Ethernet Interface

The EthernetInterface class manages ethernet interface objects in Palo Alto Networks' Strata Cloud Manager. Ethernet interfaces support three modes: Layer 2, Layer 3, and TAP. Layer 3 mode supports static IP, DHCP, or PPPoE addressing. The class provides methods for CRUD operations and enforces container requirements using folder, snippet, or device parameters.

Class Overview

from scm.client import ScmClient

# Initialize client
client = ScmClient(
    client_id="your_client_id",
    client_secret="your_client_secret",
    tsg_id="your_tsg_id"
)

# Access ethernet interfaces via the client
ethernet_interfaces = client.ethernet_interface

Method	Description	Parameters	Return Type
create()	Creates a new ethernet interface	data: Dict[str, Any]	EthernetInterfaceResponseModel
get()	Retrieves an ethernet interface by ID	object_id: str	EthernetInterfaceResponseModel
update()	Updates an existing ethernet interface	ethernet: EthernetInterfaceUpdateModel	EthernetInterfaceResponseModel
list()	Lists ethernet interfaces with optional filtering	folder, snippet, device, plus filters	List[EthernetInterfaceResponseModel]
fetch()	Fetches a single ethernet interface by name within a container	name: str, folder, snippet, device	EthernetInterfaceResponseModel
delete()	Deletes an ethernet interface by ID	object_id: str	None

Ethernet Interface Model Attributes

Attribute	Type	Required	Default	Description
name	str	Yes	None	Variable name (must start with $, max 63 chars)
default_value	str	No	None	Physical interface (e.g., "ethernet1/1")
id	UUID	Yes*	None	Unique identifier (*response/update only)
comment	str	No	None	Description. Max 1023 chars
link_speed	str	No	"auto"	Link speed (auto, 10, 100, 1000, 10000, etc.)
link_duplex	str	No	"auto"	Link duplex (auto, half, full)
link_state	str	No	"auto"	Link state (auto, up, down)
poe	PoeConfig	No	None	Power over Ethernet configuration
layer2	EthernetLayer2	No**	None	Layer 2 mode configuration
layer3	EthernetLayer3	No**	None	Layer 3 mode configuration
tap	EthernetTap	No**	None	TAP mode configuration
folder	str	No***	None	Folder location. Max 64 chars
snippet	str	No***	None	Snippet location. Max 64 chars
device	str	No***	None	Device location. Max 64 chars

* Only required for update and response models * Only one mode (layer2/layer3/tap) can be configured at a time ** Exactly one container must be provided for create operations

Interface Modes

Layer 2 Mode

Layer 2 mode operates at the data link layer with VLAN tagging and LLDP support.

interface_data = {
    "name": "$layer2-interface",
    "layer2": {
        "vlan_tag": "100",
        "lldp": {"enable": True}
    },
    "folder": "Interfaces"
}

Layer 3 Mode with Static IP

Layer 3 mode with static IP addresses for routed interfaces.

interface_data = {
    "name": "$wan-interface",
    "default_value": "ethernet1/1",
    "layer3": {
        "ip": [{"name": "192.168.1.1/24"}],
        "mtu": 1500,
        "interface_management_profile": "allow-ping"
    },
    "folder": "Interfaces"
}

Layer 3 Mode with DHCP

Layer 3 mode using DHCP for dynamic IP assignment.

interface_data = {
    "name": "$dhcp-interface",
    "default_value": "ethernet1/1",
    "layer3": {
        "dhcp_client": {
            "enable": True,
            "create_default_route": True,
            "default_route_metric": 10
        }
    },
    "folder": "Interfaces"
}

Layer 3 Mode with PPPoE

Layer 3 mode using PPPoE for ISP connections.

interface_data = {
    "name": "$pppoe-interface",
    "default_value": "ethernet1/1",
    "layer3": {
        "pppoe": {
            "enable": True,
            "username": "user@isp.com",
            "password": "secret",
            "authentication": "auto"
        }
    },
    "folder": "Interfaces"
}

TAP Mode

TAP mode for traffic monitoring without affecting traffic flow.

interface_data = {
    "name": "$tap-interface",
    "tap": {},
    "folder": "Interfaces"
}

Naming Convention

Ethernet interface names in SCM must start with $ (dollar sign) as they are variable references. The default_value field specifies the physical interface assignment.

