Configuring IPv6 Snooping Policies
DHCP snooping acts like a firewall between untrusted hosts and trusted DHCP servers. DHCP snooping performs the following activities:
- Validates DHCP messages received from untrusted sources and filters out invalid messages.
- Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses.
- Uses the DHCP snooping binding database to validate subsequent requests from untrusted hosts.
DHCP snooping can be enabled globally and on a per-VLAN basis. By default, the feature is disabled globally and on all VLANs. You can enable the feature on a single VLAN or a range of VLANs.
This section contains payload examples and CLIs to demonstrate how to use the NX-API REST API to configure IPv6 snooping policies on Cisco Nexus 3000 and 9000 Series switches and to show how the REST APIs correspond to the CLI commands. For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 7.x.
Configuring an IPv6 Snooping Policy
Configuring an IPv6 Snooping Policy
POST http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"PolicyName": "POL1"
}}}]}}
{
'imdata': []
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>POL1</PolicyName>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
Configures an IPv6 snooping policy and enters IPv6 snooping configuration mode.
Note: This example was added in Release 7.0(3)I7(1).
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
ipv6 snooping policy POL1
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Querying an IPv6 Snooping Policy
Querying an IPv6 Snooping Policy
GET http://<mgmt0_IP>/api/mo/sys/sisf/snooping-POL1.json
{
'imdata': [
{
'sisfInstSnooping': {
'attributes': {
'uid': '27002',
'PolicyName': ' POL1',
'adminSt': 'enabled',
'modTs': '2017-05-04T10:05:35.967+00:00',
'persistentOnReload': 'true', 'status': '',
'TrustedPortEnabled': 'no', 'LimitAddressCount': '0',
'Tracking': 'disable', 'ReachableLifetimer': '300',
'Protocol': 'dhcp',
'SecurityLevel': 'guard',
'DeviceRole': 'node',
'StaleLifetimer': '86400',
'dn': 'sys/sisf/snooping-POL1',
'ctrl': '', 'childAction': '',
'name': '', 'operErr': ''}
}
}
], 'totalCount': '1’
}
A query for an IPv6 snooping policy.
Note: This example was added in Release 7.0(3)I7(1).
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring the Role of the Switch Attached to the Port for an IPv6 Snooping Policy
Configuring the Role of the Switch Attached to the Port for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"DeviceRole": "switch",
"PolicyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<DeviceRole>switch</DeviceRole>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
device-role switch
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Deleting the Configured Role of the Switch Attached to the Port for an IPv6 Snooping Policy
Deleting the Configured Role of the Switch Attached to the Port for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"DeviceRole": "node",
"PolicyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<DeviceRole>node</DeviceRole>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
no device-role switch
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring the Maximum Addresses per Port for an IPv6 Snooping Policy
Configuring the Maximum Addresses per Port for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"LimitAddressCount": "123",
"PolicyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<LimitAddressCount>123</LimitAddressCount>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
limit address-count 123
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring a List of Protected Prefixes to Glean DHCP Packets for an IPv6 Snooping Policy
Configuring a List of Protected Prefixes to Glean DHCP Packets for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"DhcpProtocol": "on",
"PolicyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<DhcpProtocol>on</DhcpProtocol>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
protocol dhcp prefix-list ListName
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Deleting a Configured List of Protected Prefixes to Glean DHCP Packets for an IPv6 Snooping Policy
Deleting a Configured List of Protected Prefixes to Glean DHCP Packets for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"DhcpProtocol": "off",
"PolicyName": "Pol1"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<DhcpProtocol>off</DhcpProtocol>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
no protocol dhcp prefix-list ListName
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring the Security Level to Glean Addresses for an IPv6 Snooping Policy
Configuring the Security Level to Glean Addresses for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"PolicyName": "Pol1",
"SecurityLevel": "glean"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<SecurityLevel>glean</SecurityLevel>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
security-level glean
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Deleting a Configured Security Level for an IPv6 Snooping Policy
Deleting a Configured Security Level for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"PolicyName": "Pol1",
"SecurityLevel": "guard"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<SecurityLevel>guard</SecurityLevel>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
no security-level glean
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring to Override Tracking Behavior for an IPv6 Snooping Policy
Configuring to Override Tracking Behavior for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"PolicyName": "Pol1",
"ReachableLifetimer": "123",
"StaleLifetimer": "86400",
"Tracking": "enable"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<ReachableLifetimer>123</ReachableLifetimer>
<StaleLifetimer>86400</StaleLifetimer>
<Tracking>enable</Tracking>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
tracking enable reachable-lifetime 123
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Deleting a Configured Override for the Tracking Behavior of an IPv6 Snooping Policy
Deleting a Configured Override for the Tracking Behavior of an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"PolicyName": "Pol1",
"ReachableLifetimer": "300",
"StaleLifetimer": "86400",
"Tracking": "disable"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<ReachableLifetimer>300</ReachableLifetimer>
<StaleLifetimer>86400</StaleLifetimer>
<Tracking>disable</Tracking>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
no tracking enable reachable-lifetime 123
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring Trusted Port (No Policing) for an IPv6 Snooping Policy
Configuring Trusted Port (No Policing) for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"PolicyName": "Pol1",
"TrustedPortEnabled": "yes"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<TrustedPortEnabled>true</TrustedPortEnabled>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
trusted-port
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Deleting the Trusted Port (No Policing) Configuration for an IPv6 Snooping Policy
Deleting the Trusted Port (No Policing) Configuration for an IPv6 Snooping Policy
http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfInstSnooping": {
"attributes": {
"PolicyName": "Pol1",
"TrustedPortEnabled": "no"
}}}]}}
{
imdata:[]
}
<System>
<sisf-items>
<snooping-items>
<InstSnooping-list>
<PolicyName>Pol1</PolicyName>
<TrustedPortEnabled>false</TrustedPortEnabled>
</InstSnooping-list>
</snooping-items>
</sisf-items>
</System>
Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ipv6 snooping policy Pol1
no trusted-port
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Attaching an IPv6 Snooping Policy to an Ethernet Interface
Attaching an IPv6 Snooping Policy to an Ethernet Interface
POST http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfFhsIf": {
"attributes": {
"snoopingPolicyName": "POL1"
}}}]}}
{
"imdata": []
}
<System>
<sisf-items>
<fhsif-items>
<FhsIf-list>
<id>eth1/16</id>
<snoopingPolicyName>POL1</snoopingPolicyName>
</FhsIf-list>
</fhsif-items>
</sisf-items>
</System>
Note: This example was added in Release 7.0(3)I7(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface eth 1/16
ipv6 snooping attach-policy POL1
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Removing an IPv6 Snooping Policy from an Ethernet Interface
Removing an IPv6 Snooping Policy from an Ethernet Interface
POST http://<mgmt0_IP>/api/mo/sys/sisf.json
{
"sisfEntity": {
"children": [
{
"sisfFhsIf": {
"attributes": {
"dhcpGuardPolicyName": "",
"id": "eth1/16",
"snoopingPolicyName": ""
}}}]}}
{
"imdata": []
}
<System>
<sisf-items>
<fhsif-items>
<FhsIf-list>
<id>eth1/16</id>
<snoopingPolicyName></snoopingPolicyName>
</FhsIf-list>
</fhsif-items>
</sisf-items>
</System>
Note: This example was added in Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface eth 1/16
no ipv6 snooping attach-policy POL1
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Attaching an IPv6 Snooping Policy on a Switchport Interface
Attaching an IPv6 Snooping Policy on a Switchport Interface
http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/3",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
},
{
"sisfEntity": {
"children": [
{
"sisfFhsIf": {
"attributes": {
"snoopingPolicyName": "POL1",
"id": "eth1/3"
}}}]}}]}}
{
imdata:[]
}
<System>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/3</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
<sisf-items>
<FhsIf-items>
<FhsIf-list>
<id>eth1/3</id>
<snoopingPolicyName>POL1</snoopingPolicyName>
</FhsIf-list>
</FhsIf-items>
</sisf-items>
</System>
Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/3
switchport
ipv6 snooping attach-policy POL1
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Removing an IPv6 Snooping Policy from a Switchport Interface
Removing an IPv6 Snooping Policy from a Switchport Interface
http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"interfaceEntity": {
"children": [
{
"l1PhysIf": {
"attributes": {
"id": "eth1/3",
"layer": "Layer2",
"userCfgdFlags": "admin_layer"
}
}
}
]
}
},
{
"sisfEntity": {
"children": [
{
"sisfFhsIf": {
"attributes": {
"snoopingPolicyName": "",
"id": "eth1/3"
}}}]}}]}}
{
imdata:[]
}
<System>
<intf-items>
<phys-items>
<PhysIf-list>
<id>eth1/3</id>
<layer>Layer2</layer>
<userCfgdFlags>admin_layer</userCfgdFlags>
</PhysIf-list>
</phys-items>
</intf-items>
<sisf-items>
<FhsIf-items>
<FhsIf-list>
<id>eth1/3</id>
<snoopingPolicyName></snoopingPolicyName>
</FhsIf-list>
</FhsIf-items>
</sisf-items>
</System>
Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
interface ethernet 1/3
switchport
no ipv6 snooping attach-policy POL1
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Attaching an IPv6 Snooping Policy to a VLAN Configuration
Attaching an IPv6 Snooping Policy to a VLAN Configuration
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"bdEntity": {
"children": [
{
"l2VlanConfig": {
"attributes": {
"accEncap": "vlan-127"
}
}
}
]
}
},
{
"sisfEntity": {
"children": [
{
"sisfFhsVlan": {
"attributes": {
"snoopingPolicyName": "POL1",
"vlanID": "127"
}
}
}
]
}
}
]
}
}
{
'imdata': []
}
<System>
<bd-items>
<vlanconfig-items>
<VlanConfig-list>
<accEncap>vlan-127</accEncap>
</VlanConfig-list>
</vlanconfig-items>
</bd-items>
<sisf-items>
<fhsvlan-items>
<FhsVlan-list>
<vlanID>127</vlanID>
<snoopingPolicyName>POL1</snoopingPolicyName>
</FhsVlan-list>
</fhsvlan-items>
</sisf-items>
</System>
Note: This example was added in Release 7.0(3)I7(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
vlan config 127
ipv6 snooping attach-policy POL1
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Removing an IPv6 Snooping Policy from a VLAN Configuration
Removing an IPv6 Snooping Policy from a VLAN Configuration
http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"bdEntity": {
"children": [
{
"l2VlanConfig": {
"attributes": {
"accEncap": "vlan-127"
}
}
}
]
}
},
{
"sisfEntity": {
"children": [
{
"sisfFhsVlan": {
"attributes": {
"snoopingPolicyName": "",
"vlanID": "127"
}
}
}
]
}
}
]
}
}
{
imdata:[]
}
<System>
<bd-items>
<vlanconfig-items>
<VlanConfig-list>
<accEncap>vlan-127</accEncap>
</VlanConfig-list>
</vlanconfig-items>
</bd-items>
<sisf-items>
<fhsvlan-items>
<FhsVlan-list>
<vlanID>127</vlanID>
<snoopingPolicyName></snoopingPolicyName>
</FhsVlan-list>
</fhsvlan-items>
</sisf-items>
</System>
Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
vlan configuration 127
no ipv6 snooping attach-policy POL1
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/media/dme/index.html
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html