ND Snooping Management

S12700 and S12700E V200R019C10 NETCONF YANG API Reference

This document describes the NETCONF YANG API functions supported by the switch, including the data model and samples.

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Data Model
Configuring ND Snooping
Disabling ND Snooping
Configuring User Status Detection

Data Model

The data model file matching ND snooping is huawei-savi.yang.

Table 2-383 ND snooping

Object	Description	Value	Remarks
/huawei-savi:savi/nd-snooping/nd-snooping-global-enable/enable	Indicates whether ND snooping is enabled globally.	The value is of the Boolean type: true: ND snooping is enabled globally. false: ND snooping is disabled globally. The default value is false.	N/A
/huawei-savi/savi/nd-snooping/user-bind-detect/enable	Indicates whether the function of automatically detecting the status of users mapping ND snooping dynamic binding entries is enabled.	The value is of the Boolean type: true: The function of automatically detecting the status of users mapping ND snooping dynamic binding entries is enabled. false: The function of automatically detecting the status of users mapping ND snooping dynamic binding entries is disabled. The default value is false.	N/A
/huawei-savi/savi/nd-snooping/user-bind-detect/retransmit	Indicates the number of times that NS packets are sent to detect the user status.	The value is an integer in the range from 1 to 10. The default value is 2.	N/A
/huawei-savi/savi/nd-snooping/user-bind-detect/interval	Indicates the interval for sending NS packets.	The value is an integer that ranges from 1 to 10000, in milliseconds. The default value is 1000 milliseconds.	N/A
/huawei-savi/savi/nd-snooping/max-user-number	Indicates the maximum number of ND snooping dynamic binding entries to be learned by an interface. This configuration takes effect on all interfaces.	The value is an integer in the range from 1 to 32768.	N/A
/huawei-savi:savi/nd-snooping/snooping/interface/interface-name	Indicates the interface name.	The interface type and number must exist.	N/A
/huawei-savi:savi/nd-snooping/snooping/interface/nd-snooping-enable/snooping-enable	Indicates whether ND snooping is enabled on an interface.	The value is of the Boolean type: true: ND snooping is enabled on the interface. false: ND snooping is disabled on the interface. The default value is false.	N/A
/huawei-savi:savi/nd-snooping/snooping/interface/nd-snooping-trust-enable/snooping-trust-enable	Indicates whether an interface is trusted.	The value is of the Boolean type: true: The interface is a trusted interface. false: The interface is an untrusted interface. The default value is false.	N/A
/huawei-savi/savi/nd-snooping/snooping/interface/max-user-number	Indicates the maximum number of ND snooping dynamic binding entries to be learned by an interface.	The value is an integer that ranges from 1 to 32768.	N/A
/huawei-savi:savi/nd-snooping/snooping/vlan/vlan-id	Indicates the VLAN ID.	The VLAN ID must exist.	N/A
/huawei-savi:savi/nd-snooping/snooping/vlan/nd-snooping-enable/snooping-enable	Indicates whether ND snooping is enabled in a VLAN.	The value is of the Boolean type: true: ND snooping is enabled in the VLAN. false: ND snooping is disabled in the VLAN. The default value is false.	N/A
/huawei-savi:savi/nd-snooping/snooping/vlan-and-interface/vlan-id	Indicates the VLAN ID.	The VLAN ID must exist.	N/A
/huawei-savi:savi/nd-snooping/snooping/vlan-and-interface/interface-name	Indicates the interface name.	The interface type and number must exist.	N/A
/huawei-savi:savi/nd-snooping/snooping/vlan-and-interface/nd-snooping-trust-enable/snooping-trust-enable	Indicates whether an interface that is added into the VLAN is trusted.	The value is of the Boolean type: true: The interface that is added into the VLAN is a trusted interface. false: The interface that is added into the VLAN is an untrusted interface. The default value is false.	N/A
/huawei-savi:savi/nd-snooping/nd-message-check/interface/[ns \| na \| rs]-enable	Indicates whether ND protocol packet validity check is enabled on an interface.	The value is of the Boolean type: true: ND protocol packet validity check is enabled on the interface. false: ND protocol validity check is disabled on the interface. The default value is false.	N/A
/huawei-savi:savi/nd-snooping/nd-message-check/vlan/[na \| ns \| rs]-enable	Indicates whether ND protocol packet validity check is enabled in a VLAN.	The value is of the Boolean type: true: ND protocol packet validity check is enabled in the VLAN. false: ND protocol packet validity check is disabled in the VLAN. The default value is false.	N/A

Configuring ND Snooping

This section describes how to configure ND snooping using the merge method.

Table 2-384 Configuring ND snooping

Operation	XPATH
merge	/huawei-savi:savi/nd-snooping/nd-snooping-global-enable/enable /huawei-savi:savi/nd-snooping/snooping/interface/nd-snooping-enable/snooping-enable /huawei-savi:savi/nd-snooping/snooping/interface/nd-snooping-trust-enable/snooping-trust-enable /huawei-savi:savi/nd-snooping/snooping/vlan/nd-snooping-enable/snooping-enable /huawei-savi:savi/nd-snooping/snooping/vlan-and-interface/nd-snooping-trust-enable/snooping-trust-enable /huawei-savi:savi/nd-snooping/nd-message-check/interface/[ns \| na \| rs]-enable /huawei-savi:savi/nd-snooping/nd-message-check/vlan/[na \| ns \| rs]-enable

Operation

XPATH

merge

/huawei-savi:savi/nd-snooping/nd-snooping-global-enable/enable
/huawei-savi:savi/nd-snooping/snooping/interface/nd-snooping-enable/snooping-enable
/huawei-savi:savi/nd-snooping/snooping/interface/nd-snooping-trust-enable/snooping-trust-enable
/huawei-savi:savi/nd-snooping/snooping/vlan/nd-snooping-enable/snooping-enable
/huawei-savi:savi/nd-snooping/snooping/vlan-and-interface/nd-snooping-trust-enable/snooping-trust-enable
/huawei-savi:savi/nd-snooping/nd-message-check/interface/[ns | na | rs]-enable
/huawei-savi:savi/nd-snooping/nd-message-check/vlan/[na | ns | rs]-enable

Data Requirements

Item	Data	Description
Whether to enable ND snooping globally.	true	Configure ND snooping on GE1/0/1 connected to the user, configure the interface as a trusted interface, and enable ND protocol packet validity check. Configure ND snooping in VLAN 10 to which the user belongs, configure the interface GE1/0/2 in the VLAN as a trusted interface, and enable ND protocol packet validity check.
Whether ND snooping is enabled on GE1/0/1 connected to the user, whether the interface is a trusted interface, and whether to enable ND protocol packet validity check.	true
Whether ND Snooping is enabled in the VLAN to which the user belongs, whether GE1/0/2 in VLAN 10 is a trusted interface, and whether the ND packet validity check function is enabled.	true

Item

Data

Description

Whether to enable ND snooping globally.

true

Configure ND snooping on GE1/0/1 connected to the user, configure the interface as a trusted interface, and enable ND protocol packet validity check.

Configure ND snooping in VLAN 10 to which the user belongs, configure the interface GE1/0/2 in the VLAN as a trusted interface, and enable ND protocol packet validity check.

Whether ND snooping is enabled on GE1/0/1 connected to the user, whether the interface is a trusted interface, and whether to enable ND protocol packet validity check.

true

Whether ND Snooping is enabled in the VLAN to which the user belongs, whether GE1/0/2 in VLAN 10 is a trusted interface, and whether the ND packet validity check function is enabled.

true

Request Example

<rpc message-id="123" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <huawei-vlan:vlans xmlns:huawei-vlan="urn:huawei:params:xml:ns:yang:huawei-vlan">
        <huawei-vlan:vlan>
          <huawei-vlan:id>10</huawei-vlan:id>
        </huawei-vlan:vlan>
      </huawei-vlan:vlans>
      <if:interfaces xmlns:if="urn:ietf:params:xml:ns:yang:ietf-interfaces">
        <if:interface xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
          <if:name>GigabitEthernet1/0/1</if:name>
          <if:type xmlns:iana-if-type="urn:ietf:params:xml:ns:yang:iana-if-type">iana-if-type:ethernetCsmacd</if:type>
        </if:interface>
      </if:interfaces>
      <if:interfaces xmlns:if="urn:ietf:params:xml:ns:yang:ietf-interfaces">
        <if:interface xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
          <if:name>GigabitEthernet1/0/2</if:name>
          <if:type xmlns:iana-if-type="urn:ietf:params:xml:ns:yang:iana-if-type">iana-if-type:ethernetCsmacd</if:type>
        </if:interface>
      </if:interfaces>
      <hw-savi:savi xmlns:hw-savi="urn:huawei:params:xml:ns:yang:huawei-savi">
        <hw-savi:nd-snooping>
          <hw-savi:nd-snooping-global-enable>
            <hw-savi:enable>true</hw-savi:enable>
          </hw-savi:nd-snooping-global-enable>
          <hw-savi:snooping>
            <hw-savi:interface>
              <hw-savi:interface-name>GigabitEthernet1/0/1</hw-savi:interface-name>
              <hw-savi:snooping-enable>true</hw-savi:snooping-enable>
              <hw-savi:snooping-trust-enable>true</hw-savi:snooping-trust-enable>
            </hw-savi:interface>
            <hw-savi:vlan>
              <hw-savi:vlan-id>10</hw-savi:vlan-id>
              <hw-savi:snooping-enable>true</hw-savi:snooping-enable>
            </hw-savi:vlan>
            <hw-savi:vlan-and-interface>
              <hw-savi:vlan-id>10</hw-savi:vlan-id>
              <hw-savi:interface-name>GigabitEthernet1/0/2</hw-savi:interface-name>
              <hw-savi:snooping-trust-enable>true</hw-savi:snooping-trust-enable>
            </hw-savi:vlan-and-interface>
          </hw-savi:snooping>
          <hw-savi:nd-message-check>
            <hw-savi:interface>
              <hw-savi:interface-name>GigabitEthernet1/0/1</hw-savi:interface-name>
              <hw-savi:na-enable>true</hw-savi:na-enable>
              <hw-savi:ns-enable>true</hw-savi:ns-enable>
              <hw-savi:rs-enable>true</hw-savi:rs-enable>
            </hw-savi:interface>
            <hw-savi:vlan>
              <hw-savi:vlan-id>10</hw-savi:vlan-id>
              <hw-savi:na-enable>true</hw-savi:na-enable>
              <hw-savi:ns-enable>true</hw-savi:ns-enable>
              <hw-savi:rs-enable>true</hw-savi:rs-enable>
            </hw-savi:vlan>
          </hw-savi:nd-message-check>
        </hw-savi:nd-snooping>
      </hw-savi:savi>
    </config>
  </edit-config>
</rpc>

Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Service process failed.</error-message>
    <error-info>Error on node /huawei-savi:savi/nd-snooping/nd-snooping-global-enable/enable</error-info>
  </rpc-error>
</rpc-reply>

Disabling ND Snooping

This section describes how to disable ND snooping using the merge method.

Table 2-385 Disabling ND snooping

Operation	XPATH
merge	/huawei-savi:savi/nd-snooping/nd-snooping-global-enable/enable /huawei-savi:savi/nd-snooping/snooping/interface/nd-snooping-enable/snooping-enable

Data Requirements

Item	Data	Description
Whether to enable ND snooping globally.	true	Disable ND snooping on GE1/0/1.
Whether to enable ND snooping on GE1/0/1 connected to the user.	false	Disable ND snooping on GE1/0/1.

Request Example

<rpc message-id="123" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <error-option>rollback-on-error</error-option>
    <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">        
      <hw-savi:savi xmlns:hw-savi="urn:huawei:params:xml:ns:yang:huawei-savi">
        <hw-savi:nd-snooping>
          <hw-savi:nd-snooping-global-enable xc:operation="merge">
            <hw-savi:enable>true</hw-savi:enable>
          </hw-savi:nd-snooping-global-enable>
          <hw-savi:snooping>
            <hw-savi:interface xc:operation="merge">
              <hw-savi:interface-name>GigabitEthernet1/0/1</hw-savi:interface-name>
              <hw-savi:snooping-enable>false</hw-savi:snooping-enable>
            </hw-savi:interface>
          </hw-savi:snooping>
        </hw-savi:nd-snooping>
      </hw-savi:savi>
    </config>
  </edit-config>
</rpc>

Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message>Service process failed.</error-message>
    <error-info>Error on node /huawei-savi:savi/nd-snooping/nd-snooping-global-enable/enable</error-info>
  </rpc-error>
</rpc-reply>

Configuring User Status Detection

This section provides a sample of configuring user status detection using the merge method.

Table 2-386 Configuring user status detection

Operation	XPATH
merge	/huawei-savi/savi/nd-snooping/user-bind-detect/enable /huawei-savi/savi/nd-snooping/user-bind-detect/retransmit /huawei-savi/savi/nd-snooping/user-bind-detect/interval

Data Requirements

Item	Data	Description
Automatically detecting the status of users mapping ND snooping dynamic binding entries	true	Enable the function of automatically detecting the status of users mapping ND snooping dynamic binding entries, set the number of times that NS packets are sent to detect the user status to 3, and set the interval for sending NS packets to 1200 milliseconds.
Number of times that NS packets are sent to detect the user status	3
Interval for sending NS packets	1200

Request Example

<rpc message-id="123" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-savi:savi xmlns:hw-savi="urn:huawei:params:xml:ns:yang:huawei-savi">
        <hw-savi:nd-snooping xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="merge">
          <hw-savi:nd-snooping-global-enable>
            <hw-savi:enable>true</hw-savi:enable>
          </hw-savi:nd-snooping-global-enable>
          <hw-savi:user-bind-detect>
            <hw-savi:enable>true</hw-savi:enable>
            <hw-savi:retransmit>3</hw-savi:retransmit>
            <hw-savi:interval>1200</hw-savi:interval>
          </hw-savi:user-bind-detect>
        </hw-savi:nd-snooping>
      </hw-savi:savi>
    </config>
  </edit-config>
</rpc>

Response Example

Sample of successful response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <ok/>
</rpc-reply>

Sample of failed response

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="123">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message> Please enable DHCP snooping in the global view first.</error-message>
    <error-info>Error on node /huawei-savi:savi/nd-snooping/user-bind-detect</error-info>
  </rpc-error>
</rpc-reply>

Data Model
Configuring ND Snooping
Disabling ND Snooping
Configuring User Status Detection

Translation

简体中文

Download

Updated: 2022-05-25

Document ID: EDOC1100126933

Downloads: 83

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

This document describes the NETCONF YANG API functions supported by the switch, including the data model and samples.

Data Model

Configuring ND Snooping

Data Requirements

Request Example

Response Example

Disabling ND Snooping

Data Requirements

Request Example

Response Example

Configuring User Status Detection

Data Requirements

Request Example

Response Example

Related Version

Related Documents

Digital Signature File