:Uint32)
Replay Window for tunnel-encryption Policy
RANGE: [134217728 , 1073741823]
DEFAULT: 268435456


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Time in Seconds to Force SAK Rekey

Configuring the Time in Seconds to Force SAK Rekey
POST http://<mgmt0_IP>/api/mo/sys/tunnelenc.json
{
  "tunnelencEntity": {
    "children": [
      {
        "tunnelencPolicy": {
          "attributes": {
            "policyName": "Pol1",
            "sakExpiryTime": "1800"
}}}]}}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <policy-items>
      <Policy-list>
        <policyName>Pol1</policyName>
        <sakExpiryTime>1800</sakExpiryTime>
      </Policy-list>
    </policy-items>
  </tunnelenc-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption policy Pol1
  sak-rekey-time 1800


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
tunnelencEntity sys/tunnelenc
tunnelencPolicy sys/tunnelenc/policy-Pol1


tunnelencPolicy Properties

The following table contains information about the tunnelencPolicy properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
policyNametunnelenc:PolicyName
(string:Basic)
Name of tunnel-encryption PolicyA sequence of characters
DEFAULT: system-default-tunenc-policy
sakExpiryTimetunnelenc:SakExpiryTime
(scalar:Uint32)
Security Association Key Expiry Time for tunnel-encryption Policy
RANGE: [0 , 2592000]
DEFAULT: pn-rollover


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Time in Seconds to Force SAK Rekey

Deleting the Time in Seconds to Force SAK Rekey
POST http://<mgmt0_IP>/api/mo/sys/tunnelenc.json
{
  "tunnelencEntity": {
    "children": [
      {
        "tunnelencPolicy": {
          "attributes": {
            "policyName": "Pol1",
            "sakExpiryTime": "pn-rollover"
}}}]}}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <policy-items>
      <Policy-list>
        <policyName>Pol1</policyName>
        <sakExpiryTime>0</sakExpiryTime>
      </Policy-list>
    </policy-items>
  </tunnelenc-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption policy Pol1
  no sak-rekey-time 1800


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
tunnelencEntity sys/tunnelenc
tunnelencPolicy sys/tunnelenc/policy-Pol1


tunnelencPolicy Properties

The following table contains information about the tunnelencPolicy properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
policyNametunnelenc:PolicyName
(string:Basic)
Name of tunnel-encryption PolicyA sequence of characters
DEFAULT: system-default-tunenc-policy
sakExpiryTimetunnelenc:SakExpiryTime
(scalar:Uint32)
Security Association Key Expiry Time for tunnel-encryption Policy
RANGE: [0 , 2592000]
DEFAULT: pn-rollover


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring GCM AES XPN 128 Bit Encryption

Configuring GCM AES XPN 128 Bit Encryption 
POST http://<mgmt0_IP>/api/mo/sys/tunnelenc.json
{
  "tunnelencEntity": {
    "children": [
      {
        "tunnelencPolicy": {
          "attributes": {
            "cipherSuite": "GCM-AES-XPN-128",
            "policyName": "Pol1"
}}}]}}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <policy-items>
      <Policy-list>
        <policyName>Pol1</policyName>
        <cipherSuite>GCM-AES-XPN-128</cipherSuite>
      </Policy-list>
    </policy-items>
  </tunnelenc-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption policy Pol1
  cipher-suite GCM-AES-XPN-128


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
tunnelencEntity sys/tunnelenc
tunnelencPolicy sys/tunnelenc/policy-Pol1


tunnelencPolicy Properties

The following table contains information about the tunnelencPolicy properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
cipherSuitetunnelenc:CipherSuite
(scalar:Enum8)
Cipher Suite for tunnel-encryption PolicySELECTION:
3 - GCM-AES-XPN-128
4 - GCM-AES-XPN-256
DEFAULT: GCM-AES-XPN-256
policyNametunnelenc:PolicyName
(string:Basic)
Name of tunnel-encryption PolicyA sequence of characters
DEFAULT: system-default-tunenc-policy


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting GCM AES XPN 128 Bit Encryption

