Input variables for eos_cli_config_gen¶
This document describes the supported input variables for the role arista.avd.eos_cli_config_gen
.
Since several data models have changed between AVD versions 3.x and 4.x, it is recommended to study the Porting Guide for AVD 4.x.x for existing deployments.
The input variables are documented below in tables and YAML.
All values are optional.
Note
All input variables are validated by a schema. If additional custom keys are desired, a key starting with an underscore _
, will be ignored.
Warning
Available features and variables may vary by platforms, refer to documentation on arista.com for specifics.
Authentication¶
AAA accounting¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
aaa_accounting | Dictionary | ||||
exec | Dictionary | ||||
console | Dictionary | ||||
type | String | Valid Values: - none - start-stop - stop-only |
|||
group | String | Group Name | |||
logging | Boolean | ||||
default | Dictionary | ||||
type | String | Valid Values: - none - start-stop - stop-only |
|||
group | String | Group Name | |||
logging | Boolean | ||||
system | Dictionary | ||||
default | Dictionary | ||||
type | String | Valid Values: - none - start-stop - stop-only |
|||
group | String | Group Name | |||
dot1x | Dictionary | ||||
default | Dictionary | ||||
type | String | Valid Values: - start-stop - stop-only |
|||
group | String | Group Name | |||
commands | Dictionary | ||||
console | List, items: Dictionary | ||||
- commands | String | Privelege level ‘all’ or 0-15 | |||
type | String | Valid Values: - none - start-stop - stop-only |
|||
group | String | Group Name | |||
logging | Boolean | ||||
default | List, items: Dictionary | ||||
- commands | String | Privelege level ‘all’ or 0-15 | |||
type | String | Valid Values: - none - start-stop - stop-only |
|||
group | String | Group Name | |||
logging | Boolean |
aaa_accounting:
exec:
console:
type: <str; "none" | "start-stop" | "stop-only">
# Group Name
group: <str>
logging: <bool>
default:
type: <str; "none" | "start-stop" | "stop-only">
# Group Name
group: <str>
logging: <bool>
system:
default:
type: <str; "none" | "start-stop" | "stop-only">
# Group Name
group: <str>
dot1x:
default:
type: <str; "start-stop" | "stop-only">
# Group Name
group: <str>
commands:
console:
# Privelege level 'all' or 0-15
- commands: <str>
type: <str; "none" | "start-stop" | "stop-only">
# Group Name
group: <str>
logging: <bool>
default:
# Privelege level 'all' or 0-15
- commands: <str>
type: <str; "none" | "start-stop" | "stop-only">
# Group Name
group: <str>
logging: <bool>
AAA authentication¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
aaa_authentication | Dictionary | ||||
login | Dictionary | ||||
default | String | Login authentication method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local” |
|||
console | String | Console authentication method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local” |
|||
enable | Dictionary | ||||
default | String | Enable authentication method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local” |
|||
dot1x | Dictionary | ||||
default | String | 802.1x authentication method(s) as a string. Examples: - “group radius” - “group MYGROUP group radius” |
|||
policies | Dictionary | ||||
on_failure_log | Boolean | ||||
on_success_log | Boolean | ||||
local | Dictionary | ||||
allow_nopassword | Boolean | ||||
lockout | Dictionary | ||||
failure | Integer | Min: 1 Max: 255 |
|||
duration | Integer | Min: 1 Max: 4294967295 |
|||
window | Integer | Min: 1 Max: 4294967295 |
aaa_authentication:
login:
# Login authentication method(s) as a string.
# Examples:
# - "group tacacs+ local"
# - "group MYGROUP none"
# - "group radius group MYGROUP local"
default: <str>
# Console authentication method(s) as a string.
# Examples:
# - "group tacacs+ local"
# - "group MYGROUP none"
# - "group radius group MYGROUP local"
console: <str>
enable:
# Enable authentication method(s) as a string.
# Examples:
# - "group tacacs+ local"
# - "group MYGROUP none"
# - "group radius group MYGROUP local"
default: <str>
dot1x:
# 802.1x authentication method(s) as a string.
# Examples:
# - "group radius"
# - "group MYGROUP group radius"
default: <str>
policies:
on_failure_log: <bool>
on_success_log: <bool>
local:
allow_nopassword: <bool>
lockout:
failure: <int; 1-255>
duration: <int; 1-4294967295>
window: <int; 1-4294967295>
AAA authorization¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
aaa_authorization | Dictionary | ||||
policy | Dictionary | ||||
local_default_role | String | ||||
exec | Dictionary | ||||
default | String | Exec authorization method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local” |
|||
config_commands | Boolean | ||||
serial_console | Boolean | ||||
dynamic | Dictionary | ||||
dot1x_additional_groups | List, items: String | Min Length: 1 | |||
- <str> | String | ||||
commands | Dictionary | ||||
all_default | String | Command authorization method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group tacacs+ group MYGROUP local |
|||
privilege | List, items: Dictionary | ||||
- level | String | Privilege level(s) 0-15 | |||
default | String | Command authorization method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group tacacs+ group MYGROUP local” |
aaa_authorization:
policy:
local_default_role: <str>
exec:
# Exec authorization method(s) as a string.
# Examples:
# - "group tacacs+ local"
# - "group MYGROUP none"
# - "group radius group MYGROUP local"
default: <str>
config_commands: <bool>
serial_console: <bool>
dynamic:
dot1x_additional_groups: # >=1 items
- <str>
commands:
# Command authorization method(s) as a string.
# Examples:
# - "group tacacs+ local"
# - "group MYGROUP none"
# - "group tacacs+ group MYGROUP local
all_default: <str>
privilege:
# Privilege level(s) 0-15
- level: <str>
# Command authorization method(s) as a string.
# Examples:
# - "group tacacs+ local"
# - "group MYGROUP none"
# - "group tacacs+ group MYGROUP local"
default: <str>
AAA root¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
aaa_root | Dictionary | ||||
secret | Dictionary | ||||
sha512_password | String |
AAA server groups¶
Enable password¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
enable_password | Dictionary | ||||
hash_algorithm | String | Valid Values: - md5 - sha512 |
|||
key | String | Must be the hash of the password using the specified algorithm. By default EOS salts the password, so the simplest is to generate the hash on an EOS device. |
IP radius source-interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_radius_source_interfaces | List, items: Dictionary | ||||
- name | String | Interface Name | |||
vrf | String | VRF Name |
IP tacacs source-interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_tacacs_source_interfaces | List, items: Dictionary | ||||
- name | String | Interface name | |||
vrf | String |
Local users¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
local_users | List, items: Dictionary | ||||
- name | String | Required, Unique | Username | ||
disabled | Boolean | If true, the user will be removed and all other settings are ignored. Useful for removing the default “admin” user. |
|||
privilege | Integer | Min: 0 Max: 15 |
Initial privilege level with local EXEC authorization. |
||
role | String | EOS RBAC Role to be assigned to the user such as “network-admin” or “network-operator” |
|||
sha512_password | String | SHA512 Hash of Password Must be the hash of the password. By default EOS salts the password with the username, so the simplest is to generate the hash on an EOS device using the same username. |
|||
no_password | Boolean | If set a password will not be configured for this user. “sha512_password” MUST not be defined for this user. |
|||
ssh_key | String | ||||
shell | String | Valid Values: - /bin/bash - /bin/sh - /sbin/nologin |
Specify shell for the user |
local_users:
# Username
- name: <str; required; unique>
# If true, the user will be removed and all other settings are ignored.
# Useful for removing the default "admin" user.
disabled: <bool>
# Initial privilege level with local EXEC authorization.
privilege: <int; 0-15>
# EOS RBAC Role to be assigned to the user such as "network-admin" or "network-operator"
role: <str>
# SHA512 Hash of Password
# Must be the hash of the password. By default EOS salts the password with the username, so the simplest is to generate the hash on an EOS device using the same username.
sha512_password: <str>
# If set a password will not be configured for this user. "sha512_password" MUST not be defined for this user.
no_password: <bool>
ssh_key: <str>
# Specify shell for the user
shell: <str; "/bin/bash" | "/bin/sh" | "/sbin/nologin">
Radius server¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
radius_server | Dictionary | ||||
attribute_32_include_in_access_req | Dictionary | ||||
hostname | Boolean | ||||
format | String | Specify the format of the NAS-Identifier. If ‘hostname’ is set, this is ignored. | |||
dynamic_authorization | Dictionary | ||||
port | Integer | Min: 0 Max: 65535 |
TCP Port | ||
tls_ssl_profile | String | Name of TLS profile | |||
hosts | List, items: Dictionary | ||||
- host | String | Required, Unique | Host IP address or name | ||
vrf | String | ||||
timeout | Integer | Min: 1 Max: 1000 |
|||
retransmit | Integer | Min: 0 Max: 100 |
|||
key | String | Encrypted key |
radius_server:
attribute_32_include_in_access_req:
hostname: <bool>
# Specify the format of the NAS-Identifier. If 'hostname' is set, this is ignored.
format: <str>
dynamic_authorization:
# TCP Port
port: <int; 0-65535>
# Name of TLS profile
tls_ssl_profile: <str>
hosts:
# Host IP address or name
- host: <str; required; unique>
vrf: <str>
timeout: <int; 1-1000>
retransmit: <int; 0-100>
# Encrypted key
key: <str>
Radius servers¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
radius_servers deprecated | List, items: Dictionary | This key is deprecated. Support will be removed in AVD version v5.0.0. Use radius_server.hosts instead. | |||
- host | String | Host IP address or name | |||
vrf | String | ||||
key | String | Encrypted key |
Roles¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
roles | List, items: Dictionary | ||||
- name | String | Role name | |||
sequence_numbers | List, items: Dictionary | ||||
- sequence | Integer | Sequence number | |||
action | String | Valid Values: - permit - deny |
|||
mode | String | “config”, “config-all”, “exec” or mode key as string |
|||
command | String | Command as string |
Tacacs servers¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
tacacs_servers | Dictionary | ||||
timeout | Integer | Min: 1 Max: 1000 |
Timeout in seconds | ||
hosts | List, items: Dictionary | ||||
- host | String | Host IP address or name | |||
vrf | String | ||||
key | String | Encrypted key | |||
key_type | String | 7 |
Valid Values: - 0 - 7 - 8a |
||
single_connection | Boolean | ||||
timeout | Integer | Min: 1 Max: 1000 |
Timeout in seconds | ||
policy_unknown_mandatory_attribute_ignore | Boolean |
tacacs_servers:
# Timeout in seconds
timeout: <int; 1-1000>
hosts:
# Host IP address or name
- host: <str>
vrf: <str>
# Encrypted key
key: <str>
key_type: <str; "0" | "7" | "8a"; default="7">
single_connection: <bool>
# Timeout in seconds
timeout: <int; 1-1000>
policy_unknown_mandatory_attribute_ignore: <bool>
ACLs¶
IP Extended access-lists¶
AVD currently supports two different data models for extended ACLs:
- The legacy
access_lists
data model, for compatibility with existing deployments - The improved
ip_access_lists
data model, for access to more EOS features
Both data models can coexists without conflicts, as different keys are used: access_lists
vs ip_access_lists
.
Access list names must be unique.
The legacy data model supports simplified ACL definition with sequence
to action
mapping:
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
access_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Access-list Name | ||
counters_per_entry | Boolean | ||||
sequence_numbers | List, items: Dictionary | Required | |||
- sequence | Integer | Required, Unique | Sequence ID | ||
action | String | Required | Action as string Example: “deny ip any any” |
The improved data model has a more sophisticated design documented below:
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_access_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Access-list Name | ||
counters_per_entry | Boolean | ||||
entries | List, items: Dictionary | ACL Entries | |||
- sequence | Integer | ACL entry sequence number. |
|||
remark | String | Comment up to 100 characters. If remark is defined, other keys in acl entry will be ignored. |
|||
action | String | Valid Values: - permit - deny |
ACL action. Required for standard entry. |
||
protocol | String | ip, tcp, udp, icmp or other protocol name or number. Required for standard entry. |
|||
source | String | any, A.B.C.D/E or A.B.C.D. A.B.C.D without a mask means host. Required for standard entry. |
|||
source_ports_match | String | eq |
Valid Values: - eq - gt - lt - neq - range |
||
source_ports | List, items: String | ||||
- <str> | String | TCP/UDP source port name or number. | |||
destination | String | any, A.B.C.D/E or A.B.C.D. A.B.C.D without a mask means host. Required for standard entry. |
|||
destination_ports_match | String | eq |
Valid Values: - eq - gt - lt - neq - range |
||
destination_ports | List, items: String | ||||
- <str> | String | TCP/UDP destination port name or number. | |||
tcp_flags | List, items: String | ||||
- <str> | String | TCP Flag Name | |||
fragments | Boolean | Match non-head fragment packets. | |||
log | Boolean | Log matches against this rule. | |||
ttl | Integer | Min: 0 Max: 255 |
TTL value | ||
ttl_match | String | eq |
Valid Values: - eq - gt - lt - neq |
||
icmp_type | String | Message type name/number for ICMP packets. | |||
icmp_code | String | Message code for ICMP packets. | |||
nexthop_group | String | nexthop-group name. | |||
tracked | Boolean | Match packets in existing ICMP/UDP/TCP connections. | |||
dscp | String | DSCP value or name. | |||
vlan_number | Integer | ||||
vlan_inner | Boolean | False |
|||
vlan_mask | String | 0x000-0xFFF VLAN mask. |
ip_access_lists:
# Access-list Name
- name: <str; required; unique>
counters_per_entry: <bool>
# ACL Entries
entries:
# ACL entry sequence number.
- sequence: <int>
# Comment up to 100 characters.
# If remark is defined, other keys in acl entry will be ignored.
remark: <str>
# ACL action.
# Required for standard entry.
action: <str; "permit" | "deny">
# ip, tcp, udp, icmp or other protocol name or number.
# Required for standard entry.
protocol: <str>
# any, A.B.C.D/E or A.B.C.D.
# A.B.C.D without a mask means host.
# Required for standard entry.
source: <str>
source_ports_match: <str; "eq" | "gt" | "lt" | "neq" | "range"; default="eq">
source_ports:
# TCP/UDP source port name or number.
- <str>
# any, A.B.C.D/E or A.B.C.D.
# A.B.C.D without a mask means host.
# Required for standard entry.
destination: <str>
destination_ports_match: <str; "eq" | "gt" | "lt" | "neq" | "range"; default="eq">
destination_ports:
# TCP/UDP destination port name or number.
- <str>
tcp_flags:
# TCP Flag Name
- <str>
# Match non-head fragment packets.
fragments: <bool>
# Log matches against this rule.
log: <bool>
# TTL value
ttl: <int; 0-255>
ttl_match: <str; "eq" | "gt" | "lt" | "neq"; default="eq">
# Message type name/number for ICMP packets.
icmp_type: <str>
# Message code for ICMP packets.
icmp_code: <str>
# nexthop-group name.
nexthop_group: <str>
# Match packets in existing ICMP/UDP/TCP connections.
tracked: <bool>
# DSCP value or name.
dscp: <str>
vlan_number: <int>
vlan_inner: <bool; default=False>
# 0x000-0xFFF VLAN mask.
vlan_mask: <str>
The improved data model allows to limit the number of ACL entries that AVD is allowed to generate by defining ip_access_lists_max_entries
.
Only normal entries under ip_access_lists
will be counted, remarks will be ignored.
If the number is above the limit, the playbook will fail. This provides a simplified control over hardware utilization.
The numbers must be based on the hardware tests and AVD does not provide any guidance. Note that other EOS features may use the same hardware resources and affect the supported scale.
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_access_lists_max_entries | Integer | Limit ACL entries defined under the ip_access_lists . |
IPv6 access-lists¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ipv6_access_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | IPv6 Access-list Name | ||
counters_per_entry | Boolean | ||||
sequence_numbers | List, items: Dictionary | Required | |||
- sequence | Integer | Required, Unique | Sequence ID | ||
action | String | Required | Action as string Example: “deny ipv6 any any” |
IPv6 standard access-lists¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ipv6_standard_access_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Access-list Name | ||
counters_per_entry | Boolean | ||||
sequence_numbers | List, items: Dictionary | Required | |||
- sequence | Integer | Required, Unique | Sequence ID | ||
action | String | Required | Action as string Example: “deny ipv6 any any” |
MAC access-lists¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
mac_access_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | MAC Access-list Name | ||
counters_per_entry | Boolean | ||||
entries | List, items: Dictionary | ||||
- sequence | Integer | ||||
action | String |
Standard access-lists¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
standard_access_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Access-list Name | ||
counters_per_entry | Boolean | ||||
sequence_numbers | List, items: Dictionary | Required | |||
- sequence | Integer | Required, Unique | Sequence ID | ||
action | String | Required | Action as string Example: “deny ip any any” |
Endpoint Security¶
Address-locking¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
address_locking | Dictionary | ||||
dhcp_servers_ipv4 | List, items: String | ||||
- <str> | String | DHCP server IPv4 address | |||
disabled | Boolean | Disable IP locking on configured ports | |||
leases | List, items: Dictionary | ||||
- ip | String | Required | IP address | ||
mac | String | Required | MAC address (hhhh.hhhh.hhhh or hh:hh:hh:hh:hh:hh) | ||
local_interface | String | ||||
locked_address | Dictionary | ||||
expiration_mac_disabled | Boolean | Configure deauthorizing locked addresses upon MAC aging out | |||
ipv4_enforcement_disabled | Boolean | Configure enforcement for locked IPv4 addresses | |||
ipv6_enforcement_disabled | Boolean | Configure enforcement for locked IPv6 addresses |
address_locking:
dhcp_servers_ipv4:
# DHCP server IPv4 address
- <str>
# Disable IP locking on configured ports
disabled: <bool>
leases:
# IP address
- ip: <str; required>
# MAC address (hhhh.hhhh.hhhh or hh:hh:hh:hh:hh:hh)
mac: <str; required>
local_interface: <str>
locked_address:
# Configure deauthorizing locked addresses upon MAC aging out
expiration_mac_disabled: <bool>
# Configure enforcement for locked IPv4 addresses
ipv4_enforcement_disabled: <bool>
# Configure enforcement for locked IPv6 addresses
ipv6_enforcement_disabled: <bool>
Dot1x¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
dot1x | Dictionary | ||||
system_auth_control | Boolean | ||||
protocol_lldp_bypass | Boolean | ||||
dynamic_authorization | Boolean | ||||
mac_based_authentication | Dictionary | ||||
delay | Integer | Min: 0 Max: 300 |
|||
hold_period | Integer | Min: 1 Max: 300 |
|||
radius_av_pair | Dictionary | ||||
service_type | Boolean | ||||
framed_mtu | Integer | Min: 68 Max: 9236 |
MAC security¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
mac_security | Dictionary | ||||
license | Dictionary | ||||
license_name | String | Required | |||
license_key | String | Required | |||
fips_restrictions | Boolean | ||||
profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | Profile-Name | ||
cipher | String | Valid Values: - aes128-gcm - aes128-gcm-xpn - aes256-gcm - aes256-gcm-xpn |
|||
connection_keys | List, items: Dictionary | ||||
- id | String | Required, Unique | |||
encrypted_key | String | ||||
fallback | Boolean | ||||
mka | Dictionary | ||||
key_server_priority | Integer | Min: 0 Max: 255 |
|||
session | Dictionary | ||||
rekey_period | Integer | Min: 30 Max: 100000 |
Rekey period in seconds | ||
sci | Boolean | ||||
l2_protocols | Dictionary | ||||
ethernet_flow_control | Dictionary | ||||
mode | String | Required | Valid Values: - encrypt - bypass |
||
lldp | Dictionary | ||||
mode | String | Required | Valid Values: - bypass - bypass unauthorized |
mac_security:
license:
license_name: <str; required>
license_key: <str; required>
fips_restrictions: <bool>
profiles:
# Profile-Name
- name: <str; required; unique>
cipher: <str; "aes128-gcm" | "aes128-gcm-xpn" | "aes256-gcm" | "aes256-gcm-xpn">
connection_keys:
- id: <str; required; unique>
encrypted_key: <str>
fallback: <bool>
mka:
key_server_priority: <int; 0-255>
session:
# Rekey period in seconds
rekey_period: <int; 30-100000>
sci: <bool>
l2_protocols:
ethernet_flow_control:
mode: <str; "encrypt" | "bypass"; required>
lldp:
mode: <str; "bypass" | "bypass unauthorized"; required>
Filters and policies¶
AS path¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
as_path | Dictionary | ||||
regex_mode | String | Valid Values: - asn - string |
|||
access_lists | List, items: Dictionary | ||||
- name | String | Access List Name | |||
entries | List, items: Dictionary | ||||
- type | String | Valid Values: - permit - deny |
|||
match | String | Regex To Match | |||
origin | String | any |
Valid Values: - any - egp - igp - incomplete |
Class-maps¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
class_maps | Dictionary | ||||
pbr | List, items: Dictionary | ||||
- name | String | Required, Unique | Class-Map Name | ||
ip | Dictionary | ||||
access_group | String | Standard Access-List Name | |||
qos | List, items: Dictionary | ||||
- name | String | Required, Unique | Class-Map Name | ||
vlan | String | VLAN value(s) or range(s) of VLAN values | |||
cos | String | CoS value(s) or range(s) of CoS values | |||
ip | Dictionary | ||||
access_group | String | IPv4 Access-List Name | |||
ipv6 | Dictionary | ||||
access_group | String | IPv6 Access-List Name |
class_maps:
pbr:
# Class-Map Name
- name: <str; required; unique>
ip:
# Standard Access-List Name
access_group: <str>
qos:
# Class-Map Name
- name: <str; required; unique>
# VLAN value(s) or range(s) of VLAN values
vlan: <str>
# CoS value(s) or range(s) of CoS values
cos: <str>
ip:
# IPv4 Access-List Name
access_group: <str>
ipv6:
# IPv6 Access-List Name
access_group: <str>
Dynamic prefix lists¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
dynamic_prefix_lists | List, items: Dictionary | ||||
- name | String | Dynamic prefix-list name | |||
match_map | String | Route-map name | |||
prefix_list | Dictionary | ||||
ipv4 | String | Prefix-list name | |||
ipv6 | String | Prefix-list name |
IP community lists¶
AVD currently supports two different data models for community lists:
- The legacy
community_lists
data model that can be used for compatibility with the existing deployments. - The improved
ip_community_lists
data model.
Both data models can coexist without conflicts, as different keys are used: community_lists
vs ip_community_lists
.
Community list names must be unique.
The legacy data model supports simplified community list definition that only allows a single action to be defined as string:
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
community_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Community-list Name | ||
action | String | Required | Action as string Example: “permit GSHUT 65123:123” |
The improved data model has a better design documented below:
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_community_lists | List, items: Dictionary | Communities and regexp entries MUST not be configured in the same community-list |
|||
- name | String | Required, Unique | IP Community-list Name | ||
entries | List, items: Dictionary | Required | |||
- action | String | Required | Valid Values: - permit - deny |
||
communities | List, items: String | If defined, a standard community-list will be configured. Supported community strings (case insensitive): - GSHUT - internet - local-as - no-advertise - no-export - <1-4294967040> - aa:nn |
|||
- <str> | String | ||||
regexp | String | Regular Expression If defined, a regex community-list will be configured |
# Communities and regexp entries MUST not be configured in the same community-list
ip_community_lists:
# IP Community-list Name
- name: <str; required; unique>
entries: # required
- action: <str; "permit" | "deny"; required>
# If defined, a standard community-list will be configured.
# Supported community strings (case insensitive):
# - GSHUT
# - internet
# - local-as
# - no-advertise
# - no-export
# - <1-4294967040>
# - aa:nn
communities:
- <str>
# Regular Expression
# If defined, a regex community-list will be configured
regexp: <str>
IP extcommunity-lists¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_extcommunity_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Community-list Name | ||
entries | List, items: Dictionary | Required | |||
- type | String | Required | Valid Values: - permit - deny |
||
extcommunities | String | Required | Communities as string Example: “65000:65000” |
IP extcommunity-lists-regexp¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_extcommunity_lists_regexp | List, items: Dictionary | ||||
- name | String | Required, Unique | Community-list Name | ||
entries | List, items: Dictionary | Required | |||
- type | String | Required | Valid Values: - permit - deny |
||
regexp | String | Required | Regular Expression |
IPv6 prefix-lists¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ipv6_prefix_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Prefix-list Name | ||
sequence_numbers | List, items: Dictionary | Required | |||
- sequence | Integer | Required, Unique | Sequence ID | ||
action | String | Required | Action as string Example: “permit 1b11:3a00:22b0:0082::/64 eq 128” |
Match list input¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
match_list_input | Dictionary | ||||
string | List, items: Dictionary | ||||
- name | String | Required, Unique | Match-list Name | ||
sequence_numbers | List, items: Dictionary | Required | |||
- sequence | Integer | Required, Unique | Sequence ID | ||
match_regex | String | Required | Regular Expression |
Peer-filters¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
peer_filters | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-filter Name | ||
sequence_numbers | List, items: Dictionary | Required | |||
- sequence | Integer | Required, Unique | Sequence ID | ||
match | String | Required | Match as string Example: “as-range 1-100 result accept” |
Policy-maps¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
policy_maps | Dictionary | ||||
pbr | List, items: Dictionary | PBR Policy-Maps | |||
- name | String | Required, Unique | Policy-Map Name | ||
classes | List, items: Dictionary | ||||
- name | String | Required, Unique | Class Name | ||
index | Integer | ||||
drop | Boolean | ‘drop’ and ‘set’ are mutually exclusive | |||
set | Dictionary | Set Nexthop ‘drop’ and ‘set’ are mutually exclusive |
|||
nexthop | Dictionary | ||||
ip_address | String | IPv4 or IPv6 Address | |||
recursive | Boolean | ||||
qos | List, items: Dictionary | QOS Policy-Maps | |||
- name | String | Required, Unique | Policy-Map Name | ||
classes | List, items: Dictionary | ||||
- name | String | Required, Unique | Class Name | ||
set | Dictionary | ||||
cos | Integer | ||||
dscp | String | ||||
traffic_class | Integer | ||||
drop_precedence | Integer |
policy_maps:
# PBR Policy-Maps
pbr:
# Policy-Map Name
- name: <str; required; unique>
classes:
# Class Name
- name: <str; required; unique>
index: <int>
# 'drop' and 'set' are mutually exclusive
drop: <bool>
# Set Nexthop
# 'drop' and 'set' are mutually exclusive
set:
nexthop:
# IPv4 or IPv6 Address
ip_address: <str>
recursive: <bool>
# QOS Policy-Maps
qos:
# Policy-Map Name
- name: <str; required; unique>
classes:
# Class Name
- name: <str; required; unique>
set:
cos: <int>
dscp: <str>
traffic_class: <int>
drop_precedence: <int>
Prefix-lists¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
prefix_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Prefix-list Name | ||
sequence_numbers | List, items: Dictionary | ||||
- sequence | Integer | Required, Unique | Sequence ID | ||
action | String | Required | Action as string Example: “permit 10.255.0.0/27 eq 32” |
Route-maps¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
route_maps | List, items: Dictionary | ||||
- name | String | Required, Unique | Route-map Name | ||
sequence_numbers | List, items: Dictionary | Required | |||
- sequence | Integer | Required, Unique | Sequence ID | ||
type | String | Required | Valid Values: - permit - deny |
||
description | String | ||||
match | List, items: String | List of “match” statements | |||
- <str> | String | Match as string Example: “ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY” |
|||
set | List, items: String | List of “set” statements | |||
- <str> | String | Set as string Example: “origin incomplete” |
|||
sub_route_map | String | Name of Sub-Route-map | |||
continue | Dictionary | ||||
enabled | Boolean | ||||
sequence_number | Integer |
route_maps:
# Route-map Name
- name: <str; required; unique>
sequence_numbers: # required
# Sequence ID
- sequence: <int; required; unique>
type: <str; "permit" | "deny"; required>
description: <str>
# List of "match" statements
match:
# Match as string
# Example: "ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY"
- <str>
# List of "set" statements
set:
# Set as string
# Example: "origin incomplete"
- <str>
# Name of Sub-Route-map
sub_route_map: <str>
continue:
enabled: <bool>
sequence_number: <int>
Trackers¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
trackers | List, items: Dictionary | ||||
- name | String | Required, Unique | Name of tracker object | ||
interface | String | Required | Name of tracked interface | ||
tracked_property | String | line-protocol |
Property to track |
Traffic policies¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
traffic_policies | Dictionary | ||||
options | Dictionary | ||||
counter_per_interface | Boolean | ||||
field_sets | Dictionary | ||||
ipv4 | List, items: Dictionary | ||||
- name | String | Required, Unique | IPv4 Prefix Field Set Name | ||
prefixes | List, items: String | ||||
- <str> | String | IPv4 Prefix | |||
ipv6 | List, items: Dictionary | ||||
- name | String | Required, Unique | IPv6 Prefix Field Set Name | ||
prefixes | List, items: String | ||||
- <str> | String | IPv6 Prefix | |||
ports | List, items: Dictionary | ||||
- name | String | Required, Unique | L4 Port Field Set Name | ||
port_range | String | Example: ‘10,20,80,440-450’ | |||
policies | List, items: Dictionary | ||||
- name | String | Required, Unique | Traffic Policy Name | ||
matches | List, items: Dictionary | ||||
- name | String | Required, Unique | Traffic Policy Item | ||
type | String | Valid Values: - ipv4 - ipv6 |
|||
source | Dictionary | ||||
prefixes | List, items: String | ||||
- <str> | String | IP address or prefix | |||
prefix_lists | List, items: String | Field-set prefix lists | |||
- <str> | String | ||||
destination | Dictionary | ||||
prefixes | List, items: String | ||||
- <str> | String | IP address or prefix | |||
prefix_lists | List, items: String | Field-set prefix lists | |||
- <str> | String | ||||
ttl | String | TTL range | |||
fragment | Dictionary | The ‘fragment’ command is not supported when ‘source port’ or ‘destination port’ command is configured |
|||
offset | String | Fragment offset range | |||
protocols | List, items: Dictionary | ||||
- protocol | String | Required, Unique | |||
src_port | String | Port range | |||
dst_port | String | Port range | |||
src_field | String | L4 port range field set | |||
dst_field | String | L4 port range field set | |||
flags | List, items: String | ||||
- <str> | String | Valid Values: - established - initial |
|||
icmp_type | List, items: String | ||||
- <str> | String | ||||
actions | Dictionary | ||||
dscp | Integer | ||||
traffic_class | Integer | Traffic class ID | |||
count | String | Counter name | |||
drop | Boolean | ||||
log | Boolean | Only supported when action is set to drop | |||
default_actions | Dictionary | ||||
ipv4 | Dictionary | ||||
dscp | Integer | ||||
traffic_class | Integer | Traffic class ID | |||
count | String | Counter name | |||
drop | Boolean | ||||
log | Boolean | Only supported when action is set to drop | |||
ipv6 | Dictionary | ||||
dscp | Integer | ||||
traffic_class | Integer | Traffic class ID | |||
count | String | Counter name | |||
drop | Boolean | ||||
log | Boolean | Only supported when action is set to drop |
traffic_policies:
options:
counter_per_interface: <bool>
field_sets:
ipv4:
# IPv4 Prefix Field Set Name
- name: <str; required; unique>
prefixes:
# IPv4 Prefix
- <str>
ipv6:
# IPv6 Prefix Field Set Name
- name: <str; required; unique>
prefixes:
# IPv6 Prefix
- <str>
ports:
# L4 Port Field Set Name
- name: <str; required; unique>
# Example: '10,20,80,440-450'
port_range: <str>
policies:
# Traffic Policy Name
- name: <str; required; unique>
matches:
# Traffic Policy Item
- name: <str; required; unique>
type: <str; "ipv4" | "ipv6">
source:
prefixes:
# IP address or prefix
- <str>
# Field-set prefix lists
prefix_lists:
- <str>
destination:
prefixes:
# IP address or prefix
- <str>
# Field-set prefix lists
prefix_lists:
- <str>
# TTL range
ttl: <str>
# The 'fragment' command is not supported when 'source port'
# or 'destination port' command is configured
fragment:
# Fragment offset range
offset: <str>
protocols:
- protocol: <str; required; unique>
# Port range
src_port: <str>
# Port range
dst_port: <str>
# L4 port range field set
src_field: <str>
# L4 port range field set
dst_field: <str>
flags:
- <str; "established" | "initial">
icmp_type:
- <str>
actions:
dscp: <int>
# Traffic class ID
traffic_class: <int>
# Counter name
count: <str>
drop: <bool>
# Only supported when action is set to drop
log: <bool>
default_actions:
ipv4:
dscp: <int>
# Traffic class ID
traffic_class: <int>
# Counter name
count: <str>
drop: <bool>
# Only supported when action is set to drop
log: <bool>
ipv6:
dscp: <int>
# Traffic class ID
traffic_class: <int>
# Counter name
count: <str>
drop: <bool>
# Only supported when action is set to drop
log: <bool>
Interfaces¶
DPS interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
dps_interfaces | List, items: Dictionary | Min Length: 1 Max Length: 1 |
|||
- name | String | Required, Unique | Valid Values: - Dps1 |
“Dps1” is currently the only supported interface. | |
description | String | ||||
shutdown | Boolean | ||||
mtu | Integer | Min: 68 Max: 65535 |
Maximum Transmission Unit in bytes. | ||
ip_address | String | IPv4 address/mask. | |||
flow_tracker | Dictionary | ||||
sampled | String | Sampled flow tracker name. | |||
hardware | String | Hardware flow tracker name, | |||
tcp_mss_ceiling | Dictionary | ||||
ipv4 | Integer | Min: 64 Max: 65495 |
Segment Size for IPv4. | ||
ipv6 | Integer | Min: 64 Max: 65475 |
Segment Size for IPv6. | ||
direction | String | Valid Values: - ingress - egress |
Optional direction (‘ingress’, ‘egress’) for tcp mss ceiling. | ||
eos_cli | String | Multiline String with EOS CLI rendered directly on the Dps interface in the final EOS configuration. |
