Note

The documentation you're currently reading is for version 2.8.1. Click here to view documentation for the latest stable version.

Network Essentials Actions

This is a reference documentation for Network Essentials Automation Suite actions and workflows to automate SLX, VDX and NetIron(NI) devices. These actions can be used as independent actions, or as part of a more complex workflow. Actions can be manually triggered, or they can be tied to sensors using rules.

Most of the actions below can be used to automate SLX, VDX and NI platforms, however, if an action is only valid for a particular platform, it will be documented in the action details, otherwise, the action is supported for all platforms.

Pre-requisites for Automation

For automation actions to work properly, following requirements must be met:

  • Device firmware is supported by the automation suite
  • SSH enabled on the device
  • Ports 22 (SSH) and 443 (HTTPS) or 80 (HTTP) not blocked between automation & the device
  • Devices must be configured with appropriate credentials prior to registering in NE
  • SSH user credentials must have Admin privileges on the device
  • For NI devices, SNMP server must be enabled and SNMPv2 or SNMPv3 credentials must have read/write access to all OIDs/MIBs

Pre-requisites for HTTPS

The following set up must be done on the devices and automation server in order for REST APIs to use HTTPS:

  1. Enable HTTPS on SLX and/or VDX devices.
  1. Copy trusted certificate authority’s certificate to /etc/pyswitchlib/cacert.pem location on automation server. If multiple certificate authorities are used, then concatenate the certificates to the same location on automation server.

Device Registration

Starting with Network Essentials (NE) Automation Suite v1.2, the device credentials registration feature enables users to register a device and its associated credentials once, eliminating the need to provide device credentials for each action invocation. One time device registration is required for all device types, however, based on device type and user options, users may need to provide a different set of device credentials.

NE Automation Suite actions use primarily REST and SSH protocols to interact with SLX and VDX devices. The username and password are sufficient for these protocols. For NetIron(NI), in addition to SSH, actions use SNMP protocols that require the following additional credentials:

  • Username and password for SSH
  • SNMP version, and the relevant SNMP credentials - Community string for SNMPv2, Username, auth-priv protocols and the corresponding passphrases for SNMP v3.
  • Enable password for NetIron devices where privileged exec mode is password protected.

For SLX and NOS devices SNMP credentials are not applicable and can be ignored.

register_device_credentials

Description: This Add/Update the device credentials into st2store for NE pack actions. SNMP credentials are applicable only to NetIron(NI) based devices (MLX, CER, CES).

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The SSH login user name to connect to the device.

Type: string

password

The SSH login password to connect to the device.

Type: string

enable_password

The password to enter into config enable mode. This applies to few platforms like MLX, CER, CES if applicable.

Type: string

snmp_port

The SNMP port on the target device. This is optional for devices where SNMP port is configurable.

Type: integer

Default: 161

snmp_version

The SNMP version used to connect to the device. This is mandatory parameter for NI based devices.

Choose from:

  • v2
  • v3
  • None

Default: None

snmp_v2c

The SNMPv2 community string. This is mandatory in snmp_version value is “v2”.

Type: string

snmpv3_user

The SNMPv3 User. This is mandatory if snmp_version is “v3”.

Type: string

Default: None

snmpv3_auth

The SNMPv3 authentication protocol. This is mandatory if snmp_version is “v3”.

Choose from:

  • md5
  • sha
  • noauth

Default: noauth

auth_pass

The Authkey pass phrase configured on the SNMP agent. This is mandatory if snmpv3_auth is “md5” or “sha”.

Type: string

snmpv3_priv

The SNMPv3 privacy protocol. This is mandatory if snmp_version is “v3”. “aes128” is equivalent to “aes” in NI SNMP configuration.

Choose from:

  • aes128
  • des
  • nopriv

Default: nopriv

priv_pass

The privacy pass phrase configured on the SNMP agent. This is mandatory if snmpv3_priv is “aes128” or “des”.

Type: string

rest_protocol

The protocol used for REST requests. This applies to REST platforms such as SLX, VDX if applicable.

Choose from:

  • http
  • https

Default: http

Prior to using NE actions, all devices must be registered with appropriate credentials, see examples below:

NE Automation Suite includes new actions to register device credentials to register a device.

  • Registering SNMPv2 credentials and enable password for NetIron device:

    st2 run network_essentials.register_device_credentials mgmt_ip=10.24.85.107 username=admin password=admin snmp_version=v2 snmp_v2c=public enable_password=password
    
  • Registering SNMPv3 credentials and enable password for NetIron device:

    st2 run network_essentials.register_device_credentials mgmt_ip=10.24.85.107 username=admin password=password snmp_version=v3 snmpv3_user=v3user4 snmpv3_auth=md5 snmpv3_priv=aes auth_pass="md5 user" priv_pass="test aes user"
    
  • Registering for SLX or NOS device:

    st2 run network_essentials.register_device_credentials mgmt_ip=10.24.85.107 username=admin password=admin
    
  • If HTTPS is enabled on SLX or NOS device:

    st2 run network_essentials.register_device_credentials mgmt_ip=10.24.81.125 username=admin password=password rest_protocol=https
    

Update Device registration: The register_device_credentials action can also be used to overwrite existing device credentials. Since this action overwrites all the existing credentials, the user must provide all the parameters and not just the changed credentials. For example:

st2 run network_essentials.register_device_credentials username=admin password=password snmp_version=v2 snmp_v2c=public

If you later need to update enable_password, you also need to provide the existing snmp_version and snmp_v2c values:.

st2 run network_essentials.register_device_credentials username=admin password=password snmp_version=v2 snmp_v2c=public enable_password=password

get_registered_device_credential_list

Description: This gets the list of devices for which credentials are registered.

Parameter Description
mgmt_ip

The management IP address of the target device. If this parameter is not given, it will list all registered devices.

Type: string

Display registered devices: get_registered_device_credential_list lists all registered devices and provides the corresponding SNMP version configured:

delete_device_credentials

Description: This deletes the device credentials from st2 store.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

Deleting device registration: Device details will be maintained until explicitly deleted. Both default and device-specific credentials can be removed:

st2 run network_essentials.delete_device_credentials mgmt_ip=1.1.1.1

Device credential lookup: SSH credentials can still come as parameters from actions (which is maintained for backward compatibility). Other credentials are expected to be registered per device. The NE Automation Suite actions fetch device credentials using the following sequence:

For SSH credentials:

  • Check if username and password parameter comes from action (or)
  • Lookup st2 store for device specific username and password

For SNMP credentials:

  • Check if version is v2 or v3 then lookup credentials in the st2 store for device specific SNMP credentials

Edge Ports Configuration

create_l2_port_channel

Description: This create an L2 port channel (LAG or vLAG) in Static or LACP mode.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

intf_type

The interface type - ethernet/gigabitethernet/tengigabitethernet/fortygigabitethernet/hundredgigabitethernet.

Choose from:

  • tengigabitethernet
  • gigabitethernet
  • fortygigabitethernet
  • hundredgigabitethernet
  • ethernet

Default: tengigabitethernet

ports

A single or a list of ports that are members of the port channel. Examples for VDX, SLX are 24/0/1, 24/0/2 or 1/13, 1/14.

Type: array

port_speed

The configurable port speed that is supported on SLX and VDX.

Choose from:

  • 1000
  • 10000
  • 25000
  • 40000
  • 100000
port_channel_id

Port channel interface number.For VDX range is <NUMBER:1-6144>. For MLX range is <1-256>, CER/CES range is <1-64>, Avalanche range is <1-64>, Fusion range is <1-512> Cedar/Freedom range is <1-1024>

Type: string

mode

The port channel type. SLX and MLX supports standard type only.

Choose from:

  • standard
  • brocade

Default: standard

protocol

The port channel mode. For MLX, use active for dynamic and modeon for static.

Choose from:

  • active
  • passive
  • modeon

Default: active

port_channel_desc

The port channel interface description. For MLX, this is mandatory. field.

Type: string

autopick_port_channel_id

Description: This auto picks the lowest available Port Channel ID on the device.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

create_vlan

Description: This creates a single or range of VLANs on a switch.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

vlan_id

A single VLAN ID or a range of VLAN IDs. For example, 21 or 21-26 or 10, 13-14, 89-91. For NI platform a maximum of 512 VLAN’s are allowed at a time for e.g. 1-512 or 9, 10-520.

Type: string

vlan_desc

The VLAN description. The same description is used when creating multiple VLANs.

Type: string

create_switchport_access

Description: This configures a port channel or a physical interface as an access interface, or adds a untagged port to a VLAN for NI.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

intf_type

The interface type.

Choose from:

  • ethernet
  • tengigabitethernet
  • gigabitethernet
  • fortygigabitethernet
  • hundredgigabitethernet
  • port_channel

Default: tengigabitethernet

intf_name

The interface name, for VDX in 3-tuple format (24/0/1), SLX/NI in 2-tuple format (24/1) or Port-channel number <1-6144>, for NI <1-256>.

Type: string

vlan_id

The VLAN ID to be configured on the interface. For 802.1Q VLANs, ID must be below 4096, for service or transport VFs valid range is from 4096 through 8191, for NI, vlan range <1-4090>.

Type: string

mac_group_id

The ID of a previously created MAC group to be used in MAC-based VLAN classification at the access port. This is applicable only when Virtual Fabric is enabled. This is a fabric-wide ID with valid values of 1 through 500. it is no-op for NI.

Type: array

create_switchport_trunk

Description: This configures the port channel or a physical interface as a Trunk or Trunk-no-default-native or add a tagged port to a vlan or list of vlans interface.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

intf_type

Interface type

Choose from:

  • ethernet
  • tengigabitethernet
  • gigabitethernet
  • fortygigabitethernet
  • hundredgigabitethernet
  • port_channel

Default: tengigabitethernet

intf_name

The interface name, for VDX in 3-tuple format (24/0/1), SLX/NI in 2-tuple format (24/1) or Port-channel number <1-6144>, for NI <1-256>.

Type: string

trunk_no_default_native

This configures the interface mode as trunk-no-default-native or trunk. The default interface mode is configured as trunk, and it is no-op for NI.

Type: boolean

vlan_id

For 802.1Q VLANs, single or range of VLANs, for example, 5 or 4-7 or 4,6,9-11 or all; the ID must be below 4096. For service or transport VFs, single ID, range can be from 4096 through 8191. For NI, the VLAN range is <1-4090> and is a mandatory argument.

Type: string

c_tag

This specifies an incoming C-TAG or range of C-TAGs for service or transport VLANs in a Virtual Fabrics context. For service VF, only single ID is allowed, for transport VFs, a range of IDs, for example, 100-200, or 10,20,100-200, it is no-op for NI.

Type: string

create_ve

Description: This creates a VE and assign IP addresses, VRF on one or more switches.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

rbridge_id

A single or list of RBridge IDs separated by comma, for example, 1 or 1,2, 4. This parameter is only applicable for VDX switches.

Type: array

vlan_id

The VLAN ID. The allowed range for SLX <NUMBER:1-4090>, for VDX <NUMBER:1-4090/8191> greater than 4090 only if VF is enabled, and for MLX, the range is <NUMBER:1-4090>.

Type: string

ve_id

The VE interface ID. For NOS range is 1-4090, MLX range is 1-255, SLX range is 1-4096. For MLX, this is a mandatory field.

Type: string

ip_address

A single or list of IPv4/IPv6 addresses to be configured on the VE. IPv4/subnet-length or IPv6/prefix-length, for example 10.0.0.10/22, 30.0.0.10/22. List of IP addresses is valid only in VDX Cluster Nodes.

Type: array

vrf_name

VRF name. For example vrf32 or 32

Type: string

ipv6_use_link_local_only

IPv6 link local

Type: boolean

skip_vlan_config

Skip Vlan to VE mapping for SLXOS platforms.

Type: boolean

create_vrf

Description: This creates a Virtual Routing and Forwarding (VRF) instance on a switch for L3 tenants.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

vrf_name

The VRF name, for example vrf32 or 32.

Type: string

rbridge_id

The RBridge ID of the switch. This parameter is only applicable for VDX switches.

Type: array

afi

The IP address type.

Choose from:

  • ipv4
  • ipv6

Default: ipv4

rd

The Route Distinguisher <ASN:nn or VPN Route Distinguisher>, and is mandatory for MLX

Type: string

create_vrrpe

Description: This creates a VRRPe session on multiple switches by creating VRRPe group and assigning virtual IP.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

intf_type

The interface type. VDX/SLX supports only ve and MLX supports both ve and ethernet.

Choose from:

  • ethernet
  • ve
intf_name

The name of the interface.

Type: string

rbridge_id

The RBridge ID of the VDX switch. This parameter is only applicable for VDX switches.

Type: array

vrid

Virtual group ID

Type: string

virtual_ip

The VRRPe virtual IP address without the netmask.

Type: string

delete_l2_port_channel

Description: This deletes the port channel interface and deletes the port chanel configuration from all the member ports.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

port_channel_id

Port channel interface number.For VDX range is <NUMBER:1-6144>. For MLX range is <1-256>, CER/CES range is <1-64>, Avalanche range is <1-64>, Fusion range is <1-512> Cedar/Freedom range is <1-1024>

Type: integer

delete_switchport

Description: This deletes the Switchport on an interface.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

intf_type

The interface type.

Choose from:

  • ethernet
  • tengigabitethernet
  • gigabitethernet
  • fortygigabitethernet
  • hundredgigabitethernet
  • port_channel

Default: tengigabitethernet

intf_name

The interface name, can be port or port channel. For example to specify ports, 24/0/1 (VDX) or 24/1 (SLX). For port channel, 10 or 1-10

Type: string

delete_ve

Description: This action deletes a VE along with router interface mappings under a VLAN.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

rbridge_id

The RBridge IDs of the VDX switches, for example 51 or 51,52. This parameter is only applicable for VDX switches.

Type: array

vlan_id

The VLAN ID. Valid values for SLX <NUMBER:1-4090>, for VDX <NUMBER:1-4090/8191> greater than 4090 only if VF is enabled, for MLX, the range is <NUMBER:1-4090>.

Type: string

ve_id

The VE interface ID. For NOS range is 1-4090, MLX range is 1-255, SLX range is 1-4096. This is mandatory args for MLX devices. If not passed for SLX and VDX devices, ve_id will be assumed as vlan_id.

Type: string

delete_vlan

Description: This deletes one or more VLANs on a switch.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

vlan_id

The VLAN ID, can be single or range of VLANs. For example 21 or 21-26. or 10,13-14,89-91.

Type: string

remove_switchport_trunk_allowed_vlan

Description: This removes the switch port trunk allowed VLAN from an interface for SLX/NOS or remove a tagged port from a VLAN or list of VLANs for MLX.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

intf_type

The interface type.

Choose from:

  • ethernet
  • tengigabitethernet
  • gigabitethernet
  • fortygigabitethernet
  • hundredgigabitethernet
  • port_channel

Default: tengigabitethernet

intf_name

The interface name, for VDX in 3-tuple format (24/0/1), SLX/MLX in 2-tuple format (24/1) or Port-channel number <1-6144>, for MLX <1-256>.

Type: string

vlan_id

For 802.1Q VLANs, single or range of VLANs, for example, 5 or 4-7 or 4,6,9-11 or all; ID must be below 4096. For service or transport VFs, single ID, range can be from 4096 through 8191. For MLX vlan range <1-4090>.

Type: string

c_tag

This specifies an incoming C-TAG or range of C-TAGs for service or transport VLANs in a Virtual Fabrics context. For service VF only single ID is allowed, for Transport VFs a range of IDs, for example, 100-200, or 10,20,100-200. it is no-op for MLX.

Type: string

remove_switchport_access_vlan

Description: This removes a physical interface or port-channel from a VLAN.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

intf_type

The interface type.

Choose from:

  • ethernet
  • tengigabitethernet
  • gigabitethernet
  • fortygigabitethernet
  • hundredgigabitethernet
  • port_channel

Default: tengigabitethernet

intf_name

The interface name, for VDX in 3-tuple format (24/0/1), SLX/NI in 2-tuple format (24/1) or Port-channel number <1-6144>, for NI <1-256>.

Type: string

vlan_id

The VLAN ID to be configured on the interface. For 802.1Q VLANs, ID must be below 4096, for service or transport VFs valid range is from 4096 through 8191, for NI, vlan range <1-4090>.

Type: string

delete_vrf

Description: This deletes a VRF.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

rbridge_id

The RBridge IDs of the VDX switches, for example 51 or 51,52. This parameter is only applicable for VDX switches.

Type: array

vrf_name

The VRF name, for example vrf32 or 32.

Type: string

delete_vrrpe

Description: This deletes VRRPe group.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

intf_type

The interface type, VDX/SLX supports only ve and MLX supports both ve and ethernet.

Choose from:

  • ethernet
  • ve
intf_name

The name of the interface, for ethernet slot/port, for ve, ve-id like 10,20.

Type: string

rbridge_id

The RBridge IDs of the VDX switches, for example 51 or 51,52. This parameter is only applicable for VDX switches.

Type: array

vrrpe_group

The virtual extender group ID

Type: string

ip_version

The IPv4 or IPv6 group.

Type: string

Default: IPv4

set_intf_admin_state

Description: This enable or disable physical port, port-channel, loopback or VE interfaces on a device. Optionally, sets the interface description. For MLX, port-channel admin state changes means it changes member port’s admin state.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

intf_type

The interface type.

Choose from:

  • ethernet
  • gigabitethernet
  • tengigabitethernet
  • fortygigabitethernet
  • hundredgigabitethernet
  • port_channel
  • ve
  • loopback

Default: tengigabitethernet

intf_name

The interface names, port channel numbers or VEs. For example to specify ports, for VDX 24/0/1 or 24/0/1-2 , for SLX/NI 24/1 or 24/1-2 . For port channel or l3 interface , 10 or 1-10

Type: string

enabled

The admin setting of the interface(s).

Type: boolean

Default: True

intf_desc

The interface description without any space.

Type: string

rbridge_id

The RBridge ID of the VDX switch. This parameter is only applicable for VDX switches.

Type: string

set_l2_mtu

Description: This sets the L2 MTU size on physical or port channel interfaces.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

intf_type

The interface type.

Choose from:

  • ethernet
  • tengigabitethernet
  • gigabitethernet
  • fortygigabitethernet
  • hundredgigabitethernet
  • port_channel

Default: tengigabitethernet

intf_name

The interface names that can be comma separated physical ports, port channel numbers. Examples are 224/0/1, 224/0/2 or 7, 8, 9

Type: array

mtu_size

For SLX MTU size in bytes <Number:1548-9216>. For VDX <Number:1522-9216>.

Type: integer

set_l3_mtu

Description: This sets the L3 MTU size on physical, port channel or ve interface.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

intf_type

The interface type.

Choose from:

  • ethernet
  • tengigabitethernet
  • gigabitethernet
  • fortygigabitethernet
  • hundredgigabitethernet
  • port_channel
  • ve

Default: tengigabitethernet

intf_name

The interface names which can be comma separated physical ports, or port channel numbers. Examples are 224/0/1, 224/0/2 or 7, 8, 9.

Type: array

mtu_size

For SLX IPV4/IPV6 MTU size in bytes <Number:1300-9194>. For VDX IPV4 <Number:1300-9100> or IPV6 <Number:1280-9100> MTU size in bytes. For MLX you may enter any number within range of IPv4 <576-9198> , IPv6 <1280-9198>. However, this value must be 18 bytes less than the value of l2 system mtu(global maximum frame size).

Type: integer

afi

The IP version.

Choose from:

  • ipv4
  • ipv6

Default: ipv4

set_l2_system_mtu

Description: This sets the L2 system global MTU.

Parameter Description
mgmt_ip

The virtual IP of the VCS Fabric or the management IP of the switch.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

mtu_size

The MTU size in bytes <Number:1522-9216>. For MLX MTU <1298-9216>.

Type: integer

set_l3_system_mtu

Description: This sets the L3 system global MTU.

Parameter Description
mgmt_ip

The virtual IP of the VCS Fabric or management IP of the switch.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

mtu_size

The MTU size in bytes For NOS <Number:1300-9100> for IPV4, <Number:1280-9100> for IPV6. For SLX <Number:1300-9194> for IPV4/IPv6 For MLX you may enter any number within range of IPv4 <576-9198> , IPv6 <1280-9198>. However, this value must be 18 bytes less than the value of l2 system mtu(global maximum frame size).

Type: integer

afi

The IP version.

Choose from:

  • ipv4
  • ipv6

Default: ipv4

configure_mac_move_detection

Description: This configures the switch to enable MAC move detection and set the threshold for the number of MAC moves in time-window to trigger the detection.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

THe login password to connect to the device.

Type: string

move_threshold

The MAC move threshold <NUMBER:5-500>.

Type: integer

Default: 5

Bridge Domains

Bridge Domains(BD) are only supported on the SLX family of devices.

configure_bridge_domain

Description: This will create the bridge domain for p2mp/p2p and bind the logical interface.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

THe login password to connect to the device.

Type: string

bridge_domain_id

The Bridge-domain ID. Valid values are <1-4096> on SLX9140,SLX9850,SLX9540 and <1-3566> on SLX9240.

Type: string

bridge_domain_service_type

The bridge domain service type. p2p is valid only on SLX9850,SLX9540.

Choose from:

  • p2mp
  • p2p

Default: p2mp

vc_id

The VC Id under the VPLS Instance. Range <1-4294967295>. Valid only on SLX9850,SLX9540.

Type: string

statistics

Configure Statistics.

Type: boolean

Default: True

bpdu_drop_enable

Drop BPDU packets. Valid only on SLX9850,SLX9540.

Type: boolean

local_switching

Configured local switching. Valid only on SLX9850,SLX9540.

Type: boolean

peer_ip

A single or a list of IPv4/IPv6 addresses to be configured on the bridge_domain. IPv4, for example 10.0.0.10. Valid only on SLX9850,SLX9540.

Type: array

pw_profile_name

The pw-profile name (Max Size - 64). Valid only on SLX9850,SLX9540.

Type: string

Default: default

intf_type

The logical interface type. Valid Types are ‘ethernet’,’port_channel’. For Example. ‘ethernet’ –> if all the entries in logical_interface_number are of type ethernet ‘port_channel’ –> if all the entries in logical_interface_number are of type port_channel ‘ethernet,port_channel,ethernet,port_channel’ –> If the entries in logical_interface_number are of mixed types.

Type: string

logical_interface_number

The physical port or port channel number list. Format for the logical interfaces is <physical/port-channel number>.<number>. For E.g ‘0/34.11,21.1,0/35.1,22.1’

Type: string

vlan_id

The VLAN ID to map the broadcast domain to a router interface. Valid range <1-4096>

Type: string

get_next_available_network_id

Description: This returns the next lowest available VF ID (4096-8191) on VDX platform and bridge-domain ID on SLX platforms.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

length_of_the_range

This returns the lowest available Single/Range of VF values. Max Length = 4095. For example 10 or 1-25 or 1-25,26,28. For example, if length_of_the_range=2, returns 4096,4097. length_of_the_range=1-3, returns 4096,4097,4098.

Type: string

Default: 1

delete_bridge_domain

Description: This deletes the bridge domain.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

Default: admin

password

The login password to connect to the device.

Type: string

Default: password

bridge_domain_id

A single or list of Bridge-domain IDs. <1-4096> on SLX9140,SLX9850 and <1-3566> on SLX9240.

Type: string

bridge_domain_service_type

The bridge domain service type. p2p is not supported on SLX9140 and SLX9240 platforms.

Choose from:

  • p2mp
  • p2p

Default: p2mp

configure_logical_interface

Description: This creates the logical interface under the physical/port-channel interface and untag/tag vlan.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

intf_type

The interface type.

Choose from:

  • ethernet
  • port_channel

Default: ethernet

intf_name

The interface Port number or Port channel number. Examples for SLX are 1/13, 1/14.

Type: string

logical_interface_number

The interface name of the physical port or port channel number. E.g:0/1.1 or 7.1. Format for the logical interfaces is <physical/port-channel number>.<number>.

Type: string

vlan_type

The VLAN tag type.

Choose from:

  • untagged
  • tagged
  • double_tagged
vlan_id

A single or a list of VLANIDs. VLAN ID range is 1-4090. If vlan_type is tagged, vlan_id needs to be specified. If vlan_type is double_tagged, vlan_id needs to be specified and is interpreted as outer_vlan_id.. If vlan_type is untagged, vlan_id needs to be specified. Valid only on SLX9850,SLX9540.

Type: string

inner_vlan_id

This configures a single VLAN or a list of Inner VLANs for the logical interface. Valid vlan id range <1-4090>. Valid only if vlan_type is double_tagged.

Type: string

autopick_lif_id

Description: This returns the next lowest available Logical Interface ID on SLX platforms.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

intf_type

The interface type.

Choose from:

  • ethernet
  • port_channel

Default: ethernet

intf_name

The interface Port number or Port channel number. Examples for SLX are 1/13, 1/14.

Type: string

length_of_the_range

This returns the lowest available Single/Range of Logical Interface values. For example 1/1.1 or 1/1.1,1/1.2 or 1.1 or 1.1,1.2.

Type: string

Default: 1

delete_logical_interface_on_bridge_domain

Description: This deletes the logical interfaces under a bridge domain.

Parameter Description
mgmt_ip

The management IP address of the target device..

Type: string

username

The login user name to connect to the device.

Type: string

Default: admin

password

The login password to connect to the device.

Type: string

Default: password

bridge_domain_id

The bridge domain IDs. <1-4096> on SLX9140,SLX9850 and <1-3566> on SLX9240.

Type: string

bridge_domain_service_type

The bridge domain service type. p2p is not supported on SLX9140 and SLX9240 platforms.

Choose from:

  • p2mp
  • p2p

Default: p2mp

intf_type

The interface type to be deleted from the bridge_domain.

Choose from:

  • ethernet
  • port_channel
  • both

Default: ethernet

logical_interface_number

Single/List of logical Interface Number for physical port or port channel separated by comma. E.g:0/1.1,10.1,0/20.1 or 7.1. 1. If intf_type is ‘both’ –> all the LIFs {ethernet & port_channel} will be deleted on the BD. 2. If intf_type is ‘ethernet’ and logical_interface_number is not passed –> all the ethernet LIFs will be deleted on the BD. 3. If intf_type is ‘port_channel’ and logical_interface_number is not passed –> all the port_channel LIFs will be deleted on the BD. 4. If intf_type is ‘port_channel or ethernet’ and logical_interface_number is passed –> port_channel/ethernet LIFs passed will be deleted on the BD.

Type: string

delete_logical_interface_on_interface

Description: This deletes the logical interface under the physical/port-channel interface.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

Default: admin

password

The login password to connect to the device.

Type: string

Default: password

intf_type

The interface type.

Choose from:

  • ethernet
  • port_channel

Default: ethernet

intf_name

The interface Port number or Port channel number. Examples for SLX are 1/13, 1/14.

Type: string

logical_interface_number

A single or list of Interface name, physical port or port channel number separated by comma. E.g:0/1.1,0/1.2 or 7.1. If ‘all’, it will delete all the LIFs under the interface.

Type: string

delete_service_policy_to_interface

Description: This deletes the Input/Output Policy Map from an interface.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

Default: admin

password

The login password to connect to the device.

Type: string

Default: password

rbridge_id

The RBridge ID of the VDX switch under which VE will be configured, and is only needed for the VDX device.

Type: string

intf_type

The interface type.

Choose from:

  • ethernet
  • port_channel
  • tengigabitethernet
  • gigabitethernet
  • fortygigabitethernet
  • hundredgigabitethernet

Default: tengigabitethernet

intf_name

The interface name of the physical port or port channel number. E.g:0/1 or 7

Type: string

policy_map_name

A single Policy Map Class Name for configuring the In/Out Policy. List of Class Names to configure In & Out Policy. (Max Size -64). For Example. ‘Policy_map_in’ or ‘Policy_map_out’ or ‘Policy_map_in, Policy_map_out’

Type: array

policy_type

The In/Out Policy Map (Max Size -64).

Choose from:

  • In
  • Out
  • Both

Default: In

Virtual Fabrics

Virtual Fabrics are only supported on the VDX family of devices.

The Virtual Fabrics (VF) feature in NOS enables Layer 2 multi-tenancy solutions provides support for overlapping VLANs, VLAN scaling, and transparent VLAN services, by providing both traditional VLAN service and a transport service. The VF feature is deployed in data centers that require logical switch partitioning with a large number of customer VLAN domains that must be isolated from each other in the data plane. On hardware platforms that supports the VF feature, such as VDX 8770 series and VDX 6740 series, the VLAN ID range is extended from the standard 802.1Q limit of 4095, to 8191.

Network Essentials Automation Suite v1.2 release includes new workflows and enhancements to the existing workflows to automate VF provisioning.

A VF operates like a regular 802.1Q VLAN, while allowing the number of networks to scale beyond the standard 4K (4096) limit. Users can use enable_vf action to enable VF on a switch. After enabling VF, users can use existing workflows to manage VFs, for example, to create or delete a VF, use create_vlan or delete_vlan actions.

enable_vf

Description: This enable or disable VCS virtual-fabric on a VCS fabric, when enabled, expands the VLAN ID address space beyond the 802.1Q limit in the fabric, allowing VLANs with IDs greater than 4095, up through 8191.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

virtual_fabric_enable

Set True to enable or False to disable virtual-fabric on VCS.

Type: boolean

Default: True

get_next_available_network_id

Description: This returns the next lowest available VF ID (4096-8191) on VDX platform and bridge-domain ID on SLX platforms.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

length_of_the_range

This returns the lowest available Single/Range of VF values. Max Length = 4095. For example 10 or 1-25 or 1-25,26,28. For example, if length_of_the_range=2, returns 4096,4097. length_of_the_range=1-3, returns 4096,4097,4098.

Type: string

Default: 1

configure_mac_group

Description: This creates a new MAC group on a device and configures the member MAC addresses.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

mac_group_id

The MAC group ID <NUMBER:1,500>.

Type: integer

mac_address

A single or comma seperated list of MAC addresses to be part of the MAC group. The MAC address is in HHHH.HHHH.HHHH format.

Type: array

delete_mac_group

Description: This deletes the MAC Groups.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

mac_group_id

The single MAC Group id/range of the MAC Group id/batch wise values. Valid Values [1,500]. For example, 10 or 1-10 or 1,2-10,15

Type: string

ACL Management

With the addition of the NI platform support in NE Automation Suite v1.2, ACL Management actions support SLX, VDX and NI platforms. ACL actions provide abstraction covering common features across all these platforms. However, ACL actions also support platform specific features as optoinal attributes. Platform specific attributes are documented as part of the field description. If the field description does not specify any platform restrictions, those fields are applicable to all platforms.

create_acl

Description: This creates an Access Control List.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

address_type

The ACL address type, IP or IPv6 or MAC.

Choose from:

  • ip
  • ipv6
  • mac

Default: ip

acl_type

The ACL type, extended or standard. This is required for SLX and NOS. The acl_type is required by MLX for IP/IPv6 ACL.

Choose from:

  • standard
  • extended
acl_name

The unique name for the ACL which must begin with a-z, A-Z. Keywords “all” and “test” can not be used as acl_name.

Type: string

delete_acl

Description: This deletes an existing Access Control List (ACL).

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

acl_name

The name of the ACL to be deleted.

Type: string

add_ipv4_rule_acl

Description: Add a Layer 3 IPv4 ACL rule to an already existing ACL.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

acl_name

The name of the access control list

Type: string

seq_id

The sequence number of the rule, if not specified, the rule is added at the end of the list. Valid range is 0 to 4294967290

Type: integer

action

The action performed by the ACL rule.

Choose from:

  • permit
  • deny
  • hard-drop

Default: permit

protocol_type

The type of IP packets to be filtered based on the protocol. Valid values are <0-255> or key words tcp, udp, icmp or ip. This parameter is required for extended ACL. For MLX - Valid values are <0-255> or supported protocol keywords.

Type: string

source

The source IP address filters { any | S_IPaddress/mask(0.0.0.255) | S_IPaddress/Prefix | host,S_IPaddress } [ source-operator [ S_port-numbers ] ]

Type: string

Default: any

destination

The destination IP address filters { any | S_IPaddress/mask(0.0.0.255) | S_IPaddress/Prefix | host,S_IPaddress } [ source-operator [ S_port-numbers ] ]

Type: string

dscp

This matches the specified value against the DSCP value of the packet to filter. Allowed values are 0 through 63. For SLX - DSCP value between 0 and 63. Format {<dscp>[,<dscp-force>]}. For NOS - DSCP value between 0 and 63. Format {<dscp>}. For MLX - this field will be used for dscp-mapping.

Type: string

drop_precedence_force

This matches the drop_precedence value of the packet. Allowed values are 0 through 2. For MLX - Allowed values are 0 through 3. Only supported by MLX, SLX 9850 and 9540 devices.

Type: string

urg

This enables the urg for the rule. Use “True” or “False” to enable or disable respectively. Only supported by SLX and NOS devices.

Type: string

ack

This enables the ack for the rule. Use “True” or “False” to enable or disable respectively. Only supported by SLX and NOS devices.

Type: string

push

This enables the push for the rule. Use “True” or “False” to enable or disable respectively. Only supported by SLX and NOS devices.

Type: string

fin

This enables the fin for the rule. Use “True” or “False” to enable or disable respectively. Only supported by SLX and NOS devices.

Type: string

rst

This enables the rst for the rule. Use “True” or “False” to enable or disable respectively. Only supported by SLX and NOS devices.

Type: string

sync

This enables the sync for the rule. Use “True” or “False” to enable or disable respectively. Only supported by SLX and NOS devices.

Type: string

vlan_id

The VLAN interface to which the ACL is bound.

Type: integer

count

This enables the statistics for the rule. Use “True” or “False” to enable or disable respectively. Only supported by SLX and NOS devices.

Type: string

log

This enables the logging for the rule. Use “True” or “False” to enable or disable respectively.

Type: string

mirror

This enables the mirror for the rule. Use “True” or “False” to enable or disable respectively. Only supported by MLX, SLX 9850 and 9540 devices.

Type: string

copy_sflow

This enables the copy-sflow for the rule. Use “True” or “False” to enable or disable respectively. Only supported by MLX, SLX 9850 and 9540 devices.

Type: string

dscp_marking

This is the dscp-marking number that is used to mark the DSCP value in the incoming packet with the value you specify to filter. Allowed values are 0 through 63. Only supprted by MLX devices.

Type: string

fragment

The fragment keyword used to allow the ACL to filter fragmented packets. Only supprted by MLX devices. Use the non-fragment keyword to filter non-fragmented packets. - fragment - non-fragment

Type: string

precedence

This will match packets with given precedence value. Only supprted by MLX devices. Allowed value { <0 to 7> | critical | flash | flash-override | immediate | internet | network | priority | routine }

Type: string

option

This will match IP option packets. Only supprted by MLX devices. supported values are - any, eol, extended-security, ignore, loose-source-route, no-op, record-route, router-alert, security, streamid, strict-source-route, timestamp Allowed value in decimal <0-255>.

Type: string

suppress_rpf_drop

This will permit packets that fail RPF check. Use true or false to enable or disable respectively. Only supported by MLX devices.

Type: boolean

priority

This will set priority. Allowed value is <0-7>. Only supprted by MLX devices.

Type: integer

priority_force

This will force packet outgoing priority. Allowed value is <0-7>. Only supported by MLX devices.

Type: integer

priority_mapping

This will map incoming packet priority. Allowed value is <0-7>. Only supported by MLX devices.

Type: integer

tos

This will match packets with given TOS value. Only supprted by MLX devices. Allowed values are { <0-15> | ‘max-reliability’ | ‘max-throughput’ | ‘min-delay’ | ‘normal’ }

Type: string

tcp_operator

This specify a comparison operator for the TCP port. This parameter applies only when you specify tcp as the protocol. Allowed values are [“established”, “syn”, “established syn”]. Only supprted by MLX devices.

Type: string

icmp_filter

This is the ICMP message type to be filtered. Only supprted by MLX devices.

Choose from:

  • administratively-prohibited
  • any-icmp-type
  • destination-host-prohibited
  • destination-host-unknown
  • destination-net-prohibited
  • destination-network-unknown
  • echo
  • echo-reply
  • general-parameter-problem
  • host-precedence-violation
  • host-redirect
  • host-tos-redirect
  • host-tos-unreachable
  • host-unreachable
  • information-reply
  • information-request
  • mask-reply
  • mask-request
  • net-redirect
  • net-tos-redirect
  • net-tos-unreachable
  • net-unreachable
  • packet-too-big
  • parameter-problem
  • port-unreachable
  • precedence-cutoff
  • protocol-unreachable
  • reassembly-timeout
  • redirect
  • router-advertisement
  • router-solicitation
  • source-host-isolated
  • source-quench
  • source-route-failed
  • time-exceeded
  • timestamp-reply
  • timestamp-request
  • ttl-exceeded
  • unreachable
drop_precedence

This matches the drop_precedence value of the packet. Allowed values are 0 through 2. Only supported by MLX devices - Allowed values are 0 through 3.

Type: string

acl_rules

This bulk operation is supported to create more than one ACL rule in one action execution. The parameters are passed to create multiple rules that will follow the constraints similar to a single rule creation. NOTE- If rules are specified in acl_rules, the rule specified outside of the array will be ignored and only the rules in the acl_array will be processed. NOTE- On MLX platform, maximum 64 rules can be configured using this parameter. User need to execute this action more than once to configure more than 64 rules.

Type: array

add_ipv6_rule_acl

Description: This adds an L3 IPv6 ACL rule to an existing ACL.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

acl_name

The name of the access control list. accepted-by:- [SLX, NOS, MLX]

Type: string

seq_id

The sequence number of the rule, if not specified, the rule is added at the end of the list. Valid range is 0 to 4294967290.

Type: integer

action

The action performed by the ACL rule.

Choose from:

  • permit
  • deny
  • hard-drop

Default: permit

protocol_type

The type of IP packets to be filtered based on the protocol. Valid values are 0 through 255 or key words tcp, udp, icmp or ip. MLX supported key words are - ahp, esp, icmp, ipv6, sctp, tcp, udp

Type: string

source

The source IP address filters { any | S_IPaddress mask | host S_IPaddress } [ source-operator [ S_port-numbers ] ]

Type: string

Default: any

destination

The destination IP address filters { any | S_IPaddress mask | host S_IPaddress } [ source-operator [ S_port-numbers ] ]

Type: string

dscp

This matches the specified value against the DSCP value of the packet. to filter. Can be either a numerical value or DSCP name. For SLX - DSCP value between 0 and 63. Format {<dscp>[,<dscp-force>]}. For NOS - DSCP value between 0 and 63. Format {<dscp>}. For MLX - Only numerical value in range of 0-63 is allowed.

Type: string

drop_precedence_force

This matches the drop_precedence value of the packet. Allowed values are 0 through 2. MLX- Allowed range is <0-3>. Supported by MLX, SLX 9850 and 9540 devices.

Type: string

urg

This enables the urg for the rule. Use “True” or “False” to enable or disable respectively. Supported by SLX and NOS devices.

Type: string

ack

This enables the ACK for the rule. Use “True” or “False” to enable or disable respectively. Supported by SLX and NOS devices.

Type: string

push

This enables the push for the rule. Use “True” or “False” to enable or disable respectively. Supported by SLX and NOS devices.

Type: string

fin

This enables the FIN for the rule. Use “True” or “False” to enable or disable respectively. Supported by SLX and NOS devices.

Type: string

rst

This enables the RST for the rule. Use “True” or “False” to enable or disable respectively. Supported by SLX and NOS devices.

Type: string

sync

This enables the SYNC for the rule. Use “True” or “False” to enable or disable respectively. Supported by SLX and NOS devices.

Type: string

vlan_id

The VLAN interface to which the ACL is bound.

Type: integer

count

This enables the statistics for the rule. Use “True” or “False” to enable or disable respectively. Supported by SLX and NOS devices.

Type: string

log

This enables the logging for the rule (Available for permit or deny only). Use “True” or “False” to enable or disable respectively.

Type: string

mirror

This enables the mirror for the rule. Use “True” or “False” to enable or disable respectively. Supported by MLX, SLX 9850 and 9540 devices.

Type: string

copy_sflow

This enables the copy-sflow for the rule. Use “True” or “False” to enable or disable respectively. Supported by MLX, SLX 9850 and 9540 devices.

Type: string

dscp_marking

The dscp-marking number used to mark the DSCP value in the incoming packet with the value you specify in the filter. Only supported by MLX devices. Allowed values are 0 through 63.

Type: string

fragment

The policy applied to fragmented packets that contain a non-zero fragment offset. Only supported by MLX devices.

Type: boolean

drop_precedence

This matches the drop_precedence value of the packet. Only supported by MLX devices. MLX- Allowed range is <0-3>.

Type: string

icmp_filter

This specify the ICMP type and ICMP code or ICMP message. Format is [ [ icmp-type <vlaue> ] [ icmp-code <value> ] ] | [ icmp-message <value> ] icmp-type and icmp-code values are between 0-255. Only supported by MLX devices. icmp-message value can be one of these beyond-scope, destination-unreachable, dscp, echo-reply, echo-request, flow-label, fragments, header, hop-limit, mld-query, mld-reduction, mld-report, nd-na, nd-ns, next-header, no-admin, no-route, packet-too-big, parameter-option, parameter-problem, port-unreachable, reassembly-timeout, renum-command, renum-result, renum-seq-number, router-advertisement, router-renumbering, router-solicitation, routing, sequence, time-exceeded, unreachable

Type: string

tcp_operator

This specify a comparison operator for the TCP port. This parameter applies only when you specify tcp as the protocol. Allowed values are [‘established’, ‘syn’, ‘established syn’]. Only supported by MLX devices.

Type: string

acl_rules

The bulk operation that is supported to create more than one ACL rule in one action execution. The parameters are passed to create multiple rules that will follow the constraints similar to a single rule creation. NOTE- If rules are specified in the acl_rules, the rule specified outside of the array will be ignored and only rules in the acl_array will be processed. NOTE- On MLX platform, maximum 64 rules can be configured using this parameter. User need to execute this action more than once to configure more than 64 rules.

Type: array

add_or_remove_l2_acl_rule

Description: This adds or removes an ACL rule to or from an L2 ACL.

Parameter Description
delete

This indicates an add or delete operation. If TRUE, this indicates a remove operation.

Type: boolean

mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

Default: admin

password

The login password to connect to the device.

Type: string

Default: password

acl_name

The name of the access control list.

Type: string

seq_id

The sequence numbers of rules to be deleted { seq id | all | comman and hyphen separated seq ids } Example:- { 10 | all | 1,2,3-10,20,35- } Note:- 1. Range operation is only supported for delete operation. 2. “-” separated values will look for seq_ids inthe range including the values and 35- is equal to starting from 35 delete all configured sequence ids, including 35.

Type: string

action

The action to apply on the traffic, either to drop (deny), allow (permit) or force drop (hard-drop).

Choose from:

  • deny
  • permit
  • hard-drop

Default: deny

source

The source filter, which can be ‘any’ or ‘host’, or the actual MAC in HHHH.HHHH.HHHH format MLX - Source filter, can be ‘any’ or the actual MAC in HHHH.HHHH.HHHH format.

Type: string

Default: any

srchost

The source MAC in HHHH.HHHH.HHHH format. The value is required only when the source is ‘host’. Only supported by SLX and NOS devices.

Type: string

src_mac_addr_mask

The mask for the source MAC in HHHH.HHHH.HHHH format.

Type: string

dst

The destination filter, this can be ‘any’ or ‘host’, or the actual MAC of the destination in HHHH.HHHH.HHHH format. MLX - Destination filter, can be ‘any’ or the actual MAC in HHHH.HHHH.HHHH format.

Type: string

Default: any

dsthost

The destination MAC in HHHH.HHHH.HHHH format. The value is required only when the dst is ‘host’.

Type: string

dst_mac_addr_mask

The mask for the destination MAC in HHHH.HHHH.HHHH format.

Type: string

vlan_tag_format

The action to apply on the traffic, either to drop (deny), allow (permit) or force drop (hard-drop). Only supported by SLX 9850 and 9540 devices.

Choose from:

  • untagged
  • single-tagged
  • double-tagged
vlan

The VLAN IDs - ‘any’ or 1-4096, Mask 0xHHH. Format{(<VlanID> [<Mask>]) | (<OuterVlan> [<Mask>] <InnerVlan> [<Mask>])}.

Type: string

ethertype

The EtherType, this can be ‘arp’, ‘fcoe’, ‘ipv4’ or custom value between 1536 and 65535. For MLX EtherType, can be ‘arp’, ‘fcoe’, ‘ipv4-l5’, ‘ipv6’ or custom value between integers 1536 and 65535.

Type: string

arp_guard

This enables the arp-guard for the rule. Only supported by MLXe and SLX 9850, 9540 devices.

Type: string

Default: False

pcp

The PCP value between 0 and 7. Format {<pcp>[,<pcp-force>]}. Only supported by SLX 9850 and 9540 devices.

Type: string

drop_precedence_force

This matches the specified value against the drop_precedence value of the packet to filter. Allowed values are 0 through 2. For MLX Platform supported range is 0 through 3. Only supported by MLX, SLX 9850 and 9540 devices.

Type: string

count

This enables the packet count.

Type: string

Default: False

log

This enables logging.

Type: string

Default: False

mirror

This enables the mirror for the rule. Only supported by MLXe and SLX 9850, 9540 devices.

Type: string

Default: False

copy_sflow

This enables the copy-sflow for the rule. Only supported by SLX 9850, 9540 devices.

Type: string

Default: False

drop_precedence

This matches the specified value against the drop_precedence value of the packet to filter. Allowed values are 0 through 2. For MLX Platform supported range is 0 through 3. Only supported by MLXe and SLX 9850, 9540 devices.

Type: string

priority

This matches the specified value against the priority value of the packet to filter. Allowed values are 0 through 7. Only supported by MLX devices.

Type: integer

priority_force

This matches the specified value against the priority_force value of the packet to filter. Allowed values are 0 through 7. Only supported by MLX devices.

Type: integer

priority_mapping

This matches the specified value against the priority_mapping value of the packet to filter. Allowed values are 0 through 7. Only supported by MLX devices.

Type: integer

acl_rules

This bulk operation is supported to create more than one ACL rule in one action execution. The parameters are passed to create multiple rules that will follow the constraints similar to a single rule creation. NOTE- if rules are specified in acl_rules, the rule specified outside of the array will be ignored and only the rules in the acl_array will be processed. NOTE- On MLX platform, maximum 64 rules can be configured using this parameter. User need to execute this action more than once to configure more than 64 rules.

Type: array

delete_ipv4_rule_acl

Description: This deletes the IPv4 ACL rule from an existing IPv4 ACL.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

acl_name

The name of the ACL (standard or extended) to delete the rule from.

Type: string

seq_id

The sequence numbers of rules to be deleted. { seq id | all | comman and hyphen separated seq ids } Example:- { 10 | all | 1,2,3-10,20,35- } Note:- “-” separated values will look for seq_ids inthe range including the values and 35- is equal to starting from 35 delete all configured sequence ids, including 35.

Type: string

delete_ipv6_rule_acl

Description: This deletes the IPv6 ACL rule from an existing IPv6 ACL.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

acl_name

The name of the ACL (standard or extended) to delete the rule from.

Type: string

seq_id

The sequence numbers of rules to be deleted. { seq id | all | comman and hyphen separated seq ids } Example:- { 10 | all | 1,2,3-10,20,35- } Note:- “-” separated values will look for seq_ids in range including the values and 35- is equal to starting from 35 delete all configured sequence ids, including 35.

Type: string

apply_acl

Description: This apply an ACL to a physical port, port channel, VE or management interface.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

intf_type

The interface type, can be a physical port, port channel, VE or management interface.

Choose from:

  • gigabitethernet
  • tengigabitethernet
  • fortygigabitethernet
  • hundredgigabitethernet
  • port_channel
  • ve
  • loopback
  • ethernet
  • management
  • vlan

Default: tengigabitethernet

intf_name

The interface names, can be comma separated physical ports, port channel numbers or VEs. Examples are 224/0/1, 224/0/2 or 4, 5, 6 or 80, 81.

Type: array

rbridge_id

The RBridge ID of the VDX switch under which the VE will be configured, only needed for VDX device. Applicable to NOS devices only.

Type: string

acl_name

The name of the access control list.

Type: string

acl_direction

The direction of ACL binding on the specified interface.

Choose from:

  • in
  • out

Default: in

traffic_type

The traffic type for the ACL being applied. Applicable to SLX and NOS devices.

Choose from:

  • switched
  • routed

remove_acl

Description: This removes an ACL from physical port, port channel, VE or mgmt interface.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

intf_type

The interface type.

Choose from:

  • gigabitethernet
  • tengigabitethernet
  • fortygigabitethernet
  • hundredgigabitethernet
  • port_channel
  • ve
  • loopback
  • ethernet
  • management
  • vlan

Default: tengigabitethernet

intf_name

The interface names, can be comma separated physical ports, port channel numbers or VEs. Examples are 224/0/1, 224/0/2 or 7, 8, 9.

Type: array

rbridge_id

The RBridge ID of the VDX switch under which VE will be configured, only needed for VDX device. Only applicable to NOS devices.

Type: string

acl_name

The ACL name.

Type: string

acl_direction

The ACL direction.

Choose from:

  • in
  • out

Default: in

Validation and Troubleshooting

find_host_ip

Description: This finds which switch port a host is connected to using host IP address.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

ip_address

The IPv4 or IPv6 address of the VM or physical host to be found.

Type: string

Sample Output:

[
  {
    "interface-name": null,
    "is-resolved": "true",
    "age": "02:02:12",
    "interface-type": "unknown",
    "ip-address": "80.0.110.11",
    "entry-type": "dynamic",
    "mac-address": "0000.07ab.839a"
  }
]

find_mac

Description: This finds which switch port a host is connected to using host MAC address.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

macs

A single MAC or comma separated list of MACs to be found.

Type: array

Sample Output:

[
  {
    "vlanid": "5308",
    "mac-state": "active",
    "mac-address": "22:00:00:11:11:19",
    "mac-type": "dynamic",
    "forwarding-interface": {
    "interface-type": "tengigabitethernet",
    "interface-name": "21/0/1"
    }
  },
  {
    "vlanid": "2",
    "mac-state": "active",
    "mac-address": "00:d0:b0:11:01:01",
    "mac-type": "dynamic",
    "forwarding-interface": {
    "interface-type": "tengigabitethernet",
    "interface-name": "21/0/1"
    }
  }
]

ping_vrf_targets

Description: The PING target IPs from the switch using the specified VRF, uses the default VRF if VRF is not provided.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

targets

One or more comma separated target IP addresses.

Type: array

vrf

The VRF name.

Type: string

Default: default-vrf

timeout_value

The timeout parameter for the PING command. This specifies the time (in seconds for SLX/NOS and in msec for NI) to wait for a response. For SLX/NOS range is 1 to 60 (default value is 1). For NI minimun range is 50 msecs.

Type: integer

count

The count parameter for the PING command. This specifies the number of transmissions (PINGs).

Type: integer

Default: 4

size

The datagram size. For SLX and NOS the range is 36 to 9100 (default value is 56). For NI the range is 0 to 31954 (default value is 16)

Type: integer

validate_L2_port_channel_state

Description: This validates the port channel state by verifying the sync state of all member. ports is 1.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

port_channel_id

Port channel interface number.For VDX range is <NUMBER:1-6144>. For MLX range is <1-256>, CER/CES range is <1-64>, Avalanche range is <1-64>, Fusion range is <1-512> Cedar/Freedom range is <1-1024>

Type: integer

Sample Output:

{
  "member-ports": [
    "tengigabitethernet 37/0/12",
    "tengigabitethernet 37/0/13",
    "tengigabitethernet 37/0/14",
    "tengigabitethernet 38/0/11",
    "tengigabitethernet 38/0/12",
    "tengigabitethernet 38/0/13"
  ],
  "state": "in_sync"
}

{
  "member-ports": [
    "tengigabitethernet 37/0/11",
    "tengigabitethernet 38/0/14"
  ],
  "state": "out_of_sync"
}

validate_interface_state

Description: This validates L1 and L2 state for port channel, physical, ve, loopback interface. is UP.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

intf_type

The interface type.

Choose from:

  • gigabitethernet
  • tengigabitethernet
  • fortygigabitethernet
  • hundredgigabitethernet
  • port_channel
  • ethernet
  • ve
  • loopback

Default: tengigabitethernet

intf_name

The interface name physical port, port channel number, ve, loopback. Examples are 224/0/1 or 7

Type: string

intf_state

The interface state (up or down).

Choose from:

  • up
  • down
rbridge_id

A single or a list of RBridge IDs separated by comma, for example, 1 or 1,2, 4. This parameter is only applicable for VDX switches.

Type: array

Sample Output:

{
  "state": "down",
  "intf": true
}
{
  "state": "up",
  "intf": true
}
{
  "state": false,
  "intf": true
}

validate_interface_vlan

Description: This validates the port channel or physical interface belonging to the specified VLAN.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

vlan_id

A single VLAN or range of VLANs, for example 2 or 3-9.

Type: string

intf_type

The interface type.

Choose from:

  • gigabitethernet
  • tengigabitethernet
  • fortygigabitethernet
  • hundredgigabitethernet
  • port_channel
  • ethernet
intf_name

Interface name, for VDX in 3-tuple format (24/0/1), SLX/NI in 2-tuple format (24/1) or Port-channel number <1-6144>, for NI <1-256>.

Type: string

intf_mode

The interface mode.

Choose from:

  • trunk
  • access

Default: access

{
  "vlan": true
}
{
  "vlan": false
}

validate_vrrpe_state

Description: This validates VRRPe state on multiple switches to ensure one VRRPe master. is elected and other switches are in backup mode.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: array

username

The login user name to connect to the device.

Type: array

password

The login password to connect to the device.

Type: array

intf_type

The interface type, VDX/SLX supports only ve and MLX supports both ve and ethernet.

Choose from:

  • ethernet
  • ve

Default: ve

intf_name

The name of the interface, for ethernet slot/port, for ve, ve-id like 10,20.

Type: string

vrrpe_group

The virtual extender group ID. <NUMBER:1-255>

Type: string

afi

The VRRPE type.

Choose from:

  • ipv4
  • ipv6

Default: ipv4

Utility Actions

execute_cli

Description: Executes CLI command and returns the result. The device type should be appropriate to get reliable output.

Parameter Description
mgmt_ip

The IP address of the device.

Type: string

username

The login username.

Type: string

password

The login password.

Type: string

cli_cmd

The CLI commands to execute on the device.

Type: array

config_operation

The flag to indicate whether commands are for configuration or for show.

Type: boolean

device_type

Specifies the connecting device type.

Choose from:

  • nos
  • slx
  • ni

Default: nos

enable_passwd

The privilege exec mode password. Applicable only to MLX device.

Type: string

get_os_version

Description: This will get the Operating System (OS) version of the network device.

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

get_switch_details

Description: This gets the switch details from a device. accepted-by:- [NOS]

Parameter Description
mgmt_ip

The management IP address of the target device.

Type: string

username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

VCS Specific Actions

configure_mgmt_virtual_ip

Description: This configures management virtual IP on the principal switch of a VCS cluster.

Parameter Description
username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

mgmt_ip

The management IP of the principal RBridge.

Type: string

mgmt_vip

The virtual management IP and mask of the VCS Fabric, for example, for IPv4 - 10.1.1.1/22, and for IPv6 - 2620:100:0:fa48:34::50/64.

Type: string

find_my_host_vcs

Description: This finds the switch port in a VCS fabric to which a virtual or physical host. is connected using host IP.

Parameter Description
username

The login user name to connect to the device.

Type: string

password

The login password to connect to the device.

Type: string

mgmt_ip

The virtual management IP address of the VCS fabric.

Type: string

ip_address

The host IP address.

Type: string

Known Issues

This section includes the known issues in Network Essentials Automation Suite 1.0.0 release. Common issues are listed in the beginning of the section and the issues specific to a particular network device platform are organized under the corresponding platform sub-section.

SLX:

400 - Time taken for IPV6 ACL is higher due to bulking not supported on IPv6 SLX

NI:

333 - add_or_remove_l2_acl_rule : In negative scenarios the error string is missing last few characters 323 - create_ve action does not configure IPv4/v6 addresses for dual stack scenarios