Configuring IPv6 Snooping Policies
DHCP snooping acts like a firewall between untrusted hosts and trusted DHCP servers. DHCP snooping performs the following activities:
- Validates DHCP messages received from untrusted sources and filters out invalid messages.
- Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses.
- Uses the DHCP snooping binding database to validate subsequent requests from untrusted hosts.
DHCP snooping can be enabled globally and on a per-VLAN basis. By default, the feature is disabled globally and on all VLANs. You can enable the feature on a single VLAN or a range of VLANs.
This section contains payload examples and CLIs to demonstrate how to use the NX-API REST API to configure IPv6 snooping policies on Cisco Nexus 3000 and 9000 Series switches and to show how the REST APIs correspond to the CLI commands. For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.
Configuring an IPv6 Snooping Policy
Configuring an IPv6 Snooping Policy
POST http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"PolicyName": "POL1"
}}}]}}
{
'imdata': []
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>POL1</PolicyName>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
Configures an IPv6 snooping policy and enters IPv6 snooping configuration mode.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
ipv6 snooping policy POL1
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstSnooping | sys/sisf/snooping-{policyName} |
sisfInstSnooping Properties
The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| PolicyName | string:Basic | Name of the snooping policy | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Querying an IPv6 Snooping Policy
Querying an IPv6 Snooping Policy
GET http://<mgmt0_IP>/api/mo/sys/sisf/snooping-POL1.json
{
'imdata': [
{
'sisfInstSnooping': {
'attributes': {
'uid': '27002',
'PolicyName': ' POL1',
'adminSt': 'enabled',
'modTs': '2017-05-04T10:05:35.967+00:00',
'persistentOnReload': 'true', 'status': '',
'TrustedPortEnabled': 'no', 'LimitAddressCount': '0',
'Tracking': 'disable', 'ReachableLifetimer': '300',
'Protocol': 'dhcp',
'SecurityLevel': 'guard',
'DeviceRole': 'node',
'StaleLifetimer': '86400',
'dn': 'sys/sisf/snooping-POL1',
'ctrl': '', 'childAction': '',
'name': '', 'operErr': ''}
}
}
], 'totalCount': '1’
}
A query for an IPv6 snooping policy.
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfInstSnooping | sys/sisf/snooping-{policyName} |
sisfInstSnooping Properties
The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| uid | scalar:Uint16 | A unique identifier for this object. | |
| PolicyName | string:Basic | Name of the snooping policy | A sequence of characters |
| adminSt | nw:AdminSt (scalar:Enum8) | The administrative state of the object or policy. | SELECTION: 1 - enabled 2 - disabled DEFAULT: enabled |
| modTs | mo:TStamp (scalar:Date) | The time when this object was last modified. | SELECTION: 0 - never DEFAULT: never |
| persistentOnReload | mo:Persistent scalar:Enum8 | NO COMMENTS | SELECTION:
|
| TrustedPortEnabled | scalar:Bool | Setup trusted port | SELECTION: true or false |
| Tracking | sisf:NonGlobalTracking (scalar:Enum8) | Override default tracking behavior | SELECTION: 0 - default 1 - disable 2 - enable DEFAULT: default |
| Protocol | NA | NA | NA |
| SecurityLevel | sisf:securityLevel (scalar:Enum8) | Setup security level of snoopiong policy | SELECTION: 0 - glean 1 - inspect 2 - guard DEFAULT: guard |
| DeviceRole | sisf:deviceRole (scalar:Enum8) | Sets the role of the device attached to the port | SELECTION: 0 - node 3 - switch DEFAULT: node |
| StaleLifetimer | sisf:staleLifetimerSnoopingPolicy (scalar:Uint64) | RANGE: [0 , 86400] DEFAULT: 86400 | |
| dn | reference:BinRef | A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module. | |
| ctrl | nw:InstCtrl (scalar:Bitmask64) | The control state. | SELECTION: 1 - stateful-ha |
| name | naming:Name256 (string:Basic) | The name of the object. | MAX SIZE: 128 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Role of the Switch Attached to the Port for an IPv6 Snooping Policy
Configuring the Role of the Switch Attached to the Port for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"DeviceRole": "switch",
"PolicyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<DeviceRole>switch</DeviceRole>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
device-role switch
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstSnooping | sys/sisf/snooping-{policyName} |
sisfInstSnooping Properties
The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| DeviceRole | sisf:deviceRole (scalar:Enum8) | Sets the role of the device attached to the port | SELECTION: 0 - node 3 - switch DEFAULT: node |
| PolicyName | string:Basic | Name of the snooping policy | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Configured Role of the Switch Attached to the Port for an IPv6 Snooping Policy
Deleting the Configured Role of the Switch Attached to the Port for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"DeviceRole": "node",
"PolicyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<DeviceRole>node</DeviceRole>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
no device-role switch
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstSnooping | sys/sisf/snooping-{policyName} |
sisfInstSnooping Properties
