Input variables for eos_cli_config_gen

This document describes the supported input variables for the role arista.avd.eos_cli_config_gen.

Since several data models have changed between AVD versions 3.x and 4.x, it is recommended to study the Porting Guide for AVD 4.x.x for existing deployments.

The input variables are documented below in tables and YAML.

All values are optional.

Note

All input variables are validated by a schema. If additional custom keys are desired, a key starting with an underscore _, will be ignored.

Warning

Available features and variables may vary by platforms, refer to documentation on arista.com for specifics.

Authentication

AAA accounting

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aaa_accounting	Dictionary
exec	Dictionary
console	Dictionary
type	String			Valid Values: - none - start-stop - stop-only
group	String				Group Name
default	Dictionary
type	String			Valid Values: - none - start-stop - stop-only
group	String				Group Name
system	Dictionary
default	Dictionary
type	String			Valid Values: - none - start-stop - stop-only
group	String				Group Name
dot1x	Dictionary
default	Dictionary
type	String			Valid Values: - start-stop - stop-only
group	String				Group Name
commands	Dictionary
console	List, items: Dictionary
- commands	String				Privelege level ‘all’ or 0-15
type	String			Valid Values: - none - start-stop - stop-only
group	String				Group Name
logging	Boolean
default	List, items: Dictionary
- commands	String				Privelege level ‘all’ or 0-15
type	String			Valid Values: - none - start-stop - stop-only
group	String				Group Name
logging	Boolean

aaa_accounting:
  exec:
    console:
      type: <str>
      group: <str>
    default:
      type: <str>
      group: <str>
  system:
    default:
      type: <str>
      group: <str>
  dot1x:
    default:
      type: <str>
      group: <str>
  commands:
    console:
      - commands: <str>
        type: <str>
        group: <str>
        logging: <bool>
    default:
      - commands: <str>
        type: <str>
        group: <str>
        logging: <bool>

AAA authentication

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aaa_authentication	Dictionary
login	Dictionary
default	String				Login authentication method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local”
console	String				Console authentication method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local”
enable	Dictionary
default	String				Enable authentication method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local”
dot1x	Dictionary
default	String				802.1x authentication method(s) as a string. Examples: - “group radius” - “group MYGROUP group radius”
policies	Dictionary
on_failure_log	Boolean
on_success_log	Boolean
local	Dictionary
allow_nopassword	Boolean
lockout	Dictionary
failure	Integer			Min: 1 Max: 255
duration	Integer			Min: 1 Max: 4294967295
window	Integer			Min: 1 Max: 4294967295

aaa_authentication:
  login:
    default: <str>
    console: <str>
  enable:
    default: <str>
  dot1x:
    default: <str>
  policies:
    on_failure_log: <bool>
    on_success_log: <bool>
    local:
      allow_nopassword: <bool>
    lockout:
      failure: <int>
      duration: <int>
      window: <int>

AAA authorization

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aaa_authorization	Dictionary
policy	Dictionary
local_default_role	String
exec	Dictionary
default	String				Exec authorization method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local”
config_commands	Boolean
serial_console	Boolean
dynamic	Dictionary
dot1x_additional_groups	List, items: String			Min Length: 1
- <str>	String
commands	Dictionary
all_default	String				Command authorization method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group tacacs+ group MYGROUP local
privilege	List, items: Dictionary
- level	String				Privilege level(s) 0-15
default	String				Command authorization method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group tacacs+ group MYGROUP local”

aaa_authorization:
  policy:
    local_default_role: <str>
  exec:
    default: <str>
  config_commands: <bool>
  serial_console: <bool>
  dynamic:
    dot1x_additional_groups:
      - <str>
  commands:
    all_default: <str>
    privilege:
      - level: <str>
        default: <str>

AAA root

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aaa_root	Dictionary
secret	Dictionary
sha512_password	String

aaa_root:
  secret:
    sha512_password: <str>

AAA server groups

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aaa_server_groups	List, items: Dictionary
- name	String				Group name
type	String			Valid Values: - tacacs+ - radius - ldap
servers	List, items: Dictionary
- server	String				Hostname or IP address
vrf	String				VRF name

aaa_server_groups:
  - name: <str>
    type: <str>
    servers:
      - server: <str>
        vrf: <str>

Enable password

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
enable_password	Dictionary
hash_algorithm	String			Valid Values: - md5 - sha512
key	String				Must be the hash of the password using the specified algorithm. By default EOS salts the password, so the simplest is to generate the hash on an EOS device.

enable_password:
  hash_algorithm: <str>
  key: <str>

IP radius source-interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_radius_source_interfaces	List, items: Dictionary
- name	String				Interface Name
vrf	String				VRF Name

ip_radius_source_interfaces:
  - name: <str>
    vrf: <str>

IP tacacs source-interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_tacacs_source_interfaces	List, items: Dictionary
- name	String				Interface name
vrf	String

ip_tacacs_source_interfaces:
  - name: <str>
    vrf: <str>

Local users

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
local_users	List, items: Dictionary
- name	String	Required, Unique			Username
disabled	Boolean				If true, the user will be removed and all other settings are ignored. Useful for removing the default “admin” user.
privilege	Integer			Min: 0 Max: 15	Initial privilege level with local EXEC authorization.
role	String				EOS RBAC Role to be assigned to the user such as “network-admin” or “network-operator”
sha512_password	String				SHA512 Hash of Password Must be the hash of the password. By default EOS salts the password with the username, so the simplest is to generate the hash on an EOS device using the same username.
no_password	Boolean				If set a password will not be configured for this user. “sha512_password” MUST not be defined for this user.
ssh_key	String
shell	String			Valid Values: - /bin/bash - /bin/sh - /sbin/nologin	Specify shell for the user

local_users:
  - name: <str>
    disabled: <bool>
    privilege: <int>
    role: <str>
    sha512_password: <str>
    no_password: <bool>
    ssh_key: <str>
    shell: <str>

Radius server

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
radius_server	Dictionary
attribute_32_include_in_access_req	Dictionary
hostname	Boolean
format	String				Specify the format of the NAS-Identifier. If ‘hostname’ is set, this is ignored.
dynamic_authorization	Dictionary
port	Integer			Min: 0 Max: 65535	TCP Port
tls_ssl_profile	String				Name of TLS profile
hosts	List, items: Dictionary
- host	String	Required, Unique			Host IP address or name
vrf	String
timeout	Integer			Min: 1 Max: 1000
retransmit	Integer			Min: 0 Max: 100
key	String				Encrypted key

radius_server:
  attribute_32_include_in_access_req:
    hostname: <bool>
    format: <str>
  dynamic_authorization:
    port: <int>
    tls_ssl_profile: <str>
  hosts:
    - host: <str>
      vrf: <str>
      timeout: <int>
      retransmit: <int>
      key: <str>

Radius servers

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
radius_servers deprecated	List, items: Dictionary				This key is deprecated. Support will be removed in AVD version v5.0.0. Use radius_server.hosts instead.
- host	String				Host IP address or name
vrf	String
key	String				Encrypted key

radius_servers:
  - host: <str>
    vrf: <str>
    key: <str>

Roles

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
roles	List, items: Dictionary
- name	String				Role name
sequence_numbers	List, items: Dictionary
- sequence	Integer				Sequence number
action	String			Valid Values: - permit - deny
mode	String				“config”, “config-all”, “exec” or mode key as string
command	String				Command as string

roles:
  - name: <str>
    sequence_numbers:
      - sequence: <int>
        action: <str>
        mode: <str>
        command: <str>

Tacacs servers

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
tacacs_servers	Dictionary
hosts	List, items: Dictionary
- host	String				Host IP address or name
vrf	String
key	String				Encrypted key
key_type	String		7	Valid Values: - 0 - 7 - 8a
single_connection	Boolean
timeout	Integer
policy_unknown_mandatory_attribute_ignore	Boolean

tacacs_servers:
  hosts:
    - host: <str>
      vrf: <str>
      key: <str>
      key_type: <str>
      single_connection: <bool>
      timeout: <int>
  policy_unknown_mandatory_attribute_ignore: <bool>

ACLs

IP Extended access-lists

AVD currently supports two different data models for extended ACLs:

• The legacy access_lists data model, for compatibility with existing deployments
• The improved ip_access_lists data model, for access to more EOS features

Both data models can coexists without conflicts, as different keys are used: access_lists vs ip_access_lists. Access list names must be unique.

The legacy data model supports simplified ACL definition with sequence to action mapping:

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
access_lists	List, items: Dictionary
- name	String	Required, Unique			Access-list Name
counters_per_entry	Boolean
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID
action	String	Required			Action as string Example: “deny ip any any”

access_lists:
  - name: <str>
    counters_per_entry: <bool>
    sequence_numbers:
      - sequence: <int>
        action: <str>

The improved data model has a more sophisticated design documented below:

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_access_lists	List, items: Dictionary
- name	String	Required, Unique			Access-list Name
counters_per_entry	Boolean
entries	List, items: Dictionary				ACL Entries
- sequence	Integer				ACL entry sequence number.
remark	String				Comment up to 100 characters. If remark is defined, other keys in acl entry will be ignored.
action	String			Valid Values: - permit - deny	ACL action. Required for standard entry.
protocol	String				ip, tcp, udp, icmp or other protocol name or number. Required for standard entry.
source	String				any, A.B.C.D/E or A.B.C.D. A.B.C.D without a mask means host. Required for standard entry.
source_ports_match	String		eq	Valid Values: - eq - gt - lt - neq - range
source_ports	List, items: String
- <str>	String				TCP/UDP source port name or number.
destination	String				any, A.B.C.D/E or A.B.C.D. A.B.C.D without a mask means host. Required for standard entry.
destination_ports_match	String		eq	Valid Values: - eq - gt - lt - neq - range
destination_ports	List, items: String
- <str>	String				TCP/UDP destination port name or number.
tcp_flags	List, items: String
- <str>	String				TCP Flag Name
fragments	Boolean				Match non-head fragment packets.
log	Boolean				Log matches against this rule.
ttl	Integer			Min: 0 Max: 254	TTL value
ttl_match	String		eq	Valid Values: - eq - gt - lt - neq
icmp_type	String				Message type name/number for ICMP packets.
icmp_code	String				Message code for ICMP packets.
nexthop_group	String				nexthop-group name.
tracked	Boolean				Match packets in existing ICMP/UDP/TCP connections.
dscp	String				DSCP value or name.
vlan_number	Integer
vlan_inner	Boolean		False
vlan_mask	String				0x000-0xFFF VLAN mask.

ip_access_lists:
  - name: <str>
    counters_per_entry: <bool>
    entries:
      - sequence: <int>
        remark: <str>
        action: <str>
        protocol: <str>
        source: <str>
        source_ports_match: <str>
        source_ports:
          - <str>
        destination: <str>
        destination_ports_match: <str>
        destination_ports:
          - <str>
        tcp_flags:
          - <str>
        fragments: <bool>
        log: <bool>
        ttl: <int>
        ttl_match: <str>
        icmp_type: <str>
        icmp_code: <str>
        nexthop_group: <str>
        tracked: <bool>
        dscp: <str>
        vlan_number: <int>
        vlan_inner: <bool>
        vlan_mask: <str>

The improved data model allows to limit the number of ACL entries that AVD is allowed to generate by defining ip_access_lists_max_entries. Only normal entries under ip_access_lists will be counted, remarks will be ignored. If the number is above the limit, the playbook will fail. This provides a simplified control over hardware utilization. The numbers must be based on the hardware tests and AVD does not provide any guidance. Note that other EOS features may use the same hardware resources and affect the supported scale.

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_access_lists_max_entries	Integer				Limit ACL entries defined under the ip_access_lists.

ip_access_lists_max_entries: <int>

IPv6 access-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_access_lists	List, items: Dictionary
- name	String	Required, Unique			IPv6 Access-list Name
counters_per_entry	Boolean
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID
action	String	Required			Action as string Example: “deny ipv6 any any”

ipv6_access_lists:
  - name: <str>
    counters_per_entry: <bool>
    sequence_numbers:
      - sequence: <int>
        action: <str>

IPv6 standard access-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_standard_access_lists	List, items: Dictionary
- name	String	Required, Unique			Access-list Name
counters_per_entry	Boolean
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID
action	String	Required			Action as string Example: “deny ipv6 any any”

ipv6_standard_access_lists:
  - name: <str>
    counters_per_entry: <bool>
    sequence_numbers:
      - sequence: <int>
        action: <str>

MAC access-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
mac_access_lists	List, items: Dictionary
- name	String	Required, Unique			MAC Access-list Name
counters_per_entry	Boolean
entries	List, items: Dictionary
- sequence	Integer
action	String

mac_access_lists:
  - name: <str>
    counters_per_entry: <bool>
    entries:
      - sequence: <int>
        action: <str>

Standard access-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
standard_access_lists	List, items: Dictionary
- name	String	Required, Unique			Access-list Name
counters_per_entry	Boolean
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID
action	String	Required			Action as string Example: “deny ip any any”

standard_access_lists:
  - name: <str>
    counters_per_entry: <bool>
    sequence_numbers:
      - sequence: <int>
        action: <str>

Endpoint Security

Address-locking

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
address_locking	Dictionary
dhcp_servers_ipv4	List, items: String
- <str>	String				DHCP server IPv4 address
disabled	Boolean				Disable IP locking on configured ports
leases	List, items: Dictionary
- ip	String	Required			IP address
mac	String	Required			MAC address (hhhh.hhhh.hhhh or hh:hh:hh:hh:hh:hh)
local_interface	String
locked_address	Dictionary
expiration_mac_disabled	Boolean				Configure deauthorizing locked addresses upon MAC aging out
ipv4_enforcement_disabled	Boolean				Configure enforcement for locked IPv4 addresses
ipv6_enforcement_disabled	Boolean				Configure enforcement for locked IPv6 addresses

address_locking:
  dhcp_servers_ipv4:
    - <str>
  disabled: <bool>
  leases:
    - ip: <str>
      mac: <str>
  local_interface: <str>
  locked_address:
    expiration_mac_disabled: <bool>
    ipv4_enforcement_disabled: <bool>
    ipv6_enforcement_disabled: <bool>

Dot1x

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
dot1x	Dictionary
system_auth_control	Boolean
protocol_lldp_bypass	Boolean
dynamic_authorization	Boolean
mac_based_authentication	Dictionary
delay	Integer			Min: 0 Max: 300
hold_period	Integer			Min: 1 Max: 300
radius_av_pair	Dictionary
service_type	Boolean
framed_mtu	Integer			Min: 68 Max: 9236

dot1x:
  system_auth_control: <bool>
  protocol_lldp_bypass: <bool>
  dynamic_authorization: <bool>
  mac_based_authentication:
    delay: <int>
    hold_period: <int>
  radius_av_pair:
    service_type: <bool>
    framed_mtu: <int>

MAC security

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
mac_security	Dictionary
license	Dictionary	Required
license_name	String	Required
license_key	String	Required
fips_restrictions	Boolean	Required
profiles	List, items: Dictionary
- name	String	Required, Unique			Profile-Name
cipher	String			Valid Values: - aes128-gcm - aes128-gcm-xpn - aes256-gcm - aes256-gcm-xpn
connection_keys	List, items: Dictionary
- id	String	Required, Unique
encrypted_key	String
fallback	Boolean
mka	Dictionary
key_server_priority	Integer			Min: 0 Max: 255
session	Dictionary
rekey_period	Integer			Min: 30 Max: 100000	Rekey period in seconds
sci	Boolean
l2_protocols	Dictionary
ethernet_flow_control	Dictionary
mode	String	Required		Valid Values: - encrypt - bypass
lldp	Dictionary
mode	String	Required		Valid Values: - bypass - bypass unauthorized

mac_security:
  license:
    license_name: <str>
    license_key: <str>
  fips_restrictions: <bool>
  profiles:
    - name: <str>
      cipher: <str>
      connection_keys:
        - id: <str>
          encrypted_key: <str>
          fallback: <bool>
      mka:
        key_server_priority: <int>
        session:
          rekey_period: <int>
      sci: <bool>
      l2_protocols:
        ethernet_flow_control:
          mode: <str>
        lldp:
          mode: <str>

Filters and policies

AS path

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
as_path	Dictionary
regex_mode	String			Valid Values: - asn - string
access_lists	List, items: Dictionary
- name	String				Access List Name
entries	List, items: Dictionary
- type	String			Valid Values: - permit - deny
match	String				Regex To Match
origin	String		any	Valid Values: - any - egp - igp - incomplete

as_path:
  regex_mode: <str>
  access_lists:
    - name: <str>
      entries:
        - type: <str>
          match: <str>
          origin: <str>

Class-maps

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
class_maps	Dictionary
pbr	List, items: Dictionary
- name	String	Required, Unique			Class-Map Name
ip	Dictionary
access_group	String				Standard Access-List Name
qos	List, items: Dictionary
- name	String	Required, Unique			Class-Map Name
vlan	Integer				VLAN value(s) or range(s) of VLAN values
cos	Integer				CoS value(s) or range(s) of CoS values
ip	Dictionary
access_group	String				IPv4 Access-List Name
ipv6	Dictionary
access_group	String				IPv6 Access-List Name

class_maps:
  pbr:
    - name: <str>
      ip:
        access_group: <str>
  qos:
    - name: <str>
      vlan: <int>
      cos: <int>
      ip:
        access_group: <str>
      ipv6:
        access_group: <str>

Dynamic prefix lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
dynamic_prefix_lists	List, items: Dictionary
- name	String				Dynamic prefix-list name
match_map	String				Route-map name
prefix_list	Dictionary
ipv4	String				Prefix-list name
ipv6	String				Prefix-list name

dynamic_prefix_lists:
  - name: <str>
    match_map: <str>
    prefix_list:
      ipv4: <str>
      ipv6: <str>

IP community lists

AVD currently supports two different data models for community lists:

• The legacy community_lists data model that can be used for compatibility with the existing deployments.
• The improved ip_community_lists data model.

Both data models can coexist without conflicts, as different keys are used: community_lists vs ip_community_lists. Community list names must be unique.

The legacy data model supports simplified community list definition that only allows a single action to be defined as string:

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
community_lists	List, items: Dictionary
- name	String	Required, Unique			Community-list Name
action	String	Required			Action as string Example: “permit GSHUT 65123:123”

community_lists:
  - name: <str>
    action: <str>

The improved data model has a better design documented below:

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_community_lists	List, items: Dictionary				Communities and regexp entries MUST not be configured in the same community-list
- name	String	Required, Unique			IP Community-list Name
entries	List, items: Dictionary	Required
- action	String	Required		Valid Values: - permit - deny
communities	List, items: String				If defined, a standard community-list will be configured. Supported community strings (case insensitive): - GSHUT - internet - local-as - no-advertise - no-export - <1-4294967040> - aa:nn
- <str>	String
regexp	String				Regular Expression If defined, a regex community-list will be configured

ip_community_lists:
  - name: <str>
    entries:
      - action: <str>
        communities:
          - <str>
        regexp: <str>

IP extcommunity-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_extcommunity_lists	List, items: Dictionary
- name	String	Required, Unique			Community-list Name
entries	List, items: Dictionary	Required
- type	String	Required		Valid Values: - permit - deny
extcommunities	String	Required			Communities as string Example: “65000:65000”

ip_extcommunity_lists:
  - name: <str>
    entries:
      - type: <str>
        extcommunities: <str>

IP extcommunity-lists-regexp

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_extcommunity_lists_regexp	List, items: Dictionary
- name	String	Required, Unique			Community-list Name
entries	List, items: Dictionary	Required
- type	String	Required		Valid Values: - permit - deny
regexp	String	Required			Regular Expression

ip_extcommunity_lists_regexp:
  - name: <str>
    entries:
      - type: <str>
        regexp: <str>

IPv6 prefix-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_prefix_lists	List, items: Dictionary
- name	String	Required, Unique			Prefix-list Name
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID
action	String	Required			Action as string Example: “permit 1b11:3a00:22b0:0082::/64 eq 128”

ipv6_prefix_lists:
  - name: <str>
    sequence_numbers:
      - sequence: <int>
        action: <str>

Match list input

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
match_list_input	Dictionary
string	List, items: Dictionary
- name	String	Required, Unique			Match-list Name
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID
match_regex	String	Required			Regular Expression

match_list_input:
  string:
    - name: <str>
      sequence_numbers:
        - sequence: <int>
          match_regex: <str>

Peer-filters

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
peer_filters	List, items: Dictionary
- name	String	Required, Unique			Peer-filter Name
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID
match	String	Required			Match as string Example: “as-range 1-100 result accept”

peer_filters:
  - name: <str>
    sequence_numbers:
      - sequence: <int>
        match: <str>

Policy-maps

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
policy_maps	Dictionary
pbr	List, items: Dictionary				PBR Policy-Maps
- name	String	Required, Unique			Policy-Map Name
classes	List, items: Dictionary
- name	String	Required, Unique			Class Name
index	Integer
drop	Boolean				‘drop’ and ‘set’ are mutually exclusive
set	Dictionary				Set Nexthop ‘drop’ and ‘set’ are mutually exclusive
nexthop	Dictionary
ip_address	String				IPv4 or IPv6 Address
recursive	Boolean
qos	List, items: Dictionary				QOS Policy-Maps
- name	String	Required, Unique			Policy-Map Name
classes	List, items: Dictionary
- name	String	Required, Unique			Class Name
set	Dictionary
cos	Integer
dscp	String
traffic_class	Integer
drop_precedence	Integer

policy_maps:
  pbr:
    - name: <str>
      classes:
        - name: <str>
          index: <int>
          drop: <bool>
          set:
            nexthop:
              ip_address: <str>
              recursive: <bool>
  qos:
    - name: <str>
      classes:
        - name: <str>
          set:
            cos: <int>
            dscp: <str>
            traffic_class: <int>
            drop_precedence: <int>

Prefix-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
prefix_lists	List, items: Dictionary
- name	String	Required, Unique			Prefix-list Name
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID
action	String	Required			Action as string Example: “permit 10.255.0.0/27 eq 32”

prefix_lists:
  - name: <str>
    sequence_numbers:
      - sequence: <int>
        action: <str>

Route-maps

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
route_maps	List, items: Dictionary
- name	String	Required, Unique			Route-map Name
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID
type	String	Required		Valid Values: - permit - deny
description	String
match	List, items: String				List of “match” statements
- <str>	String				Match as string Example: “ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY”
set	List, items: String				List of “set” statements
- <str>	String				Set as string Example: “origin incomplete”
sub_route_map	String				Name of Sub-Route-map
continue	Dictionary
enabled	Boolean
sequence_number	Integer

route_maps:
  - name: <str>
    sequence_numbers:
      - sequence: <int>
        type: <str>
        description: <str>
        match:
          - <str>
        set:
          - <str>
        sub_route_map: <str>
        continue:
          enabled: <bool>
          sequence_number: <int>

