Configuring Port Security (Ethernet Interface)
Configuring the Absolute Timer
Configuring the Absolute Timer
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"agingType": "absolute",
"if": "eth1/2"
}
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<agingType>absolute</agingType>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
switchport port-security aging type absolute
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| agingType | portsecurity:AgingType (scalar:Enum8) | Aging type of mac addresses on interface | SELECTION: 1 - absolute 2 - inactivity DEFAULT: absolute |
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Absolute Timer
Deleting the Absolute Timer
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"agingType": "absolute",
"if": "eth1/2"
}
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<agingType>absolute</agingType>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
no switchport port-security aging type absolute
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| agingType | portsecurity:AgingType (scalar:Enum8) | Aging type of mac addresses on interface | SELECTION: 1 - absolute 2 - inactivity DEFAULT: absolute |
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Port-Security Aging Time
Configuring Port-Security Aging Time
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"aging": "1106",
"if": "eth1/2"
}
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<aging>1106</aging>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
switchport port-security aging time 1106
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| aging | scalar:Uint16 | Aging time of mac addresses on interface | RANGE: [0 , 1440] DEFAULT: 0 |
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting Port-Security Aging Time
Deleting Port-Security Aging Time
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"aging": "0",
"if": "eth1/2"
}
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<aging>0</aging>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
no switchport port-security aging time 1106
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| aging | scalar:Uint16 | Aging time of mac addresses on interface | RANGE: [0 , 1440] DEFAULT: 0 |
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Maximum Secure Addresses
Configuring the Maximum Secure Addresses
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2",
"maximum": "100"
}
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<maximum>100</maximum>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
switchport port-security maximum 100
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| maximum | scalar:Uint16 | Maximum number of secure mac addresses on interface | RANGE: [1 , 1025] DEFAULT: 1 |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Maximum Secure Addresses
Deleting the Maximum Secure Addresses
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2",
"maximum": "1"
}
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<maximum>1</maximum>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
no switchport port-security maximum 100
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| maximum | scalar:Uint16 | Maximum number of secure mac addresses on interface | RANGE: [1 , 1025] DEFAULT: 1 |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Maximum Secure Addresses for a VLAN
Configuring the Maximum Secure Addresses for a VLAN
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2"
},
"children": [
{
"portsecurityPortSecurityVlan": {
"attributes": {
"vlanId": "vlan-1828",
"vlanMaximum": "50"
}
}
}
]
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<vlan-items>
<PortSecurityVlan-list>
<vlanId>vlan-1828</vlanId>
<vlanMaximum>50</vlanMaximum>
</PortSecurityVlan-list>
</vlan-items>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
switchport port-security maximum 50 vlan 1828
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| portsecurityPortSecurityVlan | sys/portsec/if-[eth1/2]/vlan-[vlan-1828] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
portsecurityPortSecurityVlan Properties
The following table contains information about the portsecurityPortSecurityVlan properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| vlanId | base:Encap | VLAN id for Port Security | SELECTION: unknown, vlan-%d or vxlan-%d |
| vlanMaximum | scalar:Uint16 | Per VLAN maximum number of secure mac addresses on interface | RANGE: [0 , 1025] |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Maximum Secure Addresses for a VLAN
Deleting the Maximum Secure Addresses for a VLAN
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2"
},
"children": [
{
"portsecurityPortSecurityVlan": {
"attributes": {
"vlanId": "vlan-1828",
"vlanMaximum": "0"
}
}
}
]
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<vlan-items>
<PortSecurityVlan-list>
<vlanId>vlan-1828</vlanId>
<vlanMaximum>0</vlanMaximum>
</PortSecurityVlan-list>
</vlan-items>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
no switchport port-security maximum 50 vlan 1828
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| portsecurityPortSecurityVlan | sys/portsec/if-[eth1/2]/vlan-[vlan-1828] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
portsecurityPortSecurityVlan Properties
The following table contains information about the portsecurityPortSecurityVlan properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| vlanId | base:Encap | VLAN id for Port Security | SELECTION: unknown, vlan-%d or vxlan-%d |
| vlanMaximum | scalar:Uint16 | Per VLAN maximum number of secure mac addresses on interface | RANGE: [0 , 1025] |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring a Sticky MAC Address
Configuring a Sticky MAC Address
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2",
"sticky": "yes"
}
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<sticky>true</sticky>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
switchport port-security mac-address sticky
