dellemc.enterprise_sonic.sonic_dhcp_snooping module – Manage DHCP Snooping on SONiC

Note

This module is part of the dellemc.enterprise_sonic collection (version 2.5.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install dellemc.enterprise_sonic.

To use it in a playbook, specify: dellemc.enterprise_sonic.sonic_dhcp_snooping.

New in dellemc.enterprise_sonic 2.3.0

Synopsis 

This module provides configuration management of DHCP snooping for devices running SONiC.

Parameters 

Parameter	Comments
config dictionary	The DHCP snooping configuration.
afis list / elements=dictionary	List of address families to configure. There can be up to two items in this list: one where afi=ipv4 and one where afi=ipv6 to configure DHCPv4 and DHCPv6, respectively.
afi string / required	The address family to configure. Choices: `"ipv4"` `"ipv6"`
enabled boolean	Enable DHCP snooping for afi. Choices: `false` `true`
source_bindings list / elements=dictionary	Create a static entry in the DHCP snooping binding database for afi. When state=deleted, passing an empty list will delete all source bindings.
intf_name string	The binding’s interface name. Can be an Ethernet or a PortChannel interface.
ip_addr string	The bindings’s IP address.
mac_addr string / required	The binding’s MAC address.
vlan_id integer	The binding’s VLAN ID.
trusted list / elements=dictionary	Mark interfaces as trusted for DHCP snooping for afi. When state=deleted, passing an empty list will delete all trusted interfaces.
intf_name string / required	The interface name.
verify_mac boolean	Enable DHCP snooping MAC verification for afi. Choices: `false` `true`
vlans list / elements=string	Enable DHCP snooping on a list of VLANs for afi. When state=deleted, passing an empty list will disable DHCP snooping in all VLANs
state string	The state of the configuration after module completion. Choices: `"merged"` ← (default) `"deleted"` `"overridden"` `"replaced"`

Notes 

Note

Tested against Enterprise SONiC Distribution by Dell Technologies.
Supports check_mode.

Examples 

# Using merged
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Disabled
# DHCP snooping source MAC verification is Disabled
# DHCP snooping is enabled on the following VLANs:
# DHCP snooping trusted interfaces:
# !

- name: Configure DHCPv4 snooping global settings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          enabled: true
          verify_mac: true
          vlans: ['1', '2', '3', '5']
          trusted:
            - intf_name: 'Ethernet8'
    state: merged

# After State:
# ------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2 3 5
# DHCP snooping trusted interfaces: Ethernet8
# !


# Using merged
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Disabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces:
# !

- name: Configure DHCPv6 snooping global settings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv6'
          enabled: true
          vlans:
            - '4'
          trusted:
            - intf_name: 'Ethernet2'
            - intf_name: PortChannel1
    state: merged

# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1
# !


# Using merged
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 0
# Total number of Tentative bindings: 0
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# !

- name: Add DHCPv4 snooping bindings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          source_bindings:
            - mac_addr: '00:b0:d0:63:c2:26'
              ip_addr: '192.0.2.146'
              intf_name: 'Ethernet4'
              vlan_id: '1'
            - mac_addr: 'aa:f7:67:fc:f4:9a'
              ip_addr: '156.33.90.167'
              intf_name: 'PortChannel1'
              vlan_id: '2'
    state: merged

# After State:
# ------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      1      Ethernet4    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !


# Using deleted
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2 3 5
# DHCP snooping trusted interfaces: Ethernet8
# !

- name: Disable DHCPv4 snooping on some VLANs
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          vlans:
            - '3'
            - '5'
    state: deleted

# After State:
# ------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2
# DHCP snooping trusted interfaces:
# !


# Using deleted
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !

- name: Disable DHCPv6 snooping on all VLANs
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv6'
          vlans: []
    state: deleted

# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !


# Using deleted
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !

- name: Delete all DHCPv6 configuration
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv6'
    state: deleted

# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Disabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces:
# !


# Using deleted
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      1      Ethernet4    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !

- name: Delete a DHCPv4 snooping binding
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          source_bindings:
            - mac_addr: '00:b0:d0:63:c2:26'
              ip_addr: '192.0.2.146'
              intf_name: 'Ethernet4'
              vlan_id: '1'
    state: deleted

# After State:
# ------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !


# Using overridden
#
# Before State:
# -------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      1      Ethernet4    static   NA
# 28:21:28:15:c1:1b  141.202.222.118  1      Ethernet2    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !

- name: Override DHCPv4 snooping bindings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          source_bindings:
            - mac_addr: '00:b0:d0:63:c2:26'
              ip_addr: '192.0.2.146'
              intf_name: 'Ethernet4'
              vlan_id: '3'
    state: overridden

# After State:
# ------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      3      Ethernet4    static   NA
# !


# Using replaced
#
# Before State:
# -------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      1      Ethernet4    static   NA
# 28:21:28:15:c1:1b  141.202.222.118  1      Ethernet2    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !

- name: Replace DHCPv4 snooping bindings
  dellemc.enterprise_sonic.sonic_dhcp_snooping:
    config:
      afis:
        - afi: 'ipv4'
          source_bindings:
            - mac_addr: '00:b0:d0:63:c2:26'
              ip_addr: '192.0.2.146'
              intf_name: 'Ethernet4'
              vlan_id: '3'
    state: replaced

# After State:
# ------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address        IP Address       VLAN   Interface    Type     Lease (Secs)
# -----------------  ---------------  ----   -----------  -------  -----------
# 00:b0:d0:63:c2:26  192.0.2.146      3      Ethernet4    static   NA
# 28:21:28:15:c1:1b  141.202.222.118  1      Ethernet2    static   NA
# aa:f7:67:fc:f4:9a  156.33.90.167    2      PortChannel1  static   NA
# !

Return Values 

Common return values are documented here, the following are the fields unique to this module:

Key	Description
after dictionary	The resulting configuration module invocation. Returned: when changed Sample: `"The configuration returned will always be in the same format as the parameters above.\n"`
after(generated) list / elements=string	The generated configuration module invocation. Returned: when `check_mode` Sample: `["The configuration returned will always be in the same format as the parameters above.\n"]`
before dictionary	The configuration prior to the module invocation. Returned: always Sample: `"The configuration returned will always be in the same format as the parameters above.\n"`
commands list / elements=string	The set of commands pushed to the remote device. Returned: always Sample: `["command 1", "command 2", "command 3"]`

Authors

Simon Nathans (@simon-nathans), Xiao Han (@Xiao_Han2)

dellemc.enterprise_sonic.sonic_dhcp_snooping module – Manage DHCP Snooping on SONiC

Synopsis

Parameters

Notes

Examples

Return Values