# Correct usage
{
    "name": "$wan-interface",        # Variable name (required $ prefix)
    "default_value": "ethernet1/1",  # Physical interface assignment
    "folder": "Interfaces"
}

Exceptions

Exception	HTTP Code	Description
InvalidObjectError	400	Invalid data or parameters
MissingQueryParameterError	400	Missing required parameters
ObjectNotPresentError	404	Interface not found
AuthenticationError	401	Authentication failed
ServerError	500	Internal server error

Methods

List Ethernet Interfaces

# List all interfaces in a folder
interfaces = client.ethernet_interface.list(folder="Interfaces")

for iface in interfaces:
    print(f"Name: {iface.name}")
    if iface.layer2:
        print(f"  Mode: Layer 2, VLAN: {iface.layer2.vlan_tag}")
    elif iface.layer3:
        print(f"  Mode: Layer 3")
    elif iface.tap:
        print(f"  Mode: TAP")

# Filter by mode
layer3_interfaces = client.ethernet_interface.list(
    folder="Interfaces",
    mode="layer3"
)

# Filter by link speed
gigabit_interfaces = client.ethernet_interface.list(
    folder="Interfaces",
    link_speed="1000"
)

Filtering Responses

# Exact match only
exact_interfaces = client.ethernet_interface.list(
    folder="Interfaces",
    exact_match=True
)

# Exclude specific folders
filtered = client.ethernet_interface.list(
    folder="Interfaces",
    exclude_folders=["All"]
)

Fetch an Ethernet Interface

# Fetch by name
interface = client.ethernet_interface.fetch(
    name="$wan-interface",
    folder="Interfaces"
)
print(f"Found interface: {interface.name}")

# Get by ID
interface_by_id = client.ethernet_interface.get(interface.id)

Create an Ethernet Interface

# Create Layer 3 interface with static IP
layer3_interface = {
    "name": "$wan-interface",
    "default_value": "ethernet1/1",
    "comment": "WAN Interface",
    "link_speed": "1000",
    "link_duplex": "full",
    "layer3": {
        "ip": [{"name": "203.0.113.1/24"}],
        "mtu": 1500,
        "arp": [
            {"name": "203.0.113.254", "hw_address": "00:11:22:33:44:55"}
        ]
    },
    "folder": "Interfaces"
}

result = client.ethernet_interface.create(layer3_interface)
print(f"Created interface: {result.name} ({result.id})")

# Create Layer 2 interface
layer2_interface = {
    "name": "$layer2-interface",
    "layer2": {
        "vlan_tag": "200",
        "lldp": {"enable": True}
    },
    "folder": "Interfaces"
}

result = client.ethernet_interface.create(layer2_interface)

Update an Ethernet Interface

# Fetch existing interface
existing = client.ethernet_interface.fetch(
    name="$wan-interface",
    folder="Interfaces"
)

# Modify attributes
existing.comment = "Updated WAN Interface"
if existing.layer3:
    existing.layer3.mtu = 9000

# Update
updated = client.ethernet_interface.update(existing)

Delete an Ethernet Interface

client.ethernet_interface.delete("123e4567-e89b-12d3-a456-426655440000")

Use Cases

Managing Configuration Changes

# Commit changes
result = client.commit(
    folders=["Interfaces"],
    description="Updated ethernet interfaces",
    sync=True
)

print(f"Commit job ID: {result.job_id}")

Error Handling

from scm.exceptions import (
    InvalidObjectError,
    MissingQueryParameterError,
    ObjectNotPresentError
)

try:
    interface = client.ethernet_interface.create({
        "name": "$test-interface",
        "layer2": {"vlan_tag": "100"},
        "layer3": {"ip": [{"name": "10.0.0.1/24"}]},  # Error: both modes
        "folder": "Interfaces"
    })
except InvalidObjectError as e:
    print(f"Invalid configuration: {e.message}")
except MissingQueryParameterError as e:
    print(f"Missing parameter: {e.message}")

# Name pattern validation
try:
    interface = client.ethernet_interface.create({
        "name": "ethernet1/1",  # Error: missing $ prefix
        "folder": "Interfaces"
    })
except ValidationError as e:
    print("Name must start with $ (dollar sign)")

Related Topics

• EthernetInterfaceCreateModel
• EthernetInterfaceUpdateModel
• EthernetInterfaceResponseModel
• EthernetLayer2
• EthernetLayer3