Configuring Secure VXLAN EVPN Multi-Site using CloudSec

Secure VXLAN EVPN Multi-Site using CloudSec ensures data security and data integrity for VXLAN-basedMulti-Site fabrics. Using the cryptographic machinery of IEEE MACSec for UDP packets, this feature providesa secure tunnel between authorized VXLAN EVPN endpoints.

The Secure VXLAN EVPN Multi-Site using CloudSec session is point to point over DCI between border gateways(BGWs) on two different sites. All communication between sites uses Multi-Site PIP instead of VIP. Formigration information, see Migrating from Multi-Site with VIP to Multi-Site with PIP, on page 16.

Secure VXLAN EVPN Multi-Site using CloudSec is enabled on a per-peer basis. Peers that do not support CloudSeccan operate with peers that do support CloudSec, but the traffic is unencrypted. We recommend allowingunencrypted traffic only during migration from non-CloudSec-enabled sites to CloudSec-enabled sites.

CloudSec key exchange uses BGP while MACsec uses the MACsec Key Agreement (MKA). The CloudSeccontrol plane uses the IPv4 address family for the BGP session.

For more information, see the Cisco Nexus 9000 VXLAN Multi-Site Configuration Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-installation-and-configuration-guides-list.html

Configuring Tunnel Encryption

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

feature tunnel-encryption

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
fmEntity	sys/fm
fmTunnelEncryption	sys/fm/tunnelenc

fmTunnelEncryption Properties

The following table contains information about the fmTunnelEncryption properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
adminSt	fm:AdminState (scalar:Enum8)	Admin status	SELECTION: 1 - enabled 2 - disabled DEFAULT: disabled

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Tunnel Encryption

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

no feature tunnel-encryption

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
fmEntity	sys/fm
fmTunnelEncryption	sys/fm/tunnelenc

fmTunnelEncryption Properties

The following table contains information about the fmTunnelEncryption properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
adminSt	fm:AdminState (scalar:Enum8)	Admin status	SELECTION: 1 - enabled 2 - disabled DEFAULT: disabled

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring a Tunnel Encryption Policy

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption policy Pol1

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
tunnelencEntity	sys/tunnelenc
tunnelencPolicy	sys/tunnelenc/policy-Pol1

tunnelencPolicy Properties

The following table contains information about the tunnelencPolicy properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
policyName	tunnelenc:PolicyName (string:Basic)	Name of tunnel-encryption Policy	A sequence of characters DEFAULT: system-default-tunenc-policy

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a Tunnel Encryption Policy

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

no tunnel-encryption policy Pol1

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
tunnelencEntity	sys/tunnelenc
tunnelencPolicy	sys/tunnelenc/policy-Pol1

tunnelencPolicy Properties

The following table contains information about the tunnelencPolicy properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
policyName	tunnelenc:PolicyName (string:Basic)	Name of tunnel-encryption Policy	A sequence of characters DEFAULT: system-default-tunenc-policy
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Window Size

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption policy Pol1
  window-size 319901218

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
tunnelencEntity	sys/tunnelenc
tunnelencPolicy	sys/tunnelenc/policy-Pol1

tunnelencPolicy Properties

The following table contains information about the tunnelencPolicy properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
policyName	tunnelenc:PolicyName (string:Basic)	Name of tunnel-encryption Policy	A sequence of characters DEFAULT: system-default-tunenc-policy
replayWindow	tunnelenc:ReplayWindow (scalar:Uint32)	Replay Window for tunnel-encryption Policy	RANGE: [134217728 , 1073741823] DEFAULT: 268435456

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Window Size

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption policy Pol1
  no window-size 319901218

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
tunnelencEntity	sys/tunnelenc
tunnelencPolicy	sys/tunnelenc/policy-Pol1

tunnelencPolicy Properties

The following table contains information about the tunnelencPolicy properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
policyName	tunnelenc:PolicyName (string:Basic)	Name of tunnel-encryption Policy	A sequence of characters DEFAULT: system-default-tunenc-policy
replayWindow	tunnelenc:ReplayWindow (scalar:Uint32)	Replay Window for tunnel-encryption Policy	RANGE: [134217728 , 1073741823] DEFAULT: 268435456

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Time in Seconds to Force SAK Rekey

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption policy Pol1
  sak-rekey-time 1800

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
tunnelencEntity	sys/tunnelenc
tunnelencPolicy	sys/tunnelenc/policy-Pol1

tunnelencPolicy Properties

The following table contains information about the tunnelencPolicy properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
policyName	tunnelenc:PolicyName (string:Basic)	Name of tunnel-encryption Policy	A sequence of characters DEFAULT: system-default-tunenc-policy
sakExpiryTime	tunnelenc:SakExpiryTime (scalar:Uint32)	Security Association Key Expiry Time for tunnel-encryption Policy	RANGE: [0 , 2592000] DEFAULT: pn-rollover

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Time in Seconds to Force SAK Rekey

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption policy Pol1
  no sak-rekey-time 1800