dps_interfaces: # 1-1 items
# "Dps1" is currently the only supported interface.
- name: <str; "Dps1"; required; unique>
description: <str>
shutdown: <bool>
# Maximum Transmission Unit in bytes.
mtu: <int; 68-65535>
# IPv4 address/mask.
ip_address: <str>
flow_tracker:
# Sampled flow tracker name.
sampled: <str>
# Hardware flow tracker name,
hardware: <str>
tcp_mss_ceiling:
# Segment Size for IPv4.
ipv4: <int; 64-65495>
# Segment Size for IPv6.
ipv6: <int; 64-65475>
# Optional direction ('ingress', 'egress') for tcp mss ceiling.
direction: <str; "ingress" | "egress">
# Multiline String with EOS CLI rendered directly on the Dps interface in the final EOS configuration.
eos_cli: <str>
Errdisable¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
errdisable | Dictionary | ||||
detect | Dictionary | ||||
causes | List, items: String | ||||
- <str> | String | Valid Values: - acl - arp-inspection - dot1x - link-change - tapagg - xcvr-misconfigured - xcvr-overheat - xcvr-power-unsupported |
|||
recovery | Dictionary | ||||
causes | List, items: String | ||||
- <str> | String | Valid Values: - arp-inspection - bpduguard - dot1x - hitless-reload-down - lacp-rate-limit - link-flap - no-internal-vlan - portchannelguard - portsec - speed-misconfigured - tap-port-init - tapagg - uplink-failure-detection - xcvr-misconfigured - xcvr-overheat - xcvr-power-unsupported - xcvr-unsupported |
|||
interval | Integer | 300 |
Min: 30 Max: 86400 |
Interval in seconds |
errdisable:
detect:
causes:
- <str; "acl" | "arp-inspection" | "dot1x" | "link-change" | "tapagg" | "xcvr-misconfigured" | "xcvr-overheat" | "xcvr-power-unsupported">
recovery:
causes:
- <str; "arp-inspection" | "bpduguard" | "dot1x" | "hitless-reload-down" | "lacp-rate-limit" | "link-flap" | "no-internal-vlan" | "portchannelguard" | "portsec" | "speed-misconfigured" | "tap-port-init" | "tapagg" | "uplink-failure-detection" | "xcvr-misconfigured" | "xcvr-overheat" | "xcvr-power-unsupported" | "xcvr-unsupported">
# Interval in seconds
interval: <int; 30-86400; default=300>
Ethernet interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ethernet_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
description | String | ||||
shutdown | Boolean | ||||
load_interval | Integer | Min: 0 Max: 600 |
Interval in seconds for updating interface counters” | ||
speed | String | Speed should be set in the format <interface_speed> or forced <interface_speed> or auto <interface_speed> . |
|||
mtu | Integer | Min: 68 Max: 65535 |
|||
l2_mtu | Integer | Min: 68 Max: 65535 |
“l2_mtu” should only be defined for platforms supporting the “l2 mtu” CLI |
||
l2_mru | Integer | Min: 68 Max: 65535 |
“l2_mru” should only be defined for platforms supporting the “l2 mru” CLI |
||
vlans | String | List of switchport vlans as string For a trunk port this would be a range like “1-200,300” For an access port this would be a single vlan “123” |
|||
native_vlan | Integer | ||||
native_vlan_tag | Boolean | If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence | |||
mode | String | Valid Values: - access - dot1q-tunnel - trunk - trunk phone |
|||
phone | Dictionary | ||||
trunk | String | Valid Values: - tagged - tagged phone - untagged - untagged phone |
|||
vlan | Integer | Min: 1 Max: 4094 |
|||
l2_protocol | Dictionary | ||||
encapsulation_dot1q_vlan | Integer | Vlan tag to configure on sub-interface | |||
forwarding_profile | String | L2 protocol forwarding profile | |||
trunk_groups | List, items: String | ||||
- <str> | String | ||||
type | String | Valid Values: - routed - switched - l3dot1q - l2dot1q - port-channel-member |
l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed. Interface will not be listed in device documentation, unless “type” is set. |
||
snmp_trap_link_change | Boolean | ||||
address_locking | Dictionary | ||||
ipv4 | Boolean | Enable address locking for IPv4 | |||
ipv6 | Boolean | Enable address locking for IPv6 | |||
flowcontrol | Dictionary | ||||
received | String | Valid Values: - desired - on - off |
|||
vrf | String | VRF name | |||
flow_tracker | Dictionary | ||||
sampled | String | Sampled flow tracker name. | |||
hardware | String | Hardware flow tracker name. | |||
error_correction_encoding | Dictionary | ||||
enabled | Boolean | True |
|||
fire_code | Boolean | ||||
reed_solomon | Boolean | ||||
link_tracking_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Group name | ||
direction | String | Valid Values: - upstream - downstream |
|||
evpn_ethernet_segment | Dictionary | ||||
identifier | String | EVPN Ethernet Segment Identifier (Type 1 format) | |||
redundancy | String | Valid Values: - all-active - single-active |
|||
designated_forwarder_election | Dictionary | ||||
algorithm | String | Valid Values: - modulus - preference |
|||
preference_value | Integer | Min: 0 Max: 65535 |
Preference_value is only used when “algorithm” is “preference” | ||
dont_preempt | Boolean | Dont_preempt is only used when “algorithm” is “preference” | |||
hold_time | Integer | ||||
subsequent_hold_time | Integer | ||||
candidate_reachability_required | Boolean | ||||
mpls | Dictionary | ||||
shared_index | Integer | Min: 1 Max: 1024 |
|||
tunnel_flood_filter_time | Integer | ||||
route_target | String | EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx | |||
encapsulation_dot1q_vlan | Integer | VLAN tag to configure on sub-interface | |||
encapsulation_vlan | Dictionary | ||||
client | Dictionary | ||||
dot1q | Dictionary | ||||
vlan | Integer | Client VLAN ID | |||
outer | Integer | Client Outer VLAN ID | |||
inner | Integer | Client Inner VLAN ID | |||
unmatched | Boolean | ||||
network | Dictionary | Network encapsulations are all optional and skipped if using client unmatched | |||
dot1q | Dictionary | ||||
vlan | Integer | Network VLAN ID | |||
outer | Integer | Network outer VLAN ID | |||
inner | Integer | Network inner VLAN ID | |||
client | Boolean | ||||
vlan_id | Integer | Min: 1 Max: 4094 |
|||
ip_address | String | IPv4 address/mask or “dhcp” | |||
ip_address_secondaries | List, items: String | ||||
- <str> | String | ||||
dhcp_client_accept_default_route | Boolean | Install default-route obtained via DHCP | |||
dhcp_server_ipv4 | Boolean | Enable IPv4 DHCP server. | |||
dhcp_server_ipv6 | Boolean | Enable IPv6 DHCP server. | |||
ip_helpers | List, items: Dictionary | ||||
- ip_helper | String | Required, Unique | |||
source_interface | String | Source interface name | |||
vrf | String | VRF name | |||
ip_nat | Dictionary | ||||
service_profile | String | NAT interface profile. | |||
destination | Dictionary | ||||
dynamic | List, items: Dictionary | ||||
- access_list | String | Required, Unique | |||
comment | String | ||||
pool_name | String | Required | |||
priority | Integer | Min: 0 Max: 4294967295 |
|||
static | List, items: Dictionary | ||||
- access_list | String | ‘access_list’ and ‘group’ are mutual exclusive | |||
comment | String | ||||
direction | String | Valid Values: - egress - ingress |
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW. |
||
group | Integer | Min: 1 Max: 65535 |
‘access_list’ and ‘group’ are mutual exclusive | ||
original_ip | String | Required, Unique | IPv4 address | ||
original_port | Integer | Min: 1 Max: 65535 |
|||
priority | Integer | Min: 0 Max: 4294967295 |
|||
protocol | String | Valid Values: - udp - tcp |
|||
translated_ip | String | Required | IPv4 address | ||
translated_port | Integer | Min: 1 Max: 65535 |
requires ‘original_port’ | ||
source | Dictionary | ||||
dynamic | List, items: Dictionary | ||||
- access_list | String | Required, Unique | |||
comment | String | ||||
nat_type | String | Required | Valid Values: - overload - pool - pool-address-only - pool-full-cone |
||
pool_name | String | required if ‘nat_type’ is pool, pool-address-only or pool-full-cone ignored if ‘nat_type’ is overload |
|||
priority | Integer | Min: 0 Max: 4294967295 |
|||
static | List, items: Dictionary | ||||
- access_list | String | ‘access_list’ and ‘group’ are mutual exclusive | |||
comment | String | ||||
direction | String | Valid Values: - egress - ingress |
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW. |
||
group | Integer | Min: 1 Max: 65535 |
‘access_list’ and ‘group’ are mutual exclusive | ||
original_ip | String | Required, Unique | IPv4 address | ||
original_port | Integer | Min: 1 Max: 65535 |
|||
priority | Integer | Min: 0 Max: 4294967295 |
|||
protocol | String | Valid Values: - udp - tcp |
|||
translated_ip | String | Required | IPv4 address | ||
translated_port | Integer | Min: 1 Max: 65535 |
requires ‘original_port’ | ||
ipv6_enable | Boolean | ||||
ipv6_address | String | ||||
ipv6_address_link_local | String | Link local IPv6 address/mask | |||
ipv6_nd_ra_disabled | Boolean | ||||
ipv6_nd_managed_config_flag | Boolean | ||||
ipv6_nd_prefixes | List, items: Dictionary | ||||
- ipv6_prefix | String | Required, Unique | |||
valid_lifetime | String | Infinite or lifetime in seconds | |||
preferred_lifetime | String | Infinite or lifetime in seconds | |||
no_autoconfig_flag | Boolean | ||||
ipv6_dhcp_relay_destinations | List, items: Dictionary | ||||
- address | String | Required, Unique | DHCP server’s IPv6 address | ||
vrf | String | ||||
local_interface | String | Local interface to communicate with DHCP server - mutually exclusive to source_address | |||
source_address | String | Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface | |||
link_address | String | Override the default link address specified in the relayed DHCP packet | |||
access_group_in | String | Access list name | |||
access_group_out | String | Access list name | |||
ipv6_access_group_in | String | IPv6 access list name | |||
ipv6_access_group_out | String | IPv6 access list name | |||
mac_access_group_in | String | MAC access list name | |||
mac_access_group_out | String | MAC access list name | |||
multicast | Dictionary | Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both | |||
ipv4 | Dictionary | ||||
boundaries | List, items: Dictionary | ||||
- boundary | String | ACL name or multicast IP subnet | |||
out | Boolean | ||||
static | Boolean | ||||
ipv6 | Dictionary | ||||
boundaries | List, items: Dictionary | ||||
- boundary | String | ACL name or multicast IP subnet | |||
static | Boolean | ||||
ospf_network_point_to_point | Boolean | ||||
ospf_area | String | ||||
ospf_cost | Integer | ||||
ospf_authentication | String | Valid Values: - none - simple - message-digest |
|||
ospf_authentication_key | String | Encrypted password - only type 7 supported | |||
ospf_message_digest_keys | List, items: Dictionary | ||||
- id | Integer | Required, Unique | |||
hash_algorithm | String | Valid Values: - md5 - sha1 - sha256 - sha384 - sha512 |
|||
key | String | Encrypted password - only type 7 supported | |||
pim | Dictionary | ||||
ipv4 | Dictionary | ||||
dr_priority | Integer | Min: 0 Max: 429467295 |
|||
sparse_mode | Boolean | ||||
mac_security | Dictionary | ||||
profile | String | ||||
channel_group | Dictionary | ||||
id | Integer | ||||
mode | String | Valid Values: - on - active - passive |
|||
isis_enable | String | ISIS instance | |||
isis_passive | Boolean | ||||
isis_metric | Integer | ||||
isis_network_point_to_point | Boolean | ||||
isis_circuit_type | String | Valid Values: - level-1-2 - level-1 - level-2 |
|||
isis_hello_padding | Boolean | ||||
isis_authentication_mode | String | Valid Values: - text - md5 |
|||
isis_authentication_key | String | Type-7 encrypted password | |||
poe | Dictionary | ||||
disabled | Boolean | False |
Disable PoE on a POE capable port. PoE is enabled on all ports that support it by default in EOS. | ||
priority | String | Valid Values: - critical - high - medium - low |
Prioritize a port’s power in the event that one of the switch’s power supplies loses power | ||
reboot | Dictionary | Set the PoE power behavior for a PoE port when the system is rebooted | |||
action | String | Valid Values: - maintain - power-off |
PoE action for interface | ||
link_down | Dictionary | Set the PoE power behavior for a PoE port when the port goes down | |||
action | String | Valid Values: - maintain - power-off |
PoE action for interface | ||
power_off_delay | Integer | Min: 1 Max: 86400 |
Number of seconds to delay shutting the power off after a link down event occurs. Default value is 5 seconds in EOS. | ||
shutdown | Dictionary | Set the PoE power behavior for a PoE port when the port is admin down | |||
action | String | Valid Values: - maintain - power-off |
PoE action for interface | ||
limit | Dictionary | Override the hardware-negotiated power limit using either wattage or a power class. Note that if using a power class, AVD will automatically convert the class value to the wattage value corresponding to that power class. | |||
class | Integer | Min: 0 Max: 8 |
|||
watts | String | ||||
fixed | Boolean | Set to ignore hardware classification | |||
negotiation_lldp | Boolean | Disable to prevent port from negotiating power with powered devices over LLDP. Enabled by default in EOS. | |||
legacy_detect | Boolean | Allow a subset of legacy devices to work with the PoE switch. Disabled by default in EOS because it can cause false positive detections. | |||
ptp | Dictionary | ||||
enable | Boolean | ||||
announce | Dictionary | ||||
interval | Integer | ||||
timeout | Integer | ||||
delay_req | Integer | ||||
delay_mechanism | String | Valid Values: - e2e - p2p |
|||
sync_message | Dictionary | ||||
interval | Integer | ||||
role | String | Valid Values: - master - dynamic |
|||
vlan | String | VLAN can be ‘all’ or list of vlans as string | |||
transport | String | Valid Values: - ipv4 - ipv6 - layer2 |
|||
profile | String | Interface profile | |||
storm_control | Dictionary | ||||
all | Dictionary | ||||
level | String | Configure maximum storm-control level | |||
unit | String | percent |
Valid Values: - percent - pps |
Optional field and is hardware dependent | |
broadcast | Dictionary | ||||
level | String | Configure maximum storm-control level | |||
unit | String | percent |
Valid Values: - percent - pps |
Optional field and is hardware dependent | |
multicast | Dictionary | ||||
level | String | Configure maximum storm-control level | |||
unit | String | percent |
Valid Values: - percent - pps |
Optional field and is hardware dependent | |
unknown_unicast | Dictionary | ||||
level | String | Configure maximum storm-control level | |||
unit | String | percent |
Valid Values: - percent - pps |
Optional field and is hardware dependent | |
logging | Dictionary | ||||
event | Dictionary | ||||
link_status | Boolean | ||||
congestion_drops | Boolean | ||||
spanning_tree | Boolean | ||||
storm_control_discards | Boolean | ||||
lldp | Dictionary | ||||
transmit | Boolean | ||||
receive | Boolean | ||||
ztp_vlan | Integer | ZTP vlan number | |||
trunk_private_vlan_secondary | Boolean | ||||
pvlan_mapping | String | List of vlans as string | |||
vlan_translations | List, items: Dictionary | ||||
- from | String | List of vlans as string (only one vlan if direction is “both”) | |||
to | Integer | VLAN ID | |||
direction | String | both |
Valid Values: - in - out - both |
||
dot1x | Dictionary | ||||
port_control | String | Valid Values: - auto - force-authorized - force-unauthorized |
|||
port_control_force_authorized_phone | Boolean | ||||
reauthentication | Boolean | ||||
pae | Dictionary | ||||
mode | String | Valid Values: - authenticator |
|||
authentication_failure | Dictionary | ||||
action | String | Valid Values: - allow - drop |
|||
allow_vlan | Integer | Min: 1 Max: 4094 |
|||
host_mode | Dictionary | ||||
mode | String | Valid Values: - multi-host - single-host |
|||
multi_host_authenticated | Boolean | ||||
mac_based_authentication | Dictionary | ||||
enabled | Boolean | ||||
always | Boolean | ||||
host_mode_common | Boolean | ||||
timeout | Dictionary | ||||
idle_host | Integer | Min: 10 Max: 65535 |
|||
quiet_period | Integer | Min: 1 Max: 65535 |
|||
reauth_period | String | Value can be 60-4294967295 or ‘server’ | |||
reauth_timeout_ignore | Boolean | ||||
tx_period | Integer | Min: 1 Max: 65535 |
|||
reauthorization_request_limit | Integer | Min: 1 Max: 10 |
|||
unauthorized | Dictionary | ||||
access_vlan_membership_egress | Boolean | ||||
native_vlan_membership_egress | Boolean | ||||
eapol | Dictionary | ||||
disabled | Boolean | ||||
authentication_failure_fallback_mba | Dictionary | ||||
enabled | Boolean | ||||
timeout | Integer | Min: 0 Max: 65535 |
|||
service_profile | String | QOS profile | |||
shape | Dictionary | ||||
rate | String | Rate in kbps, pps or percent Supported options are platform dependent Examples: - “5000 kbps” - “1000 pps” - “20 percent” |
|||
qos | Dictionary | ||||
trust | String | Valid Values: - dscp - cos - disabled |
|||
dscp | Integer | DSCP value | |||
cos | Integer | COS value | |||
spanning_tree_bpdufilter | String | Valid Values: - enabled - disabled - True - False - true - false |
|||
spanning_tree_bpduguard | String | Valid Values: - enabled - disabled - True - False - true - false |
|||
spanning_tree_guard | String | Valid Values: - loop - root - disabled |
|||
spanning_tree_portfast | String | Valid Values: - edge - network |
|||
vmtracer | Boolean | ||||
priority_flow_control | Dictionary | ||||
enabled | Boolean | ||||
priorities | List, items: Dictionary | ||||
- priority | Integer | Required, Unique | Min: 0 Max: 7 |
||
no_drop | Boolean | ||||
bfd | Dictionary | ||||
echo | Boolean | ||||
interval | Integer | Interval in milliseconds | |||
min_rx | Integer | Rate in milliseconds | |||
multiplier | Integer | Min: 3 Max: 50 |
|||
service_policy | Dictionary | ||||
pbr | Dictionary | ||||
input | String | Policy Based Routing Policy-map name | |||
qos | Dictionary | ||||
input | String | Required | Quality of Service Policy-map name | ||
mpls | Dictionary | ||||
ip | Boolean | ||||
ldp | Dictionary | ||||
interface | Boolean | ||||
igp_sync | Boolean | ||||
lacp_timer | Dictionary | ||||
mode | String | Valid Values: - fast - normal |
|||
multiplier | Integer | Min: 3 Max: 3000 |
|||
lacp_port_priority | Integer | Min: 0 Max: 65535 |
|||
transceiver | Dictionary | ||||
media | Dictionary | ||||
override | String | Transceiver type | |||
ip_proxy_arp | Boolean | ||||
traffic_policy | Dictionary | ||||
input | String | Ingress traffic policy | |||
output | String | Egress traffic policy | |||
bgp | Dictionary | ||||
session_tracker | String | Name of session tracker | |||
peer | String | Key only used for documentation or validation purposes | |||
peer_interface | String | Key only used for documentation or validation purposes | |||
peer_type | String | Key only used for documentation or validation purposes | |||
sflow | Dictionary | ||||
enable | Boolean | ||||
egress | Dictionary | ||||
enable | Boolean | ||||
unmodified_enable | Boolean | ||||
port_profile | String | Key only used for documentation or validation purposes | |||
uc_tx_queues | List, items: Dictionary | ||||
- id | Integer | Required, Unique | TX-Queue ID | ||
random_detect | Dictionary | ||||
ecn | Dictionary | Explicit Congestion Notification | |||
count | Boolean | Enable counter for random-detect ECNs | |||
threshold | Dictionary | ||||
units | String | Required | Valid Values: - segments - bytes - kbytes - mbytes - milliseconds |
Indicate the units to be used for the threshold values | |
min | Integer | Required | Min: 1 Max: 256000000 |
Set the random-detect ECN minimum-threshold | |
max | Integer | Required | Min: 1 Max: 256000000 |
Set the random-detect ECN maximum-threshold | |
max_probability | Integer | Min: 1 Max: 100 |
Set the random-detect ECN max-mark-probability | ||
weight | Integer | Min: 0 Max: 15 |
Set the random-detect ECN weight | ||
tx_queues | List, items: Dictionary | ||||
- id | Integer | Required, Unique | TX-Queue ID | ||
random_detect | Dictionary | ||||
ecn | Dictionary | Explicit Congestion Notification | |||
count | Boolean | Enable counter for random-detect ECNs | |||
threshold | Dictionary | ||||
units | String | Required | Valid Values: - segments - bytes - kbytes - mbytes - milliseconds |
Indicate the units to be used for the threshold values | |
min | Integer | Min: 1 Max: 256000000 |
Set the random-detect ECN minimum-threshold | ||
max | Integer | Required | Min: 1 Max: 256000000 |
Set the random-detect ECN maximum-threshold | |
max_probability | Integer | Required | Min: 1 Max: 100 |
Set the random-detect ECN max-mark-probability | |
weight | Integer | Min: 0 Max: 15 |
Set the random-detect ECN weight | ||
vrrp_ids | List, items: Dictionary | VRRP model. | |||
- id | Integer | Required, Unique | VRID | ||
priority_level | Integer | Min: 1 Max: 254 |
Instance priority | ||
advertisement | Dictionary | ||||
interval | Integer | Min: 1 Max: 255 |
Interval in seconds | ||
preempt | Dictionary | ||||
enabled | Boolean | Required | |||
delay | Dictionary | ||||
minimum | Integer | Min: 0 Max: 3600 |
Minimum preempt delay in seconds | ||
reload | Integer | Min: 0 Max: 3600 |
Reload preempt delay in seconds | ||
timers | Dictionary | ||||
delay | Dictionary | ||||
reload | Integer | Min: 0 Max: 3600 |
Delay after reload in seconds. | ||
tracked_object | List, items: Dictionary | ||||
- name | String | Required, Unique | Tracked object name | ||
decrement | Integer | Min: 1 Max: 254 |
Decrement VRRP priority by 1-254 | ||
shutdown | Boolean | ||||
ipv4 | Dictionary | ||||
address | String | Required | Virtual IPv4 address | ||
version | Integer | Valid Values: - 2 - 3 |
|||
ipv6 | Dictionary | ||||
address | String | Required | Virtual IPv6 address | ||
eos_cli | String | Multiline EOS CLI rendered directly on the ethernet interface in the final EOS configuration |
ethernet_interfaces:
- name: <str; required; unique>
description: <str>
shutdown: <bool>
# Interval in seconds for updating interface counters"
load_interval: <int; 0-600>
# Speed should be set in the format `<interface_speed>` or `forced <interface_speed>` or `auto <interface_speed>`.
speed: <str>
mtu: <int; 68-65535>
# "l2_mtu" should only be defined for platforms supporting the "l2 mtu" CLI
l2_mtu: <int; 68-65535>
# "l2_mru" should only be defined for platforms supporting the "l2 mru" CLI
l2_mru: <int; 68-65535>
# List of switchport vlans as string
# For a trunk port this would be a range like "1-200,300"
# For an access port this would be a single vlan "123"
vlans: <str>
native_vlan: <int>
# If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence
native_vlan_tag: <bool>
mode: <str; "access" | "dot1q-tunnel" | "trunk" | "trunk phone">
phone:
trunk: <str; "tagged" | "tagged phone" | "untagged" | "untagged phone">
vlan: <int; 1-4094>
l2_protocol:
# Vlan tag to configure on sub-interface
encapsulation_dot1q_vlan: <int>
# L2 protocol forwarding profile
forwarding_profile: <str>
trunk_groups:
- <str>
# l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
# Interface will not be listed in device documentation, unless "type" is set.
type: <str; "routed" | "switched" | "l3dot1q" | "l2dot1q" | "port-channel-member">
snmp_trap_link_change: <bool>
address_locking:
# Enable address locking for IPv4
ipv4: <bool>
# Enable address locking for IPv6
ipv6: <bool>
flowcontrol:
received: <str; "desired" | "on" | "off">
# VRF name
vrf: <str>
flow_tracker:
# Sampled flow tracker name.
sampled: <str>
# Hardware flow tracker name.
hardware: <str>
error_correction_encoding:
enabled: <bool; default=True>
fire_code: <bool>
reed_solomon: <bool>
link_tracking_groups:
# Group name
- name: <str; required; unique>
direction: <str; "upstream" | "downstream">
evpn_ethernet_segment:
# EVPN Ethernet Segment Identifier (Type 1 format)
identifier: <str>
redundancy: <str; "all-active" | "single-active">
designated_forwarder_election:
algorithm: <str; "modulus" | "preference">
# Preference_value is only used when "algorithm" is "preference"
preference_value: <int; 0-65535>
# Dont_preempt is only used when "algorithm" is "preference"
dont_preempt: <bool>
hold_time: <int>
subsequent_hold_time: <int>
candidate_reachability_required: <bool>
mpls:
shared_index: <int; 1-1024>
tunnel_flood_filter_time: <int>
# EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx
route_target: <str>
# VLAN tag to configure on sub-interface
encapsulation_dot1q_vlan: <int>
encapsulation_vlan:
client:
dot1q:
# Client VLAN ID
vlan: <int>
# Client Outer VLAN ID
outer: <int>
# Client Inner VLAN ID
inner: <int>
unmatched: <bool>
# Network encapsulations are all optional and skipped if using client unmatched
network:
dot1q:
# Network VLAN ID
vlan: <int>
# Network outer VLAN ID
outer: <int>
# Network inner VLAN ID
inner: <int>
client: <bool>
vlan_id: <int; 1-4094>
# IPv4 address/mask or "dhcp"
ip_address: <str>
ip_address_secondaries:
- <str>
# Install default-route obtained via DHCP
dhcp_client_accept_default_route: <bool>
# Enable IPv4 DHCP server.
dhcp_server_ipv4: <bool>
# Enable IPv6 DHCP server.
dhcp_server_ipv6: <bool>
ip_helpers:
- ip_helper: <str; required; unique>
# Source interface name
source_interface: <str>
# VRF name
vrf: <str>
ip_nat:
# NAT interface profile.
service_profile: <str>
destination:
dynamic:
- access_list: <str; required; unique>
comment: <str>
pool_name: <str; required>
priority: <int; 0-4294967295>
static:
# 'access_list' and 'group' are mutual exclusive
- access_list: <str>
comment: <str>
# Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
# EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
direction: <str; "egress" | "ingress">
# 'access_list' and 'group' are mutual exclusive
group: <int; 1-65535>
# IPv4 address
original_ip: <str; required; unique>
original_port: <int; 1-65535>
priority: <int; 0-4294967295>
protocol: <str; "udp" | "tcp">
# IPv4 address
translated_ip: <str; required>
# requires 'original_port'
translated_port: <int; 1-65535>
source:
dynamic:
- access_list: <str; required; unique>
comment: <str>
nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>
# required if 'nat_type' is pool, pool-address-only or pool-full-cone
# ignored if 'nat_type' is overload
pool_name: <str>
priority: <int; 0-4294967295>
static:
# 'access_list' and 'group' are mutual exclusive
- access_list: <str>
comment: <str>
# Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
# EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
direction: <str; "egress" | "ingress">
# 'access_list' and 'group' are mutual exclusive
group: <int; 1-65535>
# IPv4 address
original_ip: <str; required; unique>
original_port: <int; 1-65535>
priority: <int; 0-4294967295>
protocol: <str; "udp" | "tcp">
# IPv4 address
translated_ip: <str; required>
# requires 'original_port'
translated_port: <int; 1-65535>
ipv6_enable: <bool>
ipv6_address: <str>
# Link local IPv6 address/mask
ipv6_address_link_local: <str>
ipv6_nd_ra_disabled: <bool>
ipv6_nd_managed_config_flag: <bool>
ipv6_nd_prefixes:
- ipv6_prefix: <str; required; unique>
# Infinite or lifetime in seconds
valid_lifetime: <str>
# Infinite or lifetime in seconds
preferred_lifetime: <str>
no_autoconfig_flag: <bool>
ipv6_dhcp_relay_destinations:
# DHCP server's IPv6 address
- address: <str; required; unique>
vrf: <str>
# Local interface to communicate with DHCP server - mutually exclusive to source_address
local_interface: <str>
# Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface
source_address: <str>
# Override the default link address specified in the relayed DHCP packet
link_address: <str>
# Access list name
access_group_in: <str>
# Access list name
access_group_out: <str>
# IPv6 access list name
ipv6_access_group_in: <str>
# IPv6 access list name
ipv6_access_group_out: <str>
# MAC access list name
mac_access_group_in: <str>
# MAC access list name
mac_access_group_out: <str>
# Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both
multicast:
ipv4:
boundaries:
# ACL name or multicast IP subnet
- boundary: <str>
out: <bool>
static: <bool>
ipv6:
boundaries:
# ACL name or multicast IP subnet
- boundary: <str>
static: <bool>
ospf_network_point_to_point: <bool>
ospf_area: <str>
ospf_cost: <int>
ospf_authentication: <str; "none" | "simple" | "message-digest">
# Encrypted password - only type 7 supported
ospf_authentication_key: <str>
ospf_message_digest_keys:
- id: <int; required; unique>
hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">
# Encrypted password - only type 7 supported
key: <str>
pim:
ipv4:
dr_priority: <int; 0-429467295>
sparse_mode: <bool>
mac_security:
profile: <str>
channel_group:
id: <int>
mode: <str; "on" | "active" | "passive">
# ISIS instance
isis_enable: <str>
isis_passive: <bool>
isis_metric: <int>
isis_network_point_to_point: <bool>
isis_circuit_type: <str; "level-1-2" | "level-1" | "level-2">
isis_hello_padding: <bool>
isis_authentication_mode: <str; "text" | "md5">
# Type-7 encrypted password
isis_authentication_key: <str>
poe:
# Disable PoE on a POE capable port. PoE is enabled on all ports that support it by default in EOS.
disabled: <bool; default=False>
# Prioritize a port's power in the event that one of the switch's power supplies loses power
priority: <str; "critical" | "high" | "medium" | "low">
# Set the PoE power behavior for a PoE port when the system is rebooted
reboot:
# PoE action for interface
action: <str; "maintain" | "power-off">
# Set the PoE power behavior for a PoE port when the port goes down
link_down:
# PoE action for interface
action: <str; "maintain" | "power-off">
# Number of seconds to delay shutting the power off after a link down event occurs. Default value is 5 seconds in EOS.
power_off_delay: <int; 1-86400>
# Set the PoE power behavior for a PoE port when the port is admin down
shutdown:
# PoE action for interface
action: <str; "maintain" | "power-off">
# Override the hardware-negotiated power limit using either wattage or a power class. Note that if using a power class, AVD will automatically convert the class value to the wattage value corresponding to that power class.
limit:
class: <int; 0-8>
watts: <str>
# Set to ignore hardware classification
fixed: <bool>
# Disable to prevent port from negotiating power with powered devices over LLDP. Enabled by default in EOS.
negotiation_lldp: <bool>
# Allow a subset of legacy devices to work with the PoE switch. Disabled by default in EOS because it can cause false positive detections.
legacy_detect: <bool>
ptp:
enable: <bool>
announce:
interval: <int>
timeout: <int>
delay_req: <int>
delay_mechanism: <str; "e2e" | "p2p">
sync_message:
interval: <int>
role: <str; "master" | "dynamic">
# VLAN can be 'all' or list of vlans as string
vlan: <str>
transport: <str; "ipv4" | "ipv6" | "layer2">
# Interface profile
profile: <str>
storm_control:
all:
# Configure maximum storm-control level
level: <str>
# Optional field and is hardware dependent
unit: <str; "percent" | "pps"; default="percent">
broadcast:
# Configure maximum storm-control level
level: <str>
# Optional field and is hardware dependent
unit: <str; "percent" | "pps"; default="percent">
multicast:
# Configure maximum storm-control level
level: <str>
# Optional field and is hardware dependent
unit: <str; "percent" | "pps"; default="percent">
unknown_unicast:
# Configure maximum storm-control level
level: <str>
# Optional field and is hardware dependent
unit: <str; "percent" | "pps"; default="percent">
logging:
event:
link_status: <bool>
congestion_drops: <bool>
spanning_tree: <bool>
storm_control_discards: <bool>
lldp:
transmit: <bool>
receive: <bool>
# ZTP vlan number
ztp_vlan: <int>
trunk_private_vlan_secondary: <bool>
# List of vlans as string
pvlan_mapping: <str>
vlan_translations:
# List of vlans as string (only one vlan if direction is "both")
- from: <str>
# VLAN ID
to: <int>
direction: <str; "in" | "out" | "both"; default="both">
dot1x:
port_control: <str; "auto" | "force-authorized" | "force-unauthorized">
port_control_force_authorized_phone: <bool>
reauthentication: <bool>
pae:
mode: <str; "authenticator">
authentication_failure:
action: <str; "allow" | "drop">
allow_vlan: <int; 1-4094>
host_mode:
mode: <str; "multi-host" | "single-host">
multi_host_authenticated: <bool>
mac_based_authentication:
enabled: <bool>
always: <bool>
host_mode_common: <bool>
timeout:
idle_host: <int; 10-65535>
quiet_period: <int; 1-65535>
# Value can be 60-4294967295 or 'server'
reauth_period: <str>
reauth_timeout_ignore: <bool>
tx_period: <int; 1-65535>
reauthorization_request_limit: <int; 1-10>
unauthorized:
access_vlan_membership_egress: <bool>
native_vlan_membership_egress: <bool>
eapol:
disabled: <bool>
authentication_failure_fallback_mba:
enabled: <bool>
timeout: <int; 0-65535>
# QOS profile
service_profile: <str>
shape:
# Rate in kbps, pps or percent
# Supported options are platform dependent
# Examples:
# - "5000 kbps"
# - "1000 pps"
# - "20 percent"
rate: <str>
qos:
trust: <str; "dscp" | "cos" | "disabled">
# DSCP value
dscp: <int>
# COS value
cos: <int>
spanning_tree_bpdufilter: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
spanning_tree_bpduguard: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
spanning_tree_guard: <str; "loop" | "root" | "disabled">
spanning_tree_portfast: <str; "edge" | "network">
vmtracer: <bool>
priority_flow_control:
enabled: <bool>
priorities:
- priority: <int; 0-7; required; unique>
no_drop: <bool>
bfd:
echo: <bool>
# Interval in milliseconds
interval: <int>
# Rate in milliseconds
min_rx: <int>
multiplier: <int; 3-50>
service_policy:
pbr:
# Policy Based Routing Policy-map name
input: <str>
qos:
# Quality of Service Policy-map name
input: <str; required>
mpls:
ip: <bool>
ldp:
interface: <bool>
igp_sync: <bool>
lacp_timer:
mode: <str; "fast" | "normal">
multiplier: <int; 3-3000>
lacp_port_priority: <int; 0-65535>
transceiver:
media:
# Transceiver type
override: <str>
ip_proxy_arp: <bool>
traffic_policy:
# Ingress traffic policy
input: <str>
# Egress traffic policy
output: <str>
bgp:
# Name of session tracker
session_tracker: <str>
# Key only used for documentation or validation purposes
peer: <str>
# Key only used for documentation or validation purposes
peer_interface: <str>
# Key only used for documentation or validation purposes
peer_type: <str>
sflow:
enable: <bool>
egress:
enable: <bool>
unmodified_enable: <bool>
# Key only used for documentation or validation purposes
port_profile: <str>
uc_tx_queues:
# TX-Queue ID
- id: <int; required; unique>
random_detect:
# Explicit Congestion Notification
ecn:
# Enable counter for random-detect ECNs
count: <bool>
threshold:
# Indicate the units to be used for the threshold values
units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>
# Set the random-detect ECN minimum-threshold
min: <int; 1-256000000; required>
# Set the random-detect ECN maximum-threshold
max: <int; 1-256000000; required>
# Set the random-detect ECN max-mark-probability
max_probability: <int; 1-100>
# Set the random-detect ECN weight
weight: <int; 0-15>
tx_queues:
# TX-Queue ID
- id: <int; required; unique>
random_detect:
# Explicit Congestion Notification
ecn:
# Enable counter for random-detect ECNs
count: <bool>
threshold:
# Indicate the units to be used for the threshold values
units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>
# Set the random-detect ECN minimum-threshold
min: <int; 1-256000000>
# Set the random-detect ECN maximum-threshold
max: <int; 1-256000000; required>
# Set the random-detect ECN max-mark-probability
max_probability: <int; 1-100; required>
# Set the random-detect ECN weight
weight: <int; 0-15>
# VRRP model.
vrrp_ids:
# VRID
- id: <int; required; unique>
# Instance priority
priority_level: <int; 1-254>
advertisement:
# Interval in seconds
interval: <int; 1-255>
preempt:
enabled: <bool; required>
delay:
# Minimum preempt delay in seconds
minimum: <int; 0-3600>
# Reload preempt delay in seconds
reload: <int; 0-3600>
timers:
delay:
# Delay after reload in seconds.
reload: <int; 0-3600>
tracked_object:
# Tracked object name
- name: <str; required; unique>
# Decrement VRRP priority by 1-254
decrement: <int; 1-254>
shutdown: <bool>
ipv4:
# Virtual IPv4 address
address: <str; required>
version: <int; 2 | 3>
ipv6:
# Virtual IPv6 address
address: <str; required>
# Multiline EOS CLI rendered directly on the ethernet interface in the final EOS configuration
eos_cli: <str>
Interface defaults¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
interface_defaults | Dictionary | ||||
ethernet | Dictionary | ||||
shutdown | Boolean | ||||
mtu | Integer |
Interface profiles¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
interface_profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | Interface-Profile Name | ||
commands | List, items: String | Required | |||
- <str> | String | EOS CLI interface command Example: “switchport mode access” |
LACP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
lacp | Dictionary | Set Link Aggregation Control Protocol (LACP) parameters. | |||
port_id | Dictionary | LACP port-ID range configuration. | |||
range | Dictionary | ||||
begin | Integer | Minimum LACP port-ID range. | |||
end | Integer | Maximum LACP port-ID range. | |||
rate_limit | Dictionary | Set LACPDU rate limit options. | |||
default | Boolean | Enable LACPDU rate limiting by default on all ports. | |||
system_priority | Integer | Min: 0 Max: 65535 |
Set local system LACP priority. |
# Set Link Aggregation Control Protocol (LACP) parameters.
lacp:
# LACP port-ID range configuration.
port_id:
range:
# Minimum LACP port-ID range.
begin: <int>
# Maximum LACP port-ID range.
end: <int>
# Set LACPDU rate limit options.
rate_limit:
# Enable LACPDU rate limiting by default on all ports.
default: <bool>
# Set local system LACP priority.
system_priority: <int; 0-65535>
Link tracking groups¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
link_tracking_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
links_minimum | Integer | Min: 1 Max: 100000 |
|||
recovery_delay | Integer | Min: 0 Max: 3600 |
LLDP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
lldp | Dictionary | ||||
timer | Integer | ||||
timer_reinitialization | String | ||||
holdtime | Integer | ||||
management_address | String | ||||
vrf | String | ||||
receive_packet_tagged_drop | String | ||||
tlvs | List, items: Dictionary | ||||
- name | String | Required, Unique | Valid Values: - link-aggregation - management-address - max-frame-size - med - port-description - port-vlan - power-via-mdi - system-capabilities - system-description - system-name - vlan-name |
||
transmit | Boolean | ||||
run | Boolean |
lldp:
timer: <int>
timer_reinitialization: <str>
holdtime: <int>
management_address: <str>
vrf: <str>
receive_packet_tagged_drop: <str>
tlvs:
- name: <str; "link-aggregation" | "management-address" | "max-frame-size" | "med" | "port-description" | "port-vlan" | "power-via-mdi" | "system-capabilities" | "system-description" | "system-name" | "vlan-name"; required; unique>
transmit: <bool>
run: <bool>
Loopback interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
loopback_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | Loopback interface name e.g. “Loopback0” | ||
description | String | ||||
shutdown | Boolean | ||||
vrf | String | VRF name | |||
ip_address | String | IPv4_address/Mask | |||
ip_address_secondaries | List, items: String | ||||
- <str> | String | IPv4_address/Mask | |||
ipv6_enable | Boolean | ||||
ipv6_address | String | IPv6_address/Mask | |||
ip_proxy_arp | Boolean | ||||
ospf_area | String | ||||
mpls | Dictionary | ||||
ldp | Dictionary | ||||
interface | Boolean | ||||
isis_enable | String | ISIS instance name | |||
isis_passive | Boolean | ||||
isis_metric | Integer | ||||
isis_network_point_to_point | Boolean | ||||
node_segment | Dictionary | ||||
ipv4_index | Integer | ||||
ipv6_index | Integer | ||||
eos_cli | String | EOS CLI rendered directly on the loopback interface in the final EOS configuration |
loopback_interfaces:
# Loopback interface name e.g. "Loopback0"
- name: <str; required; unique>
description: <str>
shutdown: <bool>
# VRF name
vrf: <str>
# IPv4_address/Mask
ip_address: <str>
ip_address_secondaries:
# IPv4_address/Mask
- <str>
ipv6_enable: <bool>
# IPv6_address/Mask
ipv6_address: <str>
ip_proxy_arp: <bool>
ospf_area: <str>
mpls:
ldp:
interface: <bool>
# ISIS instance name
isis_enable: <str>
isis_passive: <bool>
isis_metric: <int>
isis_network_point_to_point: <bool>
node_segment:
ipv4_index: <int>
ipv6_index: <int>
# EOS CLI rendered directly on the loopback interface in the final EOS configuration
eos_cli: <str>
Management interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | Management Interface Name | ||
description | String | ||||
shutdown | Boolean | ||||
speed | String | Speed should be set in the format <interface_speed> or forced <interface_speed> or auto <interface_speed> . |
|||
mtu | Integer | ||||
vrf | String | VRF Name | |||
ip_address | String | IPv4_address/Mask | |||
ipv6_enable | Boolean | ||||
ipv6_address | String | IPv6_address/Mask | |||
type | String | oob |
Valid Values: - oob - inband |
For documentation purposes only | |
gateway | String | IPv4 address of default gateway in management VRF | |||
ipv6_gateway | String | IPv6 address of default gateway in management VRF | |||
mac_address | String | MAC address | |||
lldp | Dictionary | ||||
transmit | Boolean | ||||
receive | Boolean | ||||
ztp_vlan | Integer | ZTP vlan number | |||
eos_cli | String | Multiline EOS CLI rendered directly on the management interface in the final EOS configuration |
management_interfaces:
# Management Interface Name
- name: <str; required; unique>
description: <str>
shutdown: <bool>
# Speed should be set in the format `<interface_speed>` or `forced <interface_speed>` or `auto <interface_speed>`.
speed: <str>
mtu: <int>
# VRF Name
vrf: <str>
# IPv4_address/Mask
ip_address: <str>
ipv6_enable: <bool>
# IPv6_address/Mask
ipv6_address: <str>
# For documentation purposes only
type: <str; "oob" | "inband"; default="oob">
# IPv4 address of default gateway in management VRF
gateway: <str>
# IPv6 address of default gateway in management VRF
ipv6_gateway: <str>
# MAC address
mac_address: <str>
lldp:
transmit: <bool>
receive: <bool>
# ZTP vlan number
ztp_vlan: <int>
# Multiline EOS CLI rendered directly on the management interface in the final EOS configuration
eos_cli: <str>
Patch panel¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
patch_panel | Dictionary | ||||
patches | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
enabled | Boolean | ||||
connectors | List, items: Dictionary | Min Length: 2 Max Length: 2 |
Must have exactly two connectors to a patch of which at least one must be of type “interface” | ||
- id | String | Required, Unique | |||
type | String | Required | Valid Values: - interface - pseudowire |
||
endpoint | String | Required | String with relevant endpoint depending on type. Examples: - “Ethernet1” - “Ethernet1 dot1q vlan 123” - “bgp vpws TENANT_A pseudowire VPWS_PW_1” - “ldp LDP_PW_1” |
patch_panel:
patches:
- name: <str; required; unique>
enabled: <bool>
# Must have exactly two connectors to a patch of which at least one must be of type "interface"
connectors: # 2-2 items
- id: <str; required; unique>
type: <str; "interface" | "pseudowire"; required>
# String with relevant endpoint depending on type.
# Examples:
# - "Ethernet1"
# - "Ethernet1 dot1q vlan 123"
# - "bgp vpws TENANT_A pseudowire VPWS_PW_1"
# - "ldp LDP_PW_1"
endpoint: <str; required>
Port-channel interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
port_channel_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
description | String | ||||
logging | Dictionary | ||||
event | Dictionary | ||||
link_status | Boolean | ||||
shutdown | Boolean | ||||
l2_mtu | Integer | Min: 68 Max: 65535 |
“l2_mtu” should only be defined for platforms supporting the “l2 mtu” CLI |
||
l2_mru | Integer | Min: 68 Max: 65535 |
“l2_mru” should only be defined for platforms supporting the “l2 mru” CLI |
||
vlans | String | List of switchport vlans as string For a trunk port this would be a range like “1-200,300” For an access port this would be a single vlan “123” |
|||
snmp_trap_link_change | Boolean | ||||
type | String | Valid Values: - routed - switched - l3dot1q - l2dot1q |
l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed. Interface will not be listed in device documentation, unless “type” is set. |
||
encapsulation_dot1q_vlan | Integer | VLAN tag to configure on sub-interface | |||
vrf | String | VRF name | |||
encapsulation_vlan | Dictionary | ||||
client | Dictionary | ||||
dot1q | Dictionary | ||||
vlan | Integer | Client VLAN ID | |||
outer | Integer | Client Outer VLAN ID | |||
inner | Integer | Client Inner VLAN ID | |||
unmatched | Boolean | ||||
network | Dictionary | Network encapsulation are all optional, and skipped if using client unmatched | |||
dot1q | Dictionary | ||||
vlan | Integer | Network VLAN ID | |||
outer | Integer | Network Outer VLAN ID | |||
inner | Integer | Network Inner VLAN ID | |||
client | Boolean | ||||
vlan_id | Integer | Min: 1 Max: 4094 |
|||
mode | String | Valid Values: - access - dot1q-tunnel - trunk - trunk phone |
|||
native_vlan | Integer | If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence | |||
native_vlan_tag | Boolean | False |
If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence | ||
link_tracking_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Group name | ||
direction | String | Valid Values: - upstream - downstream |
|||
phone | Dictionary | ||||
trunk | String | Valid Values: - tagged - untagged |
|||
vlan | Integer | Min: 1 Max: 4094 |
|||
l2_protocol | Dictionary | ||||
encapsulation_dot1q_vlan | Integer | Vlan tag to configure on sub-interface | |||
forwarding_profile | String | L2 protocol forwarding profile | |||
mtu | Integer | Min: 68 Max: 65535 |
|||
mlag | Integer | Min: 1 Max: 2000 |
MLAG ID | ||
trunk_groups | List, items: String | ||||
- <str> | String | ||||
lacp_fallback_timeout | Integer | 90 |
Min: 0 Max: 300 |
Timeout in seconds | |
lacp_fallback_mode | String | Valid Values: - individual - static |
|||
qos | Dictionary | ||||
trust | String | Valid Values: - dscp - cos - disabled |
|||
dscp | Integer | DSCP value | |||
cos | Integer | COS value | |||
bfd | Dictionary | ||||
echo | Boolean | ||||
interval | Integer | Interval in milliseconds | |||
min_rx | Integer | Rate in milliseconds | |||
multiplier | Integer | Min: 3 Max: 50 |
|||
service_policy | Dictionary | ||||
pbr | Dictionary | ||||
input | String | Policy Based Routing Policy-map name | |||
qos | Dictionary | ||||
input | String | Required | Quality of Service Policy-map name | ||
mpls | Dictionary | ||||
ip | Boolean | ||||
ldp | Dictionary | ||||
interface | Boolean | ||||
igp_sync | Boolean | ||||
trunk_private_vlan_secondary | Boolean | ||||
pvlan_mapping | String | List of vlans as string | |||
vlan_translations | List, items: Dictionary | ||||
- from | String | List of vlans as string (only one vlan if direction is “both”) | |||
to | Integer | VLAN ID | |||
direction | String | both |
Valid Values: - in - out - both |
||
shape | Dictionary | ||||
rate | String | Rate in kbps, pps or percent Supported options are platform dependent Examples: - “5000 kbps” - “1000 pps” - “20 percent” |
|||
storm_control | Dictionary | ||||
all | Dictionary | ||||
level | String | Configure maximum storm-control level | |||
unit | String | percent |
Valid Values: - percent - pps |
Optional field and is hardware dependent | |
broadcast | Dictionary | ||||
level | String | Configure maximum storm-control level | |||
unit | String | percent |
Valid Values: - percent - pps |
Optional field and is hardware dependent | |
multicast | Dictionary | ||||
level | String | Configure maximum storm-control level | |||
unit | String | percent |
Valid Values: - percent - pps |
Optional field and is hardware dependent | |
unknown_unicast | Dictionary | ||||
level | String | Configure maximum storm-control level | |||
unit | String | percent |
Valid Values: - percent - pps |
Optional field and is hardware dependent | |
ip_proxy_arp | Boolean | ||||
isis_enable | String | ISIS instance | |||
isis_passive | Boolean | ||||
isis_metric | Integer | ||||
isis_network_point_to_point | Boolean | ||||
isis_circuit_type | String | Valid Values: - level-1-2 - level-1 - level-2 |
|||
isis_hello_padding | Boolean | ||||
isis_authentication_mode | String | Valid Values: - text - md5 |
|||
isis_authentication_key | String | Type-7 encrypted password | |||
traffic_policy | Dictionary | ||||
input | String | Ingress traffic policy | |||
output | String | Egress traffic policy | |||
evpn_ethernet_segment | Dictionary | ||||
identifier | String | EVPN Ethernet Segment Identifier (Type 1 format) | |||
redundancy | String | Valid Values: - all-active - single-active |
|||
designated_forwarder_election | Dictionary | ||||
algorithm | String | Valid Values: - modulus - preference |
|||
preference_value | Integer | Min: 0 Max: 65535 |
Preference_value is only used when “algorithm” is “preference” | ||
dont_preempt | Boolean | False |
Dont_preempt is only used when “algorithm” is “preference” | ||
hold_time | Integer | ||||
subsequent_hold_time | Integer | ||||
candidate_reachability_required | Boolean | ||||
mpls | Dictionary | ||||
shared_index | Integer | Min: 1 Max: 1024 |
|||
tunnel_flood_filter_time | Integer | ||||
route_target | String | EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx | |||
esi deprecated | String | EVPN Ethernet Segment Identifier (Type 1 format) If both “esi” and “evpn_ethernet_segment.identifier” are defined, the new variable takes precedence This key is deprecated. Support will be removed in AVD version 5.0.0. Use evpn_ethernet_segment.identifier instead. |
|||
rt deprecated | String | EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx If both “rt” and “evpn_ethernet_segment.route_target” are defined, the new variable takes precedence This key is deprecated. Support will be removed in AVD version 5.0.0. Use evpn_ethernet_segment.route_target instead. |
|||
lacp_id | String | LACP ID with format xxxx.xxxx.xxxx | |||
spanning_tree_bpdufilter | String | Valid Values: - enabled - disabled - True - False - true - false |
|||
spanning_tree_bpduguard | String | Valid Values: - enabled - disabled - True - False - true - false |
|||
spanning_tree_guard | String | Valid Values: - loop - root - disabled |
|||
spanning_tree_portfast | String | Valid Values: - edge - network |
|||
vmtracer | Boolean | ||||
ptp | Dictionary | ||||
enable | Boolean | ||||
announce | Dictionary | ||||
interval | Integer | ||||
timeout | Integer | ||||
delay_req | Integer | ||||
delay_mechanism | String | Valid Values: - e2e - p2p |
|||
sync_message | Dictionary | ||||
interval | Integer | ||||
role | String | Valid Values: - master - dynamic |
|||
vlan | String | VLAN can be ‘all’ or list of vlans as string | |||
transport | String | Valid Values: - ipv4 - ipv6 - layer2 |
|||
ip_address | String | IPv4 address/mask | |||
ip_nat | Dictionary | ||||
destination | Dictionary | ||||
dynamic | List, items: Dictionary | ||||
- access_list | String | Required, Unique | |||
comment | String | ||||
pool_name | String | Required | |||
priority | Integer | Min: 0 Max: 4294967295 |
|||
static | List, items: Dictionary | ||||
- access_list | String | ‘access_list’ and ‘group’ are mutual exclusive | |||
comment | String | ||||
direction | String | Valid Values: - egress - ingress |
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW. |
||
group | Integer | Min: 1 Max: 65535 |
‘access_list’ and ‘group’ are mutual exclusive | ||
original_ip | String | Required, Unique | IPv4 address | ||
original_port | Integer | Min: 1 Max: 65535 |
|||
priority | Integer | Min: 0 Max: 4294967295 |
|||
protocol | String | Valid Values: - udp - tcp |
|||
translated_ip | String | Required | IPv4 address | ||
translated_port | Integer | Min: 1 Max: 65535 |
requires ‘original_port’ | ||
source | Dictionary | ||||
dynamic | List, items: Dictionary | ||||
- access_list | String | Required, Unique | |||
comment | String | ||||
nat_type | String | Required | Valid Values: - overload - pool - pool-address-only - pool-full-cone |
||
pool_name | String | required if ‘nat_type’ is pool, pool-address-only or pool-full-cone ignored if ‘nat_type’ is overload |
|||
priority | Integer | Min: 0 Max: 4294967295 |
|||
static | List, items: Dictionary | ||||
- access_list | String | ‘access_list’ and ‘group’ are mutual exclusive | |||
comment | String | ||||
direction | String | Valid Values: - egress - ingress |
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW. |
||
group | Integer | Min: 1 Max: 65535 |
‘access_list’ and ‘group’ are mutual exclusive | ||
original_ip | String | Required, Unique | IPv4 address | ||
original_port | Integer | Min: 1 Max: 65535 |
|||
priority | Integer | Min: 0 Max: 4294967295 |
|||
protocol | String | Valid Values: - udp - tcp |
|||
translated_ip | String | Required | IPv4 address | ||
translated_port | Integer | Min: 1 Max: 65535 |
requires ‘original_port’ | ||
ipv6_enable | Boolean | ||||
ipv6_address | String | IPv6 address/mask | |||
ipv6_address_link_local | String | Link local IPv6 address/mask | |||
ipv6_nd_ra_disabled | Boolean | ||||
ipv6_nd_managed_config_flag | Boolean | ||||
ipv6_nd_prefixes | List, items: Dictionary | ||||
- ipv6_prefix | String | Required, Unique | |||
valid_lifetime | String | Infinite or lifetime in seconds | |||
preferred_lifetime | String | Infinite or lifetime in seconds | |||
no_autoconfig_flag | Boolean | ||||
access_group_in | String | Access list name | |||
access_group_out | String | Access list name | |||
ipv6_access_group_in | String | IPv6 access list name | |||
ipv6_access_group_out | String | IPv6 access list name | |||
mac_access_group_in | String | MAC access list name | |||
mac_access_group_out | String | MAC access list name | |||
pim | Dictionary | ||||
ipv4 | Dictionary | ||||
dr_priority | Integer | Min: 0 Max: 429467295 |
|||
sparse_mode | Boolean | ||||
service_profile | String | QOS profile | |||
ospf_network_point_to_point | Boolean | ||||
ospf_area | String | ||||
ospf_cost | Integer | ||||
ospf_authentication | String | Valid Values: - none - simple - message-digest |
|||
ospf_authentication_key | String | Encrypted password | |||
ospf_message_digest_keys | List, items: Dictionary | ||||
- id | Integer | Required, Unique | |||
hash_algorithm | String | Valid Values: - md5 - sha1 - sha256 - sha384 - sha512 |
|||
key | String | Encrypted password | |||
flow_tracker | Dictionary | ||||
sampled | String | Sampled flow tracker name. | |||
hardware | String | Hardware flow tracker name. | |||
bgp | Dictionary | ||||
session_tracker | String | Name of session tracker | |||
peer | String | Key only used for documentation or validation purposes | |||
peer_interface | String | Key only used for documentation or validation purposes | |||
peer_type | String | Key only used for documentation or validation purposes | |||
sflow | Dictionary | ||||
enable | Boolean | ||||
egress | Dictionary | ||||
enable | Boolean | ||||
unmodified_enable | Boolean | ||||
eos_cli | String | Multiline EOS CLI rendered directly on the port-channel interface in the final EOS configuration |
port_channel_interfaces:
- name: <str; required; unique>
description: <str>
logging:
event:
link_status: <bool>
shutdown: <bool>
# "l2_mtu" should only be defined for platforms supporting the "l2 mtu" CLI
l2_mtu: <int; 68-65535>
# "l2_mru" should only be defined for platforms supporting the "l2 mru" CLI
l2_mru: <int; 68-65535>
# List of switchport vlans as string
# For a trunk port this would be a range like "1-200,300"
# For an access port this would be a single vlan "123"
vlans: <str>
snmp_trap_link_change: <bool>
# l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
# Interface will not be listed in device documentation, unless "type" is set.
type: <str; "routed" | "switched" | "l3dot1q" | "l2dot1q">
# VLAN tag to configure on sub-interface
encapsulation_dot1q_vlan: <int>
# VRF name
vrf: <str>
encapsulation_vlan:
client:
dot1q:
# Client VLAN ID
vlan: <int>
# Client Outer VLAN ID
outer: <int>
# Client Inner VLAN ID
inner: <int>
unmatched: <bool>
# Network encapsulation are all optional, and skipped if using client unmatched
network:
dot1q:
# Network VLAN ID
vlan: <int>
# Network Outer VLAN ID
outer: <int>
# Network Inner VLAN ID
inner: <int>
client: <bool>
vlan_id: <int; 1-4094>
mode: <str; "access" | "dot1q-tunnel" | "trunk" | "trunk phone">
# If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence
native_vlan: <int>
# If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence
native_vlan_tag: <bool; default=False>
link_tracking_groups:
# Group name
- name: <str; required; unique>
direction: <str; "upstream" | "downstream">
phone:
trunk: <str; "tagged" | "untagged">
vlan: <int; 1-4094>
l2_protocol:
# Vlan tag to configure on sub-interface
encapsulation_dot1q_vlan: <int>
# L2 protocol forwarding profile
forwarding_profile: <str>
mtu: <int; 68-65535>
# MLAG ID
mlag: <int; 1-2000>
trunk_groups:
- <str>
# Timeout in seconds
lacp_fallback_timeout: <int; 0-300; default=90>
lacp_fallback_mode: <str; "individual" | "static">
qos:
trust: <str; "dscp" | "cos" | "disabled">
# DSCP value
dscp: <int>
# COS value
cos: <int>
bfd:
echo: <bool>
# Interval in milliseconds
interval: <int>
# Rate in milliseconds
min_rx: <int>
multiplier: <int; 3-50>
service_policy:
pbr:
# Policy Based Routing Policy-map name
input: <str>
qos:
# Quality of Service Policy-map name
input: <str; required>
mpls:
ip: <bool>
ldp:
interface: <bool>
igp_sync: <bool>
trunk_private_vlan_secondary: <bool>
# List of vlans as string
pvlan_mapping: <str>
vlan_translations:
# List of vlans as string (only one vlan if direction is "both")
- from: <str>
# VLAN ID
to: <int>
direction: <str; "in" | "out" | "both"; default="both">
shape:
# Rate in kbps, pps or percent
# Supported options are platform dependent
# Examples:
# - "5000 kbps"
# - "1000 pps"
# - "20 percent"
rate: <str>
storm_control:
all:
# Configure maximum storm-control level
level: <str>
# Optional field and is hardware dependent
unit: <str; "percent" | "pps"; default="percent">
broadcast:
# Configure maximum storm-control level
level: <str>
# Optional field and is hardware dependent
unit: <str; "percent" | "pps"; default="percent">
multicast:
# Configure maximum storm-control level
level: <str>
# Optional field and is hardware dependent
unit: <str; "percent" | "pps"; default="percent">
unknown_unicast:
# Configure maximum storm-control level
level: <str>
# Optional field and is hardware dependent
unit: <str; "percent" | "pps"; default="percent">
ip_proxy_arp: <bool>
# ISIS instance
isis_enable: <str>
isis_passive: <bool>
isis_metric: <int>
isis_network_point_to_point: <bool>
isis_circuit_type: <str; "level-1-2" | "level-1" | "level-2">
isis_hello_padding: <bool>
isis_authentication_mode: <str; "text" | "md5">
# Type-7 encrypted password
isis_authentication_key: <str>
traffic_policy:
# Ingress traffic policy
input: <str>
# Egress traffic policy
output: <str>
evpn_ethernet_segment:
# EVPN Ethernet Segment Identifier (Type 1 format)
identifier: <str>
redundancy: <str; "all-active" | "single-active">
designated_forwarder_election:
algorithm: <str; "modulus" | "preference">
# Preference_value is only used when "algorithm" is "preference"
preference_value: <int; 0-65535>
# Dont_preempt is only used when "algorithm" is "preference"
dont_preempt: <bool; default=False>
hold_time: <int>
subsequent_hold_time: <int>
candidate_reachability_required: <bool>
mpls:
shared_index: <int; 1-1024>
tunnel_flood_filter_time: <int>
# EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx
route_target: <str>
# EVPN Ethernet Segment Identifier (Type 1 format)
# If both "esi" and "evpn_ethernet_segment.identifier" are defined, the new variable takes precedence
# This key is deprecated.
# Support will be removed in AVD version 5.0.0.
# Use <samp>evpn_ethernet_segment.identifier</samp> instead.
esi: <str>
# EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx
# If both "rt" and "evpn_ethernet_segment.route_target" are defined, the new variable takes precedence
# This key is deprecated.
# Support will be removed in AVD version 5.0.0.
# Use <samp>evpn_ethernet_segment.route_target</samp> instead.
rt: <str>
# LACP ID with format xxxx.xxxx.xxxx
lacp_id: <str>
spanning_tree_bpdufilter: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
spanning_tree_bpduguard: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
spanning_tree_guard: <str; "loop" | "root" | "disabled">
spanning_tree_portfast: <str; "edge" | "network">
vmtracer: <bool>
ptp:
enable: <bool>
announce:
interval: <int>
timeout: <int>
delay_req: <int>
delay_mechanism: <str; "e2e" | "p2p">
sync_message:
interval: <int>
role: <str; "master" | "dynamic">
# VLAN can be 'all' or list of vlans as string
vlan: <str>
transport: <str; "ipv4" | "ipv6" | "layer2">
# IPv4 address/mask
ip_address: <str>
ip_nat:
destination:
dynamic:
- access_list: <str; required; unique>
comment: <str>
pool_name: <str; required>
priority: <int; 0-4294967295>
static:
# 'access_list' and 'group' are mutual exclusive
- access_list: <str>
comment: <str>
# Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
# EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
direction: <str; "egress" | "ingress">
# 'access_list' and 'group' are mutual exclusive
group: <int; 1-65535>
# IPv4 address
original_ip: <str; required; unique>
original_port: <int; 1-65535>
priority: <int; 0-4294967295>
protocol: <str; "udp" | "tcp">
# IPv4 address
translated_ip: <str; required>
# requires 'original_port'
translated_port: <int; 1-65535>
source:
dynamic:
- access_list: <str; required; unique>
comment: <str>
nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>
# required if 'nat_type' is pool, pool-address-only or pool-full-cone
# ignored if 'nat_type' is overload
pool_name: <str>
priority: <int; 0-4294967295>
static:
# 'access_list' and 'group' are mutual exclusive
- access_list: <str>
comment: <str>
# Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
# EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
direction: <str; "egress" | "ingress">
# 'access_list' and 'group' are mutual exclusive
group: <int; 1-65535>
# IPv4 address
original_ip: <str; required; unique>
original_port: <int; 1-65535>
priority: <int; 0-4294967295>
protocol: <str; "udp" | "tcp">
# IPv4 address
translated_ip: <str; required>
# requires 'original_port'
translated_port: <int; 1-65535>
ipv6_enable: <bool>
# IPv6 address/mask
ipv6_address: <str>
# Link local IPv6 address/mask
ipv6_address_link_local: <str>
ipv6_nd_ra_disabled: <bool>
ipv6_nd_managed_config_flag: <bool>
ipv6_nd_prefixes:
- ipv6_prefix: <str; required; unique>
# Infinite or lifetime in seconds
valid_lifetime: <str>
# Infinite or lifetime in seconds
preferred_lifetime: <str>
no_autoconfig_flag: <bool>
# Access list name
access_group_in: <str>
# Access list name
access_group_out: <str>
# IPv6 access list name
ipv6_access_group_in: <str>
# IPv6 access list name
ipv6_access_group_out: <str>
# MAC access list name
mac_access_group_in: <str>
# MAC access list name
mac_access_group_out: <str>
pim:
ipv4:
dr_priority: <int; 0-429467295>
sparse_mode: <bool>
# QOS profile
service_profile: <str>
ospf_network_point_to_point: <bool>
ospf_area: <str>
ospf_cost: <int>
ospf_authentication: <str; "none" | "simple" | "message-digest">
# Encrypted password
ospf_authentication_key: <str>
ospf_message_digest_keys:
- id: <int; required; unique>
hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">
# Encrypted password
key: <str>
flow_tracker:
# Sampled flow tracker name.
sampled: <str>
# Hardware flow tracker name.
hardware: <str>
bgp:
# Name of session tracker
session_tracker: <str>
# Key only used for documentation or validation purposes
peer: <str>
# Key only used for documentation or validation purposes
peer_interface: <str>
# Key only used for documentation or validation purposes
peer_type: <str>
sflow:
enable: <bool>
egress:
enable: <bool>
unmodified_enable: <bool>
# Multiline EOS CLI rendered directly on the port-channel interface in the final EOS configuration
eos_cli: <str>
Switchport default¶
Tunnel interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
tunnel_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | Tunnel Interface Name | ||
description | String | ||||
shutdown | Boolean | ||||
mtu | Integer | Min: 68 Max: 65535 |
|||
vrf | String | VRF Name | |||
ip_address | String | Format: ipv4_cidr | IPv4_address/Mask | ||
ipv6_enable | Boolean | ||||
ipv6_address | String | Format: ipv6_cidr | IPv6_address/Mask | ||
access_group_in | String | IPv4 ACL Name for ingress | |||
access_group_out | String | IPv4 ACL Name for egress | |||
ipv6_access_group_in | String | IPv6 ACL Name for ingress | |||
ipv6_access_group_out | String | IPv6 ACL Name for egress | |||
tcp_mss_ceiling | Dictionary | ||||
ipv4 | Integer | Min: 64 Max: 65495 |
Segment Size for IPv4 | ||
ipv6 | Integer | Min: 64 Max: 65475 |
Segment Size for IPv6 | ||
direction | String | Valid Values: - ingress - egress |
Optional direction (‘ingress’, ‘egress’) for tcp mss ceiling |
||
source_interface | String | Tunnel Source Interface Name | |||
destination | String | IPv4 or IPv6 Address Tunnel Destination | |||
path_mtu_discovery | Boolean | Enable Path MTU Discovery On Tunnel | |||
eos_cli | String | Multiline String with EOS CLI rendered directly on the Tunnel interface in the final EOS configuration. |
tunnel_interfaces:
# Tunnel Interface Name
- name: <str; required; unique>
description: <str>
shutdown: <bool>
mtu: <int; 68-65535>
# VRF Name
vrf: <str>
# IPv4_address/Mask
ip_address: <str>
ipv6_enable: <bool>
# IPv6_address/Mask
ipv6_address: <str>
# IPv4 ACL Name for ingress
access_group_in: <str>
# IPv4 ACL Name for egress
access_group_out: <str>
# IPv6 ACL Name for ingress
ipv6_access_group_in: <str>
# IPv6 ACL Name for egress
ipv6_access_group_out: <str>
tcp_mss_ceiling:
# Segment Size for IPv4
ipv4: <int; 64-65495>
# Segment Size for IPv6
ipv6: <int; 64-65475>
# Optional direction ('ingress', 'egress') for tcp mss ceiling
direction: <str; "ingress" | "egress">
# Tunnel Source Interface Name
source_interface: <str>
# IPv4 or IPv6 Address Tunnel Destination
destination: <str>
# Enable Path MTU Discovery On Tunnel
path_mtu_discovery: <bool>
# Multiline String with EOS CLI rendered directly on the Tunnel interface in the final EOS configuration.
eos_cli: <str>
VLAN interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
vlan_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | VLAN interface name like “Vlan123” | ||
description | String | ||||
shutdown | Boolean | ||||
vrf | String | VRF name | |||
arp_aging_timeout | Integer | Min: 1 Max: 65535 |
In seconds | ||
arp_cache_dynamic_capacity | Integer | Min: 0 Max: 4294967295 |
|||
arp_gratuitous_accept | Boolean | ||||
arp_monitor_mac_address | Boolean | ||||
ip_proxy_arp | Boolean | ||||
ip_directed_broadcast | Boolean | ||||
ip_address | String | IPv4_address/Mask | |||
ip_address_secondaries | List, items: String | ||||
- <str> | String | IPv4_address/Mask | |||
ip_virtual_router_addresses | List, items: String | ||||
- <str> | String | IPv4 address or IPv4_address/Mask | |||
ip_address_virtual | String | IPv4_address/Mask | |||
ip_address_virtual_secondaries | List, items: String | ||||
- <str> | String | IPv4_address/Mask | |||
ip_igmp | Boolean | ||||
ip_igmp_version | Integer | Min: 1 Max: 3 |
|||
ip_helpers | List, items: Dictionary | List of DHCP servers | |||
- ip_helper | String | Required, Unique | IP address or hostname of DHCP server | ||
source_interface | String | Interface used as source for forwarded DHCP packets | |||
vrf | String | VRF where DHCP server can be reached | |||
ip_nat | Dictionary | ||||
destination | Dictionary | ||||
dynamic | List, items: Dictionary | ||||
- access_list | String | Required, Unique | |||
comment | String | ||||
pool_name | String | Required | |||
priority | Integer | Min: 0 Max: 4294967295 |
|||
static | List, items: Dictionary | ||||
- access_list | String | ‘access_list’ and ‘group’ are mutual exclusive | |||
comment | String | ||||
direction | String | Valid Values: - egress - ingress |
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW. |
||
group | Integer | Min: 1 Max: 65535 |
‘access_list’ and ‘group’ are mutual exclusive | ||
original_ip | String | Required, Unique | IPv4 address | ||
original_port | Integer | Min: 1 Max: 65535 |
|||
priority | Integer | Min: 0 Max: 4294967295 |
|||
protocol | String | Valid Values: - udp - tcp |
|||
translated_ip | String | Required | IPv4 address | ||
translated_port | Integer | Min: 1 Max: 65535 |
requires ‘original_port’ | ||
source | Dictionary | ||||
dynamic | List, items: Dictionary | ||||
- access_list | String | Required, Unique | |||
comment | String | ||||
nat_type | String | Required | Valid Values: - overload - pool - pool-address-only - pool-full-cone |
||
pool_name | String | required if ‘nat_type’ is pool, pool-address-only or pool-full-cone ignored if ‘nat_type’ is overload |
|||
priority | Integer | Min: 0 Max: 4294967295 |
|||
static | List, items: Dictionary | ||||
- access_list | String | ‘access_list’ and ‘group’ are mutual exclusive | |||
comment | String | ||||
direction | String | Valid Values: - egress - ingress |
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW. |
||
group | Integer | Min: 1 Max: 65535 |
‘access_list’ and ‘group’ are mutual exclusive | ||
original_ip | String | Required, Unique | IPv4 address | ||
original_port | Integer | Min: 1 Max: 65535 |
|||
priority | Integer | Min: 0 Max: 4294967295 |
|||
protocol | String | Valid Values: - udp - tcp |
|||
translated_ip | String | Required | IPv4 address | ||
translated_port | Integer | Min: 1 Max: 65535 |
requires ‘original_port’ | ||
ipv6_enable | Boolean | ||||
ipv6_address | String | IPv6_address/Mask | |||
ipv6_address_virtual deprecated | String | IPv6_address/Mask If both “ipv6_address_virtual” and “ipv6_address_virtuals” are set, all addresses will be configured This key is deprecated. Support will be removed in AVD version 5.0.0. Use ipv6_address_virtuals instead. |
|||
ipv6_address_virtuals | List, items: String | The new “ipv6_address_virtuals” key support multiple virtual ipv6 addresses. | |||
- <str> | String | IPv6_address/Mask | |||
ipv6_address_link_local | String | IPv6_address/Mask | |||
ipv6_virtual_router_address deprecated | String | “ipv6_virtual_router_address” should not be mixed with the new “ipv6_virtual_router_addresses” key below to avoid conflicts. This key is deprecated. Support will be removed in AVD version 5.0.0. Use ipv6_virtual_router_addresses instead. |
|||
ipv6_virtual_router_addresses | List, items: String | Improved “VARPv6” data model to support multiple VARPv6 addresses. | |||
- <str> | String | IPv6 address or IPv6_address/Mask | |||
ipv6_nd_ra_disabled | Boolean | ||||
ipv6_nd_managed_config_flag | Boolean | ||||
ipv6_nd_prefixes | List, items: Dictionary | ||||
- ipv6_prefix | String | Required, Unique | IPv6_address/Mask | ||
valid_lifetime | String | In seconds <0-4294967295> or infinite | |||
preferred_lifetime | String | In seconds <0-4294967295> or infinite | |||
no_autoconfig_flag | Boolean | ||||
ipv6_dhcp_relay_destinations | List, items: Dictionary | ||||
- address | String | Required, Unique | DHCP server’s IPv6 address | ||
vrf | String | ||||
local_interface | String | Local interface to communicate with DHCP server - mutually exclusive to source_address | |||
source_address | String | Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface | |||
link_address | String | Override the default link address specified in the relayed DHCP packet | |||
access_group_in | String | IPv4 access-list name | |||
access_group_out | String | IPv4 access-list name | |||
ipv6_access_group_in | String | IPv6 access-list name | |||
ipv6_access_group_out | String | IPv6 access-list name | |||
multicast | Dictionary | ||||
ipv4 | Dictionary | ||||
boundaries | List, items: Dictionary | Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both | |||
- boundary | String | Required, Unique | IPv4 access-list name or IPv4 multicast group prefix with mask | ||
out | Boolean | ||||
source_route_export | Dictionary | ||||
enabled | Boolean | Required | |||
administrative_distance | Integer | Min: 1 Max: 255 |
|||
static | Boolean | ||||
ipv6 | Dictionary | ||||
boundaries | List, items: Dictionary | Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both | |||
- boundary | String | Required, Unique | IPv6 access-list name or IPv6 multicast group prefix with mask | ||
source_route_export | Dictionary | ||||
enabled | Boolean | Required | |||
administrative_distance | Integer | Min: 1 Max: 255 |
|||
static | Boolean | ||||
ospf_network_point_to_point | Boolean | ||||
ospf_area | String | ||||
ospf_cost | Integer | ||||
ospf_authentication | String | Valid Values: - none - simple - message-digest |
|||
ospf_authentication_key | String | Encrypted password used for simple authentication | |||
ospf_message_digest_keys | List, items: Dictionary | Keys used for message-digest authentication | |||
- id | Integer | Required, Unique | |||
hash_algorithm | String | Valid Values: - md5 - sha1 - sha256 - sha384 - sha512 |
|||
key | String | Encrypted password | |||
pim | Dictionary | ||||
ipv4 | Dictionary | ||||
dr_priority | Integer | Min: 0 Max: 429467295 |
|||
sparse_mode | Boolean | ||||
local_interface | String | ||||
isis_enable | String | ISIS instance name | |||
isis_passive | Boolean | ||||
isis_metric | Integer | ||||
isis_network_point_to_point | Boolean | ||||
mtu | Integer | ||||
no_autostate | Boolean | ||||
vrrp_ids | List, items: Dictionary | Improved “vrrp” data model to support multiple VRRP IDs | |||
- id | Integer | Required, Unique | VRID | ||
priority_level | Integer | Min: 1 Max: 254 |
Instance priority | ||
advertisement | Dictionary | ||||
interval | Integer | Min: 1 Max: 255 |
Interval in seconds | ||
preempt | Dictionary | ||||
enabled | Boolean | Required | |||
delay | Dictionary | ||||
minimum | Integer | Min: 0 Max: 3600 |
Minimum preempt delay in seconds | ||
reload | Integer | Min: 0 Max: 3600 |
Reload preempt delay in seconds | ||
timers | Dictionary | ||||
delay | Dictionary | ||||
reload | Integer | Min: 0 Max: 3600 |
Delay after reload in seconds. | ||
tracked_object | List, items: Dictionary | ||||
- name | String | Required, Unique | Tracked object name | ||
decrement | Integer | Min: 1 Max: 254 |
Decrement VRRP priority by 1-254 | ||
shutdown | Boolean | ||||
ipv4 | Dictionary | ||||
address | String | Required | Virtual IPv4 address | ||
version | Integer | Valid Values: - 2 - 3 |
|||
ipv6 | Dictionary | ||||
address | String | Required | Virtual IPv6 address | ||
vrrp deprecated | Dictionary | “vrrp” should not be mixed with the new “vrrp_ids” key above to avoid conflicts. This key is deprecated. Support will be removed in AVD version 5.0.0. Use vrrp_ids instead. |
|||
virtual_router | String | Virtual Router ID | |||
priority | Integer | Instance priority | |||
advertisement_interval | Integer | ||||
preempt_delay_minimum | Integer | ||||
ipv4 | String | Virtual IPv4 address | |||
ipv6 | String | Virtual IPv6 address | |||
ip_attached_host_route_export | Dictionary | ||||
enabled | Boolean | Required | |||
distance | Integer | Min: 1 Max: 255 |
|||
bfd | Dictionary | ||||
echo | Boolean | ||||
interval | Integer | Rate in milliseconds | |||
min_rx | Integer | Minimum RX hold time in milliseconds | |||
multiplier | Integer | Min: 3 Max: 50 |
|||
service_policy | Dictionary | ||||
pbr | Dictionary | ||||
input | String | Name of policy-map used for policy based routing | |||
pvlan_mapping | String | List of VLANs as string | |||
tenant | String | Key only used for documentation or validation purposes | |||
tags | List, items: String | Key only used for documentation or validation purposes | |||
- <str> | String | ||||
type | String | Key only used for documentation or validation purposes | |||
eos_cli | String | Multiline EOS CLI rendered directly on the VLAN interface in the final EOS configuration |
vlan_interfaces:
# VLAN interface name like "Vlan123"
- name: <str; required; unique>
description: <str>
shutdown: <bool>
# VRF name
vrf: <str>
# In seconds
arp_aging_timeout: <int; 1-65535>
arp_cache_dynamic_capacity: <int; 0-4294967295>
arp_gratuitous_accept: <bool>
arp_monitor_mac_address: <bool>
ip_proxy_arp: <bool>
ip_directed_broadcast: <bool>
# IPv4_address/Mask
ip_address: <str>
ip_address_secondaries:
# IPv4_address/Mask
- <str>
ip_virtual_router_addresses:
# IPv4 address or IPv4_address/Mask
- <str>
# IPv4_address/Mask
ip_address_virtual: <str>
ip_address_virtual_secondaries:
# IPv4_address/Mask
- <str>
ip_igmp: <bool>
ip_igmp_version: <int; 1-3>
# List of DHCP servers
ip_helpers:
# IP address or hostname of DHCP server
- ip_helper: <str; required; unique>
# Interface used as source for forwarded DHCP packets
source_interface: <str>
# VRF where DHCP server can be reached
vrf: <str>
ip_nat:
destination:
dynamic:
- access_list: <str; required; unique>
comment: <str>
pool_name: <str; required>
priority: <int; 0-4294967295>
static:
# 'access_list' and 'group' are mutual exclusive
- access_list: <str>
comment: <str>
# Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
# EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
direction: <str; "egress" | "ingress">
# 'access_list' and 'group' are mutual exclusive
group: <int; 1-65535>
# IPv4 address
original_ip: <str; required; unique>
original_port: <int; 1-65535>
priority: <int; 0-4294967295>
protocol: <str; "udp" | "tcp">
# IPv4 address
translated_ip: <str; required>
# requires 'original_port'
translated_port: <int; 1-65535>
source:
dynamic:
- access_list: <str; required; unique>
comment: <str>
nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>
# required if 'nat_type' is pool, pool-address-only or pool-full-cone
# ignored if 'nat_type' is overload
pool_name: <str>
priority: <int; 0-4294967295>
static:
# 'access_list' and 'group' are mutual exclusive
- access_list: <str>
comment: <str>
# Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
# EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
direction: <str; "egress" | "ingress">
# 'access_list' and 'group' are mutual exclusive
group: <int; 1-65535>
# IPv4 address
original_ip: <str; required; unique>
original_port: <int; 1-65535>
priority: <int; 0-4294967295>
protocol: <str; "udp" | "tcp">
# IPv4 address
translated_ip: <str; required>
# requires 'original_port'
translated_port: <int; 1-65535>
ipv6_enable: <bool>
# IPv6_address/Mask
ipv6_address: <str>
# IPv6_address/Mask
# If both "ipv6_address_virtual" and "ipv6_address_virtuals" are set, all addresses will be configured
# This key is deprecated.
# Support will be removed in AVD version 5.0.0.
# Use <samp>ipv6_address_virtuals</samp> instead.
ipv6_address_virtual: <str>
# The new "ipv6_address_virtuals" key support multiple virtual ipv6 addresses.
ipv6_address_virtuals:
# IPv6_address/Mask
- <str>
# IPv6_address/Mask
ipv6_address_link_local: <str>
# "ipv6_virtual_router_address" should not be mixed with
# the new "ipv6_virtual_router_addresses" key below to avoid conflicts.
# This key is deprecated.
# Support will be removed in AVD version 5.0.0.
# Use <samp>ipv6_virtual_router_addresses</samp> instead.
ipv6_virtual_router_address: <str>
# Improved "VARPv6" data model to support multiple VARPv6 addresses.
ipv6_virtual_router_addresses:
# IPv6 address or IPv6_address/Mask
- <str>
ipv6_nd_ra_disabled: <bool>
ipv6_nd_managed_config_flag: <bool>
ipv6_nd_prefixes:
# IPv6_address/Mask
- ipv6_prefix: <str; required; unique>
# In seconds <0-4294967295> or infinite
valid_lifetime: <str>
# In seconds <0-4294967295> or infinite
preferred_lifetime: <str>
no_autoconfig_flag: <bool>
ipv6_dhcp_relay_destinations:
# DHCP server's IPv6 address
- address: <str; required; unique>
vrf: <str>
# Local interface to communicate with DHCP server - mutually exclusive to source_address
local_interface: <str>
# Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface
source_address: <str>
# Override the default link address specified in the relayed DHCP packet
link_address: <str>
# IPv4 access-list name
access_group_in: <str>
# IPv4 access-list name
access_group_out: <str>
# IPv6 access-list name
ipv6_access_group_in: <str>
# IPv6 access-list name
ipv6_access_group_out: <str>
multicast:
ipv4:
# Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both
boundaries:
# IPv4 access-list name or IPv4 multicast group prefix with mask
- boundary: <str; required; unique>
out: <bool>
source_route_export:
enabled: <bool; required>
administrative_distance: <int; 1-255>
static: <bool>
ipv6:
# Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both
boundaries:
# IPv6 access-list name or IPv6 multicast group prefix with mask
- boundary: <str; required; unique>
source_route_export:
enabled: <bool; required>
administrative_distance: <int; 1-255>
static: <bool>
ospf_network_point_to_point: <bool>
ospf_area: <str>
ospf_cost: <int>
ospf_authentication: <str; "none" | "simple" | "message-digest">
# Encrypted password used for simple authentication
ospf_authentication_key: <str>
# Keys used for message-digest authentication
ospf_message_digest_keys:
- id: <int; required; unique>
hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">
# Encrypted password
key: <str>
pim:
ipv4:
dr_priority: <int; 0-429467295>
sparse_mode: <bool>
local_interface: <str>
# ISIS instance name
isis_enable: <str>
isis_passive: <bool>
isis_metric: <int>
isis_network_point_to_point: <bool>
mtu: <int>
no_autostate: <bool>
# Improved "vrrp" data model to support multiple VRRP IDs
vrrp_ids:
# VRID
- id: <int; required; unique>
# Instance priority
priority_level: <int; 1-254>
advertisement:
# Interval in seconds
interval: <int; 1-255>
preempt:
enabled: <bool; required>
delay:
# Minimum preempt delay in seconds
minimum: <int; 0-3600>
# Reload preempt delay in seconds
reload: <int; 0-3600>
timers:
delay:
# Delay after reload in seconds.
reload: <int; 0-3600>
tracked_object:
# Tracked object name
- name: <str; required; unique>
# Decrement VRRP priority by 1-254
decrement: <int; 1-254>
shutdown: <bool>
ipv4:
# Virtual IPv4 address
address: <str; required>
version: <int; 2 | 3>
ipv6:
# Virtual IPv6 address
address: <str; required>
# "vrrp" should not be mixed with the new "vrrp_ids" key above to avoid conflicts.
# This key is deprecated.
# Support will be removed in AVD version 5.0.0.
# Use <samp>vrrp_ids</samp> instead.
vrrp:
# Virtual Router ID
virtual_router: <str>
# Instance priority
priority: <int>
advertisement_interval: <int>
preempt_delay_minimum: <int>
# Virtual IPv4 address
ipv4: <str>
# Virtual IPv6 address
ipv6: <str>
ip_attached_host_route_export:
enabled: <bool; required>
distance: <int; 1-255>
bfd:
echo: <bool>
# Rate in milliseconds
interval: <int>
# Minimum RX hold time in milliseconds
min_rx: <int>
multiplier: <int; 3-50>
service_policy:
pbr:
# Name of policy-map used for policy based routing
input: <str>
# List of VLANs as string
pvlan_mapping: <str>
# Key only used for documentation or validation purposes
tenant: <str>
# Key only used for documentation or validation purposes
tags:
- <str>
# Key only used for documentation or validation purposes
type: <str>
# Multiline EOS CLI rendered directly on the VLAN interface in the final EOS configuration
eos_cli: <str>
VXLAN interface¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
vxlan_interface | Dictionary | ||||
Vxlan1 | Dictionary | ||||
description | String | ||||
vxlan | Dictionary | ||||
source_interface | String | Source Interface Name | |||
controller_client | Dictionary | Client to CVX Controllers | |||
enabled | Boolean | ||||
mlag_source_interface | String | ||||
udp_port | Integer | ||||
virtual_router_encapsulation_mac_address | String | “mlag-system-id” or ethernet_address (H.H.H) |
|||
bfd_vtep_evpn | Dictionary | ||||
interval | Integer | ||||
min_rx | Integer | ||||
multiplier | Integer | Min: 3 Max: 50 |
|||
prefix_list | String | ||||
qos | Dictionary | For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in “DSCP Trust” mode. !!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping. |
|||
dscp_propagation_encapsulation | Boolean | ||||
ecn_propagation | Boolean | Enable copying the ECN marking to/from encapsulated packets. |
|||
map_dscp_to_traffic_class_decapsulation | Boolean | ||||
vlans | List, items: Dictionary | ||||
- id | Integer | Required, Unique | VLAN ID | ||
vni | Integer | ||||
multicast_group | String | IP Multicast Group Address | |||
flood_vteps | List, items: String | ||||
- <str> | String | Remote VTEP IP Address | |||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF Name | ||
vni | Integer | ||||
multicast_group | String | IP Multicast Group Address | |||
flood_vteps | List, items: String | ||||
- <str> | String | Remote VTEP IP Address | |||
flood_vtep_learned_data_plane | Boolean | ||||
eos_cli | String | Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration. |
vxlan_interface:
Vxlan1:
description: <str>
vxlan:
# Source Interface Name
source_interface: <str>
# Client to CVX Controllers
controller_client:
enabled: <bool>
mlag_source_interface: <str>
udp_port: <int>
# "mlag-system-id" or ethernet_address (H.H.H)
virtual_router_encapsulation_mac_address: <str>
bfd_vtep_evpn:
interval: <int>
min_rx: <int>
multiplier: <int; 3-50>
prefix_list: <str>
# For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in "DSCP Trust" mode.
# !!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping.
qos:
dscp_propagation_encapsulation: <bool>
# Enable copying the ECN marking to/from encapsulated packets.
ecn_propagation: <bool>
map_dscp_to_traffic_class_decapsulation: <bool>
vlans:
# VLAN ID
- id: <int; required; unique>
vni: <int>
# IP Multicast Group Address
multicast_group: <str>
flood_vteps:
# Remote VTEP IP Address
- <str>
vrfs:
# VRF Name
- name: <str; required; unique>
vni: <int>
# IP Multicast Group Address
multicast_group: <str>
flood_vteps:
# Remote VTEP IP Address
- <str>
flood_vtep_learned_data_plane: <bool>
# Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration.
eos_cli: <str>
Maintenance Mode¶
BGP groups¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
bgp_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Group Name | ||
vrf | String | ||||
neighbors | List, items: String | ||||
- <str> | String | ||||
bgp_maintenance_profiles | List, items: String | ||||
- <str> | String | Profile Name |
Interface groups¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
interface_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Interface-Group name | ||
interfaces | List, items: String | ||||
- <str> | String | Interface Name | |||
bgp_maintenance_profiles | List, items: String | ||||
- <str> | String | Name of BGP Maintenance Profile | |||
interface_maintenance_profiles | List, items: String | ||||
- <str> | String | Name of Interface Maintenance Profile |
Maintenance¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
maintenance | Dictionary | ||||
default_interface_profile | String | Name of default Interface Profile |
|||
default_bgp_profile | String | Name of default BGP Profile |
|||
default_unit_profile | String | Name of default Unit Profile |
|||
interface_profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
rate_monitoring | Dictionary | ||||
load_interval | Integer | Load Interval in Seconds |
|||
threshold | Integer | Threshold in kbps |
|||
shutdown | Dictionary | ||||
max_delay | Integer | Max delay in seconds |
|||
bgp_profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | BGP Profile Name | ||
initiator | Dictionary | ||||
route_map_inout | String | Route Map | |||
unit_profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | Unit Profile Name | ||
on_boot | Dictionary | ||||
duration | Integer | Min: 300 Max: 3600 |
On-boot in seconds |
||
units | List, items: Dictionary | ||||
- name | String | Required, Unique | Unit Name | ||
quiesce | Boolean | ||||
profile | String | Name of Unit Profile |
|||
groups | Dictionary | ||||
bgp_groups | List, items: String | ||||
- <str> | String | Name of BGP Group |
|||
interface_groups | List, items: String | ||||
- <str> | String | Name of Interface Group |
maintenance:
# Name of default Interface Profile
default_interface_profile: <str>
# Name of default BGP Profile
default_bgp_profile: <str>
# Name of default Unit Profile
default_unit_profile: <str>
interface_profiles:
- name: <str; required; unique>
rate_monitoring:
# Load Interval in Seconds
load_interval: <int>
# Threshold in kbps
threshold: <int>
shutdown:
# Max delay in seconds
max_delay: <int>
bgp_profiles:
# BGP Profile Name
- name: <str; required; unique>
initiator:
# Route Map
route_map_inout: <str>
unit_profiles:
# Unit Profile Name
- name: <str; required; unique>
on_boot:
# On-boot in seconds
duration: <int; 300-3600>
units:
# Unit Name
- name: <str; required; unique>
quiesce: <bool>
# Name of Unit Profile
profile: <str>
groups:
bgp_groups:
# Name of BGP Group
- <str>
interface_groups:
# Name of Interface Group
- <str>
Management¶
Aliases¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
aliases | String | Multi-line string with one or more alias commands. Example: yaml<br>aliases: |<br> alias wr copy running-config startup-config<br> alias siib show ip interface brief<br> |
Banners¶
Boot¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
boot | Dictionary | Set the Aboot password |
|||
secret | Dictionary | ||||
hash_algorithm | String | sha512 |
Valid Values: - md5 - sha512 |
||
key | String | Hashed Password |
Clock¶
DNS domain¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
dns_domain | String | Domain Name |
Domain-list¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
domain_list | List, items: String | Search list of DNS domains | |||
- <str> | String | Domain name |
Hostname¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
hostname | String |
IP domain lookup¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_domain_lookup | Dictionary | ||||
source_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | Source Interface |
||
vrf | String |
IP HTTP client source-interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_http_client_source_interfaces | List, items: Dictionary | ||||
- name | String | Interface Name | |||
vrf | String |
IP name servers¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_name_servers | List, items: Dictionary | ||||
- ip_address | String | IPv4 or IPv6 address for DNS server | |||
vrf | String | VRF Name | |||
priority | Integer | Min: 0 Max: 4 |
Priority value (lower is first) |
IP SSH client source-interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_ssh_client_source_interfaces | List, items: Dictionary | ||||
- name | String | Interface Name | |||
vrf | String | default |
Management accounts¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_accounts | Dictionary | ||||
password | Dictionary | ||||
policy | String |
Management API HTTP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_api_http | Dictionary | ||||
enable_http | Boolean | ||||
enable_https | Boolean | ||||
https_ssl_profile | String | SSL Profile Name | |||
default_services | Boolean | Enable default services: capi-doc and tapagg | |||
enable_vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF Name | ||
access_group | String | Standard IPv4 ACL name | |||
ipv6_access_group | String | Standard IPv6 ACL name | |||
protocol_https_certificate | Dictionary | ||||
certificate | String | Name of certificate; private key must also be specified | |||
private_key | String | Name of private key; certificate must also be specified |
management_api_http:
enable_http: <bool>
enable_https: <bool>
# SSL Profile Name
https_ssl_profile: <str>
# Enable default services: capi-doc and tapagg
default_services: <bool>
enable_vrfs:
# VRF Name
- name: <str; required; unique>
# Standard IPv4 ACL name
access_group: <str>
# Standard IPv6 ACL name
ipv6_access_group: <str>
protocol_https_certificate:
# Name of certificate; private key must also be specified
certificate: <str>
# Name of private key; certificate must also be specified
private_key: <str>
Management API models¶
Management console¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_console | Dictionary | ||||
idle_timeout | Integer | Min: 0 Max: 86400 |
Management defaults¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_defaults | Dictionary | ||||
secret | Dictionary | ||||
hash | String | Valid Values: - md5 - sha512 |
Management security¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_security | Dictionary | ||||
entropy_source | String | ||||
password | Dictionary | ||||
minimum_length | Integer | Min: 1 Max: 32 |
|||
encryption_key_common | Boolean | ||||
encryption_reversible | String | ||||
policies | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
minimum | Dictionary | ||||
digits | Integer | Min: 1 Max: 65535 |
|||
length | Integer | Min: 1 Max: 65535 |
|||
lower | Integer | Min: 1 Max: 65535 |
|||
special | Integer | Min: 1 Max: 65535 |
|||
upper | Integer | Min: 1 Max: 65535 |
|||
maximum | Dictionary | ||||
repetitive | Integer | Min: 1 Max: 65535 |
|||
sequential | Integer | Min: 1 Max: 65535 |
|||
ssl_profiles | List, items: Dictionary | ||||
- name | String | ||||
tls_versions | String | List of allowed TLS versions as string Examples: - “1.0” - “1.0 1.1” |
|||
cipher_list | String | cipher_list syntax follows the openssl cipher strings format. Colon (:) separated list of allowed ciphers as a string |
|||
trust_certificate | Dictionary | ||||
certificates | List, items: String | List of trust certificate names Examples: - test1.crt - test2.crt |
|||
- <str> | String | ||||
requirement | Dictionary | ||||
basic_constraint_ca | Boolean | ||||
hostname_fqdn | Boolean | Enforce hostname to be FQDN without wildcard. |
|||
policy_expiry_date_ignore | Boolean | ||||
system | Boolean | Use system-supplied trust certificates. |
|||
chain_certificate | Dictionary | ||||
certificates | List, items: String | List of chain certificate names Examples: - chain1.crt - chain2.crt |
|||
- <str> | String | ||||
requirement | Dictionary | ||||
basic_constraint_ca | Boolean | ||||
include_root_ca | Boolean | ||||
certificate | Dictionary | ||||
file | String | ||||
key | String | ||||
certificate_revocation_lists | List, items: String | List of CRLs (Certificate Revocation List). If specified, one CRL needs to be provided for every certificate in the chain, even if the revocation list in the CRL is empty. |
|||
- <str> | String |
management_security:
entropy_source: <str>
password:
minimum_length: <int; 1-32>
encryption_key_common: <bool>
encryption_reversible: <str>
policies:
- name: <str; required; unique>
minimum:
digits: <int; 1-65535>
length: <int; 1-65535>
lower: <int; 1-65535>
special: <int; 1-65535>
upper: <int; 1-65535>
maximum:
repetitive: <int; 1-65535>
sequential: <int; 1-65535>
ssl_profiles:
- name: <str>
# List of allowed TLS versions as string
# Examples:
# - "1.0"
# - "1.0 1.1"
tls_versions: <str>
# cipher_list syntax follows the openssl cipher strings format.
# Colon (:) separated list of allowed ciphers as a string
cipher_list: <str>
trust_certificate:
# List of trust certificate names
# Examples:
# - test1.crt
# - test2.crt
certificates:
- <str>
requirement:
basic_constraint_ca: <bool>
# Enforce hostname to be FQDN without wildcard.
hostname_fqdn: <bool>
policy_expiry_date_ignore: <bool>
# Use system-supplied trust certificates.
system: <bool>
chain_certificate:
# List of chain certificate names
# Examples:
# - chain1.crt
# - chain2.crt
certificates:
- <str>
requirement:
basic_constraint_ca: <bool>
include_root_ca: <bool>
certificate:
file: <str>
key: <str>
# List of CRLs (Certificate Revocation List).
# If specified, one CRL needs to be provided for every certificate in the chain, even if the revocation list in the CRL is empty.
certificate_revocation_lists:
- <str>
Management SSH¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_ssh | Dictionary | ||||
access_groups | List, items: Dictionary | ||||
- name | String | Standard ACL Name | |||
vrf | String | VRF Name | |||
ipv6_access_groups | List, items: Dictionary | ||||
- name | String | Standard ACL Name | |||
vrf | String | VRF Name | |||
idle_timeout | Integer | Min: 0 Max: 86400 |
Idle timeout in minutes | ||
cipher | List, items: String | Cryptographic ciphers for SSH to use | |||
- <str> | String | ||||
key_exchange | List, items: String | Cryptographic key exchange methods for SSH to use | |||
- <str> | String | ||||
mac | List, items: String | Cryptographic MAC algorithms for SSH to use | |||
- <str> | String | ||||
hostkey | Dictionary | ||||
server | List, items: String | SSH host key settings | |||
- <str> | String | ||||
enable | Boolean | Enable SSH daemon | |||
connection | Dictionary | ||||
limit | Integer | Min: 1 Max: 100 |
Maximum total number of SSH sessions to device | ||
per_host | Integer | Min: 1 Max: 20 |
Maximum number of SSH sessions to device from a single host | ||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF Name | ||
enable | Boolean | Enable SSH in VRF | |||
log_level | String | SSH daemon log level | |||
client_alive | Dictionary | ||||
count_max | Integer | Min: 1 Max: 1000 |
Number of keep-alive packets that can be sent without a response before the connection is assumed dead. | ||
interval | Integer | Min: 1 Max: 1000 |
Time period (in seconds) to send SSH keep-alive packets. |
management_ssh:
access_groups:
# Standard ACL Name
- name: <str>
# VRF Name
vrf: <str>
ipv6_access_groups:
# Standard ACL Name
- name: <str>
# VRF Name
vrf: <str>
# Idle timeout in minutes
idle_timeout: <int; 0-86400>
# Cryptographic ciphers for SSH to use
cipher:
- <str>
# Cryptographic key exchange methods for SSH to use
key_exchange:
- <str>
# Cryptographic MAC algorithms for SSH to use
mac:
- <str>
hostkey:
# SSH host key settings
server:
- <str>
# Enable SSH daemon
enable: <bool>
connection:
# Maximum total number of SSH sessions to device
limit: <int; 1-100>
# Maximum number of SSH sessions to device from a single host
per_host: <int; 1-20>
vrfs:
# VRF Name
- name: <str; required; unique>
# Enable SSH in VRF
enable: <bool>
# SSH daemon log level
log_level: <str>
client_alive:
# Number of keep-alive packets that can be sent without a response before the connection is assumed dead.
count_max: <int; 1-1000>
# Time period (in seconds) to send SSH keep-alive packets.
interval: <int; 1-1000>
Management tech-support¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_tech_support | Dictionary | ||||
policy_show_tech_support | Dictionary | ||||
exclude_commands | List, items: Dictionary | ||||
- command | String | Command to exclude from tech-support | |||
type | String | text |
Valid Values: - text - json |
The supported values for type are platform dependent. | |
include_commands | List, items: Dictionary | ||||
- command | String | Command to include in tech-support |
Name server¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
name_server deprecated | Dictionary | This key is deprecated. Support will be removed in AVD version v5.0.0. Use ip_name_servers instead. | |||
source | Dictionary | ||||
vrf | String | VRF Name | |||
nodes | List, items: String | ||||
- <str> | String |
NTP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ntp | Dictionary | ||||
local_interface | Dictionary | ||||
name | String | Source interface | |||
vrf | String | VRF name | |||
servers | List, items: Dictionary | ||||
- name | String | IP or hostname e.g., 2.2.2.55, ie.pool.ntp.org | |||
burst | Boolean | ||||
iburst | Boolean | ||||
key | Integer | Min: 1 Max: 65535 |
|||
local_interface | String | Source interface | |||
maxpoll | Integer | Min: 3 Max: 17 |
Value of maxpoll between 3 - 17 (Logarithmic) | ||
minpoll | Integer | Min: 3 Max: 17 |
Value of minpoll between 3 - 17 (Logarithmic) | ||
preferred | Boolean | ||||
version | Integer | Min: 1 Max: 4 |
|||
vrf | String | VRF name | |||
authenticate | Boolean | ||||
authenticate_servers_only | Boolean | ||||
authentication_keys | List, items: Dictionary | ||||
- id | Integer | Required, Unique | Min: 1 Max: 65534 |
Key identifier | |
hash_algorithm | String | Valid Values: - md5 - sha1 |
|||
key | String | Obfuscated key | |||
key_type | String | Valid Values: - 0 - 7 - 8a |
|||
trusted_keys | String | List of trusted-keys as string ex. 10-12,15 |
ntp:
local_interface:
# Source interface
name: <str>
# VRF name
vrf: <str>
servers:
# IP or hostname e.g., 2.2.2.55, ie.pool.ntp.org
- name: <str>
burst: <bool>
iburst: <bool>
key: <int; 1-65535>
# Source interface
local_interface: <str>
# Value of maxpoll between 3 - 17 (Logarithmic)
maxpoll: <int; 3-17>
# Value of minpoll between 3 - 17 (Logarithmic)
minpoll: <int; 3-17>
preferred: <bool>
version: <int; 1-4>
# VRF name
vrf: <str>
authenticate: <bool>
authenticate_servers_only: <bool>
authentication_keys:
# Key identifier
- id: <int; 1-65534; required; unique>
hash_algorithm: <str; "md5" | "sha1">
# Obfuscated key
key: <str>
key_type: <str; "0" | "7" | "8a">
# List of trusted-keys as string ex. 10-12,15
trusted_keys: <str>
Prompt¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
prompt | String |
Terminal¶
Virtual source NAT VRFs¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
virtual_source_nat_vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF Name | ||
ip_address | String | IPv4 Address |
Miscellaneous¶
CVX¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
cvx | Dictionary | CVX server features are not supported on physical switches. See management_cvx for client configurations. |
|||
shutdown | Boolean | ||||
peer_hosts | List, items: String | ||||
- <str> | String | IP address or hostname | |||
services | Dictionary | ||||
mcs | Dictionary | ||||
redis | Dictionary | ||||
password | String | Hashed password using the password_type | |||
password_type | String | 7 |
Valid Values: - 0 - 7 - 8a |
||
shutdown | Boolean | ||||
vxlan | Dictionary | VXLAN Controller service | |||
shutdown | Boolean | ||||
vtep_mac_learning | String | Valid Values: - control-plane - data-plane |
# CVX server features are not supported on physical switches. See `management_cvx` for client configurations.
cvx:
shutdown: <bool>
peer_hosts:
# IP address or hostname
- <str>
services:
mcs:
redis:
# Hashed password using the password_type
password: <str>
password_type: <str; "0" | "7" | "8a"; default="7">
shutdown: <bool>
# VXLAN Controller service
vxlan:
shutdown: <bool>
vtep_mac_learning: <str; "control-plane" | "data-plane">
EOS cli¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
eos_cli | String | Multiline string with EOS CLI rendered directly on the root level of the final EOS configuration |
Is deployed¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
is_deployed | Boolean | True |
Key only used for documentation or validation purposes |
Management CVX¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_cvx | Dictionary | ||||
shutdown | Boolean | ||||
server_hosts | List, items: String | ||||
- <str> | String | IP or hostname | |||
source_interface | String | Interface name | |||
vrf | String | VRF Name |
MCS client¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
mcs_client | Dictionary | ||||
shutdown | Boolean | ||||
cvx_secondary | Dictionary | ||||
name | String | ||||
shutdown | Boolean | ||||
server_hosts | List, items: String | ||||
- <str> | String | IP or hostname |
Monitoring¶
Daemons¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
daemons | List, items: Dictionary | This will add a daemon to the eos configuration that is most useful when trying to run OpenConfig clients like ocprometheus. | |||
- name | String | Required, Unique | Daemon Name | ||
exec | String | Required | command to run as a daemon |
||
enabled | Boolean | True |
Daemon terminattr¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
daemon_terminattr | Dictionary | You can either provide a list of IPs/FQDNs to target on-premise Cloudvision cluster or use DNS name for your Cloudvision as a Service instance. Streaming to multiple clusters both on-prem and cloud service is supported. !!! note For TerminAttr version recommendation and EOS compatibility matrix, please refer to the latest TerminAttr Release Notes which always contain the latest recommended versions and minimum required versions per EOS release. |
|||
cvaddrs | List, items: String | Streaming address(es) for CloudVision single cluster - TCP 9910 is used for CV on-prem - TCP 443 is used for CV as a Service |
|||
- <str> | String | Server address in the format <ip/fqdn>:<port> |
|||
clusters | List, items: Dictionary | Multiple CloudVision clusters |
|||
- name | String | Required, Unique | Cluster Name | ||
cvaddrs | List, items: String | Streaming address(es) for CloudVision cluster - TCP 9910 is used for CV on-prem - TCP 443 is used for CV as a Service |
|||
- <str> | String | Server address in the format <ip/fqdn>:<port> |
|||
cvauth | Dictionary | Authentication scheme used to connect to CloudVision |
|||
method | String | Valid Values: - token - token-secure - key - certs |
|||
key | String | ||||
token_file | String | Token file path e.g. “/tmp/token” |
|||
cert_file | String | Client certificate file path e.g. “/persist/secure/ssl/terminattr/primary/certs/client.crt” |
|||
ca_file | String | CA certificate file path (on-prem only) e.g. “/persist/secure/ssl/terminattr/primary/certs/ca.crt” |
|||
key_file | String | Client certificate key file path e.g. “/persist/secure/ssl/terminattr/primary/keys/client.key” |
|||
cvobscurekeyfile | Boolean | Encrypt the private key used for authentication to CloudVision |
|||
cvproxy | String | Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud. The expected form is http://[user:password@]ip:port, e.g.: http://arista:arista@10.83.12.78:3128 . Available as of TerminAttr v1.13.0 |
|||
cvsourceip | String | Set source IP address in case of in-band managament |
|||
cvsourceintf | String | Set source interface in case of in-band managament. Available as of TerminAttr v1.23.0 |
|||
cvvrf | String | The VRF to use to connect to CloudVision |
|||
cvauth | Dictionary | Authentication scheme used to connect to CloudVision |
|||
method | String | Valid Values: - token - token-secure - key - certs |
|||
key | String | ||||
token_file | String | Token file path e.g. “/tmp/token” |
|||
cert_file | String | Client certificate file path e.g. “/persist/secure/ssl/terminattr/primary/certs/client.crt” |
|||
ca_file | String | CA certificate file path (on-prem only) e.g. “/persist/secure/ssl/terminattr/primary/certs/ca.crt” |
|||
key_file | String | Client certificate key file path e.g. “/persist/secure/ssl/terminattr/primary/keys/client.key” |
|||
cvobscurekeyfile | Boolean | Encrypt the private key used for authentication to CloudVision |
|||
cvproxy | String | Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud. The expected form is http://[user:password@]ip:port, e.g.: http://arista:arista@10.83.12.78:3128 . Available as of TerminAttr v1.13.0 |
|||
cvsourceip | String | Set source IP address in case of in-band managament |
|||
cvsourceintf | String | Set source interface in case of in-band managament |
|||
cvvrf | String | The VRF to use to connect to CloudVision |
|||
cvgnmi | Boolean | Stream states from EOS gNMI servers (Openconfig) to CloudVision. Available as of TerminAttr v1.13.1 |
|||
disable_aaa | Boolean | Disable AAA authorization and accounting. When setting this flag, all commands pushed from CloudVision are applied directly to the CLI without authorization |
|||
grpcaddr | String | Set the gRPC server address, the default is 127.0.0.1:6042 e.g. “MGMT/0.0.0.0:6042” |
|||
grpcreadonly | Boolean | gNMI read-only mode - Disable gnmi.Set() |
|||
ingestexclude | String | Exclude paths from Sysdb on the ingest side. e.g. “/Sysdb/cell/1/agent,/Sysdb/cell/2/agent” |
|||
smashexcludes | String | Exclude paths from the shared memory table. e.g. “ale,flexCounter,hardware,kni,pulse,strata” |
|||
taillogs | String | Enable log file collection; /var/log/messages is streamed by default if no path is set. e.g. “/var/log/messages” |
|||
ecodhcpaddr | String | ECO DHCP Collector address or ECO DHCP Fingerprint listening address in standalone mode (default “127.0.0.1:67”) |
|||
ipfix | Boolean | Enable IPFIX provider (TerminAttr default is true). This flag is enabled by default and does not have to be added to the daemon configuration. |
|||
ipfixaddr | String | ECO IPFIX Collector address to listen on to receive IPFIX packets (TerminAttr default “127.0.0.1:4739”). |
|||
sflow | Boolean | Enable sFlow provider (TerminAttr default is true). |
|||
sflowaddr | String | ECO sFlow Collector address to listen on to receive sFlow packets (TerminAttr default “127.0.0.1:6343”). |
|||
cvconfig | Boolean | Subscribe to dynamic device configuration from CloudVision (TerminAttr default is false). |
|||
cvcompression deprecated | String | The default compression scheme when streaming to CloudVision is gzip since TerminAttr 1.6.1 and CVP 2019.1.0. There is no need to change the compression scheme.This key is deprecated. Support will be removed in AVD version v5.0.0. |
# You can either provide a list of IPs/FQDNs to target on-premise Cloudvision cluster or use DNS name for your Cloudvision as a Service instance.
# Streaming to multiple clusters both on-prem and cloud service is supported.
# !!! note
# For TerminAttr version recommendation and EOS compatibility matrix, please refer to the latest TerminAttr Release Notes
# which always contain the latest recommended versions and minimum required versions per EOS release.
daemon_terminattr:
# Streaming address(es) for CloudVision single cluster
# - TCP 9910 is used for CV on-prem
# - TCP 443 is used for CV as a Service
cvaddrs:
# Server address in the format `<ip/fqdn>:<port>`
- <str>
# Multiple CloudVision clusters
clusters:
# Cluster Name
- name: <str; required; unique>
# Streaming address(es) for CloudVision cluster
# - TCP 9910 is used for CV on-prem
# - TCP 443 is used for CV as a Service
cvaddrs:
# Server address in the format `<ip/fqdn>:<port>`
- <str>
# Authentication scheme used to connect to CloudVision
cvauth:
method: <str; "token" | "token-secure" | "key" | "certs">
key: <str>
# Token file path
# e.g. "/tmp/token"
token_file: <str>
# Client certificate file path
# e.g. "/persist/secure/ssl/terminattr/primary/certs/client.crt"
cert_file: <str>
# CA certificate file path (on-prem only)
# e.g. "/persist/secure/ssl/terminattr/primary/certs/ca.crt"
ca_file: <str>
# Client certificate key file path
# e.g. "/persist/secure/ssl/terminattr/primary/keys/client.key"
key_file: <str>
# Encrypt the private key used for authentication to CloudVision
cvobscurekeyfile: <bool>
# Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
# The expected form is http://[user:password@]ip:port, e.g.: `http://arista:arista@10.83.12.78:3128`. Available as of TerminAttr v1.13.0
cvproxy: <str>
# Set source IP address in case of in-band managament
cvsourceip: <str>
# Set source interface in case of in-band managament. Available as of TerminAttr v1.23.0
cvsourceintf: <str>
# The VRF to use to connect to CloudVision
cvvrf: <str>
# Authentication scheme used to connect to CloudVision
cvauth:
method: <str; "token" | "token-secure" | "key" | "certs">
key: <str>
# Token file path
# e.g. "/tmp/token"
token_file: <str>
# Client certificate file path
# e.g. "/persist/secure/ssl/terminattr/primary/certs/client.crt"
cert_file: <str>
# CA certificate file path (on-prem only)
# e.g. "/persist/secure/ssl/terminattr/primary/certs/ca.crt"
ca_file: <str>
# Client certificate key file path
# e.g. "/persist/secure/ssl/terminattr/primary/keys/client.key"
key_file: <str>
# Encrypt the private key used for authentication to CloudVision
cvobscurekeyfile: <bool>
# Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
# The expected form is http://[user:password@]ip:port, e.g.: `http://arista:arista@10.83.12.78:3128`. Available as of TerminAttr v1.13.0
cvproxy: <str>
# Set source IP address in case of in-band managament
cvsourceip: <str>
# Set source interface in case of in-band managament
cvsourceintf: <str>
# The VRF to use to connect to CloudVision
cvvrf: <str>
# Stream states from EOS gNMI servers (Openconfig) to CloudVision. Available as of TerminAttr v1.13.1
cvgnmi: <bool>
# Disable AAA authorization and accounting.
# When setting this flag, all commands pushed from CloudVision are applied directly to the CLI without authorization
disable_aaa: <bool>
# Set the gRPC server address, the default is 127.0.0.1:6042
# e.g. "MGMT/0.0.0.0:6042"
grpcaddr: <str>
# gNMI read-only mode - Disable gnmi.Set()
grpcreadonly: <bool>
# Exclude paths from Sysdb on the ingest side.
# e.g. "/Sysdb/cell/1/agent,/Sysdb/cell/2/agent"
ingestexclude: <str>
# Exclude paths from the shared memory table.
# e.g. "ale,flexCounter,hardware,kni,pulse,strata"
smashexcludes: <str>
# Enable log file collection; /var/log/messages is streamed by default if no path is set.
# e.g. "/var/log/messages"
taillogs: <str>
# ECO DHCP Collector address or ECO DHCP Fingerprint listening address in standalone mode (default "127.0.0.1:67")
ecodhcpaddr: <str>
# Enable IPFIX provider (TerminAttr default is true).
# This flag is enabled by default and does not have to be added to the daemon configuration.
ipfix: <bool>
# ECO IPFIX Collector address to listen on to receive IPFIX packets (TerminAttr default "127.0.0.1:4739").
ipfixaddr: <str>
# Enable sFlow provider (TerminAttr default is true).
sflow: <bool>
# ECO sFlow Collector address to listen on to receive sFlow packets (TerminAttr default "127.0.0.1:6343").
sflowaddr: <str>
# Subscribe to dynamic device configuration from CloudVision (TerminAttr default is false).
cvconfig: <bool>
# The default compression scheme when streaming to CloudVision is gzip since TerminAttr 1.6.1 and CVP 2019.1.0.
# There is no need to change the compression scheme.
# This key is deprecated.
# Support will be removed in AVD version v5.0.0.
cvcompression: <str>
Event handlers¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
event_handlers | List, items: Dictionary | Gives the ability to monitor and react to Syslog messages. Event Handlers provide a powerful and flexible tool that can be used to apply self-healing actions, customize the system behavior, and implement workarounds to problems discovered in the field. |
|||
- name | String | Required, Unique | Event Handler Name | ||
action_type | String | Valid Values: - bash - increment - log |
|||
action | String | Command to execute |
|||
delay | Integer | Event-handler delay in seconds |
|||
trigger | String | Valid Values: - on-boot - on-logging - on-startup-config |
Configure event trigger condition. |
||
regex | String | Regular expression to use for searching log messages. Required for on-logging trigger |
|||
asynchronous | Boolean | False |
Set the action to be non-blocking. |
# Gives the ability to monitor and react to Syslog messages.
# Event Handlers provide a powerful and flexible tool that can be used to apply self-healing actions,
# customize the system behavior, and implement workarounds to problems discovered in the field.
event_handlers:
# Event Handler Name
- name: <str; required; unique>
action_type: <str; "bash" | "increment" | "log">
# Command to execute
action: <str>
# Event-handler delay in seconds
delay: <int>
# Configure event trigger condition.
trigger: <str; "on-boot" | "on-logging" | "on-startup-config">
# Regular expression to use for searching log messages. Required for on-logging trigger
regex: <str>
# Set the action to be non-blocking.
asynchronous: <bool; default=False>
Event monitor¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
event_monitor | Dictionary | ||||
enabled | Boolean |
Flow tracking¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
flow_tracking | Dictionary | ||||
sampled | Dictionary | ||||
sample | Integer | Min: 1 Max: 4294967295 |
|||
hardware_offload | Dictionary | ||||
ipv4 | Boolean | Configure hardware offload for IPv4 traffic. | |||
ipv6 | Boolean | Configure hardware offload for IPv6 traffic. | |||
threshold_minimum | Integer | Min: 1 Max: 4294967295 |
Minimum number of samples. | ||
trackers | List, items: Dictionary | ||||
- table_size | Integer | Min: 1 Max: 614400 |
Maximum number of entries in flow table. |
||
record_export | Dictionary | ||||
mpls | Boolean | Export MPLS forwarding information | |||
on_inactive_timeout | Integer | Min: 3000 Max: 900000 |
Flow record inactive export timeout in milliseconds | ||
on_interval | Integer | Min: 1000 Max: 36000000 |
Flow record export interval in milliseconds | ||
name | String | Required, Unique | Tracker Name | ||
exporters | List, items: Dictionary | ||||
- name | String | Required, Unique | Exporter Name | ||
collector | Dictionary | ||||
host | String | Collector IPv4 address or IPv6 address or fully qualified domain name | |||
port | Integer | Min: 1 Max: 65535 |
Collector Port Number | ||
format | Dictionary | ||||
ipfix_version | Integer | ||||
local_interface | String | Local Source Interface | |||
template_interval | Integer | Min: 5000 Max: 3600000 |
Template interval in milliseconds | ||
shutdown | Boolean | False |
|||
hardware | Dictionary | ||||
trackers | List, items: Dictionary | ||||
- name | String | Required, Unique | Tracker Name | ||
record_export | Dictionary | ||||
on_inactive_timeout | Integer | Min: 3000 Max: 900000 |
Flow record inactive export timeout in milliseconds | ||
on_interval | Integer | Min: 1000 Max: 36000000 |
Flow record export interval in milliseconds | ||
exporters | List, items: Dictionary | ||||
- name | String | Required, Unique | Exporter Name | ||
collector | Dictionary | ||||
host | String | Collector IPv4 address or IPv6 address or fully qualified domain name | |||
port | Integer | Min: 1 Max: 65535 |
Collector Port Number | ||
format | Dictionary | ||||
ipfix_version | Integer | ||||
local_interface | String | Local Source Interface | |||
template_interval | Integer | Min: 5000 Max: 3600000 |
Template interval in milliseconds | ||
shutdown | Boolean | False |
|||
flow_trackings deprecated | List, items: Dictionary | This key is deprecated. Support will be removed in AVD version v5.0.0. Use flow_tracking instead. | |||
- type | String | Required, Unique | Valid Values: - sampled |
Flow Tracking Type - only ‘sampled’ supported for now | |
sample | Integer | Min: 1 Max: 4294967295 |
|||
trackers | List, items: Dictionary | ||||
- name | String | Required, Unique | Tracker Name | ||
record_export | Dictionary | ||||
on_inactive_timeout | Integer | Min: 3000 Max: 900000 |
Flow record inactive export timeout in milliseconds | ||
on_interval | Integer | Min: 1000 Max: 36000000 |
Flow record export interval in milliseconds | ||
mpls | Boolean | Export MPLS forwarding information | |||
exporters | List, items: Dictionary | ||||
- name | String | Required, Unique | Exporter Name | ||
collector | Dictionary | ||||
host | String | Collector IPv4 address or IPv6 address or fully qualified domain name | |||
port | Integer | Min: 1 Max: 65535 |
Collector Port Number | ||
format | Dictionary | ||||
ipfix_version | Integer | ||||
local_interface | String | Local Source Interface | |||
template_interval | Integer | Min: 5000 Max: 3600000 |
Template interval in milliseconds | ||
table_size | Integer | Min: 1 Max: 614400 |
Maximum number of entries in flow table. |
||
shutdown | Boolean | False |
flow_tracking:
sampled:
sample: <int; 1-4294967295>
hardware_offload:
# Configure hardware offload for IPv4 traffic.
ipv4: <bool>
# Configure hardware offload for IPv6 traffic.
ipv6: <bool>
# Minimum number of samples.
threshold_minimum: <int; 1-4294967295>
trackers:
# Maximum number of entries in flow table.
- table_size: <int; 1-614400>
record_export:
# Export MPLS forwarding information
mpls: <bool>
# Flow record inactive export timeout in milliseconds
on_inactive_timeout: <int; 3000-900000>
# Flow record export interval in milliseconds
on_interval: <int; 1000-36000000>
# Tracker Name
name: <str; required; unique>
exporters:
# Exporter Name
- name: <str; required; unique>
collector:
# Collector IPv4 address or IPv6 address or fully qualified domain name
host: <str>
# Collector Port Number
port: <int; 1-65535>
format:
ipfix_version: <int>
# Local Source Interface
local_interface: <str>
# Template interval in milliseconds
template_interval: <int; 5000-3600000>
shutdown: <bool; default=False>
hardware:
trackers:
# Tracker Name
- name: <str; required; unique>
record_export:
# Flow record inactive export timeout in milliseconds
on_inactive_timeout: <int; 3000-900000>
# Flow record export interval in milliseconds
on_interval: <int; 1000-36000000>
exporters:
# Exporter Name
- name: <str; required; unique>
collector:
# Collector IPv4 address or IPv6 address or fully qualified domain name
host: <str>
# Collector Port Number
port: <int; 1-65535>
format:
ipfix_version: <int>
# Local Source Interface
local_interface: <str>
# Template interval in milliseconds
template_interval: <int; 5000-3600000>
shutdown: <bool; default=False>
# This key is deprecated.
# Support will be removed in AVD version v5.0.0.
# Use <samp>flow_tracking</samp> instead.
flow_trackings:
# Flow Tracking Type - only 'sampled' supported for now
- type: <str; "sampled"; required; unique>
sample: <int; 1-4294967295>
trackers:
# Tracker Name
- name: <str; required; unique>
record_export:
# Flow record inactive export timeout in milliseconds
on_inactive_timeout: <int; 3000-900000>
# Flow record export interval in milliseconds
on_interval: <int; 1000-36000000>
# Export MPLS forwarding information
mpls: <bool>
exporters:
# Exporter Name
- name: <str; required; unique>
collector:
# Collector IPv4 address or IPv6 address or fully qualified domain name
host: <str>
# Collector Port Number
port: <int; 1-65535>
format:
ipfix_version: <int>
# Local Source Interface
local_interface: <str>
# Template interval in milliseconds
template_interval: <int; 5000-3600000>
# Maximum number of entries in flow table.
table_size: <int; 1-614400>
shutdown: <bool; default=False>
Load interval¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
load_interval | Dictionary | ||||
default | Integer | Default load interval in seconds |
Logging¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
logging | Dictionary | ||||
console | String | Valid Values: - debugging - informational - notifications - warnings - errors - critical - alerts - emergencies - disabled |
Console logging severity level |
||
monitor | String | Valid Values: - debugging - informational - notifications - warnings - errors - critical - alerts - emergencies - disabled |
Monitor logging severity level |
||
buffered | Dictionary | ||||
size | Integer | Min: 10 Max: 2147483647 |
|||
level | String | Valid Values: - alerts - critical - debugging - emergencies - errors - informational - notifications - warnings - disabled |
Buffer logging severity level |
||
trap | String | Valid Values: - alerts - critical - debugging - emergencies - errors - informational - notifications - system - warnings - disabled |
Trap logging severity level |
||
synchronous | Dictionary | ||||
level | String | critical |
Valid Values: - alerts - all - critical - debugging - emergencies - errors - informational - notifications - warnings - disabled |
Synchronous logging severity level |
|
format | Dictionary | ||||
timestamp | String | Valid Values: - high-resolution - traditional - traditional timezone - traditional year - traditional timezone year - traditional year timezone |
Timestamp format | ||
hostname | String | Valid Values: - fqdn - ipv4 |
Hostname format in syslogs. For hostname only, remove the line. (default EOS CLI behaviour). | ||
sequence_numbers | Boolean | Add sequence numbers to log messages |
|||
rfc5424 | Boolean | Forward logs in RFC5424 format |
|||
facility | String | Valid Values: - auth - cron - daemon - kern - local0 - local1 - local2 - local3 - local4 - local5 - local6 - local7 - lpr - mail - news - sys9 - sys10 - sys11 - sys12 - sys13 - sys14 - syslog - user - uucp |
|||
source_interface | String | Source Interface Name | |||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF name | ||
source_interface | String | Source interface name | |||
hosts | List, items: Dictionary | ||||
- name | String | Required, Unique | Syslog server name | ||
protocol | String | udp |
Valid Values: - tcp - udp |
||
ports | List, items: Integer | ||||
- <int> | Integer | ||||
policy | Dictionary | ||||
match | Dictionary | ||||
match_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Match list | ||
action | String | Valid Values: - discard |
|||
event | Dictionary | ||||
storm_control | Dictionary | ||||
discards | Dictionary | ||||
global | Boolean | ||||
interval | Integer | Min: 10 Max: 65535 |
Logging interval in seconds |
logging:
# Console logging severity level
console: <str; "debugging" | "informational" | "notifications" | "warnings" | "errors" | "critical" | "alerts" | "emergencies" | "disabled">
# Monitor logging severity level
monitor: <str; "debugging" | "informational" | "notifications" | "warnings" | "errors" | "critical" | "alerts" | "emergencies" | "disabled">
buffered:
size: <int; 10-2147483647>
# Buffer logging severity level
level: <str; "alerts" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "warnings" | "disabled">
# Trap logging severity level
trap: <str; "alerts" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "system" | "warnings" | "disabled">
synchronous:
# Synchronous logging severity level
level: <str; "alerts" | "all" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "warnings" | "disabled"; default="critical">
format:
# Timestamp format
timestamp: <str; "high-resolution" | "traditional" | "traditional timezone" | "traditional year" | "traditional timezone year" | "traditional year timezone">
# Hostname format in syslogs. For hostname _only_, remove the line. (default EOS CLI behaviour).
hostname: <str; "fqdn" | "ipv4">
# Add sequence numbers to log messages
sequence_numbers: <bool>
# Forward logs in RFC5424 format
rfc5424: <bool>
facility: <str; "auth" | "cron" | "daemon" | "kern" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7" | "lpr" | "mail" | "news" | "sys9" | "sys10" | "sys11" | "sys12" | "sys13" | "sys14" | "syslog" | "user" | "uucp">
# Source Interface Name
source_interface: <str>
vrfs:
# VRF name
- name: <str; required; unique>
# Source interface name
source_interface: <str>
hosts:
# Syslog server name
- name: <str; required; unique>
protocol: <str; "tcp" | "udp"; default="udp">
ports:
- <int>
policy:
match:
match_lists:
# Match list
- name: <str; required; unique>
action: <str; "discard">
event:
storm_control:
discards:
global: <bool>
# Logging interval in seconds
interval: <int; 10-65535>
Management API gNMI¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_api_gnmi | Dictionary | ||||
provider | String | eos-native |
|||
transport | Dictionary | ||||
grpc | List, items: Dictionary | ||||
- name | String | Transport name | |||
ssl_profile | String | SSL profile name | |||
vrf | String | VRF name is optional | |||
notification_timestamp | String | Valid Values: - send-time - last-change-time |
Per the gNMI specification, the default timestamp field of a notification message is set to be the time at which the value of the underlying data source changes or when the reported event takes place. In order to facilitate integration in legacy environments oriented around polling style operations, an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F. |
||
ip_access_group | String | ACL name | |||
port | Integer | GNMI port. Make sure to update the control-plane ACL accordingly in order for the service to be reachable by external applications. |
|||
grpc_tunnels | List, items: Dictionary | ||||
- name | String | Required, Unique | Transport name | ||
shutdown | Boolean | Operational status of the gRPC tunnel | |||
tunnel_ssl_profile | String | Tunnel SSL profile name | |||
gnmi_ssl_profile | String | gNMI SSL profile name | |||
vrf | String | VRF name | |||
destination | Dictionary | ||||
address | String | Required | IP address or hostname | ||
port | Integer | Required | Min: 1 Max: 65535 |
TCP Port | |
local_interface | Dictionary | ||||
name | String | Required | Interface name | ||
port | Integer | Required | Min: 1 Max: 65535 |
TCP Port | |
target | Dictionary | ||||
use_serial_number | Boolean | Use serial number as the Target ID | |||
target_ids | List, items: String | Target IDs as a list. |
|||
- <str> | String | ||||
enable_vrfs deprecated | List, items: Dictionary | These should not be mixed with the new keys above. This key is deprecated. Support will be removed in AVD version 5.0.0. Use transport.grpc instead. |
|||
- name | String | Required, Unique | VRF name | ||
access_group | String | Standard IPv4 ACL name | |||
octa deprecated | Dictionary | These should not be mixed with the new keys above. Octa activates eos-native provider and it is the only provider currently supported by EOS.This key is deprecated. Support will be removed in AVD version 5.0.0. Use provider instead. |
management_api_gnmi:
provider: <str; default="eos-native">
transport:
grpc:
# Transport name
- name: <str>
# SSL profile name
ssl_profile: <str>
# VRF name is optional
vrf: <str>
# Per the gNMI specification, the default timestamp field of a notification message is set to be
# the time at which the value of the underlying data source changes or when the reported event takes place.
# In order to facilitate integration in legacy environments oriented around polling style operations,
# an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F.
notification_timestamp: <str; "send-time" | "last-change-time">
# ACL name
ip_access_group: <str>
# GNMI port.
# Make sure to update the control-plane ACL accordingly in order for the service to be reachable by external applications.
port: <int>
grpc_tunnels:
# Transport name
- name: <str; required; unique>
# Operational status of the gRPC tunnel
shutdown: <bool>
# Tunnel SSL profile name
tunnel_ssl_profile: <str>
# gNMI SSL profile name
gnmi_ssl_profile: <str>
# VRF name
vrf: <str>
destination:
# IP address or hostname
address: <str; required>
# TCP Port
port: <int; 1-65535; required>
local_interface:
# Interface name
name: <str; required>
# TCP Port
port: <int; 1-65535; required>
target:
# Use serial number as the Target ID
use_serial_number: <bool>
# Target IDs as a list.
target_ids:
- <str>
# These should not be mixed with the new keys above.
# This key is deprecated.
# Support will be removed in AVD version 5.0.0.
# Use <samp>transport.grpc</samp> instead.
enable_vrfs:
# VRF name
- name: <str; required; unique>
# Standard IPv4 ACL name
access_group: <str>
# These should not be mixed with the new keys above.
# Octa activates `eos-native` provider and it is the only provider currently supported by EOS.
# This key is deprecated.
# Support will be removed in AVD version 5.0.0.
# Use <samp>provider</samp> instead.
octa: <dict>
Monitor connectivity¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
monitor_connectivity | Dictionary | ||||
shutdown | Boolean | ||||
interval | Integer | ||||
interface_sets | List, items: Dictionary | ||||
- name | String | ||||
interfaces | String | Interface range(s) should be of same type, Ethernet, Loopback, Management etc. Multiple interface ranges can be specified separated by “,” |
|||
local_interfaces | String | ||||
hosts | List, items: Dictionary | ||||
- name | String | Host Name | |||
description | String | ||||
ip | String | ||||
local_interfaces | String | ||||
url | String | ||||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF Name | ||
description | String | ||||
interface_sets | List, items: Dictionary | ||||
- name | String | ||||
interfaces | String | ||||
local_interfaces | String | ||||
hosts | List, items: Dictionary | ||||
- name | String | Host name | |||
description | String | ||||
ip | String | ||||
local_interfaces | String | ||||
url | String |
monitor_connectivity:
shutdown: <bool>
interval: <int>
interface_sets:
- name: <str>
# Interface range(s) should be of same type, Ethernet, Loopback, Management etc.
# Multiple interface ranges can be specified separated by ","
interfaces: <str>
local_interfaces: <str>
hosts:
# Host Name
- name: <str>
description: <str>
ip: <str>
local_interfaces: <str>
url: <str>
vrfs:
# VRF Name
- name: <str; required; unique>
description: <str>
interface_sets:
- name: <str>
interfaces: <str>
local_interfaces: <str>
hosts:
# Host name
- name: <str>
description: <str>
ip: <str>
local_interfaces: <str>
url: <str>
Monitor sessions¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
monitor_sessions | List, items: Dictionary | ||||
- name | String | Required | Session Name | ||
sources | List, items: Dictionary | ||||
- name | String | Interface name, range or comma separated list | |||
direction | String | Valid Values: - rx - tx - both |
|||
access_group | Dictionary | ||||
type | String | Valid Values: - ip - ipv6 - mac |
|||
name | String | ACL Name | |||
priority | Integer | ||||
destinations | List, items: String | ||||
- <str> | String | ‘cpu’ or interface name, range or comma separated list | |||
encapsulation_gre_metadata_tx | Boolean | ||||
header_remove_size | Integer | Number of bytes to remove from header | |||
access_group | Dictionary | ||||
type | String | Valid Values: - ip - ipv6 - mac |
|||
name | String | ACL Name | |||
rate_limit_per_ingress_chip | String | Ratelimit and unit as string. Examples: “100000 bps” “100 kbps” “10 mbps” |
|||
rate_limit_per_egress_chip | String | Ratelimit and unit as string. Examples: “100000 bps” “100 kbps” “10 mbps” |
|||
sample | Integer | ||||
truncate | Dictionary | ||||
enabled | Boolean | ||||
size | Integer | Size in bytes |
monitor_sessions:
# Session Name
- name: <str; required>
sources:
# Interface name, range or comma separated list
- name: <str>
direction: <str; "rx" | "tx" | "both">
access_group:
type: <str; "ip" | "ipv6" | "mac">
# ACL Name
name: <str>
priority: <int>
destinations:
# 'cpu' or interface name, range or comma separated list
- <str>
encapsulation_gre_metadata_tx: <bool>
# Number of bytes to remove from header
header_remove_size: <int>
access_group:
type: <str; "ip" | "ipv6" | "mac">
# ACL Name
name: <str>
# Ratelimit and unit as string.
# Examples:
# "100000 bps"
# "100 kbps"
# "10 mbps"
rate_limit_per_ingress_chip: <str>
# Ratelimit and unit as string.
# Examples:
# "100000 bps"
# "100 kbps"
# "10 mbps"
rate_limit_per_egress_chip: <str>
sample: <int>
truncate:
enabled: <bool>
# Size in bytes
size: <int>
SFLOW¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
sflow | Dictionary | ||||
sample | Integer | ||||
dangerous | Boolean | ||||
polling_interval | Integer | Polling interval in seconds | |||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
destinations | List, items: Dictionary | ||||
- destination | String | Required, Unique | Sflow Destination IP Address | ||
port | Integer | Port Number | |||
source | String | Source IP Address. “source” and “source_interface” are mutually exclusive. If both are defined, “source_interface” takes precedence. |
|||
source_interface | String | Source Interface | |||
destinations | List, items: Dictionary | ||||
- destination | String | Required, Unique | Sflow Destination IP Address | ||
port | Integer | Port Number | |||
source | String | Source IP Address. “source” and “source_interface” are mutually exclusive. If both are defined, “source_interface” takes precedence. |
|||
source_interface | String | Source Interface | |||
extensions | List, items: Dictionary | ||||
- name | String | Required, Unique | Extension Name | ||
enabled | Boolean | Required | Enable or Disable Extension | ||
interface | Dictionary | ||||
disable | Dictionary | ||||
default | Boolean | ||||
egress | Dictionary | ||||
enable_default | Boolean | Enable egress sFlow by default. |
|||
unmodified | Boolean | Enable egress sFlow unmodified. Platform dependent feature. |
|||
run | Boolean | ||||
hardware_acceleration | Dictionary | ||||
enabled | Boolean | ||||
sample | Integer | ||||
modules | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
enabled | Boolean | True |
sflow:
sample: <int>
dangerous: <bool>
# Polling interval in seconds
polling_interval: <int>
vrfs:
- name: <str; required; unique>
destinations:
# Sflow Destination IP Address
- destination: <str; required; unique>
# Port Number
port: <int>
# Source IP Address.
# "source" and "source_interface" are mutually exclusive. If both are defined, "source_interface" takes precedence.
source: <str>
# Source Interface
source_interface: <str>
destinations:
# Sflow Destination IP Address
- destination: <str; required; unique>
# Port Number
port: <int>
# Source IP Address.
# "source" and "source_interface" are mutually exclusive. If both are defined, "source_interface" takes precedence.
source: <str>
# Source Interface
source_interface: <str>
extensions:
# Extension Name
- name: <str; required; unique>
# Enable or Disable Extension
enabled: <bool; required>
interface:
disable:
default: <bool>
egress:
# Enable egress sFlow by default.
enable_default: <bool>
# Enable egress sFlow unmodified.
# Platform dependent feature.
unmodified: <bool>
run: <bool>
hardware_acceleration:
enabled: <bool>
sample: <int>
modules:
- name: <str; required; unique>
enabled: <bool; default=True>
SNMP server¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
snmp_server | Dictionary | SNMP settings | |||
engine_ids | Dictionary | ||||
local | String | Engine ID in hexadecimal |
|||
remotes | List, items: Dictionary | ||||
- id | String | Remote engine ID in hexadecimal |
|||
address | String | Hostname or IP of remote engine |
|||
udp_port | Integer | ||||
contact | String | SNMP contact | |||
location | String | SNMP location | |||
communities | List, items: Dictionary | ||||
- name | String | Required, Unique | Community name | ||
access | String | Valid Values: - ro - rw |
|||
access_list_ipv4 | Dictionary | ||||
name | String | IPv4 access list name | |||
access_list_ipv6 | Dictionary | ||||
name | String | IPv6 access list name | |||
view | String | ||||
ipv4_acls | List, items: Dictionary | ||||
- name | String | IPv4 access list name | |||
vrf | String | ||||
ipv6_acls | List, items: Dictionary | ||||
- name | String | IPv6 access list name | |||
vrf | String | ||||
local_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | Interface name | ||
vrf | String | ||||
views | List, items: Dictionary | ||||
- name | String | SNMP view name | |||
mib_family_name | String | ||||
included | Boolean | ||||
MIB_family_name deprecated | String | This key is deprecated. Support will be removed in AVD version 5.0.0. Use mib_family_name instead. | |||
groups | List, items: Dictionary | ||||
- name | String | Group name | |||
version | String | Valid Values: - v1 - v2c - v3 |
|||
authentication | String | Valid Values: - auth - noauth - priv |
|||
read | String | Read view | |||
write | String | Write view | |||
notify | String | Notify view | |||
users | List, items: Dictionary | ||||
- name | String | Username | |||
group | String | Group name | |||
remote_address | String | Hostname or ip of remote engine The remote_address and udp_port are used for remote users |
|||
udp_port | Integer | udp_port will not be used if no remote_address is configured |
|||
version | String | Valid Values: - v1 - v2c - v3 |
|||
localized | String | Engine ID in hexadecimal for localizing auth and/or priv |
|||
auth | String | Hash algorithm |
|||
auth_passphrase | String | Hashed authentication passphrase if localized is used else cleartext authentication passphrase |
|||
priv | String | Encryption algorithm |
|||
priv_passphrase | String | Hashed privacy passphrase if localized is used else cleartext privacy passphrase |
|||
hosts | List, items: Dictionary | ||||
- host | String | Host IP address or name | |||
vrf | String | ||||
version | String | Valid Values: - 1 - 2c - 3 |
|||
community | String | Community name | |||
users | List, items: Dictionary | ||||
- username | String | ||||
authentication_level | String | Valid Values: - auth - noauth - priv |
|||
traps | Dictionary | ||||
enable | Boolean | False |
Enable or disable all snmp-traps |
||
snmp_traps | List, items: Dictionary | ||||
- name | String | Enable or disable specific snmp-traps and their sub_traps Examples: - “bgp” - “bgp established” |
|||
enabled | Boolean | True |
|||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF name | ||
enable | Boolean |
# SNMP settings
snmp_server:
engine_ids:
# Engine ID in hexadecimal
local: <str>
remotes:
# Remote engine ID in hexadecimal
- id: <str>
# Hostname or IP of remote engine
address: <str>
udp_port: <int>
# SNMP contact
contact: <str>
# SNMP location
location: <str>
communities:
# Community name
- name: <str; required; unique>
access: <str; "ro" | "rw">
access_list_ipv4:
# IPv4 access list name
name: <str>
access_list_ipv6:
# IPv6 access list name
name: <str>
view: <str>
ipv4_acls:
# IPv4 access list name
- name: <str>
vrf: <str>
ipv6_acls:
# IPv6 access list name
- name: <str>
vrf: <str>
local_interfaces:
# Interface name
- name: <str; required; unique>
vrf: <str>
views:
# SNMP view name
- name: <str>
mib_family_name: <str>
included: <bool>
# This key is deprecated.
# Support will be removed in AVD version 5.0.0.
# Use <samp>mib_family_name</samp> instead.
MIB_family_name: <str>
groups:
# Group name
- name: <str>
version: <str; "v1" | "v2c" | "v3">
authentication: <str; "auth" | "noauth" | "priv">
# Read view
read: <str>
# Write view
write: <str>
# Notify view
notify: <str>
users:
# Username
- name: <str>
# Group name
group: <str>
# Hostname or ip of remote engine
# The remote_address and udp_port are used for remote users
remote_address: <str>
# udp_port will not be used if no remote_address is configured
udp_port: <int>
version: <str; "v1" | "v2c" | "v3">
# Engine ID in hexadecimal for localizing auth and/or priv
localized: <str>
# Hash algorithm
auth: <str>
# Hashed authentication passphrase if localized is used else cleartext authentication passphrase
auth_passphrase: <str>
# Encryption algorithm
priv: <str>
# Hashed privacy passphrase if localized is used else cleartext privacy passphrase
priv_passphrase: <str>
hosts:
# Host IP address or name
- host: <str>
vrf: <str>
version: <str; "1" | "2c" | "3">
# Community name
community: <str>
users:
- username: <str>
authentication_level: <str; "auth" | "noauth" | "priv">
traps:
# Enable or disable all snmp-traps
enable: <bool; default=False>
snmp_traps:
# Enable or disable specific snmp-traps and their sub_traps
# Examples:
# - "bgp"
# - "bgp established"
- name: <str>
enabled: <bool; default=True>
vrfs:
# VRF name
- name: <str; required; unique>
enable: <bool>
Tap aggregation¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
tap_aggregation | Dictionary | ||||
mode | Dictionary | ||||
exclusive | Dictionary | ||||
enabled | Boolean | ||||
profile | String | Profile Name | |||
no_errdisable | List, items: String | ||||
- <str> | String | Interface name e.g Ethernet1, Port-Channel1 | |||
encapsulation_dot1br_strip | Boolean | ||||
encapsulation_vn_tag_strip | Boolean | ||||
protocol_lldp_trap | Boolean | ||||
truncation_size | Integer | Allowed truncation_size values vary depending on the platform |
|||
mac | Dictionary | ||||
timestamp | Dictionary | mac.timestamp.replace_source_mac and mac.timestamp.header.format are mutually exclsuive. If both are defined, replace_source_mac takes precedence |
|||
replace_source_mac | Boolean | ||||
header | Dictionary | ||||
format | String | Valid Values: - 48-bit - 64-bit |
|||
eth_type | Integer | EtherType | |||
fcs_append | Boolean | mac.fcs_append and mac.fcs_error are mutually exclusive. If both are defined, mac.fcs_append takes precedence |
|||
fcs_error | String | Valid Values: - correct - discard - pass-through |
tap_aggregation:
mode:
exclusive:
enabled: <bool>
# Profile Name
profile: <str>
no_errdisable:
# Interface name e.g Ethernet1, Port-Channel1
- <str>
encapsulation_dot1br_strip: <bool>
encapsulation_vn_tag_strip: <bool>
protocol_lldp_trap: <bool>
# Allowed truncation_size values vary depending on the platform
truncation_size: <int>
mac:
# mac.timestamp.replace_source_mac and mac.timestamp.header.format are mutually exclsuive. If both are defined, replace_source_mac takes precedence
timestamp:
replace_source_mac: <bool>
header:
format: <str; "48-bit" | "64-bit">
# EtherType
eth_type: <int>
# mac.fcs_append and mac.fcs_error are mutually exclusive. If both are defined, mac.fcs_append takes precedence
fcs_append: <bool>
fcs_error: <str; "correct" | "discard" | "pass-through">
VM tracer-sessions¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
vmtracer_sessions | List, items: Dictionary | ||||
- name | String | Required, Unique | Vmtracer Session Name | ||
url | String | ||||
username | String | ||||
password | String | Type 7 Password Hash | |||
autovlan_disable | Boolean | ||||
source_interface | String |
Multicast¶
IP IGMP snooping¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_igmp_snooping | Dictionary | ||||
globally_enabled | Boolean | True |
Activate or deactivate IGMP snooping for all vlans where vlans allows user to activate / deactivate IGMP snooping per vlan. |
||
robustness_variable | Integer | ||||
restart_query_interval | Integer | ||||
interface_restart_query | Integer | ||||
fast_leave | Boolean | ||||
querier | Dictionary | ||||
enabled | Boolean | ||||
address | String | IP Address | |||
query_interval | Integer | ||||
max_response_time | Integer | ||||
last_member_query_interval | Integer | ||||
last_member_query_count | Integer | ||||
startup_query_interval | Integer | ||||
startup_query_count | Integer | ||||
version | Integer | ||||
proxy | Boolean | ||||
vlans | List, items: Dictionary | ||||
- id | Integer | Required, Unique | VLAN ID | ||
enabled | Boolean | ||||
querier | Dictionary | ||||
enabled | Boolean | ||||
address | String | IP Address | |||
query_interval | Integer | ||||
max_response_time | Integer | ||||
last_member_query_interval | Integer | ||||
last_member_query_count | Integer | ||||
startup_query_interval | Integer | ||||
startup_query_count | Integer | ||||
version | Integer | ||||
max_groups | Integer | ||||
fast_leave | Boolean | ||||
proxy | Boolean | Global proxy settings should be enabled before enabling per-vlan |
ip_igmp_snooping:
# Activate or deactivate IGMP snooping for all vlans where `vlans` allows user to activate / deactivate IGMP snooping per vlan.
globally_enabled: <bool; default=True>
robustness_variable: <int>
restart_query_interval: <int>
interface_restart_query: <int>
fast_leave: <bool>
querier:
enabled: <bool>
# IP Address
address: <str>
query_interval: <int>
max_response_time: <int>
last_member_query_interval: <int>
last_member_query_count: <int>
startup_query_interval: <int>
startup_query_count: <int>
version: <int>
proxy: <bool>
vlans:
# VLAN ID
- id: <int; required; unique>
enabled: <bool>
querier:
enabled: <bool>
# IP Address
address: <str>
query_interval: <int>
max_response_time: <int>
last_member_query_interval: <int>
last_member_query_count: <int>
startup_query_interval: <int>
startup_query_count: <int>
version: <int>
max_groups: <int>
fast_leave: <bool>
# Global proxy settings should be enabled before enabling per-vlan
proxy: <bool>
Router IGMP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_igmp | Dictionary | ||||
ssm_aware | Boolean |
Router MSDP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_msdp | Dictionary | ||||
originator_id_local_interface | String | Interface to use for originator ID | |||
rejected_limit | Integer | Min: 0 Max: 40000 |
Maximum number of rejected SA messages allowed in cache | ||
forward_register_packets | Boolean | ||||
connection_retry_interval | Integer | Min: 1 Max: 65535 |
|||
group_limits | List, items: Dictionary | ||||
- source_prefix | String | Required, Unique | Source address prefix | ||
limit | Integer | Required | Min: 0 Max: 40000 |
Limit for SAs matching the source address prefix | |
peers | List, items: Dictionary | ||||
- ipv4_address | String | Required, Unique | Peer IP Address | ||
default_peer | Dictionary | ||||
enabled | Boolean | ||||
prefix_list | String | Prefix list to filter source of SA messages | |||
local_interface | String | ||||
description | String | ||||
disabled | Boolean | Disable the MSDP peer | |||
sa_limit | Integer | Min: 0 Max: 40000 |
Maximum number of SA messages allowed in cache | ||
mesh_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Mesh group name | ||
keepalive | Dictionary | ||||
keepalive_timer | Integer | Required | Min: 1 Max: 65535 |
||
hold_timer | Integer | Required | Min: 1 Max: 65535 |
Must be greater than keepalive timer | |
sa_filter | Dictionary | ||||
in_list | String | ACL to filter inbound SA messages | |||
out_list | String | ACL to filter outbound SA messages | |||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF name | ||
originator_id_local_interface | String | Interface to use for originator ID | |||
rejected_limit | Integer | Min: 0 Max: 40000 |
Maximum number of rejected SA messages allowed in cache | ||
forward_register_packets | Boolean | ||||
connection_retry_interval | Integer | Min: 1 Max: 65535 |
|||
group_limits | List, items: Dictionary | ||||
- source_prefix | String | Required, Unique | Source address prefix | ||
limit | Integer | Required | Min: 0 Max: 40000 |
Limit for SAs matching the source address prefix | |
peers | List, items: Dictionary | ||||
- ipv4_address | String | Required, Unique | Peer IP Address | ||
default_peer | Dictionary | ||||
enabled | Boolean | ||||
prefix_list | String | Prefix list to filter source of SA messages | |||
local_interface | String | ||||
description | String | ||||
disabled | Boolean | Disable the MSDP peer | |||
sa_limit | Integer | Min: 0 Max: 40000 |
Maximum number of SA messages allowed in cache | ||
mesh_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Mesh group name | ||
keepalive | Dictionary | ||||
keepalive_timer | Integer | Required | Min: 1 Max: 65535 |
||
hold_timer | Integer | Required | Min: 1 Max: 65535 |
Must be greater than keepalive timer | |
sa_filter | Dictionary | ||||
in_list | String | ACL to filter inbound SA messages | |||
out_list | String | ACL to filter outbound SA messages |
router_msdp:
# Interface to use for originator ID
originator_id_local_interface: <str>
# Maximum number of rejected SA messages allowed in cache
rejected_limit: <int; 0-40000>
forward_register_packets: <bool>
connection_retry_interval: <int; 1-65535>
group_limits:
# Source address prefix
- source_prefix: <str; required; unique>
# Limit for SAs matching the source address prefix
limit: <int; 0-40000; required>
peers:
# Peer IP Address
- ipv4_address: <str; required; unique>
default_peer:
enabled: <bool>
# Prefix list to filter source of SA messages
prefix_list: <str>
local_interface: <str>
description: <str>
# Disable the MSDP peer
disabled: <bool>
# Maximum number of SA messages allowed in cache
sa_limit: <int; 0-40000>
mesh_groups:
# Mesh group name
- name: <str; required; unique>
keepalive:
keepalive_timer: <int; 1-65535; required>
# Must be greater than keepalive timer
hold_timer: <int; 1-65535; required>
sa_filter:
# ACL to filter inbound SA messages
in_list: <str>
# ACL to filter outbound SA messages
out_list: <str>
vrfs:
# VRF name
- name: <str; required; unique>
# Interface to use for originator ID
originator_id_local_interface: <str>
# Maximum number of rejected SA messages allowed in cache
rejected_limit: <int; 0-40000>
forward_register_packets: <bool>
connection_retry_interval: <int; 1-65535>
group_limits:
# Source address prefix
- source_prefix: <str; required; unique>
# Limit for SAs matching the source address prefix
limit: <int; 0-40000; required>
peers:
# Peer IP Address
- ipv4_address: <str; required; unique>
default_peer:
enabled: <bool>
# Prefix list to filter source of SA messages
prefix_list: <str>
local_interface: <str>
description: <str>
# Disable the MSDP peer
disabled: <bool>
# Maximum number of SA messages allowed in cache
sa_limit: <int; 0-40000>
mesh_groups:
# Mesh group name
- name: <str; required; unique>
keepalive:
keepalive_timer: <int; 1-65535; required>
# Must be greater than keepalive timer
hold_timer: <int; 1-65535; required>
sa_filter:
# ACL to filter inbound SA messages
in_list: <str>
# ACL to filter outbound SA messages
out_list: <str>
Router multicast¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_multicast | Dictionary | ||||
ipv4 | Dictionary | ||||
counters | Dictionary | ||||
rate_period_decay | Integer | Min: 0 Max: 600 |
Rate in seconds | ||
routing | Boolean | ||||
multipath | String | Valid Values: - none - deterministic - deterministic color - deterministic router-id |
|||
software_forwarding | String | Valid Values: - kernel - sfe |
|||
rpf | Dictionary | ||||
routes | List, items: Dictionary | ||||
- source_prefix | String | Required | Source address A.B.C.D or Source prefix A.B.C.D/E | ||
destinations | List, items: Dictionary | Required | |||
- nexthop | String | Required | Next-hop IP address or interface name | ||
distance | Integer | Min: 1 Max: 255 |
Administrative distance for this route | ||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
ipv4 | Dictionary | ||||
routing | Boolean |
router_multicast:
ipv4:
counters:
# Rate in seconds
rate_period_decay: <int; 0-600>
routing: <bool>
multipath: <str; "none" | "deterministic" | "deterministic color" | "deterministic router-id">
software_forwarding: <str; "kernel" | "sfe">
rpf:
routes:
# Source address A.B.C.D or Source prefix A.B.C.D/E
- source_prefix: <str; required>
destinations: # required
# Next-hop IP address or interface name
- nexthop: <str; required>
# Administrative distance for this route
distance: <int; 1-255>
vrfs:
- name: <str; required; unique>
ipv4:
routing: <bool>
Router PIM sparse-mode¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_pim_sparse_mode | Dictionary | ||||
ipv4 | Dictionary | ||||
bfd | Boolean | Enable/Disable BFD | |||
ssm_range | String | IPv4 Prefix associated with SSM | |||
rp_addresses | List, items: Dictionary | ||||
- address | String | Required, Unique | RP Address | ||
groups | List, items: String | ||||
- <str> | String | ||||
access_lists | List, items: String | ||||
- <str> | String | ||||
priority | Integer | Min: 0 Max: 255 |
|||
hashmask | Integer | Min: 0 Max: 32 |
|||
override | Boolean | ||||
anycast_rps | List, items: Dictionary | ||||
- address | String | Required, Unique | Anycast RP Address | ||
other_anycast_rp_addresses | List, items: Dictionary | ||||
- address | String | Required, Unique | Other Anycast RP Address | ||
register_count | Integer | ||||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF Name | ||
ipv4 | Dictionary | ||||
bfd | Boolean | Enable/Disable BFD | |||
rp_addresses | List, items: Dictionary | ||||
- address | String | Required | RP Address | ||
groups | List, items: String | ||||
- <str> | String | ||||
access_lists | List, items: String | ||||
- <str> | String | ||||
priority | Integer | Min: 0 Max: 255 |
|||
hashmask | Integer | Min: 0 Max: 32 |
|||
override | Boolean |
router_pim_sparse_mode:
ipv4:
# Enable/Disable BFD
bfd: <bool>
# IPv4 Prefix associated with SSM
ssm_range: <str>
rp_addresses:
# RP Address
- address: <str; required; unique>
groups:
- <str>
access_lists:
- <str>
priority: <int; 0-255>
hashmask: <int; 0-32>
override: <bool>
anycast_rps:
# Anycast RP Address
- address: <str; required; unique>
other_anycast_rp_addresses:
# Other Anycast RP Address
- address: <str; required; unique>
register_count: <int>
vrfs:
# VRF Name
- name: <str; required; unique>
ipv4:
# Enable/Disable BFD
bfd: <bool>
rp_addresses:
# RP Address
- address: <str; required>
groups:
- <str>
access_lists:
- <str>
priority: <int; 0-255>
hashmask: <int; 0-32>
override: <bool>
Quality of Service¶
Priority flow control¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
priority_flow_control | Dictionary | Global Priority Flow Control settings. |
|||
all_off | Boolean | Disable PFC on all interfaces. |
|||
watchdog | Dictionary | ||||
action | String | Valid Values: - drop - no-drop |
Action on stuck queue. |
||
timeout | String | Pattern: ^\d+(.\d{1,2})?$ | Timeout in seconds after which port should be errdisabled or should start dropping on congested priorities. This should be decimal with up to 2 decimal point. Example: 0.01 or 60 |
||
polling_interval | String | Pattern: ^\d+(.\d{1,3})?$ | Time interval in seconds at which the watchdog should poll the queues. This should be decimal with up to 3 decimal point. Example: 0.005 or 60 |
||
recovery_time | String | Pattern: ^\d+(.\d{1,2})?$ | Recovery-time in seconds after which stuck queue should recover and start forwarding again. This should be decimal with up to 2 decimal point. Example: 0.01 or 60 |
||
override_action_drop | Boolean | Override configured action on stuck queue to drop. |
# Global Priority Flow Control settings.
priority_flow_control:
# Disable PFC on all interfaces.
all_off: <bool>
watchdog:
# Action on stuck queue.
action: <str; "drop" | "no-drop">
# Timeout in seconds after which port should be errdisabled or
# should start dropping on congested priorities.
# This should be decimal with up to 2 decimal point.
# Example: 0.01 or 60
timeout: <str>
# Time interval in seconds at which the watchdog should poll the queues.
# This should be decimal with up to 3 decimal point.
# Example: 0.005 or 60
polling_interval: <str>
# Recovery-time in seconds after which stuck queue should
# recover and start forwarding again.
# This should be decimal with up to 2 decimal point.
# Example: 0.01 or 60
recovery_time: <str>
# Override configured action on stuck queue to drop.
override_action_drop: <bool>
QoS¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
qos | Dictionary | ||||
map | Dictionary | ||||
cos | List, items: String | ||||
- <str> | String | Example: “0 1 to traffic-class 1” |
|||
dscp | List, items: String | ||||
- <str> | String | Example: “8 9 10 to traffic-class 1” |
|||
exp | List, items: String | ||||
- <str> | String | Example “0 to traffic-class 0” |
|||
traffic_class | List, items: String | ||||
- <str> | String | Example: “1 to dscp 32” |
|||
rewrite_dscp | Boolean | ||||
random_detect | Dictionary | Global random-detect settings | |||
ecn | Dictionary | Global ECN Configuration | |||
allow_non_ect | Dictionary | ||||
enabled | Boolean | Allow non-ect and set drop-precedence 1 in a policy map simultaneously. Check which command is required for your platform. |
|||
chip_based | Boolean | Allow non-ect chip-based |
qos:
map:
cos:
# Example: "0 1 to traffic-class 1"
- <str>
dscp:
# Example: "8 9 10 to traffic-class 1"
- <str>
exp:
# Example "0 to traffic-class 0"
- <str>
traffic_class:
# Example: "1 to dscp 32"
- <str>
rewrite_dscp: <bool>
# Global random-detect settings
random_detect:
# Global ECN Configuration
ecn:
allow_non_ect:
# Allow non-ect and set drop-precedence 1 in a policy map simultaneously.
# Check which command is required for your platform.
enabled: <bool>
# Allow non-ect chip-based
chip_based: <bool>
QoS profiles¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
qos_profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | Profile-Name | ||
trust | String | Valid Values: - cos - dscp - disabled |
|||
cos | Integer | ||||
dscp | Integer | ||||
shape | Dictionary | ||||
rate | String | Supported options are platform dependent Example: “< rate > kbps”, “1-100 percent”, “< rate > pps” |
|||
service_policy | Dictionary | ||||
type | Dictionary | ||||
qos_input | String | Policy-map name | |||
tx_queues | List, items: Dictionary | ||||
- id | Integer | Required, Unique | TX-Queue ID | ||
bandwidth_percent | Integer | ||||
bandwidth_guaranteed_percent | Integer | ||||
priority | String | Valid Values: - priority strict - no priority |
|||
shape | Dictionary | ||||
rate | String | Supported options are platform dependent Example: “< rate > kbps”, “1-100 percent”, “< rate > pps” |
|||
comment | String | Text comment added to queue | |||
random_detect | Dictionary | ||||
ecn | Dictionary | Explicit Congestion Notification | |||
count | Boolean | Enable counter for random-detect ECNs | |||
threshold | Dictionary | ||||
units | String | Required | Valid Values: - segments - bytes - kbytes - mbytes - milliseconds |
Units to be used for the threshold values. This should be one of segments, byte, kbytes, mbytes. |
|
min | Integer | Required | Min: 1 | Random-detect ECN minimum-threshold | |
max | Integer | Required | Min: 1 | Random-detect ECN maximum-threshold | |
max_probability | Integer | Min: 1 Max: 100 |
Random-detect ECN maximum mark probability | ||
weight | Integer | Min: 0 Max: 15 |
Random-detect ECN weight | ||
drop | Dictionary | Set WRED parameters | |||
threshold | Dictionary | ||||
units | String | Required | Valid Values: - segments - bytes - kbytes - mbytes - microseconds - milliseconds |
Units to be used for the threshold values. | |
drop_precedence | Integer | Min: 0 Max: 2 |
Specify Drop Precendence value | ||
min | Integer | Required | Min: 1 | WRED minimum-threshold | |
max | Integer | Required | Min: 1 | WRED maximum-threshold | |
drop_probability | Integer | Required | Min: 1 Max: 100 |
WRED drop probability. | |
weight | Integer | Min: 0 Max: 15 |
WRED weight | ||
uc_tx_queues | List, items: Dictionary | ||||
- id | Integer | Required, Unique | UC TX queue ID | ||
bandwidth_percent | Integer | ||||
bandwidth_guaranteed_percent | Integer | ||||
priority | String | Valid Values: - priority strict - no priority |
|||
shape | Dictionary | ||||
rate | String | Supported options are platform dependent Example: “< rate > kbps”, “1-100 percent”, “< rate > pps” |
|||
comment | String | Text comment added to queue | |||
random_detect | Dictionary | ||||
ecn | Dictionary | Explicit Congestion Notification | |||
count | Boolean | Enable counter for random-detect ECNs | |||
threshold | Dictionary | ||||
units | String | Required | Valid Values: - segments - bytes - kbytes - mbytes - milliseconds |
Unit to be used for the threshold values | |
min | Integer | Required | Min: 1 | Random-detect ECN minimum-threshold | |
max | Integer | Required | Min: 1 | Random-detect ECN maximum-threshold | |
max_probability | Integer | Min: 1 Max: 100 |
Random-detect ECN maximum mark probability | ||
weight | Integer | Min: 0 Max: 15 |
Random-detect ECN weight | ||
drop | Dictionary | Set WRED parameters | |||
threshold | Dictionary | ||||
units | String | Required | Valid Values: - segments - bytes - kbytes - mbytes - microseconds - milliseconds |
Units to be used for the threshold values. | |
drop_precedence | Integer | Min: 0 Max: 2 |
Specify Drop Precendence value | ||
min | Integer | Required | Min: 1 | WRED minimum-threshold | |
max | Integer | Required | Min: 1 | WRED maximum-threshold | |
drop_probability | Integer | Required | Min: 1 Max: 100 |
WRED drop probability. | |
weight | Integer | Min: 0 Max: 15 |
WRED weight | ||
mc_tx_queues | List, items: Dictionary | ||||
- id | Integer | Required, Unique | MC TX queue ID | ||
bandwidth_percent | Integer | ||||
bandwidth_guaranteed_percent | Integer | ||||
priority | String | Valid Values: - priority strict - no priority |
|||
shape | Dictionary | ||||
rate | String | Supported options are platform dependent Example: “< rate > kbps”, “1-100 percent”, “< rate > pps” |
|||
comment | String | Text comment added to queue. |
|||
priority_flow_control | Dictionary | Priority Flow Control settings |
|||
enabled | Boolean | Enable Priority Flow control. |
|||
watchdog | Dictionary | Watchdog can detect stuck transmit queues. |
|||
enabled | Boolean | Required | Enable the watchdog on stuck transmit queues. |
||
action | String | Valid Values: - drop - notify-only |
Override the default error-disable action to either drop traffic on the stuck queue or notify-only without making any actions on the stuck queue. |
||
timer | Dictionary | Timer thresholds whilst monitoring queues. |
|||
timeout | String | Required | Pattern: ^\d+(.\d{1,2})?$ | Timeout in seconds after which port should be errdisabled or should start dropping on congested priorities. This should be decimal with up to 2 decimal point Example: 0.01 or 60 |
|
polling_interval | String | Required | Pattern: ^auto | \d+(.\d{1,3})?$ | |
recovery_time | String | Required | Pattern: ^\d+(.\d{1,2})?$ | Recovery-time in seconds after which stuck queue should recover and start forwarding again. This should be decimal with up to 2 decimal point. Example: 0.01 or 60 |
|
forced | Boolean | Force recover any stuck queue(s) after the duration, irrespective of whether PFC frames are being received or not. |
|||
priorities | List, items: Dictionary | Set the drop/no_drop on each queue |
|||
- priority | Integer | Required, Unique | Min: 0 Max: 7 |
Priority queue number (COS value) |
|
no_drop | Boolean | Required | Enable Priority Flow Control frames on this queue |
qos_profiles:
# Profile-Name
- name: <str; required; unique>
trust: <str; "cos" | "dscp" | "disabled">
cos: <int>
dscp: <int>
shape:
# Supported options are platform dependent
# Example: "< rate > kbps", "1-100 percent", "< rate > pps"
rate: <str>
service_policy:
type:
# Policy-map name
qos_input: <str>
tx_queues:
# TX-Queue ID
- id: <int; required; unique>
bandwidth_percent: <int>
bandwidth_guaranteed_percent: <int>
priority: <str; "priority strict" | "no priority">
shape:
# Supported options are platform dependent
# Example: "< rate > kbps", "1-100 percent", "< rate > pps"
rate: <str>
# Text comment added to queue
comment: <str>
random_detect:
# Explicit Congestion Notification
ecn:
# Enable counter for random-detect ECNs
count: <bool>
threshold:
# Units to be used for the threshold values.
# This should be one of segments, byte, kbytes, mbytes.
units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>
# Random-detect ECN minimum-threshold
min: <int; >=1; required>
# Random-detect ECN maximum-threshold
max: <int; >=1; required>
# Random-detect ECN maximum mark probability
max_probability: <int; 1-100>
# Random-detect ECN weight
weight: <int; 0-15>
# Set WRED parameters
drop:
threshold:
# Units to be used for the threshold values.
units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "microseconds" | "milliseconds"; required>
# Specify Drop Precendence value
drop_precedence: <int; 0-2>
# WRED minimum-threshold
min: <int; >=1; required>
# WRED maximum-threshold
max: <int; >=1; required>
# WRED drop probability.
drop_probability: <int; 1-100; required>
# WRED weight
weight: <int; 0-15>
uc_tx_queues:
# UC TX queue ID
- id: <int; required; unique>
bandwidth_percent: <int>
bandwidth_guaranteed_percent: <int>
priority: <str; "priority strict" | "no priority">
shape:
# Supported options are platform dependent
# Example: "< rate > kbps", "1-100 percent", "< rate > pps"
rate: <str>
# Text comment added to queue
comment: <str>
random_detect:
# Explicit Congestion Notification
ecn:
# Enable counter for random-detect ECNs
count: <bool>
threshold:
# Unit to be used for the threshold values
units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>
# Random-detect ECN minimum-threshold
min: <int; >=1; required>
# Random-detect ECN maximum-threshold
max: <int; >=1; required>
# Random-detect ECN maximum mark probability
max_probability: <int; 1-100>
# Random-detect ECN weight
weight: <int; 0-15>
# Set WRED parameters
drop:
threshold:
# Units to be used for the threshold values.
units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "microseconds" | "milliseconds"; required>
# Specify Drop Precendence value
drop_precedence: <int; 0-2>
# WRED minimum-threshold
min: <int; >=1; required>
# WRED maximum-threshold
max: <int; >=1; required>
# WRED drop probability.
drop_probability: <int; 1-100; required>
# WRED weight
weight: <int; 0-15>
mc_tx_queues:
# MC TX queue ID
- id: <int; required; unique>
bandwidth_percent: <int>
bandwidth_guaranteed_percent: <int>
priority: <str; "priority strict" | "no priority">
shape:
# Supported options are platform dependent
# Example: "< rate > kbps", "1-100 percent", "< rate > pps"
rate: <str>
# Text comment added to queue.
comment: <str>
# Priority Flow Control settings
priority_flow_control:
# Enable Priority Flow control.
enabled: <bool>
# Watchdog can detect stuck transmit queues.
watchdog:
# Enable the watchdog on stuck transmit queues.
enabled: <bool; required>
# Override the default error-disable action to either drop
# traffic on the stuck queue or notify-only
# without making any actions on the stuck queue.
action: <str; "drop" | "notify-only">
# Timer thresholds whilst monitoring queues.
timer:
# Timeout in seconds after which port should be errdisabled or
# should start dropping on congested priorities.
# This should be decimal with up to 2 decimal point
# Example: 0.01 or 60
timeout: <str; required>
# Time interval in seconds at which the watchdog should poll the queues.
# This should be decimal with up to 3 decimal point or set
# to 'auto' based on recovery_time and timeout values.
# Example: 0.005 or 60
polling_interval: <str; required>
# Recovery-time in seconds after which stuck queue should
# recover and start forwarding again.
# This should be decimal with up to 2 decimal point.
# Example: 0.01 or 60
recovery_time: <str; required>
# Force recover any stuck queue(s) after the duration,
# irrespective of whether PFC frames are being
# received or not.
forced: <bool>
# Set the drop/no_drop on each queue
priorities:
# Priority queue number (COS value)
- priority: <int; 0-7; required; unique>
# Enable Priority Flow Control frames on this queue
no_drop: <bool; required>
Queue monitor-length¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
queue_monitor_length | Dictionary | ||||
enabled | Boolean | Required | |||
default_thresholds | Dictionary | ||||
high | Integer | Required | Default high threshold for Ethernet Interfaces. |
||
low | Integer | Default low threshold for Ethernet Interfaces. Low threshold support is platform dependent. |
|||
log | Integer | Logging interval in seconds | |||
notifying | Boolean | Should only be used for platforms supporting the “queue-monitor length notifying” CLI | |||
cpu | Dictionary | ||||
thresholds | Dictionary | ||||
high | Integer | Required | |||
low | Integer |
queue_monitor_length:
enabled: <bool; required>
default_thresholds:
# Default high threshold for Ethernet Interfaces.
high: <int; required>
# Default low threshold for Ethernet Interfaces.
# Low threshold support is platform dependent.
low: <int>
# Logging interval in seconds
log: <int>
# Should only be used for platforms supporting the "queue-monitor length notifying" CLI
notifying: <bool>
cpu:
thresholds:
high: <int; required>
low: <int>
Queue monitor-streaming¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
queue_monitor_streaming | Dictionary | ||||
enable | Boolean | ||||
ip_access_group | String | Name of IP ACL | |||
ipv6_access_group | String | Name of IPv6 ACL | |||
max_connections | Integer | Min: 1 Max: 100 |
|||
vrf | String |
Routing¶
ARP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
arp | Dictionary | ||||
aging | Dictionary | ||||
timeout_default | Integer | Min: 60 Max: 65535 |
Timeout in seconds | ||
static_entries | List, items: Dictionary | Static ARP entries. | |||
- ipv4_address | String | Required | ARP entry IPv4 address. | ||
vrf | String | ARP entry VRF. | |||
mac_address | String | Required | Pattern: ^[0-9A-Fa-f]{4}.[0-9A-Fa-f]{4}.[0-9A-Fa-f]{4}$ | ARP entry MAC address. |
DHCP relay¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
dhcp_relay | Dictionary | ||||
servers | List, items: String | ||||
- <str> | String | Server IP or Hostname | |||
tunnel_requests_disabled | Boolean | ||||
mlag_peerlink_requests_disabled | Boolean |
IP DHCP relay¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_dhcp_relay | Dictionary | ||||
information_option | Boolean | Insert Option-82 information |
IP DHCP Snooping¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_dhcp_snooping | Dictionary | ||||
enabled | Boolean | ||||
bridging | Boolean | ||||
information_option | Dictionary | ||||
enabled | Boolean | Enable insertion of option-82 in DHCP request packets | |||
circuit_id_type | String | “none” or <0 - 255> | |||
circuit_id_format | String | Valid Values: - %h:%p - %p:%v |
Required if circuit_id_type is set.- “%h:%p” Hostname and interface name - “%p:%v” Interface name and VLAN ID |
||
vlan | String | VLAN range as string. “< vlan_id >, < vlan_id >-< vlan_id >” Example: 15,16,17,18 |
ip_dhcp_snooping:
enabled: <bool>
bridging: <bool>
information_option:
# Enable insertion of option-82 in DHCP request packets
enabled: <bool>
# "none" or <0 - 255>
circuit_id_type: <str>
# Required if `circuit_id_type` is set.
# - "%h:%p" Hostname and interface name
# - "%p:%v" Interface name and VLAN ID
circuit_id_format: <str; "%h:%p" | "%p:%v">
# VLAN range as string.
# "< vlan_id >, < vlan_id >-< vlan_id >"
# Example: 15,16,17,18
vlan: <str>
IP ICMP redirect¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_icmp_redirect | Boolean |
IP NAT¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_nat | Dictionary | ||||
kernel_buffer_size | Integer | Min: 1 Max: 64 |
Buffer size in MB | ||
profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
vrf | String | Specify VRF for NAT profile. | |||
destination | Dictionary | ||||
dynamic | List, items: Dictionary | ||||
- access_list | String | Required, Unique | |||
comment | String | ||||
pool_name | String | Required | |||
priority | Integer | Min: 0 Max: 4294967295 |
|||
static | List, items: Dictionary | ||||
- access_list | String | ‘access_list’ and ‘group’ are mutual exclusive | |||
comment | String | ||||
direction | String | Valid Values: - egress - ingress |
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW. |
||
group | Integer | Min: 1 Max: 65535 |
‘access_list’ and ‘group’ are mutual exclusive | ||
original_ip | String | Required, Unique | IPv4 address | ||
original_port | Integer | Min: 1 Max: 65535 |
|||
priority | Integer | Min: 0 Max: 4294967295 |
|||
protocol | String | Valid Values: - udp - tcp |
|||
translated_ip | String | Required | IPv4 address | ||
translated_port | Integer | Min: 1 Max: 65535 |
requires ‘original_port’ | ||
source | Dictionary | ||||
dynamic | List, items: Dictionary | ||||
- access_list | String | Required, Unique | |||
comment | String | ||||
nat_type | String | Required | Valid Values: - overload - pool - pool-address-only - pool-full-cone |
||
pool_name | String | required if ‘nat_type’ is pool, pool-address-only or pool-full-cone ignored if ‘nat_type’ is overload |
|||
priority | Integer | Min: 0 Max: 4294967295 |
|||
static | List, items: Dictionary | ||||
- access_list | String | ‘access_list’ and ‘group’ are mutual exclusive | |||
comment | String | ||||
direction | String | Valid Values: - egress - ingress |
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW. |
||
group | Integer | Min: 1 Max: 65535 |
‘access_list’ and ‘group’ are mutual exclusive | ||
original_ip | String | Required, Unique | IPv4 address | ||
original_port | Integer | Min: 1 Max: 65535 |
|||
priority | Integer | Min: 0 Max: 4294967295 |
|||
protocol | String | Valid Values: - udp - tcp |
|||
translated_ip | String | Required | IPv4 address | ||
translated_port | Integer | Min: 1 Max: 65535 |
requires ‘original_port’ | ||
pools | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
prefix_length | Integer | Required | Min: 16 Max: 32 |
||
ranges | List, items: Dictionary | ||||
- first_ip | String | Required | IPv4 address | ||
last_ip | String | Required | IPv4 address | ||
first_port | Integer | Min: 1 Max: 65535 |
|||
last_port | Integer | Min: 1 Max: 65535 |
|||
utilization_log_threshold | Integer | Min: 1 Max: 100 |
|||
synchronization | Dictionary | ||||
description | String | ||||
expiry_interval | Integer | Min: 60 Max: 3600 |
in seconds | ||
local_interface | String | EOS interface name | |||
peer_address | String | IPv4 address | |||
port_range | Dictionary | ||||
first_port | Integer | Min: 1024 Max: 65535 |
|||
last_port | Integer | Min: 1024 Max: 65535 |
>= first_port | ||
split_disabled | Boolean | ||||
shutdown | Boolean | ||||
translation | Dictionary | ||||
address_selection | Dictionary | ||||
any | Boolean | ||||
hash_field_source_ip | Boolean | ||||
counters | Boolean | ||||
low_mark | Dictionary | ||||
percentage | Integer | Min: 1 Max: 99 |
Used to render ‘ip nat translation low-mark |
||
host_percentage | Integer | Min: 1 Max: 99 |
Used to render ‘ip nat translation low-mark |
||
max_entries | Dictionary | ||||
limit | Integer | Min: 0 Max: 4294967295 |
|||
host_limit | Integer | Min: 0 Max: 4294967295 |
|||
ip_limits | List, items: Dictionary | ||||
- ip | String | Required, Unique | IPv4 address | ||
limit | Integer | Required | Min: 0 Max: 4294967295 |
||
timeouts | List, items: Dictionary | ||||
- protocol | String | Required, Unique | Valid Values: - tcp - udp |
||
timeout | Integer | Required | Min: 0 Max: 4294967295 |
in seconds |
ip_nat:
# Buffer size in MB
kernel_buffer_size: <int; 1-64>
profiles:
- name: <str; required; unique>
# Specify VRF for NAT profile.
vrf: <str>
destination:
dynamic:
- access_list: <str; required; unique>
comment: <str>
pool_name: <str; required>
priority: <int; 0-4294967295>
static:
# 'access_list' and 'group' are mutual exclusive
- access_list: <str>
comment: <str>
# Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
# EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
direction: <str; "egress" | "ingress">
# 'access_list' and 'group' are mutual exclusive
group: <int; 1-65535>
# IPv4 address
original_ip: <str; required; unique>
original_port: <int; 1-65535>
priority: <int; 0-4294967295>
protocol: <str; "udp" | "tcp">
# IPv4 address
translated_ip: <str; required>
# requires 'original_port'
translated_port: <int; 1-65535>
source:
dynamic:
- access_list: <str; required; unique>
comment: <str>
nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>
# required if 'nat_type' is pool, pool-address-only or pool-full-cone
# ignored if 'nat_type' is overload
pool_name: <str>
priority: <int; 0-4294967295>
static:
# 'access_list' and 'group' are mutual exclusive
- access_list: <str>
comment: <str>
# Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
# EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
direction: <str; "egress" | "ingress">
# 'access_list' and 'group' are mutual exclusive
group: <int; 1-65535>
# IPv4 address
original_ip: <str; required; unique>
original_port: <int; 1-65535>
priority: <int; 0-4294967295>
protocol: <str; "udp" | "tcp">
# IPv4 address
translated_ip: <str; required>
# requires 'original_port'
translated_port: <int; 1-65535>
pools:
- name: <str; required; unique>
prefix_length: <int; 16-32; required>
ranges:
# IPv4 address
- first_ip: <str; required>
# IPv4 address
last_ip: <str; required>
first_port: <int; 1-65535>
last_port: <int; 1-65535>
utilization_log_threshold: <int; 1-100>
synchronization:
description: <str>
# in seconds
expiry_interval: <int; 60-3600>
# EOS interface name
local_interface: <str>
# IPv4 address
peer_address: <str>
port_range:
first_port: <int; 1024-65535>
# >= first_port
last_port: <int; 1024-65535>
split_disabled: <bool>
shutdown: <bool>
translation:
address_selection:
any: <bool>
hash_field_source_ip: <bool>
counters: <bool>
low_mark:
# Used to render 'ip nat translation low-mark <percentage>'
percentage: <int; 1-99>
# Used to render 'ip nat translation low-mark <host_percentage> host'
host_percentage: <int; 1-99>
max_entries:
limit: <int; 0-4294967295>
host_limit: <int; 0-4294967295>
ip_limits:
# IPv4 address
- ip: <str; required; unique>
limit: <int; 0-4294967295; required>
timeouts:
- protocol: <str; "tcp" | "udp"; required; unique>
# in seconds
timeout: <int; 0-4294967295; required>
IP routing IPv6 interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_routing_ipv6_interfaces | Boolean |
IP routing¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_routing | Boolean |
IP virtual router MAC address¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_virtual_router_mac_address | String | MAC address (hh:hh:hh:hh:hh:hh) |
IPv6 ICMP redirects¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ipv6_icmp_redirect | Boolean |
IPv6 static routes¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ipv6_static_routes | List, items: Dictionary | ||||
- vrf | String | ||||
destination_address_prefix | String | IPv6 Network/Mask | |||
interface | String | ||||
gateway | String | IPv6 Address | |||
track_bfd | Boolean | Track next-hop using BFD | |||
distance | Integer | Min: 1 Max: 255 |
|||
tag | Integer | Min: 0 Max: 4294967295 |
|||
name | String | Description | |||
metric | Integer | Min: 0 Max: 4294967295 |
IPv6 unicast routing¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ipv6_unicast_routing | Boolean |
MPLS¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
mpls | Dictionary | ||||
ip | Boolean | ||||
ldp | Dictionary | ||||
interface_disabled_default | Boolean | ||||
router_id | String | ||||
shutdown | Boolean | ||||
transport_address_interface | String | Interface Name |
Router adaptive virtual topology¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_adaptive_virtual_topology | Dictionary | ||||
topology_role | String | Valid Values: - edge - pathfinder - transit region - transit zone |
Role name. | ||
region | Dictionary | Region name and ID. | |||
name | String | Required | |||
id | Integer | Required | Min: 1 Max: 255 |
||
zone | Dictionary | Zone name and ID. | |||
name | String | Required | |||
id | Integer | Required | Min: 1 Max: 10000 |
||
site | Dictionary | Site name and ID. | |||
name | String | Required | |||
id | Integer | Required | Min: 1 Max: 10000 |
||
profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | AVT Name. | ||
load_balance_policy | String | Name of the load-balance policy. | |||
internet_exit_policy | String | Name of the internet exit policy. | |||
policies | List, items: Dictionary | A sequence of application profiles mapped to some virtual topologies. | |||
- name | String | Required, Unique | Policy name. | ||
matches | List, items: Dictionary | ||||
- application_profile | String | Application profile name. | |||
avt_profile | String | AVT Profile name. | |||
dscp | Integer | Min: 0 Max: 63 |
Set DSCP for matched traffic. | ||
traffic_class | Integer | Min: 0 Max: 7 |
Set traffic-class for matched traffic. | ||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF name. | ||
policy | String | AVT Policy name. | |||
profiles | List, items: Dictionary | AVT profiles in this VRF. | |||
- name | String | AVT profile name. | |||
id | Integer | Required, Unique | Min: 1 Max: 254 |
Unique ID for this AVT (per VRF). |
router_adaptive_virtual_topology:
# Role name.
topology_role: <str; "edge" | "pathfinder" | "transit region" | "transit zone">
# Region name and ID.
region:
name: <str; required>
id: <int; 1-255; required>
# Zone name and ID.
zone:
name: <str; required>
id: <int; 1-10000; required>
# Site name and ID.
site:
name: <str; required>
id: <int; 1-10000; required>
profiles:
# AVT Name.
- name: <str; required; unique>
# Name of the load-balance policy.
load_balance_policy: <str>
# Name of the internet exit policy.
internet_exit_policy: <str>
# A sequence of application profiles mapped to some virtual topologies.
policies:
# Policy name.
- name: <str; required; unique>
matches:
# Application profile name.
- application_profile: <str>
# AVT Profile name.
avt_profile: <str>
# Set DSCP for matched traffic.
dscp: <int; 0-63>
# Set traffic-class for matched traffic.
traffic_class: <int; 0-7>
vrfs:
# VRF name.
- name: <str; required; unique>
# AVT Policy name.
policy: <str>
# AVT profiles in this VRF.
profiles:
# AVT profile name.
- name: <str>
# Unique ID for this AVT (per VRF).
id: <int; 1-254; required; unique>
Router BFD¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_bfd | Dictionary | ||||
interval | Integer | Rate in milliseconds | |||
min_rx | Integer | Rate in milliseconds | |||
multiplier | Integer | Min: 3 Max: 50 |
|||
multihop | Dictionary | ||||
interval | Integer | Rate in milliseconds | |||
min_rx | Integer | Rate in milliseconds | |||
multiplier | Integer | Min: 3 Max: 50 |
|||
sbfd | Dictionary | ||||
local_interface | Dictionary | ||||
name | String | Interface Name | |||
protocols | Dictionary | ||||
ipv4 | Boolean | ||||
ipv6 | Boolean | ||||
initiator_interval | Integer | Rate in milliseconds | |||
initiator_multiplier | Integer | Min: 3 Max: 50 |
|||
initiator_measurement_round_trip | Boolean | Enable round-trip delay measurement | |||
reflector | Dictionary | ||||
min_rx | Integer | Rate in milliseconds | |||
local_discriminator | String | IPv4 address or 32 bit integer |
router_bfd:
# Rate in milliseconds
interval: <int>
# Rate in milliseconds
min_rx: <int>
multiplier: <int; 3-50>
multihop:
# Rate in milliseconds
interval: <int>
# Rate in milliseconds
min_rx: <int>
multiplier: <int; 3-50>
sbfd:
local_interface:
# Interface Name
name: <str>
protocols:
ipv4: <bool>
ipv6: <bool>
# Rate in milliseconds
initiator_interval: <int>
initiator_multiplier: <int; 3-50>
# Enable round-trip delay measurement
initiator_measurement_round_trip: <bool>
reflector:
# Rate in milliseconds
min_rx: <int>
# IPv4 address or 32 bit integer
local_discriminator: <str>
Router BGP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_bgp | Dictionary | ||||
as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>” | |||
router_id | String | In IP address format A.B.C.D | |||
distance | Dictionary | ||||
external_routes | Integer | Required | Min: 1 Max: 255 |
||
internal_routes | Integer | Required | Min: 1 Max: 255 |
||
local_routes | Integer | Required | Min: 1 Max: 255 |
||
graceful_restart | Dictionary | ||||
enabled | Boolean | ||||
restart_time | Integer | Min: 1 Max: 3600 |
Number of seconds | ||
stalepath_time | Integer | Min: 1 Max: 3600 |
Number of seconds | ||
graceful_restart_helper | Dictionary | ||||
enabled | Boolean | ||||
restart_time | Integer | Min: 1 Max: 100000000 |
Number of seconds graceful-restart-help long-lived and restart-time are mutually exclusive in CLI. restart-time will take precedence if both are configured. |
||
long_lived | Boolean | graceful-restart-help long-lived and restart-time are mutually exclusive in CLI. restart-time will take precedence if both are configured. |
|||
maximum_paths | Dictionary | ||||
paths | Integer | Required | Min: 1 Max: 600 |
||
ecmp | Integer | Min: 1 Max: 600 |
|||
updates | Dictionary | ||||
wait_for_convergence | Boolean | Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached. |
|||
wait_install | Boolean | Do not advertise reachability to a prefix until that prefix has been installed in hardware. This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane. |
|||
bgp_cluster_id | String | IP Address A.B.C.D | |||
bgp_defaults | List, items: String | BGP command as string | |||
- <str> | String | ||||
bgp | Dictionary | ||||
default | Dictionary | ||||
ipv4_unicast | Boolean | Default activation of IPv4 unicast address-family on all IPv4 neighbors (EOS default = True). | |||
ipv4_unicast_transport_ipv6 | Boolean | Default activation of IPv4 unicast address-family on all IPv6 neighbors (EOS default == False). | |||
route_reflector_preserve_attributes | Dictionary | ||||
enabled | Boolean | ||||
always | Boolean | ||||
bestpath | Dictionary | ||||
d_path | Boolean | ||||
listen_ranges | List, items: Dictionary | Improved “listen_ranges” data model to support multiple listen ranges and additional filter capabilities |
|||
- prefix | String | IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I” | |||
peer_id_include_router_id | Boolean | Include router ID as part of peer filter | |||
peer_group | String | Peer group name | |||
peer_filter | String | Peer-filter name note: peer_filter or remote_as is required but mutually exclusive.If both are defined, peer_filter takes precedence |
|||
remote_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>” | |||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name | ||
type | String | Key only used for documentation or validation purposes | |||
remote_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>” | |||
local_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>” | |||
description | String | ||||
shutdown | Boolean | ||||
as_path | Dictionary | BGP AS-PATH options | |||
remote_as_replace_out | Boolean | Replace AS number with local AS number | |||
prepend_own_disabled | Boolean | Disable prepending own AS number to AS path | |||
remove_private_as | Dictionary | Remove private AS numbers in outbound AS path | |||
enabled | Boolean | ||||
all | Boolean | ||||
replace_as | Boolean | ||||
remove_private_as_ingress | Dictionary | ||||
enabled | Boolean | ||||
replace_as | Boolean | ||||
peer_filter deprecated | String | Peer-filter name note: bgp_listen_range_prefix and peer_filter should not be mixed withthe new listen_ranges key above to avoid conflicts.This key is deprecated. Support will be removed in AVD version 5.0.0. Use listen_ranges instead. |
|||
next_hop_unchanged | Boolean | ||||
update_source | String | IP address or interface name | |||
route_reflector_client | Boolean | ||||
bfd | Boolean | ||||
ebgp_multihop | Integer | Min: 1 Max: 255 |
Time-to-live in range of hops | ||
next_hop_self | Boolean | ||||
password | String | ||||
passive | Boolean | ||||
default_originate | Dictionary | ||||
enabled | Boolean | ||||
always | Boolean | ||||
route_map | String | Route-map name | |||
send_community | String | ‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’ | |||
maximum_routes | Integer | Min: 0 Max: 4294967294 |
Maximum number of routes (0 means unlimited) | ||
maximum_routes_warning_limit | String | Maximum number of routes after which a warning is issued (0 means never warn) or Percentage of maximum number of routes at which to warn (“<1-100> percent”) |
|||
maximum_routes_warning_only | Boolean | ||||
link_bandwidth | Dictionary | ||||
enabled | Boolean | ||||
default | String | nn.nn(K | |||
allowas_in | Dictionary | ||||
enabled | Boolean | ||||
times | Integer | Min: 1 Max: 10 |
Number of local ASNs allowed in a BGP update | ||
weight | Integer | Min: 0 Max: 65535 |
|||
timers | String | BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>” | |||
rib_in_pre_policy_retain | Dictionary | ||||
enabled | Boolean | ||||
all | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
bgp_listen_range_prefix deprecated | String | IP prefix range note: bgp_listen_range_prefix and peer_filter should not be mixed withthe new listen_ranges key above to avoid conflicts.This key is deprecated. Support will be removed in AVD version 5.0.0. Use listen_ranges instead. |
|||
session_tracker | String | ||||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
peer_group | String | ||||
remote_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>” | |||
local_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>” | |||
as_path | Dictionary | BGP AS-PATH options | |||
remote_as_replace_out | Boolean | Replace AS number with local AS number | |||
prepend_own_disabled | Boolean | Disable prepending own AS number to AS path | |||
peer | String | Key only used for documentation or validation purposes | |||
description | String | ||||
route_reflector_client | Boolean | ||||
password | String | ||||
passive | Boolean | ||||
shutdown | Boolean | ||||
update_source | String | Source Interface | |||
bfd | Boolean | ||||
weight | Integer | Min: 0 Max: 65535 |
|||
timers | String | BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>” | |||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
default_originate | Dictionary | ||||
enabled | Boolean | ||||
always | Boolean | ||||
route_map | String | ||||
send_community | String | ‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’ | |||
maximum_routes | Integer | Min: 0 Max: 4294967294 |
Maximum number of routes (0 means unlimited) | ||
maximum_routes_warning_limit | String | Maximum number of routes after which a warning is issued (0 means never warn) or Percentage of maximum number of routes at which to warn (“<1-100> percent”) |
|||
maximum_routes_warning_only | Boolean | ||||
allowas_in | Dictionary | ||||
enabled | Boolean | ||||
times | Integer | Min: 1 Max: 10 |
Number of local ASNs allowed in a BGP update | ||
ebgp_multihop | Integer | Min: 1 Max: 255 |
Time-to-live in range of hops | ||
next_hop_self | Boolean | ||||
link_bandwidth | Dictionary | ||||
enabled | Boolean | ||||
default | String | nn.nn(K | |||
rib_in_pre_policy_retain | Dictionary | ||||
enabled | Boolean | ||||
all | Boolean | ||||
remove_private_as | Dictionary | Remove private AS numbers in outbound AS path | |||
enabled | Boolean | ||||
all | Boolean | ||||
replace_as | Boolean | ||||
remove_private_as_ingress | Dictionary | ||||
enabled | Boolean | ||||
replace_as | Boolean | ||||
session_tracker | String | ||||
neighbor_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | Interface name | ||
remote_as | String | ||||
peer | String | Key only used for documentation or validation purposes | |||
peer_group | String | Peer-group name |
|||
description | String | ||||
peer_filter | String | Peer-filter name | |||
aggregate_addresses | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I” | ||
advertise_only | Boolean | ||||
as_set | Boolean | ||||
summary_only | Boolean | ||||
attribute_map | String | Route-map name | |||
match_map | String | Route-map name | |||
redistribute_routes | List, items: Dictionary | ||||
- source_protocol | String | Required, Unique | |||
route_map | String | ||||
include_leaked | Boolean | ||||
vlan_aware_bundles | List, items: Dictionary | ||||
- name | String | Required, Unique | VLAN aware bundle name | ||
tenant | String | Key only used for documentation or validation purposes | |||
description | String | Key only used for documentation or validation purposes | |||
rd | String | Route distinguisher | |||
rd_evpn_domain | Dictionary | ||||
domain | String | Valid Values: - remote - all |
|||
rd | String | Route distinguisher | |||
route_targets | Dictionary | ||||
both | List, items: String | ||||
- <str> | String | ||||
import | List, items: String | ||||
- <str> | String | ||||
export | List, items: String | ||||
- <str> | String | ||||
import_evpn_domains | List, items: Dictionary | ||||
- domain | String | Valid Values: - remote - all |
|||
route_target | String | ||||
export_evpn_domains | List, items: Dictionary | ||||
- domain | String | Valid Values: - remote - all |
|||
route_target | String | ||||
import_export_evpn_domains | List, items: Dictionary | ||||
- domain | String | Valid Values: - remote - all |
|||
route_target | String | ||||
redistribute_routes | List, items: String | ||||
- <str> | String | ||||
no_redistribute_routes | List, items: String | ||||
- <str> | String | ||||
vlan | String | VLAN range as string. Example “100-200,300” | |||
eos_cli | String | Multiline EOS CLI rendered directly on the Router BGP, VLAN-aware-bundle definition in the final EOS configuration | |||
vlans | List, items: Dictionary | ||||
- id | Integer | Required, Unique | |||
tenant | String | Key only used for documentation or validation purposes | |||
rd | String | Route distinguisher | |||
rd_evpn_domain | Dictionary | ||||
domain | String | Valid Values: - remote - all |
|||
rd | String | Route distinguisher | |||
eos_cli | String | Multiline EOS CLI rendered directly on the Router BGP, VLAN definition in the final EOS configuration | |||
route_targets | Dictionary | ||||
both | List, items: String | ||||
- <str> | String | ||||
import | List, items: String | ||||
- <str> | String | ||||
export | List, items: String | ||||
- <str> | String | ||||
import_evpn_domains | List, items: Dictionary | ||||
- domain | String | Valid Values: - remote - all |
|||
route_target | String | ||||
export_evpn_domains | List, items: Dictionary | ||||
- domain | String | Valid Values: - remote - all |
|||
route_target | String | ||||
import_export_evpn_domains | List, items: Dictionary | ||||
- domain | String | Valid Values: - remote - all |
|||
route_target | String | ||||
redistribute_routes | List, items: String | ||||
- <str> | String | ||||
no_redistribute_routes | List, items: String | ||||
- <str> | String | ||||
vpws | List, items: Dictionary | ||||
- name | String | Required, Unique | VPWS instance name | ||
rd | String | Route distinguisher | |||
route_targets | Dictionary | ||||
import_export | String | Route Target | |||
mpls_control_word | Boolean | ||||
label_flow | Boolean | ||||
mtu | Integer | ||||
pseudowires | List, items: Dictionary | ||||
- name | String | Required, Unique | Pseudowire name | ||
id_local | Integer | Must match id_remote on other pe | |||
id_remote | Integer | Must match id_local on other pe | |||
address_family_evpn | Dictionary | ||||
domain_identifier | String | ||||
neighbor_default | Dictionary | ||||
encapsulation | String | Valid Values: - vxlan - mpls |
|||
next_hop_self_source_interface | String | Source interface name | |||
next_hop_self_received_evpn_routes | Dictionary | ||||
enable | Boolean | ||||
inter_domain | Boolean | ||||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name | ||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
domain_remote | Boolean | ||||
encapsulation | String | Valid Values: - vxlan - mpls |
|||
additional_paths | Dictionary | ||||
receive | Boolean | ||||
send | Dictionary | ||||
any | Boolean | ||||
backup | Boolean | ||||
ecmp | Boolean | ||||
ecmp_limit | Integer | Min: 2 Max: 64 |
Amount of ECMP paths to send | ||
limit | Integer | Min: 2 Max: 64 |
Amount of paths to send | ||
evpn_hostflap_detection | Dictionary | ||||
enabled | Boolean | ||||
window | Integer | Min: 0 Max: 4294967295 |
Time (in seconds) to detect a MAC duplication issue | ||
threshold | Integer | Min: 0 Max: 4294967295 |
Minimum number of MAC moves that indicate a MAC Duplication issue | ||
expiry_timeout | Integer | Min: 0 Max: 4294967295 |
Time (in seconds) to purge a MAC duplication issue | ||
next_hop | Dictionary | ||||
resolution_disabled | Boolean | ||||
route | Dictionary | ||||
import_match_failure_action | String | Valid Values: - discard |
|||
next_hop_unchanged | Boolean | ||||
address_family_rtc | Dictionary | ||||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name | ||
activate | Boolean | ||||
default_route_target | Dictionary | ||||
only | Boolean | ||||
encoding_origin_as_omit | String | ||||
address_family_ipv4 | Dictionary | ||||
networks | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I” | ||
route_map | String | Route-map name | |||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name | ||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
default_originate | Dictionary | ||||
always | Boolean | ||||
route_map | String | Route-map name | |||
next_hop | Dictionary | ||||
address_family_ipv6 | Dictionary | ||||
enabled | Boolean | Required | |||
originate | Boolean | ||||
address_family_ipv6_originate deprecated | Boolean | This key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_ipv6 instead. | |||
prefix_list_in | String | Inbound prefix-list name | |||
prefix_list_out | String | Outbound prefix-list name | |||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
prefix_list_in | String | Inbound prefix-list name | |||
prefix_list_out | String | Prefix-list name | |||
default_originate | Dictionary | ||||
always | Boolean | ||||
route_map | String | ||||
address_family_ipv4_multicast | Dictionary | ||||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name | ||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
redistribute_routes | List, items: Dictionary | ||||
- source_protocol | String | Required, Unique | |||
route_map | String | ||||
address_family_ipv4_sr_te | Dictionary | ||||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name | ||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
address_family_ipv6 | Dictionary | ||||
networks | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I” | ||
route_map | String | Route-map name | |||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name | ||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
prefix_list_in | String | Inbound prefix-list name | |||
prefix_list_out | String | Outbound prefix-list name | |||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
prefix_list_in | String | Inbound prefix-list name | |||
prefix_list_out | String | Outbound prefix-list name | |||
redistribute_routes | List, items: Dictionary | ||||
- source_protocol | String | Required, Unique | |||
route_map | String | ||||
include_leaked | Boolean | ||||
address_family_ipv6_multicast | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
additional_paths | Dictionary | ||||
receive | Boolean | ||||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name | ||
activate | Boolean | ||||
networks | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv6 prefix “A:B:C:D:E:F:G:H/I” | ||
route_map | String | ||||
address_family_ipv6_sr_te | Dictionary | ||||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name | ||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
address_family_link_state | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name | ||
activate | Boolean | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
path_selection | Dictionary | ||||
roles | Dictionary | ||||
producer | Boolean | ||||
consumer | Boolean | ||||
propagator | Boolean | ||||
address_family_flow_spec_ipv4 | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name | ||
activate | Boolean | ||||
address_family_flow_spec_ipv6 | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name | ||
activate | Boolean | ||||
address_family_path_selection | Dictionary | ||||
bgp | Dictionary | ||||
additional_paths | Dictionary | ||||
receive | Boolean | ||||
send | Dictionary | ||||
any | Boolean | ||||
backup | Boolean | ||||
ecmp | Boolean | ||||
ecmp_limit | Integer | Min: 2 Max: 64 |
Amount of ECMP paths to send | ||
limit | Integer | Min: 2 Max: 64 |
Amount of paths to send | ||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
additional_paths | Dictionary | ||||
install | Boolean | ||||
install_ecmp_primary | Boolean | ||||
receive | Boolean | ||||
send | Dictionary | ||||
any | Boolean | ||||
backup | Boolean | ||||
ecmp | Boolean | ||||
ecmp_limit | Integer | Min: 2 Max: 64 |
Amount of ECMP paths to send | ||
limit | Integer | Min: 2 Max: 64 |
Amount of paths to send | ||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name | ||
activate | Boolean | ||||
additional_paths | Dictionary | ||||
install | Boolean | ||||
install_ecmp_primary | Boolean | ||||
receive | Boolean | ||||
send | Dictionary | ||||
any | Boolean | ||||
backup | Boolean | ||||
ecmp | Boolean | ||||
ecmp_limit | Integer | Min: 2 Max: 64 |
Amount of ECMP paths to send | ||
limit | Integer | Min: 2 Max: 64 |
Amount of paths to send | ||
address_family_vpn_ipv4 | Dictionary | ||||
domain_identifier | String | ||||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name | ||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
route | Dictionary | ||||
import_match_failure_action | String | Valid Values: - discard |
|||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
neighbor_default_encapsulation_mpls_next_hop_self | Dictionary | ||||
source_interface | String | ||||
address_family_vpn_ipv6 | Dictionary | ||||
domain_identifier | String | ||||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name | ||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
route | Dictionary | ||||
import_match_failure_action | String | Valid Values: - discard |
|||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
neighbor_default_encapsulation_mpls_next_hop_self | Dictionary | ||||
source_interface | String | ||||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF name | ||
rd | String | Route distinguisher | |||
evpn_multicast | Boolean | ||||
evpn_multicast_address_family | Dictionary | Enable per-AF EVPN multicast settings | |||
ipv4 | Dictionary | ||||
transit | Boolean | Enable EVPN multicast transit mode | |||
route_targets | Dictionary | ||||
import | List, items: Dictionary | ||||
- address_family | String | Required, Unique | |||
route_targets | List, items: String | ||||
- <str> | String | ||||
route_map | String | ||||
export | List, items: Dictionary | ||||
- address_family | String | Required, Unique | |||
route_targets | List, items: String | ||||
- <str> | String | ||||
route_map | String | ||||
router_id | String | in IP address format A.B.C.D | |||
timers | String | BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>” | |||
networks | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I” | ||
route_map | String | ||||
updates | Dictionary | ||||
wait_for_convergence | Boolean | Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached. |
|||
wait_install | Boolean | Do not advertise reachability to a prefix until that prefix has been installed in hardware. This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane. |
|||
listen_ranges | List, items: Dictionary | Improved “listen_ranges” data model to support multiple listen ranges and additional filter capabilities |
|||
- prefix | String | IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I” | |||
peer_id_include_router_id | Boolean | Include router ID as part of peer filter | |||
peer_group | String | Peer-group name | |||
peer_filter | String | Peer-filter name note: peer_filter`` or remote_as` is required but mutually exclusive.If both are defined, peer_filter takes precedence |
|||
remote_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>” | |||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
peer_group | String | Peer-group name | |||
remote_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>” | |||
password | String | ||||
passive | Boolean | ||||
remove_private_as | Dictionary | Remove private AS numbers in outbound AS path | |||
enabled | Boolean | ||||
all | Boolean | ||||
replace_as | Boolean | ||||
remove_private_as_ingress | Dictionary | ||||
enabled | Boolean | ||||
replace_as | Boolean | ||||
weight | Integer | Min: 0 Max: 65535 |
|||
local_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>” | |||
as_path | Dictionary | BGP AS-PATH options | |||
remote_as_replace_out | Boolean | Replace AS number with local AS number | |||
prepend_own_disabled | Boolean | Disable prepending own AS number to AS path | |||
description | String | ||||
route_reflector_client | Boolean | ||||
ebgp_multihop | Integer | Min: 1 Max: 255 |
Time-to-live in range of hops | ||
next_hop_self | Boolean | ||||
shutdown | Boolean | ||||
bfd | Boolean | ||||
timers | String | BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>” | |||
rib_in_pre_policy_retain | Dictionary | ||||
enabled | Boolean | ||||
all | Boolean | ||||
send_community | String | ‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’ | |||
maximum_routes | Integer | ||||
maximum_routes_warning_limit | String | Maximum number of routes after which a warning is issued (0 means never warn) or Percentage of maximum number of routes at which to warn (“<1-100> percent”) |
|||
maximum_routes_warning_only | Boolean | ||||
allowas_in | Dictionary | ||||
enabled | Boolean | ||||
times | Integer | Min: 1 Max: 10 |
Number of local ASNs allowed in a BGP update | ||
default_originate | Dictionary | ||||
enabled | Boolean | ||||
always | Boolean | ||||
route_map | String | ||||
update_source | String | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
prefix_list_in deprecated | String | Inbound prefix-list nameThis key is deprecated. Support will be removed in AVD version 5.0.0. Use router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_in or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_in instead. | |||
prefix_list_out deprecated | String | Outbound prefix-list nameThis key is deprecated. Support will be removed in AVD version 5.0.0. Use router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_out or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_out instead. | |||
neighbor_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | Interface name | ||
remote_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>” | |||
peer_group | String | Peer-group name | |||
peer_filter | String | Peer-filter name | |||
description | String | ||||
redistribute_routes | List, items: Dictionary | ||||
- source_protocol | String | Required, Unique | |||
route_map | String | ||||
include_leaked | Boolean | ||||
aggregate_addresses | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I” | ||
advertise_only | Boolean | ||||
as_set | Boolean | ||||
summary_only | Boolean | ||||
attribute_map | String | ||||
match_map | String | ||||
address_family_ipv4 | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
additional_paths | Dictionary | ||||
install | Boolean | ||||
install_ecmp_primary | Boolean | ||||
receive | Boolean | ||||
send | Dictionary | ||||
any | Boolean | ||||
backup | Boolean | ||||
ecmp | Boolean | ||||
ecmp_limit | Integer | Min: 2 Max: 64 |
Amount of ECMP paths to send | ||
limit | Integer | Min: 2 Max: 64 |
Amount of paths to send | ||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
prefix_list_in | String | Inbound prefix-list name | |||
prefix_list_out | String | Outbound prefix-list name | |||
next_hop | Dictionary | ||||
address_family_ipv6 | Dictionary | ||||
enabled | Boolean | Required | |||
originate | Boolean | ||||
networks | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv4 prefix “A.B.C.D/E” | ||
route_map | String | ||||
address_family_ipv6 | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
additional_paths | Dictionary | ||||
install | Boolean | ||||
install_ecmp_primary | Boolean | ||||
receive | Boolean | ||||
send | Dictionary | ||||
any | Boolean | ||||
backup | Boolean | ||||
ecmp | Boolean | ||||
ecmp_limit | Integer | Min: 2 Max: 64 |
Amount of ECMP paths to send | ||
limit | Integer | Min: 2 Max: 64 |
Amount of paths to send | ||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
prefix_list_in | String | Inbound prefix-list name | |||
prefix_list_out | String | Outbound prefix-list name | |||
networks | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv6 prefix “A:B:C:D:E:F:G:H/I” | ||
route_map | String | ||||
address_family_ipv4_multicast | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
additional_paths | Dictionary | ||||
receive | Boolean | ||||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
networks | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv6 prefix “A.B.C.D/E” | ||
route_map | String | ||||
address_family_ipv6_multicast | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
additional_paths | Dictionary | ||||
receive | Boolean | ||||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
networks | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv6 prefix “A:B:C:D:E:F:G:H/I” | ||
route_map | String | ||||
address_family_flow_spec_ipv4 | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
address_family_flow_spec_ipv6 | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
address_families deprecated | List, items: Dictionary | This key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_* instead. | |||
- address_family | String | Required, Unique | |||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
additional_paths | List, items: String | ||||
- <str> | String | ||||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name | |||
route_map_out | String | Outbound route-map name | |||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name | ||
activate | Boolean | ||||
next_hop | Dictionary | ||||
address_family_ipv6_originate | Boolean | ||||
networks | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I” | ||
route_map | String | ||||
eos_cli | String | Multiline EOS CLI rendered directly on the Router BGP, VRF definition in the final EOS configuration |
|||
session_trackers | List, items: Dictionary | ||||
- name | String | Required, Unique | Name of session tracker | ||
recovery_delay | Integer | Min: 1 Max: 3600 |
Recovery delay in seconds |
router_bgp:
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
as: <str>
# In IP address format A.B.C.D
router_id: <str>
distance:
external_routes: <int; 1-255; required>
internal_routes: <int; 1-255; required>
local_routes: <int; 1-255; required>
graceful_restart:
enabled: <bool>
# Number of seconds
restart_time: <int; 1-3600>
# Number of seconds
stalepath_time: <int; 1-3600>
graceful_restart_helper:
enabled: <bool>
# Number of seconds
# graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
# restart-time will take precedence if both are configured.
restart_time: <int; 1-100000000>
# graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
# restart-time will take precedence if both are configured.
long_lived: <bool>
maximum_paths:
paths: <int; 1-600; required>
ecmp: <int; 1-600>
updates:
# Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
wait_for_convergence: <bool>
# Do not advertise reachability to a prefix until that prefix has been installed in hardware.
# This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
wait_install: <bool>
# IP Address A.B.C.D
bgp_cluster_id: <str>
# BGP command as string
bgp_defaults:
- <str>
bgp:
default:
# Default activation of IPv4 unicast address-family on all IPv4 neighbors (EOS default = True).
ipv4_unicast: <bool>
# Default activation of IPv4 unicast address-family on all IPv6 neighbors (EOS default == False).
ipv4_unicast_transport_ipv6: <bool>
route_reflector_preserve_attributes:
enabled: <bool>
always: <bool>
bestpath:
d_path: <bool>
# Improved "listen_ranges" data model to support multiple listen ranges and additional filter capabilities
listen_ranges:
# IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I"
- prefix: <str>
# Include router ID as part of peer filter
peer_id_include_router_id: <bool>
# Peer group name
peer_group: <str>
# Peer-filter name
# note: `peer_filter` or `remote_as` is required but mutually exclusive.
# If both are defined, `peer_filter` takes precedence
peer_filter: <str>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
remote_as: <str>
peer_groups:
# Peer-group name
- name: <str; required; unique>
# Key only used for documentation or validation purposes
type: <str>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
remote_as: <str>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
local_as: <str>
description: <str>
shutdown: <bool>
# BGP AS-PATH options
as_path:
# Replace AS number with local AS number
remote_as_replace_out: <bool>
# Disable prepending own AS number to AS path
prepend_own_disabled: <bool>
# Remove private AS numbers in outbound AS path
remove_private_as:
enabled: <bool>
all: <bool>
replace_as: <bool>
remove_private_as_ingress:
enabled: <bool>
replace_as: <bool>
# Peer-filter name
# note: `bgp_listen_range_prefix` and `peer_filter` should not be mixed with
# the new `listen_ranges` key above to avoid conflicts.
# This key is deprecated.
# Support will be removed in AVD version 5.0.0.
# Use <samp>listen_ranges</samp> instead.
peer_filter: <str>
next_hop_unchanged: <bool>
# IP address or interface name
update_source: <str>
route_reflector_client: <bool>
bfd: <bool>
# Time-to-live in range of hops
ebgp_multihop: <int; 1-255>
next_hop_self: <bool>
password: <str>
passive: <bool>
default_originate:
enabled: <bool>
always: <bool>
# Route-map name
route_map: <str>
# 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'
send_community: <str>
# Maximum number of routes (0 means unlimited)
maximum_routes: <int; 0-4294967294>
# Maximum number of routes after which a warning is issued (0 means never warn) or
# Percentage of maximum number of routes at which to warn ("<1-100> percent")
maximum_routes_warning_limit: <str>
maximum_routes_warning_only: <bool>
link_bandwidth:
enabled: <bool>
# nn.nn(K|M|G) link speed in bits/second
default: <str>
allowas_in:
enabled: <bool>
# Number of local ASNs allowed in a BGP update
times: <int; 1-10>
weight: <int; 0-65535>
# BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>"
timers: <str>
rib_in_pre_policy_retain:
enabled: <bool>
all: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
# IP prefix range
# note: `bgp_listen_range_prefix` and `peer_filter` should not be mixed with
# the new `listen_ranges` key above to avoid conflicts.
# This key is deprecated.
# Support will be removed in AVD version 5.0.0.
# Use <samp>listen_ranges</samp> instead.
bgp_listen_range_prefix: <str>
session_tracker: <str>
neighbors:
- ip_address: <str; required; unique>
peer_group: <str>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
remote_as: <str>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
local_as: <str>
# BGP AS-PATH options
as_path:
# Replace AS number with local AS number
remote_as_replace_out: <bool>
# Disable prepending own AS number to AS path
prepend_own_disabled: <bool>
# Key only used for documentation or validation purposes
peer: <str>
description: <str>
route_reflector_client: <bool>
password: <str>
passive: <bool>
shutdown: <bool>
# Source Interface
update_source: <str>
bfd: <bool>
weight: <int; 0-65535>
# BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>"
timers: <str>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
default_originate:
enabled: <bool>
always: <bool>
route_map: <str>
# 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'
send_community: <str>
# Maximum number of routes (0 means unlimited)
maximum_routes: <int; 0-4294967294>
# Maximum number of routes after which a warning is issued (0 means never warn) or
# Percentage of maximum number of routes at which to warn ("<1-100> percent")
maximum_routes_warning_limit: <str>
maximum_routes_warning_only: <bool>
allowas_in:
enabled: <bool>
# Number of local ASNs allowed in a BGP update
times: <int; 1-10>
# Time-to-live in range of hops
ebgp_multihop: <int; 1-255>
next_hop_self: <bool>
link_bandwidth:
enabled: <bool>
# nn.nn(K|M|G) link speed in bits/second
default: <str>
rib_in_pre_policy_retain:
enabled: <bool>
all: <bool>
# Remove private AS numbers in outbound AS path
remove_private_as:
enabled: <bool>
all: <bool>
replace_as: <bool>
remove_private_as_ingress:
enabled: <bool>
replace_as: <bool>
session_tracker: <str>
neighbor_interfaces:
# Interface name
- name: <str; required; unique>
remote_as: <str>
# Key only used for documentation or validation purposes
peer: <str>
peer_group: <str; default="Peer-group name">
description: <str>
# Peer-filter name
peer_filter: <str>
aggregate_addresses:
# IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I"
- prefix: <str; required; unique>
advertise_only: <bool>
as_set: <bool>
summary_only: <bool>
# Route-map name
attribute_map: <str>
# Route-map name
match_map: <str>
redistribute_routes:
- source_protocol: <str; required; unique>
route_map: <str>
include_leaked: <bool>
vlan_aware_bundles:
# VLAN aware bundle name
- name: <str; required; unique>
# Key only used for documentation or validation purposes
tenant: <str>
# Key only used for documentation or validation purposes
description: <str>
# Route distinguisher
rd: <str>
rd_evpn_domain:
domain: <str; "remote" | "all">
# Route distinguisher
rd: <str>
route_targets:
both:
- <str>
import:
- <str>
export:
- <str>
import_evpn_domains:
- domain: <str; "remote" | "all">
route_target: <str>
export_evpn_domains:
- domain: <str; "remote" | "all">
route_target: <str>
import_export_evpn_domains:
- domain: <str; "remote" | "all">
route_target: <str>
redistribute_routes:
- <str>
no_redistribute_routes:
- <str>
# VLAN range as string. Example "100-200,300"
vlan: <str>
# Multiline EOS CLI rendered directly on the Router BGP, VLAN-aware-bundle definition in the final EOS configuration
eos_cli: <str>
vlans:
- id: <int; required; unique>
# Key only used for documentation or validation purposes
tenant: <str>
# Route distinguisher
rd: <str>
rd_evpn_domain:
domain: <str; "remote" | "all">
# Route distinguisher
rd: <str>
# Multiline EOS CLI rendered directly on the Router BGP, VLAN definition in the final EOS configuration
eos_cli: <str>
route_targets:
both:
- <str>
import:
- <str>
export:
- <str>
import_evpn_domains:
- domain: <str; "remote" | "all">
route_target: <str>
export_evpn_domains:
- domain: <str; "remote" | "all">
route_target: <str>
import_export_evpn_domains:
- domain: <str; "remote" | "all">
route_target: <str>
redistribute_routes:
- <str>
no_redistribute_routes:
- <str>
vpws:
# VPWS instance name
- name: <str; required; unique>
# Route distinguisher
rd: <str>
route_targets:
# Route Target
import_export: <str>
mpls_control_word: <bool>
label_flow: <bool>
mtu: <int>
pseudowires:
# Pseudowire name
- name: <str; required; unique>
# Must match id_remote on other pe
id_local: <int>
# Must match id_local on other pe
id_remote: <int>
address_family_evpn:
domain_identifier: <str>
neighbor_default:
encapsulation: <str; "vxlan" | "mpls">
# Source interface name
next_hop_self_source_interface: <str>
next_hop_self_received_evpn_routes:
enable: <bool>
inter_domain: <bool>
peer_groups:
# Peer-group name
- name: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
domain_remote: <bool>
encapsulation: <str; "vxlan" | "mpls">
additional_paths:
receive: <bool>
send:
any: <bool>
backup: <bool>
ecmp: <bool>
# Amount of ECMP paths to send
ecmp_limit: <int; 2-64>
# Amount of paths to send
limit: <int; 2-64>
evpn_hostflap_detection:
enabled: <bool>
# Time (in seconds) to detect a MAC duplication issue
window: <int; 0-4294967295>
# Minimum number of MAC moves that indicate a MAC Duplication issue
threshold: <int; 0-4294967295>
# Time (in seconds) to purge a MAC duplication issue
expiry_timeout: <int; 0-4294967295>
next_hop:
resolution_disabled: <bool>
route:
import_match_failure_action: <str; "discard">
next_hop_unchanged: <bool>
address_family_rtc:
peer_groups:
# Peer-group name
- name: <str; required; unique>
activate: <bool>
default_route_target:
only: <bool>
encoding_origin_as_omit: <str>
address_family_ipv4:
networks:
# IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I"
- prefix: <str; required; unique>
# Route-map name
route_map: <str>
peer_groups:
# Peer-group name
- name: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
default_originate:
always: <bool>
# Route-map name
route_map: <str>
next_hop:
address_family_ipv6:
enabled: <bool; required>
originate: <bool>
# This key is deprecated.
# Support will be removed in AVD version 5.0.0.
# Use <samp>address_family_ipv6</samp> instead.
address_family_ipv6_originate: <bool>
# Inbound prefix-list name
prefix_list_in: <str>
# Outbound prefix-list name
prefix_list_out: <str>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
# Inbound prefix-list name
prefix_list_in: <str>
# Prefix-list name
prefix_list_out: <str>
default_originate:
always: <bool>
route_map: <str>
address_family_ipv4_multicast:
peer_groups:
# Peer-group name
- name: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
redistribute_routes:
- source_protocol: <str; required; unique>
route_map: <str>
address_family_ipv4_sr_te:
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
peer_groups:
# Peer-group name
- name: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
address_family_ipv6:
networks:
# IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I"
- prefix: <str; required; unique>
# Route-map name
route_map: <str>
peer_groups:
# Peer-group name
- name: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
# Inbound prefix-list name
prefix_list_in: <str>
# Outbound prefix-list name
prefix_list_out: <str>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
# Inbound prefix-list name
prefix_list_in: <str>
# Outbound prefix-list name
prefix_list_out: <str>
redistribute_routes:
- source_protocol: <str; required; unique>
route_map: <str>
include_leaked: <bool>
address_family_ipv6_multicast:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
additional_paths:
receive: <bool>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
peer_groups:
# Peer-group name
- name: <str; required; unique>
activate: <bool>
networks:
# IPv6 prefix "A:B:C:D:E:F:G:H/I"
- prefix: <str; required; unique>
route_map: <str>
address_family_ipv6_sr_te:
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
peer_groups:
# Peer-group name
- name: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
address_family_link_state:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
peer_groups:
# Peer-group name
- name: <str; required; unique>
activate: <bool>
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
path_selection:
roles:
producer: <bool>
consumer: <bool>
propagator: <bool>
address_family_flow_spec_ipv4:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
peer_groups:
# Peer-group name
- name: <str; required; unique>
activate: <bool>
address_family_flow_spec_ipv6:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
peer_groups:
# Peer-group name
- name: <str; required; unique>
activate: <bool>
address_family_path_selection:
bgp:
additional_paths:
receive: <bool>
send:
any: <bool>
backup: <bool>
ecmp: <bool>
# Amount of ECMP paths to send
ecmp_limit: <int; 2-64>
# Amount of paths to send
limit: <int; 2-64>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
additional_paths:
install: <bool>
install_ecmp_primary: <bool>
receive: <bool>
send:
any: <bool>
backup: <bool>
ecmp: <bool>
# Amount of ECMP paths to send
ecmp_limit: <int; 2-64>
# Amount of paths to send
limit: <int; 2-64>
peer_groups:
# Peer-group name
- name: <str; required; unique>
activate: <bool>
additional_paths:
install: <bool>
install_ecmp_primary: <bool>
receive: <bool>
send:
any: <bool>
backup: <bool>
ecmp: <bool>
# Amount of ECMP paths to send
ecmp_limit: <int; 2-64>
# Amount of paths to send
limit: <int; 2-64>
address_family_vpn_ipv4:
domain_identifier: <str>
peer_groups:
# Peer-group name
- name: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
route:
import_match_failure_action: <str; "discard">
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
neighbor_default_encapsulation_mpls_next_hop_self:
source_interface: <str>
address_family_vpn_ipv6:
domain_identifier: <str>
peer_groups:
# Peer-group name
- name: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
route:
import_match_failure_action: <str; "discard">
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
neighbor_default_encapsulation_mpls_next_hop_self:
source_interface: <str>
vrfs:
# VRF name
- name: <str; required; unique>
# Route distinguisher
rd: <str>
evpn_multicast: <bool>
# Enable per-AF EVPN multicast settings
evpn_multicast_address_family:
ipv4:
# Enable EVPN multicast transit mode
transit: <bool>
route_targets:
import:
- address_family: <str; required; unique>
route_targets:
- <str>
route_map: <str>
export:
- address_family: <str; required; unique>
route_targets:
- <str>
route_map: <str>
# in IP address format A.B.C.D
router_id: <str>
# BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>"
timers: <str>
networks:
# IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I"
- prefix: <str; required; unique>
route_map: <str>
updates:
# Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
wait_for_convergence: <bool>
# Do not advertise reachability to a prefix until that prefix has been installed in hardware.
# This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
wait_install: <bool>
# Improved "listen_ranges" data model to support multiple listen ranges and additional filter capabilities
listen_ranges:
# IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I"
- prefix: <str>
# Include router ID as part of peer filter
peer_id_include_router_id: <bool>
# Peer-group name
peer_group: <str>
# Peer-filter name
# note: `peer_filter`` or `remote_as` is required but mutually exclusive.
# If both are defined, peer_filter takes precedence
peer_filter: <str>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
remote_as: <str>
neighbors:
- ip_address: <str; required; unique>
# Peer-group name
peer_group: <str>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
remote_as: <str>
password: <str>
passive: <bool>
# Remove private AS numbers in outbound AS path
remove_private_as:
enabled: <bool>
all: <bool>
replace_as: <bool>
remove_private_as_ingress:
enabled: <bool>
replace_as: <bool>
weight: <int; 0-65535>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
local_as: <str>
# BGP AS-PATH options
as_path:
# Replace AS number with local AS number
remote_as_replace_out: <bool>
# Disable prepending own AS number to AS path
prepend_own_disabled: <bool>
description: <str>
route_reflector_client: <bool>
# Time-to-live in range of hops
ebgp_multihop: <int; 1-255>
next_hop_self: <bool>
shutdown: <bool>
bfd: <bool>
# BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>"
timers: <str>
rib_in_pre_policy_retain:
enabled: <bool>
all: <bool>
# 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'
send_community: <str>
maximum_routes: <int>
# Maximum number of routes after which a warning is issued (0 means never warn) or
# Percentage of maximum number of routes at which to warn ("<1-100> percent")
maximum_routes_warning_limit: <str>
maximum_routes_warning_only: <bool>
allowas_in:
enabled: <bool>
# Number of local ASNs allowed in a BGP update
times: <int; 1-10>
default_originate:
enabled: <bool>
always: <bool>
route_map: <str>
update_source: <str>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
# Inbound prefix-list name
# This key is deprecated.
# Support will be removed in AVD version 5.0.0.
# Use <samp>router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_in or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_in</samp> instead.
prefix_list_in: <str>
# Outbound prefix-list name
# This key is deprecated.
# Support will be removed in AVD version 5.0.0.
# Use <samp>router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_out or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_out</samp> instead.
prefix_list_out: <str>
neighbor_interfaces:
# Interface name
- name: <str; required; unique>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
remote_as: <str>
# Peer-group name
peer_group: <str>
# Peer-filter name
peer_filter: <str>
description: <str>
redistribute_routes:
- source_protocol: <str; required; unique>
route_map: <str>
include_leaked: <bool>
aggregate_addresses:
# IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I"
- prefix: <str; required; unique>
advertise_only: <bool>
as_set: <bool>
summary_only: <bool>
attribute_map: <str>
match_map: <str>
address_family_ipv4:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
additional_paths:
install: <bool>
install_ecmp_primary: <bool>
receive: <bool>
send:
any: <bool>
backup: <bool>
ecmp: <bool>
# Amount of ECMP paths to send
ecmp_limit: <int; 2-64>
# Amount of paths to send
limit: <int; 2-64>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
# Inbound prefix-list name
prefix_list_in: <str>
# Outbound prefix-list name
prefix_list_out: <str>
next_hop:
address_family_ipv6:
enabled: <bool; required>
originate: <bool>
networks:
# IPv4 prefix "A.B.C.D/E"
- prefix: <str; required; unique>
route_map: <str>
address_family_ipv6:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
additional_paths:
install: <bool>
install_ecmp_primary: <bool>
receive: <bool>
send:
any: <bool>
backup: <bool>
ecmp: <bool>
# Amount of ECMP paths to send
ecmp_limit: <int; 2-64>
# Amount of paths to send
limit: <int; 2-64>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
# Inbound prefix-list name
prefix_list_in: <str>
# Outbound prefix-list name
prefix_list_out: <str>
networks:
# IPv6 prefix "A:B:C:D:E:F:G:H/I"
- prefix: <str; required; unique>
route_map: <str>
address_family_ipv4_multicast:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
additional_paths:
receive: <bool>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
networks:
# IPv6 prefix "A.B.C.D/E"
- prefix: <str; required; unique>
route_map: <str>
address_family_ipv6_multicast:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
additional_paths:
receive: <bool>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
networks:
# IPv6 prefix "A:B:C:D:E:F:G:H/I"
- prefix: <str; required; unique>
route_map: <str>
address_family_flow_spec_ipv4:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
address_family_flow_spec_ipv6:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# This key is deprecated.
# Support will be removed in AVD version 5.0.0.
# Use <samp>address_family_*</samp> instead.
address_families:
- address_family: <str; required; unique>
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
additional_paths:
- <str>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name
route_map_in: <str>
# Outbound route-map name
route_map_out: <str>
peer_groups:
# Peer-group name
- name: <str; required; unique>
activate: <bool>
next_hop:
address_family_ipv6_originate: <bool>
networks:
# IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I"
- prefix: <str; required; unique>
route_map: <str>
# Multiline EOS CLI rendered directly on the Router BGP, VRF definition in the final EOS configuration
eos_cli: <str>
session_trackers:
# Name of session tracker
- name: <str; required; unique>
# Recovery delay in seconds
recovery_delay: <int; 1-3600>
Router general¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_general | Dictionary | ||||
router_id | Dictionary | ||||
ipv4 | String | IPv4 Address | |||
ipv6 | String | IPv6 Address | |||
nexthop_fast_failover | Boolean | False |
|||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | Destination-VRF | ||
leak_routes | List, items: Dictionary | ||||
- source_vrf | String | ||||
subscribe_policy | String | Route-Map Policy | |||
routes | Dictionary | ||||
dynamic_prefix_lists | List, items: Dictionary | ||||
- name | String | Dynamic Prefix List Name |
router_general:
router_id:
# IPv4 Address
ipv4: <str>
# IPv6 Address
ipv6: <str>
nexthop_fast_failover: <bool; default=False>
vrfs:
# Destination-VRF
- name: <str; required; unique>
leak_routes:
- source_vrf: <str>
# Route-Map Policy
subscribe_policy: <str>
routes:
dynamic_prefix_lists:
# Dynamic Prefix List Name
- name: <str>
Router ISIS¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_isis | Dictionary | ||||
instance | String | Required | ISIS Instance Name | ||
net | String | CLNS Address like “49.0001.0001.0000.0001.00” | |||
router_id | String | IPv4 Address | |||
is_type | String | Valid Values: - level-1 - level-1-2 - level-2 |
|||
log_adjacency_changes | Boolean | ||||
mpls_ldp_sync_default | Boolean | ||||
timers | Dictionary | ||||
local_convergence | Dictionary | ||||
protected_prefixes | Boolean | ||||
delay | Integer | 10000 |
Delay in milliseconds. | ||
advertise | Dictionary | ||||
passive_only | Boolean | ||||
address_family | List, items: String | ||||
- <str> deprecated | String | Valid Values: - ipv4 - ipv6 - ipv4 unicast - ipv6 unicast |
Address FamilyThis key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_ipv4.enabled or address_family_ipv6.enabled instead. | ||
isis_af_defaults | List, items: String | ||||
- <str> deprecated | String | EOS CLI rendered under the address families Example “maximum-paths 64” This key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_ipv4/address_family_ipv6 instead. |
|||
redistribute_routes | List, items: Dictionary | ||||
- source_protocol | String | Required | Valid Values: - bgp - connected - isis - ospf - ospfv3 - static |
||
route_map | String | Route-map name | |||
include_leaked | Boolean | ||||
ospf_route_type | String | Valid Values: - external - internal - nssa-external |
ospf_route_type is required with source_protocols ‘ospf’ and ‘ospfv3’ | ||
address_family_ipv4 | Dictionary | ||||
enabled | Boolean | ||||
maximum_paths | Integer | Min: 1 Max: 128 |
|||
fast_reroute_ti_lfa | Dictionary | ||||
mode | String | Valid Values: - link-protection - node-protection |
|||
level | String | Valid Values: - level-1 - level-2 |
|||
srlg | Dictionary | Shared Risk Link Group | |||
enable | Boolean | ||||
strict | Boolean | ||||
tunnel_source_labeled_unicast | Dictionary | ||||
enabled | Boolean | ||||
rcf | String | Route Control Function | |||
address_family_ipv6 | Dictionary | ||||
enabled | Boolean | ||||
maximum_paths | Integer | Min: 1 Max: 128 |
|||
fast_reroute_ti_lfa | Dictionary | ||||
mode | String | Valid Values: - link-protection - node-protection |
|||
level | String | Valid Values: - level-1 - level-2 |
Optional, default is to protect all levels | ||
srlg | Dictionary | Shared Risk Link Group | |||
enable | Boolean | ||||
strict | Boolean | ||||
segment_routing_mpls | Dictionary | ||||
enabled | Boolean | ||||
router_id | String | ||||
prefix_segments | List, items: Dictionary | ||||
- prefix | String | ||||
index | Integer |
router_isis:
# ISIS Instance Name
instance: <str; required>
# CLNS Address like "49.0001.0001.0000.0001.00"
net: <str>
# IPv4 Address
router_id: <str>
is_type: <str; "level-1" | "level-1-2" | "level-2">
log_adjacency_changes: <bool>
mpls_ldp_sync_default: <bool>
timers:
local_convergence:
protected_prefixes: <bool>
# Delay in milliseconds.
delay: <int; default=10000>
advertise:
passive_only: <bool>
address_family:
# Address Family
# This key is deprecated.
# Support will be removed in AVD version 5.0.0.
# Use <samp>address_family_ipv4.enabled or address_family_ipv6.enabled</samp> instead.
- <str; "ipv4" | "ipv6" | "ipv4 unicast" | "ipv6 unicast">
isis_af_defaults:
# EOS CLI rendered under the address families
# Example "maximum-paths 64"
# This key is deprecated.
# Support will be removed in AVD version 5.0.0.
# Use <samp>address_family_ipv4/address_family_ipv6</samp> instead.
- <str>
redistribute_routes:
- source_protocol: <str; "bgp" | "connected" | "isis" | "ospf" | "ospfv3" | "static"; required>
# Route-map name
route_map: <str>
include_leaked: <bool>
# ospf_route_type is required with source_protocols 'ospf' and 'ospfv3'
ospf_route_type: <str; "external" | "internal" | "nssa-external">
address_family_ipv4:
enabled: <bool>
maximum_paths: <int; 1-128>
fast_reroute_ti_lfa:
mode: <str; "link-protection" | "node-protection">
level: <str; "level-1" | "level-2">
# Shared Risk Link Group
srlg:
enable: <bool>
strict: <bool>
tunnel_source_labeled_unicast:
enabled: <bool>
# Route Control Function
rcf: <str>
address_family_ipv6:
enabled: <bool>
maximum_paths: <int; 1-128>
fast_reroute_ti_lfa:
mode: <str; "link-protection" | "node-protection">
# Optional, default is to protect all levels
level: <str; "level-1" | "level-2">
# Shared Risk Link Group
srlg:
enable: <bool>
strict: <bool>
segment_routing_mpls:
enabled: <bool>
router_id: <str>
prefix_segments:
- prefix: <str>
index: <int>
Router L2 VPN¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_l2_vpn | Dictionary | ||||
arp_learning_bridged | Boolean | ||||
arp_proxy | Dictionary | ||||
prefix_list | String | Prefix-list name. ARP Proxying is disabled for IPv4 addresses defined in the prefix-list. | |||
arp_selective_install | Boolean | ||||
nd_learning_bridged | Boolean | ||||
nd_proxy | Dictionary | ||||
prefix_list | String | Prefix-list name. ND Proxying is disabled for IPv6 addresses defined in the prefix-list. | |||
nd_rs_flooding_disabled | Boolean | ||||
virtual_router_nd_ra_flooding_disabled | Boolean |
router_l2_vpn:
arp_learning_bridged: <bool>
arp_proxy:
# Prefix-list name. ARP Proxying is disabled for IPv4 addresses defined in the prefix-list.
prefix_list: <str>
arp_selective_install: <bool>
nd_learning_bridged: <bool>
nd_proxy:
# Prefix-list name. ND Proxying is disabled for IPv6 addresses defined in the prefix-list.
prefix_list: <str>
nd_rs_flooding_disabled: <bool>
virtual_router_nd_ra_flooding_disabled: <bool>
Router OSPF¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_ospf | Dictionary | ||||
process_ids | List, items: Dictionary | ||||
- id | Integer | Required, Unique | OSPF Process ID | ||
vrf | String | VRF Name for OSPF Process | |||
passive_interface_default | Boolean | ||||
router_id | String | IPv4 Address | |||
distance | Dictionary | ||||
external | Integer | Min: 1 Max: 255 |
|||
inter_area | Integer | Min: 1 Max: 255 |
|||
intra_area | Integer | Min: 1 Max: 255 |
|||
log_adjacency_changes_detail | Boolean | ||||
network_prefixes | List, items: Dictionary | ||||
- ipv4_prefix | String | Required, Unique | |||
area | String | ||||
bfd_enable | Boolean | ||||
bfd_adjacency_state_any | Boolean | ||||
no_passive_interfaces | List, items: String | ||||
- <str> | String | Interface Name | |||
distribute_list_in | Dictionary | ||||
route_map | String | ||||
max_lsa | Integer | ||||
timers | Dictionary | ||||
lsa | Dictionary | ||||
rx_min_interval | Integer | Min: 0 Max: 600000 |
Min interval in msecs between accepting the same LSA | ||
tx_delay | Dictionary | ||||
initial | Integer | Min: 0 Max: 600000 |
Delay to generate first occurrence of LSA in msecs | ||
min | Integer | Min: 1 Max: 600000 |
Min delay between originating the same LSA in msecs | ||
max | Integer | Min: 1 Max: 600000 |
1-600000 Maximum delay between originating the same LSA in msec | ||
spf_delay | Dictionary | ||||
initial | Integer | Min: 0 Max: 600000 |
Initial SPF schedule delay in msecs | ||
min | Integer | Min: 0 Max: 65535000 |
Min Hold time between two SPFs in msecs | ||
max | Integer | Min: 0 Max: 65535000 |
Max wait time between two SPFs in msecs | ||
default_information_originate | Dictionary | ||||
always | Boolean | ||||
metric | Integer | Min: 1 Max: 65535 |
Metric for default route | ||
metric_type | Integer | Valid Values: - 1 - 2 |
OSPF metric type for default route | ||
summary_addresses | List, items: Dictionary | ||||
- prefix | String | Required, Unique | Summary Prefix Address | ||
tag | Integer | ||||
attribute_map | String | ||||
not_advertise | Boolean | ||||
redistribute | Dictionary | ||||
static | Dictionary | ||||
route_map | String | Route Map Name | |||
include_leaked | Boolean | ||||
connected | Dictionary | ||||
route_map | String | Route Map Name | |||
include_leaked | Boolean | ||||
bgp | Dictionary | ||||
route_map | String | Route Map Name | |||
include_leaked | Boolean | ||||
auto_cost_reference_bandwidth | Integer | Bandwidth in mbps | |||
areas | List, items: Dictionary | ||||
- id | String | Required, Unique | |||
filter | Dictionary | ||||
networks | List, items: String | ||||
- <str> | String | IPv4 Prefix | |||
prefix_list | String | Prefix-List Name | |||
type | String | normal |
Valid Values: - normal - stub - nssa |
||
no_summary | Boolean | ||||
nssa_only | Boolean | ||||
default_information_originate | Dictionary | ||||
metric | Integer | Min: 1 Max: 65535 |
Metric for default route | ||
metric_type | Integer | Valid Values: - 1 - 2 |
OSPF metric type for default route | ||
maximum_paths | Integer | Min: 1 Max: 128 |
|||
max_metric | Dictionary | ||||
router_lsa | Dictionary | ||||
external_lsa | Dictionary | ||||
override_metric | Integer | Min: 1 Max: 16777215 |
|||
include_stub | Boolean | ||||
on_startup | String | “wait-for-bgp” or Integer 5-86400 Example: “wait-for-bgp” Or “222” |
|||
summary_lsa | Dictionary | ||||
override_metric | Integer | Min: 1 Max: 16777215 |
|||
mpls_ldp_sync_default | Boolean | ||||
eos_cli | String | Multiline EOS CLI rendered directly on the Router OSPF process ID in the final EOS configuration |
router_ospf:
process_ids:
# OSPF Process ID
- id: <int; required; unique>
# VRF Name for OSPF Process
vrf: <str>
passive_interface_default: <bool>
# IPv4 Address
router_id: <str>
distance:
external: <int; 1-255>
inter_area: <int; 1-255>
intra_area: <int; 1-255>
log_adjacency_changes_detail: <bool>
network_prefixes:
- ipv4_prefix: <str; required; unique>
area: <str>
bfd_enable: <bool>
bfd_adjacency_state_any: <bool>
no_passive_interfaces:
# Interface Name
- <str>
distribute_list_in:
route_map: <str>
max_lsa: <int>
timers:
lsa:
# Min interval in msecs between accepting the same LSA
rx_min_interval: <int; 0-600000>
tx_delay:
# Delay to generate first occurrence of LSA in msecs
initial: <int; 0-600000>
# Min delay between originating the same LSA in msecs
min: <int; 1-600000>
# 1-600000 Maximum delay between originating the same LSA in msec
max: <int; 1-600000>
spf_delay:
# Initial SPF schedule delay in msecs
initial: <int; 0-600000>
# Min Hold time between two SPFs in msecs
min: <int; 0-65535000>
# Max wait time between two SPFs in msecs
max: <int; 0-65535000>
default_information_originate:
always: <bool>
# Metric for default route
metric: <int; 1-65535>
# OSPF metric type for default route
metric_type: <int; 1 | 2>
summary_addresses:
# Summary Prefix Address
- prefix: <str; required; unique>
tag: <int>
attribute_map: <str>
not_advertise: <bool>
redistribute:
static:
# Route Map Name
route_map: <str>
include_leaked: <bool>
connected:
# Route Map Name
route_map: <str>
include_leaked: <bool>
bgp:
# Route Map Name
route_map: <str>
include_leaked: <bool>
# Bandwidth in mbps
auto_cost_reference_bandwidth: <int>
areas:
- id: <str; required; unique>
filter:
networks:
# IPv4 Prefix
- <str>
# Prefix-List Name
prefix_list: <str>
type: <str; "normal" | "stub" | "nssa"; default="normal">
no_summary: <bool>
nssa_only: <bool>
default_information_originate:
# Metric for default route
metric: <int; 1-65535>
# OSPF metric type for default route
metric_type: <int; 1 | 2>
maximum_paths: <int; 1-128>
max_metric:
router_lsa:
external_lsa:
override_metric: <int; 1-16777215>
include_stub: <bool>
# "wait-for-bgp" or Integer 5-86400
# Example: "wait-for-bgp" Or "222"
on_startup: <str>
summary_lsa:
override_metric: <int; 1-16777215>
mpls_ldp_sync_default: <bool>
# Multiline EOS CLI rendered directly on the Router OSPF process ID in the final EOS configuration
eos_cli: <str>
Router path selection¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_path_selection | Dictionary | Dynamic path selection configuration. | |||
peer_dynamic_source | String | Valid Values: - stun |
Source of dynamic peer discovery. | ||
path_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Path group name. | ||
id | Integer | Min: 1 Max: 65535 |
Path group ID. | ||
ipsec_profile | String | IPSec profile for the path group. | |||
flow_assignment | String | Valid Values: - lan |
Flow assignement lan can not be configured in a path group with dynamic peers. |
||
local_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | Pattern: ^Ethernet\d+(/\d+)*(.\d+)?$ | Local interface name. | |
public_address | String | Public IP assigned by NAT. | |||
stun | Dictionary | ||||
server_profiles | List, items: String | Required | Min Length: 1 Max Length: 12 |
STUN server-profile names. | |
- <str> | String | ||||
local_ips | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
public_address | String | Public IP assigned by NAT. | |||
stun | Dictionary | ||||
server_profiles | List, items: String | Required | Min Length: 1 Max Length: 12 |
STUN server-profile names. | |
- <str> | String | ||||
dynamic_peers | Dictionary | Flow assignement lan can not be configured in a path group with dynamic peers. |
|||
enabled | Boolean | Enable peer dynamic . |
|||
ip_local | Boolean | Prefer local IP address. | |||
ipsec | Boolean | IPsec configuration for dynamic peers. | |||
static_peers | List, items: Dictionary | ||||
- router_ip | String | Required, Unique | Peer router IP. | ||
name | String | Name of the site. | |||
ipv4_addresses | List, items: String | Static IPv4 addresses. | |||
- <str> | String | ||||
load_balance_policies | List, items: Dictionary | ||||
- name | String | Required, Unique | Load-balance policy name. | ||
lowest_hop_count | Boolean | Prefer paths with lowest hop-count. | |||
jitter | Integer | Min: 0 Max: 10000 |
Jitter requirement for this load balance policy in milliseconds. | ||
latency | Integer | Min: 0 Max: 10000 |
One way delay requirement for this load balance policy in milliseconds. | ||
loss_rate | String | Pattern: ^\d+(.\d{1,2})?$ | Loss Rate requirement in percentage for this load balance policy. Value between 0.00 and 100.00 % |
||
path_groups | List, items: Dictionary | List of path-groups to use for this load balance policy. | |||
- name | String | Required, Unique | Path-group name | ||
priority | Integer | Min: 1 Max: 65535 |
Priority for this path-group. The EOS default value is 1. |
||
policies | List, items: Dictionary | ||||
- name | String | Required, Unique | DPS policy name. | ||
default_match | Dictionary | ||||
load_balance | String | Name of the load-balance policy. | |||
rules | List, items: Dictionary | ||||
- id | Integer | Required, Unique | Min: 1 Max: 255 |
Rule ID. | |
application_profile | String | Required | |||
load_balance | String | Name of the load-balance policy. | |||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF name. | ||
path_selection_policy | String | DPS policy name to use for this VRF. |
# Dynamic path selection configuration.
router_path_selection:
# Source of dynamic peer discovery.
peer_dynamic_source: <str; "stun">
path_groups:
# Path group name.
- name: <str; required; unique>
# Path group ID.
id: <int; 1-65535>
# IPSec profile for the path group.
ipsec_profile: <str>
# Flow assignement `lan` can not be configured in a path group with dynamic peers.
flow_assignment: <str; "lan">
local_interfaces:
# Local interface name.
- name: <str; required; unique>
# Public IP assigned by NAT.
public_address: <str>
stun:
# STUN server-profile names.
server_profiles: # 1-12 items; required
- <str>
local_ips:
- ip_address: <str; required; unique>
# Public IP assigned by NAT.
public_address: <str>
stun:
# STUN server-profile names.
server_profiles: # 1-12 items; required
- <str>
# Flow assignement `lan` can not be configured in a path group with dynamic peers.
dynamic_peers:
# Enable `peer dynamic`.
enabled: <bool>
# Prefer local IP address.
ip_local: <bool>
# IPsec configuration for dynamic peers.
ipsec: <bool>
static_peers:
# Peer router IP.
- router_ip: <str; required; unique>
# Name of the site.
name: <str>
# Static IPv4 addresses.
ipv4_addresses:
- <str>
load_balance_policies:
# Load-balance policy name.
- name: <str; required; unique>
# Prefer paths with lowest hop-count.
lowest_hop_count: <bool>
# Jitter requirement for this load balance policy in milliseconds.
jitter: <int; 0-10000>
# One way delay requirement for this load balance policy in milliseconds.
latency: <int; 0-10000>
# Loss Rate requirement in percentage for this load balance policy.
# Value between 0.00 and 100.00 %
loss_rate: <str>
# List of path-groups to use for this load balance policy.
path_groups:
# Path-group name
- name: <str; required; unique>
# Priority for this path-group.
# The EOS default value is 1.
priority: <int; 1-65535>
policies:
# DPS policy name.
- name: <str; required; unique>
default_match:
# Name of the load-balance policy.
load_balance: <str>
rules:
# Rule ID.
- id: <int; 1-255; required; unique>
application_profile: <str; required>
# Name of the load-balance policy.
load_balance: <str>
vrfs:
# VRF name.
- name: <str; required; unique>
# DPS policy name to use for this VRF.
path_selection_policy: <str>
Router service-insertion¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_service_insertion | Dictionary | Configure network services inserted to data forwarding | |||
enabled | Boolean |
Router traffic engineering¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_traffic_engineering | Dictionary | ||||
enabled | Boolean | ||||
router_id | Dictionary | ||||
ipv4 | String | ||||
ipv6 | String | ||||
segment_routing | Dictionary | ||||
colored_tunnel_rib | Boolean | ||||
policy_endpoints | List, items: Dictionary | ||||
- address | String | IPv4 or IPv6 address | |||
colors | List, items: Dictionary | ||||
- value | Integer | Required, Unique | |||
binding_sid | Integer | ||||
description | String | ||||
name | String | ||||
sbfd_remote_discriminator | String | IPv4 address or 32 bit integer | |||
path_group | List, items: Dictionary | ||||
- preference | Integer | ||||
explicit_null | String | Valid Values: - ipv4 - ipv6 - ipv4 ipv6 - none |
|||
segment_list | List, items: Dictionary | ||||
- label_stack | String | Label Stack as string. Example: “100 2000 30” |
|||
weight | Integer | ||||
index | Integer |
router_traffic_engineering:
enabled: <bool>
router_id:
ipv4: <str>
ipv6: <str>
segment_routing:
colored_tunnel_rib: <bool>
policy_endpoints:
# IPv4 or IPv6 address
- address: <str>
colors:
- value: <int; required; unique>
binding_sid: <int>
description: <str>
name: <str>
# IPv4 address or 32 bit integer
sbfd_remote_discriminator: <str>
path_group:
- preference: <int>
explicit_null: <str; "ipv4" | "ipv6" | "ipv4 ipv6" | "none">
segment_list:
# Label Stack as string.
# Example: "100 2000 30"
- label_stack: <str>
weight: <int>
index: <int>
Service routing configuration bgp¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
service_routing_configuration_bgp | Dictionary | ||||
no_equals_default | Boolean |
Service routing protocols model¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
service_routing_protocols_model | String | Valid Values: - multi-agent - ribd |
Static routes¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
static_routes | List, items: Dictionary | ||||
- vrf | String | VRF Name | |||
destination_address_prefix | String | IPv4_network/Mask | |||
interface | String | ||||
gateway | String | IPv4 Address | |||
track_bfd | Boolean | Track next-hop using BFD | |||
distance | Integer | Min: 1 Max: 255 |
|||
tag | Integer | Min: 0 Max: 4294967295 |
|||
name | String | Description | |||
metric | Integer | Min: 0 Max: 4294967295 |
STUN¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
stun | Dictionary | STUN configuration. | |||
client | Dictionary | STUN client settings. | |||
server_profiles | List, items: Dictionary | List of server profiles for the client. | |||
- name | String | Required, Unique | |||
ip_address | String | ||||
ssl_profile | String | SSL profile name. | |||
port | Integer | Min: 1 Max: 65535 |
Destination port for the request STUN server (default - 3478). | ||
server | Dictionary | STUN server settings. | |||
local_interface deprecated | String | This key is deprecated. Support will be removed in AVD version v5.0.0. Use local_interfaces instead. | |||
local_interfaces | List, items: String | Min Length: 1 | |||
- <str> | String | ||||
bindings_timeout | Integer | Min: 10 Max: 7200 |
Timeout for bindings stored on STUN server in seconds. | ||
ssl_profile | String | SSL profile name. | |||
ssl_connection_lifetime | Dictionary | SSL connection lifetime in minutes or hours. If both are specified, minutes is given higher precedence. |
|||
minutes | Integer | Min: 1 Max: 1440 |
SSL connection lifetime in minutes (default - 120). | ||
hours | Integer | Min: 1 Max: 24 |
SSL connection lifetime in hours (default - 2). | ||
port | Integer | Min: 1 Max: 65535 |
Listening port for STUN server (default - 3478). |
# STUN configuration.
stun:
# STUN client settings.
client:
# List of server profiles for the client.
server_profiles:
- name: <str; required; unique>
ip_address: <str>
# SSL profile name.
ssl_profile: <str>
# Destination port for the request STUN server (default - 3478).
port: <int; 1-65535>
# STUN server settings.
server:
# This key is deprecated.
# Support will be removed in AVD version v5.0.0.
# Use <samp>local_interfaces</samp> instead.
local_interface: <str>
local_interfaces: # >=1 items
- <str>
# Timeout for bindings stored on STUN server in seconds.
bindings_timeout: <int; 10-7200>
# SSL profile name.
ssl_profile: <str>
# SSL connection lifetime in minutes or hours.
# If both are specified, minutes is given higher precedence.
ssl_connection_lifetime:
# SSL connection lifetime in minutes (default - 120).
minutes: <int; 1-1440>
# SSL connection lifetime in hours (default - 2).
hours: <int; 1-24>
# Listening port for STUN server (default - 3478).
port: <int; 1-65535>
VRFs¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
vrfs | List, items: Dictionary | These keys are ignored if the name of the vrf is ‘default’ |
|||
- name | String | Required, Unique | VRF Name | ||
description | String | ||||
ip_routing | Boolean | ||||
ipv6_routing | Boolean | ||||
ip_routing_ipv6_interfaces | Boolean | ||||
tenant | String | Key only used for documentation or validation purposes |
Security¶
IP Security¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_security | Dictionary | ||||
ike_policies | List, items: Dictionary | Internet Security Association and Key Mgmt Protocol. | |||
- name | String | Required, Unique | Policy name. | ||
local_id | String | Local IKE Identification. Can be an IPv4 or an IPv6 address. |
|||
ike_lifetime | Integer | Min: 1 Max: 24 |
IKE lifetime in hours. | ||
encryption | String | Valid Values: - 3des - aes128 - aes256 |
IKE encryption algorithm. | ||
dh_group | Integer | Valid Values: - 1 - 2 - 5 - 14 - 15 - 16 - 17 - 20 - 21 - 24 |
Diffie-Hellman group for the key exchange. | ||
sa_policies | List, items: Dictionary | Security Association policies. | |||
- name | String | Required, Unique | Name of the SA policy. The “null” value is deprecated and will be removed in AVD 5.0.0 | ||
esp | Dictionary | ||||
integrity | String | Valid Values: - disabled - sha1 - sha256 - null |
|||
encryption | String | Valid Values: - disabled - aes128 - aes128gcm128 - aes128gcm64 - aes256 - aes256gcm256 - null |
|||
pfs_dh_group | Integer | Valid Values: - 1 - 2 - 5 - 14 - 15 - 16 - 17 - 20 - 21 - 24 |
|||
profiles | List, items: Dictionary | IPSec profiles. | |||
- name | String | Required, Unique | Name of the IPsec profile. | ||
ike_policy | String | Name of the IKE policy to use in this profile. | |||
sa_policy | String | Name of the Security Association to use in this profile. | |||
connection | String | Valid Values: - add - start - route |
IPsec connection (Initiator/Responder/Dynamic). | ||
shared_key | String | Encrypted password - only type 7 supported. | |||
dpd | Dictionary | Dead Peer Detection. | |||
interval | Integer | Required | Min: 2 Max: 3600 |
Interval (in seconds) between keep-alive messages. | |
time | Integer | Required | Min: 10 Max: 3600 |
Time (in seconds) after which the action is applied. | |
action | String | Required | Valid Values: - clear - hold - restart |
Action to apply * ‘clear’: Delete all connections * ‘hold’: Re-negotiate connection on demand * ‘restart’: Restart connection immediately |
|
mode | String | Valid Values: - transport - tunnel |
Ipsec mode type. | ||
key_controller | Dictionary | ||||
profile | String | IPsec profile name to use. |
ip_security:
# Internet Security Association and Key Mgmt Protocol.
ike_policies:
# Policy name.
- name: <str; required; unique>
# Local IKE Identification.
# Can be an IPv4 or an IPv6 address.
local_id: <str>
# IKE lifetime in hours.
ike_lifetime: <int; 1-24>
# IKE encryption algorithm.
encryption: <str; "3des" | "aes128" | "aes256">
# Diffie-Hellman group for the key exchange.
dh_group: <int; 1 | 2 | 5 | 14 | 15 | 16 | 17 | 20 | 21 | 24>
# Security Association policies.
sa_policies:
# Name of the SA policy. The "null" value is deprecated and will be removed in AVD 5.0.0
- name: <str; required; unique>
esp:
integrity: <str; "disabled" | "sha1" | "sha256" | "null">
encryption: <str; "disabled" | "aes128" | "aes128gcm128" | "aes128gcm64" | "aes256" | "aes256gcm256" | "null">
pfs_dh_group: <int; 1 | 2 | 5 | 14 | 15 | 16 | 17 | 20 | 21 | 24>
# IPSec profiles.
profiles:
# Name of the IPsec profile.
- name: <str; required; unique>
# Name of the IKE policy to use in this profile.
ike_policy: <str>
# Name of the Security Association to use in this profile.
sa_policy: <str>
# IPsec connection (Initiator/Responder/Dynamic).
connection: <str; "add" | "start" | "route">
# Encrypted password - only type 7 supported.
shared_key: <str>
# Dead Peer Detection.
dpd:
# Interval (in seconds) between keep-alive messages.
interval: <int; 2-3600; required>
# Time (in seconds) after which the action is applied.
time: <int; 10-3600; required>
# Action to apply
# * 'clear': Delete all connections
# * 'hold': Re-negotiate connection on demand
# * 'restart': Restart connection immediately
action: <str; "clear" | "hold" | "restart"; required>
# Ipsec mode type.
mode: <str; "transport" | "tunnel">
key_controller:
# IPsec profile name to use.
profile: <str>
Switching¶
MLAG configuration¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
mlag_configuration | Dictionary | ||||
domain_id | String | ||||
heartbeat_interval | Integer | Heartbeat interval in milliseconds | |||
local_interface | String | Local Interface Name | |||
peer_address | String | IPv4 Address | |||
peer_address_heartbeat | Dictionary | ||||
peer_ip | String | IPv4 Address | |||
vrf | String | VRF Name | |||
dual_primary_detection_delay | Integer | Min: 0 Max: 86400 |
Delay in seconds | ||
dual_primary_recovery_delay_mlag | Integer | Min: 0 Max: 86400 |
Delay in seconds | ||
dual_primary_recovery_delay_non_mlag | Integer | Min: 0 Max: 86400 |
Delay in seconds | ||
peer_link | String | Port-Channel interface name | |||
reload_delay_mlag | String | Delay in seconds <0-86400> or ‘infinity’ | |||
reload_delay_non_mlag | String | Delay in seconds <0-86400> or ‘infinity’ |
mlag_configuration:
domain_id: <str>
# Heartbeat interval in milliseconds
heartbeat_interval: <int>
# Local Interface Name
local_interface: <str>
# IPv4 Address
peer_address: <str>
peer_address_heartbeat:
# IPv4 Address
peer_ip: <str>
# VRF Name
vrf: <str>
# Delay in seconds
dual_primary_detection_delay: <int; 0-86400>
# Delay in seconds
dual_primary_recovery_delay_mlag: <int; 0-86400>
# Delay in seconds
dual_primary_recovery_delay_non_mlag: <int; 0-86400>
# Port-Channel interface name
peer_link: <str>
# Delay in seconds <0-86400> or 'infinity'
reload_delay_mlag: <str>
# Delay in seconds <0-86400> or 'infinity'
reload_delay_non_mlag: <str>
Spanning-tree¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
spanning_tree | Dictionary | ||||
root_super | Boolean | ||||
edge_port | Dictionary | ||||
bpdufilter_default | Boolean | ||||
bpduguard_default | Boolean | ||||
mode | String | Valid Values: - mstp - rstp - rapid-pvst - none |
|||
bpduguard_rate_limit | Dictionary | ||||
default | Boolean | ||||
count | Integer | Maximum number of BPDUs per timer interval | |||
rstp_priority | Integer | ||||
mst | Dictionary | ||||
pvst_border | Boolean | ||||
configuration | Dictionary | ||||
name | String | ||||
revision | Integer | 0-65535 | |||
instances | List, items: Dictionary | ||||
- id | Integer | Required, Unique | Instance ID | ||
vlans | String | ”< vlan_id >, < vlan_id >-< vlan_id >” Example: 15,16,17,18 |
|||
mst_instances | List, items: Dictionary | ||||
- id | String | Required, Unique | Instance ID | ||
priority | Integer | ||||
no_spanning_tree_vlan | String | ”< vlan_id >, < vlan_id >-< vlan_id >” Example: 105,202,505-506 |
|||
rapid_pvst_instances | List, items: Dictionary | ||||
- id | String | Required, Unique | ”< vlan_id >, < vlan_id >-< vlan_id >” Example: 105,202,505-506 |
||
priority | Integer |
spanning_tree:
root_super: <bool>
edge_port:
bpdufilter_default: <bool>
bpduguard_default: <bool>
mode: <str; "mstp" | "rstp" | "rapid-pvst" | "none">
bpduguard_rate_limit:
default: <bool>
# Maximum number of BPDUs per timer interval
count: <int>
rstp_priority: <int>
mst:
pvst_border: <bool>
configuration:
name: <str>
# 0-65535
revision: <int>
instances:
# Instance ID
- id: <int; required; unique>
# "< vlan_id >, < vlan_id >-< vlan_id >"
# Example: 15,16,17,18
vlans: <str>
mst_instances:
# Instance ID
- id: <str; required; unique>
priority: <int>
# "< vlan_id >, < vlan_id >-< vlan_id >"
# Example: 105,202,505-506
no_spanning_tree_vlan: <str>
rapid_pvst_instances:
# "< vlan_id >, < vlan_id >-< vlan_id >"
# Example: 105,202,505-506
- id: <str; required; unique>
priority: <int>
VLAN internal order¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
vlan_internal_order | Dictionary | ||||
allocation | String | Required | Valid Values: - ascending - descending |
||
range | Dictionary | Required | |||
beginning | Integer | Required | Min: 2 Max: 4094 |
First VLAN ID. | |
ending | Integer | Required | Min: 2 Max: 4094 |
Last VLAN ID. |
VLANs¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
vlans | List, items: Dictionary | ||||
- id | Integer | Required, Unique | VLAN ID | ||
name | String | VLAN Name | |||
state | String | Valid Values: - active - suspend |
|||
trunk_groups | List, items: String | ||||
- <str> | String | Trunk Group Name | |||
private_vlan | Dictionary | ||||
type | String | Valid Values: - community - isolated |
|||
primary_vlan | Integer | Primary VLAN ID | |||
tenant | String | Key only used for documentation or validation purposes |
vlans:
# VLAN ID
- id: <int; required; unique>
# VLAN Name
name: <str>
state: <str; "active" | "suspend">
trunk_groups:
# Trunk Group Name
- <str>
private_vlan:
type: <str; "community" | "isolated">
# Primary VLAN ID
primary_vlan: <int>
# Key only used for documentation or validation purposes
tenant: <str>
System settings¶
Agents¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
agents | List, items: Dictionary | ||||
- name | String | Required, Unique | Agent name. | ||
environment_variables | List, items: Dictionary | Min Length: 1 | |||
- name | String | Required, Unique | Environment variable name. | ||
value | String | Required | Environment variable value. |
Hardware counters¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
hardware_counters | Dictionary | ||||
features | List, items: Dictionary | This data model allows to configure the list of hardware counters feature available on Arista platforms. The name key accepts a list of valid_values which MUST be updated to supportnew feature as they are released in EOS. The available values of the different keys like ‘direction’ or ‘address_type’ are feature and hardware dependent and this model DOES NOT validate that the combinations are valid. It is the responsability of the user of this data model to make sure that the rendered CLI is accepted by the targeted device. Examples: * Use: yaml<br> hardware_counters:<br> features:<br> - name: ip<br> direction: out<br> layer3: true<br> units_packets: true<br> to render: eos<br> hardware counter feature ip out layer3 units packets<br> * Use: yaml<br> hardware_counters:<br> features:<br> - name: route<br> address_type: ipv4<br> vrf: test<br> prefix: 192.168.0.0/24<br> to render: eos<br> hardware counter feature route ipv4 vrf test 192.168.0.0/24<br> |
|||
- name | String | Valid Values: - acl - decap-group - directflow - ecn - flow-spec - gre tunnel interface - ip - mpls interface - mpls lfib - mpls tunnel - multicast - nexthop - pbr - pdp - policing interface - qos - qos dual-rate-policer - route - routed-port - subinterface - tapagg - traffic-class - traffic-policy - vlan - vlan-interface - vni decap - vni encap - vtep decap - vtep encap |
|||
direction | String | Valid Values: - in - out - cpu |
Most features support only ‘in’ and ‘out’. Some like traffic-policy support ‘cpu’. Some features DO NOT have any direction. This validation IS NOT made by the schemas. |
||
address_type | String | Valid Values: - ipv4 - ipv6 - mac |
Supported only for the following features: - acl: [ipv4, ipv6, mac] if direction is ‘out’ - multicast: [ipv4, ipv6] - route: [ipv4, ipv6] This validation IS NOT made by the schemas. |
||
layer3 | Boolean | Supported only for the ‘ip’ feature |
|||
vrf | String | Supported only for the ‘route’ feature. This validation IS NOT made by the schemas. |
|||
prefix | String | Supported only for the ‘route’ feature. Mandatory for the ‘route’ feature. This validation IS NOT made by the schemas. |
|||
units_packets | Boolean |
hardware_counters:
# This data model allows to configure the list of hardware counters feature
# available on Arista platforms.
# The `name` key accepts a list of valid_values which MUST be updated to support
# new feature as they are released in EOS.
# The available values of the different keys like 'direction' or 'address_type'
# are feature and hardware dependent and this model DOES NOT validate that the
# combinations are valid. It is the responsability of the user of this data model
# to make sure that the rendered CLI is accepted by the targeted device.
# Examples:
# * Use:
# ```yaml
# hardware_counters:
# features:
# - name: ip
# direction: out
# layer3: true
# units_packets: true
# ```
# to render:
# ```eos
# hardware counter feature ip out layer3 units packets
# ```
# * Use:
# ```yaml
# hardware_counters:
# features:
# - name: route
# address_type: ipv4
# vrf: test
# prefix: 192.168.0.0/24
# ```
# to render:
# ```eos
# hardware counter feature route ipv4 vrf test 192.168.0.0/24
# ```
features:
- name: <str; "acl" | "decap-group" | "directflow" | "ecn" | "flow-spec" | "gre tunnel interface" | "ip" | "mpls interface" | "mpls lfib" | "mpls tunnel" | "multicast" | "nexthop" | "pbr" | "pdp" | "policing interface" | "qos" | "qos dual-rate-policer" | "route" | "routed-port" | "subinterface" | "tapagg" | "traffic-class" | "traffic-policy" | "vlan" | "vlan-interface" | "vni decap" | "vni encap" | "vtep decap" | "vtep encap">
# Most features support only 'in' and 'out'. Some like traffic-policy support 'cpu'.
# Some features DO NOT have any direction.
# This validation IS NOT made by the schemas.
direction: <str; "in" | "out" | "cpu">
# Supported only for the following features:
# - acl: [ipv4, ipv6, mac] if direction is 'out'
# - multicast: [ipv4, ipv6]
# - route: [ipv4, ipv6]
# This validation IS NOT made by the schemas.
address_type: <str; "ipv4" | "ipv6" | "mac">
# Supported only for the 'ip' feature
layer3: <bool>
# Supported only for the 'route' feature.
# This validation IS NOT made by the schemas.
vrf: <str>
# Supported only for the 'route' feature.
# Mandatory for the 'route' feature.
# This validation IS NOT made by the schemas.
prefix: <str>
units_packets: <bool>
Hardware¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
hardware | Dictionary | ||||
access_list | Dictionary | ||||
mechanism | String | Valid Values: - algomatch - none - tcam |
|||
speed_groups | List, items: Dictionary | ||||
- speed_group | String | Required, Unique | |||
serdes | String | Serdes speed like “10g” or “25g” |
IP hardware¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_hardware | Dictionary | ||||
fib | Dictionary | ||||
optimize | Dictionary | ||||
prefixes | Dictionary | ||||
profile | String | Valid Values: - internet - urpf-internet |
IPv6 hardware¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ipv6_hardware | Dictionary | ||||
fib | Dictionary | ||||
optimize | Dictionary | ||||
prefixes | Dictionary | ||||
profile | String | Pre-defined profile ‘internet’ or user-defined profile name |
L2 protocol¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
l2_protocol | Dictionary | ||||
forwarding_profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
protocols | List, items: Dictionary | ||||
- name | String | Required, Unique | Valid Values: - bfd per-link rfc-7130 - e-lmi - isis - lacp - lldp - macsec - pause - stp |
||
forward | Boolean | ||||
tagged_forward | Boolean | ||||
untagged_forward | Boolean |
MAC address-table¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
mac_address_table | Dictionary | ||||
aging_time | Integer | Aging time in seconds | |||
notification_host_flap | Dictionary | ||||
logging | Boolean | ||||
detection | Dictionary | ||||
window | Integer | Min: 2 Max: 300 |
|||
moves | Integer | Min: 2 Max: 10 |
Platform¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
platform | Dictionary | Every key below this point is platform dependent. | |||
trident | Dictionary | ||||
forwarding_table_partition | String | ||||
mmu | Dictionary | Memory Management Unit settings. |
|||
active_profile | String | The queue profile to be applied to the platform. |
|||
queue_profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
multicast_queues | List, items: Dictionary | ||||
- id | Integer | Required, Unique | Min: 0 Max: 7 |
||
unit | String | Valid Values: - bytes - cells |
Unit to be used for the reservation value. If not specified, default is bytes. |
||
reserved | Integer | Amount of memory that should be reserved for this queue. |
|||
threshold | String | Dynamic Shared Memory threshold. |
|||
drop | Dictionary | ||||
precedence | Integer | Required | Valid Values: - 1 - 2 |
||
threshold | String | Required | Drop Treshold. This value may also be fractions. Example: 7/8 or 3/4 or 1/2 |
||
unicast_queues | List, items: Dictionary | ||||
- id | Integer | Required, Unique | Min: 0 Max: 7 |
||
unit | String | Valid Values: - bytes - cells |
Unit to be used for the reservation value. If not specified, default is bytes. |
||
reserved | Integer | Amount of memory that should be reserved for this queue. |
|||
threshold | String | Dynamic Shared Memory threshold. |
|||
drop | Dictionary | ||||
precedence | Integer | Required | Valid Values: - 1 - 2 |
||
threshold | String | Required | Drop Treshold. This value may also be fractions. Example: 7/8 or 3/4 or 1/2 |
||
sand | Dictionary | Most of the platform sand options are hardware dependent and optional | |||
qos_maps | List, items: Dictionary | ||||
- traffic_class | Integer | Min: 0 Max: 7 |
|||
to_network_qos | Integer | Min: 0 Max: 63 |
|||
lag | Dictionary | ||||
hardware_only | Boolean | ||||
mode | String | ||||
forwarding_mode | String | ||||
multicast_replication | Dictionary | ||||
default | String | Valid Values: - ingress - egress |
|||
mdb_profile | String | Valid Values: - balanced - balanced-xl - l3 - l3-xl - l3-xxl - l3-xxxl |
Sand platforms MDB Profile configuration. Note: l3-xxxl does not support MLAG. | ||
sfe | Dictionary | Sfe (Software Forwarding Engine) settings. | |||
data_plane_cpu_allocation_max | Integer | Min: 1 Max: 128 |
Maximum number of CPUs used for data plane traffic forwarding. |
# Every key below this point is platform dependent.
platform:
trident:
forwarding_table_partition: <str>
# Memory Management Unit settings.
mmu:
# The queue profile to be applied to the platform.
active_profile: <str>
queue_profiles:
- name: <str; required; unique>
multicast_queues:
- id: <int; 0-7; required; unique>
# Unit to be used for the reservation value. If not specified, default is bytes.
unit: <str; "bytes" | "cells">
# Amount of memory that should be reserved for this
# queue.
reserved: <int>
# Dynamic Shared Memory threshold.
threshold: <str>
drop:
precedence: <int; 1 | 2; required>
# Drop Treshold. This value may also be fractions.
# Example: 7/8 or 3/4 or 1/2
threshold: <str; required>
unicast_queues:
- id: <int; 0-7; required; unique>
# Unit to be used for the reservation value. If not specified, default is bytes.
unit: <str; "bytes" | "cells">
# Amount of memory that should be reserved for this
# queue.
reserved: <int>
# Dynamic Shared Memory threshold.
threshold: <str>
drop:
precedence: <int; 1 | 2; required>
# Drop Treshold. This value may also be fractions.
# Example: 7/8 or 3/4 or 1/2
threshold: <str; required>
# Most of the platform sand options are hardware dependent and optional
sand:
qos_maps:
- traffic_class: <int; 0-7>
to_network_qos: <int; 0-63>
lag:
hardware_only: <bool>
mode: <str>
forwarding_mode: <str>
multicast_replication:
default: <str; "ingress" | "egress">
# Sand platforms MDB Profile configuration. Note: l3-xxxl does not support MLAG.
mdb_profile: <str; "balanced" | "balanced-xl" | "l3" | "l3-xl" | "l3-xxl" | "l3-xxxl">
# Sfe (Software Forwarding Engine) settings.
sfe:
# Maximum number of CPUs used for data plane traffic forwarding.
data_plane_cpu_allocation_max: <int; 1-128>
PoE¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
poe | Dictionary | ||||
reboot | Dictionary | Set the global PoE power behavior for PoE ports when the system is rebooted. | |||
action | String | Valid Values: - power-off - maintain |
PoE action for interface. By default in EOS, reboot action is set to power-off. | ||
interface_shutdown | Dictionary | Set the global PoE power behavior for PoE ports when ports are admin down | |||
action | String | Valid Values: - power-off - maintain |
PoE action for interface. By default in EOS, interface shutdown action is set to maintain. |
poe:
# Set the global PoE power behavior for PoE ports when the system is rebooted.
reboot:
# PoE action for interface. By default in EOS, reboot action is set to power-off.
action: <str; "power-off" | "maintain">
# Set the global PoE power behavior for PoE ports when ports are admin down
interface_shutdown:
# PoE action for interface. By default in EOS, interface shutdown action is set to maintain.
action: <str; "power-off" | "maintain">
PTP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ptp | Dictionary | ||||
mode | String | Valid Values: - boundary - transparent |
|||
forward_unicast | Boolean | ||||
clock_identity | String | The clock-id in xx:xx:xx:xx:xx:xx format | |||
source | Dictionary | ||||
ip | String | Source IP | |||
priority1 | Integer | Min: 0 Max: 255 |
|||
priority2 | Integer | Min: 0 Max: 255 |
|||
ttl | Integer | Min: 1 Max: 255 |
|||
domain | Integer | Min: 0 Max: 255 |
|||
message_type | Dictionary | ||||
general | Dictionary | ||||
dscp | Integer | ||||
event | Dictionary | ||||
dscp | Integer | ||||
monitor | Dictionary | ||||
enabled | Boolean | True |
|||
threshold | Dictionary | ||||
offset_from_master | Integer | Min: 0 Max: 1000000000 |
|||
mean_path_delay | Integer | Min: 0 Max: 1000000000 |
|||
drop | Dictionary | ||||
offset_from_master | Integer | Min: 0 Max: 1000000000 |
|||
mean_path_delay | Integer | Min: 0 Max: 1000000000 |
|||
missing_message | Dictionary | ||||
intervals | Dictionary | ||||
announce | Integer | Min: 2 Max: 255 |
|||
follow_up | Integer | Min: 2 Max: 255 |
|||
sync | Integer | Min: 2 Max: 255 |
|||
sequence_ids | Dictionary | ||||
enabled | Boolean | ||||
announce | Integer | Min: 2 Max: 255 |
|||
delay_resp | Integer | Min: 2 Max: 255 |
|||
follow_up | Integer | Min: 2 Max: 255 |
|||
sync | Integer | Min: 2 Max: 255 |
ptp:
mode: <str; "boundary" | "transparent">
forward_unicast: <bool>
# The clock-id in xx:xx:xx:xx:xx:xx format
clock_identity: <str>
source:
# Source IP
ip: <str>
priority1: <int; 0-255>
priority2: <int; 0-255>
ttl: <int; 1-255>
domain: <int; 0-255>
message_type:
general:
dscp: <int>
event:
dscp: <int>
monitor:
enabled: <bool; default=True>
threshold:
offset_from_master: <int; 0-1000000000>
mean_path_delay: <int; 0-1000000000>
drop:
offset_from_master: <int; 0-1000000000>
mean_path_delay: <int; 0-1000000000>
missing_message:
intervals:
announce: <int; 2-255>
follow_up: <int; 2-255>
sync: <int; 2-255>
sequence_ids:
enabled: <bool>
announce: <int; 2-255>
delay_resp: <int; 2-255>
follow_up: <int; 2-255>
sync: <int; 2-255>
Redundancy¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
redundancy | Dictionary | ||||
protocol | String | Redundancy Protocol |
System¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
system | Dictionary | ||||
control_plane | Dictionary | ||||
tcp_mss | Dictionary | ||||
ipv4 | Integer | Segment size | |||
ipv6 | Integer | Segment size | |||
ipv4_access_groups | List, items: Dictionary | ||||
- acl_name | String | Required, Unique | |||
vrf | String | ||||
ipv6_access_groups | List, items: Dictionary | ||||
- acl_name | String | Required, Unique | |||
vrf | String | ||||
l1 | Dictionary | ||||
unsupported_speed_action | String | Valid Values: - error - warn |
|||
unsupported_error_correction_action | String | Valid Values: - error - warn |
system:
control_plane:
tcp_mss:
# Segment size
ipv4: <int>
# Segment size
ipv6: <int>
ipv4_access_groups:
- acl_name: <str; required; unique>
vrf: <str>
ipv6_access_groups:
- acl_name: <str; required; unique>
vrf: <str>
l1:
unsupported_speed_action: <str; "error" | "warn">
unsupported_error_correction_action: <str; "error" | "warn">
TCAM profile¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
tcam_profile | Dictionary | ||||
system | String | TCAM profile name to activate |
|||
profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | Tcam-Profile Name | ||
config | String | TCAM Profile Config. Since these can be very long, it is often a good idea to import the config from a file. Example: “{{ lookup(‘file’, ‘TCAM_TRAFFIC_POLICY.conf’) }}” |
|||
source | String | TCAM profile local source path. Used to read the TCAM profile from a local path existing on the device. |
tcam_profile:
# TCAM profile name to activate
system: <str>
profiles:
# Tcam-Profile Name
- name: <str; required; unique>
# TCAM Profile Config. Since these can be very long, it is often a good idea to import the config from a file.
# Example: "{{ lookup('file', 'TCAM_TRAFFIC_POLICY.conf') }}"
config: <str>
# TCAM profile local source path. Used to read the TCAM profile from a local path existing on the device.
source: <str>
Metadata¶
These fields are not generating any configuration. They are meant to be used by tools that parse structured configuration.