The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| DeviceRole | sisf:deviceRole (scalar:Enum8) | Sets the role of the device attached to the port | SELECTION: 0 - node 3 - switch DEFAULT: node |
| PolicyName | string:Basic | Name of the snooping policy | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Maximum Addresses per Port for an IPv6 Snooping Policy
Configuring the Maximum Addresses per Port for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"LimitAddressCount": "123",
"PolicyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<LimitAddressCount>123</LimitAddressCount>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
limit address-count 123
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstSnooping | sys/sisf/snooping-{policyName} |
sisfInstSnooping Properties
The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| LimitAddressCount | sisf:limitAddressCount (scalar:Uint16) | Configure maximum address per port | RANGE: [0 , 32000] |
| PolicyName | string:Basic | Name of the snooping policy | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring a List of Protected Prefixes to Glean DHCP Packets for an IPv6 Snooping Policy
Configuring a List of Protected Prefixes to Glean DHCP Packets for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"DhcpProtocol": "on",
"PolicyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<DhcpProtocol>on</DhcpProtocol>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
protocol dhcp prefix-list ListName
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstSnooping | sys/sisf/snooping-{policyName} |
sisfInstSnooping Properties
The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| DhcpProtocol | sisf:dhcpflag (scalar:Enum8) | Glean addresses in DHCP packets | SELECTION: 0 - on 1 - off |
| PolicyName | string:Basic | Name of the snooping policy | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting a Configured List of Protected Prefixes to Glean DHCP Packets for an IPv6 Snooping Policy
Deleting a Configured List of Protected Prefixes to Glean DHCP Packets for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"DhcpProtocol": "off",
"PolicyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<DhcpProtocol>off</DhcpProtocol>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
no protocol dhcp prefix-list ListName
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstSnooping | sys/sisf/snooping-{policyName} |
sisfInstSnooping Properties
The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| DhcpProtocol | sisf:dhcpflag (scalar:Enum8) | Glean addresses in DHCP packets | SELECTION: 0 - on 1 - off |
| PolicyName | string:Basic | Name of the snooping policy | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Security Level to Glean Addresses for an IPv6 Snooping Policy
Configuring the Security Level to Glean Addresses for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"PolicyName": "Pol1",
"SecurityLevel": "glean"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<SecurityLevel>glean</SecurityLevel>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
security-level glean
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstSnooping | sys/sisf/snooping-{policyName} |
sisfInstSnooping Properties
The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| PolicyName | string:Basic | Name of the snooping policy | A sequence of characters |
| SecurityLevel | sisf:securityLevel (scalar:Enum8) | Setup security level of snoopiong policy | SELECTION: 0 - glean 1 - inspect 2 - guard DEFAULT: guard |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting a Configured Security Level for an IPv6 Snooping Policy
Deleting a Configured Security Level for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"PolicyName": "Pol1",
"SecurityLevel": "guard"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<SecurityLevel>guard</SecurityLevel>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
no security-level glean
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstSnooping | sys/sisf/snooping-{policyName} |
sisfInstSnooping Properties
The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| PolicyName | string:Basic | Name of the snooping policy | A sequence of characters |
| SecurityLevel | sisf:securityLevel (scalar:Enum8) | Setup security level of snoopiong policy | SELECTION: 0 - glean 1 - inspect 2 - guard DEFAULT: guard |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring to Override Tracking Behavior for an IPv6 Snooping Policy
Configuring to Override Tracking Behavior for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"PolicyName": "Pol1",
"ReachableLifetimer": "123",
"StaleLifetimer": "86400",
"Tracking": "enable"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<ReachableLifetimer>123</ReachableLifetimer>
<StaleLifetimer>86400</StaleLifetimer>
<Tracking>enable</Tracking>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
tracking enable reachable-lifetime 123
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstSnooping | sys/sisf/snooping-{policyName} |
sisfInstSnooping Properties
The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| PolicyName | string:Basic | Name of the snooping policy | A sequence of characters |
| ReachableLifetimer | sisf:reachableLifetimerSnoopingPolicy (scalar:Uint64) | RANGE: [0 , 86400] DEFAULT: 300 | |
