You can configure port properties on a tenant EPG network.
port-property-add, port-property-delete,
and port-property-update to add, delete, and update the port property (PP)
of an EPG. For example, If an EPG does not have the PP MAC ACL applied and if you
want to apply PP MAC ACL on the EPG, then use the port-property-add or
port-property-update operation.
Note
The port property configuration on Tenant EPG is supported only for PP ACL./GoDCApp/GoCommon/src/efa-client# efa tenant epg show --detail
========================================================================
Name : epg1
Tenant : t1
Type : extension
State : epg-with-port-group-and-ctag-range
Description :
Ports : 10.20.246.15[0/37]
: 10.20.246.16[0/37]
POs :
Port Property : SwitchPort Mode : trunk
: Native Vlan Tagging : false
: Single-Homed BFD Session Type : auto
NW Policy : Ctag Range : 300
+------------+-------------+-----------+------------+-------------+
| MAC ACL IN | MAC ACL OUT | IP ACL IN | IP ACL OUT | IPv6 ACL IN |
+------------+-------------+-----------+------------+-------------+
Port Property ACLs
+--------------------+-------------+---------------+
| Port | Dev State | App State |
+--------------------+-------------+---------------+
| 10.20.246.15[0/37] | provisioned | cfg-in-sync |
+--------------------+-------------+---------------+
| 10.20.246.16[0/37] | provisioned | cfg-in-sync |
+--------------------+-------------+---------------+
Port Property States
+-----+-------------+------+-----+-------+--------+--------+----------------------+----+-------+--------------+------------+-----------+-----------+
|Ctag | Ctag |L2Vni |BD |Anycast| Anycast|Suppress| Local IP | IP | IPv6 | IPv6 ND | IPv 6 ND | Dev State | App State |
| | Description| |Name |IPv4 | IPV6 | ARP/ND | [Device-IP->Local-IP]| MTU| ND MTU|Managed Config|Other Config| | |
+-----+-------------+------+-----+-------+--------+--------+----------------------+----+-------+--------------+------------+-----------+-----------+
|300 |Tenant L2 |11002 | | | | F/F | | | | false | false |provisioned|cfg-in-sync|
| |Extended VLAN| | | | | | | | | | | | |
+-----+-------------+------+-----+-------+--------+--------+----------------------+----+-------+--------------+------------+-----------+-----------+
Network Property [Flags : * - Native Vlan]
+------+----------------+--------------+----------------+--------------------+-------------+
| Ctag | IPv6 ND Prefix | No Advertise | Valid Lifetime | Preferred Lifetime | Config Type |
+------+----------------+--------------+----------------+--------------------+-------------+
IPv6 ND Prefix Flags
+------+------------+-------------+-----------+------------+-------------+
| Ctag | MAC ACL IN | MAC ACL OUT | IP ACL IN | IP ACL OUT | IPv6 ACL IN |
+------+------------+-------------+-----------+------------+-------------+
Network Property ACLs
For 'unstable' entities, run 'efa tenant po/vrf show' for details
==============================================================================================================================================================
Rack1Device1# show run int eth 0/37 interface Ethernet 0/37 cluster-track switchport switchport mode trunk switchport trunk allowed vlan add 300 no switchport trunk tag native-vlan no shutdown ! |
Rack1Device2# show run int eth 0/37 interface Ethernet 0/37 cluster-track switchport switchport mode trunk switchport trunk allowed vlan add 300 no switchport trunk tag native-vlan no shutdown ! |
efa tenant epg update --name <epg-name> --tenant <tenant-name>
--operation port-property-add
--switchport-mode {access |trunk | trunk-no-default-native} --switchport-native-vlan-tagging
--single-homed-bfd-session-type {auto | hardware | software}
--pp-mac-acl-in <acl-name> --pp-mac-acl-out <acl-name>
--pp-ip-acl-in <acl-name> --pp-ip-acl-out <acl-name>
--pp-ipv6-acl-in <acl-name>
Example
efa tenant epg update --tenant t1 --name epg1 --operation port-property-add
--pp-mac-acl-in ext-mac-permit-any-mirror-acl --pp-ip-acl-in ext-ip-permit-any-mirror-acl
efa tenant epg show --detail
=======================================================
Name : epg1
Tenant : t1
Type : extension
State : epg-with-port-group-and-ctag-range
Description :
Ports : 10.20.246.15[0/37]
: 10.20.246.16[0/37]
POs :
Port Property : SwitchPort Mode : trunk
: Native Vlan Tagging : false
: Single-Homed BFD Session Type : auto
NW Policy : Ctag Range : 300
+------------------------------+------------+----------------------------+-----------+------------+
| MAC ACL IN |MAC ACL OUT | IP ACL IN | IP ACL OUT| IPv6 ACL IN|
+------------------------------+------------+----------------------------+-----------+------------+
|ext-mac-permit-any-mirror-acl | |ext-ip-permit-any-mirror-acl| | |
+------------------------------+------------+----------------------------+-----------+------------+