Deleting GCM AES XPN 128 Bit Encryption
POST http://<mgmt0_IP>/api/mo/sys/tunnelenc.json
{
  "tunnelencEntity": {
    "children": [
      {
        "tunnelencPolicy": {
          "attributes": {
            "cipherSuite": "GCM-AES-XPN-256",
            "policyName": "Pol1"
}}}]}}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <policy-items>
      <Policy-list>
        <policyName>Pol1</policyName>
        <cipherSuite>GCM-AES-XPN-256</cipherSuite>
      </Policy-list>
    </policy-items>
  </tunnelenc-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption policy Pol1
  no cipher-suite GCM-AES-XPN-128


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
tunnelencEntity sys/tunnelenc
tunnelencPolicy sys/tunnelenc/policy-Pol1


tunnelencPolicy Properties

The following table contains information about the tunnelencPolicy properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
cipherSuitetunnelenc:CipherSuite
(scalar:Enum8)
Cipher Suite for tunnel-encryption PolicySELECTION:
3 - GCM-AES-XPN-128
4 - GCM-AES-XPN-256
DEFAULT: GCM-AES-XPN-256
policyNametunnelenc:PolicyName
(string:Basic)
Name of tunnel-encryption PolicyA sequence of characters
DEFAULT: system-default-tunenc-policy


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring a Tunnel Encryption Peer IP

Configuring a Tunnel Encryption Peer IP
POST http://<mgmt0_IP>/api/mo/sys/tunnelenc.json
{
  "tunnelencEntity": {
    "children": [
      {
        "tunnelencPeerIp": {
          "attributes": {
            "peerIp": "1.2.3.4"
}}}]}}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <peerip-items>
      <PeerIp-list>
        <peerIp>1.2.3.4</peerIp>
      </PeerIp-list>
    </peerip-items>
  </tunnelenc-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption peer-ip 1.2.3.4


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
tunnelencEntity sys/tunnelenc
tunnelencPeerIp sys/tunnelenc/peerip-1.2.3.4


tunnelencPeerIp Properties

The following table contains information about the tunnelencPeerIp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
peerIpaddress:IPv4
Peer-ips aasociated to tunnel-encryptionValue must match ipv4 format


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a Tunnel Encryption Peer IP

Deleting a Tunnel Encryption Peer IP
POST http://<mgmt0_IP>/api/mo/sys/tunnelenc.json
{
  "tunnelencEntity": {
    "children": [
      {
        "tunnelencPeerIp": {
          "attributes": {
            "peerIp": "1.2.3.4",
            "status": "deleted"
}}}]}}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <peerip-items>
      <PeerIp-list nc:operation="delete">
        <peerIp>1.2.3.4</peerIp>
      </PeerIp-list>
    </peerip-items>
  </tunnelenc-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

no tunnel-encryption peer-ip 1.2.3.4


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
tunnelencEntity sys/tunnelenc
tunnelencPeerIp sys/tunnelenc/peerip-1.2.3.4


tunnelencPeerIp Properties

The following table contains information about the tunnelencPeerIp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
peerIpaddress:IPv4
Peer-ips aasociated to tunnel-encryptionValue must match ipv4 format
statusmo:ModificationStatus
(scalar:Bitmask32)
The upgrade status. This property is for internal use only.SELECTION:
2 - created
4 - modified
8 - deleted
16 - replaced


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring a Key Chain

Configuring a Key Chain
POST http://<mgmt0_IP>/api/mo/sys/tunnelenc.json
{
  "tunnelencEntity": {
    "children": [
      {
        "tunnelencPeerIp": {
          "attributes": {
            "keychainName": "key_name",
            "peerIp": "1.2.3.4",
            "policyName": "system-default-tunenc-policy"
}}}]}}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <peerip-items>
      <PeerIp-list>
        <peerIp>1.2.3.4</peerIp>
        <keychainName>key_name</keychainName>
        <policyName>system-default-tunenc-policy</policyName>
      </PeerIp-list>
    </peerip-items>
  </tunnelenc-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption peer-ip 1.2.3.4
  keychain key_name