| StaleLifetimer | sisf:staleLifetimerSnoopingPolicy (scalar:Uint64) | RANGE: [0 , 86400] DEFAULT: 86400 | |
| Tracking | sisf:NonGlobalTracking (scalar:Enum8) | Override default tracking behavior | SELECTION: 0 - default 1 - disable 2 - enable DEFAULT: default |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting a Configured Override for the Tracking Behavior of an IPv6 Snooping Policy
Deleting a Configured Override for the Tracking Behavior of an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"PolicyName": "Pol1",
"ReachableLifetimer": "300",
"StaleLifetimer": "86400",
"Tracking": "disable"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<ReachableLifetimer>300</ReachableLifetimer>
<StaleLifetimer>86400</StaleLifetimer>
<Tracking>disable</Tracking>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
no tracking enable reachable-lifetime 123
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstSnooping | sys/sisf/snooping-{policyName} |
sisfInstSnooping Properties
The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| PolicyName | string:Basic | Name of the snooping policy | A sequence of characters |
| ReachableLifetimer | sisf:reachableLifetimerSnoopingPolicy (scalar:Uint64) | RANGE: [0 , 86400] DEFAULT: 300 | |
| StaleLifetimer | sisf:staleLifetimerSnoopingPolicy (scalar:Uint64) | RANGE: [0 , 86400] DEFAULT: 86400 | |
| Tracking | sisf:NonGlobalTracking (scalar:Enum8) | Override default tracking behavior | SELECTION: 0 - default 1 - disable 2 - enable DEFAULT: default |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Trusted Port (No Policing) for an IPv6 Snooping Policy
Configuring Trusted Port (No Policing) for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"PolicyName": "Pol1",
"TrustedPortEnabled": "yes"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<TrustedPortEnabled>true</TrustedPortEnabled>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
trusted-port
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstSnooping | sys/sisf/snooping-{policyName} |
sisfInstSnooping Properties
The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| PolicyName | string:Basic | Name of the snooping policy | A sequence of characters |
| TrustedPortEnabled | scalar:Bool | Setup trusted port | SELECTION: true or false |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Trusted Port (No Policing) Configuration for an IPv6 Snooping Policy
Deleting the Trusted Port (No Policing) Configuration for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"PolicyName": "Pol1",
"TrustedPortEnabled": "no"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<TrustedPortEnabled>false</TrustedPortEnabled>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
no trusted-port
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfInstSnooping | sys/sisf/snooping-{policyName} |
sisfInstSnooping Properties
The following table contains information about the sisfInstSnooping properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| PolicyName | string:Basic | Name of the snooping policy | A sequence of characters |
| TrustedPortEnabled | scalar:Bool | Setup trusted port | SELECTION: true or false |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Attaching an IPv6 Snooping Policy to an Ethernet Interface
Attaching an IPv6 Snooping Policy to an Ethernet Interface
POST http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfFhsIf": {
"attributes": {
"snoopingPolicyName": "POL1"
}}}]}}
{
"imdata": []
}
<System>
<sisf-items>
<fhsif-items>
<FhsIf-list>
<id>eth1/16</id>
<snoopingPolicyName>POL1</snoopingPolicyName>
</FhsIf-list>
</fhsif-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface eth 1/16
ipv6 snooping attach-policy POL1
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfFhsIf | sys/sisf/fhsif-{[id]} |
sisfFhsIf Properties
The following table contains information about the sisfFhsIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| snoopingPolicyName | string:Basic | Attach a snooping policy of FHS feature | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Removing an IPv6 Snooping Policy from an Ethernet Interface
Removing an IPv6 Snooping Policy from an Ethernet Interface
POST http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfFhsIf": {
"attributes": {
"dhcpGuardPolicyName": "",
"id": "eth1/16",
"snoopingPolicyName": ""
}}}]}}
{
"imdata": []
}
<System>
<sisf-items>
<fhsif-items>
<FhsIf-list>
<id>eth1/16</id>
<snoopingPolicyName></snoopingPolicyName>
</FhsIf-list>
</fhsif-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface eth 1/16
no ipv6 snooping attach-policy POL1
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| sisfEntity | sys/sisf |
| sisfFhsIf | sys/sisf/fhsif-{[id]} |
sisfFhsIf Properties
The following table contains information about the sisfFhsIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| dhcpGuardPolicyName | string:Basic | Attach a dhcp guard policy of FHS feature | A sequence of characters |
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| snoopingPolicyName | string:Basic | Attach a snooping policy of FHS feature | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Attaching an IPv6 Snooping Policy on a Switchport Interface
Attaching an IPv6 Snooping Policy on a Switchport Interface
http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/3",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
},
{
"sisfEntity": {