Port Property ACLs
+--------------------+-------------+---------------+
| Port | Dev State | App State |
+--------------------+-------------+---------------+
| 10.20.246.15[0/37] | provisioned | cfg-in-sync |
+--------------------+-------------+---------------+
| 10.20.246.16[0/37] | provisioned | cfg-in-sync |
+--------------------+-------------+---------------+
Port Property States
+-----+--------------+------+----+-------+-------+---------+-----------+----+-----+-------+--------+-----------+------------+
|Ctag | Ctag |L2Vni |BD |Anycast|Anycast| Suppress|Local IP |IP |IPv6 |IPv6 ND| IPv6 ND| Dev State | App State |
| | Description | |Name|IPv4 |IPV6 | ARP/ND |[Device-IP-|MTU |ND |Managed| Other | | |
| | | | | | | |Local-IP] | |MTU |Config | Config | | |
+-----+--------------+------+----+-------+-------+---------+-----------+----+-----+-------+--------+-----------+------------+
|300 |Tenant L2 |11002 | | | | F/F | | | | false |false |provisioned| cfg-in-sync|
| |Extgended VLAN| | | | | | | | | | | | |
+-----+--------------+------+----+-------+-------+---------+-----------+----+-----+-------+--------+-----------+------------+
Network Property [Flags : * - Native Vlan]
+------+----------------+--------------+----------------+--------------------+-------------+
| Ctag | IPv6 ND Prefix | No Advertise | Valid Lifetime | Preferred Lifetime | Config Type |
+------+----------------+--------------+----------------+--------------------+-------------+
IPv6 ND Prefix Flags
+------+------------+-------------+-----------+------------+-------------+
| Ctag | MAC ACL IN | MAC ACL OUT | IP ACL IN | IP ACL OUT | IPv6 ACL IN |
+------+------------+-------------+-----------+------------+-------------+
Network Property ACLs
For 'unstable' entities, run 'efa tenant po/vrf show' for details
================================================================================================================================================
Rack1Device1# show run int eth 0/37 interface Ethernet 0/37 cluster-track switchport switchport mode trunk switchport trunk allowed vlan add 300 no switchport trunk tag native-vlan mac access-group ext-mac-permit-any mirror-acl in ip access-group ext-ip-permit-any-mirror-acl in no shutdown ! |
Rack1Device2# show run int eth 0/37 interface Ethernet 0/37 cluster-track switchport switchport mode trunk switchport trunk allowed vlan add 300 no switchport trunk tag native-vlan mac access-group ext-mac-permit-any mirror-acl in ip access-group ext-ip-permit-any-mirror-acl in no shutdown ! |
efa tenant epg update --name <epg-name> --tenant <tenant-name>
--operation port-property-delete
--switchport-mode {access |trunk | trunk-no-default-native} --switchport-native-vlan-tagging
--single-homed-bfd-session-type {auto | hardware | software}
--pp-mac-acl-in <acl-name> --pp-mac-acl-out <acl-name>
--pp-ip-acl-in <acl-name> --pp-ip-acl-out <acl-name>
--pp-ipv6-acl-in <acl-name>
Example
efa tenant epg update --tenant t1 --name epg1 --operation port-property-delete
--pp-mac-acl-in --pp-ip-acl-in
efa tenant epg show --detail
=======================================================
Name : epg1
Tenant : t1
Type : extension
State : epg-with-port-group-and-ctag-range
Description :
Ports : 10.20.246.15[0/37]
: 10.20.246.16[0/37]
POs :
Port Property : SwitchPort Mode : trunk
: Native Vlan Tagging : false
: Single-Homed BFD Session Type : auto
NW Policy : Ctag Range : 300
+------------+-------------+-----------+------------+-------------+
| MAC ACL IN | MAC ACL OUT | IP ACL IN | IP ACL OUT | IPv6 ACL IN |
+------------+-------------+-----------+------------+-------------+
Port Property ACLs
+--------------------+-------------+---------------+
| Port | Dev State | App State |
+--------------------+-------------+---------------+
| 10.20.246.15[0/37] | provisioned | cfg-in-sync |
+--------------------+-------------+---------------+
| 10.20.246.16[0/37] | provisioned | cfg-in-sync |
+--------------------+-------------+---------------+
Port Property States
+----+--------------+-----+-----+-------+-------+---------+------------+---+------+--------+-------+-----------+-----------+
|Ctag| Ctag |L2Vni| BD |Anycast|Anycast|Suppress |Local IP |IP |IPv6 |IPv6 ND |IPv6 ND| Dev State |App State |
| | Description | | Name|IPv4 |IPv6 | ARP/ND |[Device-IP->|MTU|ND MTU|Managed |Other | | |
| | | | | | | |Local-IP] | | |Config |Config | | |
+----+--------------+-----+-----+-------+-------+---------+------------+---+------+--------+-------+-----------+-----------+
|300 |Tenant L2 |11002| | | | F/F | | | |false |false |provisioned|cfg-in-sync|
| |Extended VLAN | | | | | | | | | | | | |
+----+--------------+-----+-----+-------+-------+---------+------------+---+------+--------+-------+-----------+-----------+
Network Property [Flags : * - Native Vlan]
