Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference, Release 10.5(x)

Latest

Cisco Nexus 3000 and 9000 Series NX-API REST Documentation

Configuring an IPv6 RA Guard Policy

DME

YANG

Copy
POST http://<mgmt0_IP>/api/sys/sisf.json
{
"sisfEntity": {
  "children": [
    {
      "sisfInstRaGuard": {
        "attributes": {
          "deviceRole": "router",
          "policyName": "POL1"
}}}]}}
{	
   'imdata': []
}

Copy
<System>
  <sisf-items>
    <raguard-items>
      <InstRAGuard-list>
        <policyName>POL1</policyName>
        <deviceRole>router</deviceRole>
      </InstRAGuard-list>
    </raguard-items>
  </sisf-items>
</System>

Configuring IPv6 RA Guard Policies

The IPv6 RA Guard feature provides support for allowing the network administrator to block or reject unwanted or rogue RA guard messages that arrive at the network device platform. RAs are used by devices to announce themselves on the link. The IPv6 RA Guard feature analyzes these RAs and filters out RAs that are sent by unauthorized devices. In host mode, all RA and router redirect messages are disallowed on the port. The RA guard feature compares configuration information on the Layer 2 (L2) device with the information found in the received RA frame. Once the L2 device has validated the content of the RA frame and router redirect frame against the configuration, it forwards the RA to its unicast or multicast destination. If the RA frame content is not validated, the RA is dropped.

This section contains payload examples and CLIs to demonstrate how to use the NX-API REST API to configure IPv6 RA guard policies on Cisco Nexus 3000 and 9000 Series switches and to show how the REST APIs correspond to the CLI commands. For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-installation-and-configuration-guides-list.html/

Configuring an IPv6 RA Guard Policy

Defines the router advertisement (RA) guard policy name and enters RA guard policy configuration mode.

CLI Commands

The CLI command below is the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ipv6 nd raguard policy POL1
device-role router

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
sisfEntity	sys/sisf
sisfInstRaGuard	sys/sisf/raguard-{policyName}

sisfInstRaGuard Properties

The following table contains information about the sisfInstRaGuard properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
deviceRole	sisf:raGuardDeviceRole (scalar:Enum8)	Set the role of the device attached to the port	SELECTION: 1 - host 2 - router 3 - switch 4 - monitor DEFAULT: host
policyName	string:Basic	Name of the nd raguard policy	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Querying an IPv6 RA Guard Policy

A query for an IPv6 RA guard policy.

Note: The property information for this example was added in Release 9.3(3).

MO	DN
sisfInstRaGuard	sys/sisf/raguard-{policyName}

sisfInstRaGuard Properties

Property Name	Data Type	Description	Values
ctrl	nw:InstCtrl (scalar:Bitmask64)	The control state.	SELECTION: 1 - stateful-ha
policyName	string:Basic	Name of the nd raguard policy	A sequence of characters
deviceRole	sisf:raGuardDeviceRole (scalar:Enum8)	Set the role of the device attached to the port	SELECTION: 1 - host 2 - router 3 - switch 4 - monitor DEFAULT: host
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced
dn	reference:BinRef	A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.
uid	scalar:Uint16	A unique identifier for this object.
trustedPortEnabled	scalar:Bool	Setup trusted port	SELECTION: true or false
childAction	mo:ModificationChildAction scalar:Bitmask32	Delete or ignore. For internal use only.	SELECTION: 16384u - deleteAll 4096u - ignore 8192u - deleteNonPresent DEFAULT: 0
persistentOnReload	mo:Persistent scalar:Enum8	NO COMMENTS	SELECTION: 0 - false 1 - true DEFAULT: true(1)
managedConfig	sisf:raGuardManagedConfig (scalar:Enum8)	Enable verification of the advertised M flag	SELECTION: 0 - off 1 - on 2 - nocheck DEFAULT: nocheck
modTs	mo:TStamp (scalar:Date)	The time when this object was last modified.	SELECTION: 0 - never DEFAULT: never
hopLimitMax	sisf:hopLimitMax (scalar:Uint16)	Enable verification of the maximum advertised hop count limit	RANGE: [0 , 255] DEFAULT: 0
adminSt	nw:AdminSt (scalar:Enum8)	The administrative state of the object or policy.	SELECTION: 1 - enabled 2 - disabled DEFAULT: enabled
otherConfig	sisf:raGuardOtherConfig (scalar:Enum8)	Enable verification of the advertised O flag	SELECTION: 0 - off 1 - on 2 - nocheck DEFAULT: nocheck
operErr	nw:OperErrQual (scalar:Bitmask64)	Operational Errors Qualifier	SELECTION: 1 - init-err 2 - mem-err 4 - ipc-err 8 - int-err 16 - sock-err 32 - proto-err
routerPreferenceMaximum	sisf:raGuardRouterPreferenceMaximum (scalar:Enum8)	Enable verification of the advertised router preference	SELECTION: 1 - low 2 - medium 3 - high 4 - nocheck DEFAULT: nocheck
hopLimitMin	sisf:hopLimitMin (scalar:Uint16)	Enable verification of the minimum advertised hop count limit	RANGE: [0 , 255] DEFAULT: 0

