dellemc.enterprise_sonic.sonic_dhcp_snooping module – Manage DHCP Snooping on SONiC

Note

This module is part of the dellemc.enterprise_sonic collection (version 2.5.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install dellemc.enterprise_sonic.

To use it in a playbook, specify: dellemc.enterprise_sonic.sonic_dhcp_snooping.

New in dellemc.enterprise_sonic 2.3.0

Synopsis

  • This module provides configuration management of DHCP snooping for devices running SONiC.

Parameters

Parameter

Comments

config

dictionary

The DHCP snooping configuration.

afis

list / elements=dictionary

List of address families to configure.

There can be up to two items in this list: one where afi=ipv4 and one where afi=ipv6 to configure DHCPv4 and DHCPv6, respectively.

afi

string / required

The address family to configure.

Choices:

  • "ipv4"

  • "ipv6"

enabled

boolean

Enable DHCP snooping for afi.

Choices:

  • false

  • true

source_bindings

list / elements=dictionary

Create a static entry in the DHCP snooping binding database for afi.

When state=deleted, passing an empty list will delete all source bindings.

intf_name

string

The binding’s interface name.

Can be an Ethernet or a PortChannel interface.

ip_addr

string

The bindings’s IP address.

mac_addr

string / required

The binding’s MAC address.

vlan_id

integer

The binding’s VLAN ID.

trusted

list / elements=dictionary

Mark interfaces as trusted for DHCP snooping for afi.

When state=deleted, passing an empty list will delete all trusted interfaces.

intf_name

string / required

The interface name.

verify_mac

boolean

Enable DHCP snooping MAC verification for afi.

Choices:

  • false

  • true

vlans

list / elements=string

Enable DHCP snooping on a list of VLANs for afi.

When state=deleted, passing an empty list will disable DHCP snooping in all VLANs

state

string

The state of the configuration after module completion.

Choices:

  • "merged" ← (default)

  • "deleted"

  • "overridden"

  • "replaced"

Notes

Note

  • Tested against Enterprise SONiC Distribution by Dell Technologies.

  • Supports check_mode.

Examples

# Using merged
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Disabled
# DHCP snooping source MAC verification is Disabled
# DHCP snooping is enabled on the following VLANs:
# DHCP snooping trusted interfaces:
# !

- name: Configure DHCPv4 snooping global settings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          enabled: true
          verify_mac: true
          vlans: ['1', '2', '3', '5']
          trusted:
            - intf_name: 'Ethernet8'
    state: merged

# After State:
# ------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2 3 5
# DHCP snooping trusted interfaces: Ethernet8
# !


# Using merged
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Disabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces:
# !

- name: Configure DHCPv6 snooping global settings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv6'
          enabled: true
          vlans:
            - '4'
          trusted:
            - intf_name: 'Ethernet2'
            - intf_name: PortChannel1
    state: merged

# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1
# !


# Using merged
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 0
# Total number of Tentative bindings: 0
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# !

- name: Add DHCPv4 snooping bindings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          source_bindings:
            - mac_addr: '00:b0:d0:63:c2:26'
              ip_addr: '192.0.2.146'
              intf_name: 'Ethernet4'
              vlan_id: '1'
            - mac_addr: 'aa:f7:67:fc:f4:9a'
              ip_addr: '156.33.90.167'
              intf_name: 'PortChannel1'
              vlan_id: '2'
    state: merged

# After State:
# ------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      1      Ethernet4    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !


# Using deleted
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2 3 5
# DHCP snooping trusted interfaces: Ethernet8
# !

- name: Disable DHCPv4 snooping on some VLANs
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          vlans:
            - '3'
            - '5'
    state: deleted

# After State:
# ------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2
# DHCP snooping trusted interfaces:
# !


# Using deleted
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !

- name: Disable DHCPv6 snooping on all VLANs
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv6'
          vlans: []
    state: deleted

# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !


# Using deleted
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !

- name: Delete all DHCPv6 configuration
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv6'
    state: deleted

# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Disabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces:
# !


# Using deleted
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      1      Ethernet4    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !

- name: Delete a DHCPv4 snooping binding
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          source_bindings:
            - mac_addr: '00:b0:d0:63:c2:26'
              ip_addr: '192.0.2.146'
              intf_name: 'Ethernet4'
              vlan_id: '1'
    state: deleted

# After State:
# ------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !


# Using overridden
#
# Before State:
# -------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      1      Ethernet4    static   NA
# 28:21:28:15:c1:1b  141.202.222.118  1      Ethernet2    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !

- name: Override DHCPv4 snooping bindings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          source_bindings:
            - mac_addr: '00:b0:d0:63:c2:26'
              ip_addr: '192.0.2.146'
              intf_name: 'Ethernet4'
              vlan_id: '3'
    state: overridden

# After State:
# ------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      3      Ethernet4    static   NA
# !


# Using replaced
#
# Before State:
# -------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      1      Ethernet4    static   NA
# 28:21:28:15:c1:1b  141.202.222.118  1      Ethernet2    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !

- name: Replace DHCPv4 snooping bindings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          source_bindings:
            - mac_addr: '00:b0:d0:63:c2:26'
              ip_addr: '192.0.2.146'
              intf_name: 'Ethernet4'
              vlan_id: '3'
    state: replaced

# After State:
# ------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      3      Ethernet4    static   NA
# 28:21:28:15:c1:1b  141.202.222.118  1      Ethernet2    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

after

dictionary

The resulting configuration module invocation.

Returned: when changed

Sample: "The configuration returned will always be in the same format as the parameters above.\n"

after(generated)

list / elements=string

The generated configuration module invocation.

Returned: when check_mode

Sample: ["The configuration returned will always be in the same format as the parameters above.\n"]

before

dictionary

The configuration prior to the module invocation.

Returned: always

Sample: "The configuration returned will always be in the same format as the parameters above.\n"

commands

list / elements=string

The set of commands pushed to the remote device.

Returned: always

Sample: ["command 1", "command 2", "command 3"]

Authors

  • Simon Nathans (@simon-nathans), Xiao Han (@Xiao_Han2)