Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference, Release 10.5(x)

Latest

Cisco Nexus 3000 and 9000 Series NX-API REST Documentation

Configuring the Absolute Timer

DME

YANG

Copy
POST http://<mgmt0_IP>/api/mo/sys.json
{
  "topSystem": {
    "children": [
      {
        "portsecurityPortSecurity": {
          "children": [
            {
              "portsecurityPortSecurityIf": {
                "attributes": {
                  "agingType": "absolute",
                  "if": "eth1/2"
                }
              }
            }
          ]
        }
      },
      {
        "interfaceEntity": {
          "children": [
            {
              "l1PhysIf": {
                "attributes": {
                  "id": "eth1/2",
                  "layer": "Layer2",
                  "userCfgdFlags": "admin_layer"
                }
              }
            }
          ]
        }
      }
    ]
  }
}
Response
{
    imdata:[]
}

Copy
<System>
  <portsec-items>
    <if-items>
      <PortSecurityIf-list>
        <if>eth1/2</if>
        <agingType>absolute</agingType>
      </PortSecurityIf-list>
    </if-items>
  </portsec-items>
  <intf-items>
    <phys-items>
      <PhysIf-list>
        <id>eth1/2</id>
        <layer>Layer2</layer>
        <userCfgdFlags>admin_layer</userCfgdFlags>
      </PhysIf-list>
    </phys-items>
  </intf-items>
</System>

Configuring Port Security (Ethernet Interface)

Configuring the Absolute Timer

Note: This example was added in Release 9.3(3).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface ethernet 1/2
switchport
switchport port-security aging type absolute

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

The following table contains information about the portsecurityPortSecurityIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
agingType	portsecurity:AgingType (scalar:Enum8)	Aging type of mac addresses on interface	SELECTION: 1 - absolute 2 - inactivity DEFAULT: absolute
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

l1PhysIf Properties

The following table contains information about the l1PhysIf properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Absolute Timer

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
no switchport port-security aging type absolute

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
agingType	portsecurity:AgingType (scalar:Enum8)	Aging type of mac addresses on interface	SELECTION: 1 - absolute 2 - inactivity DEFAULT: absolute
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Port-Security Aging Time

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
switchport port-security aging time 1106

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
aging	scalar:Uint16	Aging time of mac addresses on interface	RANGE: [0 , 1440] DEFAULT: 0
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Port-Security Aging Time

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
no switchport port-security aging time 1106

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
aging	scalar:Uint16	Aging time of mac addresses on interface	RANGE: [0 , 1440] DEFAULT: 0
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Maximum Secure Addresses

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
switchport port-security maximum 100

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
maximum	scalar:Uint16	Maximum number of secure mac addresses on interface	RANGE: [1 , 1025] DEFAULT: 1

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Maximum Secure Addresses

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
no switchport port-security maximum 100

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
maximum	scalar:Uint16	Maximum number of secure mac addresses on interface	RANGE: [1 , 1025] DEFAULT: 1

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Maximum Secure Addresses for a VLAN

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
switchport port-security maximum 50 vlan 1828

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
portsecurityPortSecurityVlan	sys/portsec/if-[eth1/2]/vlan-[vlan-1828]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

portsecurityPortSecurityVlan Properties

The following table contains information about the portsecurityPortSecurityVlan properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
vlanId	base:Encap	VLAN id for Port Security	SELECTION: unknown, vlan-%d or vxlan-%d
vlanMaximum	scalar:Uint16	Per VLAN maximum number of secure mac addresses on interface	RANGE: [0 , 1025]

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Maximum Secure Addresses for a VLAN

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
no switchport port-security maximum 50 vlan 1828

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
portsecurityPortSecurityVlan	sys/portsec/if-[eth1/2]/vlan-[vlan-1828]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

portsecurityPortSecurityVlan Properties

Property Name	Data Type	Description	Values
vlanId	base:Encap	VLAN id for Port Security	SELECTION: unknown, vlan-%d or vxlan-%d
vlanMaximum	scalar:Uint16	Per VLAN maximum number of secure mac addresses on interface	RANGE: [0 , 1025]

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring a Sticky MAC Address

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
switchport port-security mac-address sticky

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
sticky	scalar:Bool	Enable or disable sticky secure addresses on interface	SELECTION: true or false DEFAULT: false

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a Sticky MAC Address

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
no switchport port-security mac-address sticky

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
sticky	scalar:Bool	Enable or disable sticky secure addresses on interface	SELECTION: true or false DEFAULT: false

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring a MAC Address

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
switchport port-security mac-address d8b1.9071.e903

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
portsecuritySecureMac	sys/portsec/if-[eth1/2]/mac-D8:B1:90:71:E9:03
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

portsecuritySecureMac Properties

The following table contains information about the portsecuritySecureMac properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
macAddress	address:MAC	Static secure MAC address on interface	Value must match MM:MM:MM:SS:SS:SS format

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a MAC Address

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
no switchport port-security mac-address d8b1.9071.e903