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
tunnelencEntity sys/tunnelenc
tunnelencPeerIp sys/tunnelenc/peerip-1.2.3.4


tunnelencPeerIp Properties

The following table contains information about the tunnelencPeerIp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
keychainNametunnelenc:KeyChainName
(string:Basic)
Name of Keychain assciated to Peer-ipA sequence of characters
peerIpaddress:IPv4
Peer-ips aasociated to tunnel-encryptionValue must match ipv4 format
policyNamestring:Basic
Name of Policy assciated to Peer-ipA sequence of characters


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a Key Chain

Deleting a Key Chain
POST http://<mgmt0_IP>/api/mo/sys/tunnelenc.json
{
  "tunnelencEntity": {
    "children": [
      {
        "tunnelencPeerIp": {
          "attributes": {
            "keychainName": "",
            "peerIp": "1.2.3.4",
            "policyName": ""
}}}]}}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <peerip-items>
      <PeerIp-list>
        <peerIp>1.2.3.4</peerIp>
        <keychainName></keychainName>
        <policyName></policyName>
      </PeerIp-list>
    </peerip-items>
  </tunnelenc-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption peer-ip 1.2.3.4
  no keychain key_name


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
tunnelencEntity sys/tunnelenc
tunnelencPeerIp sys/tunnelenc/peerip-1.2.3.4


tunnelencPeerIp Properties

The following table contains information about the tunnelencPeerIp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
keychainNametunnelenc:KeyChainName
(string:Basic)
Name of Keychain assciated to Peer-ipA sequence of characters
peerIpaddress:IPv4
Peer-ips aasociated to tunnel-encryptionValue must match ipv4 format
policyNamestring:Basic
Name of Policy assciated to Peer-ipA sequence of characters


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Tunnel Encryption Must-Secure Global Policy

Configuring Tunnel Encryption Must-Secure Global Policy
POST http://<mgmt0_IP>/api/mo/sys.json
{
  "topSystem": {
    "children": [
      {
        "tunnelencEntity": {
          "attributes": {
            "mustSecurePolicy": "yes"
}}}]}}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <mustSecurePolicy>true</mustSecurePolicy>
  </tunnelenc-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption must-secure-policy


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
topSystem sys
tunnelencEntity sys/tunnelenc


tunnelencEntity Properties

The following table contains information about the tunnelencEntity properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
mustSecurePolicyscalar:Bool
Must secure Policy of tunnel-encryptionSELECTION: true or false


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Tunnel Encryption Must-Secure Global Policy

Deleting Tunnel Encryption Must-Secure Global Policy
POST http://<mgmt0_IP>/api/mo/sys.json
{
  "topSystem": {
    "children": [
      {
        "tunnelencEntity": {
          "attributes": {
            "mustSecurePolicy": "no"
}}}]}}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <mustSecurePolicy>false</mustSecurePolicy>
  </tunnelenc-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

no tunnel-encryption must-secure-policy


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
topSystem sys
tunnelencEntity sys/tunnelenc


tunnelencEntity Properties

The following table contains information about the tunnelencEntity properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
mustSecurePolicyscalar:Bool
Must secure Policy of tunnel-encryptionSELECTION: true or false


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Advertise-PIP Towards DCI

Configuring Advertise-PIP Towards DCI
POST http://<mgmt0_IP>/api/mo/sys/eps.json
{
  "nvoEps": {
    "children": [
      {
        "nvoEvpnMultisiteBordergw": {
          "attributes": {
            "dciAdvertisePip": "enable",
            "siteId": "123",
            "state": "enabled"
}}}]}}
{
    imdata:[]
}
<System>
  <eps-items>
    <multisite-items>
      <dciAdvertisePip>enable</dciAdvertisePip>
      <siteId>123</siteId>
      <state>enabled</state>
    </multisite-items>
  </eps-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

evpn multisite border-gateway 123 dci-advertise-pip


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
nvoEps sys/eps
nvoEvpnMultisiteBordergw sys/eps/multisite


nvoEvpnMultisiteBordergw Properties

The following table contains information about the nvoEvpnMultisiteBordergw properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
dciAdvertisePipnvo:DciAdvertisePipStateT
(scalar:Enum16)
Enables/disables advertise PIP towards DCI in EVPN Multisite Border-gateway setup.SELECTION:
0 - disable
1 - enable
DEFAULT: disable
siteIdscalar:Uint64
Configuration of EVPN Multisite Border Gateway.
Supported values are 1 to 281474976710655.
RANGE: [0, 18446744073709551615]
statenvo:MultisiteStateT
(scalar:Enum16)
Configures the state of EVPN Multisite Border-gateway.SELECTION:
1 - enabled
DEFAULT: enabled


