Configuring IPv6 RA Guard Policies
The IPv6 RA Guard feature provides support for allowing the network administrator to block or reject unwanted or rogue RA guard messages that arrive at the network device platform. RAs are used by devices to announce themselves on the link. The IPv6 RA Guard feature analyzes these RAs and filters out RAs that are sent by unauthorized devices. In host mode, all RA and router redirect messages are disallowed on the port. The RA guard feature compares configuration information on the Layer 2 (L2) device with the information found in the received RA frame. Once the L2 device has validated the content of the RA frame and router redirect frame against the configuration, it forwards the RA to its unicast or multicast destination. If the RA frame content is not validated, the RA is dropped.
This section contains payload examples and CLIs to demonstrate how to use the NX-API REST API to configure IPv6 RA guard policies on Cisco Nexus 3000 and 9000 Series switches and to show how the REST APIs correspond to the CLI commands. For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.
Configuring an IPv6 RA Guard Policy
Configuring an IPv6 RA Guard Policy
POST http://<mgmt0_IP>/api/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstRaGuard": {
"attributes": {
"deviceRole": "router",
"policyName": "POL1"
}}}]}}
{
'imdata': []
}
<System>
<sisf-items>
<raguard-items>
<InstRAGuard-list>
<policyName>POL1</policyName>
<deviceRole>router</deviceRole>
</InstRAGuard-list>
</raguard-items>
</sisf-items>
</System>
Defines the router advertisement (RA) guard policy name and enters RA guard policy configuration mode.
CLI Commands
The CLI command below is the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
ipv6 nd raguard policy POL1
device-role router
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstRaGuard | sys/sisf/raguard-{policyName} |
sisfInstRaGuard Properties
The following table contains information about the sisfInstRaGuard properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| deviceRole | sisf:raGuardDeviceRole (scalar:Enum8) | Set the role of the device attached to the port | SELECTION: 1 - host 2 - router 3 - switch 4 - monitor DEFAULT: host |
| policyName | string:Basic | Name of the nd raguard policy | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Querying an IPv6 RA Guard Policy
Querying an IPv6 RA Guard Policy
GET http://<mgmt0_IP>/api/mo/sys/sisf/raguard-POL1.json
{
'imdata': [
{
'sisfInstRaGuard': {
'attributes': {
'ctrl': '',
'policyName': 'POL1',
'deviceRole': 'router',
'status': '',
'dn': 'sys/sisf/raguard-test',
'uid': '0', 'name': '',
'trustedPortEnabled': 'no',
'childAction': '',
'persistentOnReload': 'true',
'managedConfig': 'off',
'modTs': '2017-07-01T16:23:11.238+00:00',
'hopLimitMax': '0',
'adminSt': 'enabled',
'otherConfig': 'off',
'operErr': '',
'routerPreferenceMaximum': 'high',
'hopLimitMin': '0'
}
}
}
], 'totalCount': '1'
}
A query for an IPv6 RA guard policy.