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| sticky | scalar:Bool | Enable or disable sticky secure addresses on interface | SELECTION: true or false DEFAULT: false |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting a Sticky MAC Address
Deleting a Sticky MAC Address
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2",
"sticky": "no"
}
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<sticky>false</sticky>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
no switchport port-security mac-address sticky
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| sticky | scalar:Bool | Enable or disable sticky secure addresses on interface | SELECTION: true or false DEFAULT: false |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring a MAC Address
Configuring a MAC Address
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2"
},
"children": [
{
"portsecuritySecureMac": {
"attributes": {
"macAddress": "D8:B1:90:71:E9:03"
}
}
}
]
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<mac-items>
<SecureMac-list>
<macAddress>D8:B1:90:71:E9:03</macAddress>
</SecureMac-list>
</mac-items>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
switchport port-security mac-address d8b1.9071.e903
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| portsecuritySecureMac | sys/portsec/if-[eth1/2]/mac-D8:B1:90:71:E9:03 |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
portsecuritySecureMac Properties
The following table contains information about the portsecuritySecureMac properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| macAddress | address:MAC | Static secure MAC address on interface | Value must match MM:MM:MM:SS:SS:SS format |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting a MAC Address
Deleting a MAC Address
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2"
},
"children": [
{
"portsecuritySecureMac": {
"attributes": {
"macAddress": "D8:B1:90:71:E9:03",
"status": "deleted"
}
}
}
]
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<mac-items>
<SecureMac-list nc:operation="delete">
<macAddress>D8:B1:90:71:E9:03</macAddress>
</SecureMac-list>
</mac-items>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
no switchport port-security mac-address d8b1.9071.e903
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| portsecuritySecureMac | sys/portsec/if-[eth1/2]/mac-D8:B1:90:71:E9:03 |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
portsecuritySecureMac Properties
The following table contains information about the portsecuritySecureMac properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| macAddress | address:MAC | Static secure MAC address on interface | Value must match MM:MM:MM:SS:SS:SS format |
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring a VLAN on which the MAC Address Should be Secured
Configuring a VLAN on which the MAC Address Should be Secured
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2"
},
"children": [
{
"portsecurityPortSecurityVlan": {
"attributes": {
"vlanId": "vlan-2490"
},
"children": [
{
"portsecuritySecureMacEntry": {
"attributes": {
"macAddress": "D8:B1:90:71:E9:03"
}
}
}
]
}
}
]
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<vlan-items>
<PortSecurityVlan-list>
<vlanId>vlan-2490</vlanId>
<mac-items>
<SecureMacEntry-list>
<macAddress>D8:B1:90:71:E9:03</macAddress>
</SecureMacEntry-list>
</mac-items>
</PortSecurityVlan-list>
</vlan-items>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
switchport port-security mac-address d8b1.9071.e903 vlan 2490
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| portsecurityPortSecurityVlan | sys/portsec/if-[eth1/2]/vlan-[vlan-2490] |
| portsecuritySecureMacEntry | sys/portsec/if-[eth1/2]/vlan-[vlan-2490]/mac-D8:B1:90:71:E9:03 |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
portsecurityPortSecurityVlan Properties
The following table contains information about the portsecurityPortSecurityVlan properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| vlanId | base:Encap | VLAN id for Port Security | SELECTION: unknown, vlan-%d or vxlan-%d |
portsecuritySecureMacEntry Properties
The following table contains information about the portsecuritySecureMacEntry properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| macAddress | address:MAC | Static secure MAC address on interface | Value must match MM:MM:MM:SS:SS:SS format |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting a VLAN on which the MAC Address Should be Secured
Deleting a VLAN on which the MAC Address Should be Secured
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2"
},
"children": [
{
"portsecurityPortSecurityVlan": {
"attributes": {
"vlanId": "vlan-2490"
},
"children": [
{
"portsecuritySecureMacEntry": {
"attributes": {
"macAddress": "D8:B1:90:71:E9:03",
"status": "deleted"
}
}
}
]
}
}
]
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<vlan-items>
<PortSecurityVlan-list>
<vlanId>vlan-2490</vlanId>
<mac-items>
<SecureMacEntry-list nc:operation="delete">
<macAddress>D8:B1:90:71:E9:03</macAddress>
</SecureMacEntry-list>
</mac-items>
</PortSecurityVlan-list>
</vlan-items>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
no switchport port-security mac-address d8b1.9071.e903 vlan 2490
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| portsecurityPortSecurityVlan | sys/portsec/if-[eth1/2]/vlan-[vlan-2490] |
| portsecuritySecureMacEntry | sys/portsec/if-[eth1/2]/vlan-[vlan-2490]/mac-D8:B1:90:71:E9:03 |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
portsecurityPortSecurityVlan Properties
The following table contains information about the portsecurityPortSecurityVlan properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| vlanId | base:Encap | VLAN id for Port Security | SELECTION: unknown, vlan-%d or vxlan-%d |
portsecuritySecureMacEntry Properties
The following table contains information about the portsecuritySecureMacEntry properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| macAddress | address:MAC | Static secure MAC address on interface | Value must match MM:MM:MM:SS:SS:SS format |