Trackers

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
trackers	List, items: Dictionary
- name	String	Required, Unique			Name of tracker object
interface	String	Required			Name of tracked interface
tracked_property	String		line-protocol		Property to track

trackers:
  - name: <str>
    interface: <str>
    tracked_property: <str>

Traffic policies

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
traffic_policies	Dictionary
options	Dictionary
counter_per_interface	Boolean
field_sets	Dictionary
ipv4	List, items: Dictionary
- name	String	Required, Unique			IPv4 Prefix Field Set Name
prefixes	List, items: String
- <str>	String				IPv4 Prefix
ipv6	List, items: Dictionary
- name	String	Required, Unique			IPv6 Prefix Field Set Name
prefixes	List, items: String
- <str>	String				IPv6 Prefix
ports	List, items: Dictionary
- name	String	Required, Unique			L4 Port Field Set Name
port_range	String				Example: ‘10,20,80,440-450’
policies	List, items: Dictionary
- name	String	Required, Unique			Traffic Policy Name
matches	List, items: Dictionary
- name	String	Required, Unique			Traffic Policy Item
type	String			Valid Values: - ipv4 - ipv6
source	Dictionary
prefixes	List, items: String
- <str>	String				IP address or prefix
prefix_lists	List, items: String				Field-set prefix lists
- <str>	String
destination	Dictionary
prefixes	List, items: String
- <str>	String				IP address or prefix
prefix_lists	List, items: String				Field-set prefix lists
- <str>	String
ttl	String				TTL range
fragment	Dictionary				The ‘fragment’ command is not supported when ‘source port’ or ‘destination port’ command is configured
offset	String				Fragment offset range
protocols	List, items: Dictionary
- protocol	String	Required, Unique
src_port	String				Port range
dst_port	String				Port range
src_field	String				L4 port range field set
dst_field	String				L4 port range field set
flags	List, items: String
- <str>	String			Valid Values: - established - initial
icmp_type	List, items: String
- <str>	String
actions	Dictionary
dscp	Integer
traffic_class	Integer				Traffic class ID
count	String				Counter name
drop	Boolean
log	Boolean				Only supported when action is set to drop
default_actions	Dictionary
ipv4	Dictionary
dscp	Integer
traffic_class	Integer				Traffic class ID
count	String				Counter name
drop	Boolean
log	Boolean				Only supported when action is set to drop
ipv6	Dictionary
dscp	Integer
traffic_class	Integer				Traffic class ID
count	String				Counter name
drop	Boolean
log	Boolean				Only supported when action is set to drop

traffic_policies:
  options:
    counter_per_interface: <bool>
  field_sets:
    ipv4:
      - name: <str>
        prefixes:
          - <str>
    ipv6:
      - name: <str>
        prefixes:
          - <str>
    ports:
      - name: <str>
        port_range: <str>
  policies:
    - name: <str>
      matches:
        - name: <str>
          type: <str>
          source:
            prefixes:
              - <str>
            prefix_lists:
              - <str>
          destination:
            prefixes:
              - <str>
            prefix_lists:
              - <str>
          ttl: <str>
          fragment:
            offset: <str>
          protocols:
            - protocol: <str>
              src_port: <str>
              dst_port: <str>
              src_field: <str>
              dst_field: <str>
              flags:
                - <str>
              icmp_type:
                - <str>
          actions:
            dscp: <int>
            traffic_class: <int>
            count: <str>
            drop: <bool>
            log: <bool>
      default_actions:
        ipv4:
          dscp: <int>
          traffic_class: <int>
          count: <str>
          drop: <bool>
          log: <bool>
        ipv6:
          dscp: <int>
          traffic_class: <int>
          count: <str>
          drop: <bool>
          log: <bool>

Interfaces

Errdisable

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
errdisable	Dictionary
detect	Dictionary
causes	List, items: String
- <str>	String			Valid Values: - acl - arp-inspection - dot1x - link-change - tapagg - xcvr-misconfigured - xcvr-overheat - xcvr-power-unsupported
recovery	Dictionary
causes	List, items: String
- <str>	String			Valid Values: - arp-inspection - bpduguard - dot1x - hitless-reload-down - lacp-rate-limit - link-flap - no-internal-vlan - portchannelguard - portsec - speed-misconfigured - tap-port-init - tapagg - uplink-failure-detection - xcvr-misconfigured - xcvr-overheat - xcvr-power-unsupported - xcvr-unsupported
interval	Integer		300	Min: 30 Max: 86400	Interval in seconds

errdisable:
  detect:
    causes:
      - <str>
  recovery:
    causes:
      - <str>
    interval: <int>

Ethernet interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ethernet_interfaces	List, items: Dictionary
- name	String	Required, Unique
description	String
shutdown	Boolean
load_interval	Integer			Min: 0 Max: 600	Interval in seconds for updating interface counters”
speed	String				Speed can be interface_speed or forced interface_speed or auto interface_speed
mtu	Integer
l2_mtu	Integer				“l2_mtu” should only be defined for platforms supporting the “l2 mtu” CLI
vlans	String				List of switchport vlans as string For a trunk port this would be a range like “1-200,300” For an access port this would be a single vlan “123”
native_vlan	Integer
native_vlan_tag	Boolean				If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence
mode	String			Valid Values: - access - dot1q-tunnel - trunk - trunk phone
phone	Dictionary
trunk	String			Valid Values: - tagged - tagged phone - untagged - untagged phone
vlan	Integer			Min: 1 Max: 4094
l2_protocol	Dictionary
encapsulation_dot1q_vlan	Integer				Vlan tag to configure on sub-interface
forwarding_profile	String				L2 protocol forwarding profile
trunk_groups	List, items: String
- <str>	String
type	String			Valid Values: - routed - switched - l3dot1q - l2dot1q - port-channel-member	l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed. Interface will not be listed in device documentation, unless “type” is set.
snmp_trap_link_change	Boolean
address_locking	Dictionary
ipv4	Boolean				Enable address locking for IPv4
ipv6	Boolean				Enable address locking for IPv6
flowcontrol	Dictionary
received	String			Valid Values: - desired - on - off
vrf	String				VRF name
flow_tracker	Dictionary
sampled	String				Flow tracker name
error_correction_encoding	Dictionary
enabled	Boolean		True
fire_code	Boolean
reed_solomon	Boolean
link_tracking_groups	List, items: Dictionary
- name	String	Required, Unique			Group name
direction	String			Valid Values: - upstream - downstream
evpn_ethernet_segment	Dictionary
identifier	String				EVPN Ethernet Segment Identifier (Type 1 format)
redundancy	String			Valid Values: - all-active - single-active
designated_forwarder_election	Dictionary
algorithm	String			Valid Values: - modulus - preference
preference_value	Integer			Min: 0 Max: 65535	Preference_value is only used when “algorithm” is “preference”
dont_preempt	Boolean				Dont_preempt is only used when “algorithm” is “preference”
hold_time	Integer
subsequent_hold_time	Integer
candidate_reachability_required	Boolean
mpls	Dictionary
shared_index	Integer			Min: 1 Max: 1024
tunnel_flood_filter_time	Integer
route_target	String				EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx
encapsulation_dot1q_vlan	Integer				VLAN tag to configure on sub-interface
encapsulation_vlan	Dictionary
client	Dictionary
dot1q	Dictionary
vlan	Integer				Client VLAN ID
outer	Integer				Client Outer VLAN ID
inner	Integer				Client Inner VLAN ID
unmatched	Boolean
network	Dictionary				Network encapsulations are all optional and skipped if using client unmatched
dot1q	Dictionary
vlan	Integer				Network VLAN ID
outer	Integer				Network outer VLAN ID
inner	Integer				Network inner VLAN ID
client	Boolean
vlan_id	Integer			Min: 1 Max: 4094
ip_address	String				IPv4 address/mask
ip_address_secondaries	List, items: String
- <str>	String
ip_helpers	List, items: Dictionary
- ip_helper	String	Required, Unique
source_interface	String				Source interface name
vrf	String				VRF name
ip_nat	Dictionary
destination	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
pool_name	String	Required
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive
original_ip	String	Required, Unique			IPv4 address
original_port	Integer			Min: 1 Max: 65535
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’
source	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
nat_type	String	Required		Valid Values: - overload - pool - pool-address-only - pool-full-cone
pool_name	String				required if ‘nat_type’ is pool, pool-address-only or pool-full-cone ignored if ‘nat_type’ is overload
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive
original_ip	String	Required, Unique			IPv4 address
original_port	Integer			Min: 1 Max: 65535
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’
ipv6_enable	Boolean
ipv6_address	String
ipv6_address_link_local	String				Link local IPv6 address/mask
ipv6_nd_ra_disabled	Boolean
ipv6_nd_managed_config_flag	Boolean
ipv6_nd_prefixes	List, items: Dictionary
- ipv6_prefix	String	Required, Unique
valid_lifetime	String				Infinite or lifetime in seconds
preferred_lifetime	String				Infinite or lifetime in seconds
no_autoconfig_flag	Boolean
ipv6_dhcp_relay_destinations	List, items: Dictionary
- address	String	Required, Unique			DHCP server’s IPv6 address
vrf	String
local_interface	String				Local interface to communicate with DHCP server - mutually exclusive to source_address
source_address	String				Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface
link_address	String				Override the default link address specified in the relayed DHCP packet
access_group_in	String				Access list name
access_group_out	String				Access list name
ipv6_access_group_in	String				IPv6 access list name
ipv6_access_group_out	String				IPv6 access list name
mac_access_group_in	String				MAC access list name
mac_access_group_out	String				MAC access list name
multicast	Dictionary				Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both
ipv4	Dictionary
boundaries	List, items: Dictionary
- boundary	String				ACL name or multicast IP subnet
out	Boolean
static	Boolean
ipv6	Dictionary
boundaries	List, items: Dictionary
- boundary	String				ACL name or multicast IP subnet
static	Boolean
ospf_network_point_to_point	Boolean
ospf_area	String
ospf_cost	Integer
ospf_authentication	String			Valid Values: - none - simple - message-digest
ospf_authentication_key	String				Encrypted password - only type 7 supported
ospf_message_digest_keys	List, items: Dictionary
- id	Integer	Required, Unique
hash_algorithm	String			Valid Values: - md5 - sha1 - sha256 - sha384 - sha512
key	String				Encrypted password - only type 7 supported
pim	Dictionary
ipv4	Dictionary
dr_priority	Integer			Min: 0 Max: 429467295
sparse_mode	Boolean
mac_security	Dictionary
profile	String
channel_group	Dictionary
id	Integer
mode	String			Valid Values: - on - active - passive
isis_enable	String				ISIS instance
isis_passive	Boolean
isis_metric	Integer
isis_network_point_to_point	Boolean
isis_circuit_type	String			Valid Values: - level-1-2 - level-1 - level-2
isis_hello_padding	Boolean
isis_authentication_mode	String			Valid Values: - text - md5
isis_authentication_key	String				Type-7 encrypted password
poe	Dictionary
disabled	Boolean		False		Disable PoE on a POE capable port. PoE is enabled on all ports that support it by default in EOS.
priority	String			Valid Values: - critical - high - medium - low	Prioritize a port’s power in the event that one of the switch’s power supplies loses power
reboot	Dictionary				Set the PoE power behavior for a PoE port when the system is rebooted
action	String			Valid Values: - maintain - power-off	PoE action for interface
link_down	Dictionary				Set the PoE power behavior for a PoE port when the port goes down
action	String			Valid Values: - maintain - power-off	PoE action for interface
power_off_delay	Integer			Min: 1 Max: 86400	Number of seconds to delay shutting the power off after a link down event occurs. Default value is 5 seconds in EOS.
shutdown	Dictionary				Set the PoE power behavior for a PoE port when the port is admin down
action	String			Valid Values: - maintain - power-off	PoE action for interface
limit	Dictionary				Override the hardware-negotiated power limit using either wattage or a power class. Note that if using a power class, AVD will automatically convert the class value to the wattage value corresponding to that power class.
class	Integer			Min: 0 Max: 8
watts	String
fixed	Boolean				Set to ignore hardware classification
negotiation_lldp	Boolean				Disable to prevent port from negotiating power with powered devices over LLDP. Enabled by default in EOS.
legacy_detect	Boolean				Allow a subset of legacy devices to work with the PoE switch. Disabled by default in EOS because it can cause false positive detections.
ptp	Dictionary
enable	Boolean
announce	Dictionary
interval	Integer
timeout	Integer
delay_req	Integer
delay_mechanism	String			Valid Values: - e2e - p2p
sync_message	Dictionary
interval	Integer
role	String			Valid Values: - master - dynamic
vlan	String				VLAN can be ‘all’ or list of vlans as string
transport	String			Valid Values: - ipv4 - ipv6 - layer2
profile	String				Interface profile
storm_control	Dictionary
all	Dictionary
level	String				Configure maximum storm-control level
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependant
broadcast	Dictionary
level	String				Configure maximum storm-control level
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependant
multicast	Dictionary
level	String				Configure maximum storm-control level
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependant
unknown_unicast	Dictionary
level	String				Configure maximum storm-control level
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependant
logging	Dictionary
event	Dictionary
link_status	Boolean
congestion_drops	Boolean
spanning_tree	Boolean
storm_control	Boolean
lldp	Dictionary
transmit	Boolean
receive	Boolean
ztp_vlan	Integer				ZTP vlan number
trunk_private_vlan_secondary	Boolean
pvlan_mapping	String				List of vlans as string
vlan_translations	List, items: Dictionary
- from	String				List of vlans as string (only one vlan if direction is “both”)
to	Integer				VLAN ID
direction	String		both	Valid Values: - in - out - both
dot1x	Dictionary
port_control	String			Valid Values: - auto - force-authorized - force-unauthorized
port_control_force_authorized_phone	Boolean
reauthentication	Boolean
pae	Dictionary
mode	String			Valid Values: - authenticator
authentication_failure	Dictionary
action	String			Valid Values: - allow - drop
allow_vlan	Integer			Min: 1 Max: 4094
host_mode	Dictionary
mode	String			Valid Values: - multi-host - single-host
multi_host_authenticated	Boolean
mac_based_authentication	Dictionary
enabled	Boolean
always	Boolean
host_mode_common	Boolean
timeout	Dictionary
idle_host	Integer			Min: 10 Max: 65535
quiet_period	Integer			Min: 1 Max: 65535
reauth_period	String				Value can be 60-4294967295 or ‘server’
reauth_timeout_ignore	Boolean
tx_period	Integer			Min: 1 Max: 65535
reauthorization_request_limit	Integer			Min: 1 Max: 10
eapol	Dictionary
disabled	Boolean
authentication_failure_fallback_mba	Dictionary
enabled	Boolean
timeout	Integer			Min: 0 Max: 65535
service_profile	String				QOS profile
shape	Dictionary
rate	String				Rate in kbps, pps or percent Supported options are platform dependent Examples: - “5000 kbps” - “1000 pps” - “20 percent”
qos	Dictionary
trust	String			Valid Values: - dscp - cos - disabled
dscp	Integer				DSCP value
cos	Integer				COS value
spanning_tree_bpdufilter	String			Valid Values: - enabled - disabled - True - False - true - false
spanning_tree_bpduguard	String			Valid Values: - enabled - disabled - True - False - true - false
spanning_tree_guard	String			Valid Values: - loop - root - disabled
spanning_tree_portfast	String			Valid Values: - edge - network
vmtracer	Boolean
priority_flow_control	Dictionary
enabled	Boolean
priorities	List, items: Dictionary
- priority	Integer	Required, Unique		Min: 0 Max: 7
no_drop	Boolean
bfd	Dictionary
echo	Boolean
interval	Integer				Interval in milliseconds
min_rx	Integer				Rate in milliseconds
multiplier	Integer			Min: 3 Max: 50
service_policy	Dictionary
pbr	Dictionary
input	String				Policy Based Routing Policy-map name
qos	Dictionary
input	String	Required			Quality of Service Policy-map name
mpls	Dictionary
ip	Boolean
ldp	Dictionary
interface	Boolean
igp_sync	Boolean
lacp_timer	Dictionary
mode	String			Valid Values: - fast - normal
multiplier	Integer			Min: 3 Max: 3000
lacp_port_priority	Integer			Min: 0 Max: 65535
transceiver	Dictionary
media	Dictionary
override	String				Transceiver type
ip_proxy_arp	Boolean
traffic_policy	Dictionary
input	String				Ingress traffic policy
output	String				Egress traffic policy
bgp	Dictionary
session_tracker	String				Name of session tracker
peer	String				Key only used for documentation or validation purposes
peer_interface	String				Key only used for documentation or validation purposes
peer_type	String				Key only used for documentation or validation purposes
sflow	Dictionary
enable	Boolean
egress	Dictionary
enable	Boolean
unmodified_enable	Boolean
port_profile	String				Key only used for documentation or validation purposes
eos_cli	String				Multiline EOS CLI rendered directly on the ethernet interface in the final EOS configuration

ethernet_interfaces:
  - name: <str>
    description: <str>
    shutdown: <bool>
    load_interval: <int>
    speed: <str>
    mtu: <int>
    l2_mtu: <int>
    vlans: <str>
    native_vlan: <int>
    native_vlan_tag: <bool>
    mode: <str>
    phone:
      trunk: <str>
      vlan: <int>
    l2_protocol:
      encapsulation_dot1q_vlan: <int>
      forwarding_profile: <str>
    trunk_groups:
      - <str>
    type: <str>
    snmp_trap_link_change: <bool>
    address_locking:
      ipv4: <bool>
      ipv6: <bool>
    flowcontrol:
      received: <str>
    vrf: <str>
    flow_tracker:
      sampled: <str>
    error_correction_encoding:
      enabled: <bool>
      fire_code: <bool>
      reed_solomon: <bool>
    link_tracking_groups:
      - name: <str>
        direction: <str>
    evpn_ethernet_segment:
      identifier: <str>
      redundancy: <str>
      designated_forwarder_election:
        algorithm: <str>
        preference_value: <int>
        dont_preempt: <bool>
        hold_time: <int>
        subsequent_hold_time: <int>
        candidate_reachability_required: <bool>
      mpls:
        shared_index: <int>
        tunnel_flood_filter_time: <int>
      route_target: <str>
    encapsulation_dot1q_vlan: <int>
    encapsulation_vlan:
      client:
        dot1q:
          vlan: <int>
          outer: <int>
          inner: <int>
        unmatched: <bool>
      network:
        dot1q:
          vlan: <int>
          outer: <int>
          inner: <int>
        client: <bool>
    vlan_id: <int>
    ip_address: <str>
    ip_address_secondaries:
      - <str>
    ip_helpers:
      - ip_helper: <str>
        source_interface: <str>
        vrf: <str>
    ip_nat:
      destination:
        dynamic:
          - access_list: <str>
            comment: <str>
            pool_name: <str>
            priority: <int>
        static:
          - access_list: <str>
            comment: <str>
            direction: <str>
            group: <int>
            original_ip: <str>
            original_port: <int>
            priority: <int>
            protocol: <str>
            translated_ip: <str>
            translated_port: <int>
      source:
        dynamic:
          - access_list: <str>
            comment: <str>
            nat_type: <str>
            pool_name: <str>
            priority: <int>
        static:
          - access_list: <str>
            comment: <str>
            direction: <str>
            group: <int>
            original_ip: <str>
            original_port: <int>
            priority: <int>
            protocol: <str>
            translated_ip: <str>
            translated_port: <int>
    ipv6_enable: <bool>
    ipv6_address: <str>
    ipv6_address_link_local: <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>
    ipv6_nd_prefixes:
      - ipv6_prefix: <str>
        valid_lifetime: <str>
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>
    ipv6_dhcp_relay_destinations:
      - address: <str>
        vrf: <str>
        local_interface: <str>
        source_address: <str>
        link_address: <str>
    access_group_in: <str>
    access_group_out: <str>
    ipv6_access_group_in: <str>
    ipv6_access_group_out: <str>
    mac_access_group_in: <str>
    mac_access_group_out: <str>
    multicast:
      ipv4:
        boundaries:
          - boundary: <str>
            out: <bool>
        static: <bool>
      ipv6:
        boundaries:
          - boundary: <str>
        static: <bool>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str>
    ospf_authentication_key: <str>
    ospf_message_digest_keys:
      - id: <int>
        hash_algorithm: <str>
        key: <str>
    pim:
      ipv4:
        dr_priority: <int>
        sparse_mode: <bool>
    mac_security:
      profile: <str>
    channel_group:
      id: <int>
      mode: <str>
    isis_enable: <str>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    isis_circuit_type: <str>
    isis_hello_padding: <bool>
    isis_authentication_mode: <str>
    isis_authentication_key: <str>
    poe:
      disabled: <bool>
      priority: <str>
      reboot:
        action: <str>
      link_down:
        action: <str>
        power_off_delay: <int>
      shutdown:
        action: <str>
      limit:
        class: <int>
        watts: <str>
        fixed: <bool>
      negotiation_lldp: <bool>
      legacy_detect: <bool>
    ptp:
      enable: <bool>
      announce:
        interval: <int>
        timeout: <int>
      delay_req: <int>
      delay_mechanism: <str>
      sync_message:
        interval: <int>
      role: <str>
      vlan: <str>
      transport: <str>
    profile: <str>
    storm_control:
      all:
        level: <str>
        unit: <str>
      broadcast:
        level: <str>
        unit: <str>
      multicast:
        level: <str>
        unit: <str>
      unknown_unicast:
        level: <str>
        unit: <str>
    logging:
      event:
        link_status: <bool>
        congestion_drops: <bool>
        spanning_tree: <bool>
        storm_control: <bool>
    lldp:
      transmit: <bool>
      receive: <bool>
      ztp_vlan: <int>
    trunk_private_vlan_secondary: <bool>
    pvlan_mapping: <str>
    vlan_translations:
      - from: <str>
        to: <int>
        direction: <str>
    dot1x:
      port_control: <str>
      port_control_force_authorized_phone: <bool>
      reauthentication: <bool>
      pae:
        mode: <str>
      authentication_failure:
        action: <str>
        allow_vlan: <int>
      host_mode:
        mode: <str>
        multi_host_authenticated: <bool>
      mac_based_authentication:
        enabled: <bool>
        always: <bool>
        host_mode_common: <bool>
      timeout:
        idle_host: <int>
        quiet_period: <int>
        reauth_period: <str>
        reauth_timeout_ignore: <bool>
        tx_period: <int>
      reauthorization_request_limit: <int>
      eapol:
        disabled: <bool>
        authentication_failure_fallback_mba:
          enabled: <bool>
          timeout: <int>
    service_profile: <str>
    shape:
      rate: <str>
    qos:
      trust: <str>
      dscp: <int>
      cos: <int>
    spanning_tree_bpdufilter: <str>
    spanning_tree_bpduguard: <str>
    spanning_tree_guard: <str>
    spanning_tree_portfast: <str>
    vmtracer: <bool>
    priority_flow_control:
      enabled: <bool>
      priorities:
        - priority: <int>
          no_drop: <bool>
    bfd:
      echo: <bool>
      interval: <int>
      min_rx: <int>
      multiplier: <int>
    service_policy:
      pbr:
        input: <str>
      qos:
        input: <str>
    mpls:
      ip: <bool>
      ldp:
        interface: <bool>
        igp_sync: <bool>
    lacp_timer:
      mode: <str>
      multiplier: <int>
    lacp_port_priority: <int>
    transceiver:
      media:
        override: <str>
    ip_proxy_arp: <bool>
    traffic_policy:
      input: <str>
      output: <str>
    bgp:
      session_tracker: <str>
    peer: <str>
    peer_interface: <str>
    peer_type: <str>
    sflow:
      enable: <bool>
      egress:
        enable: <bool>
        unmodified_enable: <bool>
    port_profile: <str>
    eos_cli: <str>

Interface defaults

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
interface_defaults	Dictionary
ethernet	Dictionary
shutdown	Boolean
mtu	Integer

interface_defaults:
  ethernet:
    shutdown: <bool>
  mtu: <int>

Interface profiles

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
interface_profiles	List, items: Dictionary
- name	String	Required, Unique			Interface-Profile Name
commands	List, items: String	Required
- <str>	String				EOS CLI interface command Example: “switchport mode access”

interface_profiles:
  - name: <str>
    commands:
      - <str>

LACP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
lacp	Dictionary				Set Link Aggregation Control Protocol (LACP) parameters.
port_id	Dictionary				LACP port-ID range configuration.
range	Dictionary
begin	Integer				Minimum LACP port-ID range.
end	Integer				Maximum LACP port-ID range.
rate_limit	Dictionary				Set LACPDU rate limit options.
default	Boolean				Enable LACPDU rate limiting by default on all ports.
system_priority	Integer			Min: 0 Max: 65535	Set local system LACP priority.

lacp:
  port_id:
    range:
      begin: <int>
      end: <int>
  rate_limit:
    default: <bool>
  system_priority: <int>

Link tracking groups

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
link_tracking_groups	List, items: Dictionary
- name	String	Required, Unique
links_minimum	Integer			Min: 1 Max: 100000
recovery_delay	Integer			Min: 0 Max: 3600

link_tracking_groups:
  - name: <str>
    links_minimum: <int>
    recovery_delay: <int>

LLDP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
lldp	Dictionary
timer	Integer
timer_reinitialization	String
holdtime	Integer
management_address	String
vrf	String
receive_packet_tagged_drop	String
tlvs	List, items: Dictionary
- name	String	Required, Unique		Valid Values: - link-aggregation - management-address - max-frame-size - med - port-description - port-vlan - power-via-mdi - system-capabilities - system-description - system-name - vlan-name
transmit	Boolean
run	Boolean

lldp:
  timer: <int>
  timer_reinitialization: <str>
  holdtime: <int>
  management_address: <str>
  vrf: <str>
  receive_packet_tagged_drop: <str>
  tlvs:
    - name: <str>
      transmit: <bool>
  run: <bool>

Loopback interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
loopback_interfaces	List, items: Dictionary
- name	String	Required, Unique			Loopback interface name e.g. “Loopback0”
description	String
shutdown	Boolean
vrf	String				VRF name
ip_address	String				IPv4_address/Mask
ip_address_secondaries	List, items: String
- <str>	String				IPv4_address/Mask
ipv6_enable	Boolean
ipv6_address	String				IPv6_address/Mask
ip_proxy_arp	Boolean
ospf_area	String
mpls	Dictionary
ldp	Dictionary
interface	Boolean
isis_enable	String				ISIS instance name
isis_passive	Boolean
isis_metric	Integer
isis_network_point_to_point	Boolean
node_segment	Dictionary
ipv4_index	Integer
ipv6_index	Integer
eos_cli	String				EOS CLI rendered directly on the loopback interface in the final EOS configuration

loopback_interfaces:
  - name: <str>
    description: <str>
    shutdown: <bool>
    vrf: <str>
    ip_address: <str>
    ip_address_secondaries:
      - <str>
    ipv6_enable: <bool>
    ipv6_address: <str>
    ip_proxy_arp: <bool>
    ospf_area: <str>
    mpls:
      ldp:
        interface: <bool>
    isis_enable: <str>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    node_segment:
      ipv4_index: <int>
      ipv6_index: <int>
    eos_cli: <str>

Management interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_interfaces	List, items: Dictionary
- name	String	Required, Unique			Management Interface Name
description	String
shutdown	Boolean
mtu	Integer
vrf	String				VRF Name
ip_address	String				IPv4_address/Mask
ipv6_enable	Boolean
ipv6_address	String				IPv6_address/Mask
type	String		oob	Valid Values: - oob - inband	For documentation purposes only
gateway	String				IPv4 address of default gateway in management VRF
ipv6_gateway	String				IPv6 address of default gateway in management VRF
mac_address	String				MAC address
eos_cli	String				Multiline EOS CLI rendered directly on the management interface in the final EOS configuration

management_interfaces:
  - name: <str>
    description: <str>
    shutdown: <bool>
    mtu: <int>
    vrf: <str>
    ip_address: <str>
    ipv6_enable: <bool>
    ipv6_address: <str>
    type: <str>
    gateway: <str>
    ipv6_gateway: <str>
    mac_address: <str>
    eos_cli: <str>

Patch panel

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
patch_panel	Dictionary
patches	List, items: Dictionary
- name	String	Required, Unique
enabled	Boolean
connectors	List, items: Dictionary			Min Length: 2 Max Length: 2	Must have exactly two connectors to a patch of which at least one must be of type “interface”
- id	String	Required, Unique
type	String	Required		Valid Values: - interface - pseudowire
endpoint	String	Required			String with relevant endpoint depending on type. Examples: - “Ethernet1” - “Ethernet1 dot1q vlan 123” - “bgp vpws TENANT_A pseudowire VPWS_PW_1” - “ldp LDP_PW_1”

patch_panel:
  patches:
    - name: <str>
      enabled: <bool>
      connectors:
        - id: <str>
          type: <str>
          endpoint: <str>

Port-channel interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
port_channel_interfaces	List, items: Dictionary
- name	String	Required, Unique
description	String
logging	Dictionary
event	Dictionary
link_status	Boolean
shutdown	Boolean
l2_mtu	Integer				“l2_mtu” should only be defined for platforms supporting the “l2 mtu” CLI
vlans	String				List of switchport vlans as string For a trunk port this would be a range like “1-200,300” For an access port this would be a single vlan “123”
snmp_trap_link_change	Boolean
type	String			Valid Values: - routed - switched - l3dot1q - l2dot1q	l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed. Interface will not be listed in device documentation, unless “type” is set.
encapsulation_dot1q_vlan	Integer				VLAN tag to configure on sub-interface
vrf	String				VRF name
encapsulation_vlan	Dictionary
client	Dictionary
dot1q	Dictionary
vlan	Integer				Client VLAN ID
outer	Integer				Client Outer VLAN ID
inner	Integer				Client Inner VLAN ID
unmatched	Boolean
network	Dictionary				Network encapsulation are all optional, and skipped if using client unmatched
dot1q	Dictionary
vlan	Integer				Network VLAN ID
outer	Integer				Network Outer VLAN ID
inner	Integer				Network Inner VLAN ID
client	Boolean
vlan_id	Integer			Min: 1 Max: 4094
mode	String			Valid Values: - access - dot1q-tunnel - trunk - trunk phone
native_vlan	Integer				If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence
native_vlan_tag	Boolean		False		If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence
link_tracking_groups	List, items: Dictionary
- name	String	Required, Unique			Group name
direction	String			Valid Values: - upstream - downstream
phone	Dictionary
trunk	String			Valid Values: - tagged - untagged
vlan	Integer			Min: 1 Max: 4094
l2_protocol	Dictionary
encapsulation_dot1q_vlan	Integer				Vlan tag to configure on sub-interface
forwarding_profile	String				L2 protocol forwarding profile
mtu	Integer
mlag	Integer			Min: 1 Max: 2000	MLAG ID
trunk_groups	List, items: String
- <str>	String
lacp_fallback_timeout	Integer		90	Min: 0 Max: 300	Timeout in seconds
lacp_fallback_mode	String			Valid Values: - individual - static
qos	Dictionary
trust	String			Valid Values: - dscp - cos - disabled
dscp	Integer				DSCP value
cos	Integer				COS value
bfd	Dictionary
echo	Boolean
interval	Integer				Interval in milliseconds
min_rx	Integer				Rate in milliseconds
multiplier	Integer			Min: 3 Max: 50
service_policy	Dictionary
pbr	Dictionary
input	String				Policy Based Routing Policy-map name
qos	Dictionary
input	String	Required			Quality of Service Policy-map name
mpls	Dictionary
ip	Boolean
ldp	Dictionary
interface	Boolean
igp_sync	Boolean
trunk_private_vlan_secondary	Boolean
pvlan_mapping	String				List of vlans as string
vlan_translations	List, items: Dictionary
- from	String				List of vlans as string (only one vlan if direction is “both”)
to	Integer				VLAN ID
direction	String		both	Valid Values: - in - out - both
shape	Dictionary
rate	String				Rate in kbps, pps or percent Supported options are platform dependent Examples: - “5000 kbps” - “1000 pps” - “20 percent”
storm_control	Dictionary
all	Dictionary
level	String				Configure maximum storm-control level
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependant
broadcast	Dictionary
level	String				Configure maximum storm-control level
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependant
multicast	Dictionary
level	String				Configure maximum storm-control level
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependant
unknown_unicast	Dictionary
level	String				Configure maximum storm-control level
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependant
ip_proxy_arp	Boolean
isis_enable	String				ISIS instance
isis_passive	Boolean
isis_metric	Integer
isis_network_point_to_point	Boolean
isis_circuit_type	String			Valid Values: - level-1-2 - level-1 - level-2
isis_hello_padding	Boolean
isis_authentication_mode	String			Valid Values: - text - md5
isis_authentication_key	String				Type-7 encrypted password
traffic_policy	Dictionary
input	String				Ingress traffic policy
output	String				Egress traffic policy
evpn_ethernet_segment	Dictionary
identifier	String				EVPN Ethernet Segment Identifier (Type 1 format)
redundancy	String			Valid Values: - all-active - single-active
designated_forwarder_election	Dictionary
algorithm	String			Valid Values: - modulus - preference
preference_value	Integer			Min: 0 Max: 65535	Preference_value is only used when “algorithm” is “preference”
dont_preempt	Boolean		False		Dont_preempt is only used when “algorithm” is “preference”
hold_time	Integer
subsequent_hold_time	Integer
candidate_reachability_required	Boolean
mpls	Dictionary
shared_index	Integer			Min: 1 Max: 1024
tunnel_flood_filter_time	Integer
route_target	String				EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx
esi deprecated	String				EVPN Ethernet Segment Identifier (Type 1 format) If both “esi” and “evpn_ethernet_segment.identifier” are defined, the new variable takes precedence This key is deprecated. Support will be removed in AVD version 5.0.0. Use evpn_ethernet_segment.identifier instead.
rt deprecated	String				EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx If both “rt” and “evpn_ethernet_segment.route_target” are defined, the new variable takes precedence This key is deprecated. Support will be removed in AVD version 5.0.0. Use evpn_ethernet_segment.route_target instead.
lacp_id	String				LACP ID with format xxxx.xxxx.xxxx
spanning_tree_bpdufilter	String			Valid Values: - enabled - disabled - True - False - true - false
spanning_tree_bpduguard	String			Valid Values: - enabled - disabled - True - False - true - false
spanning_tree_guard	String			Valid Values: - loop - root - disabled
spanning_tree_portfast	String			Valid Values: - edge - network
vmtracer	Boolean
ptp	Dictionary
enable	Boolean
announce	Dictionary
interval	Integer
timeout	Integer
delay_req	Integer
delay_mechanism	String			Valid Values: - e2e - p2p
sync_message	Dictionary
interval	Integer
role	String			Valid Values: - master - dynamic
vlan	String				VLAN can be ‘all’ or list of vlans as string
transport	String			Valid Values: - ipv4 - ipv6 - layer2
ip_address	String				IPv4 address/mask
ip_nat	Dictionary
destination	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
pool_name	String	Required
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive
original_ip	String	Required, Unique			IPv4 address
original_port	Integer			Min: 1 Max: 65535
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’
source	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
nat_type	String	Required		Valid Values: - overload - pool - pool-address-only - pool-full-cone
pool_name	String				required if ‘nat_type’ is pool, pool-address-only or pool-full-cone ignored if ‘nat_type’ is overload
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive
original_ip	String	Required, Unique			IPv4 address
original_port	Integer			Min: 1 Max: 65535
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’
ipv6_enable	Boolean
ipv6_address	String				IPv6 address/mask
ipv6_address_link_local	String				Link local IPv6 address/mask
ipv6_nd_ra_disabled	Boolean
ipv6_nd_managed_config_flag	Boolean
ipv6_nd_prefixes	List, items: Dictionary
- ipv6_prefix	String	Required, Unique
valid_lifetime	String				Infinite or lifetime in seconds
preferred_lifetime	String				Infinite or lifetime in seconds
no_autoconfig_flag	Boolean
access_group_in	String				Access list name
access_group_out	String				Access list name
ipv6_access_group_in	String				IPv6 access list name
ipv6_access_group_out	String				IPv6 access list name
mac_access_group_in	String				MAC access list name
mac_access_group_out	String				MAC access list name
pim	Dictionary
ipv4	Dictionary
dr_priority	Integer			Min: 0 Max: 429467295
sparse_mode	Boolean
service_profile	String				QOS profile
ospf_network_point_to_point	Boolean
ospf_area	String
ospf_cost	Integer
ospf_authentication	String			Valid Values: - none - simple - message-digest
ospf_authentication_key	String				Encrypted password
ospf_message_digest_keys	List, items: Dictionary
- id	Integer	Required, Unique
hash_algorithm	String			Valid Values: - md5 - sha1 - sha256 - sha384 - sha512
key	String				Encrypted password
flow_tracker	Dictionary
sampled	String				Flow tracker name
bgp	Dictionary
session_tracker	String				Name of session tracker
peer	String				Key only used for documentation or validation purposes
peer_interface	String				Key only used for documentation or validation purposes
peer_type	String				Key only used for documentation or validation purposes
sflow	Dictionary
enable	Boolean
egress	Dictionary
enable	Boolean
unmodified_enable	Boolean
eos_cli	String				Multiline EOS CLI rendered directly on the port-channel interface in the final EOS configuration

port_channel_interfaces:
  - name: <str>
    description: <str>
    logging:
      event:
        link_status: <bool>
    shutdown: <bool>
    l2_mtu: <int>
    vlans: <str>
    snmp_trap_link_change: <bool>
    type: <str>
    encapsulation_dot1q_vlan: <int>
    vrf: <str>
    encapsulation_vlan:
      client:
        dot1q:
          vlan: <int>
          outer: <int>
          inner: <int>
        unmatched: <bool>
      network:
        dot1q:
          vlan: <int>
          outer: <int>
          inner: <int>
        client: <bool>
    vlan_id: <int>
    mode: <str>
    native_vlan: <int>
    native_vlan_tag: <bool>
    link_tracking_groups:
      - name: <str>
        direction: <str>
    phone:
      trunk: <str>
      vlan: <int>
    l2_protocol:
      encapsulation_dot1q_vlan: <int>
      forwarding_profile: <str>
    mtu: <int>
    mlag: <int>
    trunk_groups:
      - <str>
    lacp_fallback_timeout: <int>
    lacp_fallback_mode: <str>
    qos:
      trust: <str>
      dscp: <int>
      cos: <int>
    bfd:
      echo: <bool>
      interval: <int>
      min_rx: <int>
      multiplier: <int>
    service_policy:
      pbr:
        input: <str>
      qos:
        input: <str>
    mpls:
      ip: <bool>
      ldp:
        interface: <bool>
        igp_sync: <bool>
    trunk_private_vlan_secondary: <bool>
    pvlan_mapping: <str>
    vlan_translations:
      - from: <str>
        to: <int>
        direction: <str>
    shape:
      rate: <str>
    storm_control:
      all:
        level: <str>
        unit: <str>
      broadcast:
        level: <str>
        unit: <str>
      multicast:
        level: <str>
        unit: <str>
      unknown_unicast:
        level: <str>
        unit: <str>
    ip_proxy_arp: <bool>
    isis_enable: <str>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    isis_circuit_type: <str>
    isis_hello_padding: <bool>
    isis_authentication_mode: <str>
    isis_authentication_key: <str>
    traffic_policy:
      input: <str>
      output: <str>
    evpn_ethernet_segment:
      identifier: <str>
      redundancy: <str>
      designated_forwarder_election:
        algorithm: <str>
        preference_value: <int>
        dont_preempt: <bool>
        hold_time: <int>
        subsequent_hold_time: <int>
        candidate_reachability_required: <bool>
      mpls:
        shared_index: <int>
        tunnel_flood_filter_time: <int>
      route_target: <str>
    esi: <str>
    rt: <str>
    lacp_id: <str>
    spanning_tree_bpdufilter: <str>
    spanning_tree_bpduguard: <str>
    spanning_tree_guard: <str>
    spanning_tree_portfast: <str>
    vmtracer: <bool>
    ptp:
      enable: <bool>
      announce:
        interval: <int>
        timeout: <int>
      delay_req: <int>
      delay_mechanism: <str>
      sync_message:
        interval: <int>
      role: <str>
      vlan: <str>
      transport: <str>
    ip_address: <str>
    ip_nat:
      destination:
        dynamic:
          - access_list: <str>
            comment: <str>
            pool_name: <str>
            priority: <int>
        static:
          - access_list: <str>
            comment: <str>
            direction: <str>
            group: <int>
            original_ip: <str>
            original_port: <int>
            priority: <int>
            protocol: <str>
            translated_ip: <str>
            translated_port: <int>
      source:
        dynamic:
          - access_list: <str>
            comment: <str>
            nat_type: <str>
            pool_name: <str>
            priority: <int>
        static:
          - access_list: <str>
            comment: <str>
            direction: <str>
            group: <int>
            original_ip: <str>
            original_port: <int>
            priority: <int>
            protocol: <str>
            translated_ip: <str>
            translated_port: <int>
    ipv6_enable: <bool>
    ipv6_address: <str>
    ipv6_address_link_local: <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>
    ipv6_nd_prefixes:
      - ipv6_prefix: <str>
        valid_lifetime: <str>
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>
    access_group_in: <str>
    access_group_out: <str>
    ipv6_access_group_in: <str>
    ipv6_access_group_out: <str>
    mac_access_group_in: <str>
    mac_access_group_out: <str>
    pim:
      ipv4:
        dr_priority: <int>
        sparse_mode: <bool>
    service_profile: <str>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str>
    ospf_authentication_key: <str>
    ospf_message_digest_keys:
      - id: <int>
        hash_algorithm: <str>
        key: <str>
    flow_tracker:
      sampled: <str>
    bgp:
      session_tracker: <str>
    peer: <str>
    peer_interface: <str>
    peer_type: <str>
    sflow:
      enable: <bool>
      egress:
        enable: <bool>
        unmodified_enable: <bool>
    eos_cli: <str>

Switchport default

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
switchport_default	Dictionary
mode	String			Valid Values: - routed - access
phone	Dictionary
cos	Integer			Min: 0 Max: 7
trunk	String			Valid Values: - tagged - untagged
vlan	Integer			Min: 1 Max: 4094	VLAN ID

switchport_default:
  mode: <str>
  phone:
    cos: <int>
    trunk: <str>
    vlan: <int>

Tunnel interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
tunnel_interfaces	List, items: Dictionary
- name	String	Required, Unique			Tunnel Interface Name
description	String
shutdown	Boolean
mtu	Integer			Min: 68 Max: 65535
vrf	String				VRF Name
ip_address	String			Format: ipv4_cidr	IPv4_address/Mask
ipv6_enable	Boolean
ipv6_address	String			Format: ipv6_cidr	IPv6_address/Mask
access_group_in	String				IPv4 ACL Name for ingress
access_group_out	String				IPv4 ACL Name for egress
ipv6_access_group_in	String				IPv6 ACL Name for ingress
ipv6_access_group_out	String				IPv6 ACL Name for egress
tcp_mss_ceiling	Dictionary
ipv4	Integer			Min: 64 Max: 65495	Segment Size for IPv4
ipv6	Integer			Min: 64 Max: 65475	Segment Size for IPv6
direction	String			Valid Values: - ingress - egress	Optional direction (‘ingress’, ‘egress’) for tcp mss ceiling
source_interface	String				Tunnel Source Interface Name
destination	String				IPv4 or IPv6 Address Tunnel Destination
path_mtu_discovery	Boolean				Enable Path MTU Discovery On Tunnel
eos_cli	String				Multiline String with EOS CLI rendered directly on the Tunnel interface in the final EOS configuration.

tunnel_interfaces:
  - name: <str>
    description: <str>
    shutdown: <bool>
    mtu: <int>
    vrf: <str>
    ip_address: <str>
    ipv6_enable: <bool>
    ipv6_address: <str>
    access_group_in: <str>
    access_group_out: <str>
    ipv6_access_group_in: <str>
    ipv6_access_group_out: <str>
    tcp_mss_ceiling:
      ipv4: <int>
      ipv6: <int>
      direction: <str>
    source_interface: <str>
    destination: <str>
    path_mtu_discovery: <bool>
    eos_cli: <str>

VLAN interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
vlan_interfaces	List, items: Dictionary
- name	String	Required, Unique			VLAN interface name like “Vlan123”
description	String
shutdown	Boolean
vrf	String				VRF name
arp_aging_timeout	Integer			Min: 1 Max: 65535	In seconds
arp_cache_dynamic_capacity	Integer			Min: 0 Max: 4294967295
arp_gratuitous_accept	Boolean
arp_monitor_mac_address	Boolean
ip_proxy_arp	Boolean
ip_directed_broadcast	Boolean
ip_address	String				IPv4_address/Mask
ip_address_secondaries	List, items: String
- <str>	String				IPv4_address/Mask
ip_virtual_router_addresses	List, items: String
- <str>	String				IPv4 address or IPv4_address/Mask
ip_address_virtual	String				IPv4_address/Mask
ip_address_virtual_secondaries	List, items: String
- <str>	String				IPv4_address/Mask
ip_igmp	Boolean
ip_igmp_version	Integer			Min: 1 Max: 3
ip_helpers	List, items: Dictionary				List of DHCP servers
- ip_helper	String	Required, Unique			IP address or hostname of DHCP server
source_interface	String				Interface used as source for forwarded DHCP packets
vrf	String				VRF where DHCP server can be reached
ip_nat	Dictionary
destination	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
pool_name	String	Required
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive
original_ip	String	Required, Unique			IPv4 address
original_port	Integer			Min: 1 Max: 65535
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’
source	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
nat_type	String	Required		Valid Values: - overload - pool - pool-address-only - pool-full-cone
pool_name	String				required if ‘nat_type’ is pool, pool-address-only or pool-full-cone ignored if ‘nat_type’ is overload
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive
original_ip	String	Required, Unique			IPv4 address
original_port	Integer			Min: 1 Max: 65535
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’
ipv6_enable	Boolean
ipv6_address	String				IPv6_address/Mask
ipv6_address_virtual deprecated	String				IPv6_address/Mask If both “ipv6_address_virtual” and “ipv6_address_virtuals” are set, all addresses will be configured This key is deprecated. Support will be removed in AVD version 5.0.0. Use ipv6_address_virtuals instead.
ipv6_address_virtuals	List, items: String				The new “ipv6_address_virtuals” key support multiple virtual ipv6 addresses.
- <str>	String				IPv6_address/Mask
ipv6_address_link_local	String				IPv6_address/Mask
ipv6_virtual_router_address deprecated	String				“ipv6_virtual_router_address” should not be mixed with the new “ipv6_virtual_router_addresses” key below to avoid conflicts. This key is deprecated. Support will be removed in AVD version 5.0.0. Use ipv6_virtual_router_addresses instead.
ipv6_virtual_router_addresses	List, items: String				Improved “VARPv6” data model to support multiple VARPv6 addresses.
- <str>	String				IPv6 address or IPv6_address/Mask
ipv6_nd_ra_disabled	Boolean
ipv6_nd_managed_config_flag	Boolean
ipv6_nd_prefixes	List, items: Dictionary
- ipv6_prefix	String	Required, Unique			IPv6_address/Mask
valid_lifetime	String				In seconds <0-4294967295> or infinite
preferred_lifetime	String				In seconds <0-4294967295> or infinite
no_autoconfig_flag	Boolean
ipv6_dhcp_relay_destinations	List, items: Dictionary
- address	String	Required, Unique			DHCP server’s IPv6 address
vrf	String
local_interface	String				Local interface to communicate with DHCP server - mutually exclusive to source_address
source_address	String				Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface
link_address	String				Override the default link address specified in the relayed DHCP packet
access_group_in	String				IPv4 access-list name
access_group_out	String				IPv4 access-list name
ipv6_access_group_in	String				IPv6 access-list name
ipv6_access_group_out	String				IPv6 access-list name
multicast	Dictionary
ipv4	Dictionary
boundaries	List, items: Dictionary				Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both
- boundary	String	Required, Unique			IPv4 access-list name or IPv4 multicast group prefix with mask
out	Boolean
source_route_export	Dictionary
enabled	Boolean	Required
administrative_distance	Integer			Min: 1 Max: 255
static	Boolean
ipv6	Dictionary
boundaries	List, items: Dictionary				Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both
- boundary	String	Required, Unique			IPv6 access-list name or IPv6 multicast group prefix with mask
source_route_export	Dictionary
enabled	Boolean	Required
administrative_distance	Integer			Min: 1 Max: 255
static	Boolean
ospf_network_point_to_point	Boolean
ospf_area	String
ospf_cost	Integer
ospf_authentication	String			Valid Values: - none - simple - message-digest
ospf_authentication_key	String				Encrypted password used for simple authentication
ospf_message_digest_keys	List, items: Dictionary				Keys used for message-digest authentication
- id	Integer	Required, Unique
hash_algorithm	String			Valid Values: - md5 - sha1 - sha256 - sha384 - sha512
key	String				Encrypted password
pim	Dictionary
ipv4	Dictionary
dr_priority	Integer			Min: 0 Max: 429467295
sparse_mode	Boolean
local_interface	String
isis_enable	String				ISIS instance name
isis_passive	Boolean
isis_metric	Integer
isis_network_point_to_point	Boolean
mtu	Integer
no_autostate	Boolean
vrrp_ids	List, items: Dictionary				Improved “vrrp” data model to support multiple VRRP IDs
- id	Integer	Required, Unique			VRID
priority_level	Integer				Instance priority
advertisement	Dictionary
interval	Integer				Interval in seconds
preempt	Dictionary
enabled	Boolean	Required
delay	Dictionary
minimum	Integer				Minimum preempt delay in seconds
reload	Integer				Reload preempt delay in seconds
timers	Dictionary
delay	Dictionary
reload	Integer				Delay after reload in seconds.
tracked_object	List, items: Dictionary
- name	String	Required, Unique			Tracked object name
decrement	Integer			Min: 1 Max: 254	Decrement VRRP priority by 1-254
shutdown	Boolean
ipv4	Dictionary
address	String	Required			Virtual IPv4 address
version	Integer			Valid Values: - 2 - 3
ipv6	Dictionary
address	String	Required			Virtual IPv6 address
vrrp deprecated	Dictionary				“vrrp” should not be mixed with the new “vrrp_ids” key above to avoid conflicts. This key is deprecated. Support will be removed in AVD version 5.0.0. Use vrrp_ids instead.
virtual_router	String				Virtual Router ID
priority	Integer				Instance priority
advertisement_interval	Integer
preempt_delay_minimum	Integer
ipv4	String				Virtual IPv4 address
ipv6	String				Virtual IPv6 address
ip_attached_host_route_export	Dictionary
enabled	Boolean	Required
distance	Integer			Min: 1 Max: 255
bfd	Dictionary
echo	Boolean
interval	Integer				Rate in milliseconds
min_rx	Integer				Minimum RX hold time in milliseconds
multiplier	Integer			Min: 3 Max: 50
service_policy	Dictionary
pbr	Dictionary
input	String				Name of policy-map used for policy based routing
pvlan_mapping	String				List of VLANs as string
tenant	String				Key only used for documentation or validation purposes
tags	List, items: String				Key only used for documentation or validation purposes
- <str>	String
type	String				Key only used for documentation or validation purposes
eos_cli	String				Multiline EOS CLI rendered directly on the VLAN interface in the final EOS configuration

