Try SpotterManage DHCP Snooping on SONiC
| "added in version" 2.3.0 of dellemc.enterprise_sonic"
Authors: Simon Nathans (@simon-nathans), Xiao Han (@Xiao_Han2)
Install with ansible-galaxy collection install dellemc.enterprise_sonic:==2.4.0
collections:
- name: dellemc.enterprise_sonic
version: 2.4.0This module provides configuration management of DHCP snooping for devices running SONiC.
# Using merged
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Disabled
# DHCP snooping source MAC verification is Disabled
# DHCP snooping is enabled on the following VLANs:
# DHCP snooping trusted interfaces:
# !
- name: Configure DHCPv4 snooping global settings
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv4'
enabled: true
verify_mac: true
vlans: ['1', '2', '3', '5']
trusted:
- intf_name: 'Ethernet8'
state: merged
# After State:
# ------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2 3 5
# DHCP snooping trusted interfaces: Ethernet8
# !
# Using merged
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Disabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces:
# !
- name: Configure DHCPv6 snooping global settings
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv6'
enabled: true
vlans:
- '4'
trusted:
- intf_name: 'Ethernet2'
- intf_name: PortChannel1
state: merged
# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1
# !
# Using merged
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 0
# Total number of Tentative bindings: 0
# MAC Address IP Address VLAN Interface Type Lease (Secs)
# ----------------- --------------- ---- ----------- ------- -----------
# !
- name: Add DHCPv4 snooping bindings
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv4'
source_bindings:
- mac_addr: '00:b0:d0:63:c2:26'
ip_addr: '192.0.2.146'
intf_name: 'Ethernet4'
vlan_id: '1'
- mac_addr: 'aa:f7:67:fc:f4:9a'
ip_addr: '156.33.90.167'
intf_name: 'PortChannel1'
vlan_id: '2'
state: merged
# After State:
# ------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address IP Address VLAN Interface Type Lease (Secs)
# ----------------- --------------- ---- ----------- ------- -----------
# 00:b0:d0:63:c2:26 192.0.2.146 1 Ethernet4 static NA
# aa:f7:67:fc:f4:9a 156.33.90.167 2 PortChannel1 static NA
# !
# Using deleted
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2 3 5
# DHCP snooping trusted interfaces: Ethernet8
# !
- name: Disable DHCPv4 snooping on some VLANs
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv4'
vlans:
- '3'
- '5'
state: deleted
# After State:
# ------------
#
# sonic# show ip dhcp snooping
# !
# DHCP snooping is Enabled
# DHCP snooping source MAC verification is Enabled
# DHCP snooping is enabled on the following VLANs: 1 2
# DHCP snooping trusted interfaces:
# !
# Using deleted
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !
- name: Disable DHCPv6 snooping on all VLANs
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv6'
vlans: []
state: deleted
# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !
# Using deleted
#
# Before State:
# -------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Enabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs: 4
# DHCPv6 snooping trusted interfaces: PortChannel1 PortChannel2 PortChannel3 PortChannel4
# !
- name: Delete all DHCPv6 configuration
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv6'
state: deleted
# After State:
# ------------
#
# sonic# show ipv6 dhcp snooping
# !
# DHCPv6 snooping is Disabled
# DHCPv6 snooping source MAC verification is Disabled
# DHCPv6 snooping is enabled on the following VLANs:
# DHCPv6 snooping trusted interfaces:
# !
# Using deleted
#
# Before State:
# -------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address IP Address VLAN Interface Type Lease (Secs)
# ----------------- --------------- ---- ----------- ------- -----------
# 00:b0:d0:63:c2:26 192.0.2.146 1 Ethernet4 static NA
# aa:f7:67:fc:f4:9a 156.33.90.167 2 PortChannel1 static NA
# !
- name: Delete a DHCPv4 snooping binding
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv4'
source_bindings:
- mac_addr: '00:b0:d0:63:c2:26'
ip_addr: '192.0.2.146'
intf_name: 'Ethernet4'
vlan_id: '1'
