Skip to content

Input variables for eos_cli_config_gen

This document describes the supported input variables for the role arista.avd.eos_cli_config_gen.

Since several data models have changed between AVD versions 3.x and 4.x, it is recommended to study the Porting Guide for AVD 4.x.x for existing deployments.

The input variables are documented below in tables and YAML.

All values are optional.

Note

All input variables are validated by a schema. If additional custom keys are desired, a key starting with an underscore _, will be ignored.

Warning

Available features and variables may vary by platforms, refer to documentation on arista.com for specifics.

Authentication

AAA accounting

Variable Type Required Default Value Restrictions Description
aaa_accounting Dictionary
  exec Dictionary
    console Dictionary
      type String Valid Values:
- none
- start-stop
- stop-only
      group String Group Name
      logging Boolean
    default Dictionary
      type String Valid Values:
- none
- start-stop
- stop-only
      group String Group Name
      logging Boolean
  system Dictionary
    default Dictionary
      type String Valid Values:
- none
- start-stop
- stop-only
      group String Group Name
  dot1x Dictionary
    default Dictionary
      type String Valid Values:
- start-stop
- stop-only
      group String Group Name
  commands Dictionary
    console List, items: Dictionary
      - commands String Privelege level ‘all’ or 0-15
        type String Valid Values:
- none
- start-stop
- stop-only
        group String Group Name
        logging Boolean
    default List, items: Dictionary
      - commands String Privelege level ‘all’ or 0-15
        type String Valid Values:
- none
- start-stop
- stop-only
        group String Group Name
        logging Boolean
aaa_accounting:
  exec:
    console:
      type: <str; "none" | "start-stop" | "stop-only">

      # Group Name
      group: <str>
      logging: <bool>
    default:
      type: <str; "none" | "start-stop" | "stop-only">

      # Group Name
      group: <str>
      logging: <bool>
  system:
    default:
      type: <str; "none" | "start-stop" | "stop-only">

      # Group Name
      group: <str>
  dot1x:
    default:
      type: <str; "start-stop" | "stop-only">

      # Group Name
      group: <str>
  commands:
    console:

        # Privelege level 'all' or 0-15
      - commands: <str>
        type: <str; "none" | "start-stop" | "stop-only">

        # Group Name
        group: <str>
        logging: <bool>
    default:

        # Privelege level 'all' or 0-15
      - commands: <str>
        type: <str; "none" | "start-stop" | "stop-only">

        # Group Name
        group: <str>
        logging: <bool>

AAA authentication

Variable Type Required Default Value Restrictions Description
aaa_authentication Dictionary
  login Dictionary
    default String Login authentication method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group radius group MYGROUP local”
    console String Console authentication method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group radius group MYGROUP local”
  enable Dictionary
    default String Enable authentication method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group radius group MYGROUP local”
  dot1x Dictionary
    default String 802.1x authentication method(s) as a string.
Examples:
- “group radius”
- “group MYGROUP group radius”
  policies Dictionary
    on_failure_log Boolean
    on_success_log Boolean
    local Dictionary
      allow_nopassword Boolean
    lockout Dictionary
      failure Integer Min: 1
Max: 255
      duration Integer Min: 1
Max: 4294967295
      window Integer Min: 1
Max: 4294967295
aaa_authentication:
  login:

    # Login authentication method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group radius group MYGROUP local"
    default: <str>

    # Console authentication method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group radius group MYGROUP local"
    console: <str>
  enable:

    # Enable authentication method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group radius group MYGROUP local"
    default: <str>
  dot1x:

    # 802.1x authentication method(s) as a string.
    # Examples:
    # - "group radius"
    # - "group MYGROUP group radius"
    default: <str>
  policies:
    on_failure_log: <bool>
    on_success_log: <bool>
    local:
      allow_nopassword: <bool>
    lockout:
      failure: <int; 1-255>
      duration: <int; 1-4294967295>
      window: <int; 1-4294967295>

AAA authorization

Variable Type Required Default Value Restrictions Description
aaa_authorization Dictionary
  policy Dictionary
    local_default_role String
  exec Dictionary
    default String Exec authorization method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group radius group MYGROUP local”
  config_commands Boolean
  serial_console Boolean
  dynamic Dictionary
    dot1x_additional_groups List, items: String Min Length: 1
      - <str> String
  commands Dictionary
    all_default String Command authorization method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group tacacs+ group MYGROUP local
    privilege List, items: Dictionary
      - level String Privilege level(s) 0-15
        default String Command authorization method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group tacacs+ group MYGROUP local”
aaa_authorization:
  policy:
    local_default_role: <str>
  exec:

    # Exec authorization method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group radius group MYGROUP local"
    default: <str>
  config_commands: <bool>
  serial_console: <bool>
  dynamic:
    dot1x_additional_groups: # >=1 items
      - <str>
  commands:

    # Command authorization method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group tacacs+ group MYGROUP local
    all_default: <str>
    privilege:

        # Privilege level(s) 0-15
      - level: <str>

        # Command authorization method(s) as a string.
        # Examples:
        # - "group tacacs+ local"
        # - "group MYGROUP none"
        # - "group tacacs+ group MYGROUP local"
        default: <str>

AAA root

Variable Type Required Default Value Restrictions Description
aaa_root Dictionary
  secret Dictionary
    sha512_password String
aaa_root:
  secret:
    sha512_password: <str>

AAA server groups

Variable Type Required Default Value Restrictions Description
aaa_server_groups List, items: Dictionary
  - name String Group name
    type String Valid Values:
- tacacs+
- radius
- ldap
    servers List, items: Dictionary
      - server String Hostname or IP address
        vrf String VRF name
aaa_server_groups:

    # Group name
  - name: <str>
    type: <str; "tacacs+" | "radius" | "ldap">
    servers:

        # Hostname or IP address
      - server: <str>

        # VRF name
        vrf: <str>

Enable password

Variable Type Required Default Value Restrictions Description
enable_password Dictionary
  hash_algorithm String Valid Values:
- md5
- sha512
  key String Must be the hash of the password using the specified algorithm.
By default EOS salts the password, so the simplest is to generate the hash on an EOS device.
enable_password:
  hash_algorithm: <str; "md5" | "sha512">

  # Must be the hash of the password using the specified algorithm.
  # By default EOS salts the password, so the simplest is to generate the hash on an EOS device.
  key: <str>

IP radius source-interfaces

Variable Type Required Default Value Restrictions Description
ip_radius_source_interfaces List, items: Dictionary
  - name String Interface Name
    vrf String VRF Name
ip_radius_source_interfaces:

    # Interface Name
  - name: <str>

    # VRF Name
    vrf: <str>

IP tacacs source-interfaces

Variable Type Required Default Value Restrictions Description
ip_tacacs_source_interfaces List, items: Dictionary
  - name String Interface name
    vrf String
ip_tacacs_source_interfaces:

    # Interface name
  - name: <str>
    vrf: <str>

Local users

Variable Type Required Default Value Restrictions Description
local_users List, items: Dictionary
  - name String Required, Unique Username
    disabled Boolean If true, the user will be removed and all other settings are ignored.
Useful for removing the default “admin” user.
    privilege Integer Min: 0
Max: 15
Initial privilege level with local EXEC authorization.
    role String EOS RBAC Role to be assigned to the user such as “network-admin” or “network-operator”
    sha512_password String SHA512 Hash of Password
Must be the hash of the password. By default EOS salts the password with the username, so the simplest is to generate the hash on an EOS device using the same username.
    no_password Boolean If set a password will not be configured for this user. “sha512_password” MUST not be defined for this user.
    ssh_key String
    shell String Valid Values:
- /bin/bash
- /bin/sh
- /sbin/nologin
Specify shell for the user
local_users:

    # Username
  - name: <str; required; unique>

    # If true, the user will be removed and all other settings are ignored.
    # Useful for removing the default "admin" user.
    disabled: <bool>

    # Initial privilege level with local EXEC authorization.
    privilege: <int; 0-15>

    # EOS RBAC Role to be assigned to the user such as "network-admin" or "network-operator"
    role: <str>

    # SHA512 Hash of Password
    # Must be the hash of the password. By default EOS salts the password with the username, so the simplest is to generate the hash on an EOS device using the same username.
    sha512_password: <str>

    # If set a password will not be configured for this user. "sha512_password" MUST not be defined for this user.
    no_password: <bool>
    ssh_key: <str>

    # Specify shell for the user
    shell: <str; "/bin/bash" | "/bin/sh" | "/sbin/nologin">

Radius server

Variable Type Required Default Value Restrictions Description
radius_server Dictionary
  attribute_32_include_in_access_req Dictionary
    hostname Boolean
    format String Specify the format of the NAS-Identifier. If ‘hostname’ is set, this is ignored.
  dynamic_authorization Dictionary
    port Integer Min: 0
Max: 65535
TCP Port
    tls_ssl_profile String Name of TLS profile
  hosts List, items: Dictionary
    - host String Required, Unique Host IP address or name
      vrf String
      timeout Integer Min: 1
Max: 1000
      retransmit Integer Min: 0
Max: 100
      key String Encrypted key
radius_server:
  attribute_32_include_in_access_req:
    hostname: <bool>

    # Specify the format of the NAS-Identifier. If 'hostname' is set, this is ignored.
    format: <str>
  dynamic_authorization:

    # TCP Port
    port: <int; 0-65535>

    # Name of TLS profile
    tls_ssl_profile: <str>
  hosts:

      # Host IP address or name
    - host: <str; required; unique>
      vrf: <str>
      timeout: <int; 1-1000>
      retransmit: <int; 0-100>

      # Encrypted key
      key: <str>

Radius servers

Variable Type Required Default Value Restrictions Description
radius_servers deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version v5.0.0. Use radius_server.hosts instead.
  - host String Host IP address or name
    vrf String
    key String Encrypted key
# This key is deprecated.
# Support will be removed in AVD version v5.0.0.
# Use <samp>radius_server.hosts</samp> instead.
radius_servers:

    # Host IP address or name
  - host: <str>
    vrf: <str>

    # Encrypted key
    key: <str>

Roles

Variable Type Required Default Value Restrictions Description
roles List, items: Dictionary
  - name String Role name
    sequence_numbers List, items: Dictionary
      - sequence Integer Sequence number
        action String Valid Values:
- permit
- deny
        mode String “config”, “config-all”, “exec” or mode key as string
        command String Command as string
roles:

    # Role name
  - name: <str>
    sequence_numbers:

        # Sequence number
      - sequence: <int>
        action: <str; "permit" | "deny">

        # "config", "config-all", "exec" or mode key as string
        mode: <str>

        # Command as string
        command: <str>

Tacacs servers

Variable Type Required Default Value Restrictions Description
tacacs_servers Dictionary
  timeout Integer Min: 1
Max: 1000
Timeout in seconds
  hosts List, items: Dictionary
    - host String Host IP address or name
      vrf String
      key String Encrypted key
      key_type String 7 Valid Values:
- 0
- 7
- 8a
      single_connection Boolean
      timeout Integer Min: 1
Max: 1000
Timeout in seconds
  policy_unknown_mandatory_attribute_ignore Boolean
tacacs_servers:

  # Timeout in seconds
  timeout: <int; 1-1000>
  hosts:

      # Host IP address or name
    - host: <str>
      vrf: <str>

      # Encrypted key
      key: <str>
      key_type: <str; "0" | "7" | "8a"; default="7">
      single_connection: <bool>

      # Timeout in seconds
      timeout: <int; 1-1000>
  policy_unknown_mandatory_attribute_ignore: <bool>

ACLs

IP Extended access-lists

AVD currently supports two different data models for extended ACLs:

  • The legacy access_lists data model, for compatibility with existing deployments
  • The improved ip_access_lists data model, for access to more EOS features

Both data models can coexists without conflicts, as different keys are used: access_lists vs ip_access_lists. Access list names must be unique.

The legacy data model supports simplified ACL definition with sequence to action mapping:

Variable Type Required Default Value Restrictions Description
access_lists List, items: Dictionary
  - name String Required, Unique Access-list Name
    counters_per_entry Boolean
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID
        action String Required Action as string
Example: “deny ip any any”
access_lists:

    # Access-list Name
  - name: <str; required; unique>
    counters_per_entry: <bool>
    sequence_numbers: # required

        # Sequence ID
      - sequence: <int; required; unique>

        # Action as string
        # Example: "deny ip any any"
        action: <str; required>

The improved data model has a more sophisticated design documented below:

Variable Type Required Default Value Restrictions Description
ip_access_lists List, items: Dictionary
  - name String Required, Unique Access-list Name
    counters_per_entry Boolean
    entries List, items: Dictionary ACL Entries
      - sequence Integer ACL entry sequence number.
        remark String Comment up to 100 characters.
If remark is defined, other keys in acl entry will be ignored.
        action String Valid Values:
- permit
- deny
ACL action.
Required for standard entry.
        protocol String ip, tcp, udp, icmp or other protocol name or number.
Required for standard entry.
        source String any, A.B.C.D/E or A.B.C.D.
A.B.C.D without a mask means host.
Required for standard entry.
        source_ports_match String eq Valid Values:
- eq
- gt
- lt
- neq
- range
        source_ports List, items: String
          - <str> String TCP/UDP source port name or number.
        destination String any, A.B.C.D/E or A.B.C.D.
A.B.C.D without a mask means host.
Required for standard entry.
        destination_ports_match String eq Valid Values:
- eq
- gt
- lt
- neq
- range
        destination_ports List, items: String
          - <str> String TCP/UDP destination port name or number.
        tcp_flags List, items: String
          - <str> String TCP Flag Name
        fragments Boolean Match non-head fragment packets.
        log Boolean Log matches against this rule.
        ttl Integer Min: 0
Max: 255
TTL value
        ttl_match String eq Valid Values:
- eq
- gt
- lt
- neq
        icmp_type String Message type name/number for ICMP packets.
        icmp_code String Message code for ICMP packets.
        nexthop_group String nexthop-group name.
        tracked Boolean Match packets in existing ICMP/UDP/TCP connections.
        dscp String DSCP value or name.
        vlan_number Integer
        vlan_inner Boolean False
        vlan_mask String 0x000-0xFFF VLAN mask.
ip_access_lists:

    # Access-list Name
  - name: <str; required; unique>
    counters_per_entry: <bool>

    # ACL Entries
    entries:

        # ACL entry sequence number.
      - sequence: <int>

        # Comment up to 100 characters.
        # If remark is defined, other keys in acl entry will be ignored.
        remark: <str>

        # ACL action.
        # Required for standard entry.
        action: <str; "permit" | "deny">

        # ip, tcp, udp, icmp or other protocol name or number.
        # Required for standard entry.
        protocol: <str>

        # any, A.B.C.D/E or A.B.C.D.
        # A.B.C.D without a mask means host.
        # Required for standard entry.
        source: <str>
        source_ports_match: <str; "eq" | "gt" | "lt" | "neq" | "range"; default="eq">
        source_ports:

            # TCP/UDP source port name or number.
          - <str>

        # any, A.B.C.D/E or A.B.C.D.
        # A.B.C.D without a mask means host.
        # Required for standard entry.
        destination: <str>
        destination_ports_match: <str; "eq" | "gt" | "lt" | "neq" | "range"; default="eq">
        destination_ports:

            # TCP/UDP destination port name or number.
          - <str>
        tcp_flags:

            # TCP Flag Name
          - <str>

        # Match non-head fragment packets.
        fragments: <bool>

        # Log matches against this rule.
        log: <bool>

        # TTL value
        ttl: <int; 0-255>
        ttl_match: <str; "eq" | "gt" | "lt" | "neq"; default="eq">

        # Message type name/number for ICMP packets.
        icmp_type: <str>

        # Message code for ICMP packets.
        icmp_code: <str>

        # nexthop-group name.
        nexthop_group: <str>

        # Match packets in existing ICMP/UDP/TCP connections.
        tracked: <bool>

        # DSCP value or name.
        dscp: <str>
        vlan_number: <int>
        vlan_inner: <bool; default=False>

        # 0x000-0xFFF VLAN mask.
        vlan_mask: <str>

The improved data model allows to limit the number of ACL entries that AVD is allowed to generate by defining ip_access_lists_max_entries. Only normal entries under ip_access_lists will be counted, remarks will be ignored. If the number is above the limit, the playbook will fail. This provides a simplified control over hardware utilization. The numbers must be based on the hardware tests and AVD does not provide any guidance. Note that other EOS features may use the same hardware resources and affect the supported scale.

Variable Type Required Default Value Restrictions Description
ip_access_lists_max_entries Integer Limit ACL entries defined under the ip_access_lists.
# Limit ACL entries defined under the `ip_access_lists`.
ip_access_lists_max_entries: <int>

IPv6 access-lists

Variable Type Required Default Value Restrictions Description
ipv6_access_lists List, items: Dictionary
  - name String Required, Unique IPv6 Access-list Name
    counters_per_entry Boolean
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID
        action String Required Action as string
Example: “deny ipv6 any any”
ipv6_access_lists:

    # IPv6 Access-list Name
  - name: <str; required; unique>
    counters_per_entry: <bool>
    sequence_numbers: # required

        # Sequence ID
      - sequence: <int; required; unique>

        # Action as string
        # Example: "deny ipv6 any any"
        action: <str; required>

IPv6 standard access-lists

Variable Type Required Default Value Restrictions Description
ipv6_standard_access_lists List, items: Dictionary
  - name String Required, Unique Access-list Name
    counters_per_entry Boolean
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID
        action String Required Action as string
Example: “deny ipv6 any any”
ipv6_standard_access_lists:

    # Access-list Name
  - name: <str; required; unique>
    counters_per_entry: <bool>
    sequence_numbers: # required

        # Sequence ID
      - sequence: <int; required; unique>

        # Action as string
        # Example: "deny ipv6 any any"
        action: <str; required>

MAC access-lists

Variable Type Required Default Value Restrictions Description
mac_access_lists List, items: Dictionary
  - name String Required, Unique MAC Access-list Name
    counters_per_entry Boolean
    entries List, items: Dictionary
      - sequence Integer
        action String
mac_access_lists:

    # MAC Access-list Name
  - name: <str; required; unique>
    counters_per_entry: <bool>
    entries:
      - sequence: <int>
        action: <str>

Standard access-lists

Variable Type Required Default Value Restrictions Description
standard_access_lists List, items: Dictionary
  - name String Required, Unique Access-list Name
    counters_per_entry Boolean
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID
        action String Required Action as string
Example: “deny ip any any”
standard_access_lists:

    # Access-list Name
  - name: <str; required; unique>
    counters_per_entry: <bool>
    sequence_numbers: # required

        # Sequence ID
      - sequence: <int; required; unique>

        # Action as string
        # Example: "deny ip any any"
        action: <str; required>

Endpoint Security

Address-locking

Variable Type Required Default Value Restrictions Description
address_locking Dictionary
  dhcp_servers_ipv4 List, items: String
    - <str> String DHCP server IPv4 address
  disabled Boolean Disable IP locking on configured ports
  leases List, items: Dictionary
    - ip String Required IP address
      mac String Required MAC address (hhhh.hhhh.hhhh or hh:hh:hh:hh:hh:hh)
  local_interface String
  locked_address Dictionary
    expiration_mac_disabled Boolean Configure deauthorizing locked addresses upon MAC aging out
    ipv4_enforcement_disabled Boolean Configure enforcement for locked IPv4 addresses
    ipv6_enforcement_disabled Boolean Configure enforcement for locked IPv6 addresses
address_locking:
  dhcp_servers_ipv4:

      # DHCP server IPv4 address
    - <str>

  # Disable IP locking on configured ports
  disabled: <bool>
  leases:

      # IP address
    - ip: <str; required>

      # MAC address (hhhh.hhhh.hhhh or hh:hh:hh:hh:hh:hh)
      mac: <str; required>
  local_interface: <str>
  locked_address:

    # Configure deauthorizing locked addresses upon MAC aging out
    expiration_mac_disabled: <bool>

    # Configure enforcement for locked IPv4 addresses
    ipv4_enforcement_disabled: <bool>

    # Configure enforcement for locked IPv6 addresses
    ipv6_enforcement_disabled: <bool>

Dot1x

Variable Type Required Default Value Restrictions Description
dot1x Dictionary
  system_auth_control Boolean
  protocol_lldp_bypass Boolean
  dynamic_authorization Boolean
  mac_based_authentication Dictionary
    delay Integer Min: 0
Max: 300
    hold_period Integer Min: 1
Max: 300
  radius_av_pair Dictionary
    service_type Boolean
    framed_mtu Integer Min: 68
Max: 9236
dot1x:
  system_auth_control: <bool>
  protocol_lldp_bypass: <bool>
  dynamic_authorization: <bool>
  mac_based_authentication:
    delay: <int; 0-300>
    hold_period: <int; 1-300>
  radius_av_pair:
    service_type: <bool>
    framed_mtu: <int; 68-9236>

MAC security

Variable Type Required Default Value Restrictions Description
mac_security Dictionary
  license Dictionary
    license_name String Required
    license_key String Required
  fips_restrictions Boolean
  profiles List, items: Dictionary
    - name String Required, Unique Profile-Name
      cipher String Valid Values:
- aes128-gcm
- aes128-gcm-xpn
- aes256-gcm
- aes256-gcm-xpn
      connection_keys List, items: Dictionary
        - id String Required, Unique
          encrypted_key String
          fallback Boolean
      mka Dictionary
        key_server_priority Integer Min: 0
Max: 255
        session Dictionary
          rekey_period Integer Min: 30
Max: 100000
Rekey period in seconds
      sci Boolean
      l2_protocols Dictionary
        ethernet_flow_control Dictionary
          mode String Required Valid Values:
- encrypt
- bypass
        lldp Dictionary
          mode String Required Valid Values:
- bypass
- bypass unauthorized
mac_security:
  license:
    license_name: <str; required>
    license_key: <str; required>
  fips_restrictions: <bool>
  profiles:

      # Profile-Name
    - name: <str; required; unique>
      cipher: <str; "aes128-gcm" | "aes128-gcm-xpn" | "aes256-gcm" | "aes256-gcm-xpn">
      connection_keys:
        - id: <str; required; unique>
          encrypted_key: <str>
          fallback: <bool>
      mka:
        key_server_priority: <int; 0-255>
        session:

          # Rekey period in seconds
          rekey_period: <int; 30-100000>
      sci: <bool>
      l2_protocols:
        ethernet_flow_control:
          mode: <str; "encrypt" | "bypass"; required>
        lldp:
          mode: <str; "bypass" | "bypass unauthorized"; required>

Filters and policies

AS path

Variable Type Required Default Value Restrictions Description
as_path Dictionary
  regex_mode String Valid Values:
- asn
- string
  access_lists List, items: Dictionary
    - name String Access List Name
      entries List, items: Dictionary
        - type String Valid Values:
- permit
- deny
          match String Regex To Match
          origin String any Valid Values:
- any
- egp
- igp
- incomplete
as_path:
  regex_mode: <str; "asn" | "string">
  access_lists:

      # Access List Name
    - name: <str>
      entries:
        - type: <str; "permit" | "deny">

          # Regex To Match
          match: <str>
          origin: <str; "any" | "egp" | "igp" | "incomplete"; default="any">

Class-maps

Variable Type Required Default Value Restrictions Description
class_maps Dictionary
  pbr List, items: Dictionary
    - name String Required, Unique Class-Map Name
      ip Dictionary
        access_group String Standard Access-List Name
  qos List, items: Dictionary
    - name String Required, Unique Class-Map Name
      vlan String VLAN value(s) or range(s) of VLAN values
      cos String CoS value(s) or range(s) of CoS values
      ip Dictionary
        access_group String IPv4 Access-List Name
      ipv6 Dictionary
        access_group String IPv6 Access-List Name
class_maps:
  pbr:

      # Class-Map Name
    - name: <str; required; unique>
      ip:

        # Standard Access-List Name
        access_group: <str>
  qos:

      # Class-Map Name
    - name: <str; required; unique>

      # VLAN value(s) or range(s) of VLAN values
      vlan: <str>

      # CoS value(s) or range(s) of CoS values
      cos: <str>
      ip:

        # IPv4 Access-List Name
        access_group: <str>
      ipv6:

        # IPv6 Access-List Name
        access_group: <str>

Dynamic prefix lists

Variable Type Required Default Value Restrictions Description
dynamic_prefix_lists List, items: Dictionary
  - name String Dynamic prefix-list name
    match_map String Route-map name
    prefix_list Dictionary
      ipv4 String Prefix-list name
      ipv6 String Prefix-list name
dynamic_prefix_lists:

    # Dynamic prefix-list name
  - name: <str>

    # Route-map name
    match_map: <str>
    prefix_list:

      # Prefix-list name
      ipv4: <str>

      # Prefix-list name
      ipv6: <str>

IP community lists

AVD currently supports two different data models for community lists:

  • The legacy community_lists data model that can be used for compatibility with the existing deployments.
  • The improved ip_community_lists data model.

Both data models can coexist without conflicts, as different keys are used: community_lists vs ip_community_lists. Community list names must be unique.

The legacy data model supports simplified community list definition that only allows a single action to be defined as string:

Variable Type Required Default Value Restrictions Description
community_lists List, items: Dictionary
  - name String Required, Unique Community-list Name
    action String Required Action as string
Example: “permit GSHUT 65123:123”
community_lists:

    # Community-list Name
  - name: <str; required; unique>

    # Action as string
    # Example: "permit GSHUT 65123:123"
    action: <str; required>

The improved data model has a better design documented below:

Variable Type Required Default Value Restrictions Description
ip_community_lists List, items: Dictionary Communities and regexp entries MUST not be configured in the same community-list
  - name String Required, Unique IP Community-list Name
    entries List, items: Dictionary Required
      - action String Required Valid Values:
- permit
- deny
        communities List, items: String If defined, a standard community-list will be configured.
Supported community strings (case insensitive):
- GSHUT
- internet
- local-as
- no-advertise
- no-export
- <1-4294967040>
- aa:nn
          - <str> String
        regexp String Regular Expression
If defined, a regex community-list will be configured
# Communities and regexp entries MUST not be configured in the same community-list
ip_community_lists:

    # IP Community-list Name
  - name: <str; required; unique>
    entries: # required
      - action: <str; "permit" | "deny"; required>

        # If defined, a standard community-list will be configured.
        # Supported community strings (case insensitive):
        # - GSHUT
        # - internet
        # - local-as
        # - no-advertise
        # - no-export
        # - <1-4294967040>
        # - aa:nn
        communities:
          - <str>

        # Regular Expression
        # If defined, a regex community-list will be configured
        regexp: <str>

IP extcommunity-lists

Variable Type Required Default Value Restrictions Description
ip_extcommunity_lists List, items: Dictionary
  - name String Required, Unique Community-list Name
    entries List, items: Dictionary Required
      - type String Required Valid Values:
- permit
- deny
        extcommunities String Required Communities as string
Example: “65000:65000”
ip_extcommunity_lists:

    # Community-list Name
  - name: <str; required; unique>
    entries: # required
      - type: <str; "permit" | "deny"; required>

        # Communities as string
        # Example: "65000:65000"
        extcommunities: <str; required>

IP extcommunity-lists-regexp

Variable Type Required Default Value Restrictions Description
ip_extcommunity_lists_regexp List, items: Dictionary
  - name String Required, Unique Community-list Name
    entries List, items: Dictionary Required
      - type String Required Valid Values:
- permit
- deny
        regexp String Required Regular Expression
ip_extcommunity_lists_regexp:

    # Community-list Name
  - name: <str; required; unique>
    entries: # required
      - type: <str; "permit" | "deny"; required>

        # Regular Expression
        regexp: <str; required>

IPv6 prefix-lists

Variable Type Required Default Value Restrictions Description
ipv6_prefix_lists List, items: Dictionary
  - name String Required, Unique Prefix-list Name
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID
        action String Required Action as string
Example: “permit 1b11:3a00:22b0:0082::/64 eq 128”
ipv6_prefix_lists:

    # Prefix-list Name
  - name: <str; required; unique>
    sequence_numbers: # required

        # Sequence ID
      - sequence: <int; required; unique>

        # Action as string
        # Example: "permit 1b11:3a00:22b0:0082::/64 eq 128"
        action: <str; required>

Match list input

Variable Type Required Default Value Restrictions Description
match_list_input Dictionary
  string List, items: Dictionary
    - name String Required, Unique Match-list Name
      sequence_numbers List, items: Dictionary Required
        - sequence Integer Required, Unique Sequence ID
          match_regex String Required Regular Expression
match_list_input:
  string:

      # Match-list Name
    - name: <str; required; unique>
      sequence_numbers: # required

          # Sequence ID
        - sequence: <int; required; unique>

          # Regular Expression
          match_regex: <str; required>

Peer-filters

Variable Type Required Default Value Restrictions Description
peer_filters List, items: Dictionary
  - name String Required, Unique Peer-filter Name
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID
        match String Required Match as string
Example: “as-range 1-100 result accept”
peer_filters:

    # Peer-filter Name
  - name: <str; required; unique>
    sequence_numbers: # required

        # Sequence ID
      - sequence: <int; required; unique>

        # Match as string
        # Example: "as-range 1-100 result accept"
        match: <str; required>

Policy-maps

Variable Type Required Default Value Restrictions Description
policy_maps Dictionary
  pbr List, items: Dictionary PBR Policy-Maps
    - name String Required, Unique Policy-Map Name
      classes List, items: Dictionary
        - name String Required, Unique Class Name
          index Integer
          drop Boolean ‘drop’ and ‘set’ are mutually exclusive
          set Dictionary Set Nexthop
‘drop’ and ‘set’ are mutually exclusive
            nexthop Dictionary
              ip_address String IPv4 or IPv6 Address
              recursive Boolean
  qos List, items: Dictionary QOS Policy-Maps
    - name String Required, Unique Policy-Map Name
      classes List, items: Dictionary
        - name String Required, Unique Class Name
          set Dictionary
            cos Integer
            dscp String
            traffic_class Integer
            drop_precedence Integer
policy_maps:

  # PBR Policy-Maps
  pbr:

      # Policy-Map Name
    - name: <str; required; unique>
      classes:

          # Class Name
        - name: <str; required; unique>
          index: <int>

          # 'drop' and 'set' are mutually exclusive
          drop: <bool>

          # Set Nexthop
          # 'drop' and 'set' are mutually exclusive
          set:
            nexthop:

              # IPv4 or IPv6 Address
              ip_address: <str>
              recursive: <bool>

  # QOS Policy-Maps
  qos:

      # Policy-Map Name
    - name: <str; required; unique>
      classes:

          # Class Name
        - name: <str; required; unique>
          set:
            cos: <int>
            dscp: <str>
            traffic_class: <int>
            drop_precedence: <int>

Prefix-lists

Variable Type Required Default Value Restrictions Description
prefix_lists List, items: Dictionary
  - name String Required, Unique Prefix-list Name
    sequence_numbers List, items: Dictionary
      - sequence Integer Required, Unique Sequence ID
        action String Required Action as string
Example: “permit 10.255.0.0/27 eq 32”
prefix_lists:

    # Prefix-list Name
  - name: <str; required; unique>
    sequence_numbers:

        # Sequence ID
      - sequence: <int; required; unique>

        # Action as string
        # Example: "permit 10.255.0.0/27 eq 32"
        action: <str; required>

Route-maps

Variable Type Required Default Value Restrictions Description
route_maps List, items: Dictionary
  - name String Required, Unique Route-map Name
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID
        type String Required Valid Values:
- permit
- deny
        description String
        match List, items: String List of “match” statements
          - <str> String Match as string
Example: “ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY”
        set List, items: String List of “set” statements
          - <str> String Set as string
Example: “origin incomplete”
        sub_route_map String Name of Sub-Route-map
        continue Dictionary
          enabled Boolean
          sequence_number Integer
route_maps:

    # Route-map Name
  - name: <str; required; unique>
    sequence_numbers: # required

        # Sequence ID
      - sequence: <int; required; unique>
        type: <str; "permit" | "deny"; required>
        description: <str>

        # List of "match" statements
        match:

            # Match as string
            # Example: "ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY"
          - <str>

        # List of "set" statements
        set:

            # Set as string
            # Example: "origin incomplete"
          - <str>

        # Name of Sub-Route-map
        sub_route_map: <str>
        continue:
          enabled: <bool>
          sequence_number: <int>

Trackers

Variable Type Required Default Value Restrictions Description
trackers List, items: Dictionary
  - name String Required, Unique Name of tracker object
    interface String Required Name of tracked interface
    tracked_property String line-protocol Property to track
trackers:

    # Name of tracker object
  - name: <str; required; unique>

    # Name of tracked interface
    interface: <str; required>

    # Property to track
    tracked_property: <str; default="line-protocol">

Traffic policies

Variable Type Required Default Value Restrictions Description
traffic_policies Dictionary
  options Dictionary
    counter_per_interface Boolean
  field_sets Dictionary
    ipv4 List, items: Dictionary
      - name String Required, Unique IPv4 Prefix Field Set Name
        prefixes List, items: String
          - <str> String IPv4 Prefix
    ipv6 List, items: Dictionary
      - name String Required, Unique IPv6 Prefix Field Set Name
        prefixes List, items: String
          - <str> String IPv6 Prefix
    ports List, items: Dictionary
      - name String Required, Unique L4 Port Field Set Name
        port_range String Example: ‘10,20,80,440-450’
  policies List, items: Dictionary
    - name String Required, Unique Traffic Policy Name
      matches List, items: Dictionary
        - name String Required, Unique Traffic Policy Item
          type String Valid Values:
- ipv4
- ipv6
          source Dictionary
            prefixes List, items: String
              - <str> String IP address or prefix
            prefix_lists List, items: String Field-set prefix lists
              - <str> String
          destination Dictionary
            prefixes List, items: String
              - <str> String IP address or prefix
            prefix_lists List, items: String Field-set prefix lists
              - <str> String
          ttl String TTL range
          fragment Dictionary The ‘fragment’ command is not supported when ‘source port’
or ‘destination port’ command is configured
            offset String Fragment offset range
          protocols List, items: Dictionary
            - protocol String Required, Unique
              src_port String Port range
              dst_port String Port range
              src_field String L4 port range field set
              dst_field String L4 port range field set
              flags List, items: String
                - <str> String Valid Values:
- established
- initial
              icmp_type List, items: String
                - <str> String
          actions Dictionary
            dscp Integer
            traffic_class Integer Traffic class ID
            count String Counter name
            drop Boolean
            log Boolean Only supported when action is set to drop
      default_actions Dictionary
        ipv4 Dictionary
          dscp Integer
          traffic_class Integer Traffic class ID
          count String Counter name
          drop Boolean
          log Boolean Only supported when action is set to drop
        ipv6 Dictionary
          dscp Integer
          traffic_class Integer Traffic class ID
          count String Counter name
          drop Boolean
          log Boolean Only supported when action is set to drop
traffic_policies:
  options:
    counter_per_interface: <bool>
  field_sets:
    ipv4:

        # IPv4 Prefix Field Set Name
      - name: <str; required; unique>
        prefixes:

            # IPv4 Prefix
          - <str>
    ipv6:

        # IPv6 Prefix Field Set Name
      - name: <str; required; unique>
        prefixes:

            # IPv6 Prefix
          - <str>
    ports:

        # L4 Port Field Set Name
      - name: <str; required; unique>

        # Example: '10,20,80,440-450'
        port_range: <str>
  policies:

      # Traffic Policy Name
    - name: <str; required; unique>
      matches:

          # Traffic Policy Item
        - name: <str; required; unique>
          type: <str; "ipv4" | "ipv6">
          source:
            prefixes:

                # IP address or prefix
              - <str>

            # Field-set prefix lists
            prefix_lists:
              - <str>
          destination:
            prefixes:

                # IP address or prefix
              - <str>

            # Field-set prefix lists
            prefix_lists:
              - <str>

          # TTL range
          ttl: <str>

          # The 'fragment' command is not supported when 'source port'
          # or 'destination port' command is configured
          fragment:

            # Fragment offset range
            offset: <str>
          protocols:
            - protocol: <str; required; unique>

              # Port range
              src_port: <str>

              # Port range
              dst_port: <str>

              # L4 port range field set
              src_field: <str>

              # L4 port range field set
              dst_field: <str>
              flags:
                - <str; "established" | "initial">
              icmp_type:
                - <str>
          actions:
            dscp: <int>

            # Traffic class ID
            traffic_class: <int>

            # Counter name
            count: <str>
            drop: <bool>

            # Only supported when action is set to drop
            log: <bool>
      default_actions:
        ipv4:
          dscp: <int>

          # Traffic class ID
          traffic_class: <int>

          # Counter name
          count: <str>
          drop: <bool>

          # Only supported when action is set to drop
          log: <bool>
        ipv6:
          dscp: <int>

          # Traffic class ID
          traffic_class: <int>

          # Counter name
          count: <str>
          drop: <bool>

          # Only supported when action is set to drop
          log: <bool>

Interfaces

DPS interfaces

Variable Type Required Default Value Restrictions Description
dps_interfaces List, items: Dictionary Min Length: 1
Max Length: 1
  - name String Required, Unique Valid Values:
- Dps1
“Dps1” is currently the only supported interface.
    description String
    shutdown Boolean
    mtu Integer Min: 68
Max: 65535
Maximum Transmission Unit in bytes.
    ip_address String IPv4 address/mask.
    flow_tracker Dictionary
      sampled String Sampled flow tracker name.
      hardware String Hardware flow tracker name,
    tcp_mss_ceiling Dictionary
      ipv4 Integer Min: 64
Max: 65495
Segment Size for IPv4.
      ipv6 Integer Min: 64
Max: 65475
Segment Size for IPv6.
      direction String Valid Values:
- ingress
- egress
Optional direction (‘ingress’, ‘egress’) for tcp mss ceiling.
    eos_cli String Multiline String with EOS CLI rendered directly on the Dps interface in the final EOS configuration.
dps_interfaces: # 1-1 items

    # "Dps1" is currently the only supported interface.
  - name: <str; "Dps1"; required; unique>
    description: <str>
    shutdown: <bool>

    # Maximum Transmission Unit in bytes.
    mtu: <int; 68-65535>

    # IPv4 address/mask.
    ip_address: <str>
    flow_tracker:

      # Sampled flow tracker name.
      sampled: <str>

      # Hardware flow tracker name,
      hardware: <str>
    tcp_mss_ceiling:

      # Segment Size for IPv4.
      ipv4: <int; 64-65495>

      # Segment Size for IPv6.
      ipv6: <int; 64-65475>

      # Optional direction ('ingress', 'egress')  for tcp mss ceiling.
      direction: <str; "ingress" | "egress">

    # Multiline String with EOS CLI rendered directly on the Dps interface in the final EOS configuration.
    eos_cli: <str>

