dellemc.enterprise_sonic.sonic_dhcp_snooping module – Manage DHCP Snooping on SONiC
Note
This module is part of the dellemc.enterprise_sonic collection (version 3.0.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install dellemc.enterprise_sonic
.
To use it in a playbook, specify: dellemc.enterprise_sonic.sonic_dhcp_snooping
.
New in dellemc.enterprise_sonic 2.3.0
Synopsis
This module provides configuration management of DHCP snooping for devices running SONiC.
Parameters
Parameter |
Comments |
---|---|
The DHCP snooping configuration. |
|
List of address families to configure. There can be up to two items in this list: one where afi=ipv4 and one where afi=ipv6 to configure DHCPv4 and DHCPv6, respectively. |
|
The address family to configure. Choices:
|
|
Enable DHCP snooping for afi. Choices:
|
|
Create a static entry in the DHCP snooping binding database for afi. When state=deleted, passing an empty list will delete all source bindings. |
|
The binding’s interface name. Can be an Ethernet or a PortChannel interface. |
|
The bindings’s IP address. |
|
The binding’s MAC address. |
|
The binding’s VLAN ID. |
|
Mark interfaces as trusted for DHCP snooping for afi. When state=deleted, passing an empty list will delete all trusted interfaces. |
|
The interface name. |
|
Enable DHCP snooping MAC verification for afi. Choices:
|
|
Enable DHCP snooping on a list of VLANs for afi. When state=deleted, passing an empty list will disable DHCP snooping in all VLANs |
|
The state of the configuration after module completion. Choices:
|
Notes
Note
Tested against Enterprise SONiC Distribution by Dell Technologies.
Supports
check_mode
.
Examples
# Using merged
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Disabled
# DHCP snooping source MAC verification is Disabled
# DHCP snooping is enabled on the following VLANs:
# DHCP snooping trusted interfaces:
# !
- name: Configure DHCPv4 snooping global settings
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv4'
enabled: true
verify_mac: true
vlans: ['1', '2', '3', '5']
trusted:
- intf_name: 'Ethernet8'
state: merged
# After State:
# ------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2 3 5
# DHCP snooping trusted interfaces: Ethernet8
# !
# Using merged
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Disabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces:
# !
- name: Configure DHCPv6 snooping global settings
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv6'
enabled: true
vlans:
- '4'
trusted:
- intf_name: 'Ethernet2'
- intf_name: PortChannel1
state: merged
# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1
# !
# Using merged
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 0
# Total number of Tentative bindings: 0
# MAC Address IP Address VLAN Interface Type Lease (Secs)
# ----------------- --------------- ---- ----------- ------- -----------
# !
- name: Add DHCPv4 snooping bindings
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv4'
source_bindings:
- mac_addr: '00:b0:d0:63:c2:26'
ip_addr: '192.0.2.146'
intf_name: 'Ethernet4'
vlan_id: '1'
- mac_addr: 'aa:f7:67:fc:f4:9a'
ip_addr: '156.33.90.167'
intf_name: 'PortChannel1'
vlan_id: '2'
state: merged
# After State:
# ------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address IP Address VLAN Interface Type Lease (Secs)
# ----------------- --------------- ---- ----------- ------- -----------
# 00:b0:d0:63:c2:26 192.0.2.146 1 Ethernet4 static NA
# aa:f7:67:fc:f4:9a 156.33.90.167 2 PortChannel1 static NA
# !
# Using deleted
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2 3 5
# DHCP snooping trusted interfaces: Ethernet8
# !
- name: Disable DHCPv4 snooping on some VLANs
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv4'
vlans:
- '3'
- '5'
state: deleted
# After State:
# ------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2
# DHCP snooping trusted interfaces:
# !
# Using deleted
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !
- name: Disable DHCPv6 snooping on all VLANs
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv6'
vlans: []
state: deleted
# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !
# Using deleted
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !
- name: Delete all DHCPv6 configuration
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv6'
state: deleted
# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Disabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces:
# !
# Using deleted
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address IP Address VLAN Interface Type Lease (Secs)
# ----------------- --------------- ---- ----------- ------- -----------
# 00:b0:d0:63:c2:26 192.0.2.146 1 Ethernet4 static NA
# aa:f7:67:fc:f4:9a 156.33.90.167 2 PortChannel1 static NA
# !
- name: Delete a DHCPv4 snooping binding
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv4'
source_bindings:
- mac_addr: '00:b0:d0:63:c2:26'
ip_addr: '192.0.2.146'
intf_name: 'Ethernet4'
vlan_id: '1'
state: deleted
# After State:
# ------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address IP Address VLAN Interface Type Lease (Secs)
# ----------------- --------------- ---- ----------- ------- -----------
# aa:f7:67:fc:f4:9a 156.33.90.167 2 PortChannel1 static NA
# !
# Using overridden
#
# Before State:
# -------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address IP Address VLAN Interface Type Lease (Secs)
# ----------------- --------------- ---- ----------- ------- -----------
# 00:b0:d0:63:c2:26 192.0.2.146 1 Ethernet4 static NA
# 28:21:28:15:c1:1b 141.202.222.118 1 Ethernet2 static NA
# aa:f7:67:fc:f4:9a 156.33.90.167 2 PortChannel1 static NA
# !
- name: Override DHCPv4 snooping bindings
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv4'
source_bindings:
- mac_addr: '00:b0:d0:63:c2:26'
ip_addr: '192.0.2.146'
intf_name: 'Ethernet4'
vlan_id: '3'
state: overridden
# After State:
# ------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address IP Address VLAN Interface Type Lease (Secs)
# ----------------- --------------- ---- ----------- ------- -----------
# 00:b0:d0:63:c2:26 192.0.2.146 3 Ethernet4 static NA
# !
# Using replaced
#
# Before State:
# -------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address IP Address VLAN Interface Type Lease (Secs)
# ----------------- --------------- ---- ----------- ------- -----------
# 00:b0:d0:63:c2:26 192.0.2.146 1 Ethernet4 static NA
# 28:21:28:15:c1:1b 141.202.222.118 1 Ethernet2 static NA
# aa:f7:67:fc:f4:9a 156.33.90.167 2 PortChannel1 static NA
# !
- name: Replace DHCPv4 snooping bindings
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv4'
source_bindings:
- mac_addr: '00:b0:d0:63:c2:26'
ip_addr: '192.0.2.146'
intf_name: 'Ethernet4'
vlan_id: '3'
state: replaced
# After State:
# ------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address IP Address VLAN Interface Type Lease (Secs)
# ----------------- --------------- ---- ----------- ------- -----------
# 00:b0:d0:63:c2:26 192.0.2.146 3 Ethernet4 static NA
# 28:21:28:15:c1:1b 141.202.222.118 1 Ethernet2 static NA
# aa:f7:67:fc:f4:9a 156.33.90.167 2 PortChannel1 static NA
# !
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The resulting configuration module invocation. Returned: when changed Sample: |
|
The generated configuration module invocation. Returned: when Sample: |
|
The configuration prior to the module invocation. Returned: always Sample: |
|
The set of commands pushed to the remote device. Returned: always Sample: |