state: deleted
# After State:
# ------------
#
# sonic# show ip dhcp snooping binding
# !
# Total number of Dynamic bindings: 0
# Total number of Static bindings: 2
# Total number of Tentative bindings: 0
# MAC Address IP Address VLAN Interface Type Lease (Secs)
# ----------------- --------------- ---- ----------- ------- -----------
# aa:f7:67:fc:f4:9a 156.33.90.167 2 PortChannel1 static NA
# !
# Using overridden
#
# Before State:
# -------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address IP Address VLAN Interface Type Lease (Secs)
# ----------------- --------------- ---- ----------- ------- -----------
# 00:b0:d0:63:c2:26 192.0.2.146 1 Ethernet4 static NA
# 28:21:28:15:c1:1b 141.202.222.118 1 Ethernet2 static NA
# aa:f7:67:fc:f4:9a 156.33.90.167 2 PortChannel1 static NA
# !
- name: Override DHCPv4 snooping bindings
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv4'
source_bindings:
- mac_addr: '00:b0:d0:63:c2:26'
ip_addr: '192.0.2.146'
intf_name: 'Ethernet4'
vlan_id: '3'
state: overridden
# After State:
# ------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address IP Address VLAN Interface Type Lease (Secs)
# ----------------- --------------- ---- ----------- ------- -----------
# 00:b0:d0:63:c2:26 192.0.2.146 3 Ethernet4 static NA
# !
# Using replaced
#
# Before State:
# -------------
#
# sonic# show ipv4 dhcp snooping binding
# !
# MAC Address IP Address VLAN Interface Type Lease (Secs)
# ----------------- --------------- ---- ----------- ------- -----------
# 00:b0:d0:63:c2:26 192.0.2.146 1 Ethernet4 static NA
# 28:21:28:15:c1:1b 141.202.222.118 1 Ethernet2 static NA
# aa:f7:67:fc:f4:9a 156.33.90.167 2 PortChannel1 static NA
# !
- name: Replace DHCPv4 snooping bindings
dellemc.enterprise_sonic.sonic_dhcp_snooping:
config:
afis:
- afi: 'ipv4'
source_bindings:
- mac_addr: '00:b0:d0:63:c2:26'
ip_addr: '192.0.2.146'
intf_name: 'Ethernet4'
vlan_id: '3'
state: replaced
state:
choices:
- merged
- deleted
- overridden
- replaced
default: merged
description:
- The state of the configuration after module completion.
type: str
config:
description: The DHCP snooping configuration.
suboptions:
afis:
description:
- List of address families to configure.
- 'There can be up to two items in this list: one where I(afi=ipv4) and one where
I(afi=ipv6) to configure DHCPv4 and DHCPv6, respectively.'
elements: dict
suboptions:
afi:
choices:
- ipv4
- ipv6
description:
- The address family to configure.
required: true
type: str
enabled:
description:
- Enable DHCP snooping for I(afi).
type: bool
source_bindings:
description:
- Create a static entry in the DHCP snooping binding database for I(afi).
- When I(state=deleted), passing an empty list will delete all source bindings.
elements: dict
suboptions:
intf_name:
description:
- The binding's interface name.
- Can be an Ethernet or a PortChannel interface.
type: str
ip_addr:
description:
- The bindings's IP address.
type: str
mac_addr:
description:
- The binding's MAC address.
required: true
type: str
vlan_id:
description:
- The binding's VLAN ID.
type: int
type: list
trusted:
description:
- Mark interfaces as trusted for DHCP snooping for I(afi).
- When I(state=deleted), passing an empty list will delete all trusted interfaces.
elements: dict
suboptions:
intf_name:
description:
- The interface name.
required: true
type: str
type: list
verify_mac:
description:
- Enable DHCP snooping MAC verification for I(afi).
type: bool
vlans:
description:
- Enable DHCP snooping on a list of VLANs for I(afi).
- When I(state=deleted), passing an empty list will disable DHCP snooping
in all VLANs
elements: str
type: list
type: list
type: dict
after:
description: The resulting configuration model invocation.
returned: when changed
sample: "The configuration returned will always be in the same format\n of the parameters\
\ above.\n"
type: dict
before:
description: The configuration prior to the model invocation.
returned: always
sample: "The configuration returned will always be in the same format\n of the parameters\
\ above.\n"
type: dict
commands:
description: The set of commands pushed to the remote device.
returned: always
sample:
- command 1
- command 2
- command 3
type: list