Symptom
At this moment, due to Cisco-IOS-XE-switch.yang model it is not possible to implement "switchport port-security maximum vlan" command using Restconf or Netconf.
https:// {host}}:{{port}}/restconf/data/Cisco-IOS-XE-native:native/interface/GigabitEthernet=1%2F0%2F2
{
"Cisco-IOS-XE-native:GigabitEthernet": {
"switchport": {
"Cisco-IOS-XE-switch:port-security-cfg": {},
"Cisco-IOS-XE-switch:port-security-conf": {
"port-security": {
"maxcount": {
"max-addresses": 78,
"vlan": ""
}
}
}
}
}
}
{
"errors": {
"error": [
{
"error-message": "inconsistent value: Device refused one or more commands", <<<<<<<<
"error-path": "/Cisco-IOS-XE-native:native/interface/GigabitEthernet=\"1/0/2\"",
"error-tag": "invalid-value",
"error-type": "application"
...
Conditions
Implementing "switchport port-security maximum vlan" command under interface using Restconf/Netconf.
Workaround
For adding restriction for VLAN we can use one of the statements after VLAN in the API request:
VLAN-list - On a trunk port, you can set a per-VLAN maximum value on a range of VLANs separated by a hyphen or a series of VLANs separated by commas. For nonspecified VLANs, the per-VLAN maximum value is used.
access - On an access port, specifies the VLAN as an access VLAN.
voice - On an access port, specifies the VLAN as a voice VLAN.
example:
https://{{host}}:{{port}}/restconf/data/Cisco-IOS-XE-native:native/interface/GigabitEthernet=1%2F0%2F2
{
"Cisco-IOS-XE-native:GigabitEthernet": {
"switchport": {
"Cisco-IOS-XE-switch:port-security-cfg": {},
"Cisco-IOS-XE-switch:port-security-conf": {
"port-security": {
"maxcount": {
"max-addresses": 10,
"vlan": "63"
}
}
}
}
}
}
Further Problem Description
Working on the modifying Cisco-IOS-XE-switch.yang model.