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Advertise-PIP Towards DCI

Deleting Advertise-PIP Towards DCI
POST http://<mgmt0_IP>/api/mo/sys/eps.json
{
  "nvoEps": {
    "children": [
      {
        "nvoEvpnMultisiteBordergw": {
          "attributes": {
            "status": "deleted"
}}}]}}
{
    imdata:[]
}
<System>
  <eps-items>
    <multisite-items nc:operation="delete">
    </multisite-items>
  </eps-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

no evpn multisite border-gateway 123 dci-advertise-pip


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
nvoEps sys/eps
nvoEvpnMultisiteBordergw sys/eps/multisite


nvoEvpnMultisiteBordergw Properties

The following table contains information about the nvoEvpnMultisiteBordergw properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
statusmo:ModificationStatus
(scalar:Bitmask32)
The upgrade status. This property is for internal use only.SELECTION:
2 - created
4 - modified
8 - deleted
16 - replaced


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Encryption on the Port

Configuring Encryption on the Port
POST http://<mgmt0_IP>/api/mo/sys.json
{
  "topSystem": {
    "children": [
      {
        "tunnelencEntity": {
          "children": [
            {
              "tunnelencTunencIf": {
                "attributes": {
                  "id": "eth1/2",
                  "tunnelEnable": "yes"
                }
              }
            }
          ]
        }
      },
      {
        "interfaceEntity": {
          "children": [
            {
              "l1PhysIf": {
                "attributes": {
                  "id": "eth1/2"
                }
              }
            }
          ]
        }
      }
    ]
  }
}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <if-items>
      <TunencIf-list>
        <id>eth1/2</id>
        <tunnelEnable>true</tunnelEnable>
      </TunencIf-list>
    </if-items>
  </tunnelenc-items>
  <intf-items>
    <phys-items>
      <PhysIf-list>
        <id>eth1/2</id>
      </PhysIf-list>
    </phys-items>
  </intf-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface ethernet 1/2
  tunnel-encryption


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
topSystem sys
tunnelencEntity sys/tunnelenc
tunnelencTunencIf sys/tunnelenc/if-[eth1/2]
interfaceEntity sys/intf
l1PhysIf sys/intf/phys-[eth1/2]


tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
tunnelEnablescalar:Bool
tunnel-encryption on interfaceSELECTION: true or false


l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Encryption on the Port

Deleting Encryption on the Port
POST http://<mgmt0_IP>/api/mo/sys.json
{
  "topSystem": {
    "children": [
      {
        "tunnelencEntity": {
          "children": [
            {
              "tunnelencTunencIf": {
                "attributes": {
                  "id": "eth1/2",
                  "status": "deleted"
                }
              }
            }
          ]
        }
      },
      {
        "interfaceEntity": {
          "children": [
            {
              "l1PhysIf": {
                "attributes": {
                  "id": "eth1/2"
                }
              }
            }
          ]
        }
      }
    ]
  }
}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <if-items>
      <TunencIf-list nc:operation="delete">
        <id>eth1/2</id>
      </TunencIf-list>
    </if-items>
  </tunnelenc-items>
  <intf-items>
    <phys-items>
      <PhysIf-list>
        <id>eth1/2</id>
      </PhysIf-list>
    </phys-items>
  </intf-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface ethernet 1/2
  no tunnel-encryption