"children": [
{
"sisfFhsIf": {
"attributes": {
"snoopingPolicyName": "POL1",
"id": "eth1/3"
}}}]}}]}}
{
imdata:[]
}
<System>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/3</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
<sisf-items>
<FhsIf-items>
<FhsIf-list>
<id>eth1/3</id>
<snoopingPolicyName>POL1</snoopingPolicyName>
</FhsIf-list>
</FhsIf-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/3
switchport
ipv6 snooping attach-policy POL1
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-{[id]} |
| sisfEntity | sys/sisf |
| sisfFhsIf | sys/sisf/fhsif-{[id]} |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
sisfFhsIf Properties
The following table contains information about the sisfFhsIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| snoopingPolicyName | string:Basic | Attach a snooping policy of FHS feature | A sequence of characters |
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Removing an IPv6 Snooping Policy from a Switchport Interface
Removing an IPv6 Snooping Policy from a Switchport Interface
http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/3",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
},
{
"sisfEntity": {
"children": [
{
"sisfFhsIf": {
"attributes": {
"snoopingPolicyName": "",
"id": "eth1/3"
}}}]}}]}}
{
imdata:[]
}
<System>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/3</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
<sisf-items>
<FhsIf-items>
<FhsIf-list>
<id>eth1/3</id>
<snoopingPolicyName></snoopingPolicyName>
</FhsIf-list>
</FhsIf-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/3
switchport
no ipv6 snooping attach-policy POL1
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-{[id]} |
| sisfEntity | sys/sisf |
| sisfFhsIf | sys/sisf/fhsif-{[id]} |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
sisfFhsIf Properties
The following table contains information about the sisfFhsIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| snoopingPolicyName | string:Basic | Attach a snooping policy of FHS feature | A sequence of characters |
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Attaching an IPv6 Snooping Policy to a VLAN Configuration
Attaching an IPv6 Snooping Policy to a VLAN Configuration
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"bdEntity": {
"children": [
{
"l2VlanConfig": {
"attributes": {
"accEncap": "vlan-127"
}
}
}
]
}
},
{
"sisfEntity": {
"children": [
{
"sisfFhsVlan": {
"attributes": {
"snoopingPolicyName": "POL1",
"vlanID": "127"
}
}
}
]
}
}
]
}
}
{
'imdata': []
}
<System>
<bd-items>
<vlanconfig-items>
<VlanConfig-list>
<accEncap>vlan-127</accEncap>
</VlanConfig-list>
</vlanconfig-items>
</bd-items>
<sisf-items>
<fhsvlan-items>
<FhsVlan-list>
<vlanID>127</vlanID>
<snoopingPolicyName>POL1</snoopingPolicyName>
</FhsVlan-list>
</fhsvlan-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
vlan config 127
ipv6 snooping attach-policy POL1
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| bdEntity | sys/bd |
| l2VlanConfig | sys/bd/vlanconfig-{[accEncap]} |
| sisfEntity | sys/sisf |
| sisfFhsVlan | sys/sisf/fhsvlan-{vlanID} |
l2VlanConfig Properties
The following table contains information about the l2VlanConfig properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| accEncap | base:Encap | Access Encapsulation | SELECTION: unknown, vlan-%d or vxlan-%d |
sisfFhsVlan Properties
The following table contains information about the sisfFhsVlan properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| snoopingPolicyName | string:Basic | Attach a snooping policy of FHS feature | A sequence of characters |
| vlanID | sisf:VlanID (scalar:Uint16) | Vlan Number | RANGE: [1 , 4096] |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Removing an IPv6 Snooping Policy from a VLAN Configuration
Removing an IPv6 Snooping Policy from a VLAN Configuration
http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"bdEntity": {
"children": [
{
"l2VlanConfig": {
"attributes": {
"accEncap": "vlan-127"
}
}
}
]
}
},
{
"sisfEntity": {
"children": [
{
"sisfFhsVlan": {
"attributes": {
"snoopingPolicyName": "",
"vlanID": "127"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<bd-items>
<vlanconfig-items>
<VlanConfig-list>
<accEncap>vlan-127</accEncap>
</VlanConfig-list>
</vlanconfig-items>
</bd-items>
<sisf-items>
<fhsvlan-items>
<FhsVlan-list>
<vlanID>127</vlanID>
<snoopingPolicyName></snoopingPolicyName>
</FhsVlan-list>
</fhsvlan-items>
</sisf-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
vlan configuration 127
no ipv6 snooping attach-policy POL1
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| bdEntity | sys/bd |
| l2VlanConfig | sys/bd/vlanconfig-{[accEncap]} |
| sisfEntity | sys/sisf |
| sisfFhsVlan | sys/sisf/fhsvlan-{vlanID} |
l2VlanConfig Properties
The following table contains information about the l2VlanConfig properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| accEncap | base:Encap | Access Encapsulation | SELECTION: unknown, vlan-%d or vxlan-%d |
sisfFhsVlan Properties
The following table contains information about the sisfFhsVlan properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| snoopingPolicyName | string:Basic | Attach a snooping policy of FHS feature | A sequence of characters |
| vlanID | sisf:VlanID (scalar:Uint16) | Vlan Number | RANGE: [1 , 4096] |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide: