dellemc.enterprise_sonic.sonic_dhcp_snooping 模块 – 管理 SONiC 上的 DHCP 窥探

注意

此模块是 dellemc.enterprise_sonic 集合(版本 2.5.1)的一部分。

如果您正在使用 ansible 包,您可能已经安装了此集合。 它不包含在 ansible-core 中。 要检查是否已安装,请运行 ansible-galaxy collection list

要安装它,请使用:ansible-galaxy collection install dellemc.enterprise_sonic

要在 playbook 中使用它,请指定:dellemc.enterprise_sonic.sonic_dhcp_snooping

dellemc.enterprise_sonic 2.3.0 中的新增功能

概要

  • 此模块为运行 SONiC 的设备提供 DHCP 窥探的配置管理。

参数

参数

注释

config

字典

DHCP 窥探配置。

afis

列表 / 元素=字典

要配置的地址族列表。

此列表中最多可以有两个项目:一个 afi=ipv4,一个 afi=ipv6,分别用于配置 DHCPv4 和 DHCPv6。

afi

字符串 / 必需

要配置的地址族。

选项

  • "ipv4"

  • "ipv6"

enabled

布尔值

afi 启用 DHCP 窥探。

选项

  • false

  • true

source_bindings

列表 / 元素=字典

afi 的 DHCP 窥探绑定数据库中创建一个静态条目。

state=deleted 时,传递一个空列表将删除所有源绑定。

intf_name

字符串

绑定的接口名称。

可以是以太网或端口通道接口。

ip_addr

字符串

绑定的 IP 地址。

mac_addr

字符串 / 必需

绑定的 MAC 地址。

vlan_id

整数

绑定的 VLAN ID。

trusted

列表 / 元素=字典

将接口标记为 afi 的 DHCP 窥探的受信任接口。

state=deleted 时,传递一个空列表将删除所有受信任接口。

intf_name

字符串 / 必需

接口名称。

verify_mac

布尔值

afi 启用 DHCP 窥探 MAC 验证。

选项

  • false

  • true

vlans

列表 / 元素=字符串

afi 的 VLAN 列表中启用 DHCP 窥探。

state=deleted 时,传递一个空列表将禁用所有 VLAN 中的 DHCP 窥探

state

字符串

模块完成后的配置状态。

选项

  • "merged" ←(默认)

  • "deleted"

  • "overridden"

  • "replaced"

备注

注意

  • 已针对戴尔科技公司的 Enterprise SONiC 发行版进行测试。

  • 支持 check_mode

示例

# Using merged
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Disabled
# DHCP snooping source MAC verification is Disabled
# DHCP snooping is enabled on the following VLANs:
# DHCP snooping trusted interfaces:
# !

- name: Configure DHCPv4 snooping global settings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          enabled: true
          verify_mac: true
          vlans: ['1', '2', '3', '5']
          trusted:
            - intf_name: 'Ethernet8'
    state: merged

# After State:
# ------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2 3 5
# DHCP snooping trusted interfaces: Ethernet8
# !


# Using merged
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Disabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces:
# !

- name: Configure DHCPv6 snooping global settings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv6'
          enabled: true
          vlans:
            - '4'
          trusted:
            - intf_name: 'Ethernet2'
            - intf_name: PortChannel1
    state: merged

# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1
# !


# Using merged
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 0
# Total number of Tentative bindings: 0
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# !

- name: Add DHCPv4 snooping bindings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          source_bindings:
            - mac_addr: '00:b0:d0:63:c2:26'
              ip_addr: '192.0.2.146'
              intf_name: 'Ethernet4'
              vlan_id: '1'
            - mac_addr: 'aa:f7:67:fc:f4:9a'
              ip_addr: '156.33.90.167'
              intf_name: 'PortChannel1'
              vlan_id: '2'
    state: merged

# After State:
# ------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      1      Ethernet4    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !


# Using deleted
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2 3 5
# DHCP snooping trusted interfaces: Ethernet8
# !

- name: Disable DHCPv4 snooping on some VLANs
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          vlans:
            - '3'
            - '5'
    state: deleted

# After State:
# ------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2
# DHCP snooping trusted interfaces:
# !


# Using deleted
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !

- name: Disable DHCPv6 snooping on all VLANs
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv6'
          vlans: []
    state: deleted

# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !


# Using deleted
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !

- name: Delete all DHCPv6 configuration
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv6'
    state: deleted

# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Disabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces:
# !


# Using deleted
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      1      Ethernet4    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !

- name: Delete a DHCPv4 snooping binding
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          source_bindings:
            - mac_addr: '00:b0:d0:63:c2:26'
              ip_addr: '192.0.2.146'
              intf_name: 'Ethernet4'
              vlan_id: '1'
    state: deleted

# After State:
# ------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !


# Using overridden
#
# Before State:
# -------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      1      Ethernet4    static   NA
# 28:21:28:15:c1:1b  141.202.222.118  1      Ethernet2    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !

- name: Override DHCPv4 snooping bindings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          source_bindings:
            - mac_addr: '00:b0:d0:63:c2:26'
              ip_addr: '192.0.2.146'
              intf_name: 'Ethernet4'
              vlan_id: '3'
    state: overridden

# After State:
# ------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      3      Ethernet4    static   NA
# !


# Using replaced
#
# Before State:
# -------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      1      Ethernet4    static   NA
# 28:21:28:15:c1:1b  141.202.222.118  1      Ethernet2    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !

- name: Replace DHCPv4 snooping bindings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          source_bindings:
            - mac_addr: '00:b0:d0:63:c2:26'
              ip_addr: '192.0.2.146'
              intf_name: 'Ethernet4'
              vlan_id: '3'
    state: replaced

# After State:
# ------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      3      Ethernet4    static   NA
# 28:21:28:15:c1:1b  141.202.222.118  1      Ethernet2    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !

返回值

常见返回值记录在 此处,以下是此模块独有的字段

描述

after

字典

生成的配置模块调用。

返回: 当更改时

示例: "返回的配置将始终与上面的参数格式相同。\n"

after(generated)

列表 / 元素=字符串

生成的配置模块调用。

返回:check_mode

示例: ["返回的配置将始终与上面的参数格式相同。\n"]

before

字典

模块调用之前的配置。

返回: 始终

示例: "返回的配置将始终与上面的参数格式相同。\n"

commands

列表 / 元素=字符串

推送到远程设备的命令集。

返回: 始终

示例: ["命令 1", "命令 2", "命令 3"]

作者

  • Simon Nathans (@simon-nathans), Xiao Han (@Xiao_Han2)