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfInstRaGuard | sys/sisf/raguard-{policyName} |
sisfInstRaGuard Properties
The following table contains information about the sisfInstRaGuard properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| ctrl | nw:InstCtrl (scalar:Bitmask64) | The control state. | SELECTION: 1 - stateful-ha |
| policyName | string:Basic | Name of the nd raguard policy | A sequence of characters |
| deviceRole | sisf:raGuardDeviceRole (scalar:Enum8) | Set the role of the device attached to the port | SELECTION: 1 - host 2 - router 3 - switch 4 - monitor DEFAULT: host |
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
| dn | reference:BinRef | A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module. | |
| uid | scalar:Uint16 | A unique identifier for this object. | |
| trustedPortEnabled | scalar:Bool | Setup trusted port | SELECTION: true or false |
| childAction | mo:ModificationChildAction scalar:Bitmask32 | Delete or ignore. For internal use only. | SELECTION:
|
| persistentOnReload | mo:Persistent scalar:Enum8 | NO COMMENTS | SELECTION:
|
| managedConfig | sisf:raGuardManagedConfig (scalar:Enum8) | Enable verification of the advertised M flag | SELECTION: 0 - off 1 - on 2 - nocheck DEFAULT: nocheck |
| modTs | mo:TStamp (scalar:Date) | The time when this object was last modified. | SELECTION: 0 - never DEFAULT: never |
| hopLimitMax | sisf:hopLimitMax (scalar:Uint16) | Enable verification of the maximum advertised hop count limit | RANGE: [0 , 255] DEFAULT: 0 |
| adminSt | nw:AdminSt (scalar:Enum8) | The administrative state of the object or policy. | SELECTION: 1 - enabled 2 - disabled DEFAULT: enabled |
| otherConfig | sisf:raGuardOtherConfig (scalar:Enum8) | Enable verification of the advertised O flag | SELECTION: 0 - off 1 - on 2 - nocheck DEFAULT: nocheck |
| operErr | nw:OperErrQual (scalar:Bitmask64) | Operational Errors Qualifier | SELECTION: 1 - init-err 2 - mem-err 4 - ipc-err 8 - int-err 16 - sock-err 32 - proto-err |
| routerPreferenceMaximum | sisf:raGuardRouterPreferenceMaximum (scalar:Enum8) | Enable verification of the advertised router preference | SELECTION: 1 - low 2 - medium 3 - high 4 - nocheck DEFAULT: nocheck |
| hopLimitMin | sisf:hopLimitMin (scalar:Uint16) | Enable verification of the minimum advertised hop count limit | RANGE: [0 , 255] DEFAULT: 0 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Trusted Port (No Policing) for an IPv6 RA Guard Policy
Configuring Trusted Port (No Policing) for an IPv6 RA Guard Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstRaGuard": {
"attributes": {
"policyName": "Pol1",
"trustedPortEnabled": "yes"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<raguard-items>
<InstRAGuard-list>
<policyName>Pol1</policyName>
<trustedPortEnabled>true</trustedPortEnabled>
</InstRAGuard-list>
</raguard-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 nd raguard policy Pol1
trusted-port
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstRaGuard | sys/sisf/raguard-{policyName} |
sisfInstRaGuard Properties
The following table contains information about the sisfInstRaGuard properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| policyName | string:Basic | Name of the nd raguard policy | A sequence of characters |
| trustedPortEnabled | scalar:Bool | Setup trusted port | SELECTION: true or false |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Trusted Port (No Policing) Configuration for an IPv6 RA Guard Policy
Deleting the Trusted Port (No Policing) Configuration for an IPv6 RA Guard Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstRaGuard": {
"attributes": {
"policyName": "Pol1",
"trustedPortEnabled": "no"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<raguard-items>
<InstRAGuard-list>
<policyName>Pol1</policyName>
<trustedPortEnabled>false</trustedPortEnabled>
</InstRAGuard-list>
</raguard-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 nd raguard policy Pol1
no trusted-port
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstRaGuard | sys/sisf/raguard-{policyName} |
sisfInstRaGuard Properties
The following table contains information about the sisfInstRaGuard properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| policyName | string:Basic | Name of the nd raguard policy | A sequence of characters |
| trustedPortEnabled | scalar:Bool | Setup trusted port | SELECTION: true or false |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Maximum Hop Limit for an IPv6 RA Guard Policy
Configuring the Maximum Hop Limit for an IPv6 RA Guard Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstRaGuard": {
"attributes": {
"hopLimitMax": "123",
"policyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<raguard-items>
<InstRAGuard-list>