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Security Violation Protect Mode
Configuring Security Violation Protect Mode
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2",
"violation": "protect"
}
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<violation>protect</violation>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
switchport port-security violation protect
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| violation | portsecurity:ViolationMode (scalar:Enum8) | Security violation modes | SELECTION: 1 - protect 2 - restrict 3 - shutdown DEFAULT: shutdown |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting Security Violation Protect Mode
Deleting Security Violation Protect Mode
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2",
"violation": "shutdown"
}
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<violation>shutdown</violation>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
no switchport port-security violation protect
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| violation | portsecurity:ViolationMode (scalar:Enum8) | Security violation modes | SELECTION: 1 - protect 2 - restrict 3 - shutdown DEFAULT: shutdown |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Security Violation Restrict Mode
Configuring Security Violation Restrict Mode
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2",
"violation": "restrict"
}
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<violation>restrict</violation>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
switchport port-security violation restrict
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| violation | portsecurity:ViolationMode (scalar:Enum8) | Security violation modes | SELECTION: 1 - protect 2 - restrict 3 - shutdown DEFAULT: shutdown |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting Security Violation Restrict Mode
Deleting Security Violation Restrict Mode
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2",
"violation": "shutdown"
}
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<violation>shutdown</violation>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
no switchport port-security violation restrict
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| violation | portsecurity:ViolationMode (scalar:Enum8) | Security violation modes | SELECTION: 1 - protect 2 - restrict 3 - shutdown DEFAULT: shutdown |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Security Violation Shutdown Mode
Configuring Security Violation Shutdown Mode
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2",
"violation": "shutdown"
}
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<violation>shutdown</violation>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
switchport port-security violation shutdown
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| violation | portsecurity:ViolationMode (scalar:Enum8) | Security violation modes | SELECTION: 1 - protect 2 - restrict 3 - shutdown DEFAULT: shutdown |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting Security Violation Shutdown Mode
Deleting Security Violation Shutdown Mode
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2",
"violation": "shutdown"
}
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<violation>shutdown</violation>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
no switchport port-security violation shutdown
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| violation | portsecurity:ViolationMode (scalar:Enum8) | Security violation modes | SELECTION: 1 - protect 2 - restrict 3 - shutdown DEFAULT: shutdown |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Enabling Port Security
Enabling Port Security
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2",
"portSecurity": "yes"
}
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<portSecurity>true</portSecurity>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
switchport port-security
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| portSecurity | scalar:Bool | Enable or disable Port Security on interface | SELECTION: true or false DEFAULT: false |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Disabling Port Security
Disabling Port Security
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"portsecurityPortSecurity": {
"children": [
{
"portsecurityPortSecurityIf": {
"attributes": {
"if": "eth1/2",
"portSecurity": "no"
}
}
}
]
}
},
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/2",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<portsec-items>
<if-items>
<PortSecurityIf-list>
<if>eth1/2</if>
<portSecurity>false</portSecurity>
</PortSecurityIf-list>
</if-items>
</portsec-items>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/2</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/2
switchport
no switchport port-security
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| portsecurityPortSecurity | sys/portsec |
| portsecurityPortSecurityIf | sys/portsec/if-[eth1/2] |
| interfaceEntity | sys/intf |
| l1PhysIf | sys/intf/phys-[eth1/2] |
portsecurityPortSecurityIf Properties
The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| if | nw:IfId (base:IfIndex) | Interface id of port with Port Security | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| portSecurity | scalar:Bool | Enable or disable Port Security on interface | SELECTION: true or false DEFAULT: false |
l1PhysIf Properties
The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| id | nw:IfId (base:IfIndex) | An identifier . | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| layer | l1:Layer (scalar:Enum8) | Administrative port layer | SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2 |
| userCfgdFlags | l1:userCfgdFlags (scalar:Bitmask8) | Port User Config Flags | SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide: