dellemc.enterprise_sonic.sonic_dhcp_snooping 模块 – 在 SONiC 上管理 DHCP Snooping

注意

此模块是 dellemc.enterprise_sonic 集合 (版本 2.5.1) 的一部分。

如果您使用的是 ansible 包,则可能已安装此集合。它不包含在 ansible-core 中。要检查它是否已安装,请运行 ansible-galaxy collection list

要安装它,请使用: ansible-galaxy collection install dellemc.enterprise_sonic

要在剧本中使用它,请指定: dellemc.enterprise_sonic.sonic_dhcp_snooping

dellemc.enterprise_sonic 2.3.0 中的新增功能

概要

  • 此模块提供运行 SONiC 的设备的 DHCP snooping 配置管理。

参数

参数

注释

config

字典

DHCP snooping 配置。

afis

列表 / 元素=字典

要配置的地址族列表。

此列表中最多可以有两个项目:一个 _afi=ipv4_ 和一个 _afi=ipv6_,分别配置 DHCPv4 和 DHCPv6。

afi

字符串 / 必需

要配置的地址族。

选项

  • "ipv4"

  • "ipv6"

enabled

布尔值

为 _afi_ 启用 DHCP snooping。

选项

  • false

  • true

source_bindings

列表 / 元素=字典

为 _afi_ 在 DHCP snooping 绑定数据库中创建静态条目。

当 _state=deleted_ 时,传递空列表将删除所有源绑定。

intf_name

字符串

绑定的接口名称。

可以是以太网或端口通道接口。

ip_addr

字符串

绑定的 IP 地址。

mac_addr

字符串 / 必需

绑定的 MAC 地址。

vlan_id

整数

绑定的 VLAN ID。

trusted

列表 / 元素=字典

将接口标记为 _afi_ 的 DHCP snooping 受信任接口。

当 _state=deleted_ 时,传递空列表将删除所有受信任接口。

intf_name

字符串 / 必需

接口名称。

verify_mac

布尔值

为 _afi_ 启用 DHCP snooping MAC 验证。

选项

  • false

  • true

vlans

列表 / 元素=字符串

为 _afi_ 在 VLAN 列表上启用 DHCP snooping。

当 _state=deleted_ 时,传递空列表将禁用所有 VLAN 中的 DHCP snooping。

state

字符串

模块完成后的配置状态。

选项

  • "merged" ← (默认)

  • "deleted"

  • "overridden"

  • "replaced"

备注

注意

  • 针对戴尔科技提供的企业 SONiC 发行版进行了测试。

  • 支持 check_mode

示例

# Using merged
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Disabled
# DHCP snooping source MAC verification is Disabled
# DHCP snooping is enabled on the following VLANs:
# DHCP snooping trusted interfaces:
# !

- name: Configure DHCPv4 snooping global settings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          enabled: true
          verify_mac: true
          vlans: ['1', '2', '3', '5']
          trusted:
            - intf_name: 'Ethernet8'
    state: merged

# After State:
# ------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2 3 5
# DHCP snooping trusted interfaces: Ethernet8
# !


# Using merged
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Disabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces:
# !

- name: Configure DHCPv6 snooping global settings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv6'
          enabled: true
          vlans:
            - '4'
          trusted:
            - intf_name: 'Ethernet2'
            - intf_name: PortChannel1
    state: merged

# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1
# !


# Using merged
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 0
# Total number of Tentative bindings: 0
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# !

- name: Add DHCPv4 snooping bindings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          source_bindings:
            - mac_addr: '00:b0:d0:63:c2:26'
              ip_addr: '192.0.2.146'
              intf_name: 'Ethernet4'
              vlan_id: '1'
            - mac_addr: 'aa:f7:67:fc:f4:9a'
              ip_addr: '156.33.90.167'
              intf_name: 'PortChannel1'
              vlan_id: '2'
    state: merged

# After State:
# ------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      1      Ethernet4    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !


# Using deleted
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2 3 5
# DHCP snooping trusted interfaces: Ethernet8
# !

- name: Disable DHCPv4 snooping on some VLANs
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          vlans:
            - '3'
            - '5'
    state: deleted

# After State:
# ------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2
# DHCP snooping trusted interfaces:
# !


# Using deleted
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !

- name: Disable DHCPv6 snooping on all VLANs
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv6'
          vlans: []
    state: deleted

# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !


# Using deleted
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !

- name: Delete all DHCPv6 configuration
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv6'
    state: deleted

# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Disabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces:
# !


# Using deleted
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      1      Ethernet4    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !

- name: Delete a DHCPv4 snooping binding
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          source_bindings:
            - mac_addr: '00:b0:d0:63:c2:26'
              ip_addr: '192.0.2.146'
              intf_name: 'Ethernet4'
              vlan_id: '1'
    state: deleted

# After State:
# ------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !


# Using overridden
#
# Before State:
# -------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      1      Ethernet4    static   NA
# 28:21:28:15:c1:1b  141.202.222.118  1      Ethernet2    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !

- name: Override DHCPv4 snooping bindings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          source_bindings:
            - mac_addr: '00:b0:d0:63:c2:26'
              ip_addr: '192.0.2.146'
              intf_name: 'Ethernet4'
              vlan_id: '3'
    state: overridden

# After State:
# ------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      3      Ethernet4    static   NA
# !


# Using replaced
#
# Before State:
# -------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      1      Ethernet4    static   NA
# 28:21:28:15:c1:1b  141.202.222.118  1      Ethernet2    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !

- name: Replace DHCPv4 snooping bindings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          source_bindings:
            - mac_addr: '00:b0:d0:63:c2:26'
              ip_addr: '192.0.2.146'
              intf_name: 'Ethernet4'
              vlan_id: '3'
    state: replaced

# After State:
# ------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      3      Ethernet4    static   NA
# 28:21:28:15:c1:1b  141.202.222.118  1      Ethernet2    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !

返回值

常见的返回值在此处有说明 这里,以下是此模块特有的字段

描述

after

字典

模块调用后的最终配置。

返回:发生更改时

示例: "The configuration returned will always be in the same format as the parameters above.\n"

after(generated)

列表 / 元素=字符串

生成的模块调用配置。

返回:check_mode

示例: ["The configuration returned will always be in the same format as the parameters above.\n"]

before

字典

模块调用之前的配置。

返回:始终返回

示例: "The configuration returned will always be in the same format as the parameters above.\n"

commands

列表 / 元素=字符串

推送到远程设备的命令集。

返回:始终返回

示例: ["command 1", "command 2", "command 3"]

作者

  • Simon Nathans (@simon-nathans), 韩肖 (@Xiao_Han2)