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
topSystem sys
tunnelencEntity sys/tunnelenc
tunnelencTunencIf sys/tunnelenc/if-[eth1/2]
interfaceEntity sys/intf
l1PhysIf sys/intf/phys-[eth1/2]


tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
statusmo:ModificationStatus
(scalar:Bitmask32)
The upgrade status. This property is for internal use only.SELECTION:
2 - created
4 - modified
8 - deleted
16 - replaced


l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Encryption on the Port

Configuring Encryption on the Port
POST http://<mgmt0_IP>/api/mo/sys.json
{
  "topSystem": {
    "children": [
      {
        "tunnelencEntity": {
          "children": [
            {
              "tunnelencTunencIf": {
                "attributes": {
                  "id": "po123",
                  "tunnelEnable": "yes"
                }
              }
            }
          ]
        }
      },
      {
        "interfaceEntity": {
          "children": [
            {
              "pcAggrIf": {
                "attributes": {
                  "id": "po123"
                }
              }
            }
          ]
        }
      }
    ]
  }
}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <if-items>
      <TunencIf-list>
        <id>po123</id>
        <tunnelEnable>true</tunnelEnable>
      </TunencIf-list>
    </if-items>
  </tunnelenc-items>
  <intf-items>
    <aggr-items>
      <AggrIf-list>
        <id>po123</id>
      </AggrIf-list>
    </aggr-items>
  </intf-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface port-channel 123
  tunnel-encryption


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
topSystem sys
tunnelencEntity sys/tunnelenc
tunnelencTunencIf sys/tunnelenc/if-[po123]
interfaceEntity sys/intf
pcAggrIf sys/intf/aggr-[po123]


tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
tunnelEnablescalar:Bool
tunnel-encryption on interfaceSELECTION: true or false


pcAggrIf Properties

The following table contains information about the pcAggrIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Encryption on the Port

Deleting Encryption on the Port
POST http://<mgmt0_IP>/api/mo/sys.json
{
  "topSystem": {
    "children": [
      {
        "tunnelencEntity": {
          "children": [
            {
              "tunnelencTunencIf": {
                "attributes": {
                  "id": "po123",
                  "status": "deleted"
                }
              }
            }
          ]
        }
      },
      {
        "interfaceEntity": {
          "children": [
            {
              "pcAggrIf": {
                "attributes": {
                  "id": "po123"
                }
              }
            }
          ]
        }
      }
    ]
  }
}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <if-items>
      <TunencIf-list nc:operation="delete">
        <id>po123</id>
      </TunencIf-list>
    </if-items>
  </tunnelenc-items>
  <intf-items>
    <aggr-items>
      <AggrIf-list>
        <id>po123</id>
      </AggrIf-list>
    </aggr-items>
  </intf-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface port-channel 123
  no tunnel-encryption


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
topSystem sys
tunnelencEntity sys/tunnelenc
tunnelencTunencIf sys/tunnelenc/if-[po123]
interfaceEntity sys/intf
pcAggrIf sys/intf/aggr-[po123]


tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
statusmo:ModificationStatus
(scalar:Bitmask32)
The upgrade status. This property is for internal use only.SELECTION:
2 - created
4 - modified
8 - deleted
16 - replaced


pcAggrIf Properties

The following table contains information about the pcAggrIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Encryption on the Port

