Configuring IPv6 Snooping Policies

DHCP snooping acts like a firewall between untrusted hosts and trusted DHCP servers. DHCP snooping performs the following activities:

• Validates DHCP messages received from untrusted sources and filters out invalid messages.
• Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses.
• Uses the DHCP snooping binding database to validate subsequent requests from untrusted hosts.

DHCP snooping can be enabled globally and on a per-VLAN basis. By default, the feature is disabled globally and on all VLANs. You can enable the feature on a single VLAN or a range of VLANs.

This section contains payload examples and CLIs to demonstrate how to use the NX-API REST API to configure IPv6 snooping policies on Cisco Nexus 3000 and 9000 Series switches and to show how the REST APIs correspond to the CLI commands. For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-installation-and-configuration-guides-list.html/

Configuring an IPv6 Snooping Policy

Configures an IPv6 snooping policy and enters IPv6 snooping configuration mode.

CLI Command

The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ipv6 snooping policy POL1

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
sisfEntity	sys/sisf
sisfInstSnooping	sys/sisf/snooping-{policyName}

sisfInstSnooping Properties

The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
PolicyName	string:Basic	Name of the snooping policy	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Querying an IPv6 Snooping Policy

A query for an IPv6 snooping policy.

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
sisfInstSnooping	sys/sisf/snooping-{policyName}

sisfInstSnooping Properties

The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
uid	scalar:Uint16	A unique identifier for this object.
PolicyName	string:Basic	Name of the snooping policy	A sequence of characters
adminSt	nw:AdminSt (scalar:Enum8)	The administrative state of the object or policy.	SELECTION: 1 - enabled 2 - disabled DEFAULT: enabled
modTs	mo:TStamp (scalar:Date)	The time when this object was last modified.	SELECTION: 0 - never DEFAULT: never
persistentOnReload	mo:Persistent scalar:Enum8	NO COMMENTS	SELECTION: 0 - false 1 - true DEFAULT: true(1)
TrustedPortEnabled	scalar:Bool	Setup trusted port	SELECTION: true or false
Tracking	sisf:NonGlobalTracking (scalar:Enum8)	Override default tracking behavior	SELECTION: 0 - default 1 - disable 2 - enable DEFAULT: default
Protocol	NA	NA	NA
SecurityLevel	sisf:securityLevel (scalar:Enum8)	Setup security level of snoopiong policy	SELECTION: 0 - glean 1 - inspect 2 - guard DEFAULT: guard
DeviceRole	sisf:deviceRole (scalar:Enum8)	Sets the role of the device attached to the port	SELECTION: 0 - node 3 - switch DEFAULT: node
StaleLifetimer	sisf:staleLifetimerSnoopingPolicy (scalar:Uint64)	RANGE: [0 , 86400] DEFAULT: 86400
dn	reference:BinRef	A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.
ctrl	nw:InstCtrl (scalar:Bitmask64)	The control state.	SELECTION: 1 - stateful-ha
name	naming:Name256 (string:Basic)	The name of the object.	MAX SIZE: 128

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Role of the Switch Attached to the Port for an IPv6 Snooping Policy

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 snooping policy Pol1
 device-role switch

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
sisfEntity	sys/sisf
sisfInstSnooping	sys/sisf/snooping-{policyName}

sisfInstSnooping Properties

The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
DeviceRole	sisf:deviceRole (scalar:Enum8)	Sets the role of the device attached to the port	SELECTION: 0 - node 3 - switch DEFAULT: node
PolicyName	string:Basic	Name of the snooping policy	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Configured Role of the Switch Attached to the Port for an IPv6 Snooping Policy

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 snooping policy Pol1
 no device-role switch

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
sisfEntity	sys/sisf
sisfInstSnooping	sys/sisf/snooping-{policyName}

sisfInstSnooping Properties

The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
DeviceRole	sisf:deviceRole (scalar:Enum8)	Sets the role of the device attached to the port	SELECTION: 0 - node 3 - switch DEFAULT: node
PolicyName	string:Basic	Name of the snooping policy	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Maximum Addresses per Port for an IPv6 Snooping Policy

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 snooping policy Pol1
 limit address-count 123

