Disabling the errdisable detect cause for acl-exception

This section describes how to disable the errdisable detect cause for acl-exception at the top-level and port level.

Applying at top-level

Applying at top-level

POST https://<mgmt0_IP>/api/mo/sys/acl.json

             {
              "aclErrdisAclExp": {
                "attributes": {
                  "state": "no"
                 } 
             }
         }


{
  "imdata": []
}

<System>
      <acl-items>
        <errdisaclexp-items>
          <state>false</state>
        </errdisaclexp-items>
      </acl-items>
</System>


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

[no] errdisable detect cause acl-exception

This CLI keeps the ethernet port up even if the ACL policy fails. This is a global command and is effective only on physical ports.

Note: The property information for this example was added in Release 10.4(3). Executing no errdisable detect cause acl-exception will create the errdisaclexp MO in the system, while errdisable detect cause acl-exception will delete the errdisaclexp MO from the system.


Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
ErrdisAclExp sys/acl/errdisaclexp


Properties

The following table contains information about the state properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
statescalar:BoolWhen state is set to false then it enables no errdisable detect cause acl-exceptionBool:False


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Applying at port-level

Applying at port-level

POST http://<mgmt0_IP>/api/mo/sys/acl.json

{
   "aclPhyIf": {
      "attributes": {
        "name": "eth1/1"
       },
      "children": [
       {
        "aclPortErrdisAclExp": {
          "attributes": {
            "state": "no"
          } }}]}}


{
  "imdata": []
}

<System>
      <acl-items>
        <phyintf-items>
          <PhyIf-list>
            <name>eth1/1</name>
            <porterrdis-items>
              <state>false</state>
            </porterrdis-items>
          </PhyIf-list>
        </phyintf-items>
      </acl-items>
   </System>


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface Ethernet1/1
 [no] errdisable port detect cause acl-exception

This CLI keeps the ethernet port up even if the ACL policy fails. You can apply this configuration at the interface level and only on the physical ports.

Note: The property information for this example was added in Release 10.4(3). Executing no errdisable port detect cause acl-exception will create the porterrdis MO in the system, while errdisable port detect cause acl-exception will delete the porterrdis MO from the system.


Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
PhyIf sys/acl/phyintf-[name]
PortErrdisAclExp sys/acl/phyintf-[name]/porterrdis


Properties

The following table contains information about the state properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
namenw:IfIdThe interface name phyintf-[name] where this acl-exceptions is applied.Eth1/1(Ethernet1/1) short name for interface Must match first field in the output of `show intf brief’.
statescalar:BoolWhen state is set to false then it enables no errdisable detect cause acl-exceptionBool:False


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html