Port MAC Locking OpEN API

This document provides a brief description of the Port MAC Locking (PML) OpEN API. PML is a security feature which can be used to limit access to an interface based on MAC addresses.

The API provides the following services:

Get the global PML admin mode.
Get whether an interface is valid PML interface.
Get the mode for a valid PML interface.
Get the dynamic limit for a valid PML interface.
Get the static limit for a valid PML interface.
Get the violation trap mode for a valid PML interface.
Get the violation D-Disable mode for a valid PML interface.
Get the sticky mode for a valid PML interface.
Display statically locked MAC addresses on an interface.
Display dynamically learned MAC addresses on an interface.
Sets the PML global admin mode.
Set the Port MAC Locking mode for the specified interface.
Gets the Port MAC Locking maximum dynamic limit for the specified interface.
Sets the Port MAC Locking dynamic limit for the specified interface.
Gets the Port MAC Locking maximum static limit for the specified interface.
Gets the Port MAC Locking static count for the specified interface.
Sets the Port MAC Locking static limit for the specified interface.
Gets the frequency interval between successive SNMP traps.
Sets the frequency interval between successive SNMP traps.
Adds a statically locked entry to an interface.
Deletes a statically locked entry from an interface.
Converts dynamically locked entries to statically locked entries on this interface.
Configures PML sticky mode on this interface.
Gets the last violation entry for an interface.
Gets the count of dynamcially learned mac addresses on an interface.
Gets the count of statically learned mac addresses on an interface.
Gets the count of statically learned mac addressesin the specified vlan.
Gets the global count of statically learned mac addresses.
Sets the port MAC locking violation D-Disable mode for the specified interface.
Gets the PML vlan admin mode.
Sets the PML vlan admin mode.
Gets the MAC limit per Vlan.
Sets the vlan MAC Locking limit.
Gets operational vlan MAC locking limit.
Gets the MAC Locking violation D-Disable mode for the specified vlan.
Sets the MAC Locking violation D-Disable mode for the specified vlan.
Gets the MAC Locking violation trap mode for the specified vlan.
Sets the MAC Locking violation trap mode for the specified vlan.
Gets the MAC Locking mode for the specified vlan.
Sets the MAC Locking mode for the specified vlan.
Gets the Port MAC Locking vlan dynamic limit for the specified interface.
Sets the Port MAC Locking vlan dynamic limit for the specified interface.
Gets the Port MAC Locking vlan dynamic learned address count for the specified interface and vlan.
Gets secure MAC address aging time for the specified interface.
Sets secure MAC address aging time for the specified interface.
Gets the next valid PML interface.
Display dynamically learned MAC addresses per vlan on an interface.
Associate the 802.1Qci stream with static PML entry.
Deassociate the 802.1Qci stream with static PML entry.
Get the 802.1Qci stream ID associated with static PML entry.

Example C Application pml_example

pml_example.c is a sample application that exercises the APIs provided by the PML OpEN APIs.

Usage: ./pml_example <test#> <arg1> <arg2> ...