vlan_interfaces:
  - name: <str>
    description: <str>
    shutdown: <bool>
    vrf: <str>
    arp_aging_timeout: <int>
    arp_cache_dynamic_capacity: <int>
    arp_gratuitous_accept: <bool>
    arp_monitor_mac_address: <bool>
    ip_proxy_arp: <bool>
    ip_directed_broadcast: <bool>
    ip_address: <str>
    ip_address_secondaries:
      - <str>
    ip_virtual_router_addresses:
      - <str>
    ip_address_virtual: <str>
    ip_address_virtual_secondaries:
      - <str>
    ip_igmp: <bool>
    ip_igmp_version: <int>
    ip_helpers:
      - ip_helper: <str>
        source_interface: <str>
        vrf: <str>
    ip_nat:
      destination:
        dynamic:
          - access_list: <str>
            comment: <str>
            pool_name: <str>
            priority: <int>
        static:
          - access_list: <str>
            comment: <str>
            direction: <str>
            group: <int>
            original_ip: <str>
            original_port: <int>
            priority: <int>
            protocol: <str>
            translated_ip: <str>
            translated_port: <int>
      source:
        dynamic:
          - access_list: <str>
            comment: <str>
            nat_type: <str>
            pool_name: <str>
            priority: <int>
        static:
          - access_list: <str>
            comment: <str>
            direction: <str>
            group: <int>
            original_ip: <str>
            original_port: <int>
            priority: <int>
            protocol: <str>
            translated_ip: <str>
            translated_port: <int>
    ipv6_enable: <bool>
    ipv6_address: <str>
    ipv6_address_virtual: <str>
    ipv6_address_virtuals:
      - <str>
    ipv6_address_link_local: <str>
    ipv6_virtual_router_address: <str>
    ipv6_virtual_router_addresses:
      - <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>
    ipv6_nd_prefixes:
      - ipv6_prefix: <str>
        valid_lifetime: <str>
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>
    ipv6_dhcp_relay_destinations:
      - address: <str>
        vrf: <str>
        local_interface: <str>
        source_address: <str>
        link_address: <str>
    access_group_in: <str>
    access_group_out: <str>
    ipv6_access_group_in: <str>
    ipv6_access_group_out: <str>
    multicast:
      ipv4:
        boundaries:
          - boundary: <str>
            out: <bool>
        source_route_export:
          enabled: <bool>
          administrative_distance: <int>
        static: <bool>
      ipv6:
        boundaries:
          - boundary: <str>
        source_route_export:
          enabled: <bool>
          administrative_distance: <int>
        static: <bool>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str>
    ospf_authentication_key: <str>
    ospf_message_digest_keys:
      - id: <int>
        hash_algorithm: <str>
        key: <str>
    pim:
      ipv4:
        dr_priority: <int>
        sparse_mode: <bool>
        local_interface: <str>
    isis_enable: <str>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    mtu: <int>
    no_autostate: <bool>
    vrrp_ids:
      - id: <int>
        priority_level: <int>
        advertisement:
          interval: <int>
        preempt:
          enabled: <bool>
          delay:
            minimum: <int>
            reload: <int>
        timers:
          delay:
            reload: <int>
        tracked_object:
          - name: <str>
            decrement: <int>
            shutdown: <bool>
        ipv4:
          address: <str>
          version: <int>
        ipv6:
          address: <str>
    vrrp:
      virtual_router: <str>
      priority: <int>
      advertisement_interval: <int>
      preempt_delay_minimum: <int>
      ipv4: <str>
      ipv6: <str>
    ip_attached_host_route_export:
      enabled: <bool>
      distance: <int>
    bfd:
      echo: <bool>
      interval: <int>
      min_rx: <int>
      multiplier: <int>
    service_policy:
      pbr:
        input: <str>
    pvlan_mapping: <str>
    tenant: <str>
    tags:
      - <str>
    type: <str>
    eos_cli: <str>

VXLAN interface

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
vxlan_interface	Dictionary
Vxlan1	Dictionary
description	String
vxlan	Dictionary
source_interface	String				Source Interface Name
controller_client	Dictionary				Client to CVX Controllers
enabled	Boolean
mlag_source_interface	String
udp_port	Integer
virtual_router_encapsulation_mac_address	String				“mlag-system-id” or ethernet_address (H.H.H)
bfd_vtep_evpn	Dictionary
interval	Integer
min_rx	Integer
multiplier	Integer			Min: 3 Max: 50
prefix_list	String
qos	Dictionary				For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in “DSCP Trust” mode. !!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping.
dscp_propagation_encapsulation	Boolean
map_dscp_to_traffic_class_decapsulation	Boolean
vlans	List, items: Dictionary
- id	Integer	Required, Unique			VLAN ID
vni	Integer
multicast_group	String				IP Multicast Group Address
flood_vteps	List, items: String
- <str>	String				Remote VTEP IP Address
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF Name
vni	Integer
multicast_group	String				IP Multicast Group Address
flood_vteps	List, items: String
- <str>	String				Remote VTEP IP Address
flood_vtep_learned_data_plane	Boolean
eos_cli	String				Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration.

vxlan_interface:
  Vxlan1:
    description: <str>
    vxlan:
      source_interface: <str>
      controller_client:
        enabled: <bool>
      mlag_source_interface: <str>
      udp_port: <int>
      virtual_router_encapsulation_mac_address: <str>
      bfd_vtep_evpn:
        interval: <int>
        min_rx: <int>
        multiplier: <int>
        prefix_list: <str>
      qos:
        dscp_propagation_encapsulation: <bool>
        map_dscp_to_traffic_class_decapsulation: <bool>
      vlans:
        - id: <int>
          vni: <int>
          multicast_group: <str>
          flood_vteps:
            - <str>
      vrfs:
        - name: <str>
          vni: <int>
          multicast_group: <str>
      flood_vteps:
        - <str>
      flood_vtep_learned_data_plane: <bool>
    eos_cli: <str>

Maintenance Mode

BGP groups

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
bgp_groups	List, items: Dictionary
- name	String	Required, Unique			Group Name
vrf	String
neighbors	List, items: String
- <str>	String
bgp_maintenance_profiles	List, items: String
- <str>	String				Profile Name

bgp_groups:
  - name: <str>
    vrf: <str>
    neighbors:
      - <str>
    bgp_maintenance_profiles:
      - <str>

Interface groups

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
interface_groups	List, items: Dictionary
- name	String	Required, Unique			Interface-Group name
interfaces	List, items: String
- <str>	String				Interface Name
bgp_maintenance_profiles	List, items: String
- <str>	String				Name of BGP Maintenance Profile
interface_maintenance_profiles	List, items: String
- <str>	String				Name of Interface Maintenance Profile

interface_groups:
  - name: <str>
    interfaces:
      - <str>
    bgp_maintenance_profiles:
      - <str>
    interface_maintenance_profiles:
      - <str>

Maintenance

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
maintenance	Dictionary
default_interface_profile	String				Name of default Interface Profile
default_bgp_profile	String				Name of default BGP Profile
default_unit_profile	String				Name of default Unit Profile
interface_profiles	List, items: Dictionary
- name	String	Required, Unique
rate_monitoring	Dictionary
load_interval	Integer				Load Interval in Seconds
threshold	Integer				Threshold in kbps
shutdown	Dictionary
max_delay	Integer				Max delay in seconds
bgp_profiles	List, items: Dictionary
- name	String	Required, Unique			BGP Profile Name
initiator	Dictionary
route_map_inout	String				Route Map
unit_profiles	List, items: Dictionary
- name	String	Required, Unique			Unit Profile Name
on_boot	Dictionary
duration	Integer			Min: 300 Max: 3600	On-boot in seconds
units	List, items: Dictionary
- name	String	Required, Unique			Unit Name
quiesce	Boolean
profile	String				Name of Unit Profile
groups	Dictionary
bgp_groups	List, items: String
- <str>	String				Name of BGP Group
interface_groups	List, items: String
- <str>	String				Name of Interface Group

maintenance:
  default_interface_profile: <str>
  default_bgp_profile: <str>
  default_unit_profile: <str>
  interface_profiles:
    - name: <str>
      rate_monitoring:
        load_interval: <int>
        threshold: <int>
      shutdown:
        max_delay: <int>
  bgp_profiles:
    - name: <str>
      initiator:
        route_map_inout: <str>
  unit_profiles:
    - name: <str>
      on_boot:
        duration: <int>
  units:
    - name: <str>
      quiesce: <bool>
      profile: <str>
      groups:
        bgp_groups:
          - <str>
        interface_groups:
          - <str>

Management

Aliases

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aliases	String				Multi-line string with one or more alias commands. Example: yaml<br>aliases: |<br> alias wr copy running-config startup-config<br> alias siib show ip interface brief<br>

aliases: <str>

Banners

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
banners	Dictionary
login	String				Multiline string ending with EOF on the last line
motd	String				Multiline string ending with EOF on the last line

banners:
  login: <str>
  motd: <str>

Boot

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
boot	Dictionary				Set the Aboot password
secret	Dictionary
hash_algorithm	String		sha512	Valid Values: - md5 - sha512
key	String				Hashed Password

boot:
  secret:
    hash_algorithm: <str>
    key: <str>

Clock

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
clock	Dictionary
timezone	String

clock:
  timezone: <str>

DNS domain

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
dns_domain	String				Domain Name

dns_domain: <str>

Domain-list

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
domain_list	List, items: String				Search list of DNS domains
- <str>	String				Domain name

domain_list:
  - <str>

IP domain lookup

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_domain_lookup	Dictionary
source_interfaces	List, items: Dictionary
- name	String	Required, Unique			Source Interface
vrf	String

ip_domain_lookup:
  source_interfaces:
    - name: <str>
      vrf: <str>

IP HTTP client source-interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_http_client_source_interfaces	List, items: Dictionary
- name	String				Interface Name
vrf	String

ip_http_client_source_interfaces:
  - name: <str>
    vrf: <str>

IP name servers

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_name_servers	List, items: Dictionary
- ip_address	String				IPv4 or IPv6 address for DNS server
vrf	String				VRF Name
priority	Integer			Min: 0 Max: 4	Priority value (lower is first)

ip_name_servers:
  - ip_address: <str>
    vrf: <str>
    priority: <int>

IP SSH client source-interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_ssh_client_source_interfaces	List, items: Dictionary
- name	String				Interface Name
vrf	String		default

ip_ssh_client_source_interfaces:
  - name: <str>
    vrf: <str>

Management API HTTP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_api_http	Dictionary
enable_http	Boolean
enable_https	Boolean
https_ssl_profile	String				SSL Profile Name
default_services	Boolean				Enable default services: capi-doc and tapagg
enable_vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF Name
access_group	String				Standard IPv4 ACL name
ipv6_access_group	String				Standard IPv6 ACL name
protocol_https_certificate	Dictionary
certificate	String				Name of certificate; private key must also be specified
private_key	String				Name of private key; certificate must also be specified

management_api_http:
  enable_http: <bool>
  enable_https: <bool>
  https_ssl_profile: <str>
  default_services: <bool>
  enable_vrfs:
    - name: <str>
      access_group: <str>
      ipv6_access_group: <str>
  protocol_https_certificate:
    certificate: <str>
    private_key: <str>

Management API models

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_api_models	Dictionary
providers	List, items: Dictionary
- name	String			Valid Values: - sysdb - smash
paths	List, items: Dictionary
- path	String
disabled	Boolean		False

management_api_models:
  providers:
    - name: <str>
      paths:
        - path: <str>
          disabled: <bool>

Management console

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_console	Dictionary
idle_timeout	Integer			Min: 0 Max: 86400

management_console:
  idle_timeout: <int>

Management defaults

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_defaults	Dictionary
secret	Dictionary
hash	String			Valid Values: - md5 - sha512

management_defaults:
  secret:
    hash: <str>

Management security

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_security	Dictionary
entropy_source	String
password	Dictionary
minimum_length	Integer			Min: 1 Max: 32
encryption_key_common	Boolean
encryption_reversible	String
ssl_profiles	List, items: Dictionary
- name	String
tls_versions	String				List of allowed TLS versions as string Examples: - “1.0” - “1.0 1.1”
cipher_list	String				cipher_list syntax follows the openssl cipher strings format. Colon (:) separated list of allowed ciphers as a string
trust_certificate	Dictionary
certificates	List, items: String				List of trust certificate names Examples: - test1.crt - test2.crt
- <str>	String
requirement	Dictionary
basic_constraint_ca	Boolean
hostname_fqdn	Boolean				Enforce hostname to be FQDN without wildcard.
policy_expiry_date_ignore	Boolean
system	Boolean				Use system-supplied trust certificates.
chain_certificate	Dictionary
certificates	List, items: String				List of chain certificate names Examples: - chain1.crt - chain2.crt
- <str>	String
requirement	Dictionary
basic_constraint_ca	Boolean
include_root_ca	Boolean
certificate	Dictionary
file	String
key	String

management_security:
  entropy_source: <str>
  password:
    minimum_length: <int>
    encryption_key_common: <bool>
    encryption_reversible: <str>
  ssl_profiles:
    - name: <str>
      tls_versions: <str>
      cipher_list: <str>
      trust_certificate:
        certificates:
          - <str>
        requirement:
          basic_constraint_ca: <bool>
          hostname_fqdn: <bool>
        policy_expiry_date_ignore: <bool>
        system: <bool>
      chain_certificate:
        certificates:
          - <str>
        requirement:
          basic_constraint_ca: <bool>
          include_root_ca: <bool>
      certificate:
        file: <str>
        key: <str>

Management SSH

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_ssh	Dictionary
access_groups	List, items: Dictionary
- name	String				Standard ACL Name
vrf	String				VRF Name
ipv6_access_groups	List, items: Dictionary
- name	String				Standard ACL Name
vrf	String				VRF Name
idle_timeout	Integer			Min: 0 Max: 86400	Idle timeout in minutes
cipher	List, items: String				Cryptographic ciphers for SSH to use
- <str>	String
key_exchange	List, items: String				Cryptographic key exchange methods for SSH to use
- <str>	String
mac	List, items: String				Cryptographic MAC algorithms for SSH to use
- <str>	String
hostkey	Dictionary
server	List, items: String				SSH host key settings
- <str>	String
enable	Boolean				Enable SSH daemon
connection	Dictionary
limit	Integer			Min: 1 Max: 100	Maximum total number of SSH sessions to device
per_host	Integer			Min: 1 Max: 20	Maximum number of SSH sessions to device from a single host
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF Name
enable	Boolean				Enable SSH in VRF
log_level	String				SSH daemon log level

management_ssh:
  access_groups:
    - name: <str>
      vrf: <str>
  ipv6_access_groups:
    - name: <str>
      vrf: <str>
  idle_timeout: <int>
  cipher:
    - <str>
  key_exchange:
    - <str>
  mac:
    - <str>
  hostkey:
    server:
      - <str>
  enable: <bool>
  connection:
    limit: <int>
    per_host: <int>
  vrfs:
    - name: <str>
      enable: <bool>
  log_level: <str>

Management tech-support

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_tech_support	Dictionary
policy_show_tech_support	Dictionary
exclude_commands	List, items: Dictionary
- command	String				Command to exclude from tech-support
type	String		text	Valid Values: - text - json	The supported values for type are platform dependent.
include_commands	List, items: Dictionary
- command	String				Command to include in tech-support

management_tech_support:
  policy_show_tech_support:
    exclude_commands:
      - command: <str>
        type: <str>
    include_commands:
      - command: <str>

Name server

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
name_server deprecated	Dictionary				This key is deprecated. Support will be removed in AVD version v5.0.0. Use ip_name_servers instead.
source	Dictionary
vrf	String				VRF Name
nodes	List, items: String
- <str>	String

name_server:
  source:
    vrf: <str>
  nodes:
    - <str>

NTP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ntp	Dictionary
local_interface	Dictionary
name	String				Source interface
vrf	String				VRF name
servers	List, items: Dictionary
- name	String				IP or hostname e.g., 2.2.2.55, ie.pool.ntp.org
burst	Boolean
iburst	Boolean
key	Integer			Min: 1 Max: 65535
local_interface	String				Source interface
maxpoll	Integer			Min: 3 Max: 17	Value of maxpoll between 3 - 17 (Logarithmic)
minpoll	Integer			Min: 3 Max: 17	Value of minpoll between 3 - 17 (Logarithmic)
preferred	Boolean
version	Integer			Min: 1 Max: 4
vrf	String				VRF name
authenticate	Boolean
authenticate_servers_only	Boolean
authentication_keys	List, items: Dictionary
- id	Integer	Required, Unique		Min: 1 Max: 65534	Key identifier
hash_algorithm	String			Valid Values: - md5 - sha1
key	String				Obfuscated key
key_type	String			Valid Values: - 0 - 7 - 8a
trusted_keys	String				List of trusted-keys as string ex. 10-12,15

ntp:
  local_interface:
    name: <str>
    vrf: <str>
  servers:
    - name: <str>
      burst: <bool>
      iburst: <bool>
      key: <int>
      local_interface: <str>
      maxpoll: <int>
      minpoll: <int>
      preferred: <bool>
      version: <int>
      vrf: <str>
  authenticate: <bool>
  authenticate_servers_only: <bool>
  authentication_keys:
    - id: <int>
      hash_algorithm: <str>
      key: <str>
      key_type: <str>
  trusted_keys: <str>

Prompt

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
prompt	String

prompt: <str>

Terminal

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
terminal	Dictionary
length	Integer			Min: 0 Max: 32767
width	Integer			Min: 10 Max: 32767

terminal:
  length: <int>
  width: <int>

Virtual source NAT VRFs

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
virtual_source_nat_vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF Name
ip_address	String				IPv4 Address

virtual_source_nat_vrfs:
  - name: <str>
    ip_address: <str>

Miscellaneous

CVX

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
cvx	Dictionary				CVX server features are not supported on physical switches. See management_cvx for client configurations.
shutdown	Boolean
peer_hosts	List, items: String
- <str>	String				IP address or hostname
services	Dictionary
mcs	Dictionary
redis	Dictionary
password	String				Hashed password using the password_type
password_type	String		7	Valid Values: - 0 - 7 - 8a
shutdown	Boolean
vxlan	Dictionary				VXLAN Controller service
shutdown	Boolean
vtep_mac_learning	String			Valid Values: - control-plane - data-plane

cvx:
  shutdown: <bool>
  peer_hosts:
    - <str>
  services:
    mcs:
      redis:
        password: <str>
        password_type: <str>
      shutdown: <bool>
    vxlan:
      shutdown: <bool>
      vtep_mac_learning: <str>

EOS cli

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
eos_cli	String				Multiline string with EOS CLI rendered directly on the root level of the final EOS configuration

eos_cli: <str>

Management CVX

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_cvx	Dictionary
shutdown	Boolean
server_hosts	List, items: String
- <str>	String				IP or hostname
source_interface	String				Interface name
vrf	String				VRF Name

management_cvx:
  shutdown: <bool>
  server_hosts:
    - <str>
  source_interface: <str>
  vrf: <str>

MCS client

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
mcs_client	Dictionary
shutdown	Boolean
cvx_secondary	Dictionary
name	String
shutdown	Boolean
server_hosts	List, items: String
- <str>	String				IP or hostname

mcs_client:
  shutdown: <bool>
  cvx_secondary:
    name: <str>
    shutdown: <bool>
    server_hosts:
      - <str>

Monitoring

Daemons

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
daemons	List, items: Dictionary				This will add a daemon to the eos configuration that is most useful when trying to run OpenConfig clients like ocprometheus.
- name	String	Required, Unique			Daemon Name
exec	String	Required			command to run as a daemon
enabled	Boolean		True

daemons:
  - name: <str>
    exec: <str>
    enabled: <bool>

Daemon terminattr

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
daemon_terminattr	Dictionary				You can either provide a list of IPs/FQDNs to target on-premise Cloudvision cluster or use DNS name for your Cloudvision as a Service instance. Streaming to multiple clusters both on-prem and cloud service is supported. !!! note For TerminAttr version recommendation and EOS compatibility matrix, please refer to the latest TerminAttr Release Notes which always contain the latest recommended versions and minimum required versions per EOS release.
cvaddrs	List, items: String				Streaming address(es) for CloudVision single cluster - TCP 9910 is used for CV on-prem - TCP 443 is used for CV as a Service
- <str>	String				Server address in the format <ip/fqdn>:<port>
clusters	List, items: Dictionary				Multiple CloudVision clusters
- name	String	Required, Unique			Cluster Name
cvaddrs	List, items: String				Streaming address(es) for CloudVision cluster - TCP 9910 is used for CV on-prem - TCP 443 is used for CV as a Service
- <str>	String				Server address in the format <ip/fqdn>:<port>
cvauth	Dictionary				Authentication scheme used to connect to CloudVision
method	String			Valid Values: - token - token-secure - key - certs
key	String
token_file	String				Token file path e.g. “/tmp/token”
cert_file	String				Client certificate file path e.g. “/persist/secure/ssl/terminattr/primary/certs/client.crt”
ca_file	String				CA certificate file path (on-prem only) e.g. “/persist/secure/ssl/terminattr/primary/certs/ca.crt”
key_file	String				Client certificate key file path e.g. “/persist/secure/ssl/terminattr/primary/keys/client.key”
cvobscurekeyfile	Boolean				Encrypt the private key used for authentication to CloudVision
cvproxy	String				Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud. The expected form is http://[user:password@]ip:port, e.g.: http://arista:arista@10.83.12.78:3128. Available as of TerminAttr v1.13.0
cvsourceip	String				Set source IP address in case of in-band managament
cvsourceintf	String				Set source interface in case of in-band managament. Available as of TerminAttr v1.23.0
cvvrf	String				The VRF to use to connect to CloudVision
cvauth	Dictionary				Authentication scheme used to connect to CloudVision
method	String			Valid Values: - token - token-secure - key - certs
key	String
token_file	String				Token file path e.g. “/tmp/token”
cert_file	String				Client certificate file path e.g. “/persist/secure/ssl/terminattr/primary/certs/client.crt”
ca_file	String				CA certificate file path (on-prem only) e.g. “/persist/secure/ssl/terminattr/primary/certs/ca.crt”
key_file	String				Client certificate key file path e.g. “/persist/secure/ssl/terminattr/primary/keys/client.key”
cvobscurekeyfile	Boolean				Encrypt the private key used for authentication to CloudVision
cvproxy	String				Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud. The expected form is http://[user:password@]ip:port, e.g.: http://arista:arista@10.83.12.78:3128. Available as of TerminAttr v1.13.0
cvsourceip	String				Set source IP address in case of in-band managament
cvsourceintf	String				Set source interface in case of in-band managament
cvvrf	String				The VRF to use to connect to CloudVision
cvgnmi	Boolean				Stream states from EOS gNMI servers (Openconfig) to CloudVision. Available as of TerminAttr v1.13.1
disable_aaa	Boolean				Disable AAA authorization and accounting. When setting this flag, all commands pushed from CloudVision are applied directly to the CLI without authorization
grpcaddr	String				Set the gRPC server address, the default is 127.0.0.1:6042 e.g. “MGMT/0.0.0.0:6042”
grpcreadonly	Boolean				gNMI read-only mode - Disable gnmi.Set()
ingestexclude	String				Exclude paths from Sysdb on the ingest side. e.g. “/Sysdb/cell/1/agent,/Sysdb/cell/2/agent”
smashexcludes	String				Exclude paths from the shared memory table. e.g. “ale,flexCounter,hardware,kni,pulse,strata”
taillogs	String				Enable log file collection; /var/log/messages is streamed by default if no path is set. e.g. “/var/log/messages”
ecodhcpaddr	String				ECO DHCP Collector address or ECO DHCP Fingerprint listening address in standalone mode (default “127.0.0.1:67”)
ipfix	Boolean				Enable IPFIX provider (TerminAttr default is true). This flag is enabled by default and does not have to be added to the daemon configuration.
ipfixaddr	String				ECO IPFIX Collector address to listen on to receive IPFIX packets (TerminAttr default “127.0.0.1:4739”).
sflow	Boolean				Enable sFlow provider (TerminAttr default is true).
sflowaddr	String				ECO sFlow Collector address to listen on to receive sFlow packets (TerminAttr default “127.0.0.1:6343”).
cvconfig	Boolean				Subscribe to dynamic device configuration from CloudVision (TerminAttr default is false).
cvcompression	String				The default compression scheme when streaming to CloudVision is gzip since TerminAttr 1.6.1 and CVP 2019.1.0. There is no need to change the compression scheme.

daemon_terminattr:
  cvaddrs:
    - <str>
  clusters:
    - name: <str>
      cvaddrs:
        - <str>
      cvauth:
        method: <str>
        key: <str>
        token_file: <str>
        cert_file: <str>
        ca_file: <str>
        key_file: <str>
      cvobscurekeyfile: <bool>
      cvproxy: <str>
      cvsourceip: <str>
      cvsourceintf: <str>
      cvvrf: <str>
  cvauth:
    method: <str>
    key: <str>
    token_file: <str>
    cert_file: <str>
    ca_file: <str>
    key_file: <str>
  cvobscurekeyfile: <bool>
  cvproxy: <str>
  cvsourceip: <str>
  cvsourceintf: <str>
  cvvrf: <str>
  cvgnmi: <bool>
  disable_aaa: <bool>
  grpcaddr: <str>
  grpcreadonly: <bool>
  ingestexclude: <str>
  smashexcludes: <str>
  taillogs: <str>
  ecodhcpaddr: <str>
  ipfix: <bool>
  ipfixaddr: <str>
  sflow: <bool>
  sflowaddr: <str>
  cvconfig: <bool>
  cvcompression: <str>

Event handlers

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
event_handlers	List, items: Dictionary				Gives the ability to monitor and react to Syslog messages. Event Handlers provide a powerful and flexible tool that can be used to apply self-healing actions, customize the system behavior, and implement workarounds to problems discovered in the field.
- name	String	Required, Unique			Event Handler Name
action_type	String			Valid Values: - bash - increment - log
action	String				Command to execute
delay	Integer				Event-handler delay in seconds
trigger	String			Valid Values: - on-logging - on-startup-config	Configure event trigger condition.
regex	String				Regular expression to use for searching log messages. Required for on-logging trigger
asynchronous	Boolean		False		Set the action to be non-blocking.

event_handlers:
  - name: <str>
    action_type: <str>
    action: <str>
    delay: <int>
    trigger: <str>
    regex: <str>
    asynchronous: <bool>

Event monitor

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
event_monitor	Dictionary
enabled	Boolean

event_monitor:
  enabled: <bool>

Flow tracking

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
flow_trackings	List, items: Dictionary
- type	String	Required, Unique		Valid Values: - sampled	Flow Tracking Type - only ‘sampled’ supported for now
sample	Integer			Min: 1 Max: 4294967295
trackers	List, items: Dictionary
- name	String	Required, Unique			Tracker Name
record_export	Dictionary
on_inactive_timeout	Integer			Min: 3000 Max: 900000	Flow record inactive export timeout in milliseconds
on_interval	Integer			Min: 1000 Max: 36000000	Flow record export interval in milliseconds
mpls	Boolean				Export MPLS forwarding information
exporters	List, items: Dictionary
- name	String	Required, Unique			Exporter Name
collector	Dictionary
host	String				Collector IPv4 address or IPv6 address or fully qualified domain name
port	Integer			Min: 1 Max: 65535	Collector Port Number
format	Dictionary
ipfix_version	Integer
local_interface	String				Local Source Interface
template_interval	Integer			Min: 5000 Max: 3600000	Template interval in milliseconds
shutdown	Boolean		False

flow_trackings:
  - type: <str>
    sample: <int>
    trackers:
      - name: <str>
        record_export:
          on_inactive_timeout: <int>
          on_interval: <int>
          mpls: <bool>
        exporters:
          - name: <str>
            collector:
              host: <str>
              port: <int>
            format:
              ipfix_version: <int>
            local_interface: <str>
            template_interval: <int>
    shutdown: <bool>

Load interval

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
load_interval	Dictionary
default	Integer				Default load interval in seconds

load_interval:
  default: <int>

Logging

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
logging	Dictionary
console	String			Valid Values: - debugging - informational - notifications - warnings - errors - critical - alerts - emergencies - disabled	Console logging severity level
monitor	String			Valid Values: - debugging - informational - notifications - warnings - errors - critical - alerts - emergencies - disabled	Monitor logging severity level
buffered	Dictionary
size	Integer			Min: 10 Max: 2147483647
level	String			Valid Values: - alerts - critical - debugging - emergencies - errors - informational - notifications - warnings - disabled	Buffer logging severity level
trap	String			Valid Values: - alerts - critical - debugging - emergencies - errors - informational - notifications - system - warnings - disabled	Trap logging severity level
synchronous	Dictionary
level	String		critical	Valid Values: - alerts - all - critical - debugging - emergencies - errors - informational - notifications - warnings - disabled	Synchronous logging severity level
format	Dictionary
timestamp	String			Valid Values: - high-resolution - traditional - traditional timezone - traditional year - traditional timezone year - traditional year timezone	Timestamp format
hostname	String			Valid Values: - fqdn - ipv4	Hostname format
sequence_numbers	Boolean				Add sequence numbers to log messages
facility	String			Valid Values: - auth - cron - daemon - kern - local0 - local1 - local2 - local3 - local4 - local5 - local6 - local7 - lpr - mail - news - sys9 - sys10 - sys11 - sys12 - sys13 - sys14 - syslog - user - uucp
source_interface	String				Source Interface Name
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF name
source_interface	String				Source interface name
hosts	List, items: Dictionary
- name	String	Required, Unique			Syslog server name
protocol	String		udp	Valid Values: - tcp - udp
ports	List, items: Integer
- <int>	Integer
policy	Dictionary
match	Dictionary
match_lists	List, items: Dictionary
- name	String	Required, Unique			Match list
action	String			Valid Values: - discard

logging:
  console: <str>
  monitor: <str>
  buffered:
    size: <int>
    level: <str>
  trap: <str>
  synchronous:
    level: <str>
  format:
    timestamp: <str>
    hostname: <str>
    sequence_numbers: <bool>
  facility: <str>
  source_interface: <str>
  vrfs:
    - name: <str>
      source_interface: <str>
      hosts:
        - name: <str>
          protocol: <str>
          ports:
            - <int>
  policy:
    match:
      match_lists:
        - name: <str>
          action: <str>

Management API gNMI

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_api_gnmi	Dictionary
provider	String		eos-native
transport	Dictionary
grpc	List, items: Dictionary
- name	String				Transport name
ssl_profile	String				SSL profile name
vrf	String				VRF name is optional
notification_timestamp	String			Valid Values: - send-time - last-change-time	Per the gNMI specification, the default timestamp field of a notification message is set to be the time at which the value of the underlying data source changes or when the reported event takes place. In order to facilitate integration in legacy environments oriented around polling style operations, an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F.
ip_access_group	String				ACL name
grpc_tunnels	List, items: Dictionary
- name	String	Required, Unique			Transport name
shutdown	Boolean				Operational status of the gRPC tunnel
tunnel_ssl_profile	String				Tunnel SSL profile name
gnmi_ssl_profile	String				gNMI SSL profile name
vrf	String				VRF name
destination	Dictionary
address	String	Required			IP address or hostname
port	Integer	Required		Min: 1 Max: 65535	TCP Port
local_interface	Dictionary
name	String	Required			Interface name
port	Integer	Required		Min: 1 Max: 65535	TCP Port
target	Dictionary
use_serial_number	Boolean				Use serial number as the Target ID
target_ids	List, items: String				Target IDs as a list.
- <str>	String
enable_vrfs deprecated	List, items: Dictionary				These should not be mixed with the new keys above. This key is deprecated. Support will be removed in AVD version 5.0.0. Use transport.grpc instead.
- name	String	Required, Unique			VRF name
access_group	String				Standard IPv4 ACL name
octa deprecated	Dictionary				These should not be mixed with the new keys above. Octa activates eos-native provider and it is the only provider currently supported by EOS.This key is deprecated. Support will be removed in AVD version 5.0.0. Use provider instead.

management_api_gnmi:
  provider: <str>
  transport:
    grpc:
      - name: <str>
        ssl_profile: <str>
        vrf: <str>
        notification_timestamp: <str>
        ip_access_group: <str>
    grpc_tunnels:
      - name: <str>
        shutdown: <bool>
        tunnel_ssl_profile: <str>
        gnmi_ssl_profile: <str>
        vrf: <str>
        destination:
          address: <str>
          port: <int>
        local_interface:
          name: <str>
          port: <int>
        target:
          use_serial_number: <bool>
          target_ids:
            - <str>
  enable_vrfs:
    - name: <str>
      access_group: <str>
  octa: <dict>

Monitor connectivity

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
monitor_connectivity	Dictionary
shutdown	Boolean
interval	Integer
interface_sets	List, items: Dictionary
- name	String
interfaces	String				Interface range(s) should be of same type, Ethernet, Loopback, Management etc. Multiple interface ranges can be specified separated by “,”
local_interfaces	String
hosts	List, items: Dictionary
- name	String				Host Name
description	String
ip	String
local_interfaces	String
url	String
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF Name
description	String
interface_sets	List, items: Dictionary
- name	String
interfaces	String
local_interfaces	String
hosts	List, items: Dictionary
- name	String				Host name
description	String
ip	String
local_interfaces	String
url	String

monitor_connectivity:
  shutdown: <bool>
  interval: <int>
  interface_sets:
    - name: <str>
      interfaces: <str>
  local_interfaces: <str>
  hosts:
    - name: <str>
      description: <str>
      ip: <str>
      local_interfaces: <str>
      url: <str>
  vrfs:
    - name: <str>
      description: <str>
      interface_sets:
        - name: <str>
          interfaces: <str>
      local_interfaces: <str>
      hosts:
        - name: <str>
          description: <str>
          ip: <str>
          local_interfaces: <str>
          url: <str>

Monitor sessions

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
monitor_sessions	List, items: Dictionary
- name	String	Required			Session Name
sources	List, items: Dictionary
- name	String				Interface name, range or comma separated list
direction	String			Valid Values: - rx - tx - both
access_group	Dictionary
type	String			Valid Values: - ip - ipv6 - mac
name	String				ACL Name
priority	Integer
destinations	List, items: String
- <str>	String				‘cpu’ or interface name, range or comma separated list
encapsulation_gre_metadata_tx	Boolean
header_remove_size	Integer				Number of bytes to remove from header
access_group	Dictionary
type	String			Valid Values: - ip - ipv6 - mac
name	String				ACL Name
rate_limit_per_ingress_chip	String				Ratelimit and unit as string. Examples: “100000 bps” “100 kbps” “10 mbps”
rate_limit_per_egress_chip	String				Ratelimit and unit as string. Examples: “100000 bps” “100 kbps” “10 mbps”
sample	Integer
truncate	Dictionary
enabled	Boolean
size	Integer				Size in bytes

monitor_sessions:
  - name: <str>
    sources:
      - name: <str>
        direction: <str>
        access_group:
          type: <str>
          name: <str>
          priority: <int>
    destinations:
      - <str>
    encapsulation_gre_metadata_tx: <bool>
    header_remove_size: <int>
    access_group:
      type: <str>
      name: <str>
    rate_limit_per_ingress_chip: <str>
    rate_limit_per_egress_chip: <str>
    sample: <int>
    truncate:
      enabled: <bool>
      size: <int>

SFLOW

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
sflow	Dictionary
sample	Integer
dangerous	Boolean
polling_interval	Integer				Polling interval in seconds
vrfs	List, items: Dictionary
- name	String	Required, Unique
destinations	List, items: Dictionary
- destination	String	Required, Unique			Sflow Destination IP Address
port	Integer				Port Number
source	String				Source IP Address. “source” and “source_interface” are mutually exclusive. If both are defined, “source_interface” takes precedence.
source_interface	String				Source Interface
destinations	List, items: Dictionary
- destination	String	Required, Unique			Sflow Destination IP Address
port	Integer				Port Number
source	String				Source IP Address. “source” and “source_interface” are mutually exclusive. If both are defined, “source_interface” takes precedence.
source_interface	String				Source Interface
extensions	List, items: Dictionary
- name	String	Required, Unique			Extension Name
enabled	Boolean	Required			Enable or Disable Extension
interface	Dictionary
disable	Dictionary
default	Boolean
run	Boolean
hardware_acceleration	Dictionary
enabled	Boolean
sample	Integer
modules	List, items: Dictionary
- name	String	Required, Unique
enabled	Boolean		True

sflow:
  sample: <int>
  dangerous: <bool>
  polling_interval: <int>
  vrfs:
    - name: <str>
      destinations:
        - destination: <str>
          port: <int>
      source: <str>
      source_interface: <str>
  destinations:
    - destination: <str>
      port: <int>
  source: <str>
  source_interface: <str>
  extensions:
    - name: <str>
      enabled: <bool>
  interface:
    disable:
      default: <bool>
  run: <bool>
  hardware_acceleration:
    enabled: <bool>
    sample: <int>
    modules:
      - name: <str>
        enabled: <bool>

SNMP server

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
snmp_server	Dictionary				SNMP settings
engine_ids	Dictionary
local	String				Engine ID in hexadecimal
remotes	List, items: Dictionary
- id	String				Remote engine ID in hexadecimal
address	String				Hostname or IP of remote engine
udp_port	Integer
contact	String				SNMP contact
location	String				SNMP location
communities	List, items: Dictionary
- name	String	Required, Unique			Community name
access	String			Valid Values: - ro - rw
access_list_ipv4	Dictionary
name	String				IPv4 access list name
access_list_ipv6	Dictionary
name	String				IPv6 access list name
view	String
ipv4_acls	List, items: Dictionary
- name	String				IPv4 access list name
vrf	String
ipv6_acls	List, items: Dictionary
- name	String				IPv6 access list name
vrf	String
local_interfaces	List, items: Dictionary
- name	String	Required, Unique			Interface name
vrf	String
views	List, items: Dictionary
- name	String				SNMP view name
mib_family_name	String
included	Boolean
MIB_family_name deprecated	String				This key is deprecated. Support will be removed in AVD version 5.0.0. Use mib_family_name instead.
groups	List, items: Dictionary
- name	String				Group name
version	String			Valid Values: - v1 - v2c - v3
authentication	String			Valid Values: - auth - noauth - priv
read	String				Read view
write	String				Write view
notify	String				Notify view
users	List, items: Dictionary
- name	String				Username
group	String				Group name
remote_address	String				Hostname or ip of remote engine The remote_address and udp_port are used for remote users
udp_port	Integer				udp_port will not be used if no remote_address is configured
version	String			Valid Values: - v1 - v2c - v3
localized	String				Engine ID in hexadecimal for localizing auth and/or priv
auth	String				Hash algorithm
auth_passphrase	String				Hashed authentication passphrase if localized is used else cleartext authentication passphrase
priv	String				Encryption algorithm
priv_passphrase	String				Hashed privacy passphrase if localized is used else cleartext privacy passphrase
hosts	List, items: Dictionary
- host	String				Host IP address or name
vrf	String
version	String			Valid Values: - 1 - 2c - 3
community	String				Community name
users	List, items: Dictionary
- username	String
authentication_level	String			Valid Values: - auth - noauth - priv
traps	Dictionary
enable	Boolean		False		Enable or disable all snmp-traps
snmp_traps	List, items: Dictionary
- name	String				Enable or disable specific snmp-traps and their sub_traps Examples: - “bgp” - “bgp established”
enabled	Boolean		True
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF name
enable	Boolean

snmp_server:
  engine_ids:
    local: <str>
    remotes:
      - id: <str>
        address: <str>
        udp_port: <int>
  contact: <str>
  location: <str>
  communities:
    - name: <str>
      access: <str>
      access_list_ipv4:
        name: <str>
      access_list_ipv6:
        name: <str>
      view: <str>
  ipv4_acls:
    - name: <str>
      vrf: <str>
  ipv6_acls:
    - name: <str>
      vrf: <str>
  local_interfaces:
    - name: <str>
      vrf: <str>
  views:
    - name: <str>
      mib_family_name: <str>
      included: <bool>
      MIB_family_name: <str>
  groups:
    - name: <str>
      version: <str>
      authentication: <str>
      read: <str>
      write: <str>
      notify: <str>
  users:
    - name: <str>
      group: <str>
      remote_address: <str>
      udp_port: <int>
      version: <str>
      localized: <str>
      auth: <str>
      auth_passphrase: <str>
      priv: <str>
      priv_passphrase: <str>
  hosts:
    - host: <str>
      vrf: <str>
      version: <str>
      community: <str>
      users:
        - username: <str>
          authentication_level: <str>
  traps:
    enable: <bool>
    snmp_traps:
      - name: <str>
        enabled: <bool>
  vrfs:
    - name: <str>
      enable: <bool>

Tap aggregation

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
tap_aggregation	Dictionary
mode	Dictionary
exclusive	Dictionary
enabled	Boolean
profile	String				Profile Name
no_errdisable	List, items: String
- <str>	String				Interface name e.g Ethernet1, Port-Channel1
encapsulation_dot1br_strip	Boolean
encapsulation_vn_tag_strip	Boolean
protocol_lldp_trap	Boolean
truncation_size	Integer				Allowed truncation_size values vary depending on the platform
mac	Dictionary
timestamp	Dictionary				mac.timestamp.replace_source_mac and mac.timestamp.header.format are mutually exclsuive. If both are defined, replace_source_mac takes precedence
replace_source_mac	Boolean
header	Dictionary
format	String			Valid Values: - 48-bit - 64-bit
eth_type	Integer				EtherType
fcs_append	Boolean				mac.fcs_append and mac.fcs_error are mutually exclusive. If both are defined, mac.fcs_append takes precedence
fcs_error	String			Valid Values: - correct - discard - pass-through

tap_aggregation:
  mode:
    exclusive:
      enabled: <bool>
      profile: <str>
      no_errdisable:
        - <str>
  encapsulation_dot1br_strip: <bool>
  encapsulation_vn_tag_strip: <bool>
  protocol_lldp_trap: <bool>
  truncation_size: <int>
  mac:
    timestamp:
      replace_source_mac: <bool>
      header:
        format: <str>
        eth_type: <int>
    fcs_append: <bool>
    fcs_error: <str>

VM tracer-sessions

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
vmtracer_sessions	List, items: Dictionary
- name	String	Required, Unique			Vmtracer Session Name
url	String
username	String
password	String				Type 7 Password Hash
autovlan_disable	Boolean
source_interface	String

vmtracer_sessions:
  - name: <str>
    url: <str>
    username: <str>
    password: <str>
    autovlan_disable: <bool>
    source_interface: <str>

Multicast

IP IGMP snooping

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_igmp_snooping	Dictionary
globally_enabled	Boolean		True		Activate or deactivate IGMP snooping for all vlans where vlans allows user to activate / deactivate IGMP snooping per vlan.
robustness_variable	Integer
restart_query_interval	Integer
interface_restart_query	Integer
fast_leave	Boolean
querier	Dictionary
enabled	Boolean
address	String				IP Address
query_interval	Integer
max_response_time	Integer
last_member_query_interval	Integer
last_member_query_count	Integer
startup_query_interval	Integer
startup_query_count	Integer
version	Integer
proxy	Boolean
vlans	List, items: Dictionary
- id	Integer	Required, Unique			VLAN ID
enabled	Boolean
querier	Dictionary
enabled	Boolean
address	String				IP Address
query_interval	Integer
max_response_time	Integer
last_member_query_interval	Integer
last_member_query_count	Integer
startup_query_interval	Integer
startup_query_count	Integer
version	Integer
max_groups	Integer
fast_leave	Boolean
proxy	Boolean				Global proxy settings should be enabled before enabling per-vlan

ip_igmp_snooping:
  globally_enabled: <bool>
  robustness_variable: <int>
  restart_query_interval: <int>
  interface_restart_query: <int>
  fast_leave: <bool>
  querier:
    enabled: <bool>
    address: <str>
    query_interval: <int>
    max_response_time: <int>
    last_member_query_interval: <int>
    last_member_query_count: <int>
    startup_query_interval: <int>
    startup_query_count: <int>
    version: <int>
  proxy: <bool>
  vlans:
    - id: <int>
      enabled: <bool>
      querier:
        enabled: <bool>
        address: <str>
        query_interval: <int>
        max_response_time: <int>
        last_member_query_interval: <int>
        last_member_query_count: <int>
        startup_query_interval: <int>
        startup_query_count: <int>
        version: <int>
      max_groups: <int>
      fast_leave: <bool>
      proxy: <bool>

Router IGMP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_igmp	Dictionary
ssm_aware	Boolean

router_igmp:
  ssm_aware: <bool>

Router MSDP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_msdp	Dictionary
originator_id_local_interface	String				Interface to use for originator ID
rejected_limit	Integer			Min: 0 Max: 40000	Maximum number of rejected SA messages allowed in cache
forward_register_packets	Boolean
connection_retry_interval	Integer			Min: 1 Max: 65535
group_limits	List, items: Dictionary
- source_prefix	String	Required, Unique			Source address prefix
limit	Integer	Required		Min: 0 Max: 40000	Limit for SAs matching the source address prefix
peers	List, items: Dictionary
- ipv4_address	String	Required, Unique			Peer IP Address
default_peer	Dictionary
enabled	Boolean
prefix_list	String				Prefix list to filter source of SA messages
local_interface	String
description	String
disabled	Boolean				Disable the MSDP peer
sa_limit	Integer			Min: 0 Max: 40000	Maximum number of SA messages allowed in cache
mesh_groups	List, items: Dictionary
- name	String	Required, Unique			Mesh group name
keepalive	Dictionary
keepalive_timer	Integer	Required		Min: 1 Max: 65535
hold_timer	Integer	Required		Min: 1 Max: 65535	Must be greater than keepalive timer
sa_filter	Dictionary
in_list	String				ACL to filter inbound SA messages
out_list	String				ACL to filter outbound SA messages
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF name
originator_id_local_interface	String				Interface to use for originator ID
rejected_limit	Integer			Min: 0 Max: 40000	Maximum number of rejected SA messages allowed in cache
forward_register_packets	Boolean
connection_retry_interval	Integer			Min: 1 Max: 65535
group_limits	List, items: Dictionary
- source_prefix	String	Required, Unique			Source address prefix
limit	Integer	Required		Min: 0 Max: 40000	Limit for SAs matching the source address prefix
peers	List, items: Dictionary
- ipv4_address	String	Required, Unique			Peer IP Address
default_peer	Dictionary
enabled	Boolean
prefix_list	String				Prefix list to filter source of SA messages
local_interface	String
description	String
disabled	Boolean				Disable the MSDP peer
sa_limit	Integer			Min: 0 Max: 40000	Maximum number of SA messages allowed in cache
mesh_groups	List, items: Dictionary
- name	String	Required, Unique			Mesh group name
keepalive	Dictionary
keepalive_timer	Integer	Required		Min: 1 Max: 65535
hold_timer	Integer	Required		Min: 1 Max: 65535	Must be greater than keepalive timer
sa_filter	Dictionary
in_list	String				ACL to filter inbound SA messages
out_list	String				ACL to filter outbound SA messages

router_msdp:
  originator_id_local_interface: <str>
  rejected_limit: <int>
  forward_register_packets: <bool>
  connection_retry_interval: <int>
  group_limits:
    - source_prefix: <str>
      limit: <int>
  peers:
    - ipv4_address: <str>
      default_peer:
        enabled: <bool>
        prefix_list: <str>
      local_interface: <str>
      description: <str>
      disabled: <bool>
      sa_limit: <int>
      mesh_groups:
        - name: <str>
      keepalive:
        keepalive_timer: <int>
        hold_timer: <int>
      sa_filter:
        in_list: <str>
        out_list: <str>
  vrfs:
    - name: <str>
      originator_id_local_interface: <str>
      rejected_limit: <int>
      forward_register_packets: <bool>
      connection_retry_interval: <int>
      group_limits:
        - source_prefix: <str>
          limit: <int>
      peers:
        - ipv4_address: <str>
          default_peer:
            enabled: <bool>
            prefix_list: <str>
          local_interface: <str>
          description: <str>
          disabled: <bool>
          sa_limit: <int>
          mesh_groups:
            - name: <str>
          keepalive:
            keepalive_timer: <int>
            hold_timer: <int>
          sa_filter:
            in_list: <str>
            out_list: <str>

Router multicast

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_multicast	Dictionary
ipv4	Dictionary
counters	Dictionary
rate_period_decay	Integer			Min: 0 Max: 600	Rate in seconds
routing	Boolean
multipath	String			Valid Values: - none - deterministic - deterministic color - deterministic router-id
software_forwarding	String			Valid Values: - kernel - sfe
rpf	Dictionary
routes	List, items: Dictionary
- source_prefix	String	Required			Source address A.B.C.D or Source prefix A.B.C.D/E
destinations	List, items: Dictionary	Required
- nexthop	String	Required			Next-hop IP address or interface name
distance	Integer			Min: 1 Max: 255	Administrative distance for this route
vrfs	List, items: Dictionary
- name	String	Required, Unique
ipv4	Dictionary
routing	Boolean

router_multicast:
  ipv4:
    counters:
      rate_period_decay: <int>
    routing: <bool>
    multipath: <str>
    software_forwarding: <str>
    rpf:
      routes:
        - source_prefix: <str>
          destinations:
            - nexthop: <str>
              distance: <int>
  vrfs:
    - name: <str>
      ipv4:
        routing: <bool>

Router PIM sparse-mode

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_pim_sparse_mode	Dictionary
ipv4	Dictionary
bfd	Boolean				Enable/Disable BFD
ssm_range	String				IPv4 Prefix associated with SSM
rp_addresses	List, items: Dictionary
- address	String	Required, Unique			RP Address
groups	List, items: String
- <str>	String
access_lists	List, items: String
- <str>	String
priority	Integer			Min: 0 Max: 255
hashmask	Integer			Min: 0 Max: 32
override	Boolean
anycast_rps	List, items: Dictionary
- address	String	Required, Unique			Anycast RP Address
other_anycast_rp_addresses	List, items: Dictionary
- address	String	Required, Unique			Other Anycast RP Address
register_count	Integer
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF Name
ipv4	Dictionary
bfd	Boolean				Enable/Disable BFD
rp_addresses	List, items: Dictionary
- address	String	Required			RP Address
groups	List, items: String
- <str>	String
access_lists	List, items: String
- <str>	String
priority	Integer			Min: 0 Max: 255
hashmask	Integer			Min: 0 Max: 32
override	Boolean

router_pim_sparse_mode:
  ipv4:
    bfd: <bool>
    ssm_range: <str>
    rp_addresses:
      - address: <str>
        groups:
          - <str>
        access_lists:
          - <str>
        priority: <int>
        hashmask: <int>
        override: <bool>
    anycast_rps:
      - address: <str>
        other_anycast_rp_addresses:
          - address: <str>
            register_count: <int>
  vrfs:
    - name: <str>
      ipv4:
        bfd: <bool>
        rp_addresses:
          - address: <str>
            groups:
              - <str>
            access_lists:
              - <str>
            priority: <int>
            hashmask: <int>
            override: <bool>

Quality of Service

QoS

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
qos	Dictionary
map	Dictionary
cos	List, items: String
- <str>	String				Example: “0 1 to traffic-class 1”
dscp	List, items: String
- <str>	String				Example: “8 9 10 to traffic-class 1”
traffic_class	List, items: String
- <str>	String				Example: “1 to dscp 32”
rewrite_dscp	Boolean

qos:
  map:
    cos:
      - <str>
    dscp:
      - <str>
    traffic_class:
      - <str>
  rewrite_dscp: <bool>

QoS profiles

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
qos_profiles	List, items: Dictionary
- name	String	Required, Unique			Profile-Name
trust	String			Valid Values: - cos - dscp - disabled
cos	Integer
dscp	Integer
shape	Dictionary
rate	String				Supported options are platform dependent Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
service_policy	Dictionary
type	Dictionary
qos_input	String				Policy-map name
tx_queues	List, items: Dictionary
- id	Integer	Required, Unique			TX-Queue ID
bandwidth_percent	Integer
bandwidth_guaranteed_percent	Integer
priority	String			Valid Values: - priority strict - no priority
shape	Dictionary
rate	String				Supported options are platform dependent Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
comment	String				Text comment added to queue.
uc_tx_queues	List, items: Dictionary
- id	Integer	Required, Unique			UC TX queue ID
bandwidth_percent	Integer
bandwidth_guaranteed_percent	Integer
priority	String			Valid Values: - priority strict - no priority
shape	Dictionary
rate	String				Supported options are platform dependent Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
comment	String				Text comment added to queue.
mc_tx_queues	List, items: Dictionary
- id	Integer	Required, Unique			MC TX queue ID
bandwidth_percent	Integer
bandwidth_guaranteed_percent	Integer
priority	String			Valid Values: - priority strict - no priority
shape	Dictionary
rate	String				Supported options are platform dependent Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
comment	String				Text comment added to queue.

qos_profiles:
  - name: <str>
    trust: <str>
    cos: <int>
    dscp: <int>
    shape:
      rate: <str>
    service_policy:
      type:
        qos_input: <str>
    tx_queues:
      - id: <int>
        bandwidth_percent: <int>
        bandwidth_guaranteed_percent: <int>
        priority: <str>
        shape:
          rate: <str>
        comment: <str>
    uc_tx_queues:
      - id: <int>
        bandwidth_percent: <int>
        bandwidth_guaranteed_percent: <int>
        priority: <str>
        shape:
          rate: <str>
        comment: <str>
    mc_tx_queues:
      - id: <int>
        bandwidth_percent: <int>
        bandwidth_guaranteed_percent: <int>
        priority: <str>
        shape:
          rate: <str>
        comment: <str>

Queue monitor-length

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
queue_monitor_length	Dictionary
enabled	Boolean	Required
default_thresholds	Dictionary
high	Integer	Required			Default high threshold for Ethernet Interfaces.
low	Integer				Default low threshold for Ethernet Interfaces. Low threshold support is platform dependent.
log	Integer				Logging interval in seconds
notifying	Boolean				Should only be used for platforms supporting the “queue-monitor length notifying” CLI
cpu	Dictionary
thresholds	Dictionary
high	Integer	Required
low	Integer

queue_monitor_length:
  enabled: <bool>
  default_thresholds:
    high: <int>
    low: <int>
  log: <int>
  notifying: <bool>
  cpu:
    thresholds:
      high: <int>
      low: <int>

Queue monitor-streaming

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
queue_monitor_streaming	Dictionary
enable	Boolean
ip_access_group	String				Name of IP ACL
ipv6_access_group	String				Name of IPv6 ACL
max_connections	Integer			Min: 1 Max: 100
vrf	String

queue_monitor_streaming:
  enable: <bool>
  ip_access_group: <str>
  ipv6_access_group: <str>
  max_connections: <int>
  vrf: <str>

Routing

ARP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
arp	Dictionary
aging	Dictionary
timeout_default	Integer			Min: 60 Max: 65535	Timeout in seconds

arp:
  aging:
    timeout_default: <int>

DHCP relay

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
dhcp_relay	Dictionary
servers	List, items: String
- <str>	String				Server IP or Hostname
tunnel_requests_disabled	Boolean

dhcp_relay:
  servers:
    - <str>
  tunnel_requests_disabled: <bool>

IP DHCP relay

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_dhcp_relay	Dictionary
information_option	Boolean				Insert Option-82 information

ip_dhcp_relay:
  information_option: <bool>

IP ICMP redirect

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_icmp_redirect	Boolean

ip_icmp_redirect: <bool>

IP NAT

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_nat	Dictionary
kernel_buffer_size	Integer			Min: 1 Max: 64	Buffer size in MB
pools	List, items: Dictionary
- name	String	Required, Unique
prefix_length	Integer	Required		Min: 16 Max: 32
ranges	List, items: Dictionary
- first_ip	String	Required			IPv4 address
last_ip	String	Required			IPv4 address
first_port	Integer			Min: 1 Max: 65535
last_port	Integer			Min: 1 Max: 65535
utilization_log_threshold	Integer			Min: 1 Max: 100
synchronization	Dictionary
description	String
expiry_interval	Integer			Min: 60 Max: 3600	in seconds
local_interface	String				EOS interface name
peer_address	String				IPv4 address
port_range	Dictionary
first_port	Integer			Min: 1024 Max: 65535
last_port	Integer			Min: 1024 Max: 65535	>= first_port
split_disabled	Boolean
shutdown	Boolean
translation	Dictionary
address_selection	Dictionary
any	Boolean
hash_field_source_ip	Boolean
counters	Boolean
low_mark	Dictionary
percentage	Integer			Min: 1 Max: 99	Used to render ‘ip nat translation low-mark ‘
host_percentage	Integer			Min: 1 Max: 99	Used to render ‘ip nat translation low-mark host’
max_entries	Dictionary
limit	Integer			Min: 0 Max: 4294967295
host_limit	Integer			Min: 0 Max: 4294967295
ip_limits	List, items: Dictionary
- ip	String	Required, Unique			IPv4 address
limit	Integer	Required		Min: 0 Max: 4294967295
timeouts	List, items: Dictionary
- protocol	String	Required, Unique		Valid Values: - tcp - udp
timeout	Integer	Required		Min: 0 Max: 4294967295	in seconds

ip_nat:
  kernel_buffer_size: <int>
  pools:
    - name: <str>
      prefix_length: <int>
      ranges:
        - first_ip: <str>
          last_ip: <str>
          first_port: <int>
          last_port: <int>
      utilization_log_threshold: <int>
  synchronization:
    description: <str>
    expiry_interval: <int>
    local_interface: <str>
    peer_address: <str>
    port_range:
      first_port: <int>
      last_port: <int>
      split_disabled: <bool>
    shutdown: <bool>
  translation:
    address_selection:
      any: <bool>
      hash_field_source_ip: <bool>
    counters: <bool>
    low_mark:
      percentage: <int>
      host_percentage: <int>
    max_entries:
      limit: <int>
      host_limit: <int>
      ip_limits:
        - ip: <str>
          limit: <int>
    timeouts:
      - protocol: <str>
        timeout: <int>

IP routing IPv6 interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_routing_ipv6_interfaces	Boolean

ip_routing_ipv6_interfaces: <bool>

IP routing

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_routing	Boolean

ip_routing: <bool>

IP virtual router MAC address

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_virtual_router_mac_address	String				MAC address (hh:hh:hh:hh:hh:hh)

ip_virtual_router_mac_address: <str>

IPv6 ICMP redirects

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_icmp_redirect	Boolean

ipv6_icmp_redirect: <bool>

IPv6 static routes

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_static_routes	List, items: Dictionary
- vrf	String
destination_address_prefix	String				IPv6 Network/Mask
interface	String
gateway	String				IPv6 Address
track_bfd	Boolean				Track next-hop using BFD
distance	Integer			Min: 1 Max: 255
tag	Integer			Min: 0 Max: 4294967295
name	String				Description
metric	Integer			Min: 0 Max: 4294967295

ipv6_static_routes:
  - vrf: <str>
    destination_address_prefix: <str>
    interface: <str>
    gateway: <str>
    track_bfd: <bool>
    distance: <int>
    tag: <int>
    name: <str>
    metric: <int>

IPv6 unicast routing

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_unicast_routing	Boolean

ipv6_unicast_routing: <bool>

MPLS

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
mpls	Dictionary
ip	Boolean
ldp	Dictionary
interface_disabled_default	Boolean
router_id	String
shutdown	Boolean
transport_address_interface	String				Interface Name

mpls:
  ip: <bool>
  ldp:
    interface_disabled_default: <bool>
    router_id: <str>
    shutdown: <bool>
    transport_address_interface: <str>

Router BFD

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_bfd	Dictionary
interval	Integer				Rate in milliseconds
min_rx	Integer				Rate in milliseconds
multiplier	Integer			Min: 3 Max: 50
multihop	Dictionary
interval	Integer				Rate in milliseconds
min_rx	Integer				Rate in milliseconds
multiplier	Integer			Min: 3 Max: 50
sbfd	Dictionary
local_interface	Dictionary
name	String				Interface Name
protocols	Dictionary
ipv4	Boolean
ipv6	Boolean
initiator_interval	Integer				Rate in milliseconds
initiator_multiplier	Integer			Min: 3 Max: 50
reflector	Dictionary
min_rx	Integer				Rate in milliseconds
local_discriminator	String				IPv4 address or 32 bit integer

router_bfd:
  interval: <int>
  min_rx: <int>
  multiplier: <int>
  multihop:
    interval: <int>
    min_rx: <int>
    multiplier: <int>
  sbfd:
    local_interface:
      name: <str>
      protocols:
        ipv4: <bool>
        ipv6: <bool>
    initiator_interval: <int>
    initiator_multiplier: <int>
    reflector:
      min_rx: <int>
      local_discriminator: <str>

Router BGP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_bgp	Dictionary
as	String				BGP AS <1-4294967295> or AS number in asdot notation <1-65535>.<0-65535>
router_id	String				In IP address format A.B.C.D
distance	Dictionary
external_routes	Integer	Required		Min: 1 Max: 255
internal_routes	Integer	Required		Min: 1 Max: 255
local_routes	Integer	Required		Min: 1 Max: 255
graceful_restart	Dictionary
enabled	Boolean
restart_time	Integer			Min: 1 Max: 3600	Number of seconds
stalepath_time	Integer			Min: 1 Max: 3600	Number of seconds
graceful_restart_helper	Dictionary
enabled	Boolean
restart_time	Integer			Min: 1 Max: 100000000	Number of seconds graceful-restart-help long-lived and restart-time are mutually exclusive in CLI. restart-time will take precedence if both are configured.
long_lived	Boolean				graceful-restart-help long-lived and restart-time are mutually exclusive in CLI. restart-time will take precedence if both are configured.
maximum_paths	Dictionary
paths	Integer	Required		Min: 1 Max: 600
ecmp	Integer	Required		Min: 1 Max: 600
updates	Dictionary
wait_for_convergence	Boolean				Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
wait_install	Boolean				Do not advertise reachability to a prefix until that prefix has been installed in hardware. This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
bgp_cluster_id	String				IP Address A.B.C.D
bgp_defaults	List, items: String				BGP command as string
- <str>	String
bgp	Dictionary
default	Dictionary
ipv4_unicast	Boolean				Default activation of IPv4 unicast address-family on all IPv4 neighbors (EOS default = True).
ipv4_unicast_transport_ipv6	Boolean				Default activation of IPv4 unicast address-family on all IPv6 neighbors (EOS default == False).
route_reflector_preserve_attributes	Dictionary
enabled	Boolean
always	Boolean
bestpath	Dictionary
d_path	Boolean
listen_ranges	List, items: Dictionary				Improved “listen_ranges” data model to support multiple listen ranges and additional filter capabilities
- prefix	String				IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”
peer_id_include_router_id	Boolean				Include router ID as part of peer filter
peer_group	String				Peer group name
peer_filter	String				Peer-filter name note: peer_filter or remote_as is required but mutually exclusive. If both are defined, peer_filter takes precedence
remote_as	String				BGP AS <1-4294967295> or AS number in asdot notation <1-65535>.<0-65535>
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name
type	String				Key only used for documentation or validation purposes
remote_as	String				BGP AS <1-4294967295> or AS number in asdot notation <1-65535>.<0-65535>
local_as	String				BGP AS <1-4294967295> or AS number in asdot notation <1-65535>.<0-65535>
description	String
shutdown	Boolean
as_path	Dictionary				BGP AS-PATH options
remote_as_replace_out	Boolean				Replace AS number with local AS number
prepend_own_disabled	Boolean				Disable prepending own AS number to AS path
remove_private_as	Dictionary				Remove private AS numbers in outbound AS path
enabled	Boolean
all	Boolean
replace_as	Boolean
remove_private_as_ingress	Dictionary
enabled	Boolean
replace_as	Boolean
peer_filter deprecated	String				Peer-filter name note: bgp_listen_range_prefix and peer_filter should not be mixed with the new listen_ranges key above to avoid conflicts. This key is deprecated. Support will be removed in AVD version 5.0.0. Use listen_ranges instead.
next_hop_unchanged	Boolean
update_source	String				IP address or interface name
route_reflector_client	Boolean
bfd	Boolean
ebgp_multihop	Integer			Min: 1 Max: 255	Time-to-live in range of hops
next_hop_self	Boolean
password	String
passive	Boolean
default_originate	Dictionary
enabled	Boolean
always	Boolean
route_map	String				Route-map name
send_community	String				‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’
maximum_routes	Integer			Min: 0 Max: 4294967294	Maximum number of routes (0 means unlimited)
maximum_routes_warning_limit	String				Maximum number of routes after which a warning is issued (0 means never warn) or Percentage of maximum number of routes at which to warn (“<1-100> percent”)
maximum_routes_warning_only	Boolean
link_bandwidth	Dictionary
enabled	Boolean
default	String				nn.nn(K
allowas_in	Dictionary
enabled	Boolean
times	Integer			Min: 1 Max: 10	Number of local ASNs allowed in a BGP update
weight	Integer			Min: 0 Max: 65535
timers	String				BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”
rib_in_pre_policy_retain	Dictionary
enabled	Boolean
all	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
bgp_listen_range_prefix deprecated	String				IP prefix range note: bgp_listen_range_prefix and peer_filter should not be mixed with the new listen_ranges key above to avoid conflicts. This key is deprecated. Support will be removed in AVD version 5.0.0. Use listen_ranges instead.
session_tracker	String
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
peer_group	String
remote_as	String				BGP AS <1-4294967295> or AS number in asdot notation <1-65535>.<0-65535>
local_as	String				BGP AS <1-4294967295> or AS number in asdot notation <1-65535>.<0-65535>
as_path	Dictionary				BGP AS-PATH options
remote_as_replace_out	Boolean				Replace AS number with local AS number
prepend_own_disabled	Boolean				Disable prepending own AS number to AS path
description	String
route_reflector_client	Boolean
passive	Boolean
shutdown	Boolean
update_source	String				Source Interface
bfd	Boolean
weight	Integer			Min: 0 Max: 65535
timers	String				BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
default_originate	Dictionary
enabled	Boolean
always	Boolean
route_map	String
send_community	String				‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’
maximum_routes	Integer			Min: 0 Max: 4294967294	Maximum number of routes (0 means unlimited)
maximum_routes_warning_limit	String				Maximum number of routes after which a warning is issued (0 means never warn) or Percentage of maximum number of routes at which to warn (“<1-100> percent”)
maximum_routes_warning_only	Boolean
allowas_in	Dictionary
enabled	Boolean
times	Integer			Min: 1 Max: 10	Number of local ASNs allowed in a BGP update
ebgp_multihop	Integer			Min: 1 Max: 255	Time-to-live in range of hops
next_hop_self	Boolean
link_bandwidth	Dictionary
enabled	Boolean
default	String				nn.nn(K
rib_in_pre_policy_retain	Dictionary
enabled	Boolean
all	Boolean
remove_private_as	Dictionary				Remove private AS numbers in outbound AS path
enabled	Boolean
all	Boolean
replace_as	Boolean
remove_private_as_ingress	Dictionary
enabled	Boolean
replace_as	Boolean
session_tracker	String
neighbor_interfaces	List, items: Dictionary
- name	String	Required, Unique			Interface name
remote_as	String
peer_group	String		Peer-group name
description	String
peer_filter	String				Peer-filter name
aggregate_addresses	List, items: Dictionary
- prefix	String	Required, Unique			IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”
advertise_only	Boolean
as_set	Boolean
summary_only	Boolean
attribute_map	String				Route-map name
match_map	String				Route-map name
redistribute_routes	List, items: Dictionary
- source_protocol	String	Required, Unique
route_map	String
vlan_aware_bundles	List, items: Dictionary
- name	String	Required, Unique			VLAN aware bundle name
tenant	String				Key only used for documentation or validation purposes
description	String				Key only used for documentation or validation purposes
rd	String				Route distinguisher
rd_evpn_domain	Dictionary
domain	String			Valid Values: - remote - all
rd	String				Route distinguisher
route_targets	Dictionary
both	List, items: String
- <str>	String
import	List, items: String
- <str>	String
export	List, items: String
- <str>	String
import_evpn_domains	List, items: Dictionary
- domain	String			Valid Values: - remote - all
route_target	String
export_evpn_domains	List, items: Dictionary
- domain	String			Valid Values: - remote - all
route_target	String
import_export_evpn_domains	List, items: Dictionary
- domain	String			Valid Values: - remote - all
route_target	String
redistribute_routes	List, items: String
- <str>	String
no_redistribute_routes	List, items: String
- <str>	String
vlan	String				VLAN range as string. Example “100-200,300”
vlans	List, items: Dictionary
- id	Integer	Required, Unique
tenant	String				Key only used for documentation or validation purposes
rd	String				Route distinguisher
rd_evpn_domain	Dictionary
domain	String			Valid Values: - remote - all
rd	String				Route distinguisher
eos_cli	String				Multiline EOS CLI rendered directly on the Router BGP, VLAN definition in the final EOS configuration
route_targets	Dictionary
both	List, items: String
- <str>	String
import	List, items: String
- <str>	String
export	List, items: String
- <str>	String
import_evpn_domains	List, items: Dictionary
- domain	String			Valid Values: - remote - all
route_target	String
export_evpn_domains	List, items: Dictionary
- domain	String			Valid Values: - remote - all
route_target	String
import_export_evpn_domains	List, items: Dictionary
- domain	String			Valid Values: - remote - all
route_target	String
redistribute_routes	List, items: String
- <str>	String
no_redistribute_routes	List, items: String
- <str>	String
vpws	List, items: Dictionary
- name	String	Required, Unique			VPWS instance name
rd	String				Route distinguisher
route_targets	Dictionary
import_export	String				Route Target
mpls_control_word	Boolean
label_flow	Boolean
mtu	Integer
pseudowires	List, items: Dictionary
- name	String	Required, Unique			Pseudowire name
id_local	Integer				Must match id_remote on other pe
id_remote	Integer				Must match id_local on other pe
address_family_evpn	Dictionary
domain_identifier	String
neighbor_default	Dictionary
encapsulation	String			Valid Values: - vxlan - mpls
next_hop_self_source_interface	String				Source interface name
next_hop_self_received_evpn_routes	Dictionary
enable	Boolean
inter_domain	Boolean
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name
activate	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
domain_remote	Boolean
encapsulation	String			Valid Values: - vxlan - mpls
evpn_hostflap_detection	Dictionary
enabled	Boolean
window	Integer			Min: 0 Max: 4294967295	Time (in seconds) to detect a MAC duplication issue
threshold	Integer			Min: 0 Max: 4294967295	Minimum number of MAC moves that indicate a MAC Duplication issue
expiry_timeout	Integer			Min: 0 Max: 4294967295	Time (in seconds) to purge a MAC duplication issue
route	Dictionary
import_match_failure_action	String			Valid Values: - discard
address_family_rtc	Dictionary
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name
activate	Boolean
default_route_target	Dictionary
only	Boolean
encoding_origin_as_omit	String
address_family_ipv4	Dictionary
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”
route_map	String				Route-map name
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name
activate	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
default_originate	Dictionary
always	Boolean
route_map	String				Route-map name
next_hop	Dictionary
address_family_ipv6	Dictionary
enabled	Boolean	Required
originate	Boolean
address_family_ipv6_originate deprecated	Boolean				This key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_ipv6 instead.
prefix_list_in	String				Inbound prefix-list name
prefix_list_out	String				Outbound prefix-list name
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
prefix_list_in	String				Inbound prefix-list name
prefix_list_out	String				Prefix-list name
default_originate	Dictionary
always	Boolean
route_map	String
address_family_ipv4_multicast	Dictionary
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name
activate	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
redistribute_routes	List, items: Dictionary
- source_protocol	String	Required, Unique
route_map	String
address_family_ipv6	Dictionary
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”
route_map	String				Route-map name
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name
activate	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
prefix_list_in	String				Inbound prefix-list name
prefix_list_out	String				Outbound prefix-list name
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
prefix_list_in	String				Inbound prefix-list name
prefix_list_out	String				Outbound prefix-list name
redistribute_routes	List, items: Dictionary
- source_protocol	String	Required, Unique
route_map	String
address_family_ipv6_multicast	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
additional_paths	Dictionary
receive	Boolean
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name
activate	Boolean
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv6 prefix “A:B:C:D:E:F:G:H/I”
route_map	String
address_family_flow_spec_ipv4	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name
activate	Boolean
address_family_flow_spec_ipv6	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name
activate	Boolean
address_family_vpn_ipv4	Dictionary
domain_identifier	String
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name
activate	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
route	Dictionary
import_match_failure_action	String			Valid Values: - discard
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
neighbor_default_encapsulation_mpls_next_hop_self	Dictionary
source_interface	String
address_family_vpn_ipv6	Dictionary
domain_identifier	String
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name
activate	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
route	Dictionary
import_match_failure_action	String			Valid Values: - discard
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
neighbor_default_encapsulation_mpls_next_hop_self	Dictionary
source_interface	String
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF name
rd	String				Route distinguisher
evpn_multicast	Boolean
evpn_multicast_address_family	Dictionary				Enable per-AF EVPN multicast settings
ipv4	Dictionary
transit	Boolean				Enable EVPN multicast transit mode
route_targets	Dictionary
import	List, items: Dictionary
- address_family	String	Required, Unique
route_targets	List, items: String
- <str>	String
export	List, items: Dictionary
- address_family	String	Required, Unique
route_targets	List, items: String
- <str>	String
router_id	String				in IP address format A.B.C.D
timers	String				BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”
route_map	String
updates	Dictionary
wait_for_convergence	Boolean				Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
wait_install	Boolean				Do not advertise reachability to a prefix until that prefix has been installed in hardware. This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
listen_ranges	List, items: Dictionary				Improved “listen_ranges” data model to support multiple listen ranges and additional filter capabilities
- prefix	String				IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”
peer_id_include_router_id	Boolean				Include router ID as part of peer filter
peer_group	String				Peer-group name
peer_filter	String				Peer-filter name note: peer_filter`` orremote_as` is required but mutually exclusive. If both are defined, peer_filter takes precedence
remote_as	String				BGP AS <1-4294967295> or AS number in asdot notation <1-65535>.<0-65535>
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
peer_group	String				Peer-group name
remote_as	String				BGP AS <1-4294967295> or AS number in asdot notation <1-65535>.<0-65535>
password	String
passive	Boolean
remove_private_as	Dictionary				Remove private AS numbers in outbound AS path
enabled	Boolean
all	Boolean
replace_as	Boolean
remove_private_as_ingress	Dictionary
enabled	Boolean
replace_as	Boolean
weight	Integer			Min: 0 Max: 65535
local_as	String				BGP AS <1-4294967295> or AS number in asdot notation <1-65535>.<0-65535>
as_path	Dictionary				BGP AS-PATH options
remote_as_replace_out	Boolean				Replace AS number with local AS number
prepend_own_disabled	Boolean				Disable prepending own AS number to AS path
description	String
route_reflector_client	Boolean
ebgp_multihop	Integer			Min: 1 Max: 255	Time-to-live in range of hops
next_hop_self	Boolean
shutdown	Boolean
bfd	Boolean
timers	String				BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”
rib_in_pre_policy_retain	Dictionary
enabled	Boolean
all	Boolean
send_community	String				‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’
maximum_routes	Integer
maximum_routes_warning_limit	String				Maximum number of routes after which a warning is issued (0 means never warn) or Percentage of maximum number of routes at which to warn (“<1-100> percent”)
maximum_routes_warning_only	Boolean
allowas_in	Dictionary
enabled	Boolean
times	Integer			Min: 1 Max: 10	Number of local ASNs allowed in a BGP update
default_originate	Dictionary
enabled	Boolean
always	Boolean
route_map	String
update_source	String
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
prefix_list_in	String				Inbound prefix-list name
prefix_list_out	String				Outbound prefix-list name
neighbor_interfaces	List, items: Dictionary
- name	String	Required, Unique			Interface name
remote_as	String				BGP AS <1-4294967295> or AS number in asdot notation <1-65535>.<0-65535>
peer_group	String				Peer-group name
peer_filter	String				Peer-filter name
description	String
redistribute_routes	List, items: Dictionary
- source_protocol	String	Required, Unique
route_map	String
aggregate_addresses	List, items: Dictionary
- prefix	String	Required, Unique			IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”
advertise_only	Boolean
as_set	Boolean
summary_only	Boolean
attribute_map	String
match_map	String
address_family_ipv4	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
additional_paths	Dictionary
install	Boolean
install_ecmp_primary	Boolean
receive	Boolean
send	Dictionary
any	Boolean
backup	Boolean
ecmp	Boolean
ecmp_limit	Integer			Min: 2 Max: 64	Amount of ECMP paths to send
limit	Integer			Min: 2 Max: 64	Amount of paths to send
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
next_hop	Dictionary
address_family_ipv6	Dictionary
enabled	Boolean	Required
originate	Boolean
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv4 prefix “A.B.C.D/E”
route_map	String
address_family_ipv6	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
additional_paths	Dictionary
install	Boolean
install_ecmp_primary	Boolean
receive	Boolean
send	Dictionary
any	Boolean
backup	Boolean
ecmp	Boolean
ecmp_limit	Integer			Min: 2 Max: 64	Amount of ECMP paths to send
limit	Integer			Min: 2 Max: 64	Amount of paths to send
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv6 prefix “A:B:C:D:E:F:G:H/I”
route_map	String
address_family_ipv4_multicast	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
additional_paths	Dictionary
receive	Boolean
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv6 prefix “A.B.C.D/E”
route_map	String
address_family_ipv6_multicast	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
additional_paths	Dictionary
receive	Boolean
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv6 prefix “A:B:C:D:E:F:G:H/I”
route_map	String
address_family_flow_spec_ipv4	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
address_family_flow_spec_ipv6	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
address_families deprecated	List, items: Dictionary				This key is deprecated. Support will be removed in AVD version v5.0.0. Use address_family_* instead.
- address_family	String	Required, Unique
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
additional_paths	List, items: String
- <str>	String
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name
route_map_out	String				Outbound route-map name
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name
activate	Boolean
next_hop	Dictionary
address_family_ipv6_originate	Boolean
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”
route_map	String
eos_cli	String				Multiline EOS CLI rendered directly on the Router BGP, VRF definition in the final EOS configuration
session_trackers	List, items: Dictionary
- name	String	Required, Unique			Name of session tracker
recovery_delay	Integer			Min: 1 Max: 3600	Recovery delay in seconds