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Trusted Port (No Policing) for an IPv6 RA Guard Policy

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 nd raguard policy Pol1
trusted-port

Note: The property information for this example was added in Release 9.3(3).

MO	DN
sisfEntity	sys/sisf
sisfInstRaGuard	sys/sisf/raguard-{policyName}

sisfInstRaGuard Properties

Property Name	Data Type	Description	Values
policyName	string:Basic	Name of the nd raguard policy	A sequence of characters
trustedPortEnabled	scalar:Bool	Setup trusted port	SELECTION: true or false

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Trusted Port (No Policing) Configuration for an IPv6 RA Guard Policy

CLI Commands

ipv6 nd raguard policy Pol1
no trusted-port

Note: The property information for this example was added in Release 9.3(3).

MO	DN
sisfEntity	sys/sisf
sisfInstRaGuard	sys/sisf/raguard-{policyName}

sisfInstRaGuard Properties

Property Name	Data Type	Description	Values
policyName	string:Basic	Name of the nd raguard policy	A sequence of characters
trustedPortEnabled	scalar:Bool	Setup trusted port	SELECTION: true or false

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Maximum Hop Limit for an IPv6 RA Guard Policy

CLI Commands

ipv6 nd raguard policy Pol1
hop-limit maximum 123

Note: The property information for this example was added in Release 9.3(3).

MO	DN
sisfEntity	sys/sisf
sisfInstRaGuard	sys/sisf/raguard-{policyName}

sisfInstRaGuard Properties

Property Name	Data Type	Description	Values
hopLimitMax	sisf:hopLimitMax (scalar:Uint16)	Enable verification of the maximum advertised hop count limit	RANGE: [0 , 255] DEFAULT: 0
policyName	string:Basic	Name of the nd raguard policy	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Maximum Hop Limit Configuration for an IPv6 RA Guard Policy

CLI Commands

ipv6 nd raguard policy Pol1
no hop-limit maximum 123

Note: The property information for this example was added in Release 9.3(3).

MO	DN
sisfEntity	sys/sisf
sisfInstRaGuard	sys/sisf/raguard-{policyName}

sisfInstRaGuard Properties

Property Name	Data Type	Description	Values
hopLimitMax	sisf:hopLimitMax (scalar:Uint16)	Enable verification of the maximum advertised hop count limit	RANGE: [0 , 255] DEFAULT: 0
policyName	string:Basic	Name of the nd raguard policy	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Minimum Hop Limit for an IPv6 RA Guard Policy

CLI Commands

ipv6 nd raguard policy Pol1
hop-limit minimum 123

Note: The property information for this example was added in Release 9.3(3).

MO	DN
sisfEntity	sys/sisf
sisfInstRaGuard	sys/sisf/raguard-{policyName}

sisfInstRaGuard Properties

Property Name	Data Type	Description	Values
hopLimitMin	sisf:hopLimitMin (scalar:Uint16)	Enable verification of the minimum advertised hop count limit	RANGE: [0 , 255] DEFAULT: 0
policyName	string:Basic	Name of the nd raguard policy	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Minimum Hop Limit Configuration for an IPv6 RA Guard Policy

CLI Commands

ipv6 nd raguard policy Pol1
no hop-limit minimum 123

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Enabling the Verification of the Advertised Managed Address Configuration Flag for an IPv6 RA Guard Policy

CLI Commands

ipv6 nd raguard policy Pol1
managed-config-flag on

Note: The property information for this example was added in Release 9.3(3).