+------+----------------+--------------+----------------+--------------------+-------------+
| Ctag | IPv6 ND Prefix | No Advertise | Valid Lifetime | Preferred Lifetime | Config Type |
+------+----------------+--------------+----------------+--------------------+-------------+
IPv6 ND Prefix Flags
+------+------------+-------------+-----------+------------+-------------+
| Ctag | MAC ACL IN | MAC ACL OUT | IP ACL IN | IP ACL OUT | IPv6 ACL IN |
+------+------------+-------------+-----------+------------+-------------+
Network Property ACLs
For 'unstable' entities, run 'efa tenant po/vrf show' for details
============================================================================================
Rack1Device1# show run int eth 0/37 interface Ethernet 0/37 cluster-track switchport switchport mode trunk switchport trunk allowed vlan add 300 no switchport trunk tag native-vlan no shutdown ! |
Rack1Device2# show run int eth 0/37 interface Ethernet 0/37 cluster-track switchport switchport mode trunk switchport trunk allowed vlan add 300 no switchport trunk tag native-vlan no shutdown ! |
efa tenant epg update --name <epg-name> --tenant <tenant-name>
--operation port-property-update
--switchport-mode {access |trunk | trunk-no-default-native} --switchport-native-vlan-tagging
--single-homed-bfd-session-type {auto | hardware | software}
--pp-mac-acl-in <acl-name> --pp-mac-acl-out <acl-name>
--pp-ip-acl-in <acl-name> --pp-ip-acl-out <acl-name>
--pp-ipv6-acl-in <acl-name>
Example
efa tenant epg update --tenant t1 --name epg1 --operation port-property-update
--pp-ip-acl-out ext-ip-permit-any-mirror-acl --pp-ipv6-acl-in ext-ipv6-permit-any-mirror-acl
efa tenant epg show –detail
======================================================
Name : epg1
Tenant : t1
Type : extension
State : epg-with-port-group-and-ctag-range
Description :
Ports : 10.20.246.15[0/37]
: 10.20.246.16[0/37]
POs :
Port Property : SwitchPort Mode : trunk
: Native Vlan Tagging : false
: Single-Homed BFD Session Type : auto
NW Policy : Ctag Range : 300
+------------+-------------+-----------+-----------------------------+--------------------------------+
| MAC ACL IN | MAC ACL OUT | IP ACL IN | IP ACL OUT | IPv6 ACL IN |
+------------+-------------+-----------+-----------------------------+--------------------------------+
| | | |ext-ip-permit-any-mirror-acl | ext-ipv6-permit-any-mirror-acl |
+------------+-------------+-----------+-----------------------------+--------------------------------+
Port Property ACLs
+--------------------+-------------+---------------+
| Port | Dev State | App State |
+--------------------+-------------+---------------+
| 10.20.246.15[0/37] | provisioned | cfg-in-sync |
+--------------------+-------------+---------------+
| 10.20.246.16[0/37] | provisioned | cfg-in-sync |
+--------------------+-------------+---------------+
Port Property States
+-----+--------------+------+----+-------+-------+---------+------------+---+----+--------+--------+-----------+-----------+
|Ctag | Ctag |L2Vni |BD |Anycast|Anycast| Suppress|Local IP |IP |IPv6|IPv6 ND | IPv6 ND|Dev State |App State |
| | Description | |Name|IPv4 |IPv6 | ARP/ND |[Device-IP->|MTU|ND |Managed | Other | | |
| | | | | | | |Local-IP] | |MTU |Config | Config | | |
+-----+--------------+------+----+-------+-------+---------+------------+---+----+--------+--------+-----------+-----------+
|300 |Tenant L2 |11002 | | | | F/F | | | | false |false |provisioned|cfg-in-sync|
| |Extgended VLAN| | | | | | | | | | | | |
+-----+--------------+------+----+-------+-------+---------+------------+---+----+--------+--------+-----------+-----------+
Network Property [Flags : * - Native Vlan]
+------+----------------+--------------+----------------+--------------------+-------------+
| Ctag | IPv6 ND Prefix | No Advertise | Valid Lifetime | Preferred Lifetime | Config Type |
+------+----------------+--------------+----------------+--------------------+-------------+
IPv6 ND Prefix Flags
+------+------------+-------------+-----------+------------+-------------+
| Ctag | MAC ACL IN | MAC ACL OUT | IP ACL IN | IP ACL OUT | IPv6 ACL IN |
+------+------------+-------------+-----------+------------+-------------+
Network Property ACLs
For 'unstable' entities, run 'efa tenant po/vrf show' for details
Rack1Device1# show run int eth 0/37 interface Ethernet 0/37 cluster-track switchport switchport mode trunk switchport trunk allowed vlan add 300 no switchport trunk tag native-vlan ip access-group ext-ip-permit-any-mirror-acl out ipv6 access-group ext-ipv6-permit-any-mirror-acl in no shutdown ! |
Rack1Device2# show run int eth 0/37 interface Ethernet 0/37 cluster-track switchport switchport mode trunk switchport trunk allowed vlan add 300 no switchport trunk tag native-vlan ip access-group ext-ip-permit-any-mirror-acl out ipv6 access-group ext-ipv6-permit-any-mirror-acl in no shutdown ! |