Configuring Encryption on the Port
POST http://<mgmt0_IP>/api/mo/sys.json
{
  "topSystem": {
    "children": [
      {
        "tunnelencEntity": {
          "children": [
            {
              "tunnelencTunencIf": {
                "attributes": {
                  "id": "eth1/2",
                  "tunnelEnable": "yes"
                }
              }
            },
            {
              "tunnelencTunencIf": {
                "attributes": {
                  "id": "eth1/3",
                  "tunnelEnable": "yes"
                }
              }
            },
            {
              "tunnelencTunencIf": {
                "attributes": {
                  "id": "eth1/6",
                  "tunnelEnable": "yes"
                }
              }
            },
            {
              "tunnelencTunencIf": {
                "attributes": {
                  "id": "eth1/4",
                  "tunnelEnable": "yes"
                }
              }
            },
            {
              "tunnelencTunencIf": {
                "attributes": {
                  "id": "eth1/5",
                  "tunnelEnable": "yes"
                }
              }
            }
          ]
        }
      },
      {
        "interfaceEntity": {
          "children": [
            {
              "l1PhysIf": {
                "attributes": {
                  "id": "eth1/6"
                }
              }
            },
            {
              "l1PhysIf": {
                "attributes": {
                  "id": "eth1/2"
                }
              }
            },
            {
              "l1PhysIf": {
                "attributes": {
                  "id": "eth1/3"
                }
              }
            },
            {
              "l1PhysIf": {
                "attributes": {
                  "id": "eth1/4"
                }
              }
            },
            {
              "l1PhysIf": {
                "attributes": {
                  "id": "eth1/5"
                }
              }
            }
          ]
        }
      }
    ]
  }
}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <if-items>
      <TunencIf-list>
        <id>eth1/2</id>
        <tunnelEnable>true</tunnelEnable>
      </TunencIf-list>
      <TunencIf-list>
        <id>eth1/3</id>
        <tunnelEnable>true</tunnelEnable>
      </TunencIf-list>
      <TunencIf-list>
        <id>eth1/6</id>
        <tunnelEnable>true</tunnelEnable>
      </TunencIf-list>
      <TunencIf-list>
        <id>eth1/4</id>
        <tunnelEnable>true</tunnelEnable>
      </TunencIf-list>
      <TunencIf-list>
        <id>eth1/5</id>
        <tunnelEnable>true</tunnelEnable>
      </TunencIf-list>
    </if-items>
  </tunnelenc-items>
  <intf-items>
    <phys-items>
      <PhysIf-list>
        <id>eth1/6</id>
      </PhysIf-list>
      <PhysIf-list>
        <id>eth1/2</id>
      </PhysIf-list>
      <PhysIf-list>
        <id>eth1/3</id>
      </PhysIf-list>
      <PhysIf-list>
        <id>eth1/4</id>
      </PhysIf-list>
      <PhysIf-list>
        <id>eth1/5</id>
      </PhysIf-list>
    </phys-items>
  </intf-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface ethernet 1/2-6
  tunnel-encryption


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
topSystem sys
tunnelencEntity sys/tunnelenc
tunnelencTunencIf sys/tunnelenc/if-[eth1/2]
tunnelencTunencIf sys/tunnelenc/if-[eth1/3]
tunnelencTunencIf sys/tunnelenc/if-[eth1/6]
tunnelencTunencIf sys/tunnelenc/if-[eth1/4]
tunnelencTunencIf sys/tunnelenc/if-[eth1/5]
interfaceEntity sys/intf
l1PhysIf sys/intf/phys-[eth1/6]
l1PhysIf sys/intf/phys-[eth1/2]
l1PhysIf sys/intf/phys-[eth1/3]
l1PhysIf sys/intf/phys-[eth1/4]
l1PhysIf sys/intf/phys-[eth1/5]


tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
tunnelEnablescalar:Bool
tunnel-encryption on interfaceSELECTION: true or false


tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
tunnelEnablescalar:Bool
tunnel-encryption on interfaceSELECTION: true or false


tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
tunnelEnablescalar:Bool
tunnel-encryption on interfaceSELECTION: true or false


tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
tunnelEnablescalar:Bool
tunnel-encryption on interfaceSELECTION: true or false


tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
tunnelEnablescalar:Bool
tunnel-encryption on interfaceSELECTION: true or false