Test 1: get the global admin mode: ./pml_example 1
Test 2: get whether interface is valid PML interface: ./pml_example 2 <intf>
Test 3: get the mode for a valid PML interface: ./pml_example 3 <intf>
Test 4: get the dynamic limit for a valid PML interface: ./pml_example 4 <intf>
Test 5: get the static limit for a valid PML interface: ./pml_example 5 <intf>
Test 6: get the violation trap mode for a valid PML interface: ./pml_example 6 <intf>
Test 7: get the violation D-Disable mode for a valid PML interface: ./pml_example 7 <intf>
Test 8: get the sticky mode for a valid PML interface: ./pml_example 8 <intf>
Test 9: Display statically locked MAC addresses on an interface: ./pml_example 9 <intf>
Test 10: Display dynamically learned MAC addresses on an interface: ./pml_example 10 <intf>
Test 11: Sets the PML global admin mode: ./pml_example 11 <adminMode>
Test 12: Set the Port MAC Locking mode for the specified interface: ./pml_example 12 <ifNum> <intfMode>
Test 13: Gets the Port MAC Locking maximum dynamic limit for the specified interface: ./pml_example 13 <ifNum>
Test 14: Sets the Port MAC Locking dynamic limit for the specified interface: ./pml_example 14 <ifNum> <limit>
Test 15: Gets the Port MAC Locking maximum static limit for the specified interface: ./pml_example 15 <ifNum>
Test 16: Gets the Port MAC Locking static count for the specified interface: ./pml_example 16 <ifNum>
Test 17: Sets the Port MAC Locking static limit for the specified interface: ./pml_example 17 <ifNum> <limit>
Test 18: Gets the frequency interval between successive SNMP traps: ./pml_example 18 <ifNum>
Test 19: Sets the frequency interval between successive SNMP traps: ./pml_example 19 <ifNum> <interval>
Test 20: Adds a statically locked entry to an interface: ./pml_example 20 <ifNum> <macAddr> <vlanId> <sticky>
Test 21: Deletes a statically locked entry from an interface: ./pml_example 21 <ifNum> <macAddr> <vlanId>
Test 22: Converts dynamically locked entries to statically locked entries on this interface: ./pml_example 22 <ifNum>
Test 23: Configures PML sticky mode on this interface: ./pml_example 23 <ifNum> <sticky>
Test 24: Gets the last violation entry for an interface: ./pml_example 24 <ifNum>
Test 25: Gets the count of dynamcially learned mac addresses on an interface: ./pml_example 25 <ifNum>
Test 26: Gets the count of statically learned mac addresses on an interface: ./pml_example 26 <ifNum>
Test 27: Gets the count of statically learned mac addresses in the specified vlan: ./pml_example 27 <vlanId>
Test 28: Gets the global count of statically learned mac addresses: ./pml_example 28
Test 29: Sets the port MAC locking violation D-Disable mode for the specified interface: ./pml_example 29 <ifNum> <mode>
Test 30: Gets the PML vlan admin mode: ./pml_example 30
Test 31: Sets the PML vlan admin mode: ./pml_example 31 <adminMode>
Test 32: Gets the MAC limit per Vlan: ./pml_example 32 <vlanId>
Test 33: Sets the vlan MAC Locking limit: ./pml_example 33 <vlanId> <limit>
Test 34: Gets operational vlan MAC locking limit: ./pml_example 34 <vlanId>
Test 35: Gets the MAC Locking violation D-Disable mode for the specified vlan: ./pml_example 35 <vlanId>
Test 36: Sets the MAC Locking violation D-Disable mode for the specified vlan: ./pml_example 36 <vlanId> <mode>
Test 37: Gets the MAC Locking violation trap mode for the specified vlan: ./pml_example 37 <vlanId>
Test 38: Sets the MAC Locking violation trap mode for the specified vlan: ./pml_example 38 <vlanId> <mode>
Test 39: Gets the MAC Locking mode for the specified vlan: ./pml_example 39 <vlanId>
Test 40: Sets the MAC Locking mode for the specified vlan: ./pml_example 40 <vlanId> <mode>
Test 41: Gets the Port MAC Locking vlan dynamic limit for the specified interface: ./pml_example 41 <ifNum> <vlanId>
Test 42: Sets the Port MAC Locking vlan dynamic limit for the specified interface: ./pml_example 42 <ifNum> <vlanId> <limit>
Test 43: Gets the Port MAC Locking vlan dynamic learned address count for the specified interface and vlan: ./pml_example 43 <ifNum> <vlanId>
Test 44: Gets secure MAC address aging time for the specified interface: ./pml_example 44 <ifNum>
Test 45: Sets secure MAC address aging time for the specified interface: ./pml_example 45 <ifNum> <ageTime>
Test 46: Gets the next valid PML interface: ./pml_example 46 <ifNum>
Test 47: Display dynamically learned MAC addresses on an interface.: ./pml_example 47 <intf>
Test 48: Associate the 802.1Qci stream with static PML entry: ./pml_example 48 <ifNum> <macAddr> <vlanId> <streamID>
Test 49: Deassociate the 802.1Qci stream with static PML entry: ./pml_example 49 <ifNum> <macAddr> <vlanId> <streamID>
Test 50: Get the 802.1Qci stream ID associated with static PML entry: ./pml_example 50 <ifNum> <macAddr> <vlanId> <streamID>
Test 51: run negative tests: ./pml_example 51 <intf>

Initialization

In the main function, the sample application initializes the OpEN API RPC service by calling openapiClientRegister() and waits for the RPC service in switchdrvr to start. A Client Handle is returned by openapiClientRegister() which is used while invoking the OpEN APIs. The application then exercises the associated OpEN APIs and logs informational and/or error messages on the console. The example application runs to its completion and exits. A minimal run uses the -i argument to specify an interface. The various data about that interface (for each supported priority) is output by the application.

PML CLI/API Cross Reference

The mapping between the OpEN APIs and CLI commands is shown below.

CLI Command	OpEN API Functions
(Priv-User Mode)# show port-security	openapiPmlGlobalAdminModeGet() openapiPmlIntfVlanDynamicLimitGet() openapiPmlIntfAgeTimeGet()
(Priv-User Mode)# show port-security <slot/port>	openapiPmlIntfDynamicLimitGet() openapiPmlIntfStaticLimitGet() openapiPmlIntfViolationTrapModeGet() openapiPmlIntfViolationDDisableModeGet() openapiPmlIntfStickyModeGet()
(Priv-User Mode)# show port-security static <slot/port>	openapiPmlIntfStaticEntryGetFirst() openapiPmlIntfStaticEntryGetNext() openapiPmlIntfStaticLearnedAddrCountGet()
(Priv-User Mode)# show port-security dynamic <slot/port>	openapiPmlIntfDynamicEntryGetFirst() openapiPmlIntfDynamicEntryGetNext() openapiPmlIntfDynamicLearnedAddrCountGet()
(Config)# [no] port-security	openapiPmlGlobalAdminModeSet()
(Interface-Config Mode)# [no] port-security	openapiPmlIntfModeSet()
(Interface-Config Mode)# [no] port-security max-dynamic	openapiPmlIntfDynamicLimitSet()
(Interface-Config Mode)# [no] port-security max-static	openapiPmlIntfStaticLimitSet()
(Interface-Config Mode)# [no] port-security trap <seconds>	openapiPmlIntfTrapFrequencySet()
(Interface-Config Mode)# [no] port-security mac-address <mac-addr> <vlan-id>	openapiPmlIntfStaticEntryAdd() openapiPmlIntfStaticEntryDelete()
(Interface-Config Mode)# port-security mac-address move	openapiPmlIntfDynamicToStaticMove()
(Interface-Config Mode)# [no] port-security mac-address sticky	openapiPmlIntfStickyModeSet()
(Priv-User Mode)# show port-security violation <slot/port>	openapiPmlIntfLastViolationAddrGet()
(Priv-User Mode)# show mac address-table count vlan <vlan-id>	openapiPmlStaticAddrCountByVlanGet()
(Priv-User Mode)# show mac address-table count	openapiPmlStaticAddrGlobalCountGet()
(Interface-Config Mode)# [no] port-security violation shutdown	openapiPmlIntfViolationDDisableModeSet()
(Config)# [no] mac-address-table limit <limit>	openapiPmlVlanAdminModeSet() openapiPmlVlanDynamicLimitSet()
(Priv-User Mode)# show port-security vlan <vlan-id>	openapiPmlVlanDynamicLimitGet()
(Config)# [no] mac-address-table limit action shutdown <limit> vlan <vlan-id>	openapiPmlVlanViolationDDisableModeSet()
(Config)# [no] mac-address-table limit notification trap <limit> vlan <vlan-id>	openapiPmlVlanViolationTrapModeSet()
(Interface-Config Mode)# [no] switchport port-security dynamic vlan <vlan-id> maximum <value>	openapiPmlIntfVlanDynamicLimitSet()
(Interface-Config Mode)# [no] port-security aging time <age-time>	openapiPmlIntfAgeTimeSet()
(Config)# [no] [no] snmp-server enbale traps port-security	openapiPmlNextValidIntfGet()
(Priv-User Mode)# show mac-address-table limit	openapiPmlVlanDynamicEntryGetFirst() openapiPmlVlanDynamicEntryGetNext() openapiPmlVlanOperationalLimitGet() openapiPmlVlanDynamicLimitGet()
(Interface-Config Mode)# [no] port-security mac-address <mac-addr> <vlan-id> stream-id <stream-id>	openapiPmlDot1qciStreamSet() openapiPmlDot1qciStreamDelete()