router_bgp:
  as: <str>
  router_id: <str>
  distance:
    external_routes: <int>
    internal_routes: <int>
    local_routes: <int>
  graceful_restart:
    enabled: <bool>
    restart_time: <int>
    stalepath_time: <int>
  graceful_restart_helper:
    enabled: <bool>
    restart_time: <int>
    long_lived: <bool>
  maximum_paths:
    paths: <int>
    ecmp: <int>
  updates:
    wait_for_convergence: <bool>
    wait_install: <bool>
  bgp_cluster_id: <str>
  bgp_defaults:
    - <str>
  bgp:
    default:
      ipv4_unicast: <bool>
      ipv4_unicast_transport_ipv6: <bool>
    route_reflector_preserve_attributes:
      enabled: <bool>
      always: <bool>
    bestpath:
      d_path: <bool>
  listen_ranges:
    - prefix: <str>
      peer_id_include_router_id: <bool>
      peer_group: <str>
      peer_filter: <str>
      remote_as: <str>
  peer_groups:
    - name: <str>
      type: <str>
      remote_as: <str>
      local_as: <str>
      description: <str>
      shutdown: <bool>
      as_path:
        remote_as_replace_out: <bool>
        prepend_own_disabled: <bool>
      remove_private_as:
        enabled: <bool>
        all: <bool>
        replace_as: <bool>
      remove_private_as_ingress:
        enabled: <bool>
        replace_as: <bool>
      peer_filter: <str>
      next_hop_unchanged: <bool>
      update_source: <str>
      route_reflector_client: <bool>
      bfd: <bool>
      ebgp_multihop: <int>
      next_hop_self: <bool>
      password: <str>
      passive: <bool>
      default_originate:
        enabled: <bool>
        always: <bool>
        route_map: <str>
      send_community: <str>
      maximum_routes: <int>
      maximum_routes_warning_limit: <str>
      maximum_routes_warning_only: <bool>
      link_bandwidth:
        enabled: <bool>
        default: <str>
      allowas_in:
        enabled: <bool>
        times: <int>
      weight: <int>
      timers: <str>
      rib_in_pre_policy_retain:
        enabled: <bool>
        all: <bool>
      route_map_in: <str>
      route_map_out: <str>
      bgp_listen_range_prefix: <str>
      session_tracker: <str>
  neighbors:
    - ip_address: <str>
      peer_group: <str>
      remote_as: <str>
      local_as: <str>
      as_path:
        remote_as_replace_out: <bool>
        prepend_own_disabled: <bool>
      description: <str>
      route_reflector_client: <bool>
      passive: <bool>
      shutdown: <bool>
      update_source: <str>
      bfd: <bool>
      weight: <int>
      timers: <str>
      route_map_in: <str>
      route_map_out: <str>
      default_originate:
        enabled: <bool>
        always: <bool>
        route_map: <str>
      send_community: <str>
      maximum_routes: <int>
      maximum_routes_warning_limit: <str>
      maximum_routes_warning_only: <bool>
      allowas_in:
        enabled: <bool>
        times: <int>
      ebgp_multihop: <int>
      next_hop_self: <bool>
      link_bandwidth:
        enabled: <bool>
        default: <str>
      rib_in_pre_policy_retain:
        enabled: <bool>
        all: <bool>
      remove_private_as:
        enabled: <bool>
        all: <bool>
        replace_as: <bool>
      remove_private_as_ingress:
        enabled: <bool>
        replace_as: <bool>
      session_tracker: <str>
  neighbor_interfaces:
    - name: <str>
      remote_as: <str>
      peer_group: <str>
      description: <str>
      peer_filter: <str>
  aggregate_addresses:
    - prefix: <str>
      advertise_only: <bool>
      as_set: <bool>
      summary_only: <bool>
      attribute_map: <str>
      match_map: <str>
  redistribute_routes:
    - source_protocol: <str>
      route_map: <str>
  vlan_aware_bundles:
    - name: <str>
      tenant: <str>
      description: <str>
      rd: <str>
      rd_evpn_domain:
        domain: <str>
        rd: <str>
      route_targets:
        both:
          - <str>
        import:
          - <str>
        export:
          - <str>
        import_evpn_domains:
          - domain: <str>
            route_target: <str>
        export_evpn_domains:
          - domain: <str>
            route_target: <str>
        import_export_evpn_domains:
          - domain: <str>
            route_target: <str>
      redistribute_routes:
        - <str>
      no_redistribute_routes:
        - <str>
      vlan: <str>
  vlans:
    - id: <int>
      tenant: <str>
      rd: <str>
      rd_evpn_domain:
        domain: <str>
        rd: <str>
      eos_cli: <str>
      route_targets:
        both:
          - <str>
        import:
          - <str>
        export:
          - <str>
        import_evpn_domains:
          - domain: <str>
            route_target: <str>
        export_evpn_domains:
          - domain: <str>
            route_target: <str>
        import_export_evpn_domains:
          - domain: <str>
            route_target: <str>
      redistribute_routes:
        - <str>
      no_redistribute_routes:
        - <str>
  vpws:
    - name: <str>
      rd: <str>
      route_targets:
        import_export: <str>
      mpls_control_word: <bool>
      label_flow: <bool>
      mtu: <int>
      pseudowires:
        - name: <str>
          id_local: <int>
          id_remote: <int>
  address_family_evpn:
    domain_identifier: <str>
    neighbor_default:
      encapsulation: <str>
      next_hop_self_source_interface: <str>
      next_hop_self_received_evpn_routes:
        enable: <bool>
        inter_domain: <bool>
    peer_groups:
      - name: <str>
        activate: <bool>
        route_map_in: <str>
        route_map_out: <str>
        domain_remote: <bool>
        encapsulation: <str>
    evpn_hostflap_detection:
      enabled: <bool>
      window: <int>
      threshold: <int>
      expiry_timeout: <int>
    route:
      import_match_failure_action: <str>
  address_family_rtc:
    peer_groups:
      - name: <str>
        activate: <bool>
        default_route_target:
          only: <bool>
          encoding_origin_as_omit: <str>
  address_family_ipv4:
    networks:
      - prefix: <str>
        route_map: <str>
    peer_groups:
      - name: <str>
        activate: <bool>
        route_map_in: <str>
        route_map_out: <str>
        default_originate:
          always: <bool>
          route_map: <str>
        next_hop:
          address_family_ipv6:
            enabled: <bool>
            originate: <bool>
          address_family_ipv6_originate: <bool>
        prefix_list_in: <str>
        prefix_list_out: <str>
    neighbors:
      - ip_address: <str>
        activate: <bool>
        route_map_in: <str>
        route_map_out: <str>
        prefix_list_in: <str>
        prefix_list_out: <str>
        default_originate:
          always: <bool>
          route_map: <str>
  address_family_ipv4_multicast:
    peer_groups:
      - name: <str>
        activate: <bool>
        route_map_in: <str>
        route_map_out: <str>
    neighbors:
      - ip_address: <str>
        activate: <bool>
        route_map_in: <str>
        route_map_out: <str>
    redistribute_routes:
      - source_protocol: <str>
        route_map: <str>
  address_family_ipv6:
    networks:
      - prefix: <str>
        route_map: <str>
    peer_groups:
      - name: <str>
        activate: <bool>
        route_map_in: <str>
        route_map_out: <str>
        prefix_list_in: <str>
        prefix_list_out: <str>
    neighbors:
      - ip_address: <str>
        activate: <bool>
        route_map_in: <str>
        route_map_out: <str>
        prefix_list_in: <str>
        prefix_list_out: <str>
    redistribute_routes:
      - source_protocol: <str>
        route_map: <str>
  address_family_ipv6_multicast:
    bgp:
      missing_policy:
        direction_in_action: <str>
        direction_out_action: <str>
      additional_paths:
        receive: <bool>
    neighbors:
      - ip_address: <str>
        activate: <bool>
        route_map_in: <str>
        route_map_out: <str>
    peer_groups:
      - name: <str>
        activate: <bool>
    networks:
      - prefix: <str>
        route_map: <str>
  address_family_flow_spec_ipv4:
    bgp:
      missing_policy:
        direction_in_action: <str>
        direction_out_action: <str>
    neighbors:
      - ip_address: <str>
        activate: <bool>
    peer_groups:
      - name: <str>
        activate: <bool>
  address_family_flow_spec_ipv6:
    bgp:
      missing_policy:
        direction_in_action: <str>
        direction_out_action: <str>
    neighbors:
      - ip_address: <str>
        activate: <bool>
    peer_groups:
      - name: <str>
        activate: <bool>
  address_family_vpn_ipv4:
    domain_identifier: <str>
    peer_groups:
      - name: <str>
        activate: <bool>
        route_map_in: <str>
        route_map_out: <str>
    route:
      import_match_failure_action: <str>
    neighbors:
      - ip_address: <str>
        activate: <bool>
        route_map_in: <str>
        route_map_out: <str>
    neighbor_default_encapsulation_mpls_next_hop_self:
      source_interface: <str>
  address_family_vpn_ipv6:
    domain_identifier: <str>
    peer_groups:
      - name: <str>
        activate: <bool>
        route_map_in: <str>
        route_map_out: <str>
    route:
      import_match_failure_action: <str>
    neighbors:
      - ip_address: <str>
        activate: <bool>
        route_map_in: <str>
        route_map_out: <str>
    neighbor_default_encapsulation_mpls_next_hop_self:
      source_interface: <str>
  vrfs:
    - name: <str>
      rd: <str>
      evpn_multicast: <bool>
      evpn_multicast_address_family:
        ipv4:
          transit: <bool>
      route_targets:
        import:
          - address_family: <str>
            route_targets:
              - <str>
        export:
          - address_family: <str>
            route_targets:
              - <str>
      router_id: <str>
      timers: <str>
      networks:
        - prefix: <str>
          route_map: <str>
      updates:
        wait_for_convergence: <bool>
        wait_install: <bool>
      listen_ranges:
        - prefix: <str>
          peer_id_include_router_id: <bool>
          peer_group: <str>
          peer_filter: <str>
          remote_as: <str>
      neighbors:
        - ip_address: <str>
          peer_group: <str>
          remote_as: <str>
          password: <str>
          passive: <bool>
          remove_private_as:
            enabled: <bool>
            all: <bool>
            replace_as: <bool>
          remove_private_as_ingress:
            enabled: <bool>
            replace_as: <bool>
          weight: <int>
          local_as: <str>
          as_path:
            remote_as_replace_out: <bool>
            prepend_own_disabled: <bool>
          description: <str>
          route_reflector_client: <bool>
          ebgp_multihop: <int>
          next_hop_self: <bool>
          shutdown: <bool>
          bfd: <bool>
          timers: <str>
          rib_in_pre_policy_retain:
            enabled: <bool>
            all: <bool>
          send_community: <str>
          maximum_routes: <int>
          maximum_routes_warning_limit: <str>
          maximum_routes_warning_only: <bool>
          allowas_in:
            enabled: <bool>
            times: <int>
          default_originate:
            enabled: <bool>
            always: <bool>
            route_map: <str>
          update_source: <str>
          route_map_in: <str>
          route_map_out: <str>
          prefix_list_in: <str>
          prefix_list_out: <str>
      neighbor_interfaces:
        - name: <str>
          remote_as: <str>
          peer_group: <str>
          peer_filter: <str>
          description: <str>
      redistribute_routes:
        - source_protocol: <str>
          route_map: <str>
      aggregate_addresses:
        - prefix: <str>
          advertise_only: <bool>
          as_set: <bool>
          summary_only: <bool>
          attribute_map: <str>
          match_map: <str>
      address_family_ipv4:
        bgp:
          missing_policy:
            direction_in_action: <str>
            direction_out_action: <str>
          additional_paths:
            install: <bool>
            install_ecmp_primary: <bool>
            receive: <bool>
            send:
              any: <bool>
              backup: <bool>
              ecmp: <bool>
              ecmp_limit: <int>
              limit: <int>
        neighbors:
          - ip_address: <str>
            activate: <bool>
            route_map_in: <str>
            route_map_out: <str>
            next_hop:
              address_family_ipv6:
                enabled: <bool>
                originate: <bool>
        networks:
          - prefix: <str>
            route_map: <str>
      address_family_ipv6:
        bgp:
          missing_policy:
            direction_in_action: <str>
            direction_out_action: <str>
          additional_paths:
            install: <bool>
            install_ecmp_primary: <bool>
            receive: <bool>
            send:
              any: <bool>
              backup: <bool>
              ecmp: <bool>
              ecmp_limit: <int>
              limit: <int>
        neighbors:
          - ip_address: <str>
            activate: <bool>
            route_map_in: <str>
            route_map_out: <str>
        networks:
          - prefix: <str>
            route_map: <str>
      address_family_ipv4_multicast:
        bgp:
          missing_policy:
            direction_in_action: <str>
            direction_out_action: <str>
          additional_paths:
            receive: <bool>
        neighbors:
          - ip_address: <str>
            activate: <bool>
            route_map_in: <str>
            route_map_out: <str>
        networks:
          - prefix: <str>
            route_map: <str>
      address_family_ipv6_multicast:
        bgp:
          missing_policy:
            direction_in_action: <str>
            direction_out_action: <str>
          additional_paths:
            receive: <bool>
        neighbors:
          - ip_address: <str>
            activate: <bool>
            route_map_in: <str>
            route_map_out: <str>
        networks:
          - prefix: <str>
            route_map: <str>
      address_family_flow_spec_ipv4:
        bgp:
          missing_policy:
            direction_in_action: <str>
            direction_out_action: <str>
        neighbors:
          - ip_address: <str>
            activate: <bool>
      address_family_flow_spec_ipv6:
        bgp:
          missing_policy:
            direction_in_action: <str>
            direction_out_action: <str>
        neighbors:
          - ip_address: <str>
            activate: <bool>
      address_families:
        - address_family: <str>
          bgp:
            missing_policy:
              direction_in_action: <str>
              direction_out_action: <str>
            additional_paths:
              - <str>
          neighbors:
            - ip_address: <str>
              activate: <bool>
              route_map_in: <str>
              route_map_out: <str>
          peer_groups:
            - name: <str>
              activate: <bool>
              next_hop:
                address_family_ipv6_originate: <bool>
          networks:
            - prefix: <str>
              route_map: <str>
      eos_cli: <str>
  session_trackers:
    - name: <str>
      recovery_delay: <int>

Router general

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_general	Dictionary
router_id	Dictionary
ipv4	String				IPv4 Address
ipv6	String				IPv6 Address
nexthop_fast_failover	Boolean		False
vrfs	List, items: Dictionary
- name	String	Required, Unique			Destination-VRF
leak_routes	List, items: Dictionary
- source_vrf	String
subscribe_policy	String				Route-Map Policy
routes	Dictionary
dynamic_prefix_lists	List, items: Dictionary
- name	String				Dynamic Prefix List Name

router_general:
  router_id:
    ipv4: <str>
    ipv6: <str>
  nexthop_fast_failover: <bool>
  vrfs:
    - name: <str>
      leak_routes:
        - source_vrf: <str>
          subscribe_policy: <str>
      routes:
        dynamic_prefix_lists:
          - name: <str>