l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100


l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100


l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100


l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100


l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Encryption on the Port

Deleting Encryption on the Port
POST http://<mgmt0_IP>/api/mo/sys.json
{
  "topSystem": {
    "children": [
      {
        "tunnelencEntity": {
          "children": [
            {
              "tunnelencTunencIf": {
                "attributes": {
                  "id": "eth1/2",
                  "status": "deleted"
                }
              }
            },
            {
              "tunnelencTunencIf": {
                "attributes": {
                  "id": "eth1/3",
                  "status": "deleted"
                }
              }
            },
            {
              "tunnelencTunencIf": {
                "attributes": {
                  "id": "eth1/6",
                  "status": "deleted"
                }
              }
            },
            {
              "tunnelencTunencIf": {
                "attributes": {
                  "id": "eth1/4",
                  "status": "deleted"
                }
              }
            },
            {
              "tunnelencTunencIf": {
                "attributes": {
                  "id": "eth1/5",
                  "status": "deleted"
                }
              }
            }
          ]
        }
      },
      {
        "interfaceEntity": {
          "children": [
            {
              "l1PhysIf": {
                "attributes": {
                  "id": "eth1/6"
                }
              }
            },
            {
              "l1PhysIf": {
                "attributes": {
                  "id": "eth1/2"
                }
              }
            },
            {
              "l1PhysIf": {
                "attributes": {
                  "id": "eth1/3"
                }
              }
            },
            {
              "l1PhysIf": {
                "attributes": {
                  "id": "eth1/4"
                }
              }
            },
            {
              "l1PhysIf": {
                "attributes": {
                  "id": "eth1/5"
                }
              }
            }
          ]
        }
      }
    ]
  }
}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <if-items>
      <TunencIf-list nc:operation="delete">
        <id>eth1/2</id>
      </TunencIf-list>
      <TunencIf-list nc:operation="delete">
        <id>eth1/3</id>
      </TunencIf-list>
      <TunencIf-list nc:operation="delete">
        <id>eth1/6</id>
      </TunencIf-list>
      <TunencIf-list nc:operation="delete">
        <id>eth1/4</id>
      </TunencIf-list>
      <TunencIf-list nc:operation="delete">
        <id>eth1/5</id>
      </TunencIf-list>
    </if-items>
  </tunnelenc-items>
  <intf-items>
    <phys-items>
      <PhysIf-list>
        <id>eth1/6</id>
      </PhysIf-list>
      <PhysIf-list>
        <id>eth1/2</id>
      </PhysIf-list>
      <PhysIf-list>
        <id>eth1/3</id>
      </PhysIf-list>
      <PhysIf-list>
        <id>eth1/4</id>
      </PhysIf-list>
      <PhysIf-list>
        <id>eth1/5</id>
      </PhysIf-list>
    </phys-items>
  </intf-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface ethernet 1/2-6
  no tunnel-encryption


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
topSystem sys
tunnelencEntity sys/tunnelenc
tunnelencTunencIf sys/tunnelenc/if-[eth1/2]
tunnelencTunencIf sys/tunnelenc/if-[eth1/3]
tunnelencTunencIf sys/tunnelenc/if-[eth1/6]
tunnelencTunencIf sys/tunnelenc/if-[eth1/4]
tunnelencTunencIf sys/tunnelenc/if-[eth1/5]
interfaceEntity sys/intf
l1PhysIf sys/intf/phys-[eth1/6]
l1PhysIf sys/intf/phys-[eth1/2]
l1PhysIf sys/intf/phys-[eth1/3]
l1PhysIf sys/intf/phys-[eth1/4]
l1PhysIf sys/intf/phys-[eth1/5]


tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
statusmo:ModificationStatus
(scalar:Bitmask32)
The upgrade status. This property is for internal use only.SELECTION:
2 - created
4 - modified
8 - deleted
16 - replaced


tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
statusmo:ModificationStatus
(scalar:Bitmask32)
The upgrade status. This property is for internal use only.SELECTION:
2 - created
4 - modified
8 - deleted
16 - replaced


tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
statusmo:ModificationStatus
(scalar:Bitmask32)
The upgrade status. This property is for internal use only.SELECTION:
2 - created
4 - modified
8 - deleted
16 - replaced


tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
statusmo:ModificationStatus
(scalar:Bitmask32)
The upgrade status. This property is for internal use only.SELECTION:
2 - created
4 - modified
8 - deleted
16 - replaced


tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
statusmo:ModificationStatus
(scalar:Bitmask32)
The upgrade status. This property is for internal use only.SELECTION:
2 - created
4 - modified
8 - deleted
16 - replaced


l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100


l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100


l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100


l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100


l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Encryption on the Port

Configuring Encryption on the Port
POST http://<mgmt0_IP>/api/mo/sys.json
{
  "topSystem": {
    "children": [
      {
        "tunnelencEntity": {
          "children": [
            {
              "tunnelencTunencIf": {
                "attributes": {
                  "id": "eth1/2",
                  "tunnelEnable": "yes"
                }
              }
            }
          ]
        }
      },
      {
        "interfaceEntity": {
          "children": [
            {
              "l1PhysIf": {
                "attributes": {
                  "id": "eth1/2",
                  "layer": "Layer3",
                  "userCfgdFlags": "admin_layer,admin_state"
                }
              }
            }
          ]
        }
      }
    ]
  }
}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <if-items>
      <TunencIf-list>
        <id>eth1/2</id>
        <tunnelEnable>true</tunnelEnable>
      </TunencIf-list>
    </if-items>
  </tunnelenc-items>
  <intf-items>
    <phys-items>
      <PhysIf-list>
        <id>eth1/2</id>
        <layer>Layer3</layer>
        <userCfgdFlags>admin_layer,admin_state</userCfgdFlags>
      </PhysIf-list>
    </phys-items>
  </intf-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface ethernet 1/2
  no switchport
   tunnel-encryption


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
topSystem sys
tunnelencEntity sys/tunnelenc
tunnelencTunencIf sys/tunnelenc/if-[eth1/2]
interfaceEntity sys/intf
l1PhysIf sys/intf/phys-[eth1/2]


tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
tunnelEnablescalar:Bool
tunnel-encryption on interfaceSELECTION: true or false


l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layerl1:Layer
(scalar:Enum8)
Administrative port layerSELECTION:
1 - Layer2
2 - Layer3
DEFAULT: Layer2
userCfgdFlagsl1:userCfgdFlags
(scalar:Bitmask8)
Port User Config FlagsSELECTION:
0 - none
1 - admin_state
2 - admin_layer
4 - admin_router_mac
8 - admin_dce_mode
16 - admin_mtu
DEFAULT: none


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Encryption on the Port

Deleting Encryption on the Port
POST http://<mgmt0_IP>/api/mo/sys.json
{
  "topSystem": {
    "children": [
      {
        "tunnelencEntity": {
          "children": [
            {
              "tunnelencTunencIf": {
                "attributes": {
                  "id": "eth1/2",
                  "status": "deleted"
                }
              }
            }
          ]
        }
      },
      {
        "interfaceEntity": {
          "children": [
            {
              "l1PhysIf": {
                "attributes": {
                  "id": "eth1/2",
                  "layer": "Layer3",
                  "userCfgdFlags": "admin_layer,admin_state"
                }
              }
            }
          ]
        }
      }
    ]
  }
}
{
    imdata:[]
}
<System>
  <tunnelenc-items>
    <if-items>
      <TunencIf-list nc:operation="delete">
        <id>eth1/2</id>
      </TunencIf-list>
    </if-items>
  </tunnelenc-items>
  <intf-items>
    <phys-items>
      <PhysIf-list>
        <id>eth1/2</id>
        <layer>Layer3</layer>
        <userCfgdFlags>admin_layer,admin_state</userCfgdFlags>
      </PhysIf-list>
    </phys-items>
  </intf-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface ethernet 1/2
  no switchport
   no tunnel-encryption


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
topSystem sys
tunnelencEntity sys/tunnelenc
tunnelencTunencIf sys/tunnelenc/if-[eth1/2]
interfaceEntity sys/intf
l1PhysIf sys/intf/phys-[eth1/2]


tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
statusmo:ModificationStatus
(scalar:Bitmask32)
The upgrade status. This property is for internal use only.SELECTION:
2 - created
4 - modified
8 - deleted
16 - replaced


l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
idnw:IfId
(base:IfIndex)
An identifier .Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layerl1:Layer
(scalar:Enum8)
Administrative port layerSELECTION:
1 - Layer2
2 - Layer3
DEFAULT: Layer2
userCfgdFlagsl1:userCfgdFlags
(scalar:Bitmask8)
Port User Config FlagsSELECTION:
0 - none
1 - admin_state
2 - admin_layer
4 - admin_router_mac
8 - admin_dce_mode
16 - admin_mtu
DEFAULT: none


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html