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
sisfEntity	sys/sisf
sisfInstSnooping	sys/sisf/snooping-{policyName}

sisfInstSnooping Properties

The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
LimitAddressCount	sisf:limitAddressCount (scalar:Uint16)	Configure maximum address per port	RANGE: [0 , 32000]
PolicyName	string:Basic	Name of the snooping policy	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring a List of Protected Prefixes to Glean DHCP Packets for an IPv6 Snooping Policy

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 snooping policy Pol1
 protocol dhcp prefix-list ListName

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
sisfEntity	sys/sisf
sisfInstSnooping	sys/sisf/snooping-{policyName}

sisfInstSnooping Properties

The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
DhcpProtocol	sisf:dhcpflag (scalar:Enum8)	Glean addresses in DHCP packets	SELECTION: 0 - on 1 - off
PolicyName	string:Basic	Name of the snooping policy	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a Configured List of Protected Prefixes to Glean DHCP Packets for an IPv6 Snooping Policy

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 snooping policy Pol1
 no protocol dhcp prefix-list ListName

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
sisfEntity	sys/sisf
sisfInstSnooping	sys/sisf/snooping-{policyName}

sisfInstSnooping Properties

The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
DhcpProtocol	sisf:dhcpflag (scalar:Enum8)	Glean addresses in DHCP packets	SELECTION: 0 - on 1 - off
PolicyName	string:Basic	Name of the snooping policy	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Security Level to Glean Addresses for an IPv6 Snooping Policy

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 snooping policy Pol1
 security-level glean

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
sisfEntity	sys/sisf
sisfInstSnooping	sys/sisf/snooping-{policyName}

sisfInstSnooping Properties

The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
PolicyName	string:Basic	Name of the snooping policy	A sequence of characters
SecurityLevel	sisf:securityLevel (scalar:Enum8)	Setup security level of snoopiong policy	SELECTION: 0 - glean 1 - inspect 2 - guard DEFAULT: guard

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a Configured Security Level for an IPv6 Snooping Policy

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 snooping policy Pol1
 no security-level glean

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
sisfEntity	sys/sisf
sisfInstSnooping	sys/sisf/snooping-{policyName}

sisfInstSnooping Properties

The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
PolicyName	string:Basic	Name of the snooping policy	A sequence of characters
SecurityLevel	sisf:securityLevel (scalar:Enum8)	Setup security level of snoopiong policy	SELECTION: 0 - glean 1 - inspect 2 - guard DEFAULT: guard

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring to Override Tracking Behavior for an IPv6 Snooping Policy

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 snooping policy Pol1
 tracking enable reachable-lifetime 123

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
sisfEntity	sys/sisf
sisfInstSnooping	sys/sisf/snooping-{policyName}

sisfInstSnooping Properties

The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
PolicyName	string:Basic	Name of the snooping policy	A sequence of characters
ReachableLifetimer	sisf:reachableLifetimerSnoopingPolicy (scalar:Uint64)	RANGE: [0 , 86400] DEFAULT: 300
StaleLifetimer	sisf:staleLifetimerSnoopingPolicy (scalar:Uint64)	RANGE: [0 , 86400] DEFAULT: 86400
Tracking	sisf:NonGlobalTracking (scalar:Enum8)	Override default tracking behavior	SELECTION: 0 - default 1 - disable 2 - enable DEFAULT: default

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a Configured Override for the Tracking Behavior of an IPv6 Snooping Policy

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 snooping policy Pol1
 no tracking enable reachable-lifetime 123

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
sisfEntity	sys/sisf
sisfInstSnooping	sys/sisf/snooping-{policyName}

sisfInstSnooping Properties

The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
PolicyName	string:Basic	Name of the snooping policy	A sequence of characters
ReachableLifetimer	sisf:reachableLifetimerSnoopingPolicy (scalar:Uint64)	RANGE: [0 , 86400] DEFAULT: 300
StaleLifetimer	sisf:staleLifetimerSnoopingPolicy (scalar:Uint64)	RANGE: [0 , 86400] DEFAULT: 86400
Tracking	sisf:NonGlobalTracking (scalar:Enum8)	Override default tracking behavior	SELECTION: 0 - default 1 - disable 2 - enable DEFAULT: default

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Trusted Port (No Policing) for an IPv6 Snooping Policy

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 snooping policy Pol1
 trusted-port

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
sisfEntity	sys/sisf
sisfInstSnooping	sys/sisf/snooping-{policyName}

sisfInstSnooping Properties

The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
PolicyName	string:Basic	Name of the snooping policy	A sequence of characters
TrustedPortEnabled	scalar:Bool	Setup trusted port	SELECTION: true or false

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Trusted Port (No Policing) Configuration for an IPv6 Snooping Policy

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 snooping policy Pol1
 no trusted-port

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
sisfEntity	sys/sisf
sisfInstSnooping	sys/sisf/snooping-{policyName}

sisfInstSnooping Properties

The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
PolicyName	string:Basic	Name of the snooping policy	A sequence of characters
TrustedPortEnabled	scalar:Bool	Setup trusted port	SELECTION: true or false

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Attaching an IPv6 Snooping Policy to an Ethernet Interface

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface eth 1/16
 ipv6 snooping attach-policy POL1

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
sisfEntity	sys/sisf
sisfFhsIf	sys/sisf/fhsif-{[id]}

sisfFhsIf Properties

The following table contains information about the sisfFhsIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
snoopingPolicyName	string:Basic	Attach a snooping policy of FHS feature	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Removing an IPv6 Snooping Policy from an Ethernet Interface

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface eth 1/16
 no ipv6 snooping attach-policy POL1

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
sisfEntity	sys/sisf
sisfFhsIf	sys/sisf/fhsif-{[id]}

sisfFhsIf Properties

The following table contains information about the sisfFhsIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
dhcpGuardPolicyName	string:Basic	Attach a dhcp guard policy of FHS feature	A sequence of characters
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
snoopingPolicyName	string:Basic	Attach a snooping policy of FHS feature	A sequence of characters

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Attaching an IPv6 Snooping Policy on a Switchport Interface

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface ethernet 1/3
 switchport
  ipv6 snooping attach-policy POL1

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
topSystem	sys
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-{[id]}
sisfEntity	sys/sisf
sisfFhsIf	sys/sisf/fhsif-{[id]}

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

sisfFhsIf Properties

The following table contains information about the sisfFhsIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
snoopingPolicyName	string:Basic	Attach a snooping policy of FHS feature	A sequence of characters
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Removing an IPv6 Snooping Policy from a Switchport Interface

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface ethernet 1/3
 switchport
  no ipv6 snooping attach-policy POL1

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
topSystem	sys
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-{[id]}
sisfEntity	sys/sisf
sisfFhsIf	sys/sisf/fhsif-{[id]}

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

sisfFhsIf Properties

The following table contains information about the sisfFhsIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
snoopingPolicyName	string:Basic	Attach a snooping policy of FHS feature	A sequence of characters
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Attaching an IPv6 Snooping Policy to a VLAN Configuration

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

vlan config 127
 ipv6 snooping attach-policy POL1

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
topSystem	sys
bdEntity	sys/bd
l2VlanConfig	sys/bd/vlanconfig-{[accEncap]}
sisfEntity	sys/sisf
sisfFhsVlan	sys/sisf/fhsvlan-{vlanID}

l2VlanConfig Properties

The following table contains information about the l2VlanConfig properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
accEncap	base:Encap	Access Encapsulation	SELECTION: unknown, vlan-%d or vxlan-%d

sisfFhsVlan Properties

The following table contains information about the sisfFhsVlan properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
snoopingPolicyName	string:Basic	Attach a snooping policy of FHS feature	A sequence of characters
vlanID	sisf:VlanID (scalar:Uint16)	Vlan Number	RANGE: [1 , 4096]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Removing an IPv6 Snooping Policy from a VLAN Configuration

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

vlan configuration 127
 no ipv6 snooping attach-policy POL1

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
topSystem	sys
bdEntity	sys/bd
l2VlanConfig	sys/bd/vlanconfig-{[accEncap]}
sisfEntity	sys/sisf
sisfFhsVlan	sys/sisf/fhsvlan-{vlanID}

l2VlanConfig Properties

The following table contains information about the l2VlanConfig properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
accEncap	base:Encap	Access Encapsulation	SELECTION: unknown, vlan-%d or vxlan-%d

sisfFhsVlan Properties

The following table contains information about the sisfFhsVlan properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
snoopingPolicyName	string:Basic	Attach a snooping policy of FHS feature	A sequence of characters
vlanID	sisf:VlanID (scalar:Uint16)	Vlan Number	RANGE: [1 , 4096]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html