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
tunnelencEntity	sys/tunnelenc
tunnelencPolicy	sys/tunnelenc/policy-Pol1

tunnelencPolicy Properties

The following table contains information about the tunnelencPolicy properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
policyName	tunnelenc:PolicyName (string:Basic)	Name of tunnel-encryption Policy	A sequence of characters DEFAULT: system-default-tunenc-policy
sakExpiryTime	tunnelenc:SakExpiryTime (scalar:Uint32)	Security Association Key Expiry Time for tunnel-encryption Policy	RANGE: [0 , 2592000] DEFAULT: pn-rollover

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring GCM AES XPN 128 Bit Encryption

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption policy Pol1
  cipher-suite GCM-AES-XPN-128

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
tunnelencEntity	sys/tunnelenc
tunnelencPolicy	sys/tunnelenc/policy-Pol1

tunnelencPolicy Properties

The following table contains information about the tunnelencPolicy properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
cipherSuite	tunnelenc:CipherSuite (scalar:Enum8)	Cipher Suite for tunnel-encryption Policy	SELECTION: 3 - GCM-AES-XPN-128 4 - GCM-AES-XPN-256 DEFAULT: GCM-AES-XPN-256
policyName	tunnelenc:PolicyName (string:Basic)	Name of tunnel-encryption Policy	A sequence of characters DEFAULT: system-default-tunenc-policy

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting GCM AES XPN 128 Bit Encryption

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption policy Pol1
  no cipher-suite GCM-AES-XPN-128

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
tunnelencEntity	sys/tunnelenc
tunnelencPolicy	sys/tunnelenc/policy-Pol1

tunnelencPolicy Properties

The following table contains information about the tunnelencPolicy properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
cipherSuite	tunnelenc:CipherSuite (scalar:Enum8)	Cipher Suite for tunnel-encryption Policy	SELECTION: 3 - GCM-AES-XPN-128 4 - GCM-AES-XPN-256 DEFAULT: GCM-AES-XPN-256
policyName	tunnelenc:PolicyName (string:Basic)	Name of tunnel-encryption Policy	A sequence of characters DEFAULT: system-default-tunenc-policy

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring a Tunnel Encryption Peer IP

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption peer-ip 1.2.3.4

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
tunnelencEntity	sys/tunnelenc
tunnelencPeerIp	sys/tunnelenc/peerip-1.2.3.4

tunnelencPeerIp Properties

The following table contains information about the tunnelencPeerIp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
peerIp	address:IPv4	Peer-ips aasociated to tunnel-encryption	Value must match ipv4 format

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a Tunnel Encryption Peer IP

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

no tunnel-encryption peer-ip 1.2.3.4

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
tunnelencEntity	sys/tunnelenc
tunnelencPeerIp	sys/tunnelenc/peerip-1.2.3.4

tunnelencPeerIp Properties

The following table contains information about the tunnelencPeerIp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
peerIp	address:IPv4	Peer-ips aasociated to tunnel-encryption	Value must match ipv4 format
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring a Key Chain

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption peer-ip 1.2.3.4
  keychain key_name

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
tunnelencEntity	sys/tunnelenc
tunnelencPeerIp	sys/tunnelenc/peerip-1.2.3.4

tunnelencPeerIp Properties

The following table contains information about the tunnelencPeerIp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
keychainName	tunnelenc:KeyChainName (string:Basic)	Name of Keychain assciated to Peer-ip	A sequence of characters
peerIp	address:IPv4	Peer-ips aasociated to tunnel-encryption	Value must match ipv4 format
policyName	string:Basic	Name of Policy assciated to Peer-ip	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a Key Chain

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption peer-ip 1.2.3.4
  no keychain key_name

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
tunnelencEntity	sys/tunnelenc
tunnelencPeerIp	sys/tunnelenc/peerip-1.2.3.4

tunnelencPeerIp Properties

The following table contains information about the tunnelencPeerIp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
keychainName	tunnelenc:KeyChainName (string:Basic)	Name of Keychain assciated to Peer-ip	A sequence of characters
peerIp	address:IPv4	Peer-ips aasociated to tunnel-encryption	Value must match ipv4 format
policyName	string:Basic	Name of Policy assciated to Peer-ip	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Tunnel Encryption Must-Secure Global Policy

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tunnel-encryption must-secure-policy

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
topSystem	sys
tunnelencEntity	sys/tunnelenc

tunnelencEntity Properties

The following table contains information about the tunnelencEntity properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
mustSecurePolicy	scalar:Bool	Must secure Policy of tunnel-encryption	SELECTION: true or false

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Tunnel Encryption Must-Secure Global Policy

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

no tunnel-encryption must-secure-policy

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
topSystem	sys
tunnelencEntity	sys/tunnelenc

tunnelencEntity Properties

The following table contains information about the tunnelencEntity properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
mustSecurePolicy	scalar:Bool	Must secure Policy of tunnel-encryption	SELECTION: true or false

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Advertise-PIP Towards DCI

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

evpn multisite border-gateway 123 dci-advertise-pip

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
nvoEps	sys/eps
nvoEvpnMultisiteBordergw	sys/eps/multisite

nvoEvpnMultisiteBordergw Properties

The following table contains information about the nvoEvpnMultisiteBordergw properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
dciAdvertisePip	nvo:DciAdvertisePipStateT (scalar:Enum16)	Enables/disables advertise PIP towards DCI in EVPN Multisite Border-gateway setup.	SELECTION: 0 - disable 1 - enable DEFAULT: disable
siteId	scalar:Uint64	Configuration of EVPN Multisite Border Gateway.	Supported values are 1 to 281474976710655. RANGE: [0, 18446744073709551615]
state	nvo:MultisiteStateT (scalar:Enum16)	Configures the state of EVPN Multisite Border-gateway.	SELECTION: 1 - enabled DEFAULT: enabled

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Advertise-PIP Towards DCI

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

no evpn multisite border-gateway 123 dci-advertise-pip

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
nvoEps	sys/eps
nvoEvpnMultisiteBordergw	sys/eps/multisite

nvoEvpnMultisiteBordergw Properties

The following table contains information about the nvoEvpnMultisiteBordergw properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Encryption on the Port

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface ethernet 1/2
  tunnel-encryption

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
topSystem	sys
tunnelencEntity	sys/tunnelenc
tunnelencTunencIf	sys/tunnelenc/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
tunnelEnable	scalar:Bool	tunnel-encryption on interface	SELECTION: true or false

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Encryption on the Port

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface ethernet 1/2
  no tunnel-encryption

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
topSystem	sys
tunnelencEntity	sys/tunnelenc
tunnelencTunencIf	sys/tunnelenc/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Encryption on the Port

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface port-channel 123
  tunnel-encryption

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
topSystem	sys
tunnelencEntity	sys/tunnelenc
tunnelencTunencIf	sys/tunnelenc/if-[po123]
interfaceEntity	sys/intf
pcAggrIf	sys/intf/aggr-[po123]

tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
tunnelEnable	scalar:Bool	tunnel-encryption on interface	SELECTION: true or false

pcAggrIf Properties

The following table contains information about the pcAggrIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Encryption on the Port

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface port-channel 123
  no tunnel-encryption

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
topSystem	sys
tunnelencEntity	sys/tunnelenc
tunnelencTunencIf	sys/tunnelenc/if-[po123]
interfaceEntity	sys/intf
pcAggrIf	sys/intf/aggr-[po123]

tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

pcAggrIf Properties

The following table contains information about the pcAggrIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Encryption on the Port

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface ethernet 1/2-6
  tunnel-encryption

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
topSystem	sys
tunnelencEntity	sys/tunnelenc
tunnelencTunencIf	sys/tunnelenc/if-[eth1/2]
tunnelencTunencIf	sys/tunnelenc/if-[eth1/3]
tunnelencTunencIf	sys/tunnelenc/if-[eth1/6]
tunnelencTunencIf	sys/tunnelenc/if-[eth1/4]
tunnelencTunencIf	sys/tunnelenc/if-[eth1/5]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/6]
l1PhysIf	sys/intf/phys-[eth1/2]
l1PhysIf	sys/intf/phys-[eth1/3]
l1PhysIf	sys/intf/phys-[eth1/4]
l1PhysIf	sys/intf/phys-[eth1/5]

tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
tunnelEnable	scalar:Bool	tunnel-encryption on interface	SELECTION: true or false

tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
tunnelEnable	scalar:Bool	tunnel-encryption on interface	SELECTION: true or false

tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
tunnelEnable	scalar:Bool	tunnel-encryption on interface	SELECTION: true or false

tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
tunnelEnable	scalar:Bool	tunnel-encryption on interface	SELECTION: true or false

tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
tunnelEnable	scalar:Bool	tunnel-encryption on interface	SELECTION: true or false

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Encryption on the Port

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface ethernet 1/2-6
  no tunnel-encryption

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
topSystem	sys
tunnelencEntity	sys/tunnelenc
tunnelencTunencIf	sys/tunnelenc/if-[eth1/2]
tunnelencTunencIf	sys/tunnelenc/if-[eth1/3]
tunnelencTunencIf	sys/tunnelenc/if-[eth1/6]
tunnelencTunencIf	sys/tunnelenc/if-[eth1/4]
tunnelencTunencIf	sys/tunnelenc/if-[eth1/5]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/6]
l1PhysIf	sys/intf/phys-[eth1/2]
l1PhysIf	sys/intf/phys-[eth1/3]
l1PhysIf	sys/intf/phys-[eth1/4]
l1PhysIf	sys/intf/phys-[eth1/5]

tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Encryption on the Port

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface ethernet 1/2
  no switchport
   tunnel-encryption

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
topSystem	sys
tunnelencEntity	sys/tunnelenc
tunnelencTunencIf	sys/tunnelenc/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
tunnelEnable	scalar:Bool	tunnel-encryption on interface	SELECTION: true or false

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Encryption on the Port

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface ethernet 1/2
  no switchport
   no tunnel-encryption

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
topSystem	sys
tunnelencEntity	sys/tunnelenc
tunnelencTunencIf	sys/tunnelenc/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

tunnelencTunencIf Properties

The following table contains information about the tunnelencTunencIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html