Router ISIS

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_isis	Dictionary
instance	String				ISIS Instance Name
net	String				CLNS Address like “49.0001.0001.0000.0001.00”
router_id	String				IPv4 Address
is_type	String			Valid Values: - level-1 - level-1-2 - level-2
log_adjacency_changes	Boolean
mpls_ldp_sync_default	Boolean
timers	Dictionary
local_convergence	Dictionary
protected_prefixes	Boolean
delay	Integer		10000		Delay in milliseconds.
advertise	Dictionary
passive_only	Boolean
address_family	List, items: String
- <str> deprecated	String			Valid Values: - ipv4 - ipv6 - ipv4 unicast - ipv6 unicast	Address FamilyThis key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_ipv4.enabled or address_family_ipv6.enabled instead.
isis_af_defaults	List, items: String
- <str> deprecated	String				EOS CLI rendered under the address families Example “maximum-paths 64” This key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_ipv4/address_family_ipv6 instead.
redistribute_routes	List, items: Dictionary
- source_protocol	String	Required		Valid Values: - bgp - connected - isis - ospf - ospfv3 - static
route_map	String				Route-map name
include_leaked	Boolean
ospf_route_type	String			Valid Values: - external - internal - nssa-external	ospf_route_type is required with source_protocols ‘ospf’ and ‘ospfv3’
address_family_ipv4	Dictionary
enabled	Boolean
maximum_paths	Integer			Min: 1 Max: 128
fast_reroute_ti_lfa	Dictionary
mode	String			Valid Values: - link-protection - node-protection
level	String			Valid Values: - level-1 - level-2
srlg	Dictionary				Shared Risk Link Group
enable	Boolean
strict	Boolean
tunnel_source_labeled_unicast	Dictionary
enabled	Boolean
rcf	String				Route Control Function
address_family_ipv6	Dictionary
enabled	Boolean
maximum_paths	Integer			Min: 1 Max: 128
fast_reroute_ti_lfa	Dictionary
mode	String			Valid Values: - link-protection - node-protection
level	String			Valid Values: - level-1 - level-2	Optional, default is to protect all levels
srlg	Dictionary				Shared Risk Link Group
enable	Boolean
strict	Boolean
segment_routing_mpls	Dictionary
enabled	Boolean
router_id	String
prefix_segments	List, items: Dictionary
- prefix	String
index	Integer

router_isis:
  instance: <str>
  net: <str>
  router_id: <str>
  is_type: <str>
  log_adjacency_changes: <bool>
  mpls_ldp_sync_default: <bool>
  timers:
    local_convergence:
      protected_prefixes: <bool>
      delay: <int>
  advertise:
    passive_only: <bool>
  address_family:
    - <str>
  isis_af_defaults:
    - <str>
  redistribute_routes:
    - source_protocol: <str>
      route_map: <str>
      include_leaked: <bool>
      ospf_route_type: <str>
  address_family_ipv4:
    enabled: <bool>
    maximum_paths: <int>
    fast_reroute_ti_lfa:
      mode: <str>
      level: <str>
      srlg:
        enable: <bool>
        strict: <bool>
    tunnel_source_labeled_unicast:
      enabled: <bool>
      rcf: <str>
  address_family_ipv6:
    enabled: <bool>
    maximum_paths: <int>
    fast_reroute_ti_lfa:
      mode: <str>
      level: <str>
      srlg:
        enable: <bool>
        strict: <bool>
  segment_routing_mpls:
    enabled: <bool>
    router_id: <str>
    prefix_segments:
      - prefix: <str>
        index: <int>

Router L2 VPN

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_l2_vpn	Dictionary
arp_learning_bridged	Boolean
arp_proxy	Dictionary
prefix_list	String				Prefix-list name. ARP Proxying is disabled for IPv4 addresses defined in the prefix-list.
arp_selective_install	Boolean
nd_learning_bridged	Boolean
nd_proxy	Dictionary
prefix_list	String				Prefix-list name. ND Proxying is disabled for IPv6 addresses defined in the prefix-list.
nd_rs_flooding_disabled	Boolean
virtual_router_nd_ra_flooding_disabled	Boolean

router_l2_vpn:
  arp_learning_bridged: <bool>
  arp_proxy:
    prefix_list: <str>
  arp_selective_install: <bool>
  nd_learning_bridged: <bool>
  nd_proxy:
    prefix_list: <str>
  nd_rs_flooding_disabled: <bool>
  virtual_router_nd_ra_flooding_disabled: <bool>

Router OSPF

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_ospf	Dictionary
process_ids	List, items: Dictionary
- id	Integer	Required, Unique			OSPF Process ID
vrf	String				VRF Name for OSPF Process
passive_interface_default	Boolean
router_id	String				IPv4 Address
distance	Dictionary
external	Integer			Min: 1 Max: 255
inter_area	Integer			Min: 1 Max: 255
intra_area	Integer			Min: 1 Max: 255
log_adjacency_changes_detail	Boolean
network_prefixes	List, items: Dictionary
- ipv4_prefix	String	Required, Unique
area	String
bfd_enable	Boolean
bfd_adjacency_state_any	Boolean
no_passive_interfaces	List, items: String
- <str>	String				Interface Name
distribute_list_in	Dictionary
route_map	String
max_lsa	Integer
timers	Dictionary
lsa	Dictionary
rx_min_interval	Integer			Min: 0 Max: 600000	Min interval in msecs between accepting the same LSA
tx_delay	Dictionary
initial	Integer			Min: 0 Max: 600000	Delay to generate first occurrence of LSA in msecs
min	Integer			Min: 1 Max: 600000	Min delay between originating the same LSA in msecs
max	Integer			Min: 1 Max: 600000	1-600000 Maximum delay between originating the same LSA in msec
spf_delay	Dictionary
initial	Integer			Min: 0 Max: 600000	Initial SPF schedule delay in msecs
min	Integer			Min: 0 Max: 65535000	Min Hold time between two SPFs in msecs
max	Integer			Min: 0 Max: 65535000	Max wait time between two SPFs in msecs
default_information_originate	Dictionary
always	Boolean
metric	Integer			Min: 1 Max: 65535	Metric for default route
metric_type	Integer			Valid Values: - 1 - 2	OSPF metric type for default route
summary_addresses	List, items: Dictionary
- prefix	String	Required, Unique			Summary Prefix Address
tag	Integer
attribute_map	String
not_advertise	Boolean
redistribute	Dictionary
static	Dictionary
route_map	String				Route Map Name
include_leaked	Boolean
connected	Dictionary
route_map	String				Route Map Name
include_leaked	Boolean
bgp	Dictionary
route_map	String				Route Map Name
include_leaked	Boolean
auto_cost_reference_bandwidth	Integer				Bandwidth in mbps
areas	List, items: Dictionary
- id	String	Required, Unique
filter	Dictionary
networks	List, items: String
- <str>	String				IPv4 Prefix
prefix_list	String				Prefix-List Name
type	String		normal	Valid Values: - normal - stub - nssa
no_summary	Boolean
nssa_only	Boolean
default_information_originate	Dictionary
metric	Integer			Min: 1 Max: 65535	Metric for default route
metric_type	Integer			Valid Values: - 1 - 2	OSPF metric type for default route
maximum_paths	Integer			Min: 1 Max: 128
max_metric	Dictionary
router_lsa	Dictionary
external_lsa	Dictionary
override_metric	Integer			Min: 1 Max: 16777215
include_stub	Boolean
on_startup	String				“wait-for-bgp” or Integer 5-86400 Example: “wait-for-bgp” Or “222”
summary_lsa	Dictionary
override_metric	Integer			Min: 1 Max: 16777215
mpls_ldp_sync_default	Boolean

router_ospf:
  process_ids:
    - id: <int>
      vrf: <str>
      passive_interface_default: <bool>
      router_id: <str>
      distance:
        external: <int>
        inter_area: <int>
        intra_area: <int>
      log_adjacency_changes_detail: <bool>
      network_prefixes:
        - ipv4_prefix: <str>
          area: <str>
      bfd_enable: <bool>
      bfd_adjacency_state_any: <bool>
      no_passive_interfaces:
        - <str>
      distribute_list_in:
        route_map: <str>
      max_lsa: <int>
      timers:
        lsa:
          rx_min_interval: <int>
          tx_delay:
            initial: <int>
            min: <int>
            max: <int>
        spf_delay:
          initial: <int>
          min: <int>
          max: <int>
      default_information_originate:
        always: <bool>
        metric: <int>
        metric_type: <int>
      summary_addresses:
        - prefix: <str>
          tag: <int>
          attribute_map: <str>
          not_advertise: <bool>
      redistribute:
        static:
          route_map: <str>
          include_leaked: <bool>
        connected:
          route_map: <str>
          include_leaked: <bool>
        bgp:
          route_map: <str>
          include_leaked: <bool>
      auto_cost_reference_bandwidth: <int>
      areas:
        - id: <str>
          filter:
            networks:
              - <str>
            prefix_list: <str>
          type: <str>
          no_summary: <bool>
          nssa_only: <bool>
          default_information_originate:
            metric: <int>
            metric_type: <int>
      maximum_paths: <int>
      max_metric:
        router_lsa:
          external_lsa:
            override_metric: <int>
          include_stub: <bool>
          on_startup: <str>
          summary_lsa:
            override_metric: <int>
      mpls_ldp_sync_default: <bool>

Router traffic engineering

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_traffic_engineering	Dictionary
router_id	Dictionary
ipv4	String
ipv6	String
segment_routing	Dictionary
colored_tunnel_rib	Boolean
policy_endpoints	List, items: Dictionary
- address	String				IPv4 or IPv6 address
colors	List, items: Dictionary
- value	Integer	Required, Unique
binding_sid	Integer
description	String
name	String
sbfd_remote_discriminator	String				IPv4 address or 32 bit integer
path_group	List, items: Dictionary
- preference	Integer
explicit_null	String			Valid Values: - ipv4 - ipv6 - ipv4 ipv6 - none
segment_list	List, items: Dictionary
- label_stack	String				Label Stack as string. Example: “100 2000 30”
weight	Integer
index	Integer

router_traffic_engineering:
  router_id:
    ipv4: <str>
    ipv6: <str>
  segment_routing:
    colored_tunnel_rib: <bool>
    policy_endpoints:
      - address: <str>
        colors:
          - value: <int>
            binding_sid: <int>
            description: <str>
            name: <str>
            sbfd_remote_discriminator: <str>
            path_group:
              - preference: <int>
                explicit_null: <str>
                segment_list:
                  - label_stack: <str>
                    weight: <int>
                    index: <int>

Service routing configuration bgp

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
service_routing_configuration_bgp	Dictionary
no_equals_default	Boolean

service_routing_configuration_bgp:
  no_equals_default: <bool>

Service routing protocols model

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
service_routing_protocols_model	String			Valid Values: - multi-agent - ribd

service_routing_protocols_model: <str>

Static routes

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
static_routes	List, items: Dictionary
- vrf	String				VRF Name
destination_address_prefix	String				IPv4_network/Mask
interface	String
gateway	String				IPv4 Address
track_bfd	Boolean				Track next-hop using BFD
distance	Integer			Min: 1 Max: 255
tag	Integer			Min: 0 Max: 4294967295
name	String				Description
metric	Integer			Min: 0 Max: 4294967295

static_routes:
  - vrf: <str>
    destination_address_prefix: <str>
    interface: <str>
    gateway: <str>
    track_bfd: <bool>
    distance: <int>
    tag: <int>
    name: <str>
    metric: <int>

VRFs

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
vrfs	List, items: Dictionary				These keys are ignored if the name of the vrf is ‘default’
- name	String	Required, Unique			VRF Name
description	String
ip_routing	Boolean
ipv6_routing	Boolean
ip_routing_ipv6_interfaces	Boolean
tenant	String				Key only used for documentation or validation purposes

vrfs:
  - name: <str>
    description: <str>
    ip_routing: <bool>
    ipv6_routing: <bool>
    ip_routing_ipv6_interfaces: <bool>
    tenant: <str>

Switching

MLAG configuration

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
mlag_configuration	Dictionary
domain_id	String
heartbeat_interval	Integer				Heartbeat interval in milliseconds
local_interface	String				Local Interface Name
peer_address	String				IPv4 Address
peer_address_heartbeat	Dictionary
peer_ip	String				IPv4 Address
vrf	String				VRF Name
dual_primary_detection_delay	Integer			Min: 0 Max: 86400	Delay in seconds
dual_primary_recovery_delay_mlag	Integer			Min: 0 Max: 86400	Delay in seconds
dual_primary_recovery_delay_non_mlag	Integer			Min: 0 Max: 86400	Delay in seconds
peer_link	String				Port-Channel interface name
reload_delay_mlag	String				Delay in seconds <0-86400> or ‘infinity’
reload_delay_non_mlag	String				Delay in seconds <0-86400> or ‘infinity’

mlag_configuration:
  domain_id: <str>
  heartbeat_interval: <int>
  local_interface: <str>
  peer_address: <str>
  peer_address_heartbeat:
    peer_ip: <str>
    vrf: <str>
  dual_primary_detection_delay: <int>
  dual_primary_recovery_delay_mlag: <int>
  dual_primary_recovery_delay_non_mlag: <int>
  peer_link: <str>
  reload_delay_mlag: <str>
  reload_delay_non_mlag: <str>

Spanning-tree

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
spanning_tree	Dictionary
root_super	Boolean
edge_port	Dictionary
bpdufilter_default	Boolean
bpduguard_default	Boolean
mode	String			Valid Values: - mstp - rstp - rapid-pvst - none
bpduguard_rate_limit	Dictionary
default	Boolean
count	Integer				Maximum number of BPDUs per timer interval
rstp_priority	Integer
mst	Dictionary
pvst_border	Boolean
configuration	Dictionary
name	String
revision	Integer				0-65535
instances	List, items: Dictionary
- id	Integer	Required, Unique			Instance ID
vlans	String				”< vlan_id >, < vlan_id >-< vlan_id >” Example: 15,16,17,18
mst_instances	List, items: Dictionary
- id	String	Required, Unique			Instance ID
priority	Integer
no_spanning_tree_vlan	String				”< vlan_id >, < vlan_id >-< vlan_id >” Example: 105,202,505-506
rapid_pvst_instances	List, items: Dictionary
- id	String	Required, Unique			”< vlan_id >, < vlan_id >-< vlan_id >” Example: 105,202,505-506
priority	Integer

spanning_tree:
  root_super: <bool>
  edge_port:
    bpdufilter_default: <bool>
    bpduguard_default: <bool>
  mode: <str>
  bpduguard_rate_limit:
    default: <bool>
    count: <int>
  rstp_priority: <int>
  mst:
    pvst_border: <bool>
    configuration:
      name: <str>
      revision: <int>
      instances:
        - id: <int>
          vlans: <str>
  mst_instances:
    - id: <str>
      priority: <int>
  no_spanning_tree_vlan: <str>
  rapid_pvst_instances:
    - id: <str>
      priority: <int>

VLAN internal order

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
vlan_internal_order	Dictionary
allocation	String	Required		Valid Values: - ascending - descending
range	Dictionary	Required
beginning	Integer	Required		Min: 2 Max: 4094	First VLAN ID.
ending	Integer	Required		Min: 2 Max: 4094	Last VLAN ID.

vlan_internal_order:
  allocation: <str>
  range:
    beginning: <int>
    ending: <int>

VLANs

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
vlans	List, items: Dictionary
- id	Integer	Required, Unique			VLAN ID
name	String				VLAN Name
state	String			Valid Values: - active - suspend
trunk_groups	List, items: String
- <str>	String				Trunk Group Name
private_vlan	Dictionary
type	String			Valid Values: - community - isolated
primary_vlan	Integer				Primary VLAN ID
tenant	String				Key only used for documentation or validation purposes

vlans:
  - id: <int>
    name: <str>
    state: <str>
    trunk_groups:
      - <str>
    private_vlan:
      type: <str>
      primary_vlan: <int>
    tenant: <str>

System settings

Hardware counters

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
hardware_counters	Dictionary
features	List, items: Dictionary				This data model allows to configure the list of hardware counters feature available on Arista platforms. The name key accepts a list of valid_values which MUST be updated to support new feature as they are released in EOS. The available values of the different keys like ‘direction’ or ‘address_type’ are feature and hardware dependent and this model DOES NOT validate that the combinations are valid. It is the responsability of the user of this data model to make sure that the rendered CLI is accepted by the targeted device. Examples: * Use: yaml<br> hardware_counters:<br> features:<br> - name: ip<br> direction: out<br> layer3: true<br> units_packets: true<br> to render: eos<br> hardware counter feature ip out layer3 units packets<br> * Use: yaml<br> hardware_counters:<br> features:<br> - name: route<br> address_type: ipv4<br> vrf: test<br> prefix: 192.168.0.0/24<br> to render: eos<br> hardware counter feature route ipv4 vrf test 192.168.0.0/24<br>
- name	String			Valid Values: - acl - decap-group - directflow - ecn - flow-spec - gre tunnel interface - ip - mpls interface - mpls lfib - mpls tunnel - multicast - nexthop - pbr - pdp - policing interface - qos - qos dual-rate-policer - route - routed-port - subinterface - tapagg - traffic-class - traffic-policy - vlan - vlan-interface - vni decap - vni encap - vtep decap - vtep encap
direction	String			Valid Values: - in - out - cpu	Most features support only ‘in’ and ‘out’. Some like traffic-policy support ‘cpu’. Some features DO NOT have any direction. This validation IS NOT made by the schemas.
address_type	String			Valid Values: - ipv4 - ipv6 - mac	Supported only for the following features: - acl: [ipv4, ipv6, mac] if direction is ‘out’ - multicast: [ipv4, ipv6] - route: [ipv4, ipv6] This validation IS NOT made by the schemas.
layer3	Boolean				Supported only for the ‘ip’ feature
vrf	String				Supported only for the ‘route’ feature. This validation IS NOT made by the schemas.
prefix	String				Supported only for the ‘route’ feature. Mandatory for the ‘route’ feature. This validation IS NOT made by the schemas.
units_packets	Boolean

hardware_counters:
  features:
    - name: <str>
      direction: <str>
      address_type: <str>
      layer3: <bool>
      vrf: <str>
      prefix: <str>
      units_packets: <bool>

Hardware

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
hardware	Dictionary
access_list	Dictionary
mechanism	String			Valid Values: - algomatch - none - tcam
speed_groups	List, items: Dictionary
- speed_group	Integer	Required, Unique
serdes	String				Serdes speed like “10g” or “25g”

hardware:
  access_list:
    mechanism: <str>
  speed_groups:
    - speed_group: <int>
      serdes: <str>

IP hardware

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_hardware	Dictionary
fib	Dictionary
optimize	Dictionary
prefixes	Dictionary
profile	String			Valid Values: - internet - urpf-internet

ip_hardware:
  fib:
    optimize:
      prefixes:
        profile: <str>

IPv6 hardware

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_hardware	Dictionary
fib	Dictionary
optimize	Dictionary
prefixes	Dictionary
profile	String				Pre-defined profile ‘internet’ or user-defined profile name

ipv6_hardware:
  fib:
    optimize:
      prefixes:
        profile: <str>

L2 protocol

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
l2_protocol	Dictionary
forwarding_profiles	List, items: Dictionary
- name	String	Required, Unique
protocols	List, items: Dictionary
- name	String	Required, Unique		Valid Values: - bfd per-link rfc-7130 - e-lmi - isis - lacp - lldp - macsec - pause - stp
forward	Boolean
tagged_forward	Boolean
untagged_forward	Boolean

l2_protocol:
  forwarding_profiles:
    - name: <str>
      protocols:
        - name: <str>
          forward: <bool>
          tagged_forward: <bool>
          untagged_forward: <bool>

MAC address-table

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
mac_address_table	Dictionary
aging_time	Integer				Aging time in seconds
notification_host_flap	Dictionary
logging	Boolean
detection	Dictionary
window	Integer			Min: 2 Max: 300
moves	Integer			Min: 2 Max: 10

mac_address_table:
  aging_time: <int>
  notification_host_flap:
    logging: <bool>
    detection:
      window: <int>
      moves: <int>

Platform

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
platform	Dictionary
trident	Dictionary
forwarding_table_partition	String
sand	Dictionary				Most of the platform sand options are hardware dependant and optional
qos_maps	List, items: Dictionary
- traffic_class	Integer			Min: 0 Max: 7
to_network_qos	Integer			Min: 0 Max: 63
lag	Dictionary
hardware_only	Boolean
mode	String
forwarding_mode	String
multicast_replication	Dictionary
default	String			Valid Values: - ingress - egress

platform:
  trident:
    forwarding_table_partition: <str>
  sand:
    qos_maps:
      - traffic_class: <int>
        to_network_qos: <int>
    lag:
      hardware_only: <bool>
      mode: <str>
    forwarding_mode: <str>
    multicast_replication:
      default: <str>

PoE

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
poe	Dictionary
reboot	Dictionary				Set the global PoE power behavior for PoE ports when the system is rebooted.
action	String			Valid Values: - power-off - maintain	PoE action for interface. By default in EOS, reboot action is set to power-off.
interface_shutdown	Dictionary				Set the global PoE power behavior for PoE ports when ports are admin down
action	String			Valid Values: - power-off - maintain	PoE action for interface. By default in EOS, interface shutdown action is set to maintain.

poe:
  reboot:
    action: <str>
  interface_shutdown:
    action: <str>

PTP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ptp	Dictionary
mode	String			Valid Values: - boundary - transparent
forward_unicast	Boolean
clock_identity	String				The clock-id in xx:xx:xx:xx:xx:xx format
source	Dictionary
ip	String				Source IP
priority1	Integer			Min: 0 Max: 255
priority2	Integer			Min: 0 Max: 255
ttl	Integer			Min: 1 Max: 254
domain	Integer			Min: 0 Max: 255
message_type	Dictionary
general	Dictionary
dscp	Integer
event	Dictionary
dscp	Integer
monitor	Dictionary
enabled	Boolean		True
threshold	Dictionary
offset_from_master	Integer			Min: 0 Max: 1000000000
mean_path_delay	Integer			Min: 0 Max: 1000000000
drop	Dictionary
offset_from_master	Integer			Min: 0 Max: 1000000000
mean_path_delay	Integer			Min: 0 Max: 1000000000
missing_message	Dictionary
intervals	Dictionary
announce	Integer			Min: 2 Max: 255
follow_up	Integer			Min: 2 Max: 255
sync	Integer			Min: 2 Max: 255
sequence_ids	Dictionary
enabled	Boolean
announce	Integer			Min: 2 Max: 255
delay_resp	Integer			Min: 2 Max: 255
follow_up	Integer			Min: 2 Max: 255
sync	Integer			Min: 2 Max: 255

ptp:
  mode: <str>
  forward_unicast: <bool>
  clock_identity: <str>
  source:
    ip: <str>
  priority1: <int>
  priority2: <int>
  ttl: <int>
  domain: <int>
  message_type:
    general:
      dscp: <int>
    event:
      dscp: <int>
  monitor:
    enabled: <bool>
    threshold:
      offset_from_master: <int>
      mean_path_delay: <int>
      drop:
        offset_from_master: <int>
        mean_path_delay: <int>
    missing_message:
      intervals:
        announce: <int>
        follow_up: <int>
        sync: <int>
      sequence_ids:
        enabled: <bool>
        announce: <int>
        delay_resp: <int>
        follow_up: <int>
        sync: <int>

Redundancy

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
redundancy	Dictionary
protocol	String				Redundancy Protocol

redundancy:
  protocol: <str>

System

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
system	Dictionary
control_plane	Dictionary
tcp_mss	Dictionary
ipv4	Integer				Segment size
ipv6	Integer				Segment size
ipv4_access_groups	List, items: Dictionary
- acl_name	String	Required, Unique
vrf	String
ipv6_access_groups	List, items: Dictionary
- acl_name	String	Required, Unique
vrf	String

system:
  control_plane:
    tcp_mss:
      ipv4: <int>
      ipv6: <int>
    ipv4_access_groups:
      - acl_name: <str>
        vrf: <str>
    ipv6_access_groups:
      - acl_name: <str>
        vrf: <str>

TCAM profile

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
tcam_profile	Dictionary
system	String				TCAM profile name to activate
profiles	List, items: Dictionary
- name	String	Required, Unique			Tcam-Profile Name
config	String	Required			TCAM Profile Config. Since these can be very long, it is often a good idea to import the config from a file. Example: “{{ lookup(‘file’, ‘TCAM_TRAFFIC_POLICY.conf’) }}”

tcam_profile:
  system: <str>
  profiles:
    - name: <str>
      config: <str>

---

Last update: June 13, 2023