Cisco Nexus 3000 and 9000 Series NX-API REST SDK and API, Release 7.x
NX-OS 7(x)
Configuring IPv6 RA Guard Policies
DME
YANG
Copy
POST http://<mgmt0_IP>/api/sys/sisf.json

{
"sisfEntity": {
  "children": [
    {
      "sisfInstRAGuard": {
        "attributes": {
          "DeviceRole": "router",
          "PolicyName": "POL1"
}}}]}}

{    
   'imdata': []
}

Copy
<System>
  <sisf-items>
    <raguard-items>
      <InstRAGuard-list>
        <PolicyName>POL1</PolicyName>
        <DeviceRole>router</DeviceRole>
      </InstRAGuard-list>
    </raguard-items>
  </sisf-items>
</System>

Configuring an IPv6 RA Guard Policies

The IPv6 RA Guard feature provides support for allowing the network administrator to block or reject unwanted or rogue RA guard messages that arrive at the network device platform. RAs are used by devices to announce themselves on the link. The IPv6 RA Guard feature analyzes these RAs and filters out RAs that are sent by unauthorized devices. In host mode, all RA and router redirect messages are disallowed on the port. The RA guard feature compares configuration information on the Layer 2 (L2) device with the information found in the received RA frame. Once the L2 device has validated the content of the RA frame and router redirect frame against the configuration, it forwards the RA to its unicast or multicast destination. If the RA frame content is not validated, the RA is dropped.

This section contains payload examples and CLIs to demonstrate how to use the NX-API REST API to configure IPv6 RA guard policies on Cisco Nexus 3000 and 9000 Series switches and to show how the REST APIs correspond to the CLI commands. For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 7.x.

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-installation-and-configuration-guides-list.html/

Configuring IPv6 RA Guard Policies

Configuring IPv6 RA Guard Policies

Defines the router advertisement (RA) guard policy name and enters RA guard policy configuration mode.

Note: This example was added in Release 7.0(3)I7(1).


CLI Commands

The CLI command below is the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ipv6 nd raguard policy POL1
 device-role router

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Querying an IPv6 RA Guard Policy

Querying an IPv6 RA Guard Policy

A query for an IPv6 RA guard policy.

Note: This example was added in Release 7.0(3)I7(1).

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Trusted Port (No Policing) for an IPv6 RA Guard Policy

Configuring Trusted Port (No Policing) for an IPv6 RA Guard Policy

Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 nd raguard policy Pol1
 trusted-port

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Trusted Port (No Policing) Configuration for an IPv6 RA Guard Policy

Deleting the Trusted Port (No Policing) Configuration for an IPv6 RA Guard Policy

Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 nd raguard policy Pol1
 no trusted-port

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Maximum Hop Limit for an IPv6 RA Guard Policy

Configuring the Maximum Hop Limit for an IPv6 RA Guard Policy

Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 nd raguard policy Pol1
 hop-limit maximum 123

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Maximum Hop Limit Configuration for an IPv6 RA Guard Policy

Deleting the Maximum Hop Limit Configuration for an IPv6 RA Guard Policy

Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 nd raguard policy Pol1
 no hop-limit maximum 123

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Minimum Hop Limit for an IPv6 RA Guard Policy

Configuring the Minimum Hop Limit for an IPv6 RA Guard Policy

Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 nd raguard policy Pol1
 hop-limit minimum 123

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Minimum Hop Limit Configuration for an IPv6 RA Guard Policy

Deleting the Minimum Hop Limit Configuration for an IPv6 RA Guard Policy

Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 nd raguard policy Pol1
 no hop-limit minimum 123

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Enabling the Verification of the Advertised Managed Address Configuration Flag for an IPv6 RA Guard Policy

Enabling the Verification of the Advertised Managed Address Configuration Flag for an IPv6 RA Guard Policy

Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 nd raguard policy Pol1
 managed-config-flag on

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Deleting Enabling Advertised Managed Address Configuration Flag for an IPv6 RA Guard Policy

Deleting the Deleting Enabling Advertised Managed Address Configuration Flag for an IPv6 RA Guard Policy

Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 nd raguard policy Pol1
 no managed-config-flag on

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Enabling the Verification of the Advertised Other Configuration Flag for an IPv6 RA Guard Policy

Enabling the Verification of the Advertised Other Configuration Flag for an IPv6 RA Guard Policy

Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 nd raguard policy Pol1
 other-config-flag on

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Configuration for Enabling the Advertised Other Configuration Flag for an IPv6 RA Guard Policy

Deleting the Configuration for Enabling the Advertised Other Configuration Flag for an IPv6 RA Guard Policy

Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 nd raguard policy Pol1
 no other-config-flag on

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Configured Role of the Monitor Attached to the Port for an IPv6 RA Guard Policy

Deleting the Configured Role of the Monitor Attached to the Port for an IPv6 RA Guard Policy

Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 nd raguard policy attach-policy
 no device-role monitor

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Discarding RAs with a Router Preference Greater than High

Discarding RAs with a Router Preference Greater than High

Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 nd raguard policy Pol1
 router-preference maximum high

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Configuration for Discarding RAs with a Router Preference Greater than High

Deleting the Configuration for Discarding RAs with a Router Preference Greater than High

Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ipv6 nd raguard policy Pol1
 no router-preference maximum high

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Attaching an IPv6 RA Guard Policy to an Ethernet Interface

Attaching an IPv6 RA Guard Policy to an Ethernet Interface

Note: This example was added in Release 7.0(3)I7(1).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface eth 1/16
 ipv6 nd raguard attach-policy POL1

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Removing an IPv6 RA Guard Policy from an Ethernet Interface

Removing an IPv6 RA Guard Policy from an Ethernet Interface

Note: This example was added in Release 7.0(3)I7(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface eth 1/16
 no ipv6 nd raguard attach-policy POL1

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Attaching an IPv6 RA Guard Policy on a Switchport Interface

Attaching an IPv6 RA Guard Policy on a Switchport Interface

Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface ethernet 1/3
 switchport
  ipv6 nd raguard attach-policy POL1

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Removing an IPv6 RA Guard Policy from a Switchport Interface

Removing an IPv6 RA Guard Policy from a Switchport Interface

Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

interface ethernet 1/3
 switchport
  no ipv6 nd raguard attach-policy POL1

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Attaching an IPv6 RA Guard Policy to a VLAN Configuration

Attaching an IPv6 RA Guard Policy to a VLAN Configuration

Note: This example was added in Release 7.0(3)I7(1).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

vlan config 127
 ipv6 nd raguard attach-policy POL1

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Removing an IPv6 RA Guard Policy from a VLAN Configuration

Removing an IPv6 RA Guard Policy from a VLAN Configuration

Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

vlan configuration 127
 no ipv6 nd raguard attach-policy POL1

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Next