MO	DN
sisfEntity	sys/sisf
sisfInstRaGuard	sys/sisf/raguard-{policyName}

sisfInstRaGuard Properties

Property Name	Data Type	Description	Values
managedConfig	sisf:raGuardManagedConfig (scalar:Enum8)	Enable verification of the advertised M flag	SELECTION: 0 - off 1 - on 2 - nocheck DEFAULT: nocheck
policyName	string:Basic	Name of the nd raguard policy	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Deleting Enabling Advertised Managed Address Configuration Flag for an IPv6 RA Guard Policy

CLI Commands

ipv6 nd raguard policy Pol1
no managed-config-flag on

Note: The property information for this example was added in Release 9.3(3).

MO	DN
sisfEntity	sys/sisf
sisfInstRaGuard	sys/sisf/raguard-{policyName}

sisfInstRaGuard Properties

Property Name	Data Type	Description	Values
managedConfig	sisf:raGuardManagedConfig (scalar:Enum8)	Enable verification of the advertised M flag	SELECTION: 0 - off 1 - on 2 - nocheck DEFAULT: nocheck
policyName	string:Basic	Name of the nd raguard policy	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Enabling the Verification of the Advertised Other Configuration Flag for an IPv6 RA Guard Policy

CLI Commands

ipv6 nd raguard policy Pol1
other-config-flag on

Note: The property information for this example was added in Release 9.3(3).

MO	DN
sisfEntity	sys/sisf
sisfInstRaGuard	sys/sisf/raguard-{policyName}

sisfInstRaGuard Properties

Property Name	Data Type	Description	Values
otherConfig	sisf:raGuardOtherConfig (scalar:Enum8)	Enable verification of the advertised O flag	SELECTION: 0 - off 1 - on 2 - nocheck DEFAULT: nocheck
policyName	string:Basic	Name of the nd raguard policy	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Configuration for Enabling the Advertised Other Configuration Flag for an IPv6 RA Guard Policy

CLI Commands

ipv6 nd raguard policy Pol1
no other-config-flag on

Note: The property information for this example was added in Release 9.3(3).

MO	DN
sisfEntity	sys/sisf
sisfInstRaGuard	sys/sisf/raguard-{policyName}

sisfInstRaGuard Properties

Property Name	Data Type	Description	Values
otherConfig	sisf:raGuardOtherConfig (scalar:Enum8)	Enable verification of the advertised O flag	SELECTION: 0 - off 1 - on 2 - nocheck DEFAULT: nocheck
policyName	string:Basic	Name of the nd raguard policy	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Configured Role of the Monitor Attached to the Port for an IPv6 RA Guard Policy

CLI Commands

ipv6 nd raguard policy attach-policy
no device-role monitor

Note: The property information for this example was added in Release 9.3(3).

MO	DN
sisfEntity	sys/sisf
sisfInstRaGuard	sys/sisf/raguard-{policyName}

sisfInstRaGuard Properties

Property Name	Data Type	Description	Values
deviceRole	sisf:raGuardDeviceRole (scalar:Enum8)	Set the role of the device attached to the port	SELECTION: 1 - host 2 - router 3 - switch 4 - monitor DEFAULT: host
policyName	string:Basic	Name of the nd raguard policy	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Discarding RAs with a Router Preference Greater than High

CLI Commands

ipv6 nd raguard policy Pol1
router-preference maximum high

Note: The property information for this example was added in Release 9.3(3).

MO	DN
sisfEntity	sys/sisf
sisfInstRaGuard	sys/sisf/raguard-{policyName}

sisfInstRaGuard Properties

Property Name	Data Type	Description	Values
policyName	string:Basic	Name of the nd raguard policy	A sequence of characters
routerPreferenceMaximum	sisf:raGuardRouterPreferenceMaximum (scalar:Enum8)	Enable verification of the advertised router preference	SELECTION: 1 - low 2 - medium 3 - high 4 - nocheck DEFAULT: nocheck

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Configuration for Discarding RAs with a Router Preference Greater than High

CLI Commands

ipv6 nd raguard policy Pol1
no router-preference maximum high

Note: The property information for this example was added in Release 9.3(3).

MO	DN
sisfEntity	sys/sisf
sisfInstRaGuard	sys/sisf/raguard-{policyName}

sisfInstRaGuard Properties

Property Name	Data Type	Description	Values
policyName	string:Basic	Name of the nd raguard policy	A sequence of characters
routerPreferenceMaximum	sisf:raGuardRouterPreferenceMaximum (scalar:Enum8)	Enable verification of the advertised router preference	SELECTION: 1 - low 2 - medium 3 - high 4 - nocheck DEFAULT: nocheck

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Attaching an IPv6 RA Guard Policy to an Ethernet Interface

CLI Commands

interface eth 1/16
ipv6 nd raguard attach-policy POL1

Note: The property information for this example was added in Release 9.3(3).

MO	DN
sisfEntity	sys/sisf
sisfFhsIf	sys/sisf/fhsif-{[id]}

sisfFhsIf Properties

The following table contains information about the sisfFhsIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
dhcpGuardpolicyName	string:Basic	Attach a dhcp guard policy of FHS feature	A sequence of characters
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
raGuardpolicyName	string:Basic	Attach a nd raguard policy of FHS feature	A sequence of characters
snoopingpolicyName	string:Basic	Attach a snooping policy of FHS feature	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Removing an IPv6 RA Guard Policy from an Ethernet Interface

CLI Commands

interface eth 1/16
no ipv6 nd raguard attach-policy POL1

Note: The property information for this example was added in Release 9.3(3).

MO	DN
sisfEntity	sys/sisf
sisfFhsIf	sys/sisf/fhsif-{[id]}

sisfFhsIf Properties

Property Name	Data Type	Description	Values
dhcpGuardpolicyName	string:Basic	Attach a dhcp guard policy of FHS feature	A sequence of characters
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
raGuardpolicyName	string:Basic	Attach a nd raguard policy of FHS feature	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Attaching an IPv6 RA Guard Policy on a Switchport Interface

CLI Commands

interface ethernet 1/3
switchport
ipv6 nd raguard attach-policy POL1

Note: The property information for this example was added in Release 9.3(3).

MO	DN
topSystem	sys
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-{[id]}
sisfEntity	sys/sisf
sisfFhsIf	sys/sisf/fhsif-{[id]}

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

sisfFhsIf Properties

Property Name	Data Type	Description	Values
raGuardpolicyName	string:Basic	Attach a nd raguard policy of FHS feature	A sequence of characters
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Removing an IPv6 RA Guard Policy from a Switchport Interface

CLI Commands

interface ethernet 1/3
switchport
no ipv6 nd raguard attach-policy POL1

Note: The property information for this example was added in Release 9.3(3).

MO	DN
topSystem	sys
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-{[id]}
sisfEntity	sys/sisf
sisfFhsIf	sys/sisf/fhsif-{[id]}

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

sisfFhsIf Properties

Property Name	Data Type	Description	Values
raGuardpolicyName	string:Basic	Attach a nd raguard policy of FHS feature	A sequence of characters
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Attaching an IPv6 RA Guard Policy to a VLAN Configuration

CLI Commands

vlan config 127
ipv6 nd raguard attach-policy POL1

Note: The property information for this example was added in Release 9.3(3).

MO	DN
topSystem	sys
bdEntity	sys/bd
l2VlanConfig	sys/bd/vlanconfig-{[accEncap]}
sisfEntity	sys/sisf
sisfFhsVlan	sys/sisf/fhsvlan-{vlanID}

l2VlanConfig Properties

The following table contains information about the l2VlanConfig properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
accEncap	base:Encap	Access Encapsulation	SELECTION: unknown, vlan-%d or vxlan-%d

sisfFhsVlan Properties

The following table contains information about the sisfFhsVlan properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
raGuardpolicyName	string:Basic	Attach a nd raguard policy of FHS feature	A sequence of characters
vlanID	sisf:VlanID (scalar:Uint16)	Vlan Number	RANGE: [1 , 4096]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Removing an IPv6 RA Guard Policy from a VLAN Configuration

CLI Commands

vlan configuration 127
no ipv6 nd raguard attach-policy POL1

Note: The property information for this example was added in Release 9.3(3).

MO	DN
topSystem	sys
bdEntity	sys/bd
l2VlanConfig	sys/bd/vlanconfig-{[accEncap]}
sisfEntity	sys/sisf
sisfFhsVlan	sys/sisf/fhsvlan-{vlanID}

l2VlanConfig Properties

Property Name	Data Type	Description	Values
accEncap	base:Encap	Access Encapsulation	SELECTION: unknown, vlan-%d or vxlan-%d

sisfFhsVlan Properties

Property Name	Data Type	Description	Values
raGuardpolicyName	string:Basic	Attach a nd raguard policy of FHS feature	A sequence of characters
vlanID	sisf:VlanID (scalar:Uint16)	Vlan Number	RANGE: [1 , 4096]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html