Errdisable

Variable Type Required Default Value Restrictions Description
errdisable Dictionary
  detect Dictionary
    causes List, items: String
      - <str> String Valid Values:
- acl
- arp-inspection
- dot1x
- link-change
- tapagg
- xcvr-misconfigured
- xcvr-overheat
- xcvr-power-unsupported
  recovery Dictionary
    causes List, items: String
      - <str> String Valid Values:
- arp-inspection
- bpduguard
- dot1x
- hitless-reload-down
- lacp-rate-limit
- link-flap
- no-internal-vlan
- portchannelguard
- portsec
- speed-misconfigured
- tap-port-init
- tapagg
- uplink-failure-detection
- xcvr-misconfigured
- xcvr-overheat
- xcvr-power-unsupported
- xcvr-unsupported
    interval Integer 300 Min: 30
Max: 86400
Interval in seconds
errdisable:
  detect:
    causes:
      - <str; "acl" | "arp-inspection" | "dot1x" | "link-change" | "tapagg" | "xcvr-misconfigured" | "xcvr-overheat" | "xcvr-power-unsupported">
  recovery:
    causes:
      - <str; "arp-inspection" | "bpduguard" | "dot1x" | "hitless-reload-down" | "lacp-rate-limit" | "link-flap" | "no-internal-vlan" | "portchannelguard" | "portsec" | "speed-misconfigured" | "tap-port-init" | "tapagg" | "uplink-failure-detection" | "xcvr-misconfigured" | "xcvr-overheat" | "xcvr-power-unsupported" | "xcvr-unsupported">

    # Interval in seconds
    interval: <int; 30-86400; default=300>

Ethernet interfaces

Variable Type Required Default Value Restrictions Description
ethernet_interfaces List, items: Dictionary
  - name String Required, Unique
    description String
    shutdown Boolean
    load_interval Integer Min: 0
Max: 600
Interval in seconds for updating interface counters”
    speed String Speed should be set in the format <interface_speed> or forced <interface_speed> or auto <interface_speed>.
    mtu Integer Min: 68
Max: 65535
    l2_mtu Integer Min: 68
Max: 65535
“l2_mtu” should only be defined for platforms supporting the “l2 mtu” CLI
    l2_mru Integer Min: 68
Max: 65535
“l2_mru” should only be defined for platforms supporting the “l2 mru” CLI
    vlans String List of switchport vlans as string
For a trunk port this would be a range like “1-200,300”
For an access port this would be a single vlan “123”
    native_vlan Integer
    native_vlan_tag Boolean If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence
    mode String Valid Values:
- access
- dot1q-tunnel
- trunk
- trunk phone
    phone Dictionary
      trunk String Valid Values:
- tagged
- tagged phone
- untagged
- untagged phone
      vlan Integer Min: 1
Max: 4094
    l2_protocol Dictionary
      encapsulation_dot1q_vlan Integer Vlan tag to configure on sub-interface
      forwarding_profile String L2 protocol forwarding profile
    trunk_groups List, items: String
      - <str> String
    type String Valid Values:
- routed
- switched
- l3dot1q
- l2dot1q
- port-channel-member
l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
Interface will not be listed in device documentation, unless “type” is set.
    snmp_trap_link_change Boolean
    address_locking Dictionary
      ipv4 Boolean Enable address locking for IPv4
      ipv6 Boolean Enable address locking for IPv6
    flowcontrol Dictionary
      received String Valid Values:
- desired
- on
- off
    vrf String VRF name
    flow_tracker Dictionary
      sampled String Sampled flow tracker name.
      hardware String Hardware flow tracker name.
    error_correction_encoding Dictionary
      enabled Boolean True
      fire_code Boolean
      reed_solomon Boolean
    link_tracking_groups List, items: Dictionary
      - name String Required, Unique Group name
        direction String Valid Values:
- upstream
- downstream
    evpn_ethernet_segment Dictionary
      identifier String EVPN Ethernet Segment Identifier (Type 1 format)
      redundancy String Valid Values:
- all-active
- single-active
      designated_forwarder_election Dictionary
        algorithm String Valid Values:
- modulus
- preference
        preference_value Integer Min: 0
Max: 65535
Preference_value is only used when “algorithm” is “preference”
        dont_preempt Boolean Dont_preempt is only used when “algorithm” is “preference”
        hold_time Integer
        subsequent_hold_time Integer
        candidate_reachability_required Boolean
      mpls Dictionary
        shared_index Integer Min: 1
Max: 1024
        tunnel_flood_filter_time Integer
      route_target String EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx
    encapsulation_dot1q_vlan Integer VLAN tag to configure on sub-interface
    encapsulation_vlan Dictionary
      client Dictionary
        dot1q Dictionary
          vlan Integer Client VLAN ID
          outer Integer Client Outer VLAN ID
          inner Integer Client Inner VLAN ID
        unmatched Boolean
      network Dictionary Network encapsulations are all optional and skipped if using client unmatched
        dot1q Dictionary
          vlan Integer Network VLAN ID
          outer Integer Network outer VLAN ID
          inner Integer Network inner VLAN ID
        client Boolean
    vlan_id Integer Min: 1
Max: 4094
    ip_address String IPv4 address/mask or “dhcp”
    ip_address_secondaries List, items: String
      - <str> String
    dhcp_client_accept_default_route Boolean Install default-route obtained via DHCP
    dhcp_server_ipv4 Boolean Enable IPv4 DHCP server.
    dhcp_server_ipv6 Boolean Enable IPv6 DHCP server.
    ip_helpers List, items: Dictionary
      - ip_helper String Required, Unique
        source_interface String Source interface name
        vrf String VRF name
    ip_nat Dictionary
      service_profile String NAT interface profile.
      destination Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            pool_name String Required
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive
            original_ip String Required, Unique IPv4 address
            original_port Integer Min: 1
Max: 65535
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’
      source Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            nat_type String Required Valid Values:
- overload
- pool
- pool-address-only
- pool-full-cone
            pool_name String required if ‘nat_type’ is pool, pool-address-only or pool-full-cone
ignored if ‘nat_type’ is overload
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive
            original_ip String Required, Unique IPv4 address
            original_port Integer Min: 1
Max: 65535
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’
    ipv6_enable Boolean
    ipv6_address String
    ipv6_address_link_local String Link local IPv6 address/mask
    ipv6_nd_ra_disabled Boolean
    ipv6_nd_managed_config_flag Boolean
    ipv6_nd_prefixes List, items: Dictionary
      - ipv6_prefix String Required, Unique
        valid_lifetime String Infinite or lifetime in seconds
        preferred_lifetime String Infinite or lifetime in seconds
        no_autoconfig_flag Boolean
    ipv6_dhcp_relay_destinations List, items: Dictionary
      - address String Required, Unique DHCP server’s IPv6 address
        vrf String
        local_interface String Local interface to communicate with DHCP server - mutually exclusive to source_address
        source_address String Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface
        link_address String Override the default link address specified in the relayed DHCP packet
    access_group_in String Access list name
    access_group_out String Access list name
    ipv6_access_group_in String IPv6 access list name
    ipv6_access_group_out String IPv6 access list name
    mac_access_group_in String MAC access list name
    mac_access_group_out String MAC access list name
    multicast Dictionary Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both
      ipv4 Dictionary
        boundaries List, items: Dictionary
          - boundary String ACL name or multicast IP subnet
            out Boolean
        static Boolean
      ipv6 Dictionary
        boundaries List, items: Dictionary
          - boundary String ACL name or multicast IP subnet
        static Boolean
    ospf_network_point_to_point Boolean
    ospf_area String
    ospf_cost Integer
    ospf_authentication String Valid Values:
- none
- simple
- message-digest
    ospf_authentication_key String Encrypted password - only type 7 supported
    ospf_message_digest_keys List, items: Dictionary
      - id Integer Required, Unique
        hash_algorithm String Valid Values:
- md5
- sha1
- sha256
- sha384
- sha512
        key String Encrypted password - only type 7 supported
    pim Dictionary
      ipv4 Dictionary
        dr_priority Integer Min: 0
Max: 429467295
        sparse_mode Boolean
    mac_security Dictionary
      profile String
    channel_group Dictionary
      id Integer
      mode String Valid Values:
- on
- active
- passive
    isis_enable String ISIS instance
    isis_passive Boolean
    isis_metric Integer
    isis_network_point_to_point Boolean
    isis_circuit_type String Valid Values:
- level-1-2
- level-1
- level-2
    isis_hello_padding Boolean
    isis_authentication_mode String Valid Values:
- text
- md5
    isis_authentication_key String Type-7 encrypted password
    poe Dictionary
      disabled Boolean False Disable PoE on a POE capable port. PoE is enabled on all ports that support it by default in EOS.
      priority String Valid Values:
- critical
- high
- medium
- low
Prioritize a port’s power in the event that one of the switch’s power supplies loses power
      reboot Dictionary Set the PoE power behavior for a PoE port when the system is rebooted
        action String Valid Values:
- maintain
- power-off
PoE action for interface
      link_down Dictionary Set the PoE power behavior for a PoE port when the port goes down
        action String Valid Values:
- maintain
- power-off
PoE action for interface
        power_off_delay Integer Min: 1
Max: 86400
Number of seconds to delay shutting the power off after a link down event occurs. Default value is 5 seconds in EOS.
      shutdown Dictionary Set the PoE power behavior for a PoE port when the port is admin down
        action String Valid Values:
- maintain
- power-off
PoE action for interface
      limit Dictionary Override the hardware-negotiated power limit using either wattage or a power class. Note that if using a power class, AVD will automatically convert the class value to the wattage value corresponding to that power class.
        class Integer Min: 0
Max: 8
        watts String
        fixed Boolean Set to ignore hardware classification
      negotiation_lldp Boolean Disable to prevent port from negotiating power with powered devices over LLDP. Enabled by default in EOS.
      legacy_detect Boolean Allow a subset of legacy devices to work with the PoE switch. Disabled by default in EOS because it can cause false positive detections.
    ptp Dictionary
      enable Boolean
      announce Dictionary
        interval Integer
        timeout Integer
      delay_req Integer
      delay_mechanism String Valid Values:
- e2e
- p2p
      sync_message Dictionary
        interval Integer
      role String Valid Values:
- master
- dynamic
      vlan String VLAN can be ‘all’ or list of vlans as string
      transport String Valid Values:
- ipv4
- ipv6
- layer2
    profile String Interface profile
    storm_control Dictionary
      all Dictionary
        level String Configure maximum storm-control level
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent
      broadcast Dictionary
        level String Configure maximum storm-control level
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent
      multicast Dictionary
        level String Configure maximum storm-control level
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent
      unknown_unicast Dictionary
        level String Configure maximum storm-control level
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent
    logging Dictionary
      event Dictionary
        link_status Boolean
        congestion_drops Boolean
        spanning_tree Boolean
        storm_control_discards Boolean
    lldp Dictionary
      transmit Boolean
      receive Boolean
      ztp_vlan Integer ZTP vlan number
    trunk_private_vlan_secondary Boolean
    pvlan_mapping String List of vlans as string
    vlan_translations List, items: Dictionary
      - from String List of vlans as string (only one vlan if direction is “both”)
        to Integer VLAN ID
        direction String both Valid Values:
- in
- out
- both
    dot1x Dictionary
      port_control String Valid Values:
- auto
- force-authorized
- force-unauthorized
      port_control_force_authorized_phone Boolean
      reauthentication Boolean
      pae Dictionary
        mode String Valid Values:
- authenticator
      authentication_failure Dictionary
        action String Valid Values:
- allow
- drop
        allow_vlan Integer Min: 1
Max: 4094
      host_mode Dictionary
        mode String Valid Values:
- multi-host
- single-host
        multi_host_authenticated Boolean
      mac_based_authentication Dictionary
        enabled Boolean
        always Boolean
        host_mode_common Boolean
      timeout Dictionary
        idle_host Integer Min: 10
Max: 65535
        quiet_period Integer Min: 1
Max: 65535
        reauth_period String Value can be 60-4294967295 or ‘server’
        reauth_timeout_ignore Boolean
        tx_period Integer Min: 1
Max: 65535
      reauthorization_request_limit Integer Min: 1
Max: 10
      unauthorized Dictionary
        access_vlan_membership_egress Boolean
        native_vlan_membership_egress Boolean
      eapol Dictionary
        disabled Boolean
        authentication_failure_fallback_mba Dictionary
          enabled Boolean
          timeout Integer Min: 0
Max: 65535
    service_profile String QOS profile
    shape Dictionary
      rate String Rate in kbps, pps or percent
Supported options are platform dependent
Examples:
- “5000 kbps”
- “1000 pps”
- “20 percent”
    qos Dictionary
      trust String Valid Values:
- dscp
- cos
- disabled
      dscp Integer DSCP value
      cos Integer COS value
    spanning_tree_bpdufilter String Valid Values:
- enabled
- disabled
- True
- False
- true
- false
    spanning_tree_bpduguard String Valid Values:
- enabled
- disabled
- True
- False
- true
- false
    spanning_tree_guard String Valid Values:
- loop
- root
- disabled
    spanning_tree_portfast String Valid Values:
- edge
- network
    vmtracer Boolean
    priority_flow_control Dictionary
      enabled Boolean
      priorities List, items: Dictionary
        - priority Integer Required, Unique Min: 0
Max: 7
          no_drop Boolean
    bfd Dictionary
      echo Boolean
      interval Integer Interval in milliseconds
      min_rx Integer Rate in milliseconds
      multiplier Integer Min: 3
Max: 50
    service_policy Dictionary
      pbr Dictionary
        input String Policy Based Routing Policy-map name
      qos Dictionary
        input String Required Quality of Service Policy-map name
    mpls Dictionary
      ip Boolean
      ldp Dictionary
        interface Boolean
        igp_sync Boolean
    lacp_timer Dictionary
      mode String Valid Values:
- fast
- normal
      multiplier Integer Min: 3
Max: 3000
    lacp_port_priority Integer Min: 0
Max: 65535
    transceiver Dictionary
      media Dictionary
        override String Transceiver type
    ip_proxy_arp Boolean
    traffic_policy Dictionary
      input String Ingress traffic policy
      output String Egress traffic policy
    bgp Dictionary
      session_tracker String Name of session tracker
    peer String Key only used for documentation or validation purposes
    peer_interface String Key only used for documentation or validation purposes
    peer_type String Key only used for documentation or validation purposes
    sflow Dictionary
      enable Boolean
      egress Dictionary
        enable Boolean
        unmodified_enable Boolean
    port_profile String Key only used for documentation or validation purposes
    uc_tx_queues List, items: Dictionary
      - id Integer Required, Unique TX-Queue ID
        random_detect Dictionary
          ecn Dictionary Explicit Congestion Notification
            count Boolean Enable counter for random-detect ECNs
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- milliseconds
Indicate the units to be used for the threshold values
              min Integer Required Min: 1
Max: 256000000
Set the random-detect ECN minimum-threshold
              max Integer Required Min: 1
Max: 256000000
Set the random-detect ECN maximum-threshold
              max_probability Integer Min: 1
Max: 100
Set the random-detect ECN max-mark-probability
              weight Integer Min: 0
Max: 15
Set the random-detect ECN weight
    tx_queues List, items: Dictionary
      - id Integer Required, Unique TX-Queue ID
        random_detect Dictionary
          ecn Dictionary Explicit Congestion Notification
            count Boolean Enable counter for random-detect ECNs
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- milliseconds
Indicate the units to be used for the threshold values
              min Integer Min: 1
Max: 256000000
Set the random-detect ECN minimum-threshold
              max Integer Required Min: 1
Max: 256000000
Set the random-detect ECN maximum-threshold
              max_probability Integer Required Min: 1
Max: 100
Set the random-detect ECN max-mark-probability
              weight Integer Min: 0
Max: 15
Set the random-detect ECN weight
    vrrp_ids List, items: Dictionary VRRP model.
      - id Integer Required, Unique VRID
        priority_level Integer Min: 1
Max: 254
Instance priority
        advertisement Dictionary
          interval Integer Min: 1
Max: 255
Interval in seconds
        preempt Dictionary
          enabled Boolean Required
          delay Dictionary
            minimum Integer Min: 0
Max: 3600
Minimum preempt delay in seconds
            reload Integer Min: 0
Max: 3600
Reload preempt delay in seconds
        timers Dictionary
          delay Dictionary
            reload Integer Min: 0
Max: 3600
Delay after reload in seconds.
        tracked_object List, items: Dictionary
          - name String Required, Unique Tracked object name
            decrement Integer Min: 1
Max: 254
Decrement VRRP priority by 1-254
            shutdown Boolean
        ipv4 Dictionary
          address String Required Virtual IPv4 address
          version Integer Valid Values:
- 2
- 3
        ipv6 Dictionary
          address String Required Virtual IPv6 address
    eos_cli String Multiline EOS CLI rendered directly on the ethernet interface in the final EOS configuration
ethernet_interfaces:
  - name: <str; required; unique>
    description: <str>
    shutdown: <bool>

    # Interval in seconds for updating interface counters"
    load_interval: <int; 0-600>

    # Speed should be set in the format `<interface_speed>` or `forced <interface_speed>` or `auto <interface_speed>`.
    speed: <str>
    mtu: <int; 68-65535>

    # "l2_mtu" should only be defined for platforms supporting the "l2 mtu" CLI
    l2_mtu: <int; 68-65535>

    # "l2_mru" should only be defined for platforms supporting the "l2 mru" CLI
    l2_mru: <int; 68-65535>

    # List of switchport vlans as string
    # For a trunk port this would be a range like "1-200,300"
    # For an access port this would be a single vlan "123"
    vlans: <str>
    native_vlan: <int>

    # If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence
    native_vlan_tag: <bool>
    mode: <str; "access" | "dot1q-tunnel" | "trunk" | "trunk phone">
    phone:
      trunk: <str; "tagged" | "tagged phone" | "untagged" | "untagged phone">
      vlan: <int; 1-4094>
    l2_protocol:

      # Vlan tag to configure on sub-interface
      encapsulation_dot1q_vlan: <int>

      # L2 protocol forwarding profile
      forwarding_profile: <str>
    trunk_groups:
      - <str>

    # l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
    # Interface will not be listed in device documentation, unless "type" is set.
    type: <str; "routed" | "switched" | "l3dot1q" | "l2dot1q" | "port-channel-member">
    snmp_trap_link_change: <bool>
    address_locking:

      # Enable address locking for IPv4
      ipv4: <bool>

      # Enable address locking for IPv6
      ipv6: <bool>
    flowcontrol:
      received: <str; "desired" | "on" | "off">

    # VRF name
    vrf: <str>
    flow_tracker:

      # Sampled flow tracker name.
      sampled: <str>

      # Hardware flow tracker name.
      hardware: <str>
    error_correction_encoding:
      enabled: <bool; default=True>
      fire_code: <bool>
      reed_solomon: <bool>
    link_tracking_groups:

        # Group name
      - name: <str; required; unique>
        direction: <str; "upstream" | "downstream">
    evpn_ethernet_segment:

      # EVPN Ethernet Segment Identifier (Type 1 format)
      identifier: <str>
      redundancy: <str; "all-active" | "single-active">
      designated_forwarder_election:
        algorithm: <str; "modulus" | "preference">

        # Preference_value is only used when "algorithm" is "preference"
        preference_value: <int; 0-65535>

        # Dont_preempt is only used when "algorithm" is "preference"
        dont_preempt: <bool>
        hold_time: <int>
        subsequent_hold_time: <int>
        candidate_reachability_required: <bool>
      mpls:
        shared_index: <int; 1-1024>
        tunnel_flood_filter_time: <int>

      # EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx
      route_target: <str>

    # VLAN tag to configure on sub-interface
    encapsulation_dot1q_vlan: <int>
    encapsulation_vlan:
      client:
        dot1q:

          # Client VLAN ID
          vlan: <int>

          # Client Outer VLAN ID
          outer: <int>

          # Client Inner VLAN ID
          inner: <int>
        unmatched: <bool>

      # Network encapsulations are all optional and skipped if using client unmatched
      network:
        dot1q:

          # Network VLAN ID
          vlan: <int>

          # Network outer VLAN ID
          outer: <int>

          # Network inner VLAN ID
          inner: <int>
        client: <bool>
    vlan_id: <int; 1-4094>

    # IPv4 address/mask or "dhcp"
    ip_address: <str>
    ip_address_secondaries:
      - <str>

    # Install default-route obtained via DHCP
    dhcp_client_accept_default_route: <bool>

    # Enable IPv4 DHCP server.
    dhcp_server_ipv4: <bool>

    # Enable IPv6 DHCP server.
    dhcp_server_ipv6: <bool>
    ip_helpers:
      - ip_helper: <str; required; unique>

        # Source interface name
        source_interface: <str>

        # VRF name
        vrf: <str>
    ip_nat:

      # NAT interface profile.
      service_profile: <str>
      destination:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            pool_name: <str; required>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive
            group: <int; 1-65535>

            # IPv4 address
            original_ip: <str; required; unique>
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address
            translated_ip: <str; required>

            # requires 'original_port'
            translated_port: <int; 1-65535>
      source:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>

            # required if 'nat_type' is pool, pool-address-only or pool-full-cone
            # ignored if 'nat_type' is overload
            pool_name: <str>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive
            group: <int; 1-65535>

            # IPv4 address
            original_ip: <str; required; unique>
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address
            translated_ip: <str; required>

            # requires 'original_port'
            translated_port: <int; 1-65535>
    ipv6_enable: <bool>
    ipv6_address: <str>

    # Link local IPv6 address/mask
    ipv6_address_link_local: <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>
    ipv6_nd_prefixes:
      - ipv6_prefix: <str; required; unique>

        # Infinite or lifetime in seconds
        valid_lifetime: <str>

        # Infinite or lifetime in seconds
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>
    ipv6_dhcp_relay_destinations:

        # DHCP server's IPv6 address
      - address: <str; required; unique>
        vrf: <str>

        # Local interface to communicate with DHCP server - mutually exclusive to source_address
        local_interface: <str>

        # Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface
        source_address: <str>

        # Override the default link address specified in the relayed DHCP packet
        link_address: <str>

    # Access list name
    access_group_in: <str>

    # Access list name
    access_group_out: <str>

    # IPv6 access list name
    ipv6_access_group_in: <str>

    # IPv6 access list name
    ipv6_access_group_out: <str>

    # MAC access list name
    mac_access_group_in: <str>

    # MAC access list name
    mac_access_group_out: <str>

    # Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both
    multicast:
      ipv4:
        boundaries:

            # ACL name or multicast IP subnet
          - boundary: <str>
            out: <bool>
        static: <bool>
      ipv6:
        boundaries:

            # ACL name or multicast IP subnet
          - boundary: <str>
        static: <bool>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str; "none" | "simple" | "message-digest">

    # Encrypted password - only type 7 supported
    ospf_authentication_key: <str>
    ospf_message_digest_keys:
      - id: <int; required; unique>
        hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">

        # Encrypted password - only type 7 supported
        key: <str>
    pim:
      ipv4:
        dr_priority: <int; 0-429467295>
        sparse_mode: <bool>
    mac_security:
      profile: <str>
    channel_group:
      id: <int>
      mode: <str; "on" | "active" | "passive">

    # ISIS instance
    isis_enable: <str>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    isis_circuit_type: <str; "level-1-2" | "level-1" | "level-2">
    isis_hello_padding: <bool>
    isis_authentication_mode: <str; "text" | "md5">

    # Type-7 encrypted password
    isis_authentication_key: <str>
    poe:

      # Disable PoE on a POE capable port. PoE is enabled on all ports that support it by default in EOS.
      disabled: <bool; default=False>

      # Prioritize a port's power in the event that one of the switch's power supplies loses power
      priority: <str; "critical" | "high" | "medium" | "low">

      # Set the PoE power behavior for a PoE port when the system is rebooted
      reboot:

        # PoE action for interface
        action: <str; "maintain" | "power-off">

      # Set the PoE power behavior for a PoE port when the port goes down
      link_down:

        # PoE action for interface
        action: <str; "maintain" | "power-off">

        # Number of seconds to delay shutting the power off after a link down event occurs. Default value is 5 seconds in EOS.
        power_off_delay: <int; 1-86400>

      # Set the PoE power behavior for a PoE port when the port is admin down
      shutdown:

        # PoE action for interface
        action: <str; "maintain" | "power-off">

      # Override the hardware-negotiated power limit using either wattage or a power class. Note that if using a power class, AVD will automatically convert the class value to the wattage value corresponding to that power class.
      limit:
        class: <int; 0-8>
        watts: <str>

        # Set to ignore hardware classification
        fixed: <bool>

      # Disable to prevent port from negotiating power with powered devices over LLDP. Enabled by default in EOS.
      negotiation_lldp: <bool>

      # Allow a subset of legacy devices to work with the PoE switch. Disabled by default in EOS because it can cause false positive detections.
      legacy_detect: <bool>
    ptp:
      enable: <bool>
      announce:
        interval: <int>
        timeout: <int>
      delay_req: <int>
      delay_mechanism: <str; "e2e" | "p2p">
      sync_message:
        interval: <int>
      role: <str; "master" | "dynamic">

      # VLAN can be 'all' or list of vlans as string
      vlan: <str>
      transport: <str; "ipv4" | "ipv6" | "layer2">

    # Interface profile
    profile: <str>
    storm_control:
      all:

        # Configure maximum storm-control level
        level: <str>

        # Optional field and is hardware dependent
        unit: <str; "percent" | "pps"; default="percent">
      broadcast:

        # Configure maximum storm-control level
        level: <str>

        # Optional field and is hardware dependent
        unit: <str; "percent" | "pps"; default="percent">
      multicast:

        # Configure maximum storm-control level
        level: <str>

        # Optional field and is hardware dependent
        unit: <str; "percent" | "pps"; default="percent">
      unknown_unicast:

        # Configure maximum storm-control level
        level: <str>

        # Optional field and is hardware dependent
        unit: <str; "percent" | "pps"; default="percent">
    logging:
      event:
        link_status: <bool>
        congestion_drops: <bool>
        spanning_tree: <bool>
        storm_control_discards: <bool>
    lldp:
      transmit: <bool>
      receive: <bool>

      # ZTP vlan number
      ztp_vlan: <int>
    trunk_private_vlan_secondary: <bool>

    # List of vlans as string
    pvlan_mapping: <str>
    vlan_translations:

        # List of vlans as string (only one vlan if direction is "both")
      - from: <str>

        # VLAN ID
        to: <int>
        direction: <str; "in" | "out" | "both"; default="both">
    dot1x:
      port_control: <str; "auto" | "force-authorized" | "force-unauthorized">
      port_control_force_authorized_phone: <bool>
      reauthentication: <bool>
      pae:
        mode: <str; "authenticator">
      authentication_failure:
        action: <str; "allow" | "drop">
        allow_vlan: <int; 1-4094>
      host_mode:
        mode: <str; "multi-host" | "single-host">
        multi_host_authenticated: <bool>
      mac_based_authentication:
        enabled: <bool>
        always: <bool>
        host_mode_common: <bool>
      timeout:
        idle_host: <int; 10-65535>
        quiet_period: <int; 1-65535>

        # Value can be 60-4294967295 or 'server'
        reauth_period: <str>
        reauth_timeout_ignore: <bool>
        tx_period: <int; 1-65535>
      reauthorization_request_limit: <int; 1-10>
      unauthorized:
        access_vlan_membership_egress: <bool>
        native_vlan_membership_egress: <bool>
      eapol:
        disabled: <bool>
        authentication_failure_fallback_mba:
          enabled: <bool>
          timeout: <int; 0-65535>

    # QOS profile
    service_profile: <str>
    shape:

      # Rate in kbps, pps or percent
      # Supported options are platform dependent
      # Examples:
      # - "5000 kbps"
      # - "1000 pps"
      # - "20 percent"
      rate: <str>
    qos:
      trust: <str; "dscp" | "cos" | "disabled">

      # DSCP value
      dscp: <int>

      # COS value
      cos: <int>
    spanning_tree_bpdufilter: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
    spanning_tree_bpduguard: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
    spanning_tree_guard: <str; "loop" | "root" | "disabled">
    spanning_tree_portfast: <str; "edge" | "network">
    vmtracer: <bool>
    priority_flow_control:
      enabled: <bool>
      priorities:
        - priority: <int; 0-7; required; unique>
          no_drop: <bool>
    bfd:
      echo: <bool>

      # Interval in milliseconds
      interval: <int>

      # Rate in milliseconds
      min_rx: <int>
      multiplier: <int; 3-50>
    service_policy:
      pbr:

        # Policy Based Routing Policy-map name
        input: <str>
      qos:

        # Quality of Service Policy-map name
        input: <str; required>
    mpls:
      ip: <bool>
      ldp:
        interface: <bool>
        igp_sync: <bool>
    lacp_timer:
      mode: <str; "fast" | "normal">
      multiplier: <int; 3-3000>
    lacp_port_priority: <int; 0-65535>
    transceiver:
      media:

        # Transceiver type
        override: <str>
    ip_proxy_arp: <bool>
    traffic_policy:

      # Ingress traffic policy
      input: <str>

      # Egress traffic policy
      output: <str>
    bgp:

      # Name of session tracker
      session_tracker: <str>

    # Key only used for documentation or validation purposes
    peer: <str>

    # Key only used for documentation or validation purposes
    peer_interface: <str>

    # Key only used for documentation or validation purposes
    peer_type: <str>
    sflow:
      enable: <bool>
      egress:
        enable: <bool>
        unmodified_enable: <bool>

    # Key only used for documentation or validation purposes
    port_profile: <str>
    uc_tx_queues:

        # TX-Queue ID
      - id: <int; required; unique>
        random_detect:

          # Explicit Congestion Notification
          ecn:

            # Enable counter for random-detect ECNs
            count: <bool>
            threshold:

              # Indicate the units to be used for the threshold values
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>

              # Set the random-detect ECN minimum-threshold
              min: <int; 1-256000000; required>

              # Set the random-detect ECN maximum-threshold
              max: <int; 1-256000000; required>

              # Set the random-detect ECN max-mark-probability
              max_probability: <int; 1-100>

              # Set the random-detect ECN weight
              weight: <int; 0-15>
    tx_queues:

        # TX-Queue ID
      - id: <int; required; unique>
        random_detect:

          # Explicit Congestion Notification
          ecn:

            # Enable counter for random-detect ECNs
            count: <bool>
            threshold:

              # Indicate the units to be used for the threshold values
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>

              # Set the random-detect ECN minimum-threshold
              min: <int; 1-256000000>

              # Set the random-detect ECN maximum-threshold
              max: <int; 1-256000000; required>

              # Set the random-detect ECN max-mark-probability
              max_probability: <int; 1-100; required>

              # Set the random-detect ECN weight
              weight: <int; 0-15>

    # VRRP model.
    vrrp_ids:

        # VRID
      - id: <int; required; unique>

        # Instance priority
        priority_level: <int; 1-254>
        advertisement:

          # Interval in seconds
          interval: <int; 1-255>
        preempt:
          enabled: <bool; required>
          delay:

            # Minimum preempt delay in seconds
            minimum: <int; 0-3600>

            # Reload preempt delay in seconds
            reload: <int; 0-3600>
        timers:
          delay:

            # Delay after reload in seconds.
            reload: <int; 0-3600>
        tracked_object:

            # Tracked object name
          - name: <str; required; unique>

            # Decrement VRRP priority by 1-254
            decrement: <int; 1-254>
            shutdown: <bool>
        ipv4:

          # Virtual IPv4 address
          address: <str; required>
          version: <int; 2 | 3>
        ipv6:

          # Virtual IPv6 address
          address: <str; required>

    # Multiline EOS CLI rendered directly on the ethernet interface in the final EOS configuration
    eos_cli: <str>

Interface defaults

Variable Type Required Default Value Restrictions Description
interface_defaults Dictionary
  ethernet Dictionary
    shutdown Boolean
  mtu Integer
interface_defaults:
  ethernet:
    shutdown: <bool>
  mtu: <int>

Interface profiles

Variable Type Required Default Value Restrictions Description
interface_profiles List, items: Dictionary
  - name String Required, Unique Interface-Profile Name
    commands List, items: String Required
      - <str> String EOS CLI interface command
Example: “switchport mode access”
interface_profiles:

    # Interface-Profile Name
  - name: <str; required; unique>
    commands: # required

        # EOS CLI interface command
        # Example: "switchport mode access"
      - <str>

LACP

Variable Type Required Default Value Restrictions Description
lacp Dictionary Set Link Aggregation Control Protocol (LACP) parameters.
  port_id Dictionary LACP port-ID range configuration.
    range Dictionary
      begin Integer Minimum LACP port-ID range.
      end Integer Maximum LACP port-ID range.
  rate_limit Dictionary Set LACPDU rate limit options.
    default Boolean Enable LACPDU rate limiting by default on all ports.
  system_priority Integer Min: 0
Max: 65535
Set local system LACP priority.
# Set Link Aggregation Control Protocol (LACP) parameters.
lacp:

  # LACP port-ID range configuration.
  port_id:
    range:

      # Minimum LACP port-ID range.
      begin: <int>

      # Maximum LACP port-ID range.
      end: <int>

  # Set LACPDU rate limit options.
  rate_limit:

    # Enable LACPDU rate limiting by default on all ports.
    default: <bool>

  # Set local system LACP priority.
  system_priority: <int; 0-65535>
Variable Type Required Default Value Restrictions Description
link_tracking_groups List, items: Dictionary
  - name String Required, Unique
    links_minimum Integer Min: 1
Max: 100000
    recovery_delay Integer Min: 0
Max: 3600
link_tracking_groups:
  - name: <str; required; unique>
    links_minimum: <int; 1-100000>
    recovery_delay: <int; 0-3600>

LLDP

Variable Type Required Default Value Restrictions Description
lldp Dictionary
  timer Integer
  timer_reinitialization String
  holdtime Integer
  management_address String
  vrf String
  receive_packet_tagged_drop String
  tlvs List, items: Dictionary
    - name String Required, Unique Valid Values:
- link-aggregation
- management-address
- max-frame-size
- med
- port-description
- port-vlan
- power-via-mdi
- system-capabilities
- system-description
- system-name
- vlan-name
      transmit Boolean
  run Boolean
lldp:
  timer: <int>
  timer_reinitialization: <str>
  holdtime: <int>
  management_address: <str>
  vrf: <str>
  receive_packet_tagged_drop: <str>
  tlvs:
    - name: <str; "link-aggregation" | "management-address" | "max-frame-size" | "med" | "port-description" | "port-vlan" | "power-via-mdi" | "system-capabilities" | "system-description" | "system-name" | "vlan-name"; required; unique>
      transmit: <bool>
  run: <bool>

Loopback interfaces

Variable Type Required Default Value Restrictions Description
loopback_interfaces List, items: Dictionary
  - name String Required, Unique Loopback interface name e.g. “Loopback0”
    description String
    shutdown Boolean
    vrf String VRF name
    ip_address String IPv4_address/Mask
    ip_address_secondaries List, items: String
      - <str> String IPv4_address/Mask
    ipv6_enable Boolean
    ipv6_address String IPv6_address/Mask
    ip_proxy_arp Boolean
    ospf_area String
    mpls Dictionary
      ldp Dictionary
        interface Boolean
    isis_enable String ISIS instance name
    isis_passive Boolean
    isis_metric Integer
    isis_network_point_to_point Boolean
    node_segment Dictionary
      ipv4_index Integer
      ipv6_index Integer
    eos_cli String EOS CLI rendered directly on the loopback interface in the final EOS configuration
loopback_interfaces:

    # Loopback interface name e.g. "Loopback0"
  - name: <str; required; unique>
    description: <str>
    shutdown: <bool>

    # VRF name
    vrf: <str>

    # IPv4_address/Mask
    ip_address: <str>
    ip_address_secondaries:

        # IPv4_address/Mask
      - <str>
    ipv6_enable: <bool>

    # IPv6_address/Mask
    ipv6_address: <str>
    ip_proxy_arp: <bool>
    ospf_area: <str>
    mpls:
      ldp:
        interface: <bool>

    # ISIS instance name
    isis_enable: <str>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    node_segment:
      ipv4_index: <int>
      ipv6_index: <int>

    # EOS CLI rendered directly on the loopback interface in the final EOS configuration
    eos_cli: <str>

Management interfaces

Variable Type Required Default Value Restrictions Description
management_interfaces List, items: Dictionary
  - name String Required, Unique Management Interface Name
    description String
    shutdown Boolean
    speed String Speed should be set in the format <interface_speed> or forced <interface_speed> or auto <interface_speed>.
    mtu Integer
    vrf String VRF Name
    ip_address String IPv4_address/Mask
    ipv6_enable Boolean
    ipv6_address String IPv6_address/Mask
    type String oob Valid Values:
- oob
- inband
For documentation purposes only
    gateway String IPv4 address of default gateway in management VRF
    ipv6_gateway String IPv6 address of default gateway in management VRF
    mac_address String MAC address
    lldp Dictionary
      transmit Boolean
      receive Boolean
      ztp_vlan Integer ZTP vlan number
    eos_cli String Multiline EOS CLI rendered directly on the management interface in the final EOS configuration
management_interfaces:

    # Management Interface Name
  - name: <str; required; unique>
    description: <str>
    shutdown: <bool>

    # Speed should be set in the format `<interface_speed>` or `forced <interface_speed>` or `auto <interface_speed>`.
    speed: <str>
    mtu: <int>

    # VRF Name
    vrf: <str>

    # IPv4_address/Mask
    ip_address: <str>
    ipv6_enable: <bool>

    # IPv6_address/Mask
    ipv6_address: <str>

    # For documentation purposes only
    type: <str; "oob" | "inband"; default="oob">

    # IPv4 address of default gateway in management VRF
    gateway: <str>

    # IPv6 address of default gateway in management VRF
    ipv6_gateway: <str>

    # MAC address
    mac_address: <str>
    lldp:
      transmit: <bool>
      receive: <bool>

      # ZTP vlan number
      ztp_vlan: <int>

    # Multiline EOS CLI rendered directly on the management interface in the final EOS configuration
    eos_cli: <str>

Patch panel

Variable Type Required Default Value Restrictions Description
patch_panel Dictionary
  patches List, items: Dictionary
    - name String Required, Unique
      enabled Boolean
      connectors List, items: Dictionary Min Length: 2
Max Length: 2
Must have exactly two connectors to a patch of which at least one must be of type “interface”
        - id String Required, Unique
          type String Required Valid Values:
- interface
- pseudowire
          endpoint String Required String with relevant endpoint depending on type.
Examples:
- “Ethernet1”
- “Ethernet1 dot1q vlan 123”
- “bgp vpws TENANT_A pseudowire VPWS_PW_1”
- “ldp LDP_PW_1”
patch_panel:
  patches:
    - name: <str; required; unique>
      enabled: <bool>

      # Must have exactly two connectors to a patch of which at least one must be of type "interface"
      connectors: # 2-2 items
        - id: <str; required; unique>
          type: <str; "interface" | "pseudowire"; required>

          # String with relevant endpoint depending on type.
          # Examples:
          # - "Ethernet1"
          # - "Ethernet1 dot1q vlan 123"
          # - "bgp vpws TENANT_A pseudowire VPWS_PW_1"
          # - "ldp LDP_PW_1"
          endpoint: <str; required>

Port-channel interfaces

Variable Type Required Default Value Restrictions Description
port_channel_interfaces List, items: Dictionary
  - name String Required, Unique
    description String
    logging Dictionary
      event Dictionary
        link_status Boolean
    shutdown Boolean
    l2_mtu Integer Min: 68
Max: 65535
“l2_mtu” should only be defined for platforms supporting the “l2 mtu” CLI
    l2_mru Integer Min: 68
Max: 65535
“l2_mru” should only be defined for platforms supporting the “l2 mru” CLI
    vlans String List of switchport vlans as string
For a trunk port this would be a range like “1-200,300”
For an access port this would be a single vlan “123”
    snmp_trap_link_change Boolean
    type String Valid Values:
- routed
- switched
- l3dot1q
- l2dot1q
l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
Interface will not be listed in device documentation, unless “type” is set.
    encapsulation_dot1q_vlan Integer VLAN tag to configure on sub-interface
    vrf String VRF name
    encapsulation_vlan Dictionary
      client Dictionary
        dot1q Dictionary
          vlan Integer Client VLAN ID
          outer Integer Client Outer VLAN ID
          inner Integer Client Inner VLAN ID
        unmatched Boolean
      network Dictionary Network encapsulation are all optional, and skipped if using client unmatched
        dot1q Dictionary
          vlan Integer Network VLAN ID
          outer Integer Network Outer VLAN ID
          inner Integer Network Inner VLAN ID
        client Boolean
    vlan_id Integer Min: 1
Max: 4094
    mode String Valid Values:
- access
- dot1q-tunnel
- trunk
- trunk phone
    native_vlan Integer If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence
    native_vlan_tag Boolean False If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence
    link_tracking_groups List, items: Dictionary
      - name String Required, Unique Group name
        direction String Valid Values:
- upstream
- downstream
    phone Dictionary
      trunk String Valid Values:
- tagged
- untagged
      vlan Integer Min: 1
Max: 4094
    l2_protocol Dictionary
      encapsulation_dot1q_vlan Integer Vlan tag to configure on sub-interface
      forwarding_profile String L2 protocol forwarding profile
    mtu Integer Min: 68
Max: 65535
    mlag Integer Min: 1
Max: 2000
MLAG ID
    trunk_groups List, items: String
      - <str> String
    lacp_fallback_timeout Integer 90 Min: 0
Max: 300
Timeout in seconds
    lacp_fallback_mode String Valid Values:
- individual
- static
    qos Dictionary
      trust String Valid Values:
- dscp
- cos
- disabled
      dscp Integer DSCP value
      cos Integer COS value
    bfd Dictionary
      echo Boolean
      interval Integer Interval in milliseconds
      min_rx Integer Rate in milliseconds
      multiplier Integer Min: 3
Max: 50
    service_policy Dictionary
      pbr Dictionary
        input String Policy Based Routing Policy-map name
      qos Dictionary
        input String Required Quality of Service Policy-map name
    mpls Dictionary
      ip Boolean
      ldp Dictionary
        interface Boolean
        igp_sync Boolean
    trunk_private_vlan_secondary Boolean
    pvlan_mapping String List of vlans as string
    vlan_translations List, items: Dictionary
      - from String List of vlans as string (only one vlan if direction is “both”)
        to Integer VLAN ID
        direction String both Valid Values:
- in
- out
- both
    shape Dictionary
      rate String Rate in kbps, pps or percent
Supported options are platform dependent
Examples:
- “5000 kbps”
- “1000 pps”
- “20 percent”
    storm_control Dictionary
      all Dictionary
        level String Configure maximum storm-control level
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent
      broadcast Dictionary
        level String Configure maximum storm-control level
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent
      multicast Dictionary
        level String Configure maximum storm-control level
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent
      unknown_unicast Dictionary
        level String Configure maximum storm-control level
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent
    ip_proxy_arp Boolean
    isis_enable String ISIS instance
    isis_passive Boolean
    isis_metric Integer
    isis_network_point_to_point Boolean
    isis_circuit_type String Valid Values:
- level-1-2
- level-1
- level-2
    isis_hello_padding Boolean
    isis_authentication_mode String Valid Values:
- text
- md5
    isis_authentication_key String Type-7 encrypted password
    traffic_policy Dictionary
      input String Ingress traffic policy
      output String Egress traffic policy
    evpn_ethernet_segment Dictionary
      identifier String EVPN Ethernet Segment Identifier (Type 1 format)
      redundancy String Valid Values:
- all-active
- single-active
      designated_forwarder_election Dictionary
        algorithm String Valid Values:
- modulus
- preference
        preference_value Integer Min: 0
Max: 65535
Preference_value is only used when “algorithm” is “preference”
        dont_preempt Boolean False Dont_preempt is only used when “algorithm” is “preference”
        hold_time Integer
        subsequent_hold_time Integer
        candidate_reachability_required Boolean
      mpls Dictionary
        shared_index Integer Min: 1
Max: 1024
        tunnel_flood_filter_time Integer
      route_target String EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx
    esi deprecated String EVPN Ethernet Segment Identifier (Type 1 format)
If both “esi” and “evpn_ethernet_segment.identifier” are defined, the new variable takes precedence
This key is deprecated. Support will be removed in AVD version 5.0.0. Use evpn_ethernet_segment.identifier instead.
    rt deprecated String EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx
If both “rt” and “evpn_ethernet_segment.route_target” are defined, the new variable takes precedence
This key is deprecated. Support will be removed in AVD version 5.0.0. Use evpn_ethernet_segment.route_target instead.
    lacp_id String LACP ID with format xxxx.xxxx.xxxx
    spanning_tree_bpdufilter String Valid Values:
- enabled
- disabled
- True
- False
- true
- false
    spanning_tree_bpduguard String Valid Values:
- enabled
- disabled
- True
- False
- true
- false
    spanning_tree_guard String Valid Values:
- loop
- root
- disabled
    spanning_tree_portfast String Valid Values:
- edge
- network
    vmtracer Boolean
    ptp Dictionary
      enable Boolean
      announce Dictionary
        interval Integer
        timeout Integer
      delay_req Integer
      delay_mechanism String Valid Values:
- e2e
- p2p
      sync_message Dictionary
        interval Integer
      role String Valid Values:
- master
- dynamic
      vlan String VLAN can be ‘all’ or list of vlans as string
      transport String Valid Values:
- ipv4
- ipv6
- layer2
    ip_address String IPv4 address/mask
    ip_nat Dictionary
      destination Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            pool_name String Required
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive
            original_ip String Required, Unique IPv4 address
            original_port Integer Min: 1
Max: 65535
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’
      source Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            nat_type String Required Valid Values:
- overload
- pool
- pool-address-only
- pool-full-cone
            pool_name String required if ‘nat_type’ is pool, pool-address-only or pool-full-cone
ignored if ‘nat_type’ is overload
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive
            original_ip String Required, Unique IPv4 address
            original_port Integer Min: 1
Max: 65535
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’
    ipv6_enable Boolean
    ipv6_address String IPv6 address/mask
    ipv6_address_link_local String Link local IPv6 address/mask
    ipv6_nd_ra_disabled Boolean
    ipv6_nd_managed_config_flag Boolean
    ipv6_nd_prefixes List, items: Dictionary
      - ipv6_prefix String Required, Unique
        valid_lifetime String Infinite or lifetime in seconds
        preferred_lifetime String Infinite or lifetime in seconds
        no_autoconfig_flag Boolean
    access_group_in String Access list name
    access_group_out String Access list name
    ipv6_access_group_in String IPv6 access list name
    ipv6_access_group_out String IPv6 access list name
    mac_access_group_in String MAC access list name
    mac_access_group_out String MAC access list name
    pim Dictionary
      ipv4 Dictionary
        dr_priority Integer Min: 0
Max: 429467295
        sparse_mode Boolean
    service_profile String QOS profile
    ospf_network_point_to_point Boolean
    ospf_area String
    ospf_cost Integer
    ospf_authentication String Valid Values:
- none
- simple
- message-digest
    ospf_authentication_key String Encrypted password
    ospf_message_digest_keys List, items: Dictionary
      - id Integer Required, Unique
        hash_algorithm String Valid Values:
- md5
- sha1
- sha256
- sha384
- sha512
        key String Encrypted password
    flow_tracker Dictionary
      sampled String Sampled flow tracker name.
      hardware String Hardware flow tracker name.
    bgp Dictionary
      session_tracker String Name of session tracker
    peer String Key only used for documentation or validation purposes
    peer_interface String Key only used for documentation or validation purposes
    peer_type String Key only used for documentation or validation purposes
    sflow Dictionary
      enable Boolean
      egress Dictionary
        enable Boolean
        unmodified_enable Boolean
    eos_cli String Multiline EOS CLI rendered directly on the port-channel interface in the final EOS configuration
port_channel_interfaces:
  - name: <str; required; unique>
    description: <str>
    logging:
      event:
        link_status: <bool>
    shutdown: <bool>

    # "l2_mtu" should only be defined for platforms supporting the "l2 mtu" CLI
    l2_mtu: <int; 68-65535>

    # "l2_mru" should only be defined for platforms supporting the "l2 mru" CLI
    l2_mru: <int; 68-65535>

    # List of switchport vlans as string
    # For a trunk port this would be a range like "1-200,300"
    # For an access port this would be a single vlan "123"
    vlans: <str>
    snmp_trap_link_change: <bool>

    # l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
    # Interface will not be listed in device documentation, unless "type" is set.
    type: <str; "routed" | "switched" | "l3dot1q" | "l2dot1q">

    # VLAN tag to configure on sub-interface
    encapsulation_dot1q_vlan: <int>

    # VRF name
    vrf: <str>
    encapsulation_vlan:
      client:
        dot1q:

          # Client VLAN ID
          vlan: <int>

          # Client Outer VLAN ID
          outer: <int>

          # Client Inner VLAN ID
          inner: <int>
        unmatched: <bool>

      # Network encapsulation are all optional, and skipped if using client unmatched
      network:
        dot1q:

          # Network VLAN ID
          vlan: <int>

          # Network Outer VLAN ID
          outer: <int>

          # Network Inner VLAN ID
          inner: <int>
        client: <bool>
    vlan_id: <int; 1-4094>
    mode: <str; "access" | "dot1q-tunnel" | "trunk" | "trunk phone">

    # If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence
    native_vlan: <int>

    # If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence
    native_vlan_tag: <bool; default=False>
    link_tracking_groups:

        # Group name
      - name: <str; required; unique>
        direction: <str; "upstream" | "downstream">
    phone:
      trunk: <str; "tagged" | "untagged">
      vlan: <int; 1-4094>
    l2_protocol:

      # Vlan tag to configure on sub-interface
      encapsulation_dot1q_vlan: <int>

      # L2 protocol forwarding profile
      forwarding_profile: <str>
    mtu: <int; 68-65535>

    # MLAG ID
    mlag: <int; 1-2000>
    trunk_groups:
      - <str>

    # Timeout in seconds
    lacp_fallback_timeout: <int; 0-300; default=90>
    lacp_fallback_mode: <str; "individual" | "static">
    qos:
      trust: <str; "dscp" | "cos" | "disabled">

      # DSCP value
      dscp: <int>

      # COS value
      cos: <int>
    bfd:
      echo: <bool>

      # Interval in milliseconds
      interval: <int>

      # Rate in milliseconds
      min_rx: <int>
      multiplier: <int; 3-50>
    service_policy:
      pbr:

        # Policy Based Routing Policy-map name
        input: <str>
      qos:

        # Quality of Service Policy-map name
        input: <str; required>
    mpls:
      ip: <bool>
      ldp:
        interface: <bool>
        igp_sync: <bool>
    trunk_private_vlan_secondary: <bool>

    # List of vlans as string
    pvlan_mapping: <str>
    vlan_translations:

        # List of vlans as string (only one vlan if direction is "both")
      - from: <str>

        # VLAN ID
        to: <int>
        direction: <str; "in" | "out" | "both"; default="both">
    shape:

      # Rate in kbps, pps or percent
      # Supported options are platform dependent
      # Examples:
      # - "5000 kbps"
      # - "1000 pps"
      # - "20 percent"
      rate: <str>
    storm_control:
      all:

        # Configure maximum storm-control level
        level: <str>

        # Optional field and is hardware dependent
        unit: <str; "percent" | "pps"; default="percent">
      broadcast:

        # Configure maximum storm-control level
        level: <str>

        # Optional field and is hardware dependent
        unit: <str; "percent" | "pps"; default="percent">
      multicast:

        # Configure maximum storm-control level
        level: <str>

        # Optional field and is hardware dependent
        unit: <str; "percent" | "pps"; default="percent">
      unknown_unicast:

        # Configure maximum storm-control level
        level: <str>

        # Optional field and is hardware dependent
        unit: <str; "percent" | "pps"; default="percent">
    ip_proxy_arp: <bool>

    # ISIS instance
    isis_enable: <str>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    isis_circuit_type: <str; "level-1-2" | "level-1" | "level-2">
    isis_hello_padding: <bool>
    isis_authentication_mode: <str; "text" | "md5">

    # Type-7 encrypted password
    isis_authentication_key: <str>
    traffic_policy:

      # Ingress traffic policy
      input: <str>

      # Egress traffic policy
      output: <str>
    evpn_ethernet_segment:

      # EVPN Ethernet Segment Identifier (Type 1 format)
      identifier: <str>
      redundancy: <str; "all-active" | "single-active">
      designated_forwarder_election:
        algorithm: <str; "modulus" | "preference">

        # Preference_value is only used when "algorithm" is "preference"
        preference_value: <int; 0-65535>

        # Dont_preempt is only used when "algorithm" is "preference"
        dont_preempt: <bool; default=False>
        hold_time: <int>
        subsequent_hold_time: <int>
        candidate_reachability_required: <bool>
      mpls:
        shared_index: <int; 1-1024>
        tunnel_flood_filter_time: <int>

      # EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx
      route_target: <str>

    # EVPN Ethernet Segment Identifier (Type 1 format)
    # If both "esi" and "evpn_ethernet_segment.identifier" are defined, the new variable takes precedence
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>evpn_ethernet_segment.identifier</samp> instead.
    esi: <str>

    # EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx
    # If both "rt" and "evpn_ethernet_segment.route_target" are defined, the new variable takes precedence
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>evpn_ethernet_segment.route_target</samp> instead.
    rt: <str>

    # LACP ID with format xxxx.xxxx.xxxx
    lacp_id: <str>
    spanning_tree_bpdufilter: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
    spanning_tree_bpduguard: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
    spanning_tree_guard: <str; "loop" | "root" | "disabled">
    spanning_tree_portfast: <str; "edge" | "network">
    vmtracer: <bool>
    ptp:
      enable: <bool>
      announce:
        interval: <int>
        timeout: <int>
      delay_req: <int>
      delay_mechanism: <str; "e2e" | "p2p">
      sync_message:
        interval: <int>
      role: <str; "master" | "dynamic">

      # VLAN can be 'all' or list of vlans as string
      vlan: <str>
      transport: <str; "ipv4" | "ipv6" | "layer2">

    # IPv4 address/mask
    ip_address: <str>
    ip_nat:
      destination:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            pool_name: <str; required>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive
            group: <int; 1-65535>

            # IPv4 address
            original_ip: <str; required; unique>
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address
            translated_ip: <str; required>

            # requires 'original_port'
            translated_port: <int; 1-65535>
      source:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>

            # required if 'nat_type' is pool, pool-address-only or pool-full-cone
            # ignored if 'nat_type' is overload
            pool_name: <str>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive
            group: <int; 1-65535>

            # IPv4 address
            original_ip: <str; required; unique>
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address
            translated_ip: <str; required>

            # requires 'original_port'
            translated_port: <int; 1-65535>
    ipv6_enable: <bool>

    # IPv6 address/mask
    ipv6_address: <str>

    # Link local IPv6 address/mask
    ipv6_address_link_local: <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>
    ipv6_nd_prefixes:
      - ipv6_prefix: <str; required; unique>

        # Infinite or lifetime in seconds
        valid_lifetime: <str>

        # Infinite or lifetime in seconds
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>

    # Access list name
    access_group_in: <str>

    # Access list name
    access_group_out: <str>

    # IPv6 access list name
    ipv6_access_group_in: <str>

    # IPv6 access list name
    ipv6_access_group_out: <str>

    # MAC access list name
    mac_access_group_in: <str>

    # MAC access list name
    mac_access_group_out: <str>
    pim:
      ipv4:
        dr_priority: <int; 0-429467295>
        sparse_mode: <bool>

    # QOS profile
    service_profile: <str>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str; "none" | "simple" | "message-digest">

    # Encrypted password
    ospf_authentication_key: <str>
    ospf_message_digest_keys:
      - id: <int; required; unique>
        hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">

        # Encrypted password
        key: <str>
    flow_tracker:

      # Sampled flow tracker name.
      sampled: <str>

      # Hardware flow tracker name.
      hardware: <str>
    bgp:

      # Name of session tracker
      session_tracker: <str>

    # Key only used for documentation or validation purposes
    peer: <str>

    # Key only used for documentation or validation purposes
    peer_interface: <str>

    # Key only used for documentation or validation purposes
    peer_type: <str>
    sflow:
      enable: <bool>
      egress:
        enable: <bool>
        unmodified_enable: <bool>

    # Multiline EOS CLI rendered directly on the port-channel interface in the final EOS configuration
    eos_cli: <str>

Switchport default

Variable Type Required Default Value Restrictions Description
switchport_default Dictionary
  mode String Valid Values:
- routed
- access
  phone Dictionary
    cos Integer Min: 0
Max: 7
    trunk String Valid Values:
- tagged
- untagged
    vlan Integer Min: 1
Max: 4094
VLAN ID
switchport_default:
  mode: <str; "routed" | "access">
  phone:
    cos: <int; 0-7>
    trunk: <str; "tagged" | "untagged">

    # VLAN ID
    vlan: <int; 1-4094>

Tunnel interfaces

Variable Type Required Default Value Restrictions Description
tunnel_interfaces List, items: Dictionary
  - name String Required, Unique Tunnel Interface Name
    description String
    shutdown Boolean
    mtu Integer Min: 68
Max: 65535
    vrf String VRF Name
    ip_address String Format: ipv4_cidr IPv4_address/Mask
    ipv6_enable Boolean
    ipv6_address String Format: ipv6_cidr IPv6_address/Mask
    access_group_in String IPv4 ACL Name for ingress
    access_group_out String IPv4 ACL Name for egress
    ipv6_access_group_in String IPv6 ACL Name for ingress
    ipv6_access_group_out String IPv6 ACL Name for egress
    tcp_mss_ceiling Dictionary
      ipv4 Integer Min: 64
Max: 65495
Segment Size for IPv4
      ipv6 Integer Min: 64
Max: 65475
Segment Size for IPv6
      direction String Valid Values:
- ingress
- egress
Optional direction (‘ingress’, ‘egress’) for tcp mss ceiling
    source_interface String Tunnel Source Interface Name
    destination String IPv4 or IPv6 Address Tunnel Destination
    path_mtu_discovery Boolean Enable Path MTU Discovery On Tunnel
    eos_cli String Multiline String with EOS CLI rendered directly on the Tunnel interface in the final EOS configuration.
tunnel_interfaces:

    # Tunnel Interface Name
  - name: <str; required; unique>
    description: <str>
    shutdown: <bool>
    mtu: <int; 68-65535>

    # VRF Name
    vrf: <str>

    # IPv4_address/Mask
    ip_address: <str>
    ipv6_enable: <bool>

    # IPv6_address/Mask
    ipv6_address: <str>

    # IPv4 ACL Name for ingress
    access_group_in: <str>

    # IPv4 ACL Name for egress
    access_group_out: <str>

    # IPv6 ACL Name for ingress
    ipv6_access_group_in: <str>

    # IPv6 ACL Name for egress
    ipv6_access_group_out: <str>
    tcp_mss_ceiling:

      # Segment Size for IPv4
      ipv4: <int; 64-65495>

      # Segment Size for IPv6
      ipv6: <int; 64-65475>

      # Optional direction ('ingress', 'egress')  for tcp mss ceiling
      direction: <str; "ingress" | "egress">

    # Tunnel Source Interface Name
    source_interface: <str>

    # IPv4 or IPv6 Address Tunnel Destination
    destination: <str>

    # Enable Path MTU Discovery On Tunnel
    path_mtu_discovery: <bool>

    # Multiline String with EOS CLI rendered directly on the Tunnel interface in the final EOS configuration.
    eos_cli: <str>

VLAN interfaces

Variable Type Required Default Value Restrictions Description
vlan_interfaces List, items: Dictionary
  - name String Required, Unique VLAN interface name like “Vlan123”
    description String
    shutdown Boolean
    vrf String VRF name
    arp_aging_timeout Integer Min: 1
Max: 65535
In seconds
    arp_cache_dynamic_capacity Integer Min: 0
Max: 4294967295
    arp_gratuitous_accept Boolean
    arp_monitor_mac_address Boolean
    ip_proxy_arp Boolean
    ip_directed_broadcast Boolean
    ip_address String IPv4_address/Mask
    ip_address_secondaries List, items: String
      - <str> String IPv4_address/Mask
    ip_virtual_router_addresses List, items: String
      - <str> String IPv4 address or IPv4_address/Mask
    ip_address_virtual String IPv4_address/Mask
    ip_address_virtual_secondaries List, items: String
      - <str> String IPv4_address/Mask
    ip_igmp Boolean
    ip_igmp_version Integer Min: 1
Max: 3
    ip_helpers List, items: Dictionary List of DHCP servers
      - ip_helper String Required, Unique IP address or hostname of DHCP server
        source_interface String Interface used as source for forwarded DHCP packets
        vrf String VRF where DHCP server can be reached
    ip_nat Dictionary
      destination Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            pool_name String Required
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive
            original_ip String Required, Unique IPv4 address
            original_port Integer Min: 1
Max: 65535
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’
      source Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            nat_type String Required Valid Values:
- overload
- pool
- pool-address-only
- pool-full-cone
            pool_name String required if ‘nat_type’ is pool, pool-address-only or pool-full-cone
ignored if ‘nat_type’ is overload
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive
            original_ip String Required, Unique IPv4 address
            original_port Integer Min: 1
Max: 65535
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’
    ipv6_enable Boolean
    ipv6_address String IPv6_address/Mask
    ipv6_address_virtual deprecated String IPv6_address/Mask
If both “ipv6_address_virtual” and “ipv6_address_virtuals” are set, all addresses will be configured
This key is deprecated. Support will be removed in AVD version 5.0.0. Use ipv6_address_virtuals instead.
    ipv6_address_virtuals List, items: String The new “ipv6_address_virtuals” key support multiple virtual ipv6 addresses.
      - <str> String IPv6_address/Mask
    ipv6_address_link_local String IPv6_address/Mask
    ipv6_virtual_router_address deprecated String “ipv6_virtual_router_address” should not be mixed with
the new “ipv6_virtual_router_addresses” key below to avoid conflicts.
This key is deprecated. Support will be removed in AVD version 5.0.0. Use ipv6_virtual_router_addresses instead.
    ipv6_virtual_router_addresses List, items: String Improved “VARPv6” data model to support multiple VARPv6 addresses.
      - <str> String IPv6 address or IPv6_address/Mask
    ipv6_nd_ra_disabled Boolean
    ipv6_nd_managed_config_flag Boolean
    ipv6_nd_prefixes List, items: Dictionary
      - ipv6_prefix String Required, Unique IPv6_address/Mask
        valid_lifetime String In seconds <0-4294967295> or infinite
        preferred_lifetime String In seconds <0-4294967295> or infinite
        no_autoconfig_flag Boolean
    ipv6_dhcp_relay_destinations List, items: Dictionary
      - address String Required, Unique DHCP server’s IPv6 address
        vrf String
        local_interface String Local interface to communicate with DHCP server - mutually exclusive to source_address
        source_address String Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface
        link_address String Override the default link address specified in the relayed DHCP packet
    access_group_in String IPv4 access-list name
    access_group_out String IPv4 access-list name
    ipv6_access_group_in String IPv6 access-list name
    ipv6_access_group_out String IPv6 access-list name
    multicast Dictionary
      ipv4 Dictionary
        boundaries List, items: Dictionary Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both
          - boundary String Required, Unique IPv4 access-list name or IPv4 multicast group prefix with mask
            out Boolean
        source_route_export Dictionary
          enabled Boolean Required
          administrative_distance Integer Min: 1
Max: 255
        static Boolean
      ipv6 Dictionary
        boundaries List, items: Dictionary Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both
          - boundary String Required, Unique IPv6 access-list name or IPv6 multicast group prefix with mask
        source_route_export Dictionary
          enabled Boolean Required
          administrative_distance Integer Min: 1
Max: 255
        static Boolean
    ospf_network_point_to_point Boolean
    ospf_area String
    ospf_cost Integer
    ospf_authentication String Valid Values:
- none
- simple
- message-digest
    ospf_authentication_key String Encrypted password used for simple authentication
    ospf_message_digest_keys List, items: Dictionary Keys used for message-digest authentication
      - id Integer Required, Unique
        hash_algorithm String Valid Values:
- md5
- sha1
- sha256
- sha384
- sha512
        key String Encrypted password
    pim Dictionary
      ipv4 Dictionary
        dr_priority Integer Min: 0
Max: 429467295
        sparse_mode Boolean
        local_interface String
    isis_enable String ISIS instance name
    isis_passive Boolean
    isis_metric Integer
    isis_network_point_to_point Boolean
    mtu Integer
    no_autostate Boolean
    vrrp_ids List, items: Dictionary Improved “vrrp” data model to support multiple VRRP IDs
      - id Integer Required, Unique VRID
        priority_level Integer Min: 1
Max: 254
Instance priority
        advertisement Dictionary
          interval Integer Min: 1
Max: 255
Interval in seconds
        preempt Dictionary
          enabled Boolean Required
          delay Dictionary
            minimum Integer Min: 0
Max: 3600
Minimum preempt delay in seconds
            reload Integer Min: 0
Max: 3600
Reload preempt delay in seconds
        timers Dictionary
          delay Dictionary
            reload Integer Min: 0
Max: 3600
Delay after reload in seconds.
        tracked_object List, items: Dictionary
          - name String Required, Unique Tracked object name
            decrement Integer Min: 1
Max: 254
Decrement VRRP priority by 1-254
            shutdown Boolean
        ipv4 Dictionary
          address String Required Virtual IPv4 address
          version Integer Valid Values:
- 2
- 3
        ipv6 Dictionary
          address String Required Virtual IPv6 address
    vrrp deprecated Dictionary “vrrp” should not be mixed with the new “vrrp_ids” key above to avoid conflicts.
This key is deprecated. Support will be removed in AVD version 5.0.0. Use vrrp_ids instead.
      virtual_router String Virtual Router ID
      priority Integer Instance priority
      advertisement_interval Integer
      preempt_delay_minimum Integer
      ipv4 String Virtual IPv4 address
      ipv6 String Virtual IPv6 address
    ip_attached_host_route_export Dictionary
      enabled Boolean Required
      distance Integer Min: 1
Max: 255
    bfd Dictionary
      echo Boolean
      interval Integer Rate in milliseconds
      min_rx Integer Minimum RX hold time in milliseconds
      multiplier Integer Min: 3
Max: 50
    service_policy Dictionary
      pbr Dictionary
        input String Name of policy-map used for policy based routing
    pvlan_mapping String List of VLANs as string
    tenant String Key only used for documentation or validation purposes
    tags List, items: String Key only used for documentation or validation purposes
      - <str> String
    type String Key only used for documentation or validation purposes
    eos_cli String Multiline EOS CLI rendered directly on the VLAN interface in the final EOS configuration
vlan_interfaces:

    # VLAN interface name like "Vlan123"
  - name: <str; required; unique>
    description: <str>
    shutdown: <bool>

    # VRF name
    vrf: <str>

    # In seconds
    arp_aging_timeout: <int; 1-65535>
    arp_cache_dynamic_capacity: <int; 0-4294967295>
    arp_gratuitous_accept: <bool>
    arp_monitor_mac_address: <bool>
    ip_proxy_arp: <bool>
    ip_directed_broadcast: <bool>

    # IPv4_address/Mask
    ip_address: <str>
    ip_address_secondaries:

        # IPv4_address/Mask
      - <str>
    ip_virtual_router_addresses:

        # IPv4 address or IPv4_address/Mask
      - <str>

    # IPv4_address/Mask
    ip_address_virtual: <str>
    ip_address_virtual_secondaries:

        # IPv4_address/Mask
      - <str>
    ip_igmp: <bool>
    ip_igmp_version: <int; 1-3>

    # List of DHCP servers
    ip_helpers:

        # IP address or hostname of DHCP server
      - ip_helper: <str; required; unique>

        # Interface used as source for forwarded DHCP packets
        source_interface: <str>

        # VRF where DHCP server can be reached
        vrf: <str>
    ip_nat:
      destination:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            pool_name: <str; required>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive
            group: <int; 1-65535>

            # IPv4 address
            original_ip: <str; required; unique>
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address
            translated_ip: <str; required>

            # requires 'original_port'
            translated_port: <int; 1-65535>
      source:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>

            # required if 'nat_type' is pool, pool-address-only or pool-full-cone
            # ignored if 'nat_type' is overload
            pool_name: <str>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive
            group: <int; 1-65535>

            # IPv4 address
            original_ip: <str; required; unique>
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address
            translated_ip: <str; required>

            # requires 'original_port'
            translated_port: <int; 1-65535>
    ipv6_enable: <bool>

    # IPv6_address/Mask
    ipv6_address: <str>

    # IPv6_address/Mask
    # If both "ipv6_address_virtual" and "ipv6_address_virtuals" are set, all addresses will be configured
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>ipv6_address_virtuals</samp> instead.
    ipv6_address_virtual: <str>

    # The new "ipv6_address_virtuals" key support multiple virtual ipv6 addresses.
    ipv6_address_virtuals:

        # IPv6_address/Mask
      - <str>

    # IPv6_address/Mask
    ipv6_address_link_local: <str>

    # "ipv6_virtual_router_address" should not be mixed with
    # the new "ipv6_virtual_router_addresses" key below to avoid conflicts.
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>ipv6_virtual_router_addresses</samp> instead.
    ipv6_virtual_router_address: <str>

    # Improved "VARPv6" data model to support multiple VARPv6 addresses.
    ipv6_virtual_router_addresses:

        # IPv6 address or IPv6_address/Mask
      - <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>
    ipv6_nd_prefixes:

        # IPv6_address/Mask
      - ipv6_prefix: <str; required; unique>

        # In seconds <0-4294967295> or infinite
        valid_lifetime: <str>

        # In seconds <0-4294967295> or infinite
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>
    ipv6_dhcp_relay_destinations:

        # DHCP server's IPv6 address
      - address: <str; required; unique>
        vrf: <str>

        # Local interface to communicate with DHCP server - mutually exclusive to source_address
        local_interface: <str>

        # Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface
        source_address: <str>

        # Override the default link address specified in the relayed DHCP packet
        link_address: <str>

    # IPv4 access-list name
    access_group_in: <str>

    # IPv4 access-list name
    access_group_out: <str>

    # IPv6 access-list name
    ipv6_access_group_in: <str>

    # IPv6 access-list name
    ipv6_access_group_out: <str>
    multicast:
      ipv4:

        # Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both
        boundaries:

            # IPv4 access-list name or IPv4 multicast group prefix with mask
          - boundary: <str; required; unique>
            out: <bool>
        source_route_export:
          enabled: <bool; required>
          administrative_distance: <int; 1-255>
        static: <bool>
      ipv6:

        # Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both
        boundaries:

            # IPv6 access-list name or IPv6 multicast group prefix with mask
          - boundary: <str; required; unique>
        source_route_export:
          enabled: <bool; required>
          administrative_distance: <int; 1-255>
        static: <bool>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str; "none" | "simple" | "message-digest">

    # Encrypted password used for simple authentication
    ospf_authentication_key: <str>

    # Keys used for message-digest authentication
    ospf_message_digest_keys:
      - id: <int; required; unique>
        hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">

        # Encrypted password
        key: <str>
    pim:
      ipv4:
        dr_priority: <int; 0-429467295>
        sparse_mode: <bool>
        local_interface: <str>

    # ISIS instance name
    isis_enable: <str>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    mtu: <int>
    no_autostate: <bool>

    # Improved "vrrp" data model to support multiple VRRP IDs
    vrrp_ids:

        # VRID
      - id: <int; required; unique>

        # Instance priority
        priority_level: <int; 1-254>
        advertisement:

          # Interval in seconds
          interval: <int; 1-255>
        preempt:
          enabled: <bool; required>
          delay:

            # Minimum preempt delay in seconds
            minimum: <int; 0-3600>

            # Reload preempt delay in seconds
            reload: <int; 0-3600>
        timers:
          delay:

            # Delay after reload in seconds.
            reload: <int; 0-3600>
        tracked_object:

            # Tracked object name
          - name: <str; required; unique>

            # Decrement VRRP priority by 1-254
            decrement: <int; 1-254>
            shutdown: <bool>
        ipv4:

          # Virtual IPv4 address
          address: <str; required>
          version: <int; 2 | 3>
        ipv6:

          # Virtual IPv6 address
          address: <str; required>

    # "vrrp" should not be mixed with the new "vrrp_ids" key above to avoid conflicts.
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>vrrp_ids</samp> instead.
    vrrp:

      # Virtual Router ID
      virtual_router: <str>

      # Instance priority
      priority: <int>
      advertisement_interval: <int>
      preempt_delay_minimum: <int>

      # Virtual IPv4 address
      ipv4: <str>

      # Virtual IPv6 address
      ipv6: <str>
    ip_attached_host_route_export:
      enabled: <bool; required>
      distance: <int; 1-255>
    bfd:
      echo: <bool>

      # Rate in milliseconds
      interval: <int>

      # Minimum RX hold time in milliseconds
      min_rx: <int>
      multiplier: <int; 3-50>
    service_policy:
      pbr:

        # Name of policy-map used for policy based routing
        input: <str>

    # List of VLANs as string
    pvlan_mapping: <str>

    # Key only used for documentation or validation purposes
    tenant: <str>

    # Key only used for documentation or validation purposes
    tags:
      - <str>

    # Key only used for documentation or validation purposes
    type: <str>

    # Multiline EOS CLI rendered directly on the VLAN interface in the final EOS configuration
    eos_cli: <str>

VXLAN interface

Variable Type Required Default Value Restrictions Description
vxlan_interface Dictionary
  Vxlan1 Dictionary
    description String
    vxlan Dictionary
      source_interface String Source Interface Name
      controller_client Dictionary Client to CVX Controllers
        enabled Boolean
      mlag_source_interface String
      udp_port Integer
      virtual_router_encapsulation_mac_address String “mlag-system-id” or ethernet_address (H.H.H)
      bfd_vtep_evpn Dictionary
        interval Integer
        min_rx Integer
        multiplier Integer Min: 3
Max: 50
        prefix_list String
      qos Dictionary For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in “DSCP Trust” mode.
!!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping.
        dscp_propagation_encapsulation Boolean
        ecn_propagation Boolean Enable copying the ECN marking to/from encapsulated packets.
        map_dscp_to_traffic_class_decapsulation Boolean
      vlans List, items: Dictionary
        - id Integer Required, Unique VLAN ID
          vni Integer
          multicast_group String IP Multicast Group Address
          flood_vteps List, items: String
            - <str> String Remote VTEP IP Address
      vrfs List, items: Dictionary
        - name String Required, Unique VRF Name
          vni Integer
          multicast_group String IP Multicast Group Address
      flood_vteps List, items: String
        - <str> String Remote VTEP IP Address
      flood_vtep_learned_data_plane Boolean
    eos_cli String Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration.
vxlan_interface:
  Vxlan1:
    description: <str>
    vxlan:

      # Source Interface Name
      source_interface: <str>

      # Client to CVX Controllers
      controller_client:
        enabled: <bool>
      mlag_source_interface: <str>
      udp_port: <int>

      # "mlag-system-id" or ethernet_address (H.H.H)
      virtual_router_encapsulation_mac_address: <str>
      bfd_vtep_evpn:
        interval: <int>
        min_rx: <int>
        multiplier: <int; 3-50>
        prefix_list: <str>

      # For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in "DSCP Trust" mode.
      # !!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping.
      qos:
        dscp_propagation_encapsulation: <bool>

        # Enable copying the ECN marking to/from encapsulated packets.
        ecn_propagation: <bool>
        map_dscp_to_traffic_class_decapsulation: <bool>
      vlans:

          # VLAN ID
        - id: <int; required; unique>
          vni: <int>

          # IP Multicast Group Address
          multicast_group: <str>
          flood_vteps:

              # Remote VTEP IP Address
            - <str>
      vrfs:

          # VRF Name
        - name: <str; required; unique>
          vni: <int>

          # IP Multicast Group Address
          multicast_group: <str>
      flood_vteps:

          # Remote VTEP IP Address
        - <str>
      flood_vtep_learned_data_plane: <bool>

    # Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration.
    eos_cli: <str>

Maintenance Mode

BGP groups

Variable Type Required Default Value Restrictions Description
bgp_groups List, items: Dictionary
  - name String Required, Unique Group Name
    vrf String
    neighbors List, items: String
      - <str> String
    bgp_maintenance_profiles List, items: String
      - <str> String Profile Name
bgp_groups:

    # Group Name
  - name: <str; required; unique>
    vrf: <str>
    neighbors:
      - <str>
    bgp_maintenance_profiles:

        # Profile Name
      - <str>

Interface groups

Variable Type Required Default Value Restrictions Description
interface_groups List, items: Dictionary
  - name String Required, Unique Interface-Group name
    interfaces List, items: String
      - <str> String Interface Name
    bgp_maintenance_profiles List, items: String
      - <str> String Name of BGP Maintenance Profile
    interface_maintenance_profiles List, items: String
      - <str> String Name of Interface Maintenance Profile
interface_groups:

    # Interface-Group name
  - name: <str; required; unique>
    interfaces:

        # Interface Name
      - <str>
    bgp_maintenance_profiles:

        # Name of BGP Maintenance Profile
      - <str>
    interface_maintenance_profiles:

        # Name of Interface Maintenance Profile
      - <str>

Maintenance

Variable Type Required Default Value Restrictions Description
maintenance Dictionary
  default_interface_profile String Name of default Interface Profile
  default_bgp_profile String Name of default BGP Profile
  default_unit_profile String Name of default Unit Profile
  interface_profiles List, items: Dictionary
    - name String Required, Unique
      rate_monitoring Dictionary
        load_interval Integer Load Interval in Seconds
        threshold Integer Threshold in kbps
      shutdown Dictionary
        max_delay Integer Max delay in seconds
  bgp_profiles List, items: Dictionary
    - name String Required, Unique BGP Profile Name
      initiator Dictionary
        route_map_inout String Route Map
  unit_profiles List, items: Dictionary
    - name String Required, Unique Unit Profile Name
      on_boot Dictionary
        duration Integer Min: 300
Max: 3600
On-boot in seconds
  units List, items: Dictionary
    - name String Required, Unique Unit Name
      quiesce Boolean
      profile String Name of Unit Profile
      groups Dictionary
        bgp_groups List, items: String
          - <str> String Name of BGP Group
        interface_groups List, items: String
          - <str> String Name of Interface Group
maintenance:

  # Name of default Interface Profile
  default_interface_profile: <str>

  # Name of default BGP Profile
  default_bgp_profile: <str>

  # Name of default Unit Profile
  default_unit_profile: <str>
  interface_profiles:
    - name: <str; required; unique>
      rate_monitoring:

        # Load Interval in Seconds
        load_interval: <int>

        # Threshold in kbps
        threshold: <int>
      shutdown:

        # Max delay in seconds
        max_delay: <int>
  bgp_profiles:

      # BGP Profile Name
    - name: <str; required; unique>
      initiator:

        # Route Map
        route_map_inout: <str>
  unit_profiles:

      # Unit Profile Name
    - name: <str; required; unique>
      on_boot:

        # On-boot in seconds
        duration: <int; 300-3600>
  units:

      # Unit Name
    - name: <str; required; unique>
      quiesce: <bool>

      # Name of Unit Profile
      profile: <str>
      groups:
        bgp_groups:

            # Name of BGP Group
          - <str>
        interface_groups:

            # Name of Interface Group
          - <str>

Management

Aliases

Variable Type Required Default Value Restrictions Description
aliases String Multi-line string with one or more alias commands.

Example:

yaml<br>aliases: |<br> alias wr copy running-config startup-config<br> alias siib show ip interface brief<br>
# Multi-line string with one or more alias commands.

# Example:

# ```yaml
# aliases: |
#   alias wr copy running-config startup-config
#   alias siib show ip interface brief
# ```
aliases: <str>

Banners

Variable Type Required Default Value Restrictions Description
banners Dictionary
  login String Multiline string ending with EOF on the last line
  motd String Multiline string ending with EOF on the last line
banners:

  # Multiline string ending with EOF on the last line
  login: <str>

  # Multiline string ending with EOF on the last line
  motd: <str>

Boot

Variable Type Required Default Value Restrictions Description
boot Dictionary Set the Aboot password
  secret Dictionary
    hash_algorithm String sha512 Valid Values:
- md5
- sha512
    key String Hashed Password
# Set the Aboot password
boot:
  secret:
    hash_algorithm: <str; "md5" | "sha512"; default="sha512">

    # Hashed Password
    key: <str>

Clock

Variable Type Required Default Value Restrictions Description
clock Dictionary
  timezone String
clock:
  timezone: <str>

DNS domain

Variable Type Required Default Value Restrictions Description
dns_domain String Domain Name
# Domain Name
dns_domain: <str>

Domain-list

Variable Type Required Default Value Restrictions Description
domain_list List, items: String Search list of DNS domains
  - <str> String Domain name
# Search list of DNS domains
domain_list:

    # Domain name
  - <str>

Hostname

Variable Type Required Default Value Restrictions Description
hostname String
hostname: <str>

IP domain lookup

Variable Type Required Default Value Restrictions Description
ip_domain_lookup Dictionary
  source_interfaces List, items: Dictionary
    - name String Required, Unique Source Interface
      vrf String
ip_domain_lookup:
  source_interfaces:

      # Source Interface
    - name: <str; required; unique>
      vrf: <str>

IP HTTP client source-interfaces

Variable Type Required Default Value Restrictions Description
ip_http_client_source_interfaces List, items: Dictionary
  - name String Interface Name
    vrf String
ip_http_client_source_interfaces:

    # Interface Name
  - name: <str>
    vrf: <str>

IP name servers

Variable Type Required Default Value Restrictions Description
ip_name_servers List, items: Dictionary
  - ip_address String IPv4 or IPv6 address for DNS server
    vrf String VRF Name
    priority Integer Min: 0
Max: 4
Priority value (lower is first)
ip_name_servers:

    # IPv4 or IPv6 address for DNS server
  - ip_address: <str>

    # VRF Name
    vrf: <str>

    # Priority value (lower is first)
    priority: <int; 0-4>

IP SSH client source-interfaces

Variable Type Required Default Value Restrictions Description
ip_ssh_client_source_interfaces List, items: Dictionary
  - name String Interface Name
    vrf String default
ip_ssh_client_source_interfaces:

    # Interface Name
  - name: <str>
    vrf: <str; default="default">

Management accounts

Variable Type Required Default Value Restrictions Description
management_accounts Dictionary
  password Dictionary
    policy String
management_accounts:
  password:
    policy: <str>

Management API HTTP

Variable Type Required Default Value Restrictions Description
management_api_http Dictionary
  enable_http Boolean
  enable_https Boolean
  https_ssl_profile String SSL Profile Name
  default_services Boolean Enable default services: capi-doc and tapagg
  enable_vrfs List, items: Dictionary
    - name String Required, Unique VRF Name
      access_group String Standard IPv4 ACL name
      ipv6_access_group String Standard IPv6 ACL name
  protocol_https_certificate Dictionary
    certificate String Name of certificate; private key must also be specified
    private_key String Name of private key; certificate must also be specified
management_api_http:
  enable_http: <bool>
  enable_https: <bool>

  # SSL Profile Name
  https_ssl_profile: <str>

  # Enable default services: capi-doc and tapagg
  default_services: <bool>
  enable_vrfs:

      # VRF Name
    - name: <str; required; unique>

      # Standard IPv4 ACL name
      access_group: <str>

      # Standard IPv6 ACL name
      ipv6_access_group: <str>
  protocol_https_certificate:

    # Name of certificate; private key must also be specified
    certificate: <str>

    # Name of private key; certificate must also be specified
    private_key: <str>

Management API models

Variable Type Required Default Value Restrictions Description
management_api_models Dictionary
  providers List, items: Dictionary
    - name String Valid Values:
- sysdb
- smash
      paths List, items: Dictionary
        - path String
          disabled Boolean False
management_api_models:
  providers:
    - name: <str; "sysdb" | "smash">
      paths:
        - path: <str>
          disabled: <bool; default=False>

Management console

Variable Type Required Default Value Restrictions Description
management_console Dictionary
  idle_timeout Integer Min: 0
Max: 86400
management_console:
  idle_timeout: <int; 0-86400>

Management defaults

Variable Type Required Default Value Restrictions Description
management_defaults Dictionary
  secret Dictionary
    hash String Valid Values:
- md5
- sha512
management_defaults:
  secret:
    hash: <str; "md5" | "sha512">

Management security

Variable Type Required Default Value Restrictions Description
management_security Dictionary
  entropy_source String
  password Dictionary
    minimum_length Integer Min: 1
Max: 32
    encryption_key_common Boolean
    encryption_reversible String
    policies List, items: Dictionary
      - name String Required, Unique
        minimum Dictionary
          digits Integer Min: 1
Max: 65535
          length Integer Min: 1
Max: 65535
          lower Integer Min: 1
Max: 65535
          special Integer Min: 1
Max: 65535
          upper Integer Min: 1
Max: 65535
        maximum Dictionary
          repetitive Integer Min: 1
Max: 65535
          sequential Integer Min: 1
Max: 65535
  ssl_profiles List, items: Dictionary
    - name String
      tls_versions String List of allowed TLS versions as string
Examples:
- “1.0”
- “1.0 1.1”
      cipher_list String cipher_list syntax follows the openssl cipher strings format.
Colon (:) separated list of allowed ciphers as a string
      trust_certificate Dictionary
        certificates List, items: String List of trust certificate names
Examples:
- test1.crt
- test2.crt
          - <str> String
        requirement Dictionary
          basic_constraint_ca Boolean
          hostname_fqdn Boolean Enforce hostname to be FQDN without wildcard.
        policy_expiry_date_ignore Boolean
        system Boolean Use system-supplied trust certificates.
      chain_certificate Dictionary
        certificates List, items: String List of chain certificate names
Examples:
- chain1.crt
- chain2.crt
          - <str> String
        requirement Dictionary
          basic_constraint_ca Boolean
          include_root_ca Boolean
      certificate Dictionary
        file String
        key String
      certificate_revocation_lists List, items: String List of CRLs (Certificate Revocation List).
If specified, one CRL needs to be provided for every certificate in the chain, even if the revocation list in the CRL is empty.
        - <str> String
management_security:
  entropy_source: <str>
  password:
    minimum_length: <int; 1-32>
    encryption_key_common: <bool>
    encryption_reversible: <str>
    policies:
      - name: <str; required; unique>
        minimum:
          digits: <int; 1-65535>
          length: <int; 1-65535>
          lower: <int; 1-65535>
          special: <int; 1-65535>
          upper: <int; 1-65535>
        maximum:
          repetitive: <int; 1-65535>
          sequential: <int; 1-65535>
  ssl_profiles:
    - name: <str>

      # List of allowed TLS versions as string
      # Examples:
      #   - "1.0"
      #   - "1.0 1.1"
      tls_versions: <str>

      # cipher_list syntax follows the openssl cipher strings format.
      # Colon (:) separated list of allowed ciphers as a string
      cipher_list: <str>
      trust_certificate:

        # List of trust certificate names
        # Examples:
        #   - test1.crt
        #   - test2.crt
        certificates:
          - <str>
        requirement:
          basic_constraint_ca: <bool>

          # Enforce hostname to be FQDN without wildcard.
          hostname_fqdn: <bool>
        policy_expiry_date_ignore: <bool>

        # Use system-supplied trust certificates.
        system: <bool>
      chain_certificate:

        # List of chain certificate names
        # Examples:
        #   - chain1.crt
        #   - chain2.crt
        certificates:
          - <str>
        requirement:
          basic_constraint_ca: <bool>
          include_root_ca: <bool>
      certificate:
        file: <str>
        key: <str>

      # List of CRLs (Certificate Revocation List).
      # If specified, one CRL needs to be provided for every certificate in the chain, even if the revocation list in the CRL is empty.
      certificate_revocation_lists:
        - <str>

Management SSH

Variable Type Required Default Value Restrictions Description
management_ssh Dictionary
  access_groups List, items: Dictionary
    - name String Standard ACL Name
      vrf String VRF Name
  ipv6_access_groups List, items: Dictionary
    - name String Standard ACL Name
      vrf String VRF Name
  idle_timeout Integer Min: 0
Max: 86400
Idle timeout in minutes
  cipher List, items: String Cryptographic ciphers for SSH to use
    - <str> String
  key_exchange List, items: String Cryptographic key exchange methods for SSH to use
    - <str> String
  mac List, items: String Cryptographic MAC algorithms for SSH to use
    - <str> String
  hostkey Dictionary
    server List, items: String SSH host key settings
      - <str> String
  enable Boolean Enable SSH daemon
  connection Dictionary
    limit Integer Min: 1
Max: 100
Maximum total number of SSH sessions to device
    per_host Integer Min: 1
Max: 20
Maximum number of SSH sessions to device from a single host
  vrfs List, items: Dictionary
    - name String Required, Unique VRF Name
      enable Boolean Enable SSH in VRF
  log_level String SSH daemon log level
  client_alive Dictionary
    count_max Integer Min: 1
Max: 1000
Number of keep-alive packets that can be sent without a response before the connection is assumed dead.
    interval Integer Min: 1
Max: 1000
Time period (in seconds) to send SSH keep-alive packets.
management_ssh:
  access_groups:

      # Standard ACL Name
    - name: <str>

      # VRF Name
      vrf: <str>
  ipv6_access_groups:

      # Standard ACL Name
    - name: <str>

      # VRF Name
      vrf: <str>

  # Idle timeout in minutes
  idle_timeout: <int; 0-86400>

  # Cryptographic ciphers for SSH to use
  cipher:
    - <str>

  # Cryptographic key exchange methods for SSH to use
  key_exchange:
    - <str>

  # Cryptographic MAC algorithms for SSH to use
  mac:
    - <str>
  hostkey:

    # SSH host key settings
    server:
      - <str>

  # Enable SSH daemon
  enable: <bool>
  connection:

    # Maximum total number of SSH sessions to device
    limit: <int; 1-100>

    # Maximum number of SSH sessions to device from a single host
    per_host: <int; 1-20>
  vrfs:

      # VRF Name
    - name: <str; required; unique>

      # Enable SSH in VRF
      enable: <bool>

  # SSH daemon log level
  log_level: <str>
  client_alive:

    # Number of keep-alive packets that can be sent without a response before the connection is assumed dead.
    count_max: <int; 1-1000>

    # Time period (in seconds) to send SSH keep-alive packets.
    interval: <int; 1-1000>

Management tech-support

Variable Type Required Default Value Restrictions Description
management_tech_support Dictionary
  policy_show_tech_support Dictionary
    exclude_commands List, items: Dictionary
      - command String Command to exclude from tech-support
        type String text Valid Values:
- text
- json
The supported values for type are platform dependent.
    include_commands List, items: Dictionary
      - command String Command to include in tech-support
management_tech_support:
  policy_show_tech_support:
    exclude_commands:

        # Command to exclude from tech-support
      - command: <str>

        # The supported values for type are platform dependent.
        type: <str; "text" | "json"; default="text">
    include_commands:

        # Command to include in tech-support
      - command: <str>

Name server

Variable Type Required Default Value Restrictions Description
name_server deprecated Dictionary This key is deprecated. Support will be removed in AVD version v5.0.0. Use ip_name_servers instead.
  source Dictionary
    vrf String VRF Name
  nodes List, items: String
    - <str> String
# This key is deprecated.
# Support will be removed in AVD version v5.0.0.
# Use <samp>ip_name_servers</samp> instead.
name_server:
  source:

    # VRF Name
    vrf: <str>
  nodes:
    - <str>

NTP

Variable Type Required Default Value Restrictions Description
ntp Dictionary
  local_interface Dictionary
    name String Source interface
    vrf String VRF name
  servers List, items: Dictionary
    - name String IP or hostname e.g., 2.2.2.55, ie.pool.ntp.org
      burst Boolean
      iburst Boolean
      key Integer Min: 1
Max: 65535
      local_interface String Source interface
      maxpoll Integer Min: 3
Max: 17
Value of maxpoll between 3 - 17 (Logarithmic)
      minpoll Integer Min: 3
Max: 17
Value of minpoll between 3 - 17 (Logarithmic)
      preferred Boolean
      version Integer Min: 1
Max: 4
      vrf String VRF name
  authenticate Boolean
  authenticate_servers_only Boolean
  authentication_keys List, items: Dictionary
    - id Integer Required, Unique Min: 1
Max: 65534
Key identifier
      hash_algorithm String Valid Values:
- md5
- sha1
      key String Obfuscated key
      key_type String Valid Values:
- 0
- 7
- 8a
  trusted_keys String List of trusted-keys as string ex. 10-12,15
ntp:
  local_interface:

    # Source interface
    name: <str>

    # VRF name
    vrf: <str>
  servers:

      # IP or hostname e.g., 2.2.2.55, ie.pool.ntp.org
    - name: <str>
      burst: <bool>
      iburst: <bool>
      key: <int; 1-65535>

      # Source interface
      local_interface: <str>

      # Value of maxpoll between 3 - 17 (Logarithmic)
      maxpoll: <int; 3-17>

      # Value of minpoll between 3 - 17 (Logarithmic)
      minpoll: <int; 3-17>
      preferred: <bool>
      version: <int; 1-4>

      # VRF name
      vrf: <str>
  authenticate: <bool>
  authenticate_servers_only: <bool>
  authentication_keys:

      # Key identifier
    - id: <int; 1-65534; required; unique>
      hash_algorithm: <str; "md5" | "sha1">

      # Obfuscated key
      key: <str>
      key_type: <str; "0" | "7" | "8a">

  # List of trusted-keys as string ex. 10-12,15
  trusted_keys: <str>

Prompt

Variable Type Required Default Value Restrictions Description
prompt String
prompt: <str>

Terminal

Variable Type Required Default Value Restrictions Description
terminal Dictionary
  length Integer Min: 0
Max: 32767
  width Integer Min: 10
Max: 32767
terminal:
  length: <int; 0-32767>
  width: <int; 10-32767>

Virtual source NAT VRFs

Variable Type Required Default Value Restrictions Description
virtual_source_nat_vrfs List, items: Dictionary
  - name String Required, Unique VRF Name
    ip_address String IPv4 Address
virtual_source_nat_vrfs:

    # VRF Name
  - name: <str; required; unique>

    # IPv4 Address
    ip_address: <str>

Miscellaneous

CVX

Variable Type Required Default Value Restrictions Description
cvx Dictionary CVX server features are not supported on physical switches. See management_cvx for client configurations.
  shutdown Boolean
  peer_hosts List, items: String
    - <str> String IP address or hostname
  services Dictionary
    mcs Dictionary
      redis Dictionary
        password String Hashed password using the password_type
        password_type String 7 Valid Values:
- 0
- 7
- 8a
      shutdown Boolean
    vxlan Dictionary VXLAN Controller service
      shutdown Boolean
      vtep_mac_learning String Valid Values:
- control-plane
- data-plane
# CVX server features are not supported on physical switches. See `management_cvx` for client configurations.
cvx:
  shutdown: <bool>
  peer_hosts:

      # IP address or hostname
    - <str>
  services:
    mcs:
      redis:

        # Hashed password using the password_type
        password: <str>
        password_type: <str; "0" | "7" | "8a"; default="7">
      shutdown: <bool>

    # VXLAN Controller service
    vxlan:
      shutdown: <bool>
      vtep_mac_learning: <str; "control-plane" | "data-plane">

EOS cli

Variable Type Required Default Value Restrictions Description
eos_cli String Multiline string with EOS CLI rendered directly on the root level of the final EOS configuration
# Multiline string with EOS CLI rendered directly on the root level of the final EOS configuration
eos_cli: <str>

Is deployed

Variable Type Required Default Value Restrictions Description
is_deployed Boolean True Key only used for documentation or validation purposes
# Key only used for documentation or validation purposes
is_deployed: <bool; default=True>

Management CVX

Variable Type Required Default Value Restrictions Description
management_cvx Dictionary
  shutdown Boolean
  server_hosts List, items: String
    - <str> String IP or hostname
  source_interface String Interface name
  vrf String VRF Name
management_cvx:
  shutdown: <bool>
  server_hosts:

      # IP or hostname
    - <str>

  # Interface name
  source_interface: <str>

  # VRF Name
  vrf: <str>

MCS client

Variable Type Required Default Value Restrictions Description
mcs_client Dictionary
  shutdown Boolean
  cvx_secondary Dictionary
    name String
    shutdown Boolean
    server_hosts List, items: String
      - <str> String IP or hostname
mcs_client:
  shutdown: <bool>
  cvx_secondary:
    name: <str>
    shutdown: <bool>
    server_hosts:

        # IP or hostname
      - <str>

Monitoring

Daemons

Variable Type Required Default Value Restrictions Description
daemons List, items: Dictionary This will add a daemon to the eos configuration that is most useful when trying to run OpenConfig clients like ocprometheus.
  - name String Required, Unique Daemon Name
    exec String Required command to run as a daemon
    enabled Boolean True
# This will add a daemon to the eos configuration that is most useful when trying to run OpenConfig clients like ocprometheus.
daemons:

    # Daemon Name
  - name: <str; required; unique>

    # command to run as a daemon
    exec: <str; required>
    enabled: <bool; default=True>

Daemon terminattr

Variable Type Required Default Value Restrictions Description
daemon_terminattr Dictionary You can either provide a list of IPs/FQDNs to target on-premise Cloudvision cluster or use DNS name for your Cloudvision as a Service instance.
Streaming to multiple clusters both on-prem and cloud service is supported.

!!! note
For TerminAttr version recommendation and EOS compatibility matrix, please refer to the latest TerminAttr Release Notes
which always contain the latest recommended versions and minimum required versions per EOS release.
  cvaddrs List, items: String Streaming address(es) for CloudVision single cluster
- TCP 9910 is used for CV on-prem
- TCP 443 is used for CV as a Service
    - <str> String Server address in the format <ip/fqdn>:<port>
  clusters List, items: Dictionary Multiple CloudVision clusters
    - name String Required, Unique Cluster Name
      cvaddrs List, items: String Streaming address(es) for CloudVision cluster
- TCP 9910 is used for CV on-prem
- TCP 443 is used for CV as a Service
        - <str> String Server address in the format <ip/fqdn>:<port>
      cvauth Dictionary Authentication scheme used to connect to CloudVision
        method String Valid Values:
- token
- token-secure
- key
- certs
        key String
        token_file String Token file path
e.g. “/tmp/token”
        cert_file String Client certificate file path
e.g. “/persist/secure/ssl/terminattr/primary/certs/client.crt”
        ca_file String CA certificate file path (on-prem only)
e.g. “/persist/secure/ssl/terminattr/primary/certs/ca.crt”
        key_file String Client certificate key file path
e.g. “/persist/secure/ssl/terminattr/primary/keys/client.key”
      cvobscurekeyfile Boolean Encrypt the private key used for authentication to CloudVision
      cvproxy String Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
The expected form is http://[user:password@]ip:port, e.g.: http://arista:arista@10.83.12.78:3128. Available as of TerminAttr v1.13.0
      cvsourceip String Set source IP address in case of in-band managament
      cvsourceintf String Set source interface in case of in-band managament. Available as of TerminAttr v1.23.0
      cvvrf String The VRF to use to connect to CloudVision
  cvauth Dictionary Authentication scheme used to connect to CloudVision
    method String Valid Values:
- token
- token-secure
- key
- certs
    key String
    token_file String Token file path
e.g. “/tmp/token”
    cert_file String Client certificate file path
e.g. “/persist/secure/ssl/terminattr/primary/certs/client.crt”
    ca_file String CA certificate file path (on-prem only)
e.g. “/persist/secure/ssl/terminattr/primary/certs/ca.crt”
    key_file String Client certificate key file path
e.g. “/persist/secure/ssl/terminattr/primary/keys/client.key”
  cvobscurekeyfile Boolean Encrypt the private key used for authentication to CloudVision
  cvproxy String Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
The expected form is http://[user:password@]ip:port, e.g.: http://arista:arista@10.83.12.78:3128. Available as of TerminAttr v1.13.0
  cvsourceip String Set source IP address in case of in-band managament
  cvsourceintf String Set source interface in case of in-band managament
  cvvrf String The VRF to use to connect to CloudVision
  cvgnmi Boolean Stream states from EOS gNMI servers (Openconfig) to CloudVision. Available as of TerminAttr v1.13.1
  disable_aaa Boolean Disable AAA authorization and accounting.
When setting this flag, all commands pushed from CloudVision are applied directly to the CLI without authorization
  grpcaddr String Set the gRPC server address, the default is 127.0.0.1:6042
e.g. “MGMT/0.0.0.0:6042”
  grpcreadonly Boolean gNMI read-only mode - Disable gnmi.Set()
  ingestexclude String Exclude paths from Sysdb on the ingest side.
e.g. “/Sysdb/cell/1/agent,/Sysdb/cell/2/agent”
  smashexcludes String Exclude paths from the shared memory table.
e.g. “ale,flexCounter,hardware,kni,pulse,strata”
  taillogs String Enable log file collection; /var/log/messages is streamed by default if no path is set.
e.g. “/var/log/messages”
  ecodhcpaddr String ECO DHCP Collector address or ECO DHCP Fingerprint listening address in standalone mode (default “127.0.0.1:67”)
  ipfix Boolean Enable IPFIX provider (TerminAttr default is true).
This flag is enabled by default and does not have to be added to the daemon configuration.
  ipfixaddr String ECO IPFIX Collector address to listen on to receive IPFIX packets (TerminAttr default “127.0.0.1:4739”).
  sflow Boolean Enable sFlow provider (TerminAttr default is true).
  sflowaddr String ECO sFlow Collector address to listen on to receive sFlow packets (TerminAttr default “127.0.0.1:6343”).
  cvconfig Boolean Subscribe to dynamic device configuration from CloudVision (TerminAttr default is false).
  cvcompression deprecated String The default compression scheme when streaming to CloudVision is gzip since TerminAttr 1.6.1 and CVP 2019.1.0.
There is no need to change the compression scheme.This key is deprecated. Support will be removed in AVD version v5.0.0.
# You can either provide a list of IPs/FQDNs to target on-premise Cloudvision cluster or use DNS name for your Cloudvision as a Service instance.
# Streaming to multiple clusters both on-prem and cloud service is supported.

# !!! note
#     For TerminAttr version recommendation and EOS compatibility matrix, please refer to the latest TerminAttr Release Notes
#     which always contain the latest recommended versions and minimum required versions per EOS release.
daemon_terminattr:

  # Streaming address(es) for CloudVision single cluster
  # - TCP 9910 is used for CV on-prem
  # - TCP 443 is used for CV as a Service
  cvaddrs:

      # Server address in the format `<ip/fqdn>:<port>`
    - <str>

  # Multiple CloudVision clusters
  clusters:

      # Cluster Name
    - name: <str; required; unique>

      # Streaming address(es) for CloudVision cluster
      # - TCP 9910 is used for CV on-prem
      # - TCP 443 is used for CV as a Service
      cvaddrs:

          # Server address in the format `<ip/fqdn>:<port>`
        - <str>

      # Authentication scheme used to connect to CloudVision
      cvauth:
        method: <str; "token" | "token-secure" | "key" | "certs">
        key: <str>

        # Token file path
        # e.g. "/tmp/token"
        token_file: <str>

        # Client certificate file path
        # e.g. "/persist/secure/ssl/terminattr/primary/certs/client.crt"
        cert_file: <str>

        # CA certificate file path (on-prem only)
        # e.g. "/persist/secure/ssl/terminattr/primary/certs/ca.crt"
        ca_file: <str>

        # Client certificate key file path
        # e.g. "/persist/secure/ssl/terminattr/primary/keys/client.key"
        key_file: <str>

      # Encrypt the private key used for authentication to CloudVision
      cvobscurekeyfile: <bool>

      # Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
      # The expected form is http://[user:password@]ip:port, e.g.: `http://arista:arista@10.83.12.78:3128`. Available as of TerminAttr v1.13.0
      cvproxy: <str>

      # Set source IP address in case of in-band managament
      cvsourceip: <str>

      # Set source interface in case of in-band managament. Available as of TerminAttr v1.23.0
      cvsourceintf: <str>

      # The VRF to use to connect to CloudVision
      cvvrf: <str>

  # Authentication scheme used to connect to CloudVision
  cvauth:
    method: <str; "token" | "token-secure" | "key" | "certs">
    key: <str>

    # Token file path
    # e.g. "/tmp/token"
    token_file: <str>

    # Client certificate file path
    # e.g. "/persist/secure/ssl/terminattr/primary/certs/client.crt"
    cert_file: <str>

    # CA certificate file path (on-prem only)
    # e.g. "/persist/secure/ssl/terminattr/primary/certs/ca.crt"
    ca_file: <str>

    # Client certificate key file path
    # e.g. "/persist/secure/ssl/terminattr/primary/keys/client.key"
    key_file: <str>

  # Encrypt the private key used for authentication to CloudVision
  cvobscurekeyfile: <bool>

  # Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
  # The expected form is http://[user:password@]ip:port, e.g.: `http://arista:arista@10.83.12.78:3128`. Available as of TerminAttr v1.13.0
  cvproxy: <str>

  # Set source IP address in case of in-band managament
  cvsourceip: <str>

  # Set source interface in case of in-band managament
  cvsourceintf: <str>

  # The VRF to use to connect to CloudVision
  cvvrf: <str>

  # Stream states from EOS gNMI servers (Openconfig) to CloudVision. Available as of TerminAttr v1.13.1
  cvgnmi: <bool>

  # Disable AAA authorization and accounting.
  # When setting this flag, all commands pushed from CloudVision are applied directly to the CLI without authorization
  disable_aaa: <bool>

  # Set the gRPC server address, the default is 127.0.0.1:6042
  # e.g. "MGMT/0.0.0.0:6042"
  grpcaddr: <str>

  # gNMI read-only mode - Disable gnmi.Set()
  grpcreadonly: <bool>

  # Exclude paths from Sysdb on the ingest side.
  # e.g. "/Sysdb/cell/1/agent,/Sysdb/cell/2/agent"
  ingestexclude: <str>

  # Exclude paths from the shared memory table.
  # e.g. "ale,flexCounter,hardware,kni,pulse,strata"
  smashexcludes: <str>

  # Enable log file collection; /var/log/messages is streamed by default if no path is set.
  # e.g. "/var/log/messages"
  taillogs: <str>

  # ECO DHCP Collector address or ECO DHCP Fingerprint listening address in standalone mode (default "127.0.0.1:67")
  ecodhcpaddr: <str>

  # Enable IPFIX provider (TerminAttr default is true).
  # This flag is enabled by default and does not have to be added to the daemon configuration.
  ipfix: <bool>

  # ECO IPFIX Collector address to listen on to receive IPFIX packets (TerminAttr default "127.0.0.1:4739").
  ipfixaddr: <str>

  # Enable sFlow provider (TerminAttr default is true).
  sflow: <bool>

  # ECO sFlow Collector address to listen on to receive sFlow packets (TerminAttr default "127.0.0.1:6343").
  sflowaddr: <str>

  # Subscribe to dynamic device configuration from CloudVision (TerminAttr default is false).
  cvconfig: <bool>

  # The default compression scheme when streaming to CloudVision is gzip since TerminAttr 1.6.1 and CVP 2019.1.0.
  # There is no need to change the compression scheme.
  # This key is deprecated.
  # Support will be removed in AVD version v5.0.0.
  cvcompression: <str>

Event handlers

Variable Type Required Default Value Restrictions Description
event_handlers List, items: Dictionary Gives the ability to monitor and react to Syslog messages.
Event Handlers provide a powerful and flexible tool that can be used to apply self-healing actions,
customize the system behavior, and implement workarounds to problems discovered in the field.
  - name String Required, Unique Event Handler Name
    action_type String Valid Values:
- bash
- increment
- log
    action String Command to execute
    delay Integer Event-handler delay in seconds
    trigger String Valid Values:
- on-boot
- on-logging
- on-startup-config
Configure event trigger condition.
    regex String Regular expression to use for searching log messages. Required for on-logging trigger
    asynchronous Boolean False Set the action to be non-blocking.
# Gives the ability to monitor and react to Syslog messages.
# Event Handlers provide a powerful and flexible tool that can be used to apply self-healing actions,
# customize the system behavior, and implement workarounds to problems discovered in the field.
event_handlers:

    # Event Handler Name
  - name: <str; required; unique>
    action_type: <str; "bash" | "increment" | "log">

    # Command to execute
    action: <str>

    # Event-handler delay in seconds
    delay: <int>

    # Configure event trigger condition.
    trigger: <str; "on-boot" | "on-logging" | "on-startup-config">

    # Regular expression to use for searching log messages. Required for on-logging trigger
    regex: <str>

    # Set the action to be non-blocking.
    asynchronous: <bool; default=False>

Event monitor

Variable Type Required Default Value Restrictions Description
event_monitor Dictionary
  enabled Boolean
event_monitor:
  enabled: <bool>

Flow tracking

Variable Type Required Default Value Restrictions Description
flow_tracking Dictionary
  sampled Dictionary
    sample Integer Min: 1
Max: 4294967295
    hardware_offload Dictionary
      ipv4 Boolean Configure hardware offload for IPv4 traffic.
      ipv6 Boolean Configure hardware offload for IPv6 traffic.
      threshold_minimum Integer Min: 1
Max: 4294967295
Minimum number of samples.
    trackers List, items: Dictionary
      - table_size Integer Min: 1
Max: 614400
Maximum number of entries in flow table.
        record_export Dictionary
          mpls Boolean Export MPLS forwarding information
          on_inactive_timeout Integer Min: 3000
Max: 900000
Flow record inactive export timeout in milliseconds
          on_interval Integer Min: 1000
Max: 36000000
Flow record export interval in milliseconds
        name String Required, Unique Tracker Name
        exporters List, items: Dictionary
          - name String Required, Unique Exporter Name
            collector Dictionary
              host String Collector IPv4 address or IPv6 address or fully qualified domain name
              port Integer Min: 1
Max: 65535
Collector Port Number
            format Dictionary
              ipfix_version Integer
            local_interface String Local Source Interface
            template_interval Integer Min: 5000
Max: 3600000
Template interval in milliseconds
    shutdown Boolean False
  hardware Dictionary
    trackers List, items: Dictionary
      - name String Required, Unique Tracker Name
        record_export Dictionary
          on_inactive_timeout Integer Min: 3000
Max: 900000
Flow record inactive export timeout in milliseconds
          on_interval Integer Min: 1000
Max: 36000000
Flow record export interval in milliseconds
        exporters List, items: Dictionary
          - name String Required, Unique Exporter Name
            collector Dictionary
              host String Collector IPv4 address or IPv6 address or fully qualified domain name
              port Integer Min: 1
Max: 65535
Collector Port Number
            format Dictionary
              ipfix_version Integer
            local_interface String Local Source Interface
            template_interval Integer Min: 5000
Max: 3600000
Template interval in milliseconds
    shutdown Boolean False
flow_trackings deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version v5.0.0. Use flow_tracking instead.
  - type String Required, Unique Valid Values:
- sampled
Flow Tracking Type - only ‘sampled’ supported for now
    sample Integer Min: 1
Max: 4294967295
    trackers List, items: Dictionary
      - name String Required, Unique Tracker Name
        record_export Dictionary
          on_inactive_timeout Integer Min: 3000
Max: 900000
Flow record inactive export timeout in milliseconds
          on_interval Integer Min: 1000
Max: 36000000
Flow record export interval in milliseconds
          mpls Boolean Export MPLS forwarding information
        exporters List, items: Dictionary
          - name String Required, Unique Exporter Name
            collector Dictionary
              host String Collector IPv4 address or IPv6 address or fully qualified domain name
              port Integer Min: 1
Max: 65535
Collector Port Number
            format Dictionary
              ipfix_version Integer
            local_interface String Local Source Interface
            template_interval Integer Min: 5000
Max: 3600000
Template interval in milliseconds
        table_size Integer Min: 1
Max: 614400
Maximum number of entries in flow table.
    shutdown Boolean False
flow_tracking:
  sampled:
    sample: <int; 1-4294967295>
    hardware_offload:

      # Configure hardware offload for IPv4 traffic.
      ipv4: <bool>

      # Configure hardware offload for IPv6 traffic.
      ipv6: <bool>

      # Minimum number of samples.
      threshold_minimum: <int; 1-4294967295>
    trackers:

        # Maximum number of entries in flow table.
      - table_size: <int; 1-614400>
        record_export:

          # Export MPLS forwarding information
          mpls: <bool>

          # Flow record inactive export timeout in milliseconds
          on_inactive_timeout: <int; 3000-900000>

          # Flow record export interval in milliseconds
          on_interval: <int; 1000-36000000>

        # Tracker Name
        name: <str; required; unique>
        exporters:

            # Exporter Name
          - name: <str; required; unique>
            collector:

              # Collector IPv4 address or IPv6 address or fully qualified domain name
              host: <str>

              # Collector Port Number
              port: <int; 1-65535>
            format:
              ipfix_version: <int>

            # Local Source Interface
            local_interface: <str>

            # Template interval in milliseconds
            template_interval: <int; 5000-3600000>
    shutdown: <bool; default=False>
  hardware:
    trackers:

        # Tracker Name
      - name: <str; required; unique>
        record_export:

          # Flow record inactive export timeout in milliseconds
          on_inactive_timeout: <int; 3000-900000>

          # Flow record export interval in milliseconds
          on_interval: <int; 1000-36000000>
        exporters:

            # Exporter Name
          - name: <str; required; unique>
            collector:

              # Collector IPv4 address or IPv6 address or fully qualified domain name
              host: <str>

              # Collector Port Number
              port: <int; 1-65535>
            format:
              ipfix_version: <int>

            # Local Source Interface
            local_interface: <str>

            # Template interval in milliseconds
            template_interval: <int; 5000-3600000>
    shutdown: <bool; default=False>
# This key is deprecated.
# Support will be removed in AVD version v5.0.0.
# Use <samp>flow_tracking</samp> instead.
flow_trackings:

    # Flow Tracking Type - only 'sampled' supported for now
  - type: <str; "sampled"; required; unique>
    sample: <int; 1-4294967295>
    trackers:

        # Tracker Name
      - name: <str; required; unique>
        record_export:

          # Flow record inactive export timeout in milliseconds
          on_inactive_timeout: <int; 3000-900000>

          # Flow record export interval in milliseconds
          on_interval: <int; 1000-36000000>

          # Export MPLS forwarding information
          mpls: <bool>
        exporters:

            # Exporter Name
          - name: <str; required; unique>
            collector:

              # Collector IPv4 address or IPv6 address or fully qualified domain name
              host: <str>

              # Collector Port Number
              port: <int; 1-65535>
            format:
              ipfix_version: <int>

            # Local Source Interface
            local_interface: <str>

            # Template interval in milliseconds
            template_interval: <int; 5000-3600000>

        # Maximum number of entries in flow table.
        table_size: <int; 1-614400>
    shutdown: <bool; default=False>

Load interval

Variable Type Required Default Value Restrictions Description
load_interval Dictionary
  default Integer Default load interval in seconds
load_interval:

  # Default load interval in seconds
  default: <int>

Logging

Variable Type Required Default Value Restrictions Description
logging Dictionary
  console String Valid Values:
- debugging
- informational
- notifications
- warnings
- errors
- critical
- alerts
- emergencies
- disabled
Console logging severity level
  monitor String Valid Values:
- debugging
- informational
- notifications
- warnings
- errors
- critical
- alerts
- emergencies
- disabled
Monitor logging severity level
  buffered Dictionary
    size Integer Min: 10
Max: 2147483647
    level String Valid Values:
- alerts
- critical
- debugging
- emergencies
- errors
- informational
- notifications
- warnings
- disabled
Buffer logging severity level
  trap String Valid Values:
- alerts
- critical
- debugging
- emergencies
- errors
- informational
- notifications
- system
- warnings
- disabled
Trap logging severity level
  synchronous Dictionary
    level String critical Valid Values:
- alerts
- all
- critical
- debugging
- emergencies
- errors
- informational
- notifications
- warnings
- disabled
Synchronous logging severity level
  format Dictionary
    timestamp String Valid Values:
- high-resolution
- traditional
- traditional timezone
- traditional year
- traditional timezone year
- traditional year timezone
Timestamp format
    hostname String Valid Values:
- fqdn
- ipv4
Hostname format in syslogs. For hostname only, remove the line. (default EOS CLI behaviour).
    sequence_numbers Boolean Add sequence numbers to log messages
    rfc5424 Boolean Forward logs in RFC5424 format
  facility String Valid Values:
- auth
- cron
- daemon
- kern
- local0
- local1
- local2
- local3
- local4
- local5
- local6
- local7
- lpr
- mail
- news
- sys9
- sys10
- sys11
- sys12
- sys13
- sys14
- syslog
- user
- uucp
  source_interface String Source Interface Name
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name
      source_interface String Source interface name
      hosts List, items: Dictionary
        - name String Required, Unique Syslog server name
          protocol String udp Valid Values:
- tcp
- udp
          ports List, items: Integer
            - <int> Integer
  policy Dictionary
    match Dictionary
      match_lists List, items: Dictionary
        - name String Required, Unique Match list
          action String Valid Values:
- discard
  event Dictionary
    storm_control Dictionary
      discards Dictionary
        global Boolean
        interval Integer Min: 10
Max: 65535
Logging interval in seconds
logging:

  # Console logging severity level
  console: <str; "debugging" | "informational" | "notifications" | "warnings" | "errors" | "critical" | "alerts" | "emergencies" | "disabled">

  # Monitor logging severity level
  monitor: <str; "debugging" | "informational" | "notifications" | "warnings" | "errors" | "critical" | "alerts" | "emergencies" | "disabled">
  buffered:
    size: <int; 10-2147483647>

    # Buffer logging severity level
    level: <str; "alerts" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "warnings" | "disabled">

  # Trap logging severity level
  trap: <str; "alerts" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "system" | "warnings" | "disabled">
  synchronous:

    # Synchronous logging severity level
    level: <str; "alerts" | "all" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "warnings" | "disabled"; default="critical">
  format:

    # Timestamp format
    timestamp: <str; "high-resolution" | "traditional" | "traditional timezone" | "traditional year" | "traditional timezone year" | "traditional year timezone">

    # Hostname format in syslogs. For hostname _only_, remove the line. (default EOS CLI behaviour).
    hostname: <str; "fqdn" | "ipv4">

    # Add sequence numbers to log messages
    sequence_numbers: <bool>

    # Forward logs in RFC5424 format
    rfc5424: <bool>
  facility: <str; "auth" | "cron" | "daemon" | "kern" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7" | "lpr" | "mail" | "news" | "sys9" | "sys10" | "sys11" | "sys12" | "sys13" | "sys14" | "syslog" | "user" | "uucp">

  # Source Interface Name
  source_interface: <str>
  vrfs:

      # VRF name
    - name: <str; required; unique>

      # Source interface name
      source_interface: <str>
      hosts:

          # Syslog server name
        - name: <str; required; unique>
          protocol: <str; "tcp" | "udp"; default="udp">
          ports:
            - <int>
  policy:
    match:
      match_lists:

          # Match list
        - name: <str; required; unique>
          action: <str; "discard">
  event:
    storm_control:
      discards:
        global: <bool>

        # Logging interval in seconds
        interval: <int; 10-65535>

Management API gNMI

Variable Type Required Default Value Restrictions Description
management_api_gnmi Dictionary
  provider String eos-native
  transport Dictionary
    grpc List, items: Dictionary
      - name String Transport name
        ssl_profile String SSL profile name
        vrf String VRF name is optional
        notification_timestamp String Valid Values:
- send-time
- last-change-time
Per the gNMI specification, the default timestamp field of a notification message is set to be
the time at which the value of the underlying data source changes or when the reported event takes place.
In order to facilitate integration in legacy environments oriented around polling style operations,
an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F.
        ip_access_group String ACL name
        port Integer GNMI port.
Make sure to update the control-plane ACL accordingly in order for the service to be reachable by external applications.
    grpc_tunnels List, items: Dictionary
      - name String Required, Unique Transport name
        shutdown Boolean Operational status of the gRPC tunnel
        tunnel_ssl_profile String Tunnel SSL profile name
        gnmi_ssl_profile String gNMI SSL profile name
        vrf String VRF name
        destination Dictionary
          address String Required IP address or hostname
          port Integer Required Min: 1
Max: 65535
TCP Port
        local_interface Dictionary
          name String Required Interface name
          port Integer Required Min: 1
Max: 65535
TCP Port
        target Dictionary
          use_serial_number Boolean Use serial number as the Target ID
          target_ids List, items: String Target IDs as a list.
            - <str> String
  enable_vrfs deprecated List, items: Dictionary These should not be mixed with the new keys above.
This key is deprecated. Support will be removed in AVD version 5.0.0. Use transport.grpc instead.
    - name String Required, Unique VRF name
      access_group String Standard IPv4 ACL name
  octa deprecated Dictionary These should not be mixed with the new keys above.
Octa activates eos-native provider and it is the only provider currently supported by EOS.This key is deprecated. Support will be removed in AVD version 5.0.0. Use provider instead.
management_api_gnmi:
  provider: <str; default="eos-native">
  transport:
    grpc:

        # Transport name
      - name: <str>

        # SSL profile name
        ssl_profile: <str>

        # VRF name is optional
        vrf: <str>

        # Per the gNMI specification, the default timestamp field of a notification message is set to be
        # the time at which the value of the underlying data source changes or when the reported event takes place.
        # In order to facilitate integration in legacy environments oriented around polling style operations,
        # an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F.
        notification_timestamp: <str; "send-time" | "last-change-time">

        # ACL name
        ip_access_group: <str>

        # GNMI port.
        # Make sure to update the control-plane ACL accordingly in order for the service to be reachable by external applications.
        port: <int>
    grpc_tunnels:

        # Transport name
      - name: <str; required; unique>

        # Operational status of the gRPC tunnel
        shutdown: <bool>

        # Tunnel SSL profile name
        tunnel_ssl_profile: <str>

        # gNMI SSL profile name
        gnmi_ssl_profile: <str>

        # VRF name
        vrf: <str>
        destination:

          # IP address or hostname
          address: <str; required>

          # TCP Port
          port: <int; 1-65535; required>
        local_interface:

          # Interface name
          name: <str; required>

          # TCP Port
          port: <int; 1-65535; required>
        target:

          # Use serial number as the Target ID
          use_serial_number: <bool>

          # Target IDs as a list.
          target_ids:
            - <str>

  # These should not be mixed with the new keys above.
  # This key is deprecated.
  # Support will be removed in AVD version 5.0.0.
  # Use <samp>transport.grpc</samp> instead.
  enable_vrfs:

      # VRF name
    - name: <str; required; unique>

      # Standard IPv4 ACL name
      access_group: <str>

  # These should not be mixed with the new keys above.
  # Octa activates `eos-native` provider and it is the only provider currently supported by EOS.
  # This key is deprecated.
  # Support will be removed in AVD version 5.0.0.
  # Use <samp>provider</samp> instead.
  octa: <dict>

Monitor connectivity

Variable Type Required Default Value Restrictions Description
monitor_connectivity Dictionary
  shutdown Boolean
  interval Integer
  interface_sets List, items: Dictionary
    - name String
      interfaces String Interface range(s) should be of same type, Ethernet, Loopback, Management etc.
Multiple interface ranges can be specified separated by “,”
  local_interfaces String
  hosts List, items: Dictionary
    - name String Host Name
      description String
      ip String
      local_interfaces String
      url String
  vrfs List, items: Dictionary
    - name String Required, Unique VRF Name
      description String
      interface_sets List, items: Dictionary
        - name String
          interfaces String
      local_interfaces String
      hosts List, items: Dictionary
        - name String Host name
          description String
          ip String
          local_interfaces String
          url String
monitor_connectivity:
  shutdown: <bool>
  interval: <int>
  interface_sets:
    - name: <str>

      # Interface range(s) should be of same type, Ethernet, Loopback, Management etc.
      # Multiple interface ranges can be specified separated by ","
      interfaces: <str>
  local_interfaces: <str>
  hosts:

      # Host Name
    - name: <str>
      description: <str>
      ip: <str>
      local_interfaces: <str>
      url: <str>
  vrfs:

      # VRF Name
    - name: <str; required; unique>
      description: <str>
      interface_sets:
        - name: <str>
          interfaces: <str>
      local_interfaces: <str>
      hosts:

          # Host name
        - name: <str>
          description: <str>
          ip: <str>
          local_interfaces: <str>
          url: <str>

Monitor sessions

Variable Type Required Default Value Restrictions Description
monitor_sessions List, items: Dictionary
  - name String Required Session Name
    sources List, items: Dictionary
      - name String Interface name, range or comma separated list
        direction String Valid Values:
- rx
- tx
- both
        access_group Dictionary
          type String Valid Values:
- ip
- ipv6
- mac
          name String ACL Name
          priority Integer
    destinations List, items: String
      - <str> String ‘cpu’ or interface name, range or comma separated list
    encapsulation_gre_metadata_tx Boolean
    header_remove_size Integer Number of bytes to remove from header
    access_group Dictionary
      type String Valid Values:
- ip
- ipv6
- mac
      name String ACL Name
    rate_limit_per_ingress_chip String Ratelimit and unit as string.
Examples:
“100000 bps”
“100 kbps”
“10 mbps”
    rate_limit_per_egress_chip String Ratelimit and unit as string.
Examples:
“100000 bps”
“100 kbps”
“10 mbps”
    sample Integer
    truncate Dictionary
      enabled Boolean
      size Integer Size in bytes
monitor_sessions:

    # Session Name
  - name: <str; required>
    sources:

        # Interface name, range or comma separated list
      - name: <str>
        direction: <str; "rx" | "tx" | "both">
        access_group:
          type: <str; "ip" | "ipv6" | "mac">

          # ACL Name
          name: <str>
          priority: <int>
    destinations:

        # 'cpu' or interface name, range or comma separated list
      - <str>
    encapsulation_gre_metadata_tx: <bool>

    # Number of bytes to remove from header
    header_remove_size: <int>
    access_group:
      type: <str; "ip" | "ipv6" | "mac">

      # ACL Name
      name: <str>

    # Ratelimit and unit as string.
    # Examples:
    #   "100000 bps"
    #   "100 kbps"
    #   "10 mbps"
    rate_limit_per_ingress_chip: <str>

    # Ratelimit and unit as string.
    # Examples:
    #   "100000 bps"
    #   "100 kbps"
    #   "10 mbps"
    rate_limit_per_egress_chip: <str>
    sample: <int>
    truncate:
      enabled: <bool>

      # Size in bytes
      size: <int>

SFLOW

Variable Type Required Default Value Restrictions Description
sflow Dictionary
  sample Integer
  dangerous Boolean
  polling_interval Integer Polling interval in seconds
  vrfs List, items: Dictionary
    - name String Required, Unique
      destinations List, items: Dictionary
        - destination String Required, Unique Sflow Destination IP Address
          port Integer Port Number
      source String Source IP Address.
“source” and “source_interface” are mutually exclusive. If both are defined, “source_interface” takes precedence.
      source_interface String Source Interface
  destinations List, items: Dictionary
    - destination String Required, Unique Sflow Destination IP Address
      port Integer Port Number
  source String Source IP Address.
“source” and “source_interface” are mutually exclusive. If both are defined, “source_interface” takes precedence.
  source_interface String Source Interface
  extensions List, items: Dictionary
    - name String Required, Unique Extension Name
      enabled Boolean Required Enable or Disable Extension
  interface Dictionary
    disable Dictionary
      default Boolean
    egress Dictionary
      enable_default Boolean Enable egress sFlow by default.
      unmodified Boolean Enable egress sFlow unmodified.
Platform dependent feature.
  run Boolean
  hardware_acceleration Dictionary
    enabled Boolean
    sample Integer
    modules List, items: Dictionary
      - name String Required, Unique
        enabled Boolean True
sflow:
  sample: <int>
  dangerous: <bool>

  # Polling interval in seconds
  polling_interval: <int>
  vrfs:
    - name: <str; required; unique>
      destinations:

          # Sflow Destination IP Address
        - destination: <str; required; unique>

          # Port Number
          port: <int>

      # Source IP Address.
      # "source" and "source_interface" are mutually exclusive. If both are defined, "source_interface" takes precedence.
      source: <str>

      # Source Interface
      source_interface: <str>
  destinations:

      # Sflow Destination IP Address
    - destination: <str; required; unique>

      # Port Number
      port: <int>

  # Source IP Address.
  # "source" and "source_interface" are mutually exclusive. If both are defined, "source_interface" takes precedence.
  source: <str>

  # Source Interface
  source_interface: <str>
  extensions:

      # Extension Name
    - name: <str; required; unique>

      # Enable or Disable Extension
      enabled: <bool; required>
  interface:
    disable:
      default: <bool>
    egress:

      # Enable egress sFlow by default.
      enable_default: <bool>

      # Enable egress sFlow unmodified.
      # Platform dependent feature.
      unmodified: <bool>
  run: <bool>
  hardware_acceleration:
    enabled: <bool>
    sample: <int>
    modules:
      - name: <str; required; unique>
        enabled: <bool; default=True>

SNMP server

Variable Type Required Default Value Restrictions Description
snmp_server Dictionary SNMP settings
  engine_ids Dictionary
    local String Engine ID in hexadecimal
    remotes List, items: Dictionary
      - id String Remote engine ID in hexadecimal
        address String Hostname or IP of remote engine
        udp_port Integer
  contact String SNMP contact
  location String SNMP location
  communities List, items: Dictionary
    - name String Required, Unique Community name
      access String Valid Values:
- ro
- rw
      access_list_ipv4 Dictionary
        name String IPv4 access list name
      access_list_ipv6 Dictionary
        name String IPv6 access list name
      view String
  ipv4_acls List, items: Dictionary
    - name String IPv4 access list name
      vrf String
  ipv6_acls List, items: Dictionary
    - name String IPv6 access list name
      vrf String
  local_interfaces List, items: Dictionary
    - name String Required, Unique Interface name
      vrf String
  views List, items: Dictionary
    - name String SNMP view name
      mib_family_name String
      included Boolean
      MIB_family_name deprecated String This key is deprecated. Support will be removed in AVD version 5.0.0. Use mib_family_name instead.
  groups List, items: Dictionary
    - name String Group name
      version String Valid Values:
- v1
- v2c
- v3
      authentication String Valid Values:
- auth
- noauth
- priv
      read String Read view
      write String Write view
      notify String Notify view
  users List, items: Dictionary
    - name String Username
      group String Group name
      remote_address String Hostname or ip of remote engine
The remote_address and udp_port are used for remote users
      udp_port Integer udp_port will not be used if no remote_address is configured
      version String Valid Values:
- v1
- v2c
- v3
      localized String Engine ID in hexadecimal for localizing auth and/or priv
      auth String Hash algorithm
      auth_passphrase String Hashed authentication passphrase if localized is used else cleartext authentication passphrase
      priv String Encryption algorithm
      priv_passphrase String Hashed privacy passphrase if localized is used else cleartext privacy passphrase
  hosts List, items: Dictionary
    - host String Host IP address or name
      vrf String
      version String Valid Values:
- 1
- 2c
- 3
      community String Community name
      users List, items: Dictionary
        - username String
          authentication_level String Valid Values:
- auth
- noauth
- priv
  traps Dictionary
    enable Boolean False Enable or disable all snmp-traps
    snmp_traps List, items: Dictionary
      - name String Enable or disable specific snmp-traps and their sub_traps
Examples:
- “bgp”
- “bgp established”
        enabled Boolean True
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name
      enable Boolean
# SNMP settings
snmp_server:
  engine_ids:

    # Engine ID in hexadecimal
    local: <str>
    remotes:

        # Remote engine ID in hexadecimal
      - id: <str>

        # Hostname or IP of remote engine
        address: <str>
        udp_port: <int>

  # SNMP contact
  contact: <str>

  # SNMP location
  location: <str>
  communities:

      # Community name
    - name: <str; required; unique>
      access: <str; "ro" | "rw">
      access_list_ipv4:

        # IPv4 access list name
        name: <str>
      access_list_ipv6:

        # IPv6 access list name
        name: <str>
      view: <str>
  ipv4_acls:

      # IPv4 access list name
    - name: <str>
      vrf: <str>
  ipv6_acls:

      # IPv6 access list name
    - name: <str>
      vrf: <str>
  local_interfaces:

      # Interface name
    - name: <str; required; unique>
      vrf: <str>
  views:

      # SNMP view name
    - name: <str>
      mib_family_name: <str>
      included: <bool>
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>mib_family_name</samp> instead.
      MIB_family_name: <str>
  groups:

      # Group name
    - name: <str>
      version: <str; "v1" | "v2c" | "v3">
      authentication: <str; "auth" | "noauth" | "priv">

      # Read view
      read: <str>

      # Write view
      write: <str>

      # Notify view
      notify: <str>
  users:

      # Username
    - name: <str>

      # Group name
      group: <str>

      # Hostname or ip of remote engine
      # The remote_address and udp_port are used for remote users
      remote_address: <str>

      # udp_port will not be used if no remote_address is configured
      udp_port: <int>
      version: <str; "v1" | "v2c" | "v3">

      # Engine ID in hexadecimal for localizing auth and/or priv
      localized: <str>

      # Hash algorithm
      auth: <str>

      # Hashed authentication passphrase if localized is used else cleartext authentication passphrase
      auth_passphrase: <str>

      # Encryption algorithm
      priv: <str>

      # Hashed privacy passphrase if localized is used else cleartext privacy passphrase
      priv_passphrase: <str>
  hosts:

      # Host IP address or name
    - host: <str>
      vrf: <str>
      version: <str; "1" | "2c" | "3">

      # Community name
      community: <str>
      users:
        - username: <str>
          authentication_level: <str; "auth" | "noauth" | "priv">
  traps:

    # Enable or disable all snmp-traps
    enable: <bool; default=False>
    snmp_traps:

        # Enable or disable specific snmp-traps and their sub_traps
        # Examples:
        # - "bgp"
        # - "bgp established"
      - name: <str>
        enabled: <bool; default=True>
  vrfs:

      # VRF name
    - name: <str; required; unique>
      enable: <bool>

Tap aggregation

Variable Type Required Default Value Restrictions Description
tap_aggregation Dictionary
  mode Dictionary
    exclusive Dictionary
      enabled Boolean
      profile String Profile Name
      no_errdisable List, items: String
        - <str> String Interface name e.g Ethernet1, Port-Channel1
  encapsulation_dot1br_strip Boolean
  encapsulation_vn_tag_strip Boolean
  protocol_lldp_trap Boolean
  truncation_size Integer Allowed truncation_size values vary depending on the platform
  mac Dictionary
    timestamp Dictionary mac.timestamp.replace_source_mac and mac.timestamp.header.format are mutually exclsuive. If both are defined, replace_source_mac takes precedence
      replace_source_mac Boolean
      header Dictionary
        format String Valid Values:
- 48-bit
- 64-bit
        eth_type Integer EtherType
    fcs_append Boolean mac.fcs_append and mac.fcs_error are mutually exclusive. If both are defined, mac.fcs_append takes precedence
    fcs_error String Valid Values:
- correct
- discard
- pass-through
tap_aggregation:
  mode:
    exclusive:
      enabled: <bool>

      # Profile Name
      profile: <str>
      no_errdisable:

          # Interface name e.g Ethernet1, Port-Channel1
        - <str>
  encapsulation_dot1br_strip: <bool>
  encapsulation_vn_tag_strip: <bool>
  protocol_lldp_trap: <bool>

  # Allowed truncation_size values vary depending on the platform
  truncation_size: <int>
  mac:

    # mac.timestamp.replace_source_mac and mac.timestamp.header.format are mutually exclsuive. If both are defined, replace_source_mac takes precedence
    timestamp:
      replace_source_mac: <bool>
      header:
        format: <str; "48-bit" | "64-bit">

        # EtherType
        eth_type: <int>

    # mac.fcs_append and mac.fcs_error are mutually exclusive. If both are defined, mac.fcs_append takes precedence
    fcs_append: <bool>
    fcs_error: <str; "correct" | "discard" | "pass-through">

VM tracer-sessions

Variable Type Required Default Value Restrictions Description
vmtracer_sessions List, items: Dictionary
  - name String Required, Unique Vmtracer Session Name
    url String
    username String
    password String Type 7 Password Hash
    autovlan_disable Boolean
    source_interface String
vmtracer_sessions:

    # Vmtracer Session Name
  - name: <str; required; unique>
    url: <str>
    username: <str>

    # Type 7 Password Hash
    password: <str>
    autovlan_disable: <bool>
    source_interface: <str>

Multicast

IP IGMP snooping

Variable Type Required Default Value Restrictions Description
ip_igmp_snooping Dictionary
  globally_enabled Boolean True Activate or deactivate IGMP snooping for all vlans where vlans allows user to activate / deactivate IGMP snooping per vlan.
  robustness_variable Integer
  restart_query_interval Integer
  interface_restart_query Integer
  fast_leave Boolean
  querier Dictionary
    enabled Boolean
    address String IP Address
    query_interval Integer
    max_response_time Integer
    last_member_query_interval Integer
    last_member_query_count Integer
    startup_query_interval Integer
    startup_query_count Integer
    version Integer
  proxy Boolean
  vlans List, items: Dictionary
    - id Integer Required, Unique VLAN ID
      enabled Boolean
      querier Dictionary
        enabled Boolean
        address String IP Address
        query_interval Integer
        max_response_time Integer
        last_member_query_interval Integer
        last_member_query_count Integer
        startup_query_interval Integer
        startup_query_count Integer
        version Integer
      max_groups Integer
      fast_leave Boolean
      proxy Boolean Global proxy settings should be enabled before enabling per-vlan
ip_igmp_snooping:

  # Activate or deactivate IGMP snooping for all vlans where `vlans` allows user to activate / deactivate IGMP snooping per vlan.
  globally_enabled: <bool; default=True>
  robustness_variable: <int>
  restart_query_interval: <int>
  interface_restart_query: <int>
  fast_leave: <bool>
  querier:
    enabled: <bool>

    # IP Address
    address: <str>
    query_interval: <int>
    max_response_time: <int>
    last_member_query_interval: <int>
    last_member_query_count: <int>
    startup_query_interval: <int>
    startup_query_count: <int>
    version: <int>
  proxy: <bool>
  vlans:

      # VLAN ID
    - id: <int; required; unique>
      enabled: <bool>
      querier:
        enabled: <bool>

        # IP Address
        address: <str>
        query_interval: <int>
        max_response_time: <int>
        last_member_query_interval: <int>
        last_member_query_count: <int>
        startup_query_interval: <int>
        startup_query_count: <int>
        version: <int>
      max_groups: <int>
      fast_leave: <bool>

      # Global proxy settings should be enabled before enabling per-vlan
      proxy: <bool>

Router IGMP

Variable Type Required Default Value Restrictions Description
router_igmp Dictionary
  ssm_aware Boolean
router_igmp:
  ssm_aware: <bool>

Router MSDP

Variable Type Required Default Value Restrictions Description
router_msdp Dictionary
  originator_id_local_interface String Interface to use for originator ID
  rejected_limit Integer Min: 0
Max: 40000
Maximum number of rejected SA messages allowed in cache
  forward_register_packets Boolean
  connection_retry_interval Integer Min: 1
Max: 65535
  group_limits List, items: Dictionary
    - source_prefix String Required, Unique Source address prefix
      limit Integer Required Min: 0
Max: 40000
Limit for SAs matching the source address prefix
  peers List, items: Dictionary
    - ipv4_address String Required, Unique Peer IP Address
      default_peer Dictionary
        enabled Boolean
        prefix_list String Prefix list to filter source of SA messages
      local_interface String
      description String
      disabled Boolean Disable the MSDP peer
      sa_limit Integer Min: 0
Max: 40000
Maximum number of SA messages allowed in cache
      mesh_groups List, items: Dictionary
        - name String Required, Unique Mesh group name
      keepalive Dictionary
        keepalive_timer Integer Required Min: 1
Max: 65535
        hold_timer Integer Required Min: 1
Max: 65535
Must be greater than keepalive timer
      sa_filter Dictionary
        in_list String ACL to filter inbound SA messages
        out_list String ACL to filter outbound SA messages
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name
      originator_id_local_interface String Interface to use for originator ID
      rejected_limit Integer Min: 0
Max: 40000
Maximum number of rejected SA messages allowed in cache
      forward_register_packets Boolean
      connection_retry_interval Integer Min: 1
Max: 65535
      group_limits List, items: Dictionary
        - source_prefix String Required, Unique Source address prefix
          limit Integer Required Min: 0
Max: 40000
Limit for SAs matching the source address prefix
      peers List, items: Dictionary
        - ipv4_address String Required, Unique Peer IP Address
          default_peer Dictionary
            enabled Boolean
            prefix_list String Prefix list to filter source of SA messages
          local_interface String
          description String
          disabled Boolean Disable the MSDP peer
          sa_limit Integer Min: 0
Max: 40000
Maximum number of SA messages allowed in cache
          mesh_groups List, items: Dictionary
            - name String Required, Unique Mesh group name
          keepalive Dictionary
            keepalive_timer Integer Required Min: 1
Max: 65535
            hold_timer Integer Required Min: 1
Max: 65535
Must be greater than keepalive timer
          sa_filter Dictionary
            in_list String ACL to filter inbound SA messages
            out_list String ACL to filter outbound SA messages
router_msdp:

  # Interface to use for originator ID
  originator_id_local_interface: <str>

  # Maximum number of rejected SA messages allowed in cache
  rejected_limit: <int; 0-40000>
  forward_register_packets: <bool>
  connection_retry_interval: <int; 1-65535>
  group_limits:

      # Source address prefix
    - source_prefix: <str; required; unique>

      # Limit for SAs matching the source address prefix
      limit: <int; 0-40000; required>
  peers:

      # Peer IP Address
    - ipv4_address: <str; required; unique>
      default_peer:
        enabled: <bool>

        # Prefix list to filter source of SA messages
        prefix_list: <str>
      local_interface: <str>
      description: <str>

      # Disable the MSDP peer
      disabled: <bool>

      # Maximum number of SA messages allowed in cache
      sa_limit: <int; 0-40000>
      mesh_groups:

          # Mesh group name
        - name: <str; required; unique>
      keepalive:
        keepalive_timer: <int; 1-65535; required>

        # Must be greater than keepalive timer
        hold_timer: <int; 1-65535; required>
      sa_filter:

        # ACL to filter inbound SA messages
        in_list: <str>

        # ACL to filter outbound SA messages
        out_list: <str>
  vrfs:

      # VRF name
    - name: <str; required; unique>

      # Interface to use for originator ID
      originator_id_local_interface: <str>

      # Maximum number of rejected SA messages allowed in cache
      rejected_limit: <int; 0-40000>
      forward_register_packets: <bool>
      connection_retry_interval: <int; 1-65535>
      group_limits:

          # Source address prefix
        - source_prefix: <str; required; unique>

          # Limit for SAs matching the source address prefix
          limit: <int; 0-40000; required>
      peers:

          # Peer IP Address
        - ipv4_address: <str; required; unique>
          default_peer:
            enabled: <bool>

            # Prefix list to filter source of SA messages
            prefix_list: <str>
          local_interface: <str>
          description: <str>

          # Disable the MSDP peer
          disabled: <bool>

          # Maximum number of SA messages allowed in cache
          sa_limit: <int; 0-40000>
          mesh_groups:

              # Mesh group name
            - name: <str; required; unique>
          keepalive:
            keepalive_timer: <int; 1-65535; required>

            # Must be greater than keepalive timer
            hold_timer: <int; 1-65535; required>
          sa_filter:

            # ACL to filter inbound SA messages
            in_list: <str>

            # ACL to filter outbound SA messages
            out_list: <str>

Router multicast

Variable Type Required Default Value Restrictions Description
router_multicast Dictionary
  ipv4 Dictionary
    counters Dictionary
      rate_period_decay Integer Min: 0
Max: 600
Rate in seconds
    routing Boolean
    multipath String Valid Values:
- none
- deterministic
- deterministic color
- deterministic router-id
    software_forwarding String Valid Values:
- kernel
- sfe
    rpf Dictionary
      routes List, items: Dictionary
        - source_prefix String Required Source address A.B.C.D or Source prefix A.B.C.D/E
          destinations List, items: Dictionary Required
            - nexthop String Required Next-hop IP address or interface name
              distance Integer Min: 1
Max: 255
Administrative distance for this route
  vrfs List, items: Dictionary
    - name String Required, Unique
      ipv4 Dictionary
        routing Boolean
router_multicast:
  ipv4:
    counters:

      # Rate in seconds
      rate_period_decay: <int; 0-600>
    routing: <bool>
    multipath: <str; "none" | "deterministic" | "deterministic color" | "deterministic router-id">
    software_forwarding: <str; "kernel" | "sfe">
    rpf:
      routes:

          # Source address A.B.C.D or Source prefix A.B.C.D/E
        - source_prefix: <str; required>
          destinations: # required

              # Next-hop IP address or interface name
            - nexthop: <str; required>

              # Administrative distance for this route
              distance: <int; 1-255>
  vrfs:
    - name: <str; required; unique>
      ipv4:
        routing: <bool>

Router PIM sparse-mode

Variable Type Required Default Value Restrictions Description
router_pim_sparse_mode Dictionary
  ipv4 Dictionary
    bfd Boolean Enable/Disable BFD
    ssm_range String IPv4 Prefix associated with SSM
    rp_addresses List, items: Dictionary
      - address String Required, Unique RP Address
        groups List, items: String
          - <str> String
        access_lists List, items: String
          - <str> String
        priority Integer Min: 0
Max: 255
        hashmask Integer Min: 0
Max: 32
        override Boolean
    anycast_rps List, items: Dictionary
      - address String Required, Unique Anycast RP Address
        other_anycast_rp_addresses List, items: Dictionary
          - address String Required, Unique Other Anycast RP Address
            register_count Integer
  vrfs List, items: Dictionary
    - name String Required, Unique VRF Name
      ipv4 Dictionary
        bfd Boolean Enable/Disable BFD
        rp_addresses List, items: Dictionary
          - address String Required RP Address
            groups List, items: String
              - <str> String
            access_lists List, items: String
              - <str> String
            priority Integer Min: 0
Max: 255
            hashmask Integer Min: 0
Max: 32
            override Boolean
router_pim_sparse_mode:
  ipv4:

    # Enable/Disable BFD
    bfd: <bool>

    # IPv4 Prefix associated with SSM
    ssm_range: <str>
    rp_addresses:

        # RP Address
      - address: <str; required; unique>
        groups:
          - <str>
        access_lists:
          - <str>
        priority: <int; 0-255>
        hashmask: <int; 0-32>
        override: <bool>
    anycast_rps:

        # Anycast RP Address
      - address: <str; required; unique>
        other_anycast_rp_addresses:

            # Other Anycast RP Address
          - address: <str; required; unique>
            register_count: <int>
  vrfs:

      # VRF Name
    - name: <str; required; unique>
      ipv4:

        # Enable/Disable BFD
        bfd: <bool>
        rp_addresses:

            # RP Address
          - address: <str; required>
            groups:
              - <str>
            access_lists:
              - <str>
            priority: <int; 0-255>
            hashmask: <int; 0-32>
            override: <bool>

Quality of Service

Priority flow control

Variable Type Required Default Value Restrictions Description
priority_flow_control Dictionary Global Priority Flow Control settings.
  all_off Boolean Disable PFC on all interfaces.
  watchdog Dictionary
    action String Valid Values:
- drop
- no-drop
Action on stuck queue.
    timeout String Pattern: ^\d+(.\d{1,2})?$ Timeout in seconds after which port should be errdisabled or
should start dropping on congested priorities.
This should be decimal with up to 2 decimal point.
Example: 0.01 or 60
    polling_interval String Pattern: ^\d+(.\d{1,3})?$ Time interval in seconds at which the watchdog should poll the queues.
This should be decimal with up to 3 decimal point.
Example: 0.005 or 60
    recovery_time String Pattern: ^\d+(.\d{1,2})?$ Recovery-time in seconds after which stuck queue should
recover and start forwarding again.
This should be decimal with up to 2 decimal point.
Example: 0.01 or 60
    override_action_drop Boolean Override configured action on stuck queue to drop.
# Global Priority Flow Control settings.
priority_flow_control:

  # Disable PFC on all interfaces.
  all_off: <bool>
  watchdog:

    # Action on stuck queue.
    action: <str; "drop" | "no-drop">

    # Timeout in seconds after which port should be errdisabled or
    # should start dropping on congested priorities.
    # This should be decimal with up to 2 decimal point.
    # Example: 0.01 or 60
    timeout: <str>

    # Time interval in seconds at which the watchdog should poll the queues.
    # This should be decimal with up to 3 decimal point.
    # Example: 0.005 or 60
    polling_interval: <str>

    # Recovery-time in seconds after which stuck queue should
    # recover and start forwarding again.
    # This should be decimal with up to 2 decimal point.
    # Example: 0.01 or 60
    recovery_time: <str>

    # Override configured action on stuck queue to drop.
    override_action_drop: <bool>

QoS

Variable Type Required Default Value Restrictions Description
qos Dictionary
  map Dictionary
    cos List, items: String
      - <str> String Example: “0 1 to traffic-class 1”
    dscp List, items: String
      - <str> String Example: “8 9 10 to traffic-class 1”
    exp List, items: String
      - <str> String Example “0 to traffic-class 0”
    traffic_class List, items: String
      - <str> String Example: “1 to dscp 32”
  rewrite_dscp Boolean
  random_detect Dictionary Global random-detect settings
    ecn Dictionary Global ECN Configuration
      allow_non_ect Dictionary
        enabled Boolean Allow non-ect and set drop-precedence 1 in a policy map simultaneously.
Check which command is required for your platform.
        chip_based Boolean Allow non-ect chip-based
qos:
  map:
    cos:

        # Example: "0 1 to traffic-class 1"
      - <str>
    dscp:

        # Example: "8 9 10 to traffic-class 1"
      - <str>
    exp:

        # Example "0 to traffic-class 0"
      - <str>
    traffic_class:

        # Example: "1 to dscp 32"
      - <str>
  rewrite_dscp: <bool>

  # Global random-detect settings
  random_detect:

    # Global ECN Configuration
    ecn:
      allow_non_ect:

        # Allow non-ect and set drop-precedence 1 in a policy map simultaneously.
        # Check which command is required for your platform.
        enabled: <bool>

        # Allow non-ect chip-based
        chip_based: <bool>

QoS profiles

Variable Type Required Default Value Restrictions Description
qos_profiles List, items: Dictionary
  - name String Required, Unique Profile-Name
    trust String Valid Values:
- cos
- dscp
- disabled
    cos Integer
    dscp Integer
    shape Dictionary
      rate String Supported options are platform dependent
Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
    service_policy Dictionary
      type Dictionary
        qos_input String Policy-map name
    tx_queues List, items: Dictionary
      - id Integer Required, Unique TX-Queue ID
        bandwidth_percent Integer
        bandwidth_guaranteed_percent Integer
        priority String Valid Values:
- priority strict
- no priority
        shape Dictionary
          rate String Supported options are platform dependent
Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
        comment String Text comment added to queue
        random_detect Dictionary
          ecn Dictionary Explicit Congestion Notification
            count Boolean Enable counter for random-detect ECNs
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- milliseconds
Units to be used for the threshold values.
This should be one of segments, byte, kbytes, mbytes.
              min Integer Required Min: 1 Random-detect ECN minimum-threshold
              max Integer Required Min: 1 Random-detect ECN maximum-threshold
              max_probability Integer Min: 1
Max: 100
Random-detect ECN maximum mark probability
              weight Integer Min: 0
Max: 15
Random-detect ECN weight
          drop Dictionary Set WRED parameters
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- microseconds
- milliseconds
Units to be used for the threshold values.
              drop_precedence Integer Min: 0
Max: 2
Specify Drop Precendence value
              min Integer Required Min: 1 WRED minimum-threshold
              max Integer Required Min: 1 WRED maximum-threshold
              drop_probability Integer Required Min: 1
Max: 100
WRED drop probability.
              weight Integer Min: 0
Max: 15
WRED weight
    uc_tx_queues List, items: Dictionary
      - id Integer Required, Unique UC TX queue ID
        bandwidth_percent Integer
        bandwidth_guaranteed_percent Integer
        priority String Valid Values:
- priority strict
- no priority
        shape Dictionary
          rate String Supported options are platform dependent
Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
        comment String Text comment added to queue
        random_detect Dictionary
          ecn Dictionary Explicit Congestion Notification
            count Boolean Enable counter for random-detect ECNs
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- milliseconds
Unit to be used for the threshold values
              min Integer Required Min: 1 Random-detect ECN minimum-threshold
              max Integer Required Min: 1 Random-detect ECN maximum-threshold
              max_probability Integer Min: 1
Max: 100
Random-detect ECN maximum mark probability
              weight Integer Min: 0
Max: 15
Random-detect ECN weight
          drop Dictionary Set WRED parameters
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- microseconds
- milliseconds
Units to be used for the threshold values.
              drop_precedence Integer Min: 0
Max: 2
Specify Drop Precendence value
              min Integer Required Min: 1 WRED minimum-threshold
              max Integer Required Min: 1 WRED maximum-threshold
              drop_probability Integer Required Min: 1
Max: 100
WRED drop probability.
              weight Integer Min: 0
Max: 15
WRED weight
    mc_tx_queues List, items: Dictionary
      - id Integer Required, Unique MC TX queue ID
        bandwidth_percent Integer
        bandwidth_guaranteed_percent Integer
        priority String Valid Values:
- priority strict
- no priority
        shape Dictionary
          rate String Supported options are platform dependent
Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
        comment String Text comment added to queue.
    priority_flow_control Dictionary Priority Flow Control settings
      enabled Boolean Enable Priority Flow control.
      watchdog Dictionary Watchdog can detect stuck transmit queues.
        enabled Boolean Required Enable the watchdog on stuck transmit queues.
        action String Valid Values:
- drop
- notify-only
Override the default error-disable action to either drop
traffic on the stuck queue or notify-only
without making any actions on the stuck queue.
        timer Dictionary Timer thresholds whilst monitoring queues.
          timeout String Required Pattern: ^\d+(.\d{1,2})?$ Timeout in seconds after which port should be errdisabled or
should start dropping on congested priorities.
This should be decimal with up to 2 decimal point
Example: 0.01 or 60
          polling_interval String Required Pattern: ^auto \d+(.\d{1,3})?$
          recovery_time String Required Pattern: ^\d+(.\d{1,2})?$ Recovery-time in seconds after which stuck queue should
recover and start forwarding again.
This should be decimal with up to 2 decimal point.
Example: 0.01 or 60
          forced Boolean Force recover any stuck queue(s) after the duration,
irrespective of whether PFC frames are being
received or not.
      priorities List, items: Dictionary Set the drop/no_drop on each queue
        - priority Integer Required, Unique Min: 0
Max: 7
Priority queue number (COS value)
          no_drop Boolean Required Enable Priority Flow Control frames on this queue
qos_profiles:

    # Profile-Name
  - name: <str; required; unique>
    trust: <str; "cos" | "dscp" | "disabled">
    cos: <int>
    dscp: <int>
    shape:

      # Supported options are platform dependent
      # Example: "< rate > kbps", "1-100 percent", "< rate > pps"
      rate: <str>
    service_policy:
      type:

        # Policy-map name
        qos_input: <str>
    tx_queues:

        # TX-Queue ID
      - id: <int; required; unique>
        bandwidth_percent: <int>
        bandwidth_guaranteed_percent: <int>
        priority: <str; "priority strict" | "no priority">
        shape:

          # Supported options are platform dependent
          # Example: "< rate > kbps", "1-100 percent", "< rate > pps"
          rate: <str>

        # Text comment added to queue
        comment: <str>
        random_detect:

          # Explicit Congestion Notification
          ecn:

            # Enable counter for random-detect ECNs
            count: <bool>
            threshold:

              # Units to be used for the threshold values.
              # This should be one of segments, byte, kbytes, mbytes.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>

              # Random-detect ECN minimum-threshold
              min: <int; >=1; required>

              # Random-detect ECN maximum-threshold
              max: <int; >=1; required>

              # Random-detect ECN maximum mark probability
              max_probability: <int; 1-100>

              # Random-detect ECN weight
              weight: <int; 0-15>

          # Set WRED parameters
          drop:
            threshold:

              # Units to be used for the threshold values.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "microseconds" | "milliseconds"; required>

              # Specify Drop Precendence value
              drop_precedence: <int; 0-2>

              # WRED minimum-threshold
              min: <int; >=1; required>

              # WRED maximum-threshold
              max: <int; >=1; required>

              # WRED drop probability.
              drop_probability: <int; 1-100; required>

              # WRED weight
              weight: <int; 0-15>
    uc_tx_queues:

        # UC TX queue ID
      - id: <int; required; unique>
        bandwidth_percent: <int>
        bandwidth_guaranteed_percent: <int>
        priority: <str; "priority strict" | "no priority">
        shape:

          # Supported options are platform dependent
          # Example: "< rate > kbps", "1-100 percent", "< rate > pps"
          rate: <str>

        # Text comment added to queue
        comment: <str>
        random_detect:

          # Explicit Congestion Notification
          ecn:

            # Enable counter for random-detect ECNs
            count: <bool>
            threshold:

              # Unit to be used for the threshold values
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>

              # Random-detect ECN minimum-threshold
              min: <int; >=1; required>

              # Random-detect ECN maximum-threshold
              max: <int; >=1; required>

              # Random-detect ECN maximum mark probability
              max_probability: <int; 1-100>

              # Random-detect ECN weight
              weight: <int; 0-15>

          # Set WRED parameters
          drop:
            threshold:

              # Units to be used for the threshold values.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "microseconds" | "milliseconds"; required>

              # Specify Drop Precendence value
              drop_precedence: <int; 0-2>

              # WRED minimum-threshold
              min: <int; >=1; required>

              # WRED maximum-threshold
              max: <int; >=1; required>

              # WRED drop probability.
              drop_probability: <int; 1-100; required>

              # WRED weight
              weight: <int; 0-15>
    mc_tx_queues:

        # MC TX queue ID
      - id: <int; required; unique>
        bandwidth_percent: <int>
        bandwidth_guaranteed_percent: <int>
        priority: <str; "priority strict" | "no priority">
        shape:

          # Supported options are platform dependent
          # Example: "< rate > kbps", "1-100 percent", "< rate > pps"
          rate: <str>

        # Text comment added to queue.
        comment: <str>

    # Priority Flow Control settings
    priority_flow_control:

      # Enable Priority Flow control.
      enabled: <bool>

      # Watchdog can detect stuck transmit queues.
      watchdog:

        # Enable the watchdog on stuck transmit queues.
        enabled: <bool; required>

        # Override the default error-disable action to either drop
        # traffic on the stuck queue or notify-only
        # without making any actions on the stuck queue.
        action: <str; "drop" | "notify-only">

        # Timer thresholds whilst monitoring queues.
        timer:

          # Timeout in seconds after which port should be errdisabled or
          # should start dropping on congested priorities.
          # This should be decimal with up to 2 decimal point
          # Example: 0.01 or 60
          timeout: <str; required>

          # Time interval in seconds at which the watchdog should poll the queues.
          # This should be decimal with up to 3 decimal point or set
          # to 'auto' based on recovery_time and timeout values.
          # Example: 0.005 or 60
          polling_interval: <str; required>

          # Recovery-time in seconds after which stuck queue should
          # recover and start forwarding again.
          # This should be decimal with up to 2 decimal point.
          # Example: 0.01 or 60
          recovery_time: <str; required>

          # Force recover any stuck queue(s) after the duration,
          # irrespective of whether PFC frames are being
          # received or not.
          forced: <bool>

      # Set the drop/no_drop on each queue
      priorities:

          # Priority queue number (COS value)
        - priority: <int; 0-7; required; unique>

          # Enable Priority Flow Control frames on this queue
          no_drop: <bool; required>

Queue monitor-length

Variable Type Required Default Value Restrictions Description
queue_monitor_length Dictionary
  enabled Boolean Required
  default_thresholds Dictionary
    high Integer Required Default high threshold for Ethernet Interfaces.
    low Integer Default low threshold for Ethernet Interfaces.
Low threshold support is platform dependent.
  log Integer Logging interval in seconds
  notifying Boolean Should only be used for platforms supporting the “queue-monitor length notifying” CLI
  cpu Dictionary
    thresholds Dictionary
      high Integer Required
      low Integer
queue_monitor_length:
  enabled: <bool; required>
  default_thresholds:

    # Default high threshold for Ethernet Interfaces.
    high: <int; required>

    # Default low threshold for Ethernet Interfaces.
    # Low threshold support is platform dependent.
    low: <int>

  # Logging interval in seconds
  log: <int>

  # Should only be used for platforms supporting the "queue-monitor length notifying" CLI
  notifying: <bool>
  cpu:
    thresholds:
      high: <int; required>
      low: <int>

Queue monitor-streaming

Variable Type Required Default Value Restrictions Description
queue_monitor_streaming Dictionary
  enable Boolean
  ip_access_group String Name of IP ACL
  ipv6_access_group String Name of IPv6 ACL
  max_connections Integer Min: 1
Max: 100
  vrf String
queue_monitor_streaming:
  enable: <bool>

  # Name of IP ACL
  ip_access_group: <str>

  # Name of IPv6 ACL
  ipv6_access_group: <str>
  max_connections: <int; 1-100>
  vrf: <str>

Routing

ARP

Variable Type Required Default Value Restrictions Description
arp Dictionary
  aging Dictionary
    timeout_default Integer Min: 60
Max: 65535
Timeout in seconds
  static_entries List, items: Dictionary Static ARP entries.
    - ipv4_address String Required ARP entry IPv4 address.
      vrf String ARP entry VRF.
      mac_address String Required Pattern: ^[0-9A-Fa-f]{4}.[0-9A-Fa-f]{4}.[0-9A-Fa-f]{4}$ ARP entry MAC address.
arp:
  aging:

    # Timeout in seconds
    timeout_default: <int; 60-65535>

  # Static ARP entries.
  static_entries:

      # ARP entry IPv4 address.
    - ipv4_address: <str; required>

      # ARP entry VRF.
      vrf: <str>

      # ARP entry MAC address.
      mac_address: <str; required>

DHCP relay

Variable Type Required Default Value Restrictions Description
dhcp_relay Dictionary
  servers List, items: String
    - <str> String Server IP or Hostname
  tunnel_requests_disabled Boolean
  mlag_peerlink_requests_disabled Boolean
dhcp_relay:
  servers:

      # Server IP or Hostname
    - <str>
  tunnel_requests_disabled: <bool>
  mlag_peerlink_requests_disabled: <bool>

IP DHCP relay

Variable Type Required Default Value Restrictions Description
ip_dhcp_relay Dictionary
  information_option Boolean Insert Option-82 information
ip_dhcp_relay:

  # Insert Option-82 information
  information_option: <bool>

IP DHCP Snooping

Variable Type Required Default Value Restrictions Description
ip_dhcp_snooping Dictionary
  enabled Boolean
  bridging Boolean
  information_option Dictionary
    enabled Boolean Enable insertion of option-82 in DHCP request packets
    circuit_id_type String “none” or <0 - 255>
    circuit_id_format String Valid Values:
- %h:%p
- %p:%v
Required if circuit_id_type is set.
- “%h:%p” Hostname and interface name
- “%p:%v” Interface name and VLAN ID
  vlan String VLAN range as string.
“< vlan_id >, < vlan_id >-< vlan_id >”
Example: 15,16,17,18
ip_dhcp_snooping:
  enabled: <bool>
  bridging: <bool>
  information_option:

    # Enable insertion of option-82 in DHCP request packets
    enabled: <bool>

    # "none" or <0 - 255>
    circuit_id_type: <str>

    # Required if `circuit_id_type` is set.
    # - "%h:%p" Hostname and interface name
    # - "%p:%v" Interface name and VLAN ID
    circuit_id_format: <str; "%h:%p" | "%p:%v">

  # VLAN range as string.
  # "< vlan_id >, < vlan_id >-< vlan_id >"
  # Example: 15,16,17,18
  vlan: <str>

IP ICMP redirect

Variable Type Required Default Value Restrictions Description
ip_icmp_redirect Boolean
ip_icmp_redirect: <bool>

IP NAT

Variable Type Required Default Value Restrictions Description
ip_nat Dictionary
  kernel_buffer_size Integer Min: 1
Max: 64
Buffer size in MB
  profiles List, items: Dictionary
    - name String Required, Unique
      vrf String Specify VRF for NAT profile.
      destination Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            pool_name String Required
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive
            original_ip String Required, Unique IPv4 address
            original_port Integer Min: 1
Max: 65535
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’
      source Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            nat_type String Required Valid Values:
- overload
- pool
- pool-address-only
- pool-full-cone
            pool_name String required if ‘nat_type’ is pool, pool-address-only or pool-full-cone
ignored if ‘nat_type’ is overload
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive
            original_ip String Required, Unique IPv4 address
            original_port Integer Min: 1
Max: 65535
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’
  pools List, items: Dictionary
    - name String Required, Unique
      prefix_length Integer Required Min: 16
Max: 32
      ranges List, items: Dictionary
        - first_ip String Required IPv4 address
          last_ip String Required IPv4 address
          first_port Integer Min: 1
Max: 65535
          last_port Integer Min: 1
Max: 65535
      utilization_log_threshold Integer Min: 1
Max: 100
  synchronization Dictionary
    description String
    expiry_interval Integer Min: 60
Max: 3600
in seconds
    local_interface String EOS interface name
    peer_address String IPv4 address
    port_range Dictionary
      first_port Integer Min: 1024
Max: 65535
      last_port Integer Min: 1024
Max: 65535
>= first_port
      split_disabled Boolean
    shutdown Boolean
  translation Dictionary
    address_selection Dictionary
      any Boolean
      hash_field_source_ip Boolean
    counters Boolean
    low_mark Dictionary
      percentage Integer Min: 1
Max: 99
Used to render ‘ip nat translation low-mark
      host_percentage Integer Min: 1
Max: 99
Used to render ‘ip nat translation low-mark host’
    max_entries Dictionary
      limit Integer Min: 0
Max: 4294967295
      host_limit Integer Min: 0
Max: 4294967295
      ip_limits List, items: Dictionary
        - ip String Required, Unique IPv4 address
          limit Integer Required Min: 0
Max: 4294967295
    timeouts List, items: Dictionary
      - protocol String Required, Unique Valid Values:
- tcp
- udp
        timeout Integer Required Min: 0
Max: 4294967295
in seconds
ip_nat:

  # Buffer size in MB
  kernel_buffer_size: <int; 1-64>
  profiles:
    - name: <str; required; unique>

      # Specify VRF for NAT profile.
      vrf: <str>
      destination:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            pool_name: <str; required>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive
            group: <int; 1-65535>

            # IPv4 address
            original_ip: <str; required; unique>
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address
            translated_ip: <str; required>

            # requires 'original_port'
            translated_port: <int; 1-65535>
      source:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>

            # required if 'nat_type' is pool, pool-address-only or pool-full-cone
            # ignored if 'nat_type' is overload
            pool_name: <str>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive
            group: <int; 1-65535>

            # IPv4 address
            original_ip: <str; required; unique>
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address
            translated_ip: <str; required>

            # requires 'original_port'
            translated_port: <int; 1-65535>
  pools:
    - name: <str; required; unique>
      prefix_length: <int; 16-32; required>
      ranges:

          # IPv4 address
        - first_ip: <str; required>

          # IPv4 address
          last_ip: <str; required>
          first_port: <int; 1-65535>
          last_port: <int; 1-65535>
      utilization_log_threshold: <int; 1-100>
  synchronization:
    description: <str>

    # in seconds
    expiry_interval: <int; 60-3600>

    # EOS interface name
    local_interface: <str>

    # IPv4 address
    peer_address: <str>
    port_range:
      first_port: <int; 1024-65535>

      # >= first_port
      last_port: <int; 1024-65535>
      split_disabled: <bool>
    shutdown: <bool>
  translation:
    address_selection:
      any: <bool>
      hash_field_source_ip: <bool>
    counters: <bool>
    low_mark:

      # Used to render 'ip nat translation low-mark <percentage>'
      percentage: <int; 1-99>

      # Used to render 'ip nat translation low-mark <host_percentage> host'
      host_percentage: <int; 1-99>
    max_entries:
      limit: <int; 0-4294967295>
      host_limit: <int; 0-4294967295>
      ip_limits:

          # IPv4 address
        - ip: <str; required; unique>
          limit: <int; 0-4294967295; required>
    timeouts:
      - protocol: <str; "tcp" | "udp"; required; unique>

        # in seconds
        timeout: <int; 0-4294967295; required>

IP routing IPv6 interfaces

Variable Type Required Default Value Restrictions Description
ip_routing_ipv6_interfaces Boolean
ip_routing_ipv6_interfaces: <bool>

IP routing

Variable Type Required Default Value Restrictions Description
ip_routing Boolean
ip_routing: <bool>

IP virtual router MAC address

Variable Type Required Default Value Restrictions Description
ip_virtual_router_mac_address String MAC address (hh:hh:hh:hh:hh:hh)
# MAC address (hh:hh:hh:hh:hh:hh)
ip_virtual_router_mac_address: <str>

IPv6 ICMP redirects

Variable Type Required Default Value Restrictions Description
ipv6_icmp_redirect Boolean
ipv6_icmp_redirect: <bool>

IPv6 static routes

Variable Type Required Default Value Restrictions Description
ipv6_static_routes List, items: Dictionary
  - vrf String
    destination_address_prefix String IPv6 Network/Mask
    interface String
    gateway String IPv6 Address
    track_bfd Boolean Track next-hop using BFD
    distance Integer Min: 1
Max: 255
    tag Integer Min: 0
Max: 4294967295
    name String Description
    metric Integer Min: 0
Max: 4294967295
ipv6_static_routes:
  - vrf: <str>

    # IPv6 Network/Mask
    destination_address_prefix: <str>
    interface: <str>

    # IPv6 Address
    gateway: <str>

    # Track next-hop using BFD
    track_bfd: <bool>
    distance: <int; 1-255>
    tag: <int; 0-4294967295>

    # Description
    name: <str>
    metric: <int; 0-4294967295>

IPv6 unicast routing

Variable Type Required Default Value Restrictions Description
ipv6_unicast_routing Boolean
ipv6_unicast_routing: <bool>

MPLS

Variable Type Required Default Value Restrictions Description
mpls Dictionary
  ip Boolean
  ldp Dictionary
    interface_disabled_default Boolean
    router_id String
    shutdown Boolean
    transport_address_interface String Interface Name
mpls:
  ip: <bool>
  ldp:
    interface_disabled_default: <bool>
    router_id: <str>
    shutdown: <bool>

    # Interface Name
    transport_address_interface: <str>

Router adaptive virtual topology

Variable Type Required Default Value Restrictions Description
router_adaptive_virtual_topology Dictionary
  topology_role String Valid Values:
- edge
- pathfinder
- transit region
- transit zone
Role name.
  region Dictionary Region name and ID.
    name String Required
    id Integer Required Min: 1
Max: 255
  zone Dictionary Zone name and ID.
    name String Required
    id Integer Required Min: 1
Max: 10000
  site Dictionary Site name and ID.
    name String Required
    id Integer Required Min: 1
Max: 10000
  profiles List, items: Dictionary
    - name String Required, Unique AVT Name.
      load_balance_policy String Name of the load-balance policy.
      internet_exit_policy String Name of the internet exit policy.
  policies List, items: Dictionary A sequence of application profiles mapped to some virtual topologies.
    - name String Required, Unique Policy name.
      matches List, items: Dictionary
        - application_profile String Application profile name.
          avt_profile String AVT Profile name.
          dscp Integer Min: 0
Max: 63
Set DSCP for matched traffic.
          traffic_class Integer Min: 0
Max: 7
Set traffic-class for matched traffic.
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name.
      policy String AVT Policy name.
      profiles List, items: Dictionary AVT profiles in this VRF.
        - name String AVT profile name.
          id Integer Required, Unique Min: 1
Max: 254
Unique ID for this AVT (per VRF).
router_adaptive_virtual_topology:

  # Role name.
  topology_role: <str; "edge" | "pathfinder" | "transit region" | "transit zone">

  # Region name and ID.
  region:
    name: <str; required>
    id: <int; 1-255; required>

  # Zone name and ID.
  zone:
    name: <str; required>
    id: <int; 1-10000; required>

  # Site name and ID.
  site:
    name: <str; required>
    id: <int; 1-10000; required>
  profiles:

      # AVT Name.
    - name: <str; required; unique>

      # Name of the load-balance policy.
      load_balance_policy: <str>

      # Name of the internet exit policy.
      internet_exit_policy: <str>

  # A sequence of application profiles mapped to some virtual topologies.
  policies:

      # Policy name.
    - name: <str; required; unique>
      matches:

          # Application profile name.
        - application_profile: <str>

          # AVT Profile name.
          avt_profile: <str>

          # Set DSCP for matched traffic.
          dscp: <int; 0-63>

          # Set traffic-class for matched traffic.
          traffic_class: <int; 0-7>
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # AVT Policy name.
      policy: <str>

      # AVT profiles in this VRF.
      profiles:

          # AVT profile name.
        - name: <str>

          # Unique ID for this AVT (per VRF).
          id: <int; 1-254; required; unique>

Router BFD

Variable Type Required Default Value Restrictions Description
router_bfd Dictionary
  interval Integer Rate in milliseconds
  min_rx Integer Rate in milliseconds
  multiplier Integer Min: 3
Max: 50
  multihop Dictionary
    interval Integer Rate in milliseconds
    min_rx Integer Rate in milliseconds
    multiplier Integer Min: 3
Max: 50
  sbfd Dictionary
    local_interface Dictionary
      name String Interface Name
      protocols Dictionary
        ipv4 Boolean
        ipv6 Boolean
    initiator_interval Integer Rate in milliseconds
    initiator_multiplier Integer Min: 3
Max: 50
    initiator_measurement_round_trip Boolean Enable round-trip delay measurement
    reflector Dictionary
      min_rx Integer Rate in milliseconds
      local_discriminator String IPv4 address or 32 bit integer
router_bfd:

  # Rate in milliseconds
  interval: <int>

  # Rate in milliseconds
  min_rx: <int>
  multiplier: <int; 3-50>
  multihop:

    # Rate in milliseconds
    interval: <int>

    # Rate in milliseconds
    min_rx: <int>
    multiplier: <int; 3-50>
  sbfd:
    local_interface:

      # Interface Name
      name: <str>
      protocols:
        ipv4: <bool>
        ipv6: <bool>

    # Rate in milliseconds
    initiator_interval: <int>
    initiator_multiplier: <int; 3-50>

    # Enable round-trip delay measurement
    initiator_measurement_round_trip: <bool>
    reflector:

      # Rate in milliseconds
      min_rx: <int>

      # IPv4 address or 32 bit integer
      local_discriminator: <str>

Router BGP

Variable Type Required Default Value Restrictions Description
router_bgp Dictionary
  as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”
  router_id String In IP address format A.B.C.D
  distance Dictionary
    external_routes Integer Required Min: 1
Max: 255
    internal_routes Integer Required Min: 1
Max: 255
    local_routes Integer Required Min: 1
Max: 255
  graceful_restart Dictionary
    enabled Boolean
    restart_time Integer Min: 1
Max: 3600
Number of seconds
    stalepath_time Integer Min: 1
Max: 3600
Number of seconds
  graceful_restart_helper Dictionary
    enabled Boolean
    restart_time Integer Min: 1
Max: 100000000
Number of seconds
graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
restart-time will take precedence if both are configured.
    long_lived Boolean graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
restart-time will take precedence if both are configured.
  maximum_paths Dictionary
    paths Integer Required Min: 1
Max: 600
    ecmp Integer Min: 1
Max: 600
  updates Dictionary
    wait_for_convergence Boolean Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
    wait_install Boolean Do not advertise reachability to a prefix until that prefix has been installed in hardware.
This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
  bgp_cluster_id String IP Address A.B.C.D
  bgp_defaults List, items: String BGP command as string
    - <str> String
  bgp Dictionary
    default Dictionary
      ipv4_unicast Boolean Default activation of IPv4 unicast address-family on all IPv4 neighbors (EOS default = True).
      ipv4_unicast_transport_ipv6 Boolean Default activation of IPv4 unicast address-family on all IPv6 neighbors (EOS default == False).
    route_reflector_preserve_attributes Dictionary
      enabled Boolean
      always Boolean
    bestpath Dictionary
      d_path Boolean
  listen_ranges List, items: Dictionary Improved “listen_ranges” data model to support multiple listen ranges and additional filter capabilities
    - prefix String IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”
      peer_id_include_router_id Boolean Include router ID as part of peer filter
      peer_group String Peer group name
      peer_filter String Peer-filter name
note: peer_filter or remote_as is required but mutually exclusive.
If both are defined, peer_filter takes precedence
      remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”
  peer_groups List, items: Dictionary
    - name String Required, Unique Peer-group name
      type String Key only used for documentation or validation purposes
      remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”
      local_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”
      description String
      shutdown Boolean
      as_path Dictionary BGP AS-PATH options
        remote_as_replace_out Boolean Replace AS number with local AS number
        prepend_own_disabled Boolean Disable prepending own AS number to AS path
      remove_private_as Dictionary Remove private AS numbers in outbound AS path
        enabled Boolean
        all Boolean
        replace_as Boolean
      remove_private_as_ingress Dictionary
        enabled Boolean
        replace_as Boolean
      peer_filter deprecated String Peer-filter name
note: bgp_listen_range_prefix and peer_filter should not be mixed with
the new listen_ranges key above to avoid conflicts.
This key is deprecated. Support will be removed in AVD version 5.0.0. Use listen_ranges instead.
      next_hop_unchanged Boolean
      update_source String IP address or interface name
      route_reflector_client Boolean
      bfd Boolean
      ebgp_multihop Integer Min: 1
Max: 255
Time-to-live in range of hops
      next_hop_self Boolean
      password String
      passive Boolean
      default_originate Dictionary
        enabled Boolean
        always Boolean
        route_map String Route-map name
      send_community String ‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’
      maximum_routes Integer Min: 0
Max: 4294967294
Maximum number of routes (0 means unlimited)
      maximum_routes_warning_limit String Maximum number of routes after which a warning is issued (0 means never warn) or
Percentage of maximum number of routes at which to warn (“<1-100> percent”)
      maximum_routes_warning_only Boolean
      link_bandwidth Dictionary
        enabled Boolean
        default String nn.nn(K
      allowas_in Dictionary
        enabled Boolean
        times Integer Min: 1
Max: 10
Number of local ASNs allowed in a BGP update
      weight Integer Min: 0
Max: 65535
      timers String BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”
      rib_in_pre_policy_retain Dictionary
        enabled Boolean
        all Boolean
      route_map_in String Inbound route-map name
      route_map_out String Outbound route-map name
      bgp_listen_range_prefix deprecated String IP prefix range
note: bgp_listen_range_prefix and peer_filter should not be mixed with
the new listen_ranges key above to avoid conflicts.
This key is deprecated. Support will be removed in AVD version 5.0.0. Use listen_ranges instead.
      session_tracker String
  neighbors List, items: Dictionary
    - ip_address String Required, Unique
      peer_group String
      remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”
      local_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”
      as_path Dictionary BGP AS-PATH options
        remote_as_replace_out Boolean Replace AS number with local AS number
        prepend_own_disabled Boolean Disable prepending own AS number to AS path
      peer String Key only used for documentation or validation purposes
      description String
      route_reflector_client Boolean
      password String
      passive Boolean
      shutdown Boolean
      update_source String Source Interface
      bfd Boolean
      weight Integer Min: 0
Max: 65535
      timers String BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”
      route_map_in String Inbound route-map name
      route_map_out String Outbound route-map name
      default_originate Dictionary
        enabled Boolean
        always Boolean
        route_map String
      send_community String ‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’
      maximum_routes Integer Min: 0
Max: 4294967294
Maximum number of routes (0 means unlimited)
      maximum_routes_warning_limit String Maximum number of routes after which a warning is issued (0 means never warn) or
Percentage of maximum number of routes at which to warn (“<1-100> percent”)
      maximum_routes_warning_only Boolean
      allowas_in Dictionary
        enabled Boolean
        times Integer Min: 1
Max: 10
Number of local ASNs allowed in a BGP update
      ebgp_multihop Integer Min: 1
Max: 255
Time-to-live in range of hops
      next_hop_self Boolean
      link_bandwidth Dictionary
        enabled Boolean
        default String nn.nn(K
      rib_in_pre_policy_retain Dictionary
        enabled Boolean
        all Boolean
      remove_private_as Dictionary Remove private AS numbers in outbound AS path
        enabled Boolean
        all Boolean
        replace_as Boolean
      remove_private_as_ingress Dictionary
        enabled Boolean
        replace_as Boolean
      session_tracker String
  neighbor_interfaces List, items: Dictionary
    - name String Required, Unique Interface name
      remote_as String
      peer String Key only used for documentation or validation purposes
      peer_group String Peer-group name
      description String
      peer_filter String Peer-filter name
  aggregate_addresses List, items: Dictionary
    - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”
      advertise_only Boolean
      as_set Boolean
      summary_only Boolean
      attribute_map String Route-map name
      match_map String Route-map name
  redistribute_routes List, items: Dictionary
    - source_protocol String Required, Unique
      route_map String
      include_leaked Boolean
  vlan_aware_bundles List, items: Dictionary
    - name String Required, Unique VLAN aware bundle name
      tenant String Key only used for documentation or validation purposes
      description String Key only used for documentation or validation purposes
      rd String Route distinguisher
      rd_evpn_domain Dictionary
        domain String Valid Values:
- remote
- all
        rd String Route distinguisher
      route_targets Dictionary
        both List, items: String
          - <str> String
        import List, items: String
          - <str> String
        export List, items: String
          - <str> String
        import_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
        export_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
        import_export_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
      redistribute_routes List, items: String
        - <str> String
      no_redistribute_routes List, items: String
        - <str> String
      vlan String VLAN range as string. Example “100-200,300”
      eos_cli String Multiline EOS CLI rendered directly on the Router BGP, VLAN-aware-bundle definition in the final EOS configuration
  vlans List, items: Dictionary
    - id Integer Required, Unique
      tenant String Key only used for documentation or validation purposes
      rd String Route distinguisher
      rd_evpn_domain Dictionary
        domain String Valid Values:
- remote
- all
        rd String Route distinguisher
      eos_cli String Multiline EOS CLI rendered directly on the Router BGP, VLAN definition in the final EOS configuration
      route_targets Dictionary
        both List, items: String
          - <str> String
        import List, items: String
          - <str> String
        export List, items: String
          - <str> String
        import_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
        export_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
        import_export_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
      redistribute_routes List, items: String
        - <str> String
      no_redistribute_routes List, items: String
        - <str> String
  vpws List, items: Dictionary
    - name String Required, Unique VPWS instance name
      rd String Route distinguisher
      route_targets Dictionary
        import_export String Route Target
      mpls_control_word Boolean
      label_flow Boolean
      mtu Integer
      pseudowires List, items: Dictionary
        - name String Required, Unique Pseudowire name
          id_local Integer Must match id_remote on other pe
          id_remote Integer Must match id_local on other pe
  address_family_evpn Dictionary
    domain_identifier String
    neighbor_default Dictionary
      encapsulation String Valid Values:
- vxlan
- mpls
      next_hop_self_source_interface String Source interface name
      next_hop_self_received_evpn_routes Dictionary
        enable Boolean
        inter_domain Boolean
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name
        activate Boolean
        route_map_in String Inbound route-map name
        route_map_out String Outbound route-map name
        domain_remote Boolean
        encapsulation String Valid Values:
- vxlan
- mpls
        additional_paths Dictionary
          receive Boolean
          send Dictionary
            any Boolean
            backup Boolean
            ecmp Boolean
            ecmp_limit Integer Min: 2
Max: 64
Amount of ECMP paths to send
            limit Integer Min: 2
Max: 64
Amount of paths to send
    evpn_hostflap_detection Dictionary
      enabled Boolean
      window Integer Min: 0
Max: 4294967295
Time (in seconds) to detect a MAC duplication issue
      threshold Integer Min: 0
Max: 4294967295
Minimum number of MAC moves that indicate a MAC Duplication issue
      expiry_timeout Integer Min: 0
Max: 4294967295
Time (in seconds) to purge a MAC duplication issue
    next_hop Dictionary
      resolution_disabled Boolean
    route Dictionary
      import_match_failure_action String Valid Values:
- discard
    next_hop_unchanged Boolean
  address_family_rtc Dictionary
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name
        activate Boolean
        default_route_target Dictionary
          only Boolean
          encoding_origin_as_omit String
  address_family_ipv4 Dictionary
    networks List, items: Dictionary
      - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”
        route_map String Route-map name
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name
        activate Boolean
        route_map_in String Inbound route-map name
        route_map_out String Outbound route-map name
        default_originate Dictionary
          always Boolean
          route_map String Route-map name
        next_hop Dictionary
          address_family_ipv6 Dictionary
            enabled Boolean Required
            originate Boolean
          address_family_ipv6_originate deprecated Boolean This key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_ipv6 instead.
        prefix_list_in String Inbound prefix-list name
        prefix_list_out String Outbound prefix-list name
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name
        route_map_out String Outbound route-map name
        prefix_list_in String Inbound prefix-list name
        prefix_list_out String Prefix-list name
        default_originate Dictionary
          always Boolean
          route_map String
  address_family_ipv4_multicast Dictionary
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name
        activate Boolean
        route_map_in String Inbound route-map name
        route_map_out String Outbound route-map name
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name
        route_map_out String Outbound route-map name
    redistribute_routes List, items: Dictionary
      - source_protocol String Required, Unique
        route_map String
  address_family_ipv4_sr_te Dictionary
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name
        route_map_out String Outbound route-map name
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name
        activate Boolean
        route_map_in String Inbound route-map name
        route_map_out String Outbound route-map name
  address_family_ipv6 Dictionary
    networks List, items: Dictionary
      - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”
        route_map String Route-map name
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name
        activate Boolean
        route_map_in String Inbound route-map name
        route_map_out String Outbound route-map name
        prefix_list_in String Inbound prefix-list name
        prefix_list_out String Outbound prefix-list name
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name
        route_map_out String Outbound route-map name
        prefix_list_in String Inbound prefix-list name
        prefix_list_out String Outbound prefix-list name
    redistribute_routes List, items: Dictionary
      - source_protocol String Required, Unique
        route_map String
        include_leaked Boolean
  address_family_ipv6_multicast Dictionary
    bgp Dictionary
      missing_policy Dictionary
        direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
        direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
      additional_paths Dictionary
        receive Boolean
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name
        route_map_out String Outbound route-map name
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name
        activate Boolean
    networks List, items: Dictionary
      - prefix String Required, Unique IPv6 prefix “A:B:C:D:E:F:G:H/I”
        route_map String
  address_family_ipv6_sr_te Dictionary
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name
        route_map_out String Outbound route-map name
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name
        activate Boolean
        route_map_in String Inbound route-map name
        route_map_out String Outbound route-map name
  address_family_link_state Dictionary
    bgp Dictionary
      missing_policy Dictionary
        direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
        direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name
        activate Boolean
        missing_policy Dictionary
          direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
          direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        missing_policy Dictionary
          direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
          direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
    path_selection Dictionary
      roles Dictionary
        producer Boolean
        consumer Boolean
        propagator Boolean
  address_family_flow_spec_ipv4 Dictionary
    bgp Dictionary
      missing_policy Dictionary
        direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
        direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name
        activate Boolean
  address_family_flow_spec_ipv6 Dictionary
    bgp Dictionary
      missing_policy Dictionary
        direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
        direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name
        activate Boolean
  address_family_path_selection Dictionary
    bgp Dictionary
      additional_paths Dictionary
        receive Boolean
        send Dictionary
          any Boolean
          backup Boolean
          ecmp Boolean
          ecmp_limit Integer Min: 2
Max: 64
Amount of ECMP paths to send
          limit Integer Min: 2
Max: 64
Amount of paths to send
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        additional_paths Dictionary
          install Boolean
          install_ecmp_primary Boolean
          receive Boolean
          send Dictionary
            any Boolean
            backup Boolean
            ecmp Boolean
            ecmp_limit Integer Min: 2
Max: 64
Amount of ECMP paths to send
            limit Integer Min: 2
Max: 64
Amount of paths to send
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name
        activate Boolean
        additional_paths Dictionary
          install Boolean
          install_ecmp_primary Boolean
          receive Boolean
          send Dictionary
            any Boolean
            backup Boolean
            ecmp Boolean
            ecmp_limit Integer Min: 2
Max: 64
Amount of ECMP paths to send
            limit Integer Min: 2
Max: 64
Amount of paths to send
  address_family_vpn_ipv4 Dictionary
    domain_identifier String
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name
        activate Boolean
        route_map_in String Inbound route-map name
        route_map_out String Outbound route-map name
    route Dictionary
      import_match_failure_action String Valid Values:
- discard
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name
        route_map_out String Outbound route-map name
    neighbor_default_encapsulation_mpls_next_hop_self Dictionary
      source_interface String
  address_family_vpn_ipv6 Dictionary
    domain_identifier String
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name
        activate Boolean
        route_map_in String Inbound route-map name
        route_map_out String Outbound route-map name
    route Dictionary
      import_match_failure_action String Valid Values:
- discard
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name
        route_map_out String Outbound route-map name
    neighbor_default_encapsulation_mpls_next_hop_self Dictionary
      source_interface String
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name
      rd String Route distinguisher
      evpn_multicast Boolean
      evpn_multicast_address_family Dictionary Enable per-AF EVPN multicast settings
        ipv4 Dictionary
          transit Boolean Enable EVPN multicast transit mode
      route_targets Dictionary
        import List, items: Dictionary
          - address_family String Required, Unique
            route_targets List, items: String
              - <str> String
            route_map String
        export List, items: Dictionary
          - address_family String Required, Unique
            route_targets List, items: String
              - <str> String
            route_map String
      router_id String in IP address format A.B.C.D
      timers String BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”
      networks List, items: Dictionary
        - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”
          route_map String
      updates Dictionary
        wait_for_convergence Boolean Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
        wait_install Boolean Do not advertise reachability to a prefix until that prefix has been installed in hardware.
This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
      listen_ranges List, items: Dictionary Improved “listen_ranges” data model to support multiple listen ranges and additional filter capabilities
        - prefix String IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”
          peer_id_include_router_id Boolean Include router ID as part of peer filter
          peer_group String Peer-group name
          peer_filter String Peer-filter name
note: peer_filter`` orremote_as` is required but mutually exclusive.
If both are defined, peer_filter takes precedence
          remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”
      neighbors List, items: Dictionary
        - ip_address String Required, Unique
          peer_group String Peer-group name
          remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”
          password String
          passive Boolean
          remove_private_as Dictionary Remove private AS numbers in outbound AS path
            enabled Boolean
            all Boolean
            replace_as Boolean
          remove_private_as_ingress Dictionary
            enabled Boolean
            replace_as Boolean
          weight Integer Min: 0
Max: 65535
          local_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”
          as_path Dictionary BGP AS-PATH options
            remote_as_replace_out Boolean Replace AS number with local AS number
            prepend_own_disabled Boolean Disable prepending own AS number to AS path
          description String
          route_reflector_client Boolean
          ebgp_multihop Integer Min: 1
Max: 255
Time-to-live in range of hops
          next_hop_self Boolean
          shutdown Boolean
          bfd Boolean
          timers String BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”
          rib_in_pre_policy_retain Dictionary
            enabled Boolean
            all Boolean
          send_community String ‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’
          maximum_routes Integer
          maximum_routes_warning_limit String Maximum number of routes after which a warning is issued (0 means never warn) or
Percentage of maximum number of routes at which to warn (“<1-100> percent”)
          maximum_routes_warning_only Boolean
          allowas_in Dictionary
            enabled Boolean
            times Integer Min: 1
Max: 10
Number of local ASNs allowed in a BGP update
          default_originate Dictionary
            enabled Boolean
            always Boolean
            route_map String
          update_source String
          route_map_in String Inbound route-map name
          route_map_out String Outbound route-map name
          prefix_list_in deprecated String Inbound prefix-list nameThis key is deprecated. Support will be removed in AVD version 5.0.0. Use router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_in or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_in instead.
          prefix_list_out deprecated String Outbound prefix-list nameThis key is deprecated. Support will be removed in AVD version 5.0.0. Use router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_out or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_out instead.
      neighbor_interfaces List, items: Dictionary
        - name String Required, Unique Interface name
          remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”
          peer_group String Peer-group name
          peer_filter String Peer-filter name
          description String
      redistribute_routes List, items: Dictionary
        - source_protocol String Required, Unique
          route_map String
          include_leaked Boolean
      aggregate_addresses List, items: Dictionary
        - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”
          advertise_only Boolean
          as_set Boolean
          summary_only Boolean
          attribute_map String
          match_map String
      address_family_ipv4 Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
          additional_paths Dictionary
            install Boolean
            install_ecmp_primary Boolean
            receive Boolean
            send Dictionary
              any Boolean
              backup Boolean
              ecmp Boolean
              ecmp_limit Integer Min: 2
Max: 64
Amount of ECMP paths to send
              limit Integer Min: 2
Max: 64
Amount of paths to send
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
            route_map_in String Inbound route-map name
            route_map_out String Outbound route-map name
            prefix_list_in String Inbound prefix-list name
            prefix_list_out String Outbound prefix-list name
            next_hop Dictionary
              address_family_ipv6 Dictionary
                enabled Boolean Required
                originate Boolean
        networks List, items: Dictionary
          - prefix String Required, Unique IPv4 prefix “A.B.C.D/E”
            route_map String
      address_family_ipv6 Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
          additional_paths Dictionary
            install Boolean
            install_ecmp_primary Boolean
            receive Boolean
            send Dictionary
              any Boolean
              backup Boolean
              ecmp Boolean
              ecmp_limit Integer Min: 2
Max: 64
Amount of ECMP paths to send
              limit Integer Min: 2
Max: 64
Amount of paths to send
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
            route_map_in String Inbound route-map name
            route_map_out String Outbound route-map name
            prefix_list_in String Inbound prefix-list name
            prefix_list_out String Outbound prefix-list name
        networks List, items: Dictionary
          - prefix String Required, Unique IPv6 prefix “A:B:C:D:E:F:G:H/I”
            route_map String
      address_family_ipv4_multicast Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
          additional_paths Dictionary
            receive Boolean
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
            route_map_in String Inbound route-map name
            route_map_out String Outbound route-map name
        networks List, items: Dictionary
          - prefix String Required, Unique IPv6 prefix “A.B.C.D/E”
            route_map String
      address_family_ipv6_multicast Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
          additional_paths Dictionary
            receive Boolean
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
            route_map_in String Inbound route-map name
            route_map_out String Outbound route-map name
        networks List, items: Dictionary
          - prefix String Required, Unique IPv6 prefix “A:B:C:D:E:F:G:H/I”
            route_map String
      address_family_flow_spec_ipv4 Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
      address_family_flow_spec_ipv6 Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
      address_families deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_* instead.
        - address_family String Required, Unique
          bgp Dictionary
            missing_policy Dictionary
              direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
              direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
            additional_paths List, items: String
              - <str> String
          neighbors List, items: Dictionary
            - ip_address String Required, Unique
              activate Boolean
              route_map_in String Inbound route-map name
              route_map_out String Outbound route-map name
          peer_groups List, items: Dictionary
            - name String Required, Unique Peer-group name
              activate Boolean
              next_hop Dictionary
                address_family_ipv6_originate Boolean
          networks List, items: Dictionary
            - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”
              route_map String
      eos_cli String Multiline EOS CLI rendered directly on the Router BGP, VRF definition in the final EOS configuration
  session_trackers List, items: Dictionary
    - name String Required, Unique Name of session tracker
      recovery_delay Integer Min: 1
Max: 3600
Recovery delay in seconds
router_bgp:

  # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
  as: <str>

  # In IP address format A.B.C.D
  router_id: <str>
  distance:
    external_routes: <int; 1-255; required>
    internal_routes: <int; 1-255; required>
    local_routes: <int; 1-255; required>
  graceful_restart:
    enabled: <bool>

    # Number of seconds
    restart_time: <int; 1-3600>

    # Number of seconds
    stalepath_time: <int; 1-3600>
  graceful_restart_helper:
    enabled: <bool>

    # Number of seconds
    # graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
    # restart-time will take precedence if both are configured.
    restart_time: <int; 1-100000000>

    # graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
    # restart-time will take precedence if both are configured.
    long_lived: <bool>
  maximum_paths:
    paths: <int; 1-600; required>
    ecmp: <int; 1-600>
  updates:

    # Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
    wait_for_convergence: <bool>

    # Do not advertise reachability to a prefix until that prefix has been installed in hardware.
    # This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
    wait_install: <bool>

  # IP Address A.B.C.D
  bgp_cluster_id: <str>

  # BGP command as string
  bgp_defaults:
    - <str>
  bgp:
    default:

      # Default activation of IPv4 unicast address-family on all IPv4 neighbors (EOS default = True).
      ipv4_unicast: <bool>

      # Default activation of IPv4 unicast address-family on all IPv6 neighbors (EOS default == False).
      ipv4_unicast_transport_ipv6: <bool>
    route_reflector_preserve_attributes:
      enabled: <bool>
      always: <bool>
    bestpath:
      d_path: <bool>

  # Improved "listen_ranges" data model to support multiple listen ranges and additional filter capabilities
  listen_ranges:

      # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I"
    - prefix: <str>

      # Include router ID as part of peer filter
      peer_id_include_router_id: <bool>

      # Peer group name
      peer_group: <str>

      # Peer-filter name
      # note: `peer_filter` or `remote_as` is required but mutually exclusive.
      # If both are defined, `peer_filter` takes precedence
      peer_filter: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
      remote_as: <str>
  peer_groups:

      # Peer-group name
    - name: <str; required; unique>

      # Key only used for documentation or validation purposes
      type: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
      remote_as: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
      local_as: <str>
      description: <str>
      shutdown: <bool>

      # BGP AS-PATH options
      as_path:

        # Replace AS number with local AS number
        remote_as_replace_out: <bool>

        # Disable prepending own AS number to AS path
        prepend_own_disabled: <bool>

      # Remove private AS numbers in outbound AS path
      remove_private_as:
        enabled: <bool>
        all: <bool>
        replace_as: <bool>
      remove_private_as_ingress:
        enabled: <bool>
        replace_as: <bool>

      # Peer-filter name
      # note: `bgp_listen_range_prefix` and `peer_filter` should not be mixed with
      # the new `listen_ranges` key above to avoid conflicts.
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>listen_ranges</samp> instead.
      peer_filter: <str>
      next_hop_unchanged: <bool>

      # IP address or interface name
      update_source: <str>
      route_reflector_client: <bool>
      bfd: <bool>

      # Time-to-live in range of hops
      ebgp_multihop: <int; 1-255>
      next_hop_self: <bool>
      password: <str>
      passive: <bool>
      default_originate:
        enabled: <bool>
        always: <bool>

        # Route-map name
        route_map: <str>

      # 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'
      send_community: <str>

      # Maximum number of routes (0 means unlimited)
      maximum_routes: <int; 0-4294967294>

      # Maximum number of routes after which a warning is issued (0 means never warn) or
      # Percentage of maximum number of routes at which to warn ("<1-100> percent")
      maximum_routes_warning_limit: <str>
      maximum_routes_warning_only: <bool>
      link_bandwidth:
        enabled: <bool>

        # nn.nn(K|M|G) link speed in bits/second
        default: <str>
      allowas_in:
        enabled: <bool>

        # Number of local ASNs allowed in a BGP update
        times: <int; 1-10>
      weight: <int; 0-65535>

      # BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>"
      timers: <str>
      rib_in_pre_policy_retain:
        enabled: <bool>
        all: <bool>

      # Inbound route-map name
      route_map_in: <str>

      # Outbound route-map name
      route_map_out: <str>

      # IP prefix range
      # note: `bgp_listen_range_prefix` and `peer_filter` should not be mixed with
      # the new `listen_ranges` key above to avoid conflicts.
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>listen_ranges</samp> instead.
      bgp_listen_range_prefix: <str>
      session_tracker: <str>
  neighbors:
    - ip_address: <str; required; unique>
      peer_group: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
      remote_as: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
      local_as: <str>

      # BGP AS-PATH options
      as_path:

        # Replace AS number with local AS number
        remote_as_replace_out: <bool>

        # Disable prepending own AS number to AS path
        prepend_own_disabled: <bool>

      # Key only used for documentation or validation purposes
      peer: <str>
      description: <str>
      route_reflector_client: <bool>
      password: <str>
      passive: <bool>
      shutdown: <bool>

      # Source Interface
      update_source: <str>
      bfd: <bool>
      weight: <int; 0-65535>

      # BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>"
      timers: <str>

      # Inbound route-map name
      route_map_in: <str>

      # Outbound route-map name
      route_map_out: <str>
      default_originate:
        enabled: <bool>
        always: <bool>
        route_map: <str>

      # 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'
      send_community: <str>

      # Maximum number of routes (0 means unlimited)
      maximum_routes: <int; 0-4294967294>

      # Maximum number of routes after which a warning is issued (0 means never warn) or
      # Percentage of maximum number of routes at which to warn ("<1-100> percent")
      maximum_routes_warning_limit: <str>
      maximum_routes_warning_only: <bool>
      allowas_in:
        enabled: <bool>

        # Number of local ASNs allowed in a BGP update
        times: <int; 1-10>

      # Time-to-live in range of hops
      ebgp_multihop: <int; 1-255>
      next_hop_self: <bool>
      link_bandwidth:
        enabled: <bool>

        # nn.nn(K|M|G) link speed in bits/second
        default: <str>
      rib_in_pre_policy_retain:
        enabled: <bool>
        all: <bool>

      # Remove private AS numbers in outbound AS path
      remove_private_as:
        enabled: <bool>
        all: <bool>
        replace_as: <bool>
      remove_private_as_ingress:
        enabled: <bool>
        replace_as: <bool>
      session_tracker: <str>
  neighbor_interfaces:

      # Interface name
    - name: <str; required; unique>
      remote_as: <str>

      # Key only used for documentation or validation purposes
      peer: <str>
      peer_group: <str; default="Peer-group name">
      description: <str>

      # Peer-filter name
      peer_filter: <str>
  aggregate_addresses:

      # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I"
    - prefix: <str; required; unique>
      advertise_only: <bool>
      as_set: <bool>
      summary_only: <bool>

      # Route-map name
      attribute_map: <str>

      # Route-map name
      match_map: <str>
  redistribute_routes:
    - source_protocol: <str; required; unique>
      route_map: <str>
      include_leaked: <bool>
  vlan_aware_bundles:

      # VLAN aware bundle name
    - name: <str; required; unique>

      # Key only used for documentation or validation purposes
      tenant: <str>

      # Key only used for documentation or validation purposes
      description: <str>

      # Route distinguisher
      rd: <str>
      rd_evpn_domain:
        domain: <str; "remote" | "all">

        # Route distinguisher
        rd: <str>
      route_targets:
        both:
          - <str>
        import:
          - <str>
        export:
          - <str>
        import_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
        export_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
        import_export_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
      redistribute_routes:
        - <str>
      no_redistribute_routes:
        - <str>

      # VLAN range as string. Example "100-200,300"
      vlan: <str>

      # Multiline EOS CLI rendered directly on the Router BGP, VLAN-aware-bundle definition in the final EOS configuration
      eos_cli: <str>
  vlans:
    - id: <int; required; unique>

      # Key only used for documentation or validation purposes
      tenant: <str>

      # Route distinguisher
      rd: <str>
      rd_evpn_domain:
        domain: <str; "remote" | "all">

        # Route distinguisher
        rd: <str>

      # Multiline EOS CLI rendered directly on the Router BGP, VLAN definition in the final EOS configuration
      eos_cli: <str>
      route_targets:
        both:
          - <str>
        import:
          - <str>
        export:
          - <str>
        import_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
        export_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
        import_export_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
      redistribute_routes:
        - <str>
      no_redistribute_routes:
        - <str>
  vpws:

      # VPWS instance name
    - name: <str; required; unique>

      # Route distinguisher
      rd: <str>
      route_targets:

        # Route Target
        import_export: <str>
      mpls_control_word: <bool>
      label_flow: <bool>
      mtu: <int>
      pseudowires:

          # Pseudowire name
        - name: <str; required; unique>

          # Must match id_remote on other pe
          id_local: <int>

          # Must match id_local on other pe
          id_remote: <int>
  address_family_evpn:
    domain_identifier: <str>
    neighbor_default:
      encapsulation: <str; "vxlan" | "mpls">

      # Source interface name
      next_hop_self_source_interface: <str>
      next_hop_self_received_evpn_routes:
        enable: <bool>
        inter_domain: <bool>
    peer_groups:

        # Peer-group name
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name
        route_map_in: <str>

        # Outbound route-map name
        route_map_out: <str>
        domain_remote: <bool>
        encapsulation: <str; "vxlan" | "mpls">
        additional_paths:
          receive: <bool>
          send:
            any: <bool>
            backup: <bool>
            ecmp: <bool>

            # Amount of ECMP paths to send
            ecmp_limit: <int; 2-64>

            # Amount of paths to send
            limit: <int; 2-64>
    evpn_hostflap_detection:
      enabled: <bool>

      # Time (in seconds) to detect a MAC duplication issue
      window: <int; 0-4294967295>

      # Minimum number of MAC moves that indicate a MAC Duplication issue
      threshold: <int; 0-4294967295>

      # Time (in seconds) to purge a MAC duplication issue
      expiry_timeout: <int; 0-4294967295>
    next_hop:
      resolution_disabled: <bool>
    route:
      import_match_failure_action: <str; "discard">
    next_hop_unchanged: <bool>
  address_family_rtc:
    peer_groups:

        # Peer-group name
      - name: <str; required; unique>
        activate: <bool>
        default_route_target:
          only: <bool>
          encoding_origin_as_omit: <str>
  address_family_ipv4:
    networks:

        # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I"
      - prefix: <str; required; unique>

        # Route-map name
        route_map: <str>
    peer_groups:

        # Peer-group name
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name
        route_map_in: <str>

        # Outbound route-map name
        route_map_out: <str>
        default_originate:
          always: <bool>

          # Route-map name
          route_map: <str>
        next_hop:
          address_family_ipv6:
            enabled: <bool; required>
            originate: <bool>
          # This key is deprecated.
          # Support will be removed in AVD version 5.0.0.
          # Use <samp>address_family_ipv6</samp> instead.
          address_family_ipv6_originate: <bool>

        # Inbound prefix-list name
        prefix_list_in: <str>

        # Outbound prefix-list name
        prefix_list_out: <str>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name
        route_map_in: <str>

        # Outbound route-map name
        route_map_out: <str>

        # Inbound prefix-list name
        prefix_list_in: <str>

        # Prefix-list name
        prefix_list_out: <str>
        default_originate:
          always: <bool>
          route_map: <str>
  address_family_ipv4_multicast:
    peer_groups:

        # Peer-group name
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name
        route_map_in: <str>

        # Outbound route-map name
        route_map_out: <str>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name
        route_map_in: <str>

        # Outbound route-map name
        route_map_out: <str>
    redistribute_routes:
      - source_protocol: <str; required; unique>
        route_map: <str>
  address_family_ipv4_sr_te:
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name
        route_map_in: <str>

        # Outbound route-map name
        route_map_out: <str>
    peer_groups:

        # Peer-group name
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name
        route_map_in: <str>

        # Outbound route-map name
        route_map_out: <str>
  address_family_ipv6:
    networks:

        # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I"
      - prefix: <str; required; unique>

        # Route-map name
        route_map: <str>
    peer_groups:

        # Peer-group name
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name
        route_map_in: <str>

        # Outbound route-map name
        route_map_out: <str>

        # Inbound prefix-list name
        prefix_list_in: <str>

        # Outbound prefix-list name
        prefix_list_out: <str>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name
        route_map_in: <str>

        # Outbound route-map name
        route_map_out: <str>

        # Inbound prefix-list name
        prefix_list_in: <str>

        # Outbound prefix-list name
        prefix_list_out: <str>
    redistribute_routes:
      - source_protocol: <str; required; unique>
        route_map: <str>
        include_leaked: <bool>
  address_family_ipv6_multicast:
    bgp:
      missing_policy:
        direction_in_action: <str; "deny" | "deny-in-out" | "permit">
        direction_out_action: <str; "deny" | "deny-in-out" | "permit">
      additional_paths:
        receive: <bool>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name
        route_map_in: <str>

        # Outbound route-map name
        route_map_out: <str>
    peer_groups:

        # Peer-group name
      - name: <str; required; unique>
        activate: <bool>
    networks:

        # IPv6 prefix "A:B:C:D:E:F:G:H/I"
      - prefix: <str; required; unique>
        route_map: <str>
  address_family_ipv6_sr_te:
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name
        route_map_in: <str>

        # Outbound route-map name
        route_map_out: <str>
    peer_groups:

        # Peer-group name
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name
        route_map_in: <str>

        # Outbound route-map name
        route_map_out: <str>
  address_family_link_state:
    bgp:
      missing_policy:
        direction_in_action: <str; "deny" | "deny-in-out" | "permit">
        direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    peer_groups:

        # Peer-group name
      - name: <str; required; unique>
        activate: <bool>
        missing_policy:
          direction_in_action: <str; "deny" | "deny-in-out" | "permit">
          direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>
        missing_policy:
          direction_in_action: <str; "deny" | "deny-in-out" | "permit">
          direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    path_selection:
      roles:
        producer: <bool>
        consumer: <bool>
        propagator: <bool>
  address_family_flow_spec_ipv4:
    bgp:
      missing_policy:
        direction_in_action: <str; "deny" | "deny-in-out" | "permit">
        direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>
    peer_groups:

        # Peer-group name
      - name: <str; required; unique>
        activate: <bool>
  address_family_flow_spec_ipv6:
    bgp:
      missing_policy:
        direction_in_action: <str; "deny" | "deny-in-out" | "permit">
        direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>
    peer_groups:

        # Peer-group name
      - name: <str; required; unique>
        activate: <bool>
  address_family_path_selection:
    bgp:
      additional_paths:
        receive: <bool>
        send:
          any: <bool>
          backup: <bool>
          ecmp: <bool>

          # Amount of ECMP paths to send
          ecmp_limit: <int; 2-64>

          # Amount of paths to send
          limit: <int; 2-64>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>
        additional_paths:
          install: <bool>
          install_ecmp_primary: <bool>
          receive: <bool>
          send:
            any: <bool>
            backup: <bool>
            ecmp: <bool>

            # Amount of ECMP paths to send
            ecmp_limit: <int; 2-64>

            # Amount of paths to send
            limit: <int; 2-64>
    peer_groups:

        # Peer-group name
      - name: <str; required; unique>
        activate: <bool>
        additional_paths:
          install: <bool>
          install_ecmp_primary: <bool>
          receive: <bool>
          send:
            any: <bool>
            backup: <bool>
            ecmp: <bool>

            # Amount of ECMP paths to send
            ecmp_limit: <int; 2-64>

            # Amount of paths to send
            limit: <int; 2-64>
  address_family_vpn_ipv4:
    domain_identifier: <str>
    peer_groups:

        # Peer-group name
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name
        route_map_in: <str>

        # Outbound route-map name
        route_map_out: <str>
    route:
      import_match_failure_action: <str; "discard">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name
        route_map_in: <str>

        # Outbound route-map name
        route_map_out: <str>
    neighbor_default_encapsulation_mpls_next_hop_self:
      source_interface: <str>
  address_family_vpn_ipv6:
    domain_identifier: <str>
    peer_groups:

        # Peer-group name
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name
        route_map_in: <str>

        # Outbound route-map name
        route_map_out: <str>
    route:
      import_match_failure_action: <str; "discard">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name
        route_map_in: <str>

        # Outbound route-map name
        route_map_out: <str>
    neighbor_default_encapsulation_mpls_next_hop_self:
      source_interface: <str>
  vrfs:

      # VRF name
    - name: <str; required; unique>

      # Route distinguisher
      rd: <str>
      evpn_multicast: <bool>

      # Enable per-AF EVPN multicast settings
      evpn_multicast_address_family:
        ipv4:

          # Enable EVPN multicast transit mode
          transit: <bool>
      route_targets:
        import:
          - address_family: <str; required; unique>
            route_targets:
              - <str>
            route_map: <str>
        export:
          - address_family: <str; required; unique>
            route_targets:
              - <str>
            route_map: <str>

      # in IP address format A.B.C.D
      router_id: <str>

      # BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>"
      timers: <str>
      networks:

          # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I"
        - prefix: <str; required; unique>
          route_map: <str>
      updates:

        # Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
        wait_for_convergence: <bool>

        # Do not advertise reachability to a prefix until that prefix has been installed in hardware.
        # This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
        wait_install: <bool>

      # Improved "listen_ranges" data model to support multiple listen ranges and additional filter capabilities
      listen_ranges:

          # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I"
        - prefix: <str>

          # Include router ID as part of peer filter
          peer_id_include_router_id: <bool>

          # Peer-group name
          peer_group: <str>

          # Peer-filter name
          # note: `peer_filter`` or `remote_as` is required but mutually exclusive.
          # If both are defined, peer_filter takes precedence
          peer_filter: <str>

          # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
          remote_as: <str>
      neighbors:
        - ip_address: <str; required; unique>

          # Peer-group name
          peer_group: <str>

          # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
          remote_as: <str>
          password: <str>
          passive: <bool>

          # Remove private AS numbers in outbound AS path
          remove_private_as:
            enabled: <bool>
            all: <bool>
            replace_as: <bool>
          remove_private_as_ingress:
            enabled: <bool>
            replace_as: <bool>
          weight: <int; 0-65535>

          # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
          local_as: <str>

          # BGP AS-PATH options
          as_path:

            # Replace AS number with local AS number
            remote_as_replace_out: <bool>

            # Disable prepending own AS number to AS path
            prepend_own_disabled: <bool>
          description: <str>
          route_reflector_client: <bool>

          # Time-to-live in range of hops
          ebgp_multihop: <int; 1-255>
          next_hop_self: <bool>
          shutdown: <bool>
          bfd: <bool>

          # BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>"
          timers: <str>
          rib_in_pre_policy_retain:
            enabled: <bool>
            all: <bool>

          # 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'
          send_community: <str>
          maximum_routes: <int>

          # Maximum number of routes after which a warning is issued (0 means never warn) or
          # Percentage of maximum number of routes at which to warn ("<1-100> percent")
          maximum_routes_warning_limit: <str>
          maximum_routes_warning_only: <bool>
          allowas_in:
            enabled: <bool>

            # Number of local ASNs allowed in a BGP update
            times: <int; 1-10>
          default_originate:
            enabled: <bool>
            always: <bool>
            route_map: <str>
          update_source: <str>

          # Inbound route-map name
          route_map_in: <str>

          # Outbound route-map name
          route_map_out: <str>

          # Inbound prefix-list name
          # This key is deprecated.
          # Support will be removed in AVD version 5.0.0.
          # Use <samp>router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_in or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_in</samp> instead.
          prefix_list_in: <str>

          # Outbound prefix-list name
          # This key is deprecated.
          # Support will be removed in AVD version 5.0.0.
          # Use <samp>router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_out or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_out</samp> instead.
          prefix_list_out: <str>
      neighbor_interfaces:

          # Interface name
        - name: <str; required; unique>

          # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>"
          remote_as: <str>

          # Peer-group name
          peer_group: <str>

          # Peer-filter name
          peer_filter: <str>
          description: <str>
      redistribute_routes:
        - source_protocol: <str; required; unique>
          route_map: <str>
          include_leaked: <bool>
      aggregate_addresses:

          # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I"
        - prefix: <str; required; unique>
          advertise_only: <bool>
          as_set: <bool>
          summary_only: <bool>
          attribute_map: <str>
          match_map: <str>
      address_family_ipv4:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
          additional_paths:
            install: <bool>
            install_ecmp_primary: <bool>
            receive: <bool>
            send:
              any: <bool>
              backup: <bool>
              ecmp: <bool>

              # Amount of ECMP paths to send
              ecmp_limit: <int; 2-64>

              # Amount of paths to send
              limit: <int; 2-64>
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>

            # Inbound route-map name
            route_map_in: <str>

            # Outbound route-map name
            route_map_out: <str>

            # Inbound prefix-list name
            prefix_list_in: <str>

            # Outbound prefix-list name
            prefix_list_out: <str>
            next_hop:
              address_family_ipv6:
                enabled: <bool; required>
                originate: <bool>
        networks:

            # IPv4 prefix "A.B.C.D/E"
          - prefix: <str; required; unique>
            route_map: <str>
      address_family_ipv6:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
          additional_paths:
            install: <bool>
            install_ecmp_primary: <bool>
            receive: <bool>
            send:
              any: <bool>
              backup: <bool>
              ecmp: <bool>

              # Amount of ECMP paths to send
              ecmp_limit: <int; 2-64>

              # Amount of paths to send
              limit: <int; 2-64>
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>

            # Inbound route-map name
            route_map_in: <str>

            # Outbound route-map name
            route_map_out: <str>

            # Inbound prefix-list name
            prefix_list_in: <str>

            # Outbound prefix-list name
            prefix_list_out: <str>
        networks:

            # IPv6 prefix "A:B:C:D:E:F:G:H/I"
          - prefix: <str; required; unique>
            route_map: <str>
      address_family_ipv4_multicast:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
          additional_paths:
            receive: <bool>
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>

            # Inbound route-map name
            route_map_in: <str>

            # Outbound route-map name
            route_map_out: <str>
        networks:

            # IPv6 prefix "A.B.C.D/E"
          - prefix: <str; required; unique>
            route_map: <str>
      address_family_ipv6_multicast:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
          additional_paths:
            receive: <bool>
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>

            # Inbound route-map name
            route_map_in: <str>

            # Outbound route-map name
            route_map_out: <str>
        networks:

            # IPv6 prefix "A:B:C:D:E:F:G:H/I"
          - prefix: <str; required; unique>
            route_map: <str>
      address_family_flow_spec_ipv4:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>
      address_family_flow_spec_ipv6:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>address_family_*</samp> instead.
      address_families:
        - address_family: <str; required; unique>
          bgp:
            missing_policy:
              direction_in_action: <str; "deny" | "deny-in-out" | "permit">
              direction_out_action: <str; "deny" | "deny-in-out" | "permit">
            additional_paths:
              - <str>
          neighbors:
            - ip_address: <str; required; unique>
              activate: <bool>

              # Inbound route-map name
              route_map_in: <str>

              # Outbound route-map name
              route_map_out: <str>
          peer_groups:

              # Peer-group name
            - name: <str; required; unique>
              activate: <bool>
              next_hop:
                address_family_ipv6_originate: <bool>
          networks:

              # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I"
            - prefix: <str; required; unique>
              route_map: <str>

      # Multiline EOS CLI rendered directly on the Router BGP, VRF definition in the final EOS configuration
      eos_cli: <str>
  session_trackers:

      # Name of session tracker
    - name: <str; required; unique>

      # Recovery delay in seconds
      recovery_delay: <int; 1-3600>

Router general

Variable Type Required Default Value Restrictions Description
router_general Dictionary
  router_id Dictionary
    ipv4 String IPv4 Address
    ipv6 String IPv6 Address
  nexthop_fast_failover Boolean False
  vrfs List, items: Dictionary
    - name String Required, Unique Destination-VRF
      leak_routes List, items: Dictionary
        - source_vrf String
          subscribe_policy String Route-Map Policy
      routes Dictionary
        dynamic_prefix_lists List, items: Dictionary
          - name String Dynamic Prefix List Name
router_general:
  router_id:

    # IPv4 Address
    ipv4: <str>

    # IPv6 Address
    ipv6: <str>
  nexthop_fast_failover: <bool; default=False>
  vrfs:

      # Destination-VRF
    - name: <str; required; unique>
      leak_routes:
        - source_vrf: <str>

          # Route-Map Policy
          subscribe_policy: <str>
      routes:
        dynamic_prefix_lists:

            # Dynamic Prefix List Name
          - name: <str>

Router ISIS

Variable Type Required Default Value Restrictions Description
router_isis Dictionary
  instance String Required ISIS Instance Name
  net String CLNS Address like “49.0001.0001.0000.0001.00”
  router_id String IPv4 Address
  is_type String Valid Values:
- level-1
- level-1-2
- level-2
  log_adjacency_changes Boolean
  mpls_ldp_sync_default Boolean
  timers Dictionary
    local_convergence Dictionary
      protected_prefixes Boolean
      delay Integer 10000 Delay in milliseconds.
  advertise Dictionary
    passive_only Boolean
  address_family List, items: String
    - <str> deprecated String Valid Values:
- ipv4
- ipv6
- ipv4 unicast
- ipv6 unicast
Address FamilyThis key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_ipv4.enabled or address_family_ipv6.enabled instead.
  isis_af_defaults List, items: String
    - <str> deprecated String EOS CLI rendered under the address families
Example “maximum-paths 64”
This key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_ipv4/address_family_ipv6 instead.
  redistribute_routes List, items: Dictionary
    - source_protocol String Required Valid Values:
- bgp
- connected
- isis
- ospf
- ospfv3
- static
      route_map String Route-map name
      include_leaked Boolean
      ospf_route_type String Valid Values:
- external
- internal
- nssa-external
ospf_route_type is required with source_protocols ‘ospf’ and ‘ospfv3’
  address_family_ipv4 Dictionary
    enabled Boolean
    maximum_paths Integer Min: 1
Max: 128
    fast_reroute_ti_lfa Dictionary
      mode String Valid Values:
- link-protection
- node-protection
      level String Valid Values:
- level-1
- level-2
      srlg Dictionary Shared Risk Link Group
        enable Boolean
        strict Boolean
    tunnel_source_labeled_unicast Dictionary
      enabled Boolean
      rcf String Route Control Function
  address_family_ipv6 Dictionary
    enabled Boolean
    maximum_paths Integer Min: 1
Max: 128
    fast_reroute_ti_lfa Dictionary
      mode String Valid Values:
- link-protection
- node-protection
      level String Valid Values:
- level-1
- level-2
Optional, default is to protect all levels
      srlg Dictionary Shared Risk Link Group
        enable Boolean
        strict Boolean
  segment_routing_mpls Dictionary
    enabled Boolean
    router_id String
    prefix_segments List, items: Dictionary
      - prefix String
        index Integer
router_isis:

  # ISIS Instance Name
  instance: <str; required>

  # CLNS Address like "49.0001.0001.0000.0001.00"
  net: <str>

  # IPv4 Address
  router_id: <str>
  is_type: <str; "level-1" | "level-1-2" | "level-2">
  log_adjacency_changes: <bool>
  mpls_ldp_sync_default: <bool>
  timers:
    local_convergence:
      protected_prefixes: <bool>

      # Delay in milliseconds.
      delay: <int; default=10000>
  advertise:
    passive_only: <bool>
  address_family:

      # Address Family
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>address_family_ipv4.enabled or address_family_ipv6.enabled</samp> instead.
    - <str; "ipv4" | "ipv6" | "ipv4 unicast" | "ipv6 unicast">
  isis_af_defaults:

      # EOS CLI rendered under the address families
      # Example "maximum-paths 64"
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>address_family_ipv4/address_family_ipv6</samp> instead.
    - <str>
  redistribute_routes:
    - source_protocol: <str; "bgp" | "connected" | "isis" | "ospf" | "ospfv3" | "static"; required>

      # Route-map name
      route_map: <str>
      include_leaked: <bool>

      # ospf_route_type is required with source_protocols 'ospf' and 'ospfv3'
      ospf_route_type: <str; "external" | "internal" | "nssa-external">
  address_family_ipv4:
    enabled: <bool>
    maximum_paths: <int; 1-128>
    fast_reroute_ti_lfa:
      mode: <str; "link-protection" | "node-protection">
      level: <str; "level-1" | "level-2">

      # Shared Risk Link Group
      srlg:
        enable: <bool>
        strict: <bool>
    tunnel_source_labeled_unicast:
      enabled: <bool>

      # Route Control Function
      rcf: <str>
  address_family_ipv6:
    enabled: <bool>
    maximum_paths: <int; 1-128>
    fast_reroute_ti_lfa:
      mode: <str; "link-protection" | "node-protection">

      # Optional, default is to protect all levels
      level: <str; "level-1" | "level-2">

      # Shared Risk Link Group
      srlg:
        enable: <bool>
        strict: <bool>
  segment_routing_mpls:
    enabled: <bool>
    router_id: <str>
    prefix_segments:
      - prefix: <str>
        index: <int>

Router L2 VPN

Variable Type Required Default Value Restrictions Description
router_l2_vpn Dictionary
  arp_learning_bridged Boolean
  arp_proxy Dictionary
    prefix_list String Prefix-list name. ARP Proxying is disabled for IPv4 addresses defined in the prefix-list.
  arp_selective_install Boolean
  nd_learning_bridged Boolean
  nd_proxy Dictionary
    prefix_list String Prefix-list name. ND Proxying is disabled for IPv6 addresses defined in the prefix-list.
  nd_rs_flooding_disabled Boolean
  virtual_router_nd_ra_flooding_disabled Boolean
router_l2_vpn:
  arp_learning_bridged: <bool>
  arp_proxy:

    # Prefix-list name. ARP Proxying is disabled for IPv4 addresses defined in the prefix-list.
    prefix_list: <str>
  arp_selective_install: <bool>
  nd_learning_bridged: <bool>
  nd_proxy:

    # Prefix-list name. ND Proxying is disabled for IPv6 addresses defined in the prefix-list.
    prefix_list: <str>
  nd_rs_flooding_disabled: <bool>
  virtual_router_nd_ra_flooding_disabled: <bool>

Router OSPF

Variable Type Required Default Value Restrictions Description
router_ospf Dictionary
  process_ids List, items: Dictionary
    - id Integer Required, Unique OSPF Process ID
      vrf String VRF Name for OSPF Process
      passive_interface_default Boolean
      router_id String IPv4 Address
      distance Dictionary
        external Integer Min: 1
Max: 255
        inter_area Integer Min: 1
Max: 255
        intra_area Integer Min: 1
Max: 255
      log_adjacency_changes_detail Boolean
      network_prefixes List, items: Dictionary
        - ipv4_prefix String Required, Unique
          area String
      bfd_enable Boolean
      bfd_adjacency_state_any Boolean
      no_passive_interfaces List, items: String
        - <str> String Interface Name
      distribute_list_in Dictionary
        route_map String
      max_lsa Integer
      timers Dictionary
        lsa Dictionary
          rx_min_interval Integer Min: 0
Max: 600000
Min interval in msecs between accepting the same LSA
          tx_delay Dictionary
            initial Integer Min: 0
Max: 600000
Delay to generate first occurrence of LSA in msecs
            min Integer Min: 1
Max: 600000
Min delay between originating the same LSA in msecs
            max Integer Min: 1
Max: 600000
1-600000 Maximum delay between originating the same LSA in msec
        spf_delay Dictionary
          initial Integer Min: 0
Max: 600000
Initial SPF schedule delay in msecs
          min Integer Min: 0
Max: 65535000
Min Hold time between two SPFs in msecs
          max Integer Min: 0
Max: 65535000
Max wait time between two SPFs in msecs
      default_information_originate Dictionary
        always Boolean
        metric Integer Min: 1
Max: 65535
Metric for default route
        metric_type Integer Valid Values:
- 1
- 2
OSPF metric type for default route
      summary_addresses List, items: Dictionary
        - prefix String Required, Unique Summary Prefix Address
          tag Integer
          attribute_map String
          not_advertise Boolean
      redistribute Dictionary
        static Dictionary
          route_map String Route Map Name
          include_leaked Boolean
        connected Dictionary
          route_map String Route Map Name
          include_leaked Boolean
        bgp Dictionary
          route_map String Route Map Name
          include_leaked Boolean
      auto_cost_reference_bandwidth Integer Bandwidth in mbps
      areas List, items: Dictionary
        - id String Required, Unique
          filter Dictionary
            networks List, items: String
              - <str> String IPv4 Prefix
            prefix_list String Prefix-List Name
          type String normal Valid Values:
- normal
- stub
- nssa
          no_summary Boolean
          nssa_only Boolean
          default_information_originate Dictionary
            metric Integer Min: 1
Max: 65535
Metric for default route
            metric_type Integer Valid Values:
- 1
- 2
OSPF metric type for default route
      maximum_paths Integer Min: 1
Max: 128
      max_metric Dictionary
        router_lsa Dictionary
          external_lsa Dictionary
            override_metric Integer Min: 1
Max: 16777215
          include_stub Boolean
          on_startup String “wait-for-bgp” or Integer 5-86400
Example: “wait-for-bgp” Or “222”
          summary_lsa Dictionary
            override_metric Integer Min: 1
Max: 16777215
      mpls_ldp_sync_default Boolean
      eos_cli String Multiline EOS CLI rendered directly on the Router OSPF process ID in the final EOS configuration
router_ospf:
  process_ids:

      # OSPF Process ID
    - id: <int; required; unique>

      # VRF Name for OSPF Process
      vrf: <str>
      passive_interface_default: <bool>

      # IPv4 Address
      router_id: <str>
      distance:
        external: <int; 1-255>
        inter_area: <int; 1-255>
        intra_area: <int; 1-255>
      log_adjacency_changes_detail: <bool>
      network_prefixes:
        - ipv4_prefix: <str; required; unique>
          area: <str>
      bfd_enable: <bool>
      bfd_adjacency_state_any: <bool>
      no_passive_interfaces:

          # Interface Name
        - <str>
      distribute_list_in:
        route_map: <str>
      max_lsa: <int>
      timers:
        lsa:

          # Min interval in msecs between accepting the same LSA
          rx_min_interval: <int; 0-600000>
          tx_delay:

            # Delay to generate first occurrence of LSA in msecs
            initial: <int; 0-600000>

            # Min delay between originating the same LSA in msecs
            min: <int; 1-600000>

            # 1-600000 Maximum delay between originating the same LSA in msec
            max: <int; 1-600000>
        spf_delay:

          # Initial SPF schedule delay in msecs
          initial: <int; 0-600000>

          # Min Hold time between two SPFs in msecs
          min: <int; 0-65535000>

          # Max wait time between two SPFs in msecs
          max: <int; 0-65535000>
      default_information_originate:
        always: <bool>

        # Metric for default route
        metric: <int; 1-65535>

        # OSPF metric type for default route
        metric_type: <int; 1 | 2>
      summary_addresses:

          # Summary Prefix Address
        - prefix: <str; required; unique>
          tag: <int>
          attribute_map: <str>
          not_advertise: <bool>
      redistribute:
        static:

          # Route Map Name
          route_map: <str>
          include_leaked: <bool>
        connected:

          # Route Map Name
          route_map: <str>
          include_leaked: <bool>
        bgp:

          # Route Map Name
          route_map: <str>
          include_leaked: <bool>

      # Bandwidth in mbps
      auto_cost_reference_bandwidth: <int>
      areas:
        - id: <str; required; unique>
          filter:
            networks:

                # IPv4 Prefix
              - <str>

            # Prefix-List Name
            prefix_list: <str>
          type: <str; "normal" | "stub" | "nssa"; default="normal">
          no_summary: <bool>
          nssa_only: <bool>
          default_information_originate:

            # Metric for default route
            metric: <int; 1-65535>

            # OSPF metric type for default route
            metric_type: <int; 1 | 2>
      maximum_paths: <int; 1-128>
      max_metric:
        router_lsa:
          external_lsa:
            override_metric: <int; 1-16777215>
          include_stub: <bool>

          # "wait-for-bgp" or Integer 5-86400
          # Example: "wait-for-bgp" Or "222"
          on_startup: <str>
          summary_lsa:
            override_metric: <int; 1-16777215>
      mpls_ldp_sync_default: <bool>

      # Multiline EOS CLI rendered directly on the Router OSPF process ID in the final EOS configuration
      eos_cli: <str>

Router path selection

Variable Type Required Default Value Restrictions Description
router_path_selection Dictionary Dynamic path selection configuration.
  peer_dynamic_source String Valid Values:
- stun
Source of dynamic peer discovery.
  path_groups List, items: Dictionary
    - name String Required, Unique Path group name.
      id Integer Min: 1
Max: 65535
Path group ID.
      ipsec_profile String IPSec profile for the path group.
      flow_assignment String Valid Values:
- lan
Flow assignement lan can not be configured in a path group with dynamic peers.
      local_interfaces List, items: Dictionary
        - name String Required, Unique Pattern: ^Ethernet\d+(/\d+)*(.\d+)?$ Local interface name.
          public_address String Public IP assigned by NAT.
          stun Dictionary
            server_profiles List, items: String Required Min Length: 1
Max Length: 12
STUN server-profile names.
              - <str> String
      local_ips List, items: Dictionary
        - ip_address String Required, Unique
          public_address String Public IP assigned by NAT.
          stun Dictionary
            server_profiles List, items: String Required Min Length: 1
Max Length: 12
STUN server-profile names.
              - <str> String
      dynamic_peers Dictionary Flow assignement lan can not be configured in a path group with dynamic peers.
        enabled Boolean Enable peer dynamic.
        ip_local Boolean Prefer local IP address.
        ipsec Boolean IPsec configuration for dynamic peers.
      static_peers List, items: Dictionary
        - router_ip String Required, Unique Peer router IP.
          name String Name of the site.
          ipv4_addresses List, items: String Static IPv4 addresses.
            - <str> String
  load_balance_policies List, items: Dictionary
    - name String Required, Unique Load-balance policy name.
      lowest_hop_count Boolean Prefer paths with lowest hop-count.
      jitter Integer Min: 0
Max: 10000
Jitter requirement for this load balance policy in milliseconds.
      latency Integer Min: 0
Max: 10000
One way delay requirement for this load balance policy in milliseconds.
      loss_rate String Pattern: ^\d+(.\d{1,2})?$ Loss Rate requirement in percentage for this load balance policy.
Value between 0.00 and 100.00 %
      path_groups List, items: Dictionary List of path-groups to use for this load balance policy.
        - name String Required, Unique Path-group name
          priority Integer Min: 1
Max: 65535
Priority for this path-group.
The EOS default value is 1.
  policies List, items: Dictionary
    - name String Required, Unique DPS policy name.
      default_match Dictionary
        load_balance String Name of the load-balance policy.
      rules List, items: Dictionary
        - id Integer Required, Unique Min: 1
Max: 255
Rule ID.
          application_profile String Required
          load_balance String Name of the load-balance policy.
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name.
      path_selection_policy String DPS policy name to use for this VRF.
# Dynamic path selection configuration.
router_path_selection:

  # Source of dynamic peer discovery.
  peer_dynamic_source: <str; "stun">
  path_groups:

      # Path group name.
    - name: <str; required; unique>

      # Path group ID.
      id: <int; 1-65535>

      # IPSec profile for the path group.
      ipsec_profile: <str>

      # Flow assignement `lan` can not be configured in a path group with dynamic peers.
      flow_assignment: <str; "lan">
      local_interfaces:

          # Local interface name.
        - name: <str; required; unique>

          # Public IP assigned by NAT.
          public_address: <str>
          stun:

            # STUN server-profile names.
            server_profiles: # 1-12 items; required
              - <str>
      local_ips:
        - ip_address: <str; required; unique>

          # Public IP assigned by NAT.
          public_address: <str>
          stun:

            # STUN server-profile names.
            server_profiles: # 1-12 items; required
              - <str>

      # Flow assignement `lan` can not be configured in a path group with dynamic peers.
      dynamic_peers:

        # Enable `peer dynamic`.
        enabled: <bool>

        # Prefer local IP address.
        ip_local: <bool>

        # IPsec configuration for dynamic peers.
        ipsec: <bool>
      static_peers:

          # Peer router IP.
        - router_ip: <str; required; unique>

          # Name of the site.
          name: <str>

          # Static IPv4 addresses.
          ipv4_addresses:
            - <str>
  load_balance_policies:

      # Load-balance policy name.
    - name: <str; required; unique>

      # Prefer paths with lowest hop-count.
      lowest_hop_count: <bool>

      # Jitter requirement for this load balance policy in milliseconds.
      jitter: <int; 0-10000>

      # One way delay requirement for this load balance policy in milliseconds.
      latency: <int; 0-10000>

      # Loss Rate requirement in percentage for this load balance policy.
      # Value between 0.00 and 100.00 %
      loss_rate: <str>

      # List of path-groups to use for this load balance policy.
      path_groups:

          # Path-group name
        - name: <str; required; unique>

          # Priority for this path-group.
          # The EOS default value is 1.
          priority: <int; 1-65535>
  policies:

      # DPS policy name.
    - name: <str; required; unique>
      default_match:

        # Name of the load-balance policy.
        load_balance: <str>
      rules:

          # Rule ID.
        - id: <int; 1-255; required; unique>
          application_profile: <str; required>

          # Name of the load-balance policy.
          load_balance: <str>
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # DPS policy name to use for this VRF.
      path_selection_policy: <str>

Router service-insertion

Variable Type Required Default Value Restrictions Description
router_service_insertion Dictionary Configure network services inserted to data forwarding
  enabled Boolean
# Configure network services inserted to data forwarding
router_service_insertion:
  enabled: <bool>

Router traffic engineering

Variable Type Required Default Value Restrictions Description
router_traffic_engineering Dictionary
  enabled Boolean
  router_id Dictionary
    ipv4 String
    ipv6 String
  segment_routing Dictionary
    colored_tunnel_rib Boolean
    policy_endpoints List, items: Dictionary
      - address String IPv4 or IPv6 address
        colors List, items: Dictionary
          - value Integer Required, Unique
            binding_sid Integer
            description String
            name String
            sbfd_remote_discriminator String IPv4 address or 32 bit integer
            path_group List, items: Dictionary
              - preference Integer
                explicit_null String Valid Values:
- ipv4
- ipv6
- ipv4 ipv6
- none
                segment_list List, items: Dictionary
                  - label_stack String Label Stack as string.
Example: “100 2000 30”
                    weight Integer
                    index Integer
router_traffic_engineering:
  enabled: <bool>
  router_id:
    ipv4: <str>
    ipv6: <str>
  segment_routing:
    colored_tunnel_rib: <bool>
    policy_endpoints:

        # IPv4 or IPv6 address
      - address: <str>
        colors:
          - value: <int; required; unique>
            binding_sid: <int>
            description: <str>
            name: <str>

            # IPv4 address or 32 bit integer
            sbfd_remote_discriminator: <str>
            path_group:
              - preference: <int>
                explicit_null: <str; "ipv4" | "ipv6" | "ipv4 ipv6" | "none">
                segment_list:

                    # Label Stack as string.
                    # Example: "100 2000 30"
                  - label_stack: <str>
                    weight: <int>
                    index: <int>

Service routing configuration bgp

Variable Type Required Default Value Restrictions Description
service_routing_configuration_bgp Dictionary
  no_equals_default Boolean
service_routing_configuration_bgp:
  no_equals_default: <bool>

Service routing protocols model

Variable Type Required Default Value Restrictions Description
service_routing_protocols_model String Valid Values:
- multi-agent
- ribd
service_routing_protocols_model: <str; "multi-agent" | "ribd">

Static routes

Variable Type Required Default Value Restrictions Description
static_routes List, items: Dictionary
  - vrf String VRF Name
    destination_address_prefix String IPv4_network/Mask
    interface String
    gateway String IPv4 Address
    track_bfd Boolean Track next-hop using BFD
    distance Integer Min: 1
Max: 255
    tag Integer Min: 0
Max: 4294967295
    name String Description
    metric Integer Min: 0
Max: 4294967295
static_routes:

    # VRF Name
  - vrf: <str>

    # IPv4_network/Mask
    destination_address_prefix: <str>
    interface: <str>

    # IPv4 Address
    gateway: <str>

    # Track next-hop using BFD
    track_bfd: <bool>
    distance: <int; 1-255>
    tag: <int; 0-4294967295>

    # Description
    name: <str>
    metric: <int; 0-4294967295>

STUN

Variable Type Required Default Value Restrictions Description
stun Dictionary STUN configuration.
  client Dictionary STUN client settings.
    server_profiles List, items: Dictionary List of server profiles for the client.
      - name String Required, Unique
        ip_address String
        ssl_profile String SSL profile name.
        port Integer Min: 1
Max: 65535
Destination port for the request STUN server (default - 3478).
  server Dictionary STUN server settings.
    local_interface deprecated String This key is deprecated. Support will be removed in AVD version v5.0.0. Use local_interfaces instead.
    local_interfaces List, items: String Min Length: 1
      - <str> String
    bindings_timeout Integer Min: 10
Max: 7200
Timeout for bindings stored on STUN server in seconds.
    ssl_profile String SSL profile name.
    ssl_connection_lifetime Dictionary SSL connection lifetime in minutes or hours.
If both are specified, minutes is given higher precedence.
      minutes Integer Min: 1
Max: 1440
SSL connection lifetime in minutes (default - 120).
      hours Integer Min: 1
Max: 24
SSL connection lifetime in hours (default - 2).
    port Integer Min: 1
Max: 65535
Listening port for STUN server (default - 3478).
# STUN configuration.
stun:

  # STUN client settings.
  client:

    # List of server profiles for the client.
    server_profiles:
      - name: <str; required; unique>
        ip_address: <str>

        # SSL profile name.
        ssl_profile: <str>

        # Destination port for the request STUN server (default - 3478).
        port: <int; 1-65535>

  # STUN server settings.
  server:
    # This key is deprecated.
    # Support will be removed in AVD version v5.0.0.
    # Use <samp>local_interfaces</samp> instead.
    local_interface: <str>
    local_interfaces: # >=1 items
      - <str>

    # Timeout for bindings stored on STUN server in seconds.
    bindings_timeout: <int; 10-7200>

    # SSL profile name.
    ssl_profile: <str>

    # SSL connection lifetime in minutes or hours.
    # If both are specified, minutes is given higher precedence.
    ssl_connection_lifetime:

      # SSL connection lifetime in minutes (default - 120).
      minutes: <int; 1-1440>

      # SSL connection lifetime in hours (default - 2).
      hours: <int; 1-24>

    # Listening port for STUN server (default - 3478).
    port: <int; 1-65535>

VRFs

Variable Type Required Default Value Restrictions Description
vrfs List, items: Dictionary These keys are ignored if the name of the vrf is ‘default’
  - name String Required, Unique VRF Name
    description String
    ip_routing Boolean
    ipv6_routing Boolean
    ip_routing_ipv6_interfaces Boolean
    tenant String Key only used for documentation or validation purposes
# These keys are ignored if the name of the vrf is 'default'
vrfs:

    # VRF Name
  - name: <str; required; unique>
    description: <str>
    ip_routing: <bool>
    ipv6_routing: <bool>
    ip_routing_ipv6_interfaces: <bool>

    # Key only used for documentation or validation purposes
    tenant: <str>

Security

IP Security

Variable Type Required Default Value Restrictions Description
ip_security Dictionary
  ike_policies List, items: Dictionary Internet Security Association and Key Mgmt Protocol.
    - name String Required, Unique Policy name.
      local_id String Local IKE Identification.
Can be an IPv4 or an IPv6 address.
      ike_lifetime Integer Min: 1
Max: 24
IKE lifetime in hours.
      encryption String Valid Values:
- 3des
- aes128
- aes256
IKE encryption algorithm.
      dh_group Integer Valid Values:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 20
- 21
- 24
Diffie-Hellman group for the key exchange.
  sa_policies List, items: Dictionary Security Association policies.
    - name String Required, Unique Name of the SA policy. The “null” value is deprecated and will be removed in AVD 5.0.0
      esp Dictionary
        integrity String Valid Values:
- disabled
- sha1
- sha256
- null
        encryption String Valid Values:
- disabled
- aes128
- aes128gcm128
- aes128gcm64
- aes256
- aes256gcm256
- null
      pfs_dh_group Integer Valid Values:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 20
- 21
- 24
  profiles List, items: Dictionary IPSec profiles.
    - name String Required, Unique Name of the IPsec profile.
      ike_policy String Name of the IKE policy to use in this profile.
      sa_policy String Name of the Security Association to use in this profile.
      connection String Valid Values:
- add
- start
- route
IPsec connection (Initiator/Responder/Dynamic).
      shared_key String Encrypted password - only type 7 supported.
      dpd Dictionary Dead Peer Detection.
        interval Integer Required Min: 2
Max: 3600
Interval (in seconds) between keep-alive messages.
        time Integer Required Min: 10
Max: 3600
Time (in seconds) after which the action is applied.
        action String Required Valid Values:
- clear
- hold
- restart
Action to apply

* ‘clear’: Delete all connections
* ‘hold’: Re-negotiate connection on demand
* ‘restart’: Restart connection immediately
      mode String Valid Values:
- transport
- tunnel
Ipsec mode type.
  key_controller Dictionary
    profile String IPsec profile name to use.
ip_security:

  # Internet Security Association and Key Mgmt Protocol.
  ike_policies:

      # Policy name.
    - name: <str; required; unique>

      # Local IKE Identification.
      # Can be an IPv4 or an IPv6 address.
      local_id: <str>

      # IKE lifetime in hours.
      ike_lifetime: <int; 1-24>

      # IKE encryption algorithm.
      encryption: <str; "3des" | "aes128" | "aes256">

      # Diffie-Hellman group for the key exchange.
      dh_group: <int; 1 | 2 | 5 | 14 | 15 | 16 | 17 | 20 | 21 | 24>

  # Security Association policies.
  sa_policies:

      # Name of the SA policy. The "null" value is deprecated and will be removed in AVD 5.0.0
    - name: <str; required; unique>
      esp:
        integrity: <str; "disabled" | "sha1" | "sha256" | "null">
        encryption: <str; "disabled" | "aes128" | "aes128gcm128" | "aes128gcm64" | "aes256" | "aes256gcm256" | "null">
      pfs_dh_group: <int; 1 | 2 | 5 | 14 | 15 | 16 | 17 | 20 | 21 | 24>

  # IPSec profiles.
  profiles:

      # Name of the IPsec profile.
    - name: <str; required; unique>

      # Name of the IKE policy to use in this profile.
      ike_policy: <str>

      # Name of the Security Association to use in this profile.
      sa_policy: <str>

      # IPsec connection (Initiator/Responder/Dynamic).
      connection: <str; "add" | "start" | "route">

      # Encrypted password - only type 7 supported.
      shared_key: <str>

      # Dead Peer Detection.
      dpd:

        # Interval (in seconds) between keep-alive messages.
        interval: <int; 2-3600; required>

        # Time (in seconds) after which the action is applied.
        time: <int; 10-3600; required>

        # Action to apply

        # * 'clear': Delete all connections
        # * 'hold': Re-negotiate connection on demand
        # * 'restart': Restart connection immediately
        action: <str; "clear" | "hold" | "restart"; required>

      # Ipsec mode type.
      mode: <str; "transport" | "tunnel">
  key_controller:

    # IPsec profile name to use.
    profile: <str>

Switching

MLAG configuration

Variable Type Required Default Value Restrictions Description
mlag_configuration Dictionary
  domain_id String
  heartbeat_interval Integer Heartbeat interval in milliseconds
  local_interface String Local Interface Name
  peer_address String IPv4 Address
  peer_address_heartbeat Dictionary
    peer_ip String IPv4 Address
    vrf String VRF Name
  dual_primary_detection_delay Integer Min: 0
Max: 86400
Delay in seconds
  dual_primary_recovery_delay_mlag Integer Min: 0
Max: 86400
Delay in seconds
  dual_primary_recovery_delay_non_mlag Integer Min: 0
Max: 86400
Delay in seconds
  peer_link String Port-Channel interface name
  reload_delay_mlag String Delay in seconds <0-86400> or ‘infinity’
  reload_delay_non_mlag String Delay in seconds <0-86400> or ‘infinity’
mlag_configuration:
  domain_id: <str>

  # Heartbeat interval in milliseconds
  heartbeat_interval: <int>

  # Local Interface Name
  local_interface: <str>

  # IPv4 Address
  peer_address: <str>
  peer_address_heartbeat:

    # IPv4 Address
    peer_ip: <str>

    # VRF Name
    vrf: <str>

  # Delay in seconds
  dual_primary_detection_delay: <int; 0-86400>

  # Delay in seconds
  dual_primary_recovery_delay_mlag: <int; 0-86400>

  # Delay in seconds
  dual_primary_recovery_delay_non_mlag: <int; 0-86400>

  # Port-Channel interface name
  peer_link: <str>

  # Delay in seconds <0-86400> or 'infinity'
  reload_delay_mlag: <str>

  # Delay in seconds <0-86400> or 'infinity'
  reload_delay_non_mlag: <str>

Spanning-tree

Variable Type Required Default Value Restrictions Description
spanning_tree Dictionary
  root_super Boolean
  edge_port Dictionary
    bpdufilter_default Boolean
    bpduguard_default Boolean
  mode String Valid Values:
- mstp
- rstp
- rapid-pvst
- none
  bpduguard_rate_limit Dictionary
    default Boolean
    count Integer Maximum number of BPDUs per timer interval
  rstp_priority Integer
  mst Dictionary
    pvst_border Boolean
    configuration Dictionary
      name String
      revision Integer 0-65535
      instances List, items: Dictionary
        - id Integer Required, Unique Instance ID
          vlans String ”< vlan_id >, < vlan_id >-< vlan_id >”
Example: 15,16,17,18
  mst_instances List, items: Dictionary
    - id String Required, Unique Instance ID
      priority Integer
  no_spanning_tree_vlan String ”< vlan_id >, < vlan_id >-< vlan_id >”
Example: 105,202,505-506
  rapid_pvst_instances List, items: Dictionary
    - id String Required, Unique ”< vlan_id >, < vlan_id >-< vlan_id >”
Example: 105,202,505-506
      priority Integer
spanning_tree:
  root_super: <bool>
  edge_port:
    bpdufilter_default: <bool>
    bpduguard_default: <bool>
  mode: <str; "mstp" | "rstp" | "rapid-pvst" | "none">
  bpduguard_rate_limit:
    default: <bool>

    # Maximum number of BPDUs per timer interval
    count: <int>
  rstp_priority: <int>
  mst:
    pvst_border: <bool>
    configuration:
      name: <str>

      # 0-65535
      revision: <int>
      instances:

          # Instance ID
        - id: <int; required; unique>

          # "< vlan_id >, < vlan_id >-< vlan_id >"
          # Example: 15,16,17,18
          vlans: <str>
  mst_instances:

      # Instance ID
    - id: <str; required; unique>
      priority: <int>

  # "< vlan_id >, < vlan_id >-< vlan_id >"
  # Example: 105,202,505-506
  no_spanning_tree_vlan: <str>
  rapid_pvst_instances:

      # "< vlan_id >, < vlan_id >-< vlan_id >"
      # Example: 105,202,505-506
    - id: <str; required; unique>
      priority: <int>

VLAN internal order

Variable Type Required Default Value Restrictions Description
vlan_internal_order Dictionary
  allocation String Required Valid Values:
- ascending
- descending
  range Dictionary Required
    beginning Integer Required Min: 2
Max: 4094
First VLAN ID.
    ending Integer Required Min: 2
Max: 4094
Last VLAN ID.
vlan_internal_order:
  allocation: <str; "ascending" | "descending"; required>
  range: # required

    # First VLAN ID.
    beginning: <int; 2-4094; required>

    # Last VLAN ID.
    ending: <int; 2-4094; required>

VLANs

Variable Type Required Default Value Restrictions Description
vlans List, items: Dictionary
  - id Integer Required, Unique VLAN ID
    name String VLAN Name
    state String Valid Values:
- active
- suspend
    trunk_groups List, items: String
      - <str> String Trunk Group Name
    private_vlan Dictionary
      type String Valid Values:
- community
- isolated
      primary_vlan Integer Primary VLAN ID
    tenant String Key only used for documentation or validation purposes
vlans:

    # VLAN ID
  - id: <int; required; unique>

    # VLAN Name
    name: <str>
    state: <str; "active" | "suspend">
    trunk_groups:

        # Trunk Group Name
      - <str>
    private_vlan:
      type: <str; "community" | "isolated">

      # Primary VLAN ID
      primary_vlan: <int>

    # Key only used for documentation or validation purposes
    tenant: <str>

System settings

Agents

Variable Type Required Default Value Restrictions Description
agents List, items: Dictionary
  - name String Required, Unique Agent name.
    environment_variables List, items: Dictionary Min Length: 1
      - name String Required, Unique Environment variable name.
        value String Required Environment variable value.
agents:

    # Agent name.
  - name: <str; required; unique>
    environment_variables: # >=1 items

        # Environment variable name.
      - name: <str; required; unique>

        # Environment variable value.
        value: <str; required>

Hardware counters

Variable Type Required Default Value Restrictions Description
hardware_counters Dictionary
  features List, items: Dictionary This data model allows to configure the list of hardware counters feature
available on Arista platforms.

The name key accepts a list of valid_values which MUST be updated to support
new feature as they are released in EOS.

The available values of the different keys like ‘direction’ or ‘address_type’
are feature and hardware dependent and this model DOES NOT validate that the
combinations are valid. It is the responsability of the user of this data model
to make sure that the rendered CLI is accepted by the targeted device.

Examples:

* Use:
yaml<br> hardware_counters:<br> features:<br> - name: ip<br> direction: out<br> layer3: true<br> units_packets: true<br>

to render:
eos<br> hardware counter feature ip out layer3 units packets<br>
* Use:
yaml<br> hardware_counters:<br> features:<br> - name: route<br> address_type: ipv4<br> vrf: test<br> prefix: 192.168.0.0/24<br>

to render:
eos<br> hardware counter feature route ipv4 vrf test 192.168.0.0/24<br>
    - name String Valid Values:
- acl
- decap-group
- directflow
- ecn
- flow-spec
- gre tunnel interface
- ip
- mpls interface
- mpls lfib
- mpls tunnel
- multicast
- nexthop
- pbr
- pdp
- policing interface
- qos
- qos dual-rate-policer
- route
- routed-port
- subinterface
- tapagg
- traffic-class
- traffic-policy
- vlan
- vlan-interface
- vni decap
- vni encap
- vtep decap
- vtep encap
      direction String Valid Values:
- in
- out
- cpu
Most features support only ‘in’ and ‘out’. Some like traffic-policy support ‘cpu’.
Some features DO NOT have any direction.
This validation IS NOT made by the schemas.
      address_type String Valid Values:
- ipv4
- ipv6
- mac
Supported only for the following features:
- acl: [ipv4, ipv6, mac] if direction is ‘out’
- multicast: [ipv4, ipv6]
- route: [ipv4, ipv6]
This validation IS NOT made by the schemas.
      layer3 Boolean Supported only for the ‘ip’ feature
      vrf String Supported only for the ‘route’ feature.
This validation IS NOT made by the schemas.
      prefix String Supported only for the ‘route’ feature.
Mandatory for the ‘route’ feature.
This validation IS NOT made by the schemas.
      units_packets Boolean
hardware_counters:

  # This data model allows to configure the list of hardware counters feature
  # available on Arista platforms.

  # The `name` key accepts a list of valid_values which MUST be updated to support
  # new feature as they are released in EOS.

  # The available values of the different keys like 'direction' or 'address_type'
  # are feature and hardware dependent and this model DOES NOT validate that the
  # combinations are valid. It is the responsability of the user of this data model
  # to make sure that the rendered CLI is accepted by the targeted device.

  # Examples:

  #   * Use:
  #     ```yaml
  #     hardware_counters:
  #       features:
  #         - name: ip
  #           direction: out
  #           layer3: true
  #           units_packets: true
  #     ```

  #     to render:
  #     ```eos
  #     hardware counter feature ip out layer3 units packets
  #     ```
  #   * Use:
  #     ```yaml
  #     hardware_counters:
  #       features:
  #         - name: route
  #           address_type: ipv4
  #           vrf: test
  #           prefix: 192.168.0.0/24
  #     ```

  #     to render:
  #     ```eos
  #     hardware counter feature route ipv4 vrf test 192.168.0.0/24
  #     ```
  features:
    - name: <str; "acl" | "decap-group" | "directflow" | "ecn" | "flow-spec" | "gre tunnel interface" | "ip" | "mpls interface" | "mpls lfib" | "mpls tunnel" | "multicast" | "nexthop" | "pbr" | "pdp" | "policing interface" | "qos" | "qos dual-rate-policer" | "route" | "routed-port" | "subinterface" | "tapagg" | "traffic-class" | "traffic-policy" | "vlan" | "vlan-interface" | "vni decap" | "vni encap" | "vtep decap" | "vtep encap">

      # Most features support only 'in' and 'out'. Some like traffic-policy support 'cpu'.
      # Some features DO NOT have any direction.
      # This validation IS NOT made by the schemas.
      direction: <str; "in" | "out" | "cpu">

      # Supported only for the following features:
      # - acl: [ipv4, ipv6, mac] if direction is 'out'
      # - multicast: [ipv4, ipv6]
      # - route: [ipv4, ipv6]
      # This validation IS NOT made by the schemas.
      address_type: <str; "ipv4" | "ipv6" | "mac">

      # Supported only for the 'ip' feature
      layer3: <bool>

      # Supported only for the 'route' feature.
      # This validation IS NOT made by the schemas.
      vrf: <str>

      # Supported only for the 'route' feature.
      # Mandatory for the 'route' feature.
      # This validation IS NOT made by the schemas.
      prefix: <str>
      units_packets: <bool>

Hardware

Variable Type Required Default Value Restrictions Description
hardware Dictionary
  access_list Dictionary
    mechanism String Valid Values:
- algomatch
- none
- tcam
  speed_groups List, items: Dictionary
    - speed_group String Required, Unique
      serdes String Serdes speed like “10g” or “25g”
hardware:
  access_list:
    mechanism: <str; "algomatch" | "none" | "tcam">
  speed_groups:
    - speed_group: <str; required; unique>

      # Serdes speed like "10g" or "25g"
      serdes: <str>

IP hardware

Variable Type Required Default Value Restrictions Description
ip_hardware Dictionary
  fib Dictionary
    optimize Dictionary
      prefixes Dictionary
        profile String Valid Values:
- internet
- urpf-internet
ip_hardware:
  fib:
    optimize:
      prefixes:
        profile: <str; "internet" | "urpf-internet">

IPv6 hardware

Variable Type Required Default Value Restrictions Description
ipv6_hardware Dictionary
  fib Dictionary
    optimize Dictionary
      prefixes Dictionary
        profile String Pre-defined profile ‘internet’ or user-defined profile name
ipv6_hardware:
  fib:
    optimize:
      prefixes:

        # Pre-defined profile 'internet' or user-defined profile name
        profile: <str>

L2 protocol

Variable Type Required Default Value Restrictions Description
l2_protocol Dictionary
  forwarding_profiles List, items: Dictionary
    - name String Required, Unique
      protocols List, items: Dictionary
        - name String Required, Unique Valid Values:
- bfd per-link rfc-7130
- e-lmi
- isis
- lacp
- lldp
- macsec
- pause
- stp
          forward Boolean
          tagged_forward Boolean
          untagged_forward Boolean
l2_protocol:
  forwarding_profiles:
    - name: <str; required; unique>
      protocols:
        - name: <str; "bfd per-link rfc-7130" | "e-lmi" | "isis" | "lacp" | "lldp" | "macsec" | "pause" | "stp"; required; unique>
          forward: <bool>
          tagged_forward: <bool>
          untagged_forward: <bool>

MAC address-table

Variable Type Required Default Value Restrictions Description
mac_address_table Dictionary
  aging_time Integer Aging time in seconds
  notification_host_flap Dictionary
    logging Boolean
    detection Dictionary
      window Integer Min: 2
Max: 300
      moves Integer Min: 2
Max: 10
mac_address_table:

  # Aging time in seconds
  aging_time: <int>
  notification_host_flap:
    logging: <bool>
    detection:
      window: <int; 2-300>
      moves: <int; 2-10>

Platform

Variable Type Required Default Value Restrictions Description
platform Dictionary Every key below this point is platform dependent.
  trident Dictionary
    forwarding_table_partition String
    mmu Dictionary Memory Management Unit settings.
      active_profile String The queue profile to be applied to the platform.
      queue_profiles List, items: Dictionary
        - name String Required, Unique
          multicast_queues List, items: Dictionary
            - id Integer Required, Unique Min: 0
Max: 7
              unit String Valid Values:
- bytes
- cells
Unit to be used for the reservation value. If not specified, default is bytes.
              reserved Integer Amount of memory that should be reserved for this
queue.
              threshold String Dynamic Shared Memory threshold.
              drop Dictionary
                precedence Integer Required Valid Values:
- 1
- 2
                threshold String Required Drop Treshold. This value may also be fractions.
Example: 7/8 or 3/4 or 1/2
          unicast_queues List, items: Dictionary
            - id Integer Required, Unique Min: 0
Max: 7
              unit String Valid Values:
- bytes
- cells
Unit to be used for the reservation value. If not specified, default is bytes.
              reserved Integer Amount of memory that should be reserved for this
queue.
              threshold String Dynamic Shared Memory threshold.
              drop Dictionary
                precedence Integer Required Valid Values:
- 1
- 2
                threshold String Required Drop Treshold. This value may also be fractions.
Example: 7/8 or 3/4 or 1/2
  sand Dictionary Most of the platform sand options are hardware dependent and optional
    qos_maps List, items: Dictionary
      - traffic_class Integer Min: 0
Max: 7
        to_network_qos Integer Min: 0
Max: 63
    lag Dictionary
      hardware_only Boolean
      mode String
    forwarding_mode String
    multicast_replication Dictionary
      default String Valid Values:
- ingress
- egress
    mdb_profile String Valid Values:
- balanced
- balanced-xl
- l3
- l3-xl
- l3-xxl
- l3-xxxl
Sand platforms MDB Profile configuration. Note: l3-xxxl does not support MLAG.
  sfe Dictionary Sfe (Software Forwarding Engine) settings.
    data_plane_cpu_allocation_max Integer Min: 1
Max: 128
Maximum number of CPUs used for data plane traffic forwarding.
# Every key below this point is platform dependent.
platform:
  trident:
    forwarding_table_partition: <str>

    # Memory Management Unit settings.
    mmu:

      # The queue profile to be applied to the platform.
      active_profile: <str>
      queue_profiles:
        - name: <str; required; unique>
          multicast_queues:
            - id: <int; 0-7; required; unique>

              # Unit to be used for the reservation value. If not specified, default is bytes.
              unit: <str; "bytes" | "cells">

              # Amount of memory that should be reserved for this
              # queue.
              reserved: <int>

              # Dynamic Shared Memory threshold.
              threshold: <str>
              drop:
                precedence: <int; 1 | 2; required>

                # Drop Treshold. This value may also be fractions.
                # Example: 7/8 or 3/4 or 1/2
                threshold: <str; required>
          unicast_queues:
            - id: <int; 0-7; required; unique>

              # Unit to be used for the reservation value. If not specified, default is bytes.
              unit: <str; "bytes" | "cells">

              # Amount of memory that should be reserved for this
              # queue.
              reserved: <int>

              # Dynamic Shared Memory threshold.
              threshold: <str>
              drop:
                precedence: <int; 1 | 2; required>

                # Drop Treshold. This value may also be fractions.
                # Example: 7/8 or 3/4 or 1/2
                threshold: <str; required>

  # Most of the platform sand options are hardware dependent and optional
  sand:
    qos_maps:
      - traffic_class: <int; 0-7>
        to_network_qos: <int; 0-63>
    lag:
      hardware_only: <bool>
      mode: <str>
    forwarding_mode: <str>
    multicast_replication:
      default: <str; "ingress" | "egress">

    # Sand platforms MDB Profile configuration. Note: l3-xxxl does not support MLAG.
    mdb_profile: <str; "balanced" | "balanced-xl" | "l3" | "l3-xl" | "l3-xxl" | "l3-xxxl">

  # Sfe (Software Forwarding Engine) settings.
  sfe:

    # Maximum number of CPUs used for data plane traffic forwarding.
    data_plane_cpu_allocation_max: <int; 1-128>

PoE

Variable Type Required Default Value Restrictions Description
poe Dictionary
  reboot Dictionary Set the global PoE power behavior for PoE ports when the system is rebooted.
    action String Valid Values:
- power-off
- maintain
PoE action for interface. By default in EOS, reboot action is set to power-off.
  interface_shutdown Dictionary Set the global PoE power behavior for PoE ports when ports are admin down
    action String Valid Values:
- power-off
- maintain
PoE action for interface. By default in EOS, interface shutdown action is set to maintain.
poe:

  # Set the global PoE power behavior for PoE ports when the system is rebooted.
  reboot:

    # PoE action for interface. By default in EOS, reboot action is set to power-off.
    action: <str; "power-off" | "maintain">

  # Set the global PoE power behavior for PoE ports when ports are admin down
  interface_shutdown:

    # PoE action for interface. By default in EOS, interface shutdown action is set to maintain.
    action: <str; "power-off" | "maintain">

PTP

Variable Type Required Default Value Restrictions Description
ptp Dictionary
  mode String Valid Values:
- boundary
- transparent
  forward_unicast Boolean
  clock_identity String The clock-id in xx:xx:xx:xx:xx:xx format
  source Dictionary
    ip String Source IP
  priority1 Integer Min: 0
Max: 255
  priority2 Integer Min: 0
Max: 255
  ttl Integer Min: 1
Max: 255
  domain Integer Min: 0
Max: 255
  message_type Dictionary
    general Dictionary
      dscp Integer
    event Dictionary
      dscp Integer
  monitor Dictionary
    enabled Boolean True
    threshold Dictionary
      offset_from_master Integer Min: 0
Max: 1000000000
      mean_path_delay Integer Min: 0
Max: 1000000000
      drop Dictionary
        offset_from_master Integer Min: 0
Max: 1000000000
        mean_path_delay Integer Min: 0
Max: 1000000000
    missing_message Dictionary
      intervals Dictionary
        announce Integer Min: 2
Max: 255
        follow_up Integer Min: 2
Max: 255
        sync Integer Min: 2
Max: 255
      sequence_ids Dictionary
        enabled Boolean
        announce Integer Min: 2
Max: 255
        delay_resp Integer Min: 2
Max: 255
        follow_up Integer Min: 2
Max: 255
        sync Integer Min: 2
Max: 255
ptp:
  mode: <str; "boundary" | "transparent">
  forward_unicast: <bool>

  # The clock-id in xx:xx:xx:xx:xx:xx format
  clock_identity: <str>
  source:

    # Source IP
    ip: <str>
  priority1: <int; 0-255>
  priority2: <int; 0-255>
  ttl: <int; 1-255>
  domain: <int; 0-255>
  message_type:
    general:
      dscp: <int>
    event:
      dscp: <int>
  monitor:
    enabled: <bool; default=True>
    threshold:
      offset_from_master: <int; 0-1000000000>
      mean_path_delay: <int; 0-1000000000>
      drop:
        offset_from_master: <int; 0-1000000000>
        mean_path_delay: <int; 0-1000000000>
    missing_message:
      intervals:
        announce: <int; 2-255>
        follow_up: <int; 2-255>
        sync: <int; 2-255>
      sequence_ids:
        enabled: <bool>
        announce: <int; 2-255>
        delay_resp: <int; 2-255>
        follow_up: <int; 2-255>
        sync: <int; 2-255>

Redundancy

Variable Type Required Default Value Restrictions Description
redundancy Dictionary
  protocol String Redundancy Protocol
redundancy:

  # Redundancy Protocol
  protocol: <str>

System

Variable Type Required Default Value Restrictions Description
system Dictionary
  control_plane Dictionary
    tcp_mss Dictionary
      ipv4 Integer Segment size
      ipv6 Integer Segment size
    ipv4_access_groups List, items: Dictionary
      - acl_name String Required, Unique
        vrf String
    ipv6_access_groups List, items: Dictionary
      - acl_name String Required, Unique
        vrf String
  l1 Dictionary
    unsupported_speed_action String Valid Values:
- error
- warn
    unsupported_error_correction_action String Valid Values:
- error
- warn
system:
  control_plane:
    tcp_mss:

      # Segment size
      ipv4: <int>

      # Segment size
      ipv6: <int>
    ipv4_access_groups:
      - acl_name: <str; required; unique>
        vrf: <str>
    ipv6_access_groups:
      - acl_name: <str; required; unique>
        vrf: <str>
  l1:
    unsupported_speed_action: <str; "error" | "warn">
    unsupported_error_correction_action: <str; "error" | "warn">

TCAM profile

Variable Type Required Default Value Restrictions Description
tcam_profile Dictionary
  system String TCAM profile name to activate
  profiles List, items: Dictionary
    - name String Required, Unique Tcam-Profile Name
      config String TCAM Profile Config. Since these can be very long, it is often a good idea to import the config from a file.
Example: “{{ lookup(‘file’, ‘TCAM_TRAFFIC_POLICY.conf’) }}”
      source String TCAM profile local source path. Used to read the TCAM profile from a local path existing on the device.
tcam_profile:

  # TCAM profile name to activate
  system: <str>
  profiles:

      # Tcam-Profile Name
    - name: <str; required; unique>

      # TCAM Profile Config. Since these can be very long, it is often a good idea to import the config from a file.
      # Example: "{{ lookup('file', 'TCAM_TRAFFIC_POLICY.conf') }}"
      config: <str>

      # TCAM profile local source path. Used to read the TCAM profile from a local path existing on the device.
      source: <str>

Metadata

These fields are not generating any configuration. They are meant to be used by tools that parse structured configuration.

Variable Type Required Default Value Restrictions Description
metadata Dictionary Key only used for documentation or validation purposes
  platform String
# Key only used for documentation or validation purposes
metadata:
  platform: <str>