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
portsecuritySecureMac	sys/portsec/if-[eth1/2]/mac-D8:B1:90:71:E9:03
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

portsecuritySecureMac Properties

Property Name	Data Type	Description	Values
macAddress	address:MAC	Static secure MAC address on interface	Value must match MM:MM:MM:SS:SS:SS format
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring a VLAN on which the MAC Address Should be Secured

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
switchport port-security mac-address d8b1.9071.e903 vlan 2490

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
portsecurityPortSecurityVlan	sys/portsec/if-[eth1/2]/vlan-[vlan-2490]
portsecuritySecureMacEntry	sys/portsec/if-[eth1/2]/vlan-[vlan-2490]/mac-D8:B1:90:71:E9:03
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

portsecurityPortSecurityVlan Properties

Property Name	Data Type	Description	Values
vlanId	base:Encap	VLAN id for Port Security	SELECTION: unknown, vlan-%d or vxlan-%d

portsecuritySecureMacEntry Properties

The following table contains information about the portsecuritySecureMacEntry properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
macAddress	address:MAC	Static secure MAC address on interface	Value must match MM:MM:MM:SS:SS:SS format

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a VLAN on which the MAC Address Should be Secured

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
no switchport port-security mac-address d8b1.9071.e903 vlan 2490

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
portsecurityPortSecurityVlan	sys/portsec/if-[eth1/2]/vlan-[vlan-2490]
portsecuritySecureMacEntry	sys/portsec/if-[eth1/2]/vlan-[vlan-2490]/mac-D8:B1:90:71:E9:03
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

portsecurityPortSecurityVlan Properties

Property Name	Data Type	Description	Values
vlanId	base:Encap	VLAN id for Port Security	SELECTION: unknown, vlan-%d or vxlan-%d

portsecuritySecureMacEntry Properties

Property Name	Data Type	Description	Values
macAddress	address:MAC	Static secure MAC address on interface	Value must match MM:MM:MM:SS:SS:SS format
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Security Violation Protect Mode

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
switchport port-security violation protect

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
violation	portsecurity:ViolationMode (scalar:Enum8)	Security violation modes	SELECTION: 1 - protect 2 - restrict 3 - shutdown DEFAULT: shutdown

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Security Violation Protect Mode

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
no switchport port-security violation protect

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
violation	portsecurity:ViolationMode (scalar:Enum8)	Security violation modes	SELECTION: 1 - protect 2 - restrict 3 - shutdown DEFAULT: shutdown

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Security Violation Restrict Mode

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
switchport port-security violation restrict

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
violation	portsecurity:ViolationMode (scalar:Enum8)	Security violation modes	SELECTION: 1 - protect 2 - restrict 3 - shutdown DEFAULT: shutdown

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Security Violation Restrict Mode

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
no switchport port-security violation restrict

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
violation	portsecurity:ViolationMode (scalar:Enum8)	Security violation modes	SELECTION: 1 - protect 2 - restrict 3 - shutdown DEFAULT: shutdown

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Security Violation Shutdown Mode

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
switchport port-security violation shutdown

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
violation	portsecurity:ViolationMode (scalar:Enum8)	Security violation modes	SELECTION: 1 - protect 2 - restrict 3 - shutdown DEFAULT: shutdown

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Security Violation Shutdown Mode

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
no switchport port-security violation shutdown

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
violation	portsecurity:ViolationMode (scalar:Enum8)	Security violation modes	SELECTION: 1 - protect 2 - restrict 3 - shutdown DEFAULT: shutdown

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Enabling Port Security

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
switchport port-security

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
portSecurity	scalar:Bool	Enable or disable Port Security on interface	SELECTION: true or false DEFAULT: false

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Disabling Port Security

Note: This example was added in Release 9.3(3).

CLI Commands

interface ethernet 1/2
switchport
no switchport port-security

Verifying a DME Configuration

MO	DN
topSystem	sys
portsecurityPortSecurity	sys/portsec
portsecurityPortSecurityIf	sys/portsec/if-[eth1/2]
interfaceEntity	sys/intf
l1PhysIf	sys/intf/phys-[eth1/2]

portsecurityPortSecurityIf Properties

Property Name	Data Type	Description	Values
if	nw:IfId (base:IfIndex)	Interface id of port with Port Security	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
portSecurity	scalar:Bool	Enable or disable Port Security on interface	SELECTION: true or false DEFAULT: false

l1PhysIf Properties

Property Name	Data Type	Description	Values
id	nw:IfId (base:IfIndex)	An identifier .	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
layer	l1:Layer (scalar:Enum8)	Administrative port layer	SELECTION: 1 - Layer2 2 - Layer3 DEFAULT: Layer2
userCfgdFlags	l1:userCfgdFlags (scalar:Bitmask8)	Port User Config Flags	SELECTION: 0 - none 1 - admin_state 2 - admin_layer 4 - admin_router_mac 8 - admin_dce_mode 16 - admin_mtu DEFAULT: none

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html