<policyName>Pol1</policyName>
<hopLimitMax>123</hopLimitMax>
</InstRAGuard-list>
</raguard-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 nd raguard policy Pol1
hop-limit maximum 123
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstRaGuard | sys/sisf/raguard-{policyName} |
sisfInstRaGuard Properties
The following table contains information about the sisfInstRaGuard properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| hopLimitMax | sisf:hopLimitMax (scalar:Uint16) | Enable verification of the maximum advertised hop count limit | RANGE: [0 , 255] DEFAULT: 0 |
| policyName | string:Basic | Name of the nd raguard policy | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Maximum Hop Limit Configuration for an IPv6 RA Guard Policy
Deleting the Maximum Hop Limit Configuration for an IPv6 RA Guard Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstRaGuard": {
"attributes": {
"hopLimitMax": "0",
"policyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<raguard-items>
<InstRAGuard-list>
<policyName>Pol1</policyName>
<hopLimitMax>0</hopLimitMax>
</InstRAGuard-list>
</raguard-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 nd raguard policy Pol1
no hop-limit maximum 123
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstRaGuard | sys/sisf/raguard-{policyName} |
sisfInstRaGuard Properties
The following table contains information about the sisfInstRaGuard properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| hopLimitMax | sisf:hopLimitMax (scalar:Uint16) | Enable verification of the maximum advertised hop count limit | RANGE: [0 , 255] DEFAULT: 0 |
| policyName | string:Basic | Name of the nd raguard policy | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Minimum Hop Limit for an IPv6 RA Guard Policy
Configuring the Minimum Hop Limit for an IPv6 RA Guard Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstRaGuard": {
"attributes": {
"hopLimitMin": "123",
"policyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<raguard-items>
<InstRAGuard-list>
<policyName>Pol1</policyName>
<hopLimitMin>123</hopLimitMin>
</InstRAGuard-list>
</raguard-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 nd raguard policy Pol1
hop-limit minimum 123
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstRaGuard | sys/sisf/raguard-{policyName} |
sisfInstRaGuard Properties
The following table contains information about the sisfInstRaGuard properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| hopLimitMin | sisf:hopLimitMin (scalar:Uint16) | Enable verification of the minimum advertised hop count limit | RANGE: [0 , 255] DEFAULT: 0 |
| policyName | string:Basic | Name of the nd raguard policy | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Minimum Hop Limit Configuration for an IPv6 RA Guard Policy
Deleting the Minimum Hop Limit Configuration for an IPv6 RA Guard Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstRaGuard": {
"attributes": {
"hopLimitMin": "0",
"policyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<raguard-items>
<InstRAGuard-list>
<policyName>Pol1</policyName>
<hopLimitMin>0</hopLimitMin>
</InstRAGuard-list>
</raguard-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 nd raguard policy Pol1
no hop-limit minimum 123
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Enabling the Verification of the Advertised Managed Address Configuration Flag for an IPv6 RA Guard Policy
Enabling the Verification of the Advertised Managed Address Configuration Flag for an IPv6 RA Guard Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstRaGuard": {
"attributes": {
"managedConfig": "on",
"policyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<raguard-items>
<InstRAGuard-list>
<policyName>Pol1</policyName>
<managedConfig>on</managedConfig>
</InstRAGuard-list>
</raguard-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 nd raguard policy Pol1
managed-config-flag on
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstRaGuard | sys/sisf/raguard-{policyName} |
sisfInstRaGuard Properties
The following table contains information about the sisfInstRaGuard properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| managedConfig | sisf:raGuardManagedConfig (scalar:Enum8) | Enable verification of the advertised M flag | SELECTION: 0 - off 1 - on 2 - nocheck DEFAULT: nocheck |
| policyName | string:Basic | Name of the nd raguard policy | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Deleting Enabling Advertised Managed Address Configuration Flag for an IPv6 RA Guard Policy
Deleting the Deleting Enabling Advertised Managed Address Configuration Flag for an IPv6 RA Guard Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstRaGuard": {
"attributes": {
"managedConfig": "off",
"policyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<raguard-items>
<InstRAGuard-list>
<policyName>Pol1</policyName>
<managedConfig>off</managedConfig>
</InstRAGuard-list>
</raguard-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 nd raguard policy Pol1
no managed-config-flag on
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstRaGuard | sys/sisf/raguard-{policyName} |
sisfInstRaGuard Properties
The following table contains information about the sisfInstRaGuard properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| managedConfig | sisf:raGuardManagedConfig (scalar:Enum8) | Enable verification of the advertised M flag | SELECTION: 0 - off 1 - on 2 - nocheck DEFAULT: nocheck |
| policyName | string:Basic | Name of the nd raguard policy | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Enabling the Verification of the Advertised Other Configuration Flag for an IPv6 RA Guard Policy
Enabling the Verification of the Advertised Other Configuration Flag for an IPv6 RA Guard Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstRaGuard": {
"attributes": {
"otherConfig": "on",
"policyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<raguard-items>
<InstRAGuard-list>
<policyName>Pol1</policyName>
<otherConfig>on</otherConfig>
</InstRAGuard-list>
</raguard-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 nd raguard policy Pol1
other-config-flag on
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstRaGuard | sys/sisf/raguard-{policyName} |
sisfInstRaGuard Properties
The following table contains information about the sisfInstRaGuard properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| otherConfig | sisf:raGuardOtherConfig (scalar:Enum8) | Enable verification of the advertised O flag | SELECTION: 0 - off 1 - on 2 - nocheck DEFAULT: nocheck |
| policyName | string:Basic | Name of the nd raguard policy | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Configuration for Enabling the Advertised Other Configuration Flag for an IPv6 RA Guard Policy
Deleting the Configuration for Enabling the Advertised Other Configuration Flag for an IPv6 RA Guard Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstRaGuard": {
"attributes": {
"otherConfig": "off",
"policyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<raguard-items>
<InstRAGuard-list>
<policyName>Pol1</policyName>
<otherConfig>off</otherConfig>
</InstRAGuard-list>
</raguard-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 nd raguard policy Pol1
no other-config-flag on
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstRaGuard | sys/sisf/raguard-{policyName} |
sisfInstRaGuard Properties
The following table contains information about the sisfInstRaGuard properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| otherConfig | sisf:raGuardOtherConfig (scalar:Enum8) | Enable verification of the advertised O flag | SELECTION: 0 - off 1 - on 2 - nocheck DEFAULT: nocheck |
| policyName | string:Basic | Name of the nd raguard policy | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Configured Role of the Monitor Attached to the Port for an IPv6 RA Guard Policy
Deleting the Configured Role of the Monitor Attached to the Port for an IPv6 RA Guard Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstRaGuard": {
"attributes": {
"deviceRole": "host",
"policyName": "attach-policy"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<raguard-items>
<InstRAGuard-list>
<policyName>attach-policy</policyName>
<deviceRole>host</deviceRole>
</InstRAGuard-list>
</raguard-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 nd raguard policy attach-policy
no device-role monitor
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstRaGuard | sys/sisf/raguard-{policyName} |
sisfInstRaGuard Properties
The following table contains information about the sisfInstRaGuard properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| deviceRole | sisf:raGuardDeviceRole (scalar:Enum8) | Set the role of the device attached to the port | SELECTION: 1 - host 2 - router 3 - switch 4 - monitor DEFAULT: host |
| policyName | string:Basic | Name of the nd raguard policy | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Discarding RAs with a Router Preference Greater than High
Discarding RAs with a Router Preference Greater than High
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstRaGuard": {
"attributes": {
"policyName": "Pol1",
"routerPreferenceMaximum": "high"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<raguard-items>
<InstRAGuard-list>
<policyName>Pol1</policyName>
<routerPreferenceMaximum>high</routerPreferenceMaximum>
</InstRAGuard-list>
</raguard-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 nd raguard policy Pol1
router-preference maximum high
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstRaGuard | sys/sisf/raguard-{policyName} |
sisfInstRaGuard Properties
The following table contains information about the sisfInstRaGuard properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| policyName | string:Basic | Name of the nd raguard policy | A sequence of characters |
| routerPreferenceMaximum | sisf:raGuardRouterPreferenceMaximum (scalar:Enum8) | Enable verification of the advertised router preference | SELECTION: 1 - low 2 - medium 3 - high 4 - nocheck DEFAULT: nocheck |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Configuration for Discarding RAs with a Router Preference Greater than High
Deleting the Configuration for Discarding RAs with a Router Preference Greater than High
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstRaGuard": {
"attributes": {
"policyName": "Pol1",
"routerPreferenceMaximum": "high"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<raguard-items>
<InstRAGuard-list>
<policyName>Pol1</policyName>
<routerPreferenceMaximum>high</routerPreferenceMaximum>
</InstRAGuard-list>
</raguard-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 nd raguard policy Pol1
no router-preference maximum high
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstRaGuard | sys/sisf/raguard-{policyName} |
sisfInstRaGuard Properties
The following table contains information about the sisfInstRaGuard properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| policyName | string:Basic | Name of the nd raguard policy | A sequence of characters |
| routerPreferenceMaximum | sisf:raGuardRouterPreferenceMaximum (scalar:Enum8) | Enable verification of the advertised router preference | SELECTION: 1 - low 2 - medium 3 - high 4 - nocheck DEFAULT: nocheck |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Attaching an IPv6 RA Guard Policy to an Ethernet Interface
Attaching an IPv6 RA Guard Policy to an Ethernet Interface
POST http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfFhsIf": {
"attributes": {
"dhcpGuardpolicyName": "POL1",
"id": "eth1/16",
"raGuardpolicyName": "POL1",
"snoopingpolicyName": "POL1"
}}}]}}
{
"imdata": []
}
<System>
<sisf-items>
<fhsif-items>
<FhsIf-list>
<id>eth1/16</id>
<raGuardpolicyName>POL1</raGuardpolicyName>
</FhsIf-list>
</fhsif-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface eth 1/16
ipv6 nd raguard attach-policy POL1
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfFhsIf | sys/sisf/fhsif-{[id]} |
sisfFhsIf Properties
The following table contains information about the sisfFhsIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| dhcpGuardpolicyName | string:Basic | Attach a dhcp guard policy of FHS feature | A sequence of characters |
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| raGuardpolicyName | string:Basic | Attach a nd raguard policy of FHS feature | A sequence of characters |
| snoopingpolicyName | string:Basic | Attach a snooping policy of FHS feature | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Removing an IPv6 RA Guard Policy from an Ethernet Interface
Removing an IPv6 RA Guard Policy from an Ethernet Interface
POST http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfFhsIf": {
"attributes": {
"dhcpGuardpolicyName": "",
"id": "eth1/16",
"raGuardpolicyName": "",
}}}]}}
{
"imdata": []
}
<System>
<sisf-items>
<fhsif-items>
<FhsIf-list>
<id>eth1/16</id>
<raGuardpolicyName></raGuardpolicyName>
</FhsIf-list>
</fhsif-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface eth 1/16
no ipv6 nd raguard attach-policy POL1
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfFhsIf | sys/sisf/fhsif-{[id]} |
sisfFhsIf Properties
The following table contains information about the sisfFhsIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| dhcpGuardpolicyName | string:Basic | Attach a dhcp guard policy of FHS feature | A sequence of characters |
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| raGuardpolicyName | string:Basic | Attach a nd raguard policy of FHS feature | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Attaching an IPv6 RA Guard Policy on a Switchport Interface
Attaching an IPv6 RA Guard Policy on a Switchport Interface
http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/3",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
},
{
"sisfEntity": {
"children": [
{
"sisfFhsIf": {
"attributes": {
"raGuardpolicyName": "POL1",
"id": "eth1/3"
}}}]}}]}}
{
imdata:[]
}
<System>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/3</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
<sisf-items>
<FhsIf-items>
<FhsIf-list>
<id>eth1/3</id>
<raGuardpolicyName>POL1</raGuardpolicyName>
</FhsIf-list>
</FhsIf-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/3
switchport
ipv6 nd raguard attach-policy POL1
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-{[id]} |
| sisfEntity | sys/sisf |
| sisfFhsIf | sys/sisf/fhsif-{[id]} |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
sisfFhsIf Properties
The following table contains information about the sisfFhsIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| raGuardpolicyName | string:Basic | Attach a nd raguard policy of FHS feature | A sequence of characters |
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Removing an IPv6 RA Guard Policy from a Switchport Interface
Removing an IPv6 RA Guard Policy from a Switchport Interface
http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/3",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
},
{
"sisfEntity": {
"children": [
{
"sisfFhsIf": {
"attributes": {
"raGuardpolicyName": "",
"id": "eth1/3"
}}}]}}]}}
{
imdata:[]
}
<System>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/3</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
<sisf-items>
<FhsIf-items>
<FhsIf-list>
<id>eth1/3</id>
<raGuardpolicyName></raGuardpolicyName>
</FhsIf-list>
</FhsIf-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/3
switchport
no ipv6 nd raguard attach-policy POL1
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-{[id]} |
| sisfEntity | sys/sisf |
| sisfFhsIf | sys/sisf/fhsif-{[id]} |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
sisfFhsIf Properties
The following table contains information about the sisfFhsIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| raGuardpolicyName | string:Basic | Attach a nd raguard policy of FHS feature | A sequence of characters |
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Attaching an IPv6 RA Guard Policy to a VLAN Configuration
Attaching an IPv6 RA Guard Policy to a VLAN Configuration
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"bdEntity": {
"children": [
{
"l2VlanConfig": {
"attributes": {
"accEncap": "vlan-127"
}
}
}
]
}
},
{
"sisfEntity": {
"children": [
{
"sisfFhsVlan": {
"attributes": {
"raGuardpolicyName": "POL1",
"vlanID": "127"
}
}
}
]
}
}
]
}
}
{
'imdata': []
}
<System>
<bd-items>
<vlanconfig-items>
<VlanConfig-list>
<accEncap>vlan-127</accEncap>
</VlanConfig-list>
</vlanconfig-items>
</bd-items>
<sisf-items>
<fhsvlan-items>
<FhsVlan-list>
<vlanID>127</vlanID>
<raGuardpolicyName>POL1</raGuardpolicyName>
</FhsVlan-list>
</fhsvlan-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
vlan config 127
ipv6 nd raguard attach-policy POL1
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| bdEntity | sys/bd |
| l2VlanConfig | sys/bd/vlanconfig-{[accEncap]} |
| sisfEntity | sys/sisf |
| sisfFhsVlan | sys/sisf/fhsvlan-{vlanID} |
l2VlanConfig Properties
The following table contains information about the l2VlanConfig properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| accEncap | base:Encap | Access Encapsulation | SELECTION: unknown, vlan-%d or vxlan-%d |
sisfFhsVlan Properties
The following table contains information about the sisfFhsVlan properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| raGuardpolicyName | string:Basic | Attach a nd raguard policy of FHS feature | A sequence of characters |
| vlanID | sisf:VlanID (scalar:Uint16) | Vlan Number | RANGE: [1 , 4096] |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Removing an IPv6 RA Guard Policy from a VLAN Configuration
Removing an IPv6 RA Guard Policy from a VLAN Configuration
http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"bdEntity": {
"children": [
{
"l2VlanConfig": {
"attributes": {
"accEncap": "vlan-127"
}
}
}
]
}
},
{
"sisfEntity": {
"children": [
{
"sisfFhsVlan": {
"attributes": {
"raGuardpolicyName": "",
"vlanID": "127"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<bd-items>
<vlanconfig-items>
<VlanConfig-list>
<accEncap>vlan-127</accEncap>
</VlanConfig-list>
</vlanconfig-items>
</bd-items>
<sisf-items>
<fhsvlan-items>
<FhsVlan-list>
<vlanID>127</vlanID>
<raGuardpolicyName></raGuardpolicyName>
</FhsVlan-list>
</fhsvlan-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
vlan configuration 127
no ipv6 nd raguard attach-policy POL1
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| bdEntity | sys/bd |
| l2VlanConfig | sys/bd/vlanconfig-{[accEncap]} |
| sisfEntity | sys/sisf |
| sisfFhsVlan | sys/sisf/fhsvlan-{vlanID} |
l2VlanConfig Properties
The following table contains information about the l2VlanConfig properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| accEncap | base:Encap | Access Encapsulation | SELECTION: unknown, vlan-%d or vxlan-%d |
sisfFhsVlan Properties
The following table contains information about the sisfFhsVlan properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| raGuardpolicyName | string:Basic | Attach a nd raguard policy of FHS feature | A sequence of characters |
| vlanID | sisf:VlanID (scalar:Uint16) | Vlan Number | RANGE: [1 , 4096] |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide: