Skip to content

Input variables for eos_cli_config_gen

This document describes the supported input variables for the role arista.avd.eos_cli_config_gen.

Since several data models have changed between AVD versions 3.x and 4.x, it is recommended to study the Porting Guide for AVD 4.x.x for existing deployments.

The input variables are documented below in tables and YAML.

All values are optional.

Note

All input variables are validated by a schema. If additional custom keys are desired, a key starting with an underscore _, will be ignored.

Warning

Available features and variables may vary by platforms, refer to documentation on arista.com for specifics.

Authentication

AAA accounting

Variable Type Required Default Value Restrictions Description
aaa_accounting Dictionary
  exec Dictionary
    console Dictionary
      type String Valid Values:
- none
- start-stop
- stop-only
      group String Group Name.
      logging Boolean
    default Dictionary
      type String Valid Values:
- none
- start-stop
- stop-only
      group String Group Name.
      logging Boolean
  system Dictionary
    default Dictionary
      type String Valid Values:
- none
- start-stop
- stop-only
      group String Group Name.
  dot1x Dictionary
    default Dictionary
      type String Valid Values:
- start-stop
- stop-only
      group String Group Name.
  commands Dictionary
    console List, items: Dictionary
      - commands String Privilege level ‘all’ or 0-15.
        type String Valid Values:
- none
- start-stop
- stop-only
        group String Group Name.
        logging Boolean
    default List, items: Dictionary
      - commands String Privilege level ‘all’ or 0-15.
        type String Valid Values:
- none
- start-stop
- stop-only
        group String Group Name.
        logging Boolean
aaa_accounting:
  exec:
    console:
      type: <str; "none" | "start-stop" | "stop-only">

      # Group Name.
      group: <str>
      logging: <bool>
    default:
      type: <str; "none" | "start-stop" | "stop-only">

      # Group Name.
      group: <str>
      logging: <bool>
  system:
    default:
      type: <str; "none" | "start-stop" | "stop-only">

      # Group Name.
      group: <str>
  dot1x:
    default:
      type: <str; "start-stop" | "stop-only">

      # Group Name.
      group: <str>
  commands:
    console:

        # Privilege level 'all' or 0-15.
      - commands: <str>
        type: <str; "none" | "start-stop" | "stop-only">

        # Group Name.
        group: <str>
        logging: <bool>
    default:

        # Privilege level 'all' or 0-15.
      - commands: <str>
        type: <str; "none" | "start-stop" | "stop-only">

        # Group Name.
        group: <str>
        logging: <bool>

AAA authentication

Variable Type Required Default Value Restrictions Description
aaa_authentication Dictionary
  login Dictionary
    default String Login authentication method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group radius group MYGROUP local”
    console String Console authentication method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group radius group MYGROUP local”
  enable Dictionary
    default String Enable authentication method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group radius group MYGROUP local”
  dot1x Dictionary
    default String 802.1x authentication method(s) as a string.
Examples:
- “group radius”
- “group MYGROUP group radius”
  policies Dictionary
    on_failure_log Boolean
    on_success_log Boolean
    local Dictionary
      allow_nopassword Boolean
    lockout Dictionary
      failure Integer Min: 1
Max: 255
      duration Integer Min: 1
Max: 4294967295
      window Integer Min: 1
Max: 4294967295
aaa_authentication:
  login:

    # Login authentication method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group radius group MYGROUP local"
    default: <str>

    # Console authentication method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group radius group MYGROUP local"
    console: <str>
  enable:

    # Enable authentication method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group radius group MYGROUP local"
    default: <str>
  dot1x:

    # 802.1x authentication method(s) as a string.
    # Examples:
    # - "group radius"
    # - "group MYGROUP group radius"
    default: <str>
  policies:
    on_failure_log: <bool>
    on_success_log: <bool>
    local:
      allow_nopassword: <bool>
    lockout:
      failure: <int; 1-255>
      duration: <int; 1-4294967295>
      window: <int; 1-4294967295>

AAA authorization

Variable Type Required Default Value Restrictions Description
aaa_authorization Dictionary
  policy Dictionary
    local_default_role String
  exec Dictionary
    default String Exec authorization method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group radius group MYGROUP local”
  config_commands Boolean
  serial_console Boolean
  dynamic Dictionary
    dot1x_additional_groups List, items: String Min Length: 1
      - <str> String
  commands Dictionary
    all_default String Command authorization method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group tacacs+ group MYGROUP local
    privilege List, items: Dictionary
      - level String Privilege level(s) 0-15.
        default String Command authorization method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group tacacs+ group MYGROUP local”
aaa_authorization:
  policy:
    local_default_role: <str>
  exec:

    # Exec authorization method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group radius group MYGROUP local"
    default: <str>
  config_commands: <bool>
  serial_console: <bool>
  dynamic:
    dot1x_additional_groups: # >=1 items
      - <str>
  commands:

    # Command authorization method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group tacacs+ group MYGROUP local
    all_default: <str>
    privilege:

        # Privilege level(s) 0-15.
      - level: <str>

        # Command authorization method(s) as a string.
        # Examples:
        # - "group tacacs+ local"
        # - "group MYGROUP none"
        # - "group tacacs+ group MYGROUP local"
        default: <str>

AAA root

Variable Type Required Default Value Restrictions Description
aaa_root Dictionary
  secret Dictionary
    sha512_password String
aaa_root:
  secret:
    sha512_password: <str>

AAA server groups

Variable Type Required Default Value Restrictions Description
aaa_server_groups List, items: Dictionary
  - name String Group name.
    type String Valid Values:
- tacacs+
- radius
- ldap
    servers List, items: Dictionary
      - server String Hostname or IP address.
        vrf String VRF name.
aaa_server_groups:

    # Group name.
  - name: <str>
    type: <str; "tacacs+" | "radius" | "ldap">
    servers:

        # Hostname or IP address.
      - server: <str>

        # VRF name.
        vrf: <str>

Enable password

Variable Type Required Default Value Restrictions Description
enable_password Dictionary
  hash_algorithm String Valid Values:
- md5
- sha512
  key String Must be the hash of the password using the specified algorithm.
By default EOS salts the password, so the simplest is to generate the hash on an EOS device.
enable_password:
  hash_algorithm: <str; "md5" | "sha512">

  # Must be the hash of the password using the specified algorithm.
  # By default EOS salts the password, so the simplest is to generate the hash on an EOS device.
  key: <str>

IP radius source-interfaces

Variable Type Required Default Value Restrictions Description
ip_radius_source_interfaces List, items: Dictionary
  - name String Interface Name.
    vrf String VRF Name.
ip_radius_source_interfaces:

    # Interface Name.
  - name: <str>

    # VRF Name.
    vrf: <str>

IP tacacs source-interfaces

Variable Type Required Default Value Restrictions Description
ip_tacacs_source_interfaces List, items: Dictionary
  - name String Interface name.
    vrf String
ip_tacacs_source_interfaces:

    # Interface name.
  - name: <str>
    vrf: <str>

Local users

Variable Type Required Default Value Restrictions Description
local_users List, items: Dictionary
  - name String Required, Unique Username.
    disabled Boolean If true, the user will be removed and all other settings are ignored.
Useful for removing the default “admin” user.
    privilege Integer Min: 0
Max: 15
Initial privilege level with local EXEC authorization.
    role String EOS RBAC Role to be assigned to the user such as “network-admin” or “network-operator”.
    sha512_password String SHA512 Hash of Password.
Must be the hash of the password. By default EOS salts the password with the username, so the simplest is to generate the hash on an EOS device using the same username.
    no_password Boolean If set a password will not be configured for this user. “sha512_password” MUST not be defined for this user.
    ssh_key String
    secondary_ssh_key String
    shell String Valid Values:
- /bin/bash
- /bin/sh
- /sbin/nologin
Specify shell for the user.
local_users:

    # Username.
  - name: <str; required; unique>

    # If true, the user will be removed and all other settings are ignored.
    # Useful for removing the default "admin" user.
    disabled: <bool>

    # Initial privilege level with local EXEC authorization.
    privilege: <int; 0-15>

    # EOS RBAC Role to be assigned to the user such as "network-admin" or "network-operator".
    role: <str>

    # SHA512 Hash of Password.
    # Must be the hash of the password. By default EOS salts the password with the username, so the simplest is to generate the hash on an EOS device using the same username.
    sha512_password: <str>

    # If set a password will not be configured for this user. "sha512_password" MUST not be defined for this user.
    no_password: <bool>
    ssh_key: <str>
    secondary_ssh_key: <str>

    # Specify shell for the user.
    shell: <str; "/bin/bash" | "/bin/sh" | "/sbin/nologin">

Radius server

Variable Type Required Default Value Restrictions Description
radius_server Dictionary
  attribute_32_include_in_access_req Dictionary
    hostname Boolean
    format String Specify the format of the NAS-Identifier. If ‘hostname’ is set, this is ignored.
  dynamic_authorization Dictionary
    port Integer Min: 0
Max: 65535
TCP Port.
    tls_ssl_profile String Name of TLS profile.
  hosts List, items: Dictionary
    - host String Required, Unique Host IP address or name.
      vrf String
      timeout Integer Min: 1
Max: 1000
      retransmit Integer Min: 0
Max: 100
      key String Encrypted key.
radius_server:
  attribute_32_include_in_access_req:
    hostname: <bool>

    # Specify the format of the NAS-Identifier. If 'hostname' is set, this is ignored.
    format: <str>
  dynamic_authorization:

    # TCP Port.
    port: <int; 0-65535>

    # Name of TLS profile.
    tls_ssl_profile: <str>
  hosts:

      # Host IP address or name.
    - host: <str; required; unique>
      vrf: <str>
      timeout: <int; 1-1000>
      retransmit: <int; 0-100>

      # Encrypted key.
      key: <str>

Radius servers

Variable Type Required Default Value Restrictions Description
radius_servers deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version v5.0.0. Use radius_server.hosts instead.
  - host String Host IP address or name.
    vrf String
    key String Encrypted key.
# This key is deprecated.
# Support will be removed in AVD version v5.0.0.
# Use <samp>radius_server.hosts</samp> instead.
radius_servers:

    # Host IP address or name.
  - host: <str>
    vrf: <str>

    # Encrypted key.
    key: <str>

Roles

Variable Type Required Default Value Restrictions Description
roles List, items: Dictionary
  - name String Role name.
    sequence_numbers List, items: Dictionary
      - sequence Integer Sequence number.
        action String Valid Values:
- permit
- deny
        mode String “config”, “config-all”, “exec” or mode key as string.
        command String Command as string.
roles:

    # Role name.
  - name: <str>
    sequence_numbers:

        # Sequence number.
      - sequence: <int>
        action: <str; "permit" | "deny">

        # "config", "config-all", "exec" or mode key as string.
        mode: <str>

        # Command as string.
        command: <str>

Tacacs servers

Variable Type Required Default Value Restrictions Description
tacacs_servers Dictionary
  timeout Integer Min: 1
Max: 1000
Timeout in seconds.
  hosts List, items: Dictionary
    - host String Host IP address or name.
      vrf String
      key String Encrypted key.
      key_type String 7 Valid Values:
- 0
- 7
- 8a
      single_connection Boolean
      timeout Integer Min: 1
Max: 1000
Timeout in seconds.
  policy_unknown_mandatory_attribute_ignore Boolean
tacacs_servers:

  # Timeout in seconds.
  timeout: <int; 1-1000>
  hosts:

      # Host IP address or name.
    - host: <str>
      vrf: <str>

      # Encrypted key.
      key: <str>
      key_type: <str; "0" | "7" | "8a"; default="7">
      single_connection: <bool>

      # Timeout in seconds.
      timeout: <int; 1-1000>
  policy_unknown_mandatory_attribute_ignore: <bool>

ACLs

IP Extended access-lists

AVD currently supports two different data models for extended ACLs:

  • The legacy access_lists data model, for compatibility with existing deployments
  • The improved ip_access_lists data model, for access to more EOS features

Both data models can coexists without conflicts, as different keys are used: access_lists vs ip_access_lists. Access list names must be unique.

The legacy data model supports simplified ACL definition with sequence to action mapping:

Variable Type Required Default Value Restrictions Description
access_lists List, items: Dictionary
  - name String Required, Unique Access-list Name.
    counters_per_entry Boolean
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID.
        action String Required Action as string.
Example: “deny ip any any”
access_lists:

    # Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "deny ip any any"
        action: <str; required>

The improved data model has a more sophisticated design documented below:

Variable Type Required Default Value Restrictions Description
ip_access_lists List, items: Dictionary
  - name String Required, Unique Access-list Name.
    counters_per_entry Boolean
    entries List, items: Dictionary ACL Entries.
      - sequence Integer ACL entry sequence number.
        remark String Comment up to 100 characters.
If remark is defined, other keys in the ACL entry will be ignored.
        action String Valid Values:
- permit
- deny
ACL action.
Required except for remarks.
        protocol String “ip”, “tcp”, “udp”, “icmp” or other protocol name or number.
Required except for remarks.
        source String “any”, “/” or ““.
” without a mask means host.
Required except for remarks.
        source_ports_match String eq Valid Values:
- eq
- gt
- lt
- neq
- range
        source_ports List, items: String
          - <str> String TCP/UDP source port name or number.
        destination String “any”, “/” or ““.
” without a mask means host.
Required except for remarks.
        destination_ports_match String eq Valid Values:
- eq
- gt
- lt
- neq
- range
        destination_ports List, items: String
          - <str> String TCP/UDP destination port name or number.
        tcp_flags List, items: String
          - <str> String TCP Flag Name.
        fragments Boolean Match non-head fragment packets.
        log Boolean Log matches against this rule.
        ttl Integer Min: 0
Max: 255
TTL value.
        ttl_match String eq Valid Values:
- eq
- gt
- lt
- neq
        icmp_type String Message type name/number for ICMP packets.
        icmp_code String Message code for ICMP packets.
        nexthop_group String nexthop-group name.
        tracked Boolean Match packets in existing ICMP/UDP/TCP connections.
        dscp String DSCP value or name.
        vlan_number Integer
        vlan_inner Boolean False
        vlan_mask String 0x000-0xFFF VLAN mask.
ip_access_lists:

    # Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>

    # ACL Entries.
    entries:

        # ACL entry sequence number.
      - sequence: <int>

        # Comment up to 100 characters.
        # If remark is defined, other keys in the ACL entry will be ignored.
        remark: <str>

        # ACL action.
        # Required except for remarks.
        action: <str; "permit" | "deny">

        # "ip", "tcp", "udp", "icmp" or other protocol name or number.
        # Required except for remarks.
        protocol: <str>

        # "any", "<ip>/<mask>" or "<ip>".
        # "<ip>" without a mask means host.
        # Required except for remarks.
        source: <str>
        source_ports_match: <str; "eq" | "gt" | "lt" | "neq" | "range"; default="eq">
        source_ports:

            # TCP/UDP source port name or number.
          - <str>

        # "any", "<ip>/<mask>" or "<ip>".
        # "<ip>" without a mask means host.
        # Required except for remarks.
        destination: <str>
        destination_ports_match: <str; "eq" | "gt" | "lt" | "neq" | "range"; default="eq">
        destination_ports:

            # TCP/UDP destination port name or number.
          - <str>
        tcp_flags:

            # TCP Flag Name.
          - <str>

        # Match non-head fragment packets.
        fragments: <bool>

        # Log matches against this rule.
        log: <bool>

        # TTL value.
        ttl: <int; 0-255>
        ttl_match: <str; "eq" | "gt" | "lt" | "neq"; default="eq">

        # Message type name/number for ICMP packets.
        icmp_type: <str>

        # Message code for ICMP packets.
        icmp_code: <str>

        # nexthop-group name.
        nexthop_group: <str>

        # Match packets in existing ICMP/UDP/TCP connections.
        tracked: <bool>

        # DSCP value or name.
        dscp: <str>
        vlan_number: <int>
        vlan_inner: <bool; default=False>

        # 0x000-0xFFF VLAN mask.
        vlan_mask: <str>

The improved data model allows to limit the number of ACL entries that AVD is allowed to generate by defining ip_access_lists_max_entries. Only normal entries under ip_access_lists will be counted, remarks will be ignored. If the number is above the limit, the playbook will fail. This provides a simplified control over hardware utilization. The numbers must be based on the hardware tests and AVD does not provide any guidance. Note that other EOS features may use the same hardware resources and affect the supported scale.

Variable Type Required Default Value Restrictions Description
ip_access_lists_max_entries Integer Limit ACL entries defined under the ip_access_lists.
# Limit ACL entries defined under the `ip_access_lists`.
ip_access_lists_max_entries: <int>

IPv6 access-lists

Variable Type Required Default Value Restrictions Description
ipv6_access_lists List, items: Dictionary
  - name String Required, Unique IPv6 Access-list Name.
    counters_per_entry Boolean
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID.
        action String Required Action as string.
Example: “deny ipv6 any any”
ipv6_access_lists:

    # IPv6 Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "deny ipv6 any any"
        action: <str; required>

IPv6 standard access-lists

Variable Type Required Default Value Restrictions Description
ipv6_standard_access_lists List, items: Dictionary
  - name String Required, Unique Access-list Name.
    counters_per_entry Boolean
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID.
        action String Required Action as string.
Example: “deny ipv6 any any”
ipv6_standard_access_lists:

    # Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "deny ipv6 any any"
        action: <str; required>

MAC access-lists

Variable Type Required Default Value Restrictions Description
mac_access_lists List, items: Dictionary
  - name String Required, Unique MAC Access-list Name.
    counters_per_entry Boolean
    entries List, items: Dictionary
      - sequence Integer
        action String
mac_access_lists:

    # MAC Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>
    entries:
      - sequence: <int>
        action: <str>

Standard access-lists

Variable Type Required Default Value Restrictions Description
standard_access_lists List, items: Dictionary
  - name String Required, Unique Access-list Name.
    counters_per_entry Boolean
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID.
        action String Required Action as string.
Example: “deny ip any any”
standard_access_lists:

    # Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "deny ip any any"
        action: <str; required>

Endpoint Security

Address-locking

Variable Type Required Default Value Restrictions Description
address_locking Dictionary
  dhcp_servers_ipv4 List, items: String
    - <str> String DHCP server IPv4 address.
  disabled Boolean Disable IP locking on configured ports.
  leases List, items: Dictionary
    - ip String Required IP address.
      mac String Required MAC address (hhhh.hhhh.hhhh or hh:hh:hh:hh:hh:hh).
  local_interface String
  locked_address Dictionary
    expiration_mac_disabled Boolean Configure deauthorizing locked addresses upon MAC aging out.
    ipv4_enforcement_disabled Boolean Configure enforcement for locked IPv4 addresses.
    ipv6_enforcement_disabled Boolean Configure enforcement for locked IPv6 addresses.
address_locking:
  dhcp_servers_ipv4:

      # DHCP server IPv4 address.
    - <str>

  # Disable IP locking on configured ports.
  disabled: <bool>
  leases:

      # IP address.
    - ip: <str; required>

      # MAC address (hhhh.hhhh.hhhh or hh:hh:hh:hh:hh:hh).
      mac: <str; required>
  local_interface: <str>
  locked_address:

    # Configure deauthorizing locked addresses upon MAC aging out.
    expiration_mac_disabled: <bool>

    # Configure enforcement for locked IPv4 addresses.
    ipv4_enforcement_disabled: <bool>

    # Configure enforcement for locked IPv6 addresses.
    ipv6_enforcement_disabled: <bool>

Dot1x

Variable Type Required Default Value Restrictions Description
dot1x Dictionary
  system_auth_control Boolean
  protocol_lldp_bypass Boolean
  protocol_bpdu_bypass Boolean
  dynamic_authorization Boolean
  mac_based_authentication Dictionary
    delay Integer Min: 0
Max: 300
    hold_period Integer Min: 1
Max: 300
  radius_av_pair Dictionary
    service_type Boolean
    framed_mtu Integer Min: 68
Max: 9236
  aaa Dictionary Configure AAA parameters.
    unresponsive Dictionary Configure AAA timeout options.
      eap_response String Valid Values:
- success
- disabled
EAP response to send.
      action Dictionary Set action for supplicant when AAA times out.
        apply_cached_results Boolean Use results from a previous AAA response.
        cached_results_timeout Dictionary
          time_duration Integer Min: 1 Enable caching for a specific duration -
<1-10000> duration in days
<1-14400000> duration in minutes
<1-240000> duration in hours
<1-864000000> duration in seconds
          time_duration_unit String Required Valid Values:
- days
- hours
- minutes
- seconds
        apply_alternate Boolean Apply alternate action if primary action fails.
eg. aaa unresponsive action apply cached-results else traffic allow
        traffic_allow Boolean Set action for supplicant traffic when AAA times out.
        traffic_allow_vlan Integer Min: 1
Max: 4094
      phone_action Dictionary Set action for supplicant when AAA times out.
        apply_cached_results Boolean Use results from a previous AAA response.
        cached_results_timeout Dictionary
          time_duration Integer Min: 1 Enable caching for a specific duration -
<1-10000> duration in days
<1-14400000> duration in minutes
<1-240000> duration in hours
<1-864000000> duration in seconds
          time_duration_unit String Required Valid Values:
- days
- hours
- minutes
- seconds
        apply_alternate Boolean Apply alternate action if primary action fails.
eg. aaa unresponsive phone action apply cached-results else traffic allow
        traffic_allow Boolean Set action for supplicant traffic when AAA times out.
      recovery_action_reauthenticate Boolean
    accounting_update_interval Integer Min: 5
Max: 65535
Interval period in seconds.
dot1x:
  system_auth_control: <bool>
  protocol_lldp_bypass: <bool>
  protocol_bpdu_bypass: <bool>
  dynamic_authorization: <bool>
  mac_based_authentication:
    delay: <int; 0-300>
    hold_period: <int; 1-300>
  radius_av_pair:
    service_type: <bool>
    framed_mtu: <int; 68-9236>

  # Configure AAA parameters.
  aaa:

    # Configure AAA timeout options.
    unresponsive:

      # EAP response to send.
      eap_response: <str; "success" | "disabled">

      # Set action for supplicant when AAA times out.
      action:

        # Use results from a previous AAA response.
        apply_cached_results: <bool>
        cached_results_timeout:

          # Enable caching for a specific duration -
          # <1-10000>      duration in days
          # <1-14400000>   duration in minutes
          # <1-240000>     duration in hours
          # <1-864000000>  duration in seconds
          time_duration: <int; >=1>
          time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>

        # Apply alternate action if primary action fails.
        # eg. aaa unresponsive action apply cached-results else traffic allow
        apply_alternate: <bool>

        # Set action for supplicant traffic when AAA times out.
        traffic_allow: <bool>
        traffic_allow_vlan: <int; 1-4094>

      # Set action for supplicant when AAA times out.
      phone_action:

        # Use results from a previous AAA response.
        apply_cached_results: <bool>
        cached_results_timeout:

          # Enable caching for a specific duration -
          # <1-10000>      duration in days
          # <1-14400000>   duration in minutes
          # <1-240000>     duration in hours
          # <1-864000000>  duration in seconds
          time_duration: <int; >=1>
          time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>

        # Apply alternate action if primary action fails.
        # eg. aaa unresponsive phone action apply cached-results else traffic allow
        apply_alternate: <bool>

        # Set action for supplicant traffic when AAA times out.
        traffic_allow: <bool>
      recovery_action_reauthenticate: <bool>

    # Interval period in seconds.
    accounting_update_interval: <int; 5-65535>

MAC security

Variable Type Required Default Value Restrictions Description
mac_security Dictionary
  license Dictionary
    license_name String Required
    license_key String Required
  fips_restrictions Boolean
  profiles List, items: Dictionary
    - name String Required, Unique Profile-Name.
      cipher String Valid Values:
- aes128-gcm
- aes128-gcm-xpn
- aes256-gcm
- aes256-gcm-xpn
      connection_keys List, items: Dictionary
        - id String Required, Unique
          encrypted_key String
          fallback Boolean
      mka Dictionary
        key_server_priority Integer Min: 0
Max: 255
        session Dictionary
          rekey_period Integer Min: 30
Max: 100000
Rekey period in seconds.
      sci Boolean
      l2_protocols Dictionary
        ethernet_flow_control Dictionary
          mode String Required Valid Values:
- encrypt
- bypass
        lldp Dictionary
          mode String Required Valid Values:
- bypass
- bypass unauthorized
mac_security:
  license:
    license_name: <str; required>
    license_key: <str; required>
  fips_restrictions: <bool>
  profiles:

      # Profile-Name.
    - name: <str; required; unique>
      cipher: <str; "aes128-gcm" | "aes128-gcm-xpn" | "aes256-gcm" | "aes256-gcm-xpn">
      connection_keys:
        - id: <str; required; unique>
          encrypted_key: <str>
          fallback: <bool>
      mka:
        key_server_priority: <int; 0-255>
        session:

          # Rekey period in seconds.
          rekey_period: <int; 30-100000>
      sci: <bool>
      l2_protocols:
        ethernet_flow_control:
          mode: <str; "encrypt" | "bypass"; required>
        lldp:
          mode: <str; "bypass" | "bypass unauthorized"; required>

Filters and policies

AS path

Variable Type Required Default Value Restrictions Description
as_path Dictionary
  regex_mode String Valid Values:
- asn
- string
  access_lists List, items: Dictionary
    - name String Access List Name.
      entries List, items: Dictionary
        - type String Valid Values:
- permit
- deny
          match String Regex To Match.
          origin String any Valid Values:
- any
- egp
- igp
- incomplete
as_path:
  regex_mode: <str; "asn" | "string">
  access_lists:

      # Access List Name.
    - name: <str>
      entries:
        - type: <str; "permit" | "deny">

          # Regex To Match.
          match: <str>
          origin: <str; "any" | "egp" | "igp" | "incomplete"; default="any">

Class-maps

Variable Type Required Default Value Restrictions Description
class_maps Dictionary
  pbr List, items: Dictionary
    - name String Required, Unique Class-Map Name.
      ip Dictionary
        access_group String Standard Access-List Name.
  qos List, items: Dictionary
    - name String Required, Unique Class-Map Name.
      vlan String VLAN value(s) or range(s) of VLAN values.
      cos String CoS value(s) or range(s) of CoS values.
      ip Dictionary
        access_group String IPv4 Access-List Name.
      ipv6 Dictionary
        access_group String IPv6 Access-List Name.
class_maps:
  pbr:

      # Class-Map Name.
    - name: <str; required; unique>
      ip:

        # Standard Access-List Name.
        access_group: <str>
  qos:

      # Class-Map Name.
    - name: <str; required; unique>

      # VLAN value(s) or range(s) of VLAN values.
      vlan: <str>

      # CoS value(s) or range(s) of CoS values.
      cos: <str>
      ip:

        # IPv4 Access-List Name.
        access_group: <str>
      ipv6:

        # IPv6 Access-List Name.
        access_group: <str>

Dynamic prefix lists

Variable Type Required Default Value Restrictions Description
dynamic_prefix_lists List, items: Dictionary
  - name String Dynamic prefix-list name.
    match_map String Route-map name.
    prefix_list Dictionary
      ipv4 String Prefix-list name.
      ipv6 String Prefix-list name.
dynamic_prefix_lists:

    # Dynamic prefix-list name.
  - name: <str>

    # Route-map name.
    match_map: <str>
    prefix_list:

      # Prefix-list name.
      ipv4: <str>

      # Prefix-list name.
      ipv6: <str>

IP community lists

AVD currently supports two different data models for community lists:

  • The legacy community_lists data model that can be used for compatibility with the existing deployments.
  • The improved ip_community_lists data model.

Both data models can coexist without conflicts, as different keys are used: community_lists vs ip_community_lists. Community list names must be unique.

The legacy data model supports simplified community list definition that only allows a single action to be defined as string:

Variable Type Required Default Value Restrictions Description
community_lists List, items: Dictionary
  - name String Required, Unique Community-list Name.
    action String Required Action as string.
Example: “permit GSHUT 65123:123”
community_lists:

    # Community-list Name.
  - name: <str; required; unique>

    # Action as string.
    # Example: "permit GSHUT 65123:123"
    action: <str; required>

The improved data model has a better design documented below:

Variable Type Required Default Value Restrictions Description
ip_community_lists List, items: Dictionary Communities and regexp entries MUST not be configured in the same community-list.
  - name String Required, Unique IP Community-list Name.
    entries List, items: Dictionary Required
      - action String Required Valid Values:
- permit
- deny
        communities List, items: String If defined, a standard community-list will be configured.
Supported community strings (case insensitive):
- GSHUT
- internet
- local-as
- no-advertise
- no-export
- <1-4294967040>
- aa:nn
          - <str> String
        regexp String Regular Expression.
If defined, a regex community-list will be configured.
# Communities and regexp entries MUST not be configured in the same community-list.
ip_community_lists:

    # IP Community-list Name.
  - name: <str; required; unique>
    entries: # required
      - action: <str; "permit" | "deny"; required>

        # If defined, a standard community-list will be configured.
        # Supported community strings (case insensitive):
        # - GSHUT
        # - internet
        # - local-as
        # - no-advertise
        # - no-export
        # - <1-4294967040>
        # - aa:nn
        communities:
          - <str>

        # Regular Expression.
        # If defined, a regex community-list will be configured.
        regexp: <str>

IP extcommunity-lists

Variable Type Required Default Value Restrictions Description
ip_extcommunity_lists List, items: Dictionary
  - name String Required, Unique Community-list Name.
    entries List, items: Dictionary Required
      - type String Required Valid Values:
- permit
- deny
        extcommunities String Required Communities as string.
Example: “65000:65000”
ip_extcommunity_lists:

    # Community-list Name.
  - name: <str; required; unique>
    entries: # required
      - type: <str; "permit" | "deny"; required>

        # Communities as string.
        # Example: "65000:65000"
        extcommunities: <str; required>

IP extcommunity-lists-regexp

Variable Type Required Default Value Restrictions Description
ip_extcommunity_lists_regexp List, items: Dictionary
  - name String Required, Unique Community-list Name.
    entries List, items: Dictionary Required
      - type String Required Valid Values:
- permit
- deny
        regexp String Required Regular Expression.
ip_extcommunity_lists_regexp:

    # Community-list Name.
  - name: <str; required; unique>
    entries: # required
      - type: <str; "permit" | "deny"; required>

        # Regular Expression.
        regexp: <str; required>

IPv6 prefix-lists

Variable Type Required Default Value Restrictions Description
ipv6_prefix_lists List, items: Dictionary
  - name String Required, Unique Prefix-list Name.
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID.
        action String Required Action as string.
Example: “permit 1b11:3a00:22b0:0082::/64 eq 128”
ipv6_prefix_lists:

    # Prefix-list Name.
  - name: <str; required; unique>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "permit 1b11:3a00:22b0:0082::/64 eq 128"
        action: <str; required>

Match list input

Variable Type Required Default Value Restrictions Description
match_list_input Dictionary
  prefix_ipv4 List, items: Dictionary
    - name String Required, Unique Prefix-List Name.
      prefixes List, items: String Required Min Length: 1 List of IPv4 prefixes (with the subnet mask e.g. 192.0.2.0/24).
        - <str> String
  prefix_ipv6 List, items: Dictionary
    - name String Required, Unique Prefix-List Name.
      prefixes List, items: String Required Min Length: 1 List of IPv6 prefixes (with the subnet mask e.g. 2001:db8:abcd:0013::/64).
        - <str> String
  string List, items: Dictionary
    - name String Required, Unique Match-list Name.
      sequence_numbers List, items: Dictionary Required
        - sequence Integer Required, Unique Sequence ID.
          match_regex String Required Regular Expression.
match_list_input:
  prefix_ipv4:

      # Prefix-List Name.
    - name: <str; required; unique>

      # List of IPv4 prefixes (with the subnet mask e.g. 192.0.2.0/24).
      prefixes: # >=1 items; required
        - <str>
  prefix_ipv6:

      # Prefix-List Name.
    - name: <str; required; unique>

      # List of IPv6 prefixes (with the subnet mask e.g. 2001:db8:abcd:0013::/64).
      prefixes: # >=1 items; required
        - <str>
  string:

      # Match-list Name.
    - name: <str; required; unique>
      sequence_numbers: # required

          # Sequence ID.
        - sequence: <int; required; unique>

          # Regular Expression.
          match_regex: <str; required>

Peer-filters

Variable Type Required Default Value Restrictions Description
peer_filters List, items: Dictionary
  - name String Required, Unique Peer-filter Name.
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID.
        match String Required Match as string.
Example: “as-range 1-100 result accept”
peer_filters:

    # Peer-filter Name.
  - name: <str; required; unique>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Match as string.
        # Example: "as-range 1-100 result accept"
        match: <str; required>

Policy-maps

Variable Type Required Default Value Restrictions Description
policy_maps Dictionary
  pbr List, items: Dictionary PBR Policy-Maps.
    - name String Required, Unique Policy-Map Name.
      classes List, items: Dictionary
        - name String Required, Unique Class Name.
          index Integer
          drop Boolean ‘drop’ and ‘set’ are mutually exclusive.
          set Dictionary Set Nexthop
‘drop’ and ‘set’ are mutually exclusive.
            nexthop Dictionary
              ip_address String IPv4 or IPv6 Address.
              recursive Boolean
  qos List, items: Dictionary QOS Policy-Maps.
    - name String Required, Unique Policy-Map Name.
      classes List, items: Dictionary
        - name String Required, Unique Class Name.
          set Dictionary
            cos Integer
            dscp String
            traffic_class Integer
            drop_precedence Integer
          police Dictionary
            rate Integer Specify rate.
Range in kbps <8-200000000>.
            rate_unit String bps Valid Values:
- bps
- kbps
- mbps
- pps
            rate_burst_size Integer Range in bytes <256-128000000>.
            rate_burst_size_unit String bytes Valid Values:
- bytes
- kbytes
- mbytes
- packets
            action Dictionary
              type String Valid Values:
- dscp
- drop-precedence
Set action for policed traffic.
              dscp_value String Set when action.type is set to “dscp”.
            higher_rate Integer Specify higher rate.
Range in kbps .
            higher_rate_unit String bps Valid Values:
- bps
- kbps
- mbps
- pps
            higher_rate_burst_size Integer Range in bytes <256-128000000>.
            higher_rate_burst_size_unit String bytes Valid Values:
- bytes
- kbytes
- mbytes
- packets
  copp_system_policy Dictionary Control-plane policy configuration.
    classes List, items: Dictionary
      - name String Required, Unique
        shape Integer Min: 0
Max: 10000000
Maximum rate limit.
        bandwidth Integer Min: 0
Max: 10000000
Minimum bandwidth.
        rate_unit String Valid Values:
- pps
- kbps
The rate_unit must be defined for shape and bandwidth.
policy_maps:

  # PBR Policy-Maps.
  pbr:

      # Policy-Map Name.
    - name: <str; required; unique>
      classes:

          # Class Name.
        - name: <str; required; unique>
          index: <int>

          # 'drop' and 'set' are mutually exclusive.
          drop: <bool>

          # Set Nexthop
          # 'drop' and 'set' are mutually exclusive.
          set:
            nexthop:

              # IPv4 or IPv6 Address.
              ip_address: <str>
              recursive: <bool>

  # QOS Policy-Maps.
  qos:

      # Policy-Map Name.
    - name: <str; required; unique>
      classes:

          # Class Name.
        - name: <str; required; unique>
          set:
            cos: <int>
            dscp: <str>
            traffic_class: <int>
            drop_precedence: <int>
          police:

            # Specify rate.
            # Range in kbps <8-200000000>.
            rate: <int>
            rate_unit: <str; "bps" | "kbps" | "mbps" | "pps"; default="bps">

            # Range in bytes <256-128000000>.
            rate_burst_size: <int>
            rate_burst_size_unit: <str; "bytes" | "kbytes" | "mbytes" | "packets"; default="bytes">
            action:

              # Set action for policed traffic.
              type: <str; "dscp" | "drop-precedence">

              # Set when action.type is set to "dscp".
              dscp_value: <str>

            # Specify higher rate.
            # Range in kbps <lower_rate in kbps + 8 - lower_rate in kbps + 200000000>.
            higher_rate: <int>
            higher_rate_unit: <str; "bps" | "kbps" | "mbps" | "pps"; default="bps">

            # Range in bytes <256-128000000>.
            higher_rate_burst_size: <int>
            higher_rate_burst_size_unit: <str; "bytes" | "kbytes" | "mbytes" | "packets"; default="bytes">

  # Control-plane policy configuration.
  copp_system_policy:
    classes:
      - name: <str; required; unique>

        # Maximum rate limit.
        shape: <int; 0-10000000>

        # Minimum bandwidth.
        bandwidth: <int; 0-10000000>

        # The `rate_unit` must be defined for `shape` and `bandwidth`.
        rate_unit: <str; "pps" | "kbps">

Prefix-lists

Variable Type Required Default Value Restrictions Description
prefix_lists List, items: Dictionary
  - name String Required, Unique Prefix-list Name.
    sequence_numbers List, items: Dictionary
      - sequence Integer Required, Unique Sequence ID.
        action String Required Action as string.
Example: “permit 10.255.0.0/27 eq 32”
prefix_lists:

    # Prefix-list Name.
  - name: <str; required; unique>
    sequence_numbers:

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "permit 10.255.0.0/27 eq 32"
        action: <str; required>

Route-maps

Variable Type Required Default Value Restrictions Description
route_maps List, items: Dictionary
  - name String Required, Unique Route-map Name.
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID.
        type String Required Valid Values:
- permit
- deny
        description String
        match List, items: String List of “match” statements.
          - <str> String Match as string.
Example: “ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY”
        set List, items: String List of “set” statements.
          - <str> String Set as string.
Example: “origin incomplete”
        sub_route_map String Name of Sub-Route-map.
        continue Dictionary
          enabled Boolean
          sequence_number Integer
route_maps:

    # Route-map Name.
  - name: <str; required; unique>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>
        type: <str; "permit" | "deny"; required>
        description: <str>

        # List of "match" statements.
        match:

            # Match as string.
            # Example: "ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY"
          - <str>

        # List of "set" statements.
        set:

            # Set as string.
            # Example: "origin incomplete"
          - <str>

        # Name of Sub-Route-map.
        sub_route_map: <str>
        continue:
          enabled: <bool>
          sequence_number: <int>

Trackers

Variable Type Required Default Value Restrictions Description
trackers List, items: Dictionary
  - name String Required, Unique Name of tracker object.
    interface String Required Name of tracked interface.
    tracked_property String line-protocol Property to track.
trackers:

    # Name of tracker object.
  - name: <str; required; unique>

    # Name of tracked interface.
    interface: <str; required>

    # Property to track.
    tracked_property: <str; default="line-protocol">

Traffic policies

Variable Type Required Default Value Restrictions Description
traffic_policies Dictionary
  options Dictionary
    counter_per_interface Boolean
  field_sets Dictionary
    ipv4 List, items: Dictionary
      - name String Required, Unique IPv4 Prefix Field Set Name.
        prefixes List, items: String
          - <str> String IPv4 Prefix.
    ipv6 List, items: Dictionary
      - name String Required, Unique IPv6 Prefix Field Set Name.
        prefixes List, items: String
          - <str> String IPv6 Prefix.
    ports List, items: Dictionary
      - name String Required, Unique L4 Port Field Set Name.
        port_range String Example: ‘10,20,80,440-450’
  policies List, items: Dictionary
    - name String Required, Unique Traffic Policy Name.
      matches List, items: Dictionary
        - name String Required, Unique Traffic Policy Item.
          type String Valid Values:
- ipv4
- ipv6
          source Dictionary
            prefixes List, items: String
              - <str> String IP address or prefix.
            prefix_lists List, items: String Field-set prefix lists.
              - <str> String
          destination Dictionary
            prefixes List, items: String
              - <str> String IP address or prefix.
            prefix_lists List, items: String Field-set prefix lists.
              - <str> String
          ttl String TTL range.
          fragment Dictionary The ‘fragment’ command is not supported when ‘source port’
or ‘destination port’ command is configured.
            offset String Fragment offset range.
          protocols List, items: Dictionary
            - protocol String Required, Unique
              src_port String Port range.
              dst_port String Port range.
              src_field String L4 port range field set.
              dst_field String L4 port range field set.
              flags List, items: String
                - <str> String Valid Values:
- established
- initial
              icmp_type List, items: String
                - <str> String
          actions Dictionary
            dscp Integer
            traffic_class Integer Traffic class ID.
            count String Counter name.
            drop Boolean
            log Boolean Only supported when action is set to drop.
      default_actions Dictionary
        ipv4 Dictionary
          dscp Integer
          traffic_class Integer Traffic class ID.
          count String Counter name.
          drop Boolean
          log Boolean Only supported when action is set to drop.
        ipv6 Dictionary
          dscp Integer
          traffic_class Integer Traffic class ID.
          count String Counter name.
          drop Boolean
          log Boolean Only supported when action is set to drop.
traffic_policies:
  options:
    counter_per_interface: <bool>
  field_sets:
    ipv4:

        # IPv4 Prefix Field Set Name.
      - name: <str; required; unique>
        prefixes:

            # IPv4 Prefix.
          - <str>
    ipv6:

        # IPv6 Prefix Field Set Name.
      - name: <str; required; unique>
        prefixes:

            # IPv6 Prefix.
          - <str>
    ports:

        # L4 Port Field Set Name.
      - name: <str; required; unique>

        # Example: '10,20,80,440-450'
        port_range: <str>
  policies:

      # Traffic Policy Name.
    - name: <str; required; unique>
      matches:

          # Traffic Policy Item.
        - name: <str; required; unique>
          type: <str; "ipv4" | "ipv6">
          source:
            prefixes:

                # IP address or prefix.
              - <str>

            # Field-set prefix lists.
            prefix_lists:
              - <str>
          destination:
            prefixes:

                # IP address or prefix.
              - <str>

            # Field-set prefix lists.
            prefix_lists:
              - <str>

          # TTL range.
          ttl: <str>

          # The 'fragment' command is not supported when 'source port'
          # or 'destination port' command is configured.
          fragment:

            # Fragment offset range.
            offset: <str>
          protocols:
            - protocol: <str; required; unique>

              # Port range.
              src_port: <str>

              # Port range.
              dst_port: <str>

              # L4 port range field set.
              src_field: <str>

              # L4 port range field set.
              dst_field: <str>
              flags:
                - <str; "established" | "initial">
              icmp_type:
                - <str>
          actions:
            dscp: <int>

            # Traffic class ID.
            traffic_class: <int>

            # Counter name.
            count: <str>
            drop: <bool>

            # Only supported when action is set to drop.
            log: <bool>
      default_actions:
        ipv4:
          dscp: <int>

          # Traffic class ID.
          traffic_class: <int>

          # Counter name.
          count: <str>
          drop: <bool>

          # Only supported when action is set to drop.
          log: <bool>
        ipv6:
          dscp: <int>

          # Traffic class ID.
          traffic_class: <int>

          # Counter name.
          count: <str>
          drop: <bool>

          # Only supported when action is set to drop.
          log: <bool>

Interfaces

DPS interfaces

Variable Type Required Default Value Restrictions Description
dps_interfaces List, items: Dictionary Min Length: 1
Max Length: 1
  - name String Required, Unique Valid Values:
- Dps1
“Dps1” is currently the only supported interface.
    description String
    shutdown Boolean
    mtu Integer Min: 68
Max: 65535
Maximum Transmission Unit in bytes.
    ip_address String IPv4 address/mask.
    flow_tracker Dictionary
      sampled String Sampled flow tracker name.
      hardware String Hardware flow tracker name,
    tcp_mss_ceiling Dictionary
      ipv4 Integer Min: 64
Max: 65495
Segment Size for IPv4.
      ipv6 Integer Min: 64
Max: 65475
Segment Size for IPv6.
      direction String Valid Values:
- ingress
- egress
Optional direction (‘ingress’, ‘egress’) for tcp mss ceiling.
    eos_cli String Multiline String with EOS CLI rendered directly on the Dps interface in the final EOS configuration.
dps_interfaces: # 1-1 items

    # "Dps1" is currently the only supported interface.
  - name: <str; "Dps1"; required; unique>
    description: <str>
    shutdown: <bool>

    # Maximum Transmission Unit in bytes.
    mtu: <int; 68-65535>

    # IPv4 address/mask.
    ip_address: <str>
    flow_tracker:

      # Sampled flow tracker name.
      sampled: <str>

      # Hardware flow tracker name,
      hardware: <str>
    tcp_mss_ceiling:

      # Segment Size for IPv4.
      ipv4: <int; 64-65495>

      # Segment Size for IPv6.
      ipv6: <int; 64-65475>

      # Optional direction ('ingress', 'egress')  for tcp mss ceiling.
      direction: <str; "ingress" | "egress">

    # Multiline String with EOS CLI rendered directly on the Dps interface in the final EOS configuration.
    eos_cli: <str>

Errdisable

Variable Type Required Default Value Restrictions Description
errdisable Dictionary
  detect Dictionary
    causes List, items: String
      - <str> String Valid Values:
- acl
- arp-inspection
- dot1x
- link-change
- tapagg
- xcvr-misconfigured
- xcvr-overheat
- xcvr-power-unsupported
  recovery Dictionary
    causes List, items: String
      - <str> String Valid Values:
- arp-inspection
- bpduguard
- dot1x
- hitless-reload-down
- lacp-rate-limit
- link-flap
- no-internal-vlan
- portchannelguard
- portsec
- speed-misconfigured
- tap-port-init
- tapagg
- uplink-failure-detection
- xcvr-misconfigured
- xcvr-overheat
- xcvr-power-unsupported
- xcvr-unsupported
    interval Integer 300 Min: 30
Max: 86400
Interval in seconds.
errdisable:
  detect:
    causes:
      - <str; "acl" | "arp-inspection" | "dot1x" | "link-change" | "tapagg" | "xcvr-misconfigured" | "xcvr-overheat" | "xcvr-power-unsupported">
  recovery:
    causes:
      - <str; "arp-inspection" | "bpduguard" | "dot1x" | "hitless-reload-down" | "lacp-rate-limit" | "link-flap" | "no-internal-vlan" | "portchannelguard" | "portsec" | "speed-misconfigured" | "tap-port-init" | "tapagg" | "uplink-failure-detection" | "xcvr-misconfigured" | "xcvr-overheat" | "xcvr-power-unsupported" | "xcvr-unsupported">

    # Interval in seconds.
    interval: <int; 30-86400; default=300>

Ethernet interfaces

Variable Type Required Default Value Restrictions Description
ethernet_interfaces List, items: Dictionary
  - name String Required, Unique
    description String
    shutdown Boolean
    load_interval Integer Min: 0
Max: 600
Interval in seconds for updating interface counters.
    speed String Speed should be set in the format <interface_speed> or forced <interface_speed> or auto <interface_speed>.
    mtu Integer Min: 68
Max: 65535
    l2_mtu Integer Min: 68
Max: 65535
“l2_mtu” should only be defined for platforms supporting the “l2 mtu” CLI.
    l2_mru Integer Min: 68
Max: 65535
“l2_mru” should only be defined for platforms supporting the “l2 mru” CLI.
    vlans String List of switchport vlans as string.
For a trunk port this would be a range like “1-200,300”.
For an access port this would be a single vlan “123”.
    native_vlan Integer
    native_vlan_tag Boolean If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
    mode String Valid Values:
- access
- dot1q-tunnel
- trunk
- trunk phone
    phone Dictionary
      trunk String Valid Values:
- tagged
- tagged phone
- untagged
- untagged phone
      vlan Integer Min: 1
Max: 4094
    l2_protocol Dictionary
      encapsulation_dot1q_vlan Integer Vlan tag to configure on sub-interface.
      forwarding_profile String L2 protocol forwarding profile.
    trunk_groups List, items: String
      - <str> String
    type String Valid Values:
- routed
- switched
- l3dot1q
- l2dot1q
- port-channel-member
l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
Interface will not be listed in device documentation, unless “type” is set.
    snmp_trap_link_change Boolean
    address_locking Dictionary
      ipv4 Boolean Enable address locking for IPv4.
      ipv6 Boolean Enable address locking for IPv6.
    flowcontrol Dictionary
      received String Valid Values:
- desired
- on
- off
    vrf String VRF name.
    flow_tracker Dictionary
      sampled String Sampled flow tracker name.
      hardware String Hardware flow tracker name.
    error_correction_encoding Dictionary
      enabled Boolean True
      fire_code Boolean
      reed_solomon Boolean
    link_tracking_groups List, items: Dictionary
      - name String Required, Unique Group name.
        direction String Valid Values:
- upstream
- downstream
    evpn_ethernet_segment Dictionary
      identifier String EVPN Ethernet Segment Identifier (Type 1 format).
      redundancy String Valid Values:
- all-active
- single-active
      designated_forwarder_election Dictionary
        algorithm String Valid Values:
- modulus
- preference
        preference_value Integer Min: 0
Max: 65535
Preference_value is only used when “algorithm” is “preference”.
        dont_preempt Boolean Dont_preempt is only used when “algorithm” is “preference”.
        hold_time Integer
        subsequent_hold_time Integer
        candidate_reachability_required Boolean
      mpls Dictionary
        shared_index Integer Min: 1
Max: 1024
        tunnel_flood_filter_time Integer
      route_target String EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
    encapsulation_dot1q_vlan Integer VLAN tag to configure on sub-interface.
    encapsulation_vlan Dictionary
      client Dictionary
        dot1q Dictionary
          vlan Integer Client VLAN ID.
          outer Integer Client Outer VLAN ID.
          inner Integer Client Inner VLAN ID.
        unmatched Boolean
      network Dictionary Network encapsulations are all optional and skipped if using client unmatched.
        dot1q Dictionary
          vlan Integer Network VLAN ID.
          outer Integer Network outer VLAN ID.
          inner Integer Network inner VLAN ID.
        client Boolean
    vlan_id Integer Min: 1
Max: 4094
    ip_address String IPv4 address/mask or “dhcp”.
    ip_address_secondaries List, items: String
      - <str> String
    ip_verify_unicast_source_reachable_via String Valid Values:
- any
- rx
    dhcp_client_accept_default_route Boolean Install default-route obtained via DHCP.
    dhcp_server_ipv4 Boolean Enable IPv4 DHCP server.
    dhcp_server_ipv6 Boolean Enable IPv6 DHCP server.
    ip_helpers List, items: Dictionary
      - ip_helper String Required, Unique
        source_interface String Source interface name.
        vrf String VRF name.
    ip_nat Dictionary
      service_profile String NAT interface profile.
      destination Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            pool_name String Required
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive.
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive.
            original_ip String IPv4 address. The combination of original_ip and original_port must be unique.
            original_port Integer Min: 1
Max: 65535
TCP/UDP port. The combination of original_ip and original_port must be unique.
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address.
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’.
      source Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            nat_type String Required Valid Values:
- overload
- pool
- pool-address-only
- pool-full-cone
            pool_name String required if ‘nat_type’ is pool, pool-address-only or pool-full-cone.
ignored if ‘nat_type’ is overload.
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive.
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive.
            original_ip String IPv4 address. The combination of original_ip and original_port must be unique.
            original_port Integer Min: 1
Max: 65535
TCP/UDP port. The combination of original_ip and original_port must be unique.
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address.
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’.
    ipv6_enable Boolean
    ipv6_address String
    ipv6_address_link_local String Link local IPv6 address/mask.
    ipv6_nd_ra_disabled Boolean
    ipv6_nd_managed_config_flag Boolean
    ipv6_nd_prefixes List, items: Dictionary
      - ipv6_prefix String Required, Unique
        valid_lifetime String Infinite or lifetime in seconds.
        preferred_lifetime String Infinite or lifetime in seconds.
        no_autoconfig_flag Boolean
    ipv6_dhcp_relay_destinations List, items: Dictionary
      - address String Required, Unique DHCP server’s IPv6 address.
        vrf String
        local_interface String Local interface to communicate with DHCP server - mutually exclusive to source_address.
        source_address String Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface.
        link_address String Override the default link address specified in the relayed DHCP packet.
    access_group_in String Access list name.
    access_group_out String Access list name.
    ipv6_access_group_in String IPv6 access list name.
    ipv6_access_group_out String IPv6 access list name.
    mac_access_group_in String MAC access list name.
    mac_access_group_out String MAC access list name.
    multicast Dictionary Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
      ipv4 Dictionary
        boundaries List, items: Dictionary
          - boundary String ACL name or multicast IP subnet.
            out Boolean
        static Boolean
      ipv6 Dictionary
        boundaries List, items: Dictionary
          - boundary String ACL name or multicast IP subnet.
        static Boolean
    ospf_network_point_to_point Boolean
    ospf_area String
    ospf_cost Integer
    ospf_authentication String Valid Values:
- none
- simple
- message-digest
    ospf_authentication_key String Encrypted password - only type 7 supported.
    ospf_message_digest_keys List, items: Dictionary
      - id Integer Required, Unique
        hash_algorithm String Valid Values:
- md5
- sha1
- sha256
- sha384
- sha512
        key String Encrypted password - only type 7 supported.
    pim Dictionary
      ipv4 Dictionary
        border_router Boolean Configure PIM border router. EOS default is false.
        dr_priority Integer Min: 0
Max: 429467295
        sparse_mode Boolean
        bfd Boolean Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
        bidirectional Boolean
        hello Dictionary
          count String Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
          interval Integer Min: 1
Max: 65535
PIM hello interval in seconds.
    mac_security Dictionary
      profile String
    tcp_mss_ceiling Dictionary The TCP MSS clamping feature involves clamping the maximum segment size (MSS) in the TCP header
of TCP SYN packets if it exceeds the configured MSS ceiling limit for the interface.
      ipv4_segment_size Integer Min: 64
Max: 65475
      ipv6_segment_size Integer Min: 64
Max: 65475
      direction String Valid Values:
- egress
- ingress
    channel_group Dictionary
      id Integer
      mode String Valid Values:
- on
- active
- passive
    isis_enable String ISIS instance.
    isis_bfd Boolean Enable BFD for ISIS.
    isis_passive Boolean
    isis_metric Integer
    isis_network_point_to_point Boolean
    isis_circuit_type String Valid Values:
- level-1-2
- level-1
- level-2
    isis_hello_padding Boolean
    isis_authentication_mode String Valid Values:
- text
- md5
    isis_authentication_key String Type-7 encrypted password.
    poe Dictionary
      disabled Boolean False Disable PoE on a POE capable port. PoE is enabled on all ports that support it by default in EOS.
      priority String Valid Values:
- critical
- high
- medium
- low
Prioritize a port’s power in the event that one of the switch’s power supplies loses power.
      reboot Dictionary Set the PoE power behavior for a PoE port when the system is rebooted.
        action String Valid Values:
- maintain
- power-off
PoE action for interface.
      link_down Dictionary Set the PoE power behavior for a PoE port when the port goes down.
        action String Valid Values:
- maintain
- power-off
PoE action for interface.
        power_off_delay Integer Min: 1
Max: 86400
Number of seconds to delay shutting the power off after a link down event occurs. Default value is 5 seconds in EOS.
      shutdown Dictionary Set the PoE power behavior for a PoE port when the port is admin down.
        action String Valid Values:
- maintain
- power-off
PoE action for interface.
      limit Dictionary Override the hardware-negotiated power limit using either wattage or a power class. Note that if using a power class, AVD will automatically convert the class value to the wattage value corresponding to that power class.
        class Integer Min: 0
Max: 8
        watts String
        fixed Boolean Set to ignore hardware classification.
      negotiation_lldp Boolean Disable to prevent port from negotiating power with powered devices over LLDP. Enabled by default in EOS.
      legacy_detect Boolean Allow a subset of legacy devices to work with the PoE switch. Disabled by default in EOS because it can cause false positive detections.
    ptp Dictionary
      enable Boolean
      announce Dictionary
        interval Integer
        timeout Integer
      delay_req Integer
      delay_mechanism String Valid Values:
- e2e
- p2p
      sync_message Dictionary
        interval Integer
      role String Valid Values:
- master
- dynamic
      vlan String VLAN can be ‘all’ or list of vlans as string.
      transport String Valid Values:
- ipv4
- ipv6
- layer2
    profile String Interface profile.
    storm_control Dictionary
      all Dictionary
        level String Configure maximum storm-control level.
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent.
      broadcast Dictionary
        level String Configure maximum storm-control level.
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent.
      multicast Dictionary
        level String Configure maximum storm-control level.
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent.
      unknown_unicast Dictionary
        level String Configure maximum storm-control level.
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent.
    logging Dictionary
      event Dictionary
        link_status Boolean
        congestion_drops Boolean
        spanning_tree Boolean
        storm_control_discards Boolean Discards due to storm-control.
    lldp Dictionary
      transmit Boolean
      receive Boolean
      ztp_vlan Integer ZTP vlan number.
    trunk_private_vlan_secondary Boolean
    pvlan_mapping String List of vlans as string.
    vlan_translations List, items: Dictionary
      - from String List of vlans as string (only one vlan if direction is “both”).
        to Integer VLAN ID.
        direction String both Valid Values:
- in
- out
- both
    dot1x Dictionary
      port_control String Valid Values:
- auto
- force-authorized
- force-unauthorized
      port_control_force_authorized_phone Boolean
      reauthentication Boolean
      pae Dictionary
        mode String Valid Values:
- authenticator
      authentication_failure Dictionary
        action String Valid Values:
- allow
- drop
        allow_vlan Integer Min: 1
Max: 4094
      host_mode Dictionary
        mode String Valid Values:
- multi-host
- single-host
        multi_host_authenticated Boolean
      mac_based_authentication Dictionary
        enabled Boolean
        always Boolean
        host_mode_common Boolean
      timeout Dictionary
        idle_host Integer Min: 10
Max: 65535
        quiet_period Integer Min: 1
Max: 65535
        reauth_period String Value can be 60-4294967295 or ‘server’.
        reauth_timeout_ignore Boolean
        tx_period Integer Min: 1
Max: 65535
      reauthorization_request_limit Integer Min: 1
Max: 10
      unauthorized Dictionary
        access_vlan_membership_egress Boolean
        native_vlan_membership_egress Boolean
      eapol Dictionary
        disabled Boolean
        authentication_failure_fallback_mba Dictionary
          enabled Boolean
          timeout Integer Min: 0
Max: 65535
    service_profile String QOS profile.
    shape Dictionary
      rate String Rate in kbps, pps or percent.
Supported options are platform dependent.
Examples:
- “5000 kbps”
- “1000 pps”
- “20 percent”
    qos Dictionary
      trust String Valid Values:
- dscp
- cos
- disabled
      dscp Integer DSCP value.
      cos Integer COS value.
    spanning_tree_bpdufilter String Valid Values:
- enabled
- disabled
- True
- False
- true
- false
    spanning_tree_bpduguard String Valid Values:
- enabled
- disabled
- True
- False
- true
- false
    spanning_tree_guard String Valid Values:
- loop
- root
- disabled
    spanning_tree_portfast String Valid Values:
- edge
- network
    vmtracer Boolean
    priority_flow_control Dictionary
      enabled Boolean
      priorities List, items: Dictionary
        - priority Integer Required, Unique Min: 0
Max: 7
          no_drop Boolean
    bfd Dictionary
      echo Boolean
      interval Integer Interval in milliseconds.
      min_rx Integer Rate in milliseconds.
      multiplier Integer Min: 3
Max: 50
    service_policy Dictionary
      pbr Dictionary
        input String Policy Based Routing Policy-map name.
      qos Dictionary
        input String Required Quality of Service Policy-map name.
    mpls Dictionary
      ip Boolean
      ldp Dictionary
        interface Boolean
        igp_sync Boolean
    lacp_timer Dictionary
      mode String Valid Values:
- fast
- normal
      multiplier Integer Min: 3
Max: 3000
    lacp_port_priority Integer Min: 0
Max: 65535
    transceiver Dictionary
      frequency String Transceiver Laser Frequency in GHz (min 190000, max 200000).
      frequency_unit String Valid Values:
- ghz
Unit of Transceiver Laser Frequency.
      media Dictionary
        override String Transceiver type.
    ip_proxy_arp Boolean
    traffic_policy Dictionary
      input String Ingress traffic policy.
      output String Egress traffic policy.
    bgp Dictionary
      session_tracker String Name of session tracker.
    ip_igmp_host_proxy Dictionary
      enabled Boolean
      groups List, items: Dictionary
        - group String Required, Unique Multicast Address.
          exclude List, items: Dictionary The same source must not be present both in exclude and include list.
            - source String Required, Unique
          include List, items: Dictionary The same source must not be present both in exclude and include list.
            - source String Required, Unique
      report_interval Integer Min: 1
Max: 31744
Time interval between unsolicited reports.
      access_lists List, items: Dictionary Non-standard Access List name.
        - name String Required, Unique
      version Integer Min: 1
Max: 3
IGMP version on IGMP host-proxy interface.
    peer String Key only used for documentation or validation purposes.
    peer_interface String Key only used for documentation or validation purposes.
    peer_type String Key only used for documentation or validation purposes.
    sflow Dictionary
      enable Boolean
      egress Dictionary
        enable Boolean
        unmodified_enable Boolean
    port_profile String Key only used for documentation or validation purposes.
    uc_tx_queues List, items: Dictionary
      - id Integer Required, Unique TX-Queue ID.
        random_detect Dictionary
          ecn Dictionary Explicit Congestion Notification.
            count Boolean Enable counter for random-detect ECNs.
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- milliseconds
Indicate the units to be used for the threshold values.
              min Integer Required Min: 1
Max: 256000000
Set the random-detect ECN minimum-threshold.
              max Integer Required Min: 1
Max: 256000000
Set the random-detect ECN maximum-threshold.
              max_probability Integer Min: 1
Max: 100
Set the random-detect ECN max-mark-probability.
              weight Integer Min: 0
Max: 15
Set the random-detect ECN weight.
    tx_queues List, items: Dictionary
      - id Integer Required, Unique TX-Queue ID.
        random_detect Dictionary
          ecn Dictionary Explicit Congestion Notification.
            count Boolean Enable counter for random-detect ECNs.
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- milliseconds
Indicate the units to be used for the threshold values.
              min Integer Min: 1
Max: 256000000
Set the random-detect ECN minimum-threshold.
              max Integer Required Min: 1
Max: 256000000
Set the random-detect ECN maximum-threshold.
              max_probability Integer Required Min: 1
Max: 100
Set the random-detect ECN max-mark-probability.
              weight Integer Min: 0
Max: 15
Set the random-detect ECN weight.
    vrrp_ids List, items: Dictionary VRRP model.
      - id Integer Required, Unique VRID.
        priority_level Integer Min: 1
Max: 254
Instance priority.
        advertisement Dictionary
          interval Integer Min: 1
Max: 255
Interval in seconds.
        preempt Dictionary
          enabled Boolean Required
          delay Dictionary
            minimum Integer Min: 0
Max: 3600
Minimum preempt delay in seconds.
            reload Integer Min: 0
Max: 3600
Reload preempt delay in seconds.
        timers Dictionary
          delay Dictionary
            reload Integer Min: 0
Max: 3600
Delay after reload in seconds.
        tracked_object List, items: Dictionary
          - name String Required, Unique Tracked object name.
            decrement Integer Min: 1
Max: 254
Decrement VRRP priority by 1-254.
            shutdown Boolean
        ipv4 Dictionary
          address String Required Virtual IPv4 address.
          version Integer Valid Values:
- 2
- 3
        ipv6 Dictionary
          address String Required Virtual IPv6 address.
    validate_state Boolean Set to false to disable interface validation by the eos_validate_state role.
    switchport Dictionary
      port_security Dictionary
        enabled Boolean
        mac_address_maximum Dictionary Maximum number of MAC addresses allowed on the interface.
          disabled Boolean Disable port level check for port security (only in violation ‘shutdown’ mode).
          limit Integer Min: 1
Max: 1000
MAC address limit.
        violation Dictionary Configure violation mode (shutdown or protect), EOS default is ‘shutdown’.
          mode String Valid Values:
- shutdown
- protect
Configure port security mode.
          protect_log Boolean Log new addresses seen after limit is reached in protect mode.
        vlan_default_mac_address_maximum Integer Min: 0
Max: 1000
Default maximum MAC addresses for all VLANs on this interface.
        vlans List, items: Dictionary
          - range String Required, Unique VLAN ID or range(s) of VLAN IDs, <1-4094>.
Example:
- 3
- 1,3
- 1-10
            mac_address_maximum Integer
    eos_cli String Multiline EOS CLI rendered directly on the ethernet interface in the final EOS configuration.
ethernet_interfaces:
  - name: <str; required; unique>
    description: <str>
    shutdown: <bool>

    # Interval in seconds for updating interface counters.
    load_interval: <int; 0-600>

    # Speed should be set in the format `<interface_speed>` or `forced <interface_speed>` or `auto <interface_speed>`.
    speed: <str>
    mtu: <int; 68-65535>

    # "l2_mtu" should only be defined for platforms supporting the "l2 mtu" CLI.
    l2_mtu: <int; 68-65535>

    # "l2_mru" should only be defined for platforms supporting the "l2 mru" CLI.
    l2_mru: <int; 68-65535>

    # List of switchport vlans as string.
    # For a trunk port this would be a range like "1-200,300".
    # For an access port this would be a single vlan "123".
    vlans: <str>
    native_vlan: <int>

    # If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
    native_vlan_tag: <bool>
    mode: <str; "access" | "dot1q-tunnel" | "trunk" | "trunk phone">
    phone:
      trunk: <str; "tagged" | "tagged phone" | "untagged" | "untagged phone">
      vlan: <int; 1-4094>
    l2_protocol:

      # Vlan tag to configure on sub-interface.
      encapsulation_dot1q_vlan: <int>

      # L2 protocol forwarding profile.
      forwarding_profile: <str>
    trunk_groups:
      - <str>

    # l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
    # Interface will not be listed in device documentation, unless "type" is set.
    type: <str; "routed" | "switched" | "l3dot1q" | "l2dot1q" | "port-channel-member">
    snmp_trap_link_change: <bool>
    address_locking:

      # Enable address locking for IPv4.
      ipv4: <bool>

      # Enable address locking for IPv6.
      ipv6: <bool>
    flowcontrol:
      received: <str; "desired" | "on" | "off">

    # VRF name.
    vrf: <str>
    flow_tracker:

      # Sampled flow tracker name.
      sampled: <str>

      # Hardware flow tracker name.
      hardware: <str>
    error_correction_encoding:
      enabled: <bool; default=True>
      fire_code: <bool>
      reed_solomon: <bool>
    link_tracking_groups:

        # Group name.
      - name: <str; required; unique>
        direction: <str; "upstream" | "downstream">
    evpn_ethernet_segment:

      # EVPN Ethernet Segment Identifier (Type 1 format).
      identifier: <str>
      redundancy: <str; "all-active" | "single-active">
      designated_forwarder_election:
        algorithm: <str; "modulus" | "preference">

        # Preference_value is only used when "algorithm" is "preference".
        preference_value: <int; 0-65535>

        # Dont_preempt is only used when "algorithm" is "preference".
        dont_preempt: <bool>
        hold_time: <int>
        subsequent_hold_time: <int>
        candidate_reachability_required: <bool>
      mpls:
        shared_index: <int; 1-1024>
        tunnel_flood_filter_time: <int>

      # EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
      route_target: <str>

    # VLAN tag to configure on sub-interface.
    encapsulation_dot1q_vlan: <int>
    encapsulation_vlan:
      client:
        dot1q:

          # Client VLAN ID.
          vlan: <int>

          # Client Outer VLAN ID.
          outer: <int>

          # Client Inner VLAN ID.
          inner: <int>
        unmatched: <bool>

      # Network encapsulations are all optional and skipped if using client unmatched.
      network:
        dot1q:

          # Network VLAN ID.
          vlan: <int>

          # Network outer VLAN ID.
          outer: <int>

          # Network inner VLAN ID.
          inner: <int>
        client: <bool>
    vlan_id: <int; 1-4094>

    # IPv4 address/mask or "dhcp".
    ip_address: <str>
    ip_address_secondaries:
      - <str>
    ip_verify_unicast_source_reachable_via: <str; "any" | "rx">

    # Install default-route obtained via DHCP.
    dhcp_client_accept_default_route: <bool>

    # Enable IPv4 DHCP server.
    dhcp_server_ipv4: <bool>

    # Enable IPv6 DHCP server.
    dhcp_server_ipv6: <bool>
    ip_helpers:
      - ip_helper: <str; required; unique>

        # Source interface name.
        source_interface: <str>

        # VRF name.
        vrf: <str>
    ip_nat:

      # NAT interface profile.
      service_profile: <str>
      destination:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            pool_name: <str; required>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
      source:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>

            # required if 'nat_type' is pool, pool-address-only or pool-full-cone.
            # ignored if 'nat_type' is overload.
            pool_name: <str>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
    ipv6_enable: <bool>
    ipv6_address: <str>

    # Link local IPv6 address/mask.
    ipv6_address_link_local: <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>
    ipv6_nd_prefixes:
      - ipv6_prefix: <str; required; unique>

        # Infinite or lifetime in seconds.
        valid_lifetime: <str>

        # Infinite or lifetime in seconds.
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>
    ipv6_dhcp_relay_destinations:

        # DHCP server's IPv6 address.
      - address: <str; required; unique>
        vrf: <str>

        # Local interface to communicate with DHCP server - mutually exclusive to source_address.
        local_interface: <str>

        # Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface.
        source_address: <str>

        # Override the default link address specified in the relayed DHCP packet.
        link_address: <str>

    # Access list name.
    access_group_in: <str>

    # Access list name.
    access_group_out: <str>

    # IPv6 access list name.
    ipv6_access_group_in: <str>

    # IPv6 access list name.
    ipv6_access_group_out: <str>

    # MAC access list name.
    mac_access_group_in: <str>

    # MAC access list name.
    mac_access_group_out: <str>

    # Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
    multicast:
      ipv4:
        boundaries:

            # ACL name or multicast IP subnet.
          - boundary: <str>
            out: <bool>
        static: <bool>
      ipv6:
        boundaries:

            # ACL name or multicast IP subnet.
          - boundary: <str>
        static: <bool>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str; "none" | "simple" | "message-digest">

    # Encrypted password - only type 7 supported.
    ospf_authentication_key: <str>
    ospf_message_digest_keys:
      - id: <int; required; unique>
        hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">

        # Encrypted password - only type 7 supported.
        key: <str>
    pim:
      ipv4:

        # Configure PIM border router. EOS default is false.
        border_router: <bool>
        dr_priority: <int; 0-429467295>
        sparse_mode: <bool>

        # Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
        bfd: <bool>
        bidirectional: <bool>
        hello:

          # Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
          count: <str>

          # PIM hello interval in seconds.
          interval: <int; 1-65535>
    mac_security:
      profile: <str>

    # The TCP MSS clamping feature involves clamping the maximum segment size (MSS) in the TCP header
    # of TCP SYN packets if it exceeds the configured MSS ceiling limit for the interface.
    tcp_mss_ceiling:
      ipv4_segment_size: <int; 64-65475>
      ipv6_segment_size: <int; 64-65475>
      direction: <str; "egress" | "ingress">
    channel_group:
      id: <int>
      mode: <str; "on" | "active" | "passive">

    # ISIS instance.
    isis_enable: <str>

    # Enable BFD for ISIS.
    isis_bfd: <bool>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    isis_circuit_type: <str; "level-1-2" | "level-1" | "level-2">
    isis_hello_padding: <bool>
    isis_authentication_mode: <str; "text" | "md5">

    # Type-7 encrypted password.
    isis_authentication_key: <str>
    poe:

      # Disable PoE on a POE capable port. PoE is enabled on all ports that support it by default in EOS.
      disabled: <bool; default=False>

      # Prioritize a port's power in the event that one of the switch's power supplies loses power.
      priority: <str; "critical" | "high" | "medium" | "low">

      # Set the PoE power behavior for a PoE port when the system is rebooted.
      reboot:

        # PoE action for interface.
        action: <str; "maintain" | "power-off">

      # Set the PoE power behavior for a PoE port when the port goes down.
      link_down:

        # PoE action for interface.
        action: <str; "maintain" | "power-off">

        # Number of seconds to delay shutting the power off after a link down event occurs. Default value is 5 seconds in EOS.
        power_off_delay: <int; 1-86400>

      # Set the PoE power behavior for a PoE port when the port is admin down.
      shutdown:

        # PoE action for interface.
        action: <str; "maintain" | "power-off">

      # Override the hardware-negotiated power limit using either wattage or a power class. Note that if using a power class, AVD will automatically convert the class value to the wattage value corresponding to that power class.
      limit:
        class: <int; 0-8>
        watts: <str>

        # Set to ignore hardware classification.
        fixed: <bool>

      # Disable to prevent port from negotiating power with powered devices over LLDP. Enabled by default in EOS.
      negotiation_lldp: <bool>

      # Allow a subset of legacy devices to work with the PoE switch. Disabled by default in EOS because it can cause false positive detections.
      legacy_detect: <bool>
    ptp:
      enable: <bool>
      announce:
        interval: <int>
        timeout: <int>
      delay_req: <int>
      delay_mechanism: <str; "e2e" | "p2p">
      sync_message:
        interval: <int>
      role: <str; "master" | "dynamic">

      # VLAN can be 'all' or list of vlans as string.
      vlan: <str>
      transport: <str; "ipv4" | "ipv6" | "layer2">

    # Interface profile.
    profile: <str>
    storm_control:
      all:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      broadcast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      multicast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      unknown_unicast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
    logging:
      event:
        link_status: <bool>
        congestion_drops: <bool>
        spanning_tree: <bool>

        # Discards due to storm-control.
        storm_control_discards: <bool>
    lldp:
      transmit: <bool>
      receive: <bool>

      # ZTP vlan number.
      ztp_vlan: <int>
    trunk_private_vlan_secondary: <bool>

    # List of vlans as string.
    pvlan_mapping: <str>
    vlan_translations:

        # List of vlans as string (only one vlan if direction is "both").
      - from: <str>

        # VLAN ID.
        to: <int>
        direction: <str; "in" | "out" | "both"; default="both">
    dot1x:
      port_control: <str; "auto" | "force-authorized" | "force-unauthorized">
      port_control_force_authorized_phone: <bool>
      reauthentication: <bool>
      pae:
        mode: <str; "authenticator">
      authentication_failure:
        action: <str; "allow" | "drop">
        allow_vlan: <int; 1-4094>
      host_mode:
        mode: <str; "multi-host" | "single-host">
        multi_host_authenticated: <bool>
      mac_based_authentication:
        enabled: <bool>
        always: <bool>
        host_mode_common: <bool>
      timeout:
        idle_host: <int; 10-65535>
        quiet_period: <int; 1-65535>

        # Value can be 60-4294967295 or 'server'.
        reauth_period: <str>
        reauth_timeout_ignore: <bool>
        tx_period: <int; 1-65535>
      reauthorization_request_limit: <int; 1-10>
      unauthorized:
        access_vlan_membership_egress: <bool>
        native_vlan_membership_egress: <bool>
      eapol:
        disabled: <bool>
        authentication_failure_fallback_mba:
          enabled: <bool>
          timeout: <int; 0-65535>

    # QOS profile.
    service_profile: <str>
    shape:

      # Rate in kbps, pps or percent.
      # Supported options are platform dependent.
      # Examples:
      # - "5000 kbps"
      # - "1000 pps"
      # - "20 percent"
      rate: <str>
    qos:
      trust: <str; "dscp" | "cos" | "disabled">

      # DSCP value.
      dscp: <int>

      # COS value.
      cos: <int>
    spanning_tree_bpdufilter: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
    spanning_tree_bpduguard: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
    spanning_tree_guard: <str; "loop" | "root" | "disabled">
    spanning_tree_portfast: <str; "edge" | "network">
    vmtracer: <bool>
    priority_flow_control:
      enabled: <bool>
      priorities:
        - priority: <int; 0-7; required; unique>
          no_drop: <bool>
    bfd:
      echo: <bool>

      # Interval in milliseconds.
      interval: <int>

      # Rate in milliseconds.
      min_rx: <int>
      multiplier: <int; 3-50>
    service_policy:
      pbr:

        # Policy Based Routing Policy-map name.
        input: <str>
      qos:

        # Quality of Service Policy-map name.
        input: <str; required>
    mpls:
      ip: <bool>
      ldp:
        interface: <bool>
        igp_sync: <bool>
    lacp_timer:
      mode: <str; "fast" | "normal">
      multiplier: <int; 3-3000>
    lacp_port_priority: <int; 0-65535>
    transceiver:

      # Transceiver Laser Frequency in GHz (min 190000, max 200000).
      frequency: <str>

      # Unit of Transceiver Laser Frequency.
      frequency_unit: <str; "ghz">
      media:

        # Transceiver type.
        override: <str>
    ip_proxy_arp: <bool>
    traffic_policy:

      # Ingress traffic policy.
      input: <str>

      # Egress traffic policy.
      output: <str>
    bgp:

      # Name of session tracker.
      session_tracker: <str>
    ip_igmp_host_proxy:
      enabled: <bool>
      groups:

          # Multicast Address.
        - group: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          exclude:
            - source: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          include:
            - source: <str; required; unique>

      # Time interval between unsolicited reports.
      report_interval: <int; 1-31744>

      # Non-standard Access List name.
      access_lists:
        - name: <str; required; unique>

      # IGMP version on IGMP host-proxy interface.
      version: <int; 1-3>

    # Key only used for documentation or validation purposes.
    peer: <str>

    # Key only used for documentation or validation purposes.
    peer_interface: <str>

    # Key only used for documentation or validation purposes.
    peer_type: <str>
    sflow:
      enable: <bool>
      egress:
        enable: <bool>
        unmodified_enable: <bool>

    # Key only used for documentation or validation purposes.
    port_profile: <str>
    uc_tx_queues:

        # TX-Queue ID.
      - id: <int; required; unique>
        random_detect:

          # Explicit Congestion Notification.
          ecn:

            # Enable counter for random-detect ECNs.
            count: <bool>
            threshold:

              # Indicate the units to be used for the threshold values.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>

              # Set the random-detect ECN minimum-threshold.
              min: <int; 1-256000000; required>

              # Set the random-detect ECN maximum-threshold.
              max: <int; 1-256000000; required>

              # Set the random-detect ECN max-mark-probability.
              max_probability: <int; 1-100>

              # Set the random-detect ECN weight.
              weight: <int; 0-15>
    tx_queues:

        # TX-Queue ID.
      - id: <int; required; unique>
        random_detect:

          # Explicit Congestion Notification.
          ecn:

            # Enable counter for random-detect ECNs.
            count: <bool>
            threshold:

              # Indicate the units to be used for the threshold values.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>

              # Set the random-detect ECN minimum-threshold.
              min: <int; 1-256000000>

              # Set the random-detect ECN maximum-threshold.
              max: <int; 1-256000000; required>

              # Set the random-detect ECN max-mark-probability.
              max_probability: <int; 1-100; required>

              # Set the random-detect ECN weight.
              weight: <int; 0-15>

    # VRRP model.
    vrrp_ids:

        # VRID.
      - id: <int; required; unique>

        # Instance priority.
        priority_level: <int; 1-254>
        advertisement:

          # Interval in seconds.
          interval: <int; 1-255>
        preempt:
          enabled: <bool; required>
          delay:

            # Minimum preempt delay in seconds.
            minimum: <int; 0-3600>

            # Reload preempt delay in seconds.
            reload: <int; 0-3600>
        timers:
          delay:

            # Delay after reload in seconds.
            reload: <int; 0-3600>
        tracked_object:

            # Tracked object name.
          - name: <str; required; unique>

            # Decrement VRRP priority by 1-254.
            decrement: <int; 1-254>
            shutdown: <bool>
        ipv4:

          # Virtual IPv4 address.
          address: <str; required>
          version: <int; 2 | 3>
        ipv6:

          # Virtual IPv6 address.
          address: <str; required>

    # Set to false to disable interface validation by the `eos_validate_state` role.
    validate_state: <bool>
    switchport:
      port_security:
        enabled: <bool>

        # Maximum number of MAC addresses allowed on the interface.
        mac_address_maximum:

          # Disable port level check for port security (only in violation 'shutdown' mode).
          disabled: <bool>

          # MAC address limit.
          limit: <int; 1-1000>

        # Configure violation mode (shutdown or protect), EOS default is 'shutdown'.
        violation:

          # Configure port security mode.
          mode: <str; "shutdown" | "protect">

          # Log new addresses seen after limit is reached in protect mode.
          protect_log: <bool>

        # Default maximum MAC addresses for all VLANs on this interface.
        vlan_default_mac_address_maximum: <int; 0-1000>
        vlans:

            # VLAN ID or range(s) of VLAN IDs, <1-4094>.
            # Example:
            #   - 3
            #   - 1,3
            #   - 1-10
          - range: <str; required; unique>
            mac_address_maximum: <int>

    # Multiline EOS CLI rendered directly on the ethernet interface in the final EOS configuration.
    eos_cli: <str>

Interface defaults

Variable Type Required Default Value Restrictions Description
interface_defaults Dictionary
  ethernet Dictionary
    shutdown Boolean
  mtu Integer
interface_defaults:
  ethernet:
    shutdown: <bool>
  mtu: <int>

Interface profiles

Variable Type Required Default Value Restrictions Description
interface_profiles List, items: Dictionary
  - name String Required, Unique Interface-Profile Name.
    commands List, items: String Required
      - <str> String EOS CLI interface command.
Example: “switchport mode access”
interface_profiles:

    # Interface-Profile Name.
  - name: <str; required; unique>
    commands: # required

        # EOS CLI interface command.
        # Example: "switchport mode access"
      - <str>

LACP

Variable Type Required Default Value Restrictions Description
lacp Dictionary Set Link Aggregation Control Protocol (LACP) parameters.
  port_id Dictionary LACP port-ID range configuration.
    range Dictionary
      begin Integer Minimum LACP port-ID range.
      end Integer Maximum LACP port-ID range.
  rate_limit Dictionary Set LACPDU rate limit options.
    default Boolean Enable LACPDU rate limiting by default on all ports.
  system_priority Integer Min: 0
Max: 65535
Set local system LACP priority.
# Set Link Aggregation Control Protocol (LACP) parameters.
lacp:

  # LACP port-ID range configuration.
  port_id:
    range:

      # Minimum LACP port-ID range.
      begin: <int>

      # Maximum LACP port-ID range.
      end: <int>

  # Set LACPDU rate limit options.
  rate_limit:

    # Enable LACPDU rate limiting by default on all ports.
    default: <bool>

  # Set local system LACP priority.
  system_priority: <int; 0-65535>
Variable Type Required Default Value Restrictions Description
link_tracking_groups List, items: Dictionary
  - name String Required, Unique
    links_minimum Integer Min: 1
Max: 100000
    recovery_delay Integer Min: 0
Max: 3600
link_tracking_groups:
  - name: <str; required; unique>
    links_minimum: <int; 1-100000>
    recovery_delay: <int; 0-3600>

LLDP

Variable Type Required Default Value Restrictions Description
lldp Dictionary
  timer Integer
  timer_reinitialization String
  holdtime Integer
  management_address String
  vrf String
  receive_packet_tagged_drop String
  tlvs List, items: Dictionary
    - name String Required, Unique Valid Values:
- link-aggregation
- management-address
- max-frame-size
- med
- port-description
- port-vlan
- power-via-mdi
- system-capabilities
- system-description
- system-name
- vlan-name
      transmit Boolean
  run Boolean
lldp:
  timer: <int>
  timer_reinitialization: <str>
  holdtime: <int>
  management_address: <str>
  vrf: <str>
  receive_packet_tagged_drop: <str>
  tlvs:
    - name: <str; "link-aggregation" | "management-address" | "max-frame-size" | "med" | "port-description" | "port-vlan" | "power-via-mdi" | "system-capabilities" | "system-description" | "system-name" | "vlan-name"; required; unique>
      transmit: <bool>
  run: <bool>

Loopback interfaces

Variable Type Required Default Value Restrictions Description
loopback_interfaces List, items: Dictionary
  - name String Required, Unique Loopback interface name e.g. “Loopback0”.
    description String
    shutdown Boolean
    vrf String VRF name.
    ip_address String IPv4_address/Mask.
    ip_address_secondaries List, items: String
      - <str> String IPv4_address/Mask.
    ipv6_enable Boolean
    ipv6_address String IPv6_address/Mask.
    ip_proxy_arp Boolean
    ospf_area String
    mpls Dictionary
      ldp Dictionary
        interface Boolean
    isis_enable String ISIS instance name.
    isis_bfd Boolean Enable BFD for ISIS.
    isis_passive Boolean
    isis_metric Integer
    isis_network_point_to_point Boolean
    node_segment Dictionary
      ipv4_index Integer
      ipv6_index Integer
    eos_cli String EOS CLI rendered directly on the loopback interface in the final EOS configuration.
loopback_interfaces:

    # Loopback interface name e.g. "Loopback0".
  - name: <str; required; unique>
    description: <str>
    shutdown: <bool>

    # VRF name.
    vrf: <str>

    # IPv4_address/Mask.
    ip_address: <str>
    ip_address_secondaries:

        # IPv4_address/Mask.
      - <str>
    ipv6_enable: <bool>

    # IPv6_address/Mask.
    ipv6_address: <str>
    ip_proxy_arp: <bool>
    ospf_area: <str>
    mpls:
      ldp:
        interface: <bool>

    # ISIS instance name.
    isis_enable: <str>

    # Enable BFD for ISIS.
    isis_bfd: <bool>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    node_segment:
      ipv4_index: <int>
      ipv6_index: <int>

    # EOS CLI rendered directly on the loopback interface in the final EOS configuration.
    eos_cli: <str>

Management interfaces

Variable Type Required Default Value Restrictions Description
management_interfaces List, items: Dictionary
  - name String Required, Unique Management Interface Name.
    description String
    shutdown Boolean
    speed String Speed should be set in the format <interface_speed> or forced <interface_speed> or auto <interface_speed>.
    mtu Integer
    vrf String VRF Name.
    ip_address String IPv4_address/Mask.
    ipv6_enable Boolean
    ipv6_address String IPv6_address/Mask.
    type String oob Valid Values:
- oob
- inband
For documentation purposes only.
    gateway String IPv4 address of default gateway in management VRF.
    ipv6_gateway String IPv6 address of default gateway in management VRF.
    mac_address String MAC address.
    lldp Dictionary
      transmit Boolean
      receive Boolean
      ztp_vlan Integer ZTP vlan number.
    eos_cli String Multiline EOS CLI rendered directly on the management interface in the final EOS configuration.
management_interfaces:

    # Management Interface Name.
  - name: <str; required; unique>
    description: <str>
    shutdown: <bool>

    # Speed should be set in the format `<interface_speed>` or `forced <interface_speed>` or `auto <interface_speed>`.
    speed: <str>
    mtu: <int>

    # VRF Name.
    vrf: <str>

    # IPv4_address/Mask.
    ip_address: <str>
    ipv6_enable: <bool>

    # IPv6_address/Mask.
    ipv6_address: <str>

    # For documentation purposes only.
    type: <str; "oob" | "inband"; default="oob">

    # IPv4 address of default gateway in management VRF.
    gateway: <str>

    # IPv6 address of default gateway in management VRF.
    ipv6_gateway: <str>

    # MAC address.
    mac_address: <str>
    lldp:
      transmit: <bool>
      receive: <bool>

      # ZTP vlan number.
      ztp_vlan: <int>

    # Multiline EOS CLI rendered directly on the management interface in the final EOS configuration.
    eos_cli: <str>

Patch panel

Variable Type Required Default Value Restrictions Description
patch_panel Dictionary
  patches List, items: Dictionary
    - name String Required, Unique
      enabled Boolean
      connectors List, items: Dictionary Min Length: 2
Max Length: 2
Must have exactly two connectors to a patch of which at least one must be of type “interface”.
        - id String Required, Unique
          type String Required Valid Values:
- interface
- pseudowire
          endpoint String Required String with relevant endpoint depending on type.
Examples:
- “Ethernet1”
- “Ethernet1 dot1q vlan 123”
- “bgp vpws TENANT_A pseudowire VPWS_PW_1”
- “ldp LDP_PW_1”
patch_panel:
  patches:
    - name: <str; required; unique>
      enabled: <bool>

      # Must have exactly two connectors to a patch of which at least one must be of type "interface".
      connectors: # 2-2 items
        - id: <str; required; unique>
          type: <str; "interface" | "pseudowire"; required>

          # String with relevant endpoint depending on type.
          # Examples:
          # - "Ethernet1"
          # - "Ethernet1 dot1q vlan 123"
          # - "bgp vpws TENANT_A pseudowire VPWS_PW_1"
          # - "ldp LDP_PW_1"
          endpoint: <str; required>

Port-channel interfaces

Variable Type Required Default Value Restrictions Description
port_channel_interfaces List, items: Dictionary
  - name String Required, Unique
    description String
    logging Dictionary
      event Dictionary
        link_status Boolean
        storm_control_discards Boolean Discards due to storm-control.
    shutdown Boolean
    l2_mtu Integer Min: 68
Max: 65535
“l2_mtu” should only be defined for platforms supporting the “l2 mtu” CLI.
    l2_mru Integer Min: 68
Max: 65535
“l2_mru” should only be defined for platforms supporting the “l2 mru” CLI.
    vlans String List of switchport vlans as string.
For a trunk port this would be a range like “1-200,300”.
For an access port this would be a single vlan “123”.
    snmp_trap_link_change Boolean
    type String Valid Values:
- routed
- switched
- l3dot1q
- l2dot1q
l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
Interface will not be listed in device documentation, unless “type” is set.
    encapsulation_dot1q_vlan Integer VLAN tag to configure on sub-interface.
    vrf String VRF name.
    encapsulation_vlan Dictionary
      client Dictionary
        dot1q Dictionary
          vlan Integer Client VLAN ID.
          outer Integer Client Outer VLAN ID.
          inner Integer Client Inner VLAN ID.
        unmatched Boolean
      network Dictionary Network encapsulation are all optional, and skipped if using client unmatched.
        dot1q Dictionary
          vlan Integer Network VLAN ID.
          outer Integer Network Outer VLAN ID.
          inner Integer Network Inner VLAN ID.
        client Boolean
    vlan_id Integer Min: 1
Max: 4094
    mode String Valid Values:
- access
- dot1q-tunnel
- trunk
- trunk phone
    native_vlan Integer If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
    native_vlan_tag Boolean False If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
    link_tracking_groups List, items: Dictionary
      - name String Required, Unique Group name.
        direction String Valid Values:
- upstream
- downstream
    phone Dictionary
      trunk String Valid Values:
- tagged
- untagged
      vlan Integer Min: 1
Max: 4094
    l2_protocol Dictionary
      encapsulation_dot1q_vlan Integer Vlan tag to configure on sub-interface.
      forwarding_profile String L2 protocol forwarding profile.
    mtu Integer Min: 68
Max: 65535
    mlag Integer Min: 1
Max: 2000
MLAG ID.
    trunk_groups List, items: String
      - <str> String
    lacp_fallback_timeout Integer 90 Min: 0
Max: 300
Timeout in seconds.
    lacp_fallback_mode String Valid Values:
- individual
- static
    qos Dictionary
      trust String Valid Values:
- dscp
- cos
- disabled
      dscp Integer DSCP value.
      cos Integer COS value.
    bfd Dictionary
      echo Boolean
      interval Integer Interval in milliseconds.
      min_rx Integer Rate in milliseconds.
      multiplier Integer Min: 3
Max: 50
      neighbor String IPv4 or IPv6 address. When the Port-channel is a L2 interface, a local L3 BFD address (router_bfd.local_address) has to be defined globally on the switch.
      per_link Dictionary
        enabled Boolean
        rfc_7130 Boolean
    service_policy Dictionary
      pbr Dictionary
        input String Policy Based Routing Policy-map name.
      qos Dictionary
        input String Required Quality of Service Policy-map name.
    mpls Dictionary
      ip Boolean
      ldp Dictionary
        interface Boolean
        igp_sync Boolean
    trunk_private_vlan_secondary Boolean
    pvlan_mapping String List of vlans as string.
    vlan_translations List, items: Dictionary
      - from String List of vlans as string (only one vlan if direction is “both”).
        to Integer VLAN ID.
        direction String both Valid Values:
- in
- out
- both
    shape Dictionary
      rate String Rate in kbps, pps or percent.
Supported options are platform dependent.
Examples:
- “5000 kbps”
- “1000 pps”
- “20 percent”
    storm_control Dictionary
      all Dictionary
        level String Configure maximum storm-control level.
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent.
      broadcast Dictionary
        level String Configure maximum storm-control level.
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent.
      multicast Dictionary
        level String Configure maximum storm-control level.
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent.
      unknown_unicast Dictionary
        level String Configure maximum storm-control level.
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent.
    ip_proxy_arp Boolean
    isis_enable String ISIS instance.
    isis_bfd Boolean Enable BFD for ISIS.
    isis_passive Boolean
    isis_metric Integer
    isis_network_point_to_point Boolean
    isis_circuit_type String Valid Values:
- level-1-2
- level-1
- level-2
    isis_hello_padding Boolean
    isis_authentication_mode String Valid Values:
- text
- md5
    isis_authentication_key String Type-7 encrypted password.
    traffic_policy Dictionary
      input String Ingress traffic policy.
      output String Egress traffic policy.
    evpn_ethernet_segment Dictionary
      identifier String EVPN Ethernet Segment Identifier (Type 1 format).
      redundancy String Valid Values:
- all-active
- single-active
      designated_forwarder_election Dictionary
        algorithm String Valid Values:
- modulus
- preference
        preference_value Integer Min: 0
Max: 65535
Preference_value is only used when “algorithm” is “preference”.
        dont_preempt Boolean False Dont_preempt is only used when “algorithm” is “preference”.
        hold_time Integer
        subsequent_hold_time Integer
        candidate_reachability_required Boolean
      mpls Dictionary
        shared_index Integer Min: 1
Max: 1024
        tunnel_flood_filter_time Integer
      route_target String EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
    esi deprecated String EVPN Ethernet Segment Identifier (Type 1 format).
If both “esi” and “evpn_ethernet_segment.identifier” are defined, the new variable takes precedence.
This key is deprecated. Support will be removed in AVD version 5.0.0. Use evpn_ethernet_segment.identifier instead.
    rt deprecated String EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
If both “rt” and “evpn_ethernet_segment.route_target” are defined, the new variable takes precedence.
This key is deprecated. Support will be removed in AVD version 5.0.0. Use evpn_ethernet_segment.route_target instead.
    lacp_id String LACP ID with format xxxx.xxxx.xxxx.
    spanning_tree_bpdufilter String Valid Values:
- enabled
- disabled
- True
- False
- true
- false
    spanning_tree_bpduguard String Valid Values:
- enabled
- disabled
- True
- False
- true
- false
    spanning_tree_guard String Valid Values:
- loop
- root
- disabled
    spanning_tree_portfast String Valid Values:
- edge
- network
    vmtracer Boolean
    ptp Dictionary
      enable Boolean
      announce Dictionary
        interval Integer
        timeout Integer
      delay_req Integer
      delay_mechanism String Valid Values:
- e2e
- p2p
      sync_message Dictionary
        interval Integer
      role String Valid Values:
- master
- dynamic
      vlan String VLAN can be ‘all’ or list of vlans as string.
      transport String Valid Values:
- ipv4
- ipv6
- layer2
      mpass Boolean When MPASS is enabled on an MLAG port-channel, MLAG peers coordinate to function as a single PTP logical device.
Arista PTP enabled devices always place PTP messages on the same physical link within the port-channel.
Hence, MPASS is needed only on MLAG port-channels connected to non-Arista devices.
    ip_address String IPv4 address/mask.
    ip_verify_unicast_source_reachable_via String Valid Values:
- any
- rx
    ip_nat Dictionary
      destination Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            pool_name String Required
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive.
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive.
            original_ip String IPv4 address. The combination of original_ip and original_port must be unique.
            original_port Integer Min: 1
Max: 65535
TCP/UDP port. The combination of original_ip and original_port must be unique.
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address.
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’.
      source Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            nat_type String Required Valid Values:
- overload
- pool
- pool-address-only
- pool-full-cone
            pool_name String required if ‘nat_type’ is pool, pool-address-only or pool-full-cone.
ignored if ‘nat_type’ is overload.
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive.
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive.
            original_ip String IPv4 address. The combination of original_ip and original_port must be unique.
            original_port Integer Min: 1
Max: 65535
TCP/UDP port. The combination of original_ip and original_port must be unique.
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address.
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’.
    ipv6_enable Boolean
    ipv6_address String IPv6 address/mask.
    ipv6_address_link_local String Link local IPv6 address/mask.
    ipv6_nd_ra_disabled Boolean
    ipv6_nd_managed_config_flag Boolean
    ipv6_nd_prefixes List, items: Dictionary
      - ipv6_prefix String Required, Unique
        valid_lifetime String Infinite or lifetime in seconds.
        preferred_lifetime String Infinite or lifetime in seconds.
        no_autoconfig_flag Boolean
    access_group_in String Access list name.
    access_group_out String Access list name.
    ipv6_access_group_in String IPv6 access list name.
    ipv6_access_group_out String IPv6 access list name.
    mac_access_group_in String MAC access list name.
    mac_access_group_out String MAC access list name.
    pim Dictionary
      ipv4 Dictionary
        border_router Boolean Configure PIM border router. EOS default is false.
        dr_priority Integer Min: 0
Max: 429467295
        sparse_mode Boolean
        bfd Boolean Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
        bidirectional Boolean
        hello Dictionary
          count String Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
          interval Integer Min: 1
Max: 65535
PIM hello interval in seconds.
    service_profile String QOS profile.
    ospf_network_point_to_point Boolean
    ospf_area String
    ospf_cost Integer
    ospf_authentication String Valid Values:
- none
- simple
- message-digest
    ospf_authentication_key String Encrypted password.
    ospf_message_digest_keys List, items: Dictionary
      - id Integer Required, Unique
        hash_algorithm String Valid Values:
- md5
- sha1
- sha256
- sha384
- sha512
        key String Encrypted password.
    flow_tracker Dictionary
      sampled String Sampled flow tracker name.
      hardware String Hardware flow tracker name.
    bgp Dictionary
      session_tracker String Name of session tracker.
    ip_igmp_host_proxy Dictionary
      enabled Boolean
      groups List, items: Dictionary
        - group String Required, Unique Multicast Address.
          exclude List, items: Dictionary The same source must not be present both in exclude and include list.
            - source String Required, Unique
          include List, items: Dictionary The same source must not be present both in exclude and include list.
            - source String Required, Unique
      report_interval Integer Min: 1
Max: 31744
Time interval between unsolicited reports.
      access_lists List, items: Dictionary Non-standard Access List name.
        - name String Required, Unique
      version Integer Min: 1
Max: 3
IGMP version on IGMP host-proxy interface.
    peer String Key only used for documentation or validation purposes.
    peer_interface String Key only used for documentation or validation purposes.
    peer_type String Key only used for documentation or validation purposes.
    sflow Dictionary
      enable Boolean
      egress Dictionary
        enable Boolean
        unmodified_enable Boolean
    validate_state Boolean Set to false to disable interface validation by the eos_validate_state role.
    eos_cli String Multiline EOS CLI rendered directly on the port-channel interface in the final EOS configuration.
port_channel_interfaces:
  - name: <str; required; unique>
    description: <str>
    logging:
      event:
        link_status: <bool>

        # Discards due to storm-control.
        storm_control_discards: <bool>
    shutdown: <bool>

    # "l2_mtu" should only be defined for platforms supporting the "l2 mtu" CLI.
    l2_mtu: <int; 68-65535>

    # "l2_mru" should only be defined for platforms supporting the "l2 mru" CLI.
    l2_mru: <int; 68-65535>

    # List of switchport vlans as string.
    # For a trunk port this would be a range like "1-200,300".
    # For an access port this would be a single vlan "123".
    vlans: <str>
    snmp_trap_link_change: <bool>

    # l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
    # Interface will not be listed in device documentation, unless "type" is set.
    type: <str; "routed" | "switched" | "l3dot1q" | "l2dot1q">

    # VLAN tag to configure on sub-interface.
    encapsulation_dot1q_vlan: <int>

    # VRF name.
    vrf: <str>
    encapsulation_vlan:
      client:
        dot1q:

          # Client VLAN ID.
          vlan: <int>

          # Client Outer VLAN ID.
          outer: <int>

          # Client Inner VLAN ID.
          inner: <int>
        unmatched: <bool>

      # Network encapsulation are all optional, and skipped if using client unmatched.
      network:
        dot1q:

          # Network VLAN ID.
          vlan: <int>

          # Network Outer VLAN ID.
          outer: <int>

          # Network Inner VLAN ID.
          inner: <int>
        client: <bool>
    vlan_id: <int; 1-4094>
    mode: <str; "access" | "dot1q-tunnel" | "trunk" | "trunk phone">

    # If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
    native_vlan: <int>

    # If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
    native_vlan_tag: <bool; default=False>
    link_tracking_groups:

        # Group name.
      - name: <str; required; unique>
        direction: <str; "upstream" | "downstream">
    phone:
      trunk: <str; "tagged" | "untagged">
      vlan: <int; 1-4094>
    l2_protocol:

      # Vlan tag to configure on sub-interface.
      encapsulation_dot1q_vlan: <int>

      # L2 protocol forwarding profile.
      forwarding_profile: <str>
    mtu: <int; 68-65535>

    # MLAG ID.
    mlag: <int; 1-2000>
    trunk_groups:
      - <str>

    # Timeout in seconds.
    lacp_fallback_timeout: <int; 0-300; default=90>
    lacp_fallback_mode: <str; "individual" | "static">
    qos:
      trust: <str; "dscp" | "cos" | "disabled">

      # DSCP value.
      dscp: <int>

      # COS value.
      cos: <int>
    bfd:
      echo: <bool>

      # Interval in milliseconds.
      interval: <int>

      # Rate in milliseconds.
      min_rx: <int>
      multiplier: <int; 3-50>

      # IPv4 or IPv6 address. When the Port-channel is a L2 interface, a local L3 BFD address (router_bfd.local_address) has to be defined globally on the switch.
      neighbor: <str>
      per_link:
        enabled: <bool>
        rfc_7130: <bool>
    service_policy:
      pbr:

        # Policy Based Routing Policy-map name.
        input: <str>
      qos:

        # Quality of Service Policy-map name.
        input: <str; required>
    mpls:
      ip: <bool>
      ldp:
        interface: <bool>
        igp_sync: <bool>
    trunk_private_vlan_secondary: <bool>

    # List of vlans as string.
    pvlan_mapping: <str>
    vlan_translations:

        # List of vlans as string (only one vlan if direction is "both").
      - from: <str>

        # VLAN ID.
        to: <int>
        direction: <str; "in" | "out" | "both"; default="both">
    shape:

      # Rate in kbps, pps or percent.
      # Supported options are platform dependent.
      # Examples:
      # - "5000 kbps"
      # - "1000 pps"
      # - "20 percent"
      rate: <str>
    storm_control:
      all:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      broadcast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      multicast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      unknown_unicast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
    ip_proxy_arp: <bool>

    # ISIS instance.
    isis_enable: <str>

    # Enable BFD for ISIS.
    isis_bfd: <bool>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    isis_circuit_type: <str; "level-1-2" | "level-1" | "level-2">
    isis_hello_padding: <bool>
    isis_authentication_mode: <str; "text" | "md5">

    # Type-7 encrypted password.
    isis_authentication_key: <str>
    traffic_policy:

      # Ingress traffic policy.
      input: <str>

      # Egress traffic policy.
      output: <str>
    evpn_ethernet_segment:

      # EVPN Ethernet Segment Identifier (Type 1 format).
      identifier: <str>
      redundancy: <str; "all-active" | "single-active">
      designated_forwarder_election:
        algorithm: <str; "modulus" | "preference">

        # Preference_value is only used when "algorithm" is "preference".
        preference_value: <int; 0-65535>

        # Dont_preempt is only used when "algorithm" is "preference".
        dont_preempt: <bool; default=False>
        hold_time: <int>
        subsequent_hold_time: <int>
        candidate_reachability_required: <bool>
      mpls:
        shared_index: <int; 1-1024>
        tunnel_flood_filter_time: <int>

      # EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
      route_target: <str>

    # EVPN Ethernet Segment Identifier (Type 1 format).
    # If both "esi" and "evpn_ethernet_segment.identifier" are defined, the new variable takes precedence.
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>evpn_ethernet_segment.identifier</samp> instead.
    esi: <str>

    # EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
    # If both "rt" and "evpn_ethernet_segment.route_target" are defined, the new variable takes precedence.
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>evpn_ethernet_segment.route_target</samp> instead.
    rt: <str>

    # LACP ID with format xxxx.xxxx.xxxx.
    lacp_id: <str>
    spanning_tree_bpdufilter: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
    spanning_tree_bpduguard: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
    spanning_tree_guard: <str; "loop" | "root" | "disabled">
    spanning_tree_portfast: <str; "edge" | "network">
    vmtracer: <bool>
    ptp:
      enable: <bool>
      announce:
        interval: <int>
        timeout: <int>
      delay_req: <int>
      delay_mechanism: <str; "e2e" | "p2p">
      sync_message:
        interval: <int>
      role: <str; "master" | "dynamic">

      # VLAN can be 'all' or list of vlans as string.
      vlan: <str>
      transport: <str; "ipv4" | "ipv6" | "layer2">

      # When MPASS is enabled on an MLAG port-channel, MLAG peers coordinate to function as a single PTP logical device.
      # Arista PTP enabled devices always place PTP messages on the same physical link within the port-channel.
      # Hence, MPASS is needed only on MLAG port-channels connected to non-Arista devices.
      mpass: <bool>

    # IPv4 address/mask.
    ip_address: <str>
    ip_verify_unicast_source_reachable_via: <str; "any" | "rx">
    ip_nat:
      destination:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            pool_name: <str; required>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
      source:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>

            # required if 'nat_type' is pool, pool-address-only or pool-full-cone.
            # ignored if 'nat_type' is overload.
            pool_name: <str>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
    ipv6_enable: <bool>

    # IPv6 address/mask.
    ipv6_address: <str>

    # Link local IPv6 address/mask.
    ipv6_address_link_local: <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>
    ipv6_nd_prefixes:
      - ipv6_prefix: <str; required; unique>

        # Infinite or lifetime in seconds.
        valid_lifetime: <str>

        # Infinite or lifetime in seconds.
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>

    # Access list name.
    access_group_in: <str>

    # Access list name.
    access_group_out: <str>

    # IPv6 access list name.
    ipv6_access_group_in: <str>

    # IPv6 access list name.
    ipv6_access_group_out: <str>

    # MAC access list name.
    mac_access_group_in: <str>

    # MAC access list name.
    mac_access_group_out: <str>
    pim:
      ipv4:

        # Configure PIM border router. EOS default is false.
        border_router: <bool>
        dr_priority: <int; 0-429467295>
        sparse_mode: <bool>

        # Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
        bfd: <bool>
        bidirectional: <bool>
        hello:

          # Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
          count: <str>

          # PIM hello interval in seconds.
          interval: <int; 1-65535>

    # QOS profile.
    service_profile: <str>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str; "none" | "simple" | "message-digest">

    # Encrypted password.
    ospf_authentication_key: <str>
    ospf_message_digest_keys:
      - id: <int; required; unique>
        hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">

        # Encrypted password.
        key: <str>
    flow_tracker:

      # Sampled flow tracker name.
      sampled: <str>

      # Hardware flow tracker name.
      hardware: <str>
    bgp:

      # Name of session tracker.
      session_tracker: <str>
    ip_igmp_host_proxy:
      enabled: <bool>
      groups:

          # Multicast Address.
        - group: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          exclude:
            - source: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          include:
            - source: <str; required; unique>

      # Time interval between unsolicited reports.
      report_interval: <int; 1-31744>

      # Non-standard Access List name.
      access_lists:
        - name: <str; required; unique>

      # IGMP version on IGMP host-proxy interface.
      version: <int; 1-3>

    # Key only used for documentation or validation purposes.
    peer: <str>

    # Key only used for documentation or validation purposes.
    peer_interface: <str>

    # Key only used for documentation or validation purposes.
    peer_type: <str>
    sflow:
      enable: <bool>
      egress:
        enable: <bool>
        unmodified_enable: <bool>

    # Set to false to disable interface validation by the `eos_validate_state` role.
    validate_state: <bool>

    # Multiline EOS CLI rendered directly on the port-channel interface in the final EOS configuration.
    eos_cli: <str>

Switchport default

Variable Type Required Default Value Restrictions Description
switchport_default Dictionary
  mode String Valid Values:
- routed
- access
  phone Dictionary
    cos Integer Min: 0
Max: 7
    trunk String Valid Values:
- tagged
- untagged
    vlan Integer Min: 1
Max: 4094
VLAN ID.
switchport_default:
  mode: <str; "routed" | "access">
  phone:
    cos: <int; 0-7>
    trunk: <str; "tagged" | "untagged">

    # VLAN ID.
    vlan: <int; 1-4094>

Switchport port security

Variable Type Required Default Value Restrictions Description
switchport_port_security Dictionary
  mac_address Dictionary
    aging Boolean
    moveable Boolean
  persistence_disabled Boolean
  violation_protect_chip_based Boolean
switchport_port_security:
  mac_address:
    aging: <bool>
    moveable: <bool>
  persistence_disabled: <bool>
  violation_protect_chip_based: <bool>

Transceiver QSFP default mode 4x10

Variable Type Required Default Value Restrictions Description
transceiver_qsfp_default_mode_4x10 Boolean True On all front panel ports which support this feature, the following global configuration command changes the QSFP mode from 40G to 4x10G (default). When set to false the command reverts the default QSFP mode back to 40G.
# On all front panel ports which support this feature, the following global configuration command changes the QSFP mode from 40G to 4x10G (default). When set to false the command reverts the default QSFP mode back to 40G.
transceiver_qsfp_default_mode_4x10: <bool; default=True>

Tunnel interfaces

Variable Type Required Default Value Restrictions Description
tunnel_interfaces List, items: Dictionary
  - name String Required, Unique Tunnel Interface Name.
    description String
    shutdown Boolean
    mtu Integer Min: 68
Max: 65535
    vrf String VRF Name.
    ip_address String Format: ipv4_cidr IPv4_address/Mask.
    ipv6_enable Boolean
    ipv6_address String Format: ipv6_cidr IPv6_address/Mask.
    access_group_in String IPv4 ACL Name for ingress.
    access_group_out String IPv4 ACL Name for egress.
    ipv6_access_group_in String IPv6 ACL Name for ingress.
    ipv6_access_group_out String IPv6 ACL Name for egress.
    tcp_mss_ceiling Dictionary
      ipv4 Integer Min: 64
Max: 65495
Segment Size for IPv4.
      ipv6 Integer Min: 64
Max: 65475
Segment Size for IPv6.
      direction String Valid Values:
- ingress
- egress
Optional direction (‘ingress’, ‘egress’) for tcp mss ceiling.
    tunnel_mode String Valid Values:
- gre
- ipsec
Tunnel encapsulation method.
gre: Generic route encapsulation protocol,
ipsec: IPsec-over-IP encapsulation.
    source_interface String Tunnel Source Interface Name.
    destination String IPv4 or IPv6 Address Tunnel Destination.
    path_mtu_discovery Boolean Enable Path MTU Discovery On Tunnel.
    ipsec_profile String Used only when tunnel_mode is set to ipsec.
It must target a defined IPsec profile.
    nat_profile String NAT interface profile.
    eos_cli String Multiline String with EOS CLI rendered directly on the Tunnel interface in the final EOS configuration.
tunnel_interfaces:

    # Tunnel Interface Name.
  - name: <str; required; unique>
    description: <str>
    shutdown: <bool>
    mtu: <int; 68-65535>

    # VRF Name.
    vrf: <str>

    # IPv4_address/Mask.
    ip_address: <str>
    ipv6_enable: <bool>

    # IPv6_address/Mask.
    ipv6_address: <str>

    # IPv4 ACL Name for ingress.
    access_group_in: <str>

    # IPv4 ACL Name for egress.
    access_group_out: <str>

    # IPv6 ACL Name for ingress.
    ipv6_access_group_in: <str>

    # IPv6 ACL Name for egress.
    ipv6_access_group_out: <str>
    tcp_mss_ceiling:

      # Segment Size for IPv4.
      ipv4: <int; 64-65495>

      # Segment Size for IPv6.
      ipv6: <int; 64-65475>

      # Optional direction ('ingress', 'egress')  for tcp mss ceiling.
      direction: <str; "ingress" | "egress">

    # Tunnel encapsulation method.
    # `gre`: Generic route encapsulation protocol,
    # `ipsec`: IPsec-over-IP encapsulation.
    tunnel_mode: <str; "gre" | "ipsec">

    # Tunnel Source Interface Name.
    source_interface: <str>

    # IPv4 or IPv6 Address Tunnel Destination.
    destination: <str>

    # Enable Path MTU Discovery On Tunnel.
    path_mtu_discovery: <bool>

    # Used only when `tunnel_mode` is set to `ipsec`.
    # It must target a defined IPsec profile.
    ipsec_profile: <str>

    # NAT interface profile.
    nat_profile: <str>

    # Multiline String with EOS CLI rendered directly on the Tunnel interface in the final EOS configuration.
    eos_cli: <str>

VLAN interfaces

Variable Type Required Default Value Restrictions Description
vlan_interfaces List, items: Dictionary
  - name String Required, Unique VLAN interface name like “Vlan123”.
    description String
    logging Dictionary
      event Dictionary
        link_status Boolean
    shutdown Boolean
    vrf String VRF name.
    arp_aging_timeout Integer Min: 1
Max: 65535
In seconds.
    arp_cache_dynamic_capacity Integer Min: 0
Max: 4294967295
    arp_gratuitous_accept Boolean
    arp_monitor_mac_address Boolean
    ip_proxy_arp Boolean
    ip_directed_broadcast Boolean
    ip_address String IPv4_address/Mask.
    ip_address_secondaries List, items: String
      - <str> String IPv4_address/Mask.
    ip_virtual_router_addresses List, items: String
      - <str> String IPv4 address or IPv4_address/Mask.
    ip_address_virtual String IPv4_address/Mask.
    ip_address_virtual_secondaries List, items: String
      - <str> String IPv4_address/Mask.
    ip_verify_unicast_source_reachable_via String Valid Values:
- any
- rx
    ip_igmp Boolean
    ip_igmp_version Integer Min: 1
Max: 3
    ip_igmp_host_proxy Dictionary
      enabled Boolean
      groups List, items: Dictionary
        - group String Required, Unique Multicast Address.
          exclude List, items: Dictionary The same source must not be present both in exclude and include list.
            - source String Required, Unique
          include List, items: Dictionary The same source must not be present both in exclude and include list.
            - source String Required, Unique
      report_interval Integer Min: 1
Max: 31744
Time interval between unsolicited reports.
      access_lists List, items: Dictionary Non-standard Access List name.
        - name String Required, Unique
      version Integer Min: 1
Max: 3
IGMP version on IGMP host-proxy interface.
    ip_helpers List, items: Dictionary List of DHCP servers.
      - ip_helper String Required, Unique IP address or hostname of DHCP server.
        source_interface String Interface used as source for forwarded DHCP packets.
        vrf String VRF where DHCP server can be reached.
    ip_dhcp_relay_all_subnets Boolean Allow forwarding requests with secondary IP addresses in the gateway address “giaddr” field.
    ip_nat Dictionary
      destination Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            pool_name String Required
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive.
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive.
            original_ip String IPv4 address. The combination of original_ip and original_port must be unique.
            original_port Integer Min: 1
Max: 65535
TCP/UDP port. The combination of original_ip and original_port must be unique.
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address.
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’.
      source Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            nat_type String Required Valid Values:
- overload
- pool
- pool-address-only
- pool-full-cone
            pool_name String required if ‘nat_type’ is pool, pool-address-only or pool-full-cone.
ignored if ‘nat_type’ is overload.
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive.
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive.
            original_ip String IPv4 address. The combination of original_ip and original_port must be unique.
            original_port Integer Min: 1
Max: 65535
TCP/UDP port. The combination of original_ip and original_port must be unique.
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address.
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’.
    ipv6_enable Boolean
    ipv6_address String IPv6_address/Mask.
    ipv6_address_virtual deprecated String IPv6_address/Mask.
If both “ipv6_address_virtual” and “ipv6_address_virtuals” are set, all addresses will be configured.
This key is deprecated. Support will be removed in AVD version 5.0.0. Use ipv6_address_virtuals instead.
    ipv6_address_virtuals List, items: String The new “ipv6_address_virtuals” key support multiple virtual ipv6 addresses.
      - <str> String IPv6_address/Mask.
    ipv6_address_link_local String IPv6_address/Mask.
    ipv6_virtual_router_address deprecated String “ipv6_virtual_router_address” should not be mixed with
the new “ipv6_virtual_router_addresses” key below to avoid conflicts.
This key is deprecated. Support will be removed in AVD version 5.0.0. Use ipv6_virtual_router_addresses instead.
    ipv6_virtual_router_addresses List, items: String Improved “VARPv6” data model to support multiple VARPv6 addresses.
      - <str> String IPv6 address or IPv6_address/Mask.
    ipv6_nd_ra_disabled Boolean
    ipv6_nd_managed_config_flag Boolean
    ipv6_nd_other_config_flag Boolean Set the “other stateful configuration” flag in IPv6 router advertisements.
    ipv6_nd_cache Dictionary IPv6 neighbor cache options.
      dynamic_capacity Integer Min: 0
Max: 4294967295
Capacity of dynamic cache entries.
      expire Integer Min: 1
Max: 65535
Cache entries expirery in seconds.
      refresh_always Boolean Force refresh on cache expiry.
    ipv6_nd_prefixes List, items: Dictionary
      - ipv6_prefix String Required, Unique IPv6_address/Mask.
        valid_lifetime String In seconds <0-4294967295> or infinite.
        preferred_lifetime String In seconds <0-4294967295> or infinite.
        no_autoconfig_flag Boolean
    ipv6_dhcp_relay_destinations List, items: Dictionary
      - address String Required, Unique DHCP server’s IPv6 address.
        vrf String
        local_interface String Local interface to communicate with DHCP server - mutually exclusive to source_address.
        source_address String Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface.
        link_address String Override the default link address specified in the relayed DHCP packet.
    ipv6_dhcp_relay_all_subnets Boolean Allow forwarding requests with additional IPv6 addresses in the gateway address “giaddr” field.
    access_group_in String IPv4 access-list name.
    access_group_out String IPv4 access-list name.
    ipv6_access_group_in String IPv6 access-list name.
    ipv6_access_group_out String IPv6 access-list name.
    multicast Dictionary
      ipv4 Dictionary
        boundaries List, items: Dictionary Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
          - boundary String Required, Unique IPv4 access-list name or IPv4 multicast group prefix with mask.
            out Boolean
        source_route_export Dictionary
          enabled Boolean Required
          administrative_distance Integer Min: 1
Max: 255
        static Boolean
      ipv6 Dictionary
        boundaries List, items: Dictionary Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
          - boundary String Required, Unique IPv6 access-list name or IPv6 multicast group prefix with mask.
        source_route_export Dictionary
          enabled Boolean Required
          administrative_distance Integer Min: 1
Max: 255
        static Boolean
    ospf_network_point_to_point Boolean
    ospf_area String
    ospf_cost Integer
    ospf_authentication String Valid Values:
- none
- simple
- message-digest
    ospf_authentication_key String Encrypted password used for simple authentication.
    ospf_message_digest_keys List, items: Dictionary Keys used for message-digest authentication.
      - id Integer Required, Unique
        hash_algorithm String Valid Values:
- md5
- sha1
- sha256
- sha384
- sha512
        key String Encrypted password.
    pim Dictionary
      ipv4 Dictionary
        border_router Boolean Configure PIM border router. EOS default is false.
        dr_priority Integer Min: 0
Max: 429467295
        sparse_mode Boolean
        local_interface String
        bfd Boolean Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
        bidirectional Boolean
        hello Dictionary
          count String Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
          interval Integer Min: 1
Max: 65535
PIM hello interval in seconds.
    isis_enable String ISIS instance name.
    isis_bfd Boolean Enable BFD for ISIS.
    isis_passive Boolean
    isis_metric Integer
    isis_network_point_to_point Boolean
    mtu Integer
    no_autostate Boolean
    vrrp_ids List, items: Dictionary Improved “vrrp” data model to support multiple VRRP IDs.
      - id Integer Required, Unique VRID.
        priority_level Integer Min: 1
Max: 254
Instance priority.
        advertisement Dictionary
          interval Integer Min: 1
Max: 255
Interval in seconds.
        preempt Dictionary
          enabled Boolean Required
          delay Dictionary
            minimum Integer Min: 0
Max: 3600
Minimum preempt delay in seconds.
            reload Integer Min: 0
Max: 3600
Reload preempt delay in seconds.
        timers Dictionary
          delay Dictionary
            reload Integer Min: 0
Max: 3600
Delay after reload in seconds.
        tracked_object List, items: Dictionary
          - name String Required, Unique Tracked object name.
            decrement Integer Min: 1
Max: 254
Decrement VRRP priority by 1-254.
            shutdown Boolean
        ipv4 Dictionary
          address String Required Virtual IPv4 address.
          version Integer Valid Values:
- 2
- 3
        ipv6 Dictionary
          address String Required Virtual IPv6 address.
    vrrp deprecated Dictionary “vrrp” should not be mixed with the new “vrrp_ids” key above to avoid conflicts.
This key is deprecated. Support will be removed in AVD version 5.0.0. Use vrrp_ids instead.
      virtual_router String Virtual Router ID.
      priority Integer Instance priority.
      advertisement_interval Integer
      preempt_delay_minimum Integer
      ipv4 String Virtual IPv4 address.
      ipv6 String Virtual IPv6 address.
    ip_attached_host_route_export Dictionary
      enabled Boolean Required
      distance Integer Min: 1
Max: 255
    ipv6_attached_host_route_export Dictionary
      enabled Boolean Required
      distance Integer Min: 1
Max: 255
Administrative distance for generated routes.
      prefix_length Integer Min: 0
Max: 128
Prefix length for generated routes.
    bfd Dictionary
      echo Boolean
      interval Integer Rate in milliseconds.
      min_rx Integer Minimum RX hold time in milliseconds.
      multiplier Integer Min: 3
Max: 50
    service_policy Dictionary
      pbr Dictionary
        input String Name of policy-map used for policy based routing.
    pvlan_mapping String List of VLANs as string.
    tenant String Key only used for documentation or validation purposes.
    tags List, items: String Key only used for documentation or validation purposes.
      - <str> String
    type String Key only used for documentation or validation purposes.
    eos_cli String Multiline EOS CLI rendered directly on the VLAN interface in the final EOS configuration.
vlan_interfaces:

    # VLAN interface name like "Vlan123".
  - name: <str; required; unique>
    description: <str>
    logging:
      event:
        link_status: <bool>
    shutdown: <bool>

    # VRF name.
    vrf: <str>

    # In seconds.
    arp_aging_timeout: <int; 1-65535>
    arp_cache_dynamic_capacity: <int; 0-4294967295>
    arp_gratuitous_accept: <bool>
    arp_monitor_mac_address: <bool>
    ip_proxy_arp: <bool>
    ip_directed_broadcast: <bool>

    # IPv4_address/Mask.
    ip_address: <str>
    ip_address_secondaries:

        # IPv4_address/Mask.
      - <str>
    ip_virtual_router_addresses:

        # IPv4 address or IPv4_address/Mask.
      - <str>

    # IPv4_address/Mask.
    ip_address_virtual: <str>
    ip_address_virtual_secondaries:

        # IPv4_address/Mask.
      - <str>
    ip_verify_unicast_source_reachable_via: <str; "any" | "rx">
    ip_igmp: <bool>
    ip_igmp_version: <int; 1-3>
    ip_igmp_host_proxy:
      enabled: <bool>
      groups:

          # Multicast Address.
        - group: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          exclude:
            - source: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          include:
            - source: <str; required; unique>

      # Time interval between unsolicited reports.
      report_interval: <int; 1-31744>

      # Non-standard Access List name.
      access_lists:
        - name: <str; required; unique>

      # IGMP version on IGMP host-proxy interface.
      version: <int; 1-3>

    # List of DHCP servers.
    ip_helpers:

        # IP address or hostname of DHCP server.
      - ip_helper: <str; required; unique>

        # Interface used as source for forwarded DHCP packets.
        source_interface: <str>

        # VRF where DHCP server can be reached.
        vrf: <str>

    # Allow forwarding requests with secondary IP addresses in the gateway address "giaddr" field.
    ip_dhcp_relay_all_subnets: <bool>
    ip_nat:
      destination:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            pool_name: <str; required>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
      source:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>

            # required if 'nat_type' is pool, pool-address-only or pool-full-cone.
            # ignored if 'nat_type' is overload.
            pool_name: <str>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
    ipv6_enable: <bool>

    # IPv6_address/Mask.
    ipv6_address: <str>

    # IPv6_address/Mask.
    # If both "ipv6_address_virtual" and "ipv6_address_virtuals" are set, all addresses will be configured.
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>ipv6_address_virtuals</samp> instead.
    ipv6_address_virtual: <str>

    # The new "ipv6_address_virtuals" key support multiple virtual ipv6 addresses.
    ipv6_address_virtuals:

        # IPv6_address/Mask.
      - <str>

    # IPv6_address/Mask.
    ipv6_address_link_local: <str>

    # "ipv6_virtual_router_address" should not be mixed with
    # the new "ipv6_virtual_router_addresses" key below to avoid conflicts.
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>ipv6_virtual_router_addresses</samp> instead.
    ipv6_virtual_router_address: <str>

    # Improved "VARPv6" data model to support multiple VARPv6 addresses.
    ipv6_virtual_router_addresses:

        # IPv6 address or IPv6_address/Mask.
      - <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>

    # Set the "other stateful configuration" flag in IPv6 router advertisements.
    ipv6_nd_other_config_flag: <bool>

    # IPv6 neighbor cache options.
    ipv6_nd_cache:

      # Capacity of dynamic cache entries.
      dynamic_capacity: <int; 0-4294967295>

      # Cache entries expirery in seconds.
      expire: <int; 1-65535>

      # Force refresh on cache expiry.
      refresh_always: <bool>
    ipv6_nd_prefixes:

        # IPv6_address/Mask.
      - ipv6_prefix: <str; required; unique>

        # In seconds <0-4294967295> or infinite.
        valid_lifetime: <str>

        # In seconds <0-4294967295> or infinite.
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>
    ipv6_dhcp_relay_destinations:

        # DHCP server's IPv6 address.
      - address: <str; required; unique>
        vrf: <str>

        # Local interface to communicate with DHCP server - mutually exclusive to source_address.
        local_interface: <str>

        # Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface.
        source_address: <str>

        # Override the default link address specified in the relayed DHCP packet.
        link_address: <str>

    # Allow forwarding requests with additional IPv6 addresses in the gateway address "giaddr" field.
    ipv6_dhcp_relay_all_subnets: <bool>

    # IPv4 access-list name.
    access_group_in: <str>

    # IPv4 access-list name.
    access_group_out: <str>

    # IPv6 access-list name.
    ipv6_access_group_in: <str>

    # IPv6 access-list name.
    ipv6_access_group_out: <str>
    multicast:
      ipv4:

        # Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
        boundaries:

            # IPv4 access-list name or IPv4 multicast group prefix with mask.
          - boundary: <str; required; unique>
            out: <bool>
        source_route_export:
          enabled: <bool; required>
          administrative_distance: <int; 1-255>
        static: <bool>
      ipv6:

        # Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
        boundaries:

            # IPv6 access-list name or IPv6 multicast group prefix with mask.
          - boundary: <str; required; unique>
        source_route_export:
          enabled: <bool; required>
          administrative_distance: <int; 1-255>
        static: <bool>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str; "none" | "simple" | "message-digest">

    # Encrypted password used for simple authentication.
    ospf_authentication_key: <str>

    # Keys used for message-digest authentication.
    ospf_message_digest_keys:
      - id: <int; required; unique>
        hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">

        # Encrypted password.
        key: <str>
    pim:
      ipv4:

        # Configure PIM border router. EOS default is false.
        border_router: <bool>
        dr_priority: <int; 0-429467295>
        sparse_mode: <bool>
        local_interface: <str>

        # Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
        bfd: <bool>
        bidirectional: <bool>
        hello:

          # Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
          count: <str>

          # PIM hello interval in seconds.
          interval: <int; 1-65535>

    # ISIS instance name.
    isis_enable: <str>

    # Enable BFD for ISIS.
    isis_bfd: <bool>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    mtu: <int>
    no_autostate: <bool>

    # Improved "vrrp" data model to support multiple VRRP IDs.
    vrrp_ids:

        # VRID.
      - id: <int; required; unique>

        # Instance priority.
        priority_level: <int; 1-254>
        advertisement:

          # Interval in seconds.
          interval: <int; 1-255>
        preempt:
          enabled: <bool; required>
          delay:

            # Minimum preempt delay in seconds.
            minimum: <int; 0-3600>

            # Reload preempt delay in seconds.
            reload: <int; 0-3600>
        timers:
          delay:

            # Delay after reload in seconds.
            reload: <int; 0-3600>
        tracked_object:

            # Tracked object name.
          - name: <str; required; unique>

            # Decrement VRRP priority by 1-254.
            decrement: <int; 1-254>
            shutdown: <bool>
        ipv4:

          # Virtual IPv4 address.
          address: <str; required>
          version: <int; 2 | 3>
        ipv6:

          # Virtual IPv6 address.
          address: <str; required>

    # "vrrp" should not be mixed with the new "vrrp_ids" key above to avoid conflicts.
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>vrrp_ids</samp> instead.
    vrrp:

      # Virtual Router ID.
      virtual_router: <str>

      # Instance priority.
      priority: <int>
      advertisement_interval: <int>
      preempt_delay_minimum: <int>

      # Virtual IPv4 address.
      ipv4: <str>

      # Virtual IPv6 address.
      ipv6: <str>
    ip_attached_host_route_export:
      enabled: <bool; required>
      distance: <int; 1-255>
    ipv6_attached_host_route_export:
      enabled: <bool; required>

      # Administrative distance for generated routes.
      distance: <int; 1-255>

      # Prefix length for generated routes.
      prefix_length: <int; 0-128>
    bfd:
      echo: <bool>

      # Rate in milliseconds.
      interval: <int>

      # Minimum RX hold time in milliseconds.
      min_rx: <int>
      multiplier: <int; 3-50>
    service_policy:
      pbr:

        # Name of policy-map used for policy based routing.
        input: <str>

    # List of VLANs as string.
    pvlan_mapping: <str>

    # Key only used for documentation or validation purposes.
    tenant: <str>

    # Key only used for documentation or validation purposes.
    tags:
      - <str>

    # Key only used for documentation or validation purposes.
    type: <str>

    # Multiline EOS CLI rendered directly on the VLAN interface in the final EOS configuration.
    eos_cli: <str>

VXLAN interface

Variable Type Required Default Value Restrictions Description
vxlan_interface Dictionary
  Vxlan1 Dictionary
    description String
    vxlan Dictionary
      source_interface String Source Interface Name.
      multicast Dictionary
        headend_replication Boolean
      controller_client Dictionary Client to CVX Controllers.
        enabled Boolean
      mlag_source_interface String
      udp_port Integer
      vtep_to_vtep_bridging Boolean Enable bridging between different VTEPs in vxlan overlay.
      virtual_router_encapsulation_mac_address String “mlag-system-id” or ethernet_address (H.H.H).
      bfd_vtep_evpn Dictionary
        interval Integer
        min_rx Integer
        multiplier Integer Min: 3
Max: 50
        prefix_list String
      qos Dictionary For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in “DSCP Trust” mode.
!!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping.
        dscp_propagation_encapsulation Boolean
        ecn_propagation Boolean Enable copying the ECN marking to/from encapsulated packets.
        map_dscp_to_traffic_class_decapsulation Boolean
      vlans List, items: Dictionary
        - id Integer Required, Unique VLAN ID.
          vni Integer
          multicast_group String IP Multicast Group Address.
          flood_vteps List, items: String
            - <str> String Remote VTEP IP Address.
      vrfs List, items: Dictionary
        - name String Required, Unique VRF Name.
          vni Integer
          multicast_group String IP Multicast Group Address.
      flood_vteps List, items: String
        - <str> String Remote VTEP IP Address.
      flood_vtep_learned_data_plane Boolean
    eos_cli String Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration.
vxlan_interface:
  Vxlan1:
    description: <str>
    vxlan:

      # Source Interface Name.
      source_interface: <str>
      multicast:
        headend_replication: <bool>

      # Client to CVX Controllers.
      controller_client:
        enabled: <bool>
      mlag_source_interface: <str>
      udp_port: <int>

      # Enable bridging between different VTEPs in vxlan overlay.
      vtep_to_vtep_bridging: <bool>

      # "mlag-system-id" or ethernet_address (H.H.H).
      virtual_router_encapsulation_mac_address: <str>
      bfd_vtep_evpn:
        interval: <int>
        min_rx: <int>
        multiplier: <int; 3-50>
        prefix_list: <str>

      # For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in "DSCP Trust" mode.
      # !!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping.
      qos:
        dscp_propagation_encapsulation: <bool>

        # Enable copying the ECN marking to/from encapsulated packets.
        ecn_propagation: <bool>
        map_dscp_to_traffic_class_decapsulation: <bool>
      vlans:

          # VLAN ID.
        - id: <int; required; unique>
          vni: <int>

          # IP Multicast Group Address.
          multicast_group: <str>
          flood_vteps:

              # Remote VTEP IP Address.
            - <str>
      vrfs:

          # VRF Name.
        - name: <str; required; unique>
          vni: <int>

          # IP Multicast Group Address.
          multicast_group: <str>
      flood_vteps:

          # Remote VTEP IP Address.
        - <str>
      flood_vtep_learned_data_plane: <bool>

    # Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration.
    eos_cli: <str>

Maintenance Mode

BGP groups

Variable Type Required Default Value Restrictions Description
bgp_groups List, items: Dictionary
  - name String Required, Unique Group Name.
    vrf String
    neighbors List, items: String
      - <str> String
    bgp_maintenance_profiles List, items: String
      - <str> String Profile Name.
bgp_groups:

    # Group Name.
  - name: <str; required; unique>
    vrf: <str>
    neighbors:
      - <str>
    bgp_maintenance_profiles:

        # Profile Name.
      - <str>

Interface groups

Variable Type Required Default Value Restrictions Description
interface_groups List, items: Dictionary
  - name String Required, Unique Interface-Group name.
    interfaces List, items: String
      - <str> String Interface Name.
    bgp_maintenance_profiles List, items: String
      - <str> String Name of BGP Maintenance Profile.
    interface_maintenance_profiles List, items: String
      - <str> String Name of Interface Maintenance Profile.
interface_groups:

    # Interface-Group name.
  - name: <str; required; unique>
    interfaces:

        # Interface Name.
      - <str>
    bgp_maintenance_profiles:

        # Name of BGP Maintenance Profile.
      - <str>
    interface_maintenance_profiles:

        # Name of Interface Maintenance Profile.
      - <str>

Maintenance

Variable Type Required Default Value Restrictions Description
maintenance Dictionary
  default_interface_profile String Name of default Interface Profile.
  default_bgp_profile String Name of default BGP Profile.
  default_unit_profile String Name of default Unit Profile.
  interface_profiles List, items: Dictionary
    - name String Required, Unique
      rate_monitoring Dictionary
        load_interval Integer Load Interval in Seconds.
        threshold Integer Threshold in kbps.
      shutdown Dictionary
        max_delay Integer Max delay in seconds.
  bgp_profiles List, items: Dictionary
    - name String Required, Unique BGP Profile Name.
      initiator Dictionary
        route_map_inout String Route Map.
  unit_profiles List, items: Dictionary
    - name String Required, Unique Unit Profile Name.
      on_boot Dictionary
        duration Integer Min: 300
Max: 3600
On-boot in seconds.
  units List, items: Dictionary
    - name String Required, Unique Unit Name.
      quiesce Boolean
      profile String Name of Unit Profile.
      groups Dictionary
        bgp_groups List, items: String
          - <str> String Name of BGP Group.
        interface_groups List, items: String
          - <str> String Name of Interface Group.
maintenance:

  # Name of default Interface Profile.
  default_interface_profile: <str>

  # Name of default BGP Profile.
  default_bgp_profile: <str>

  # Name of default Unit Profile.
  default_unit_profile: <str>
  interface_profiles:
    - name: <str; required; unique>
      rate_monitoring:

        # Load Interval in Seconds.
        load_interval: <int>

        # Threshold in kbps.
        threshold: <int>
      shutdown:

        # Max delay in seconds.
        max_delay: <int>
  bgp_profiles:

      # BGP Profile Name.
    - name: <str; required; unique>
      initiator:

        # Route Map.
        route_map_inout: <str>
  unit_profiles:

      # Unit Profile Name.
    - name: <str; required; unique>
      on_boot:

        # On-boot in seconds.
        duration: <int; 300-3600>
  units:

      # Unit Name.
    - name: <str; required; unique>
      quiesce: <bool>

      # Name of Unit Profile.
      profile: <str>
      groups:
        bgp_groups:

            # Name of BGP Group.
          - <str>
        interface_groups:

            # Name of Interface Group.
          - <str>

Management

Aliases

Variable Type Required Default Value Restrictions Description
aliases String Multi-line string with one or more alias commands.

Example:

yaml<br>aliases: |<br> alias wr copy running-config startup-config<br> alias siib show ip interface brief<br>
# Multi-line string with one or more alias commands.
#
# Example:
#
# ```yaml
# aliases: |
#   alias wr copy running-config startup-config
#   alias siib show ip interface brief
# ```
aliases: <str>

Banners

Variable Type Required Default Value Restrictions Description
banners Dictionary
  login String Multiline string ending with EOF on the last line.
  motd String Multiline string ending with EOF on the last line.
banners:

  # Multiline string ending with EOF on the last line.
  login: <str>

  # Multiline string ending with EOF on the last line.
  motd: <str>

Boot

Variable Type Required Default Value Restrictions Description
boot Dictionary Set the Aboot password.
  secret Dictionary
    hash_algorithm String sha512 Valid Values:
- md5
- sha512
    key String Hashed Password.
# Set the Aboot password.
boot:
  secret:
    hash_algorithm: <str; "md5" | "sha512"; default="sha512">

    # Hashed Password.
    key: <str>

Clock

Variable Type Required Default Value Restrictions Description
clock Dictionary
  timezone String
clock:
  timezone: <str>

DNS domain

Variable Type Required Default Value Restrictions Description
dns_domain String Domain Name.
# Domain Name.
dns_domain: <str>

Domain-list

Variable Type Required Default Value Restrictions Description
domain_list List, items: String Search list of DNS domains.
  - <str> String Domain name.
# Search list of DNS domains.
domain_list:

    # Domain name.
  - <str>

Hostname

Variable Type Required Default Value Restrictions Description
hostname String
hostname: <str>

IP domain lookup

Variable Type Required Default Value Restrictions Description
ip_domain_lookup Dictionary
  source_interfaces List, items: Dictionary
    - name String Required, Unique Source Interface.
      vrf String
ip_domain_lookup:
  source_interfaces:

      # Source Interface.
    - name: <str; required; unique>
      vrf: <str>

IP HTTP client source-interfaces

Variable Type Required Default Value Restrictions Description
ip_http_client_source_interfaces List, items: Dictionary
  - name String Interface Name.
    vrf String
ip_http_client_source_interfaces:

    # Interface Name.
  - name: <str>
    vrf: <str>

IP name servers

Variable Type Required Default Value Restrictions Description
ip_name_servers List, items: Dictionary
  - ip_address String IPv4 or IPv6 address for DNS server.
    vrf String VRF Name.
    priority Integer Min: 0
Max: 4
Priority value (lower is first).
ip_name_servers:

    # IPv4 or IPv6 address for DNS server.
  - ip_address: <str>

    # VRF Name.
    vrf: <str>

    # Priority value (lower is first).
    priority: <int; 0-4>

IP SSH client source-interfaces

Variable Type Required Default Value Restrictions Description
ip_ssh_client_source_interfaces List, items: Dictionary
  - name String Interface Name.
    vrf String default
ip_ssh_client_source_interfaces:

    # Interface Name.
  - name: <str>
    vrf: <str; default="default">

Management accounts

Variable Type Required Default Value Restrictions Description
management_accounts Dictionary
  password Dictionary
    policy String
management_accounts:
  password:
    policy: <str>

Management API HTTP

Variable Type Required Default Value Restrictions Description
management_api_http Dictionary
  enable_http Boolean
  enable_https Boolean
  https_ssl_profile String SSL Profile Name.
  default_services Boolean Enable default services: capi-doc and tapagg.
  enable_vrfs List, items: Dictionary
    - name String Required, Unique VRF Name.
      access_group String Standard IPv4 ACL name.
      ipv6_access_group String Standard IPv6 ACL name.
  protocol_https_certificate Dictionary
    certificate String Name of certificate; private key must also be specified.
    private_key String Name of private key; certificate must also be specified.
management_api_http:
  enable_http: <bool>
  enable_https: <bool>

  # SSL Profile Name.
  https_ssl_profile: <str>

  # Enable default services: capi-doc and tapagg.
  default_services: <bool>
  enable_vrfs:

      # VRF Name.
    - name: <str; required; unique>

      # Standard IPv4 ACL name.
      access_group: <str>

      # Standard IPv6 ACL name.
      ipv6_access_group: <str>
  protocol_https_certificate:

    # Name of certificate; private key must also be specified.
    certificate: <str>

    # Name of private key; certificate must also be specified.
    private_key: <str>

Management API models

Variable Type Required Default Value Restrictions Description
management_api_models Dictionary
  providers List, items: Dictionary
    - name String Valid Values:
- sysdb
- smash
      paths List, items: Dictionary
        - path String
          disabled Boolean False
management_api_models:
  providers:
    - name: <str; "sysdb" | "smash">
      paths:
        - path: <str>
          disabled: <bool; default=False>

Management console

Variable Type Required Default Value Restrictions Description
management_console Dictionary
  idle_timeout Integer Min: 0
Max: 86400
management_console:
  idle_timeout: <int; 0-86400>

Management defaults

Variable Type Required Default Value Restrictions Description
management_defaults Dictionary
  secret Dictionary
    hash String Valid Values:
- md5
- sha512
management_defaults:
  secret:
    hash: <str; "md5" | "sha512">

Management security

Variable Type Required Default Value Restrictions Description
management_security Dictionary
  entropy_source deprecated String This key is deprecated. Support will be removed in AVD version v5.0.0. Use entropy_sources instead.
  entropy_sources Dictionary Source of entropy.
    hardware Boolean Use a hardware based source.
    haveged Boolean Use the HAVEGE algorithm.
    cpu_jitter Boolean Use the Jitter RNG algorithm of a CPU based source.
    hardware_exclusive Boolean Only use entropy from the hardware source.
  password Dictionary
    minimum_length Integer Min: 1
Max: 32
    encryption_key_common Boolean
    encryption_reversible String
    policies List, items: Dictionary
      - name String Required, Unique
        minimum Dictionary
          digits Integer Min: 1
Max: 65535
          length Integer Min: 1
Max: 65535
          lower Integer Min: 1
Max: 65535
          special Integer Min: 1
Max: 65535
          upper Integer Min: 1
Max: 65535
        maximum Dictionary
          repetitive Integer Min: 1
Max: 65535
          sequential Integer Min: 1
Max: 65535
  ssl_profiles List, items: Dictionary
    - name String
      tls_versions String List of allowed TLS versions as string.
Examples:
- “1.0”
- “1.0 1.1”
      cipher_list String cipher_list syntax follows the openssl cipher strings format.
Colon (:) separated list of allowed ciphers as a string.
      trust_certificate Dictionary
        certificates List, items: String List of trust certificate names.
Examples:
- test1.crt
- test2.crt
          - <str> String
        requirement Dictionary
          basic_constraint_ca Boolean
          hostname_fqdn Boolean Enforce hostname to be FQDN without wildcard.
        policy_expiry_date_ignore Boolean
        system Boolean Use system-supplied trust certificates.
      chain_certificate Dictionary
        certificates List, items: String List of chain certificate names.
Examples:
- chain1.crt
- chain2.crt
          - <str> String
        requirement Dictionary
          basic_constraint_ca Boolean
          include_root_ca Boolean
      certificate Dictionary
        file String
        key String
      certificate_revocation_lists List, items: String List of CRLs (Certificate Revocation List).
If specified, one CRL needs to be provided for every certificate in the chain, even if the revocation list in the CRL is empty.
        - <str> String
  shared_secret_profiles List, items: Dictionary
    - profile String Required, Unique
      secrets List, items: Dictionary
        - name String Required, Unique
          secret String Required
          secret_type String 7 Valid Values:
- 0
- 7
- 8a
          receive_lifetime Dictionary Required
            infinite Boolean
            start_date_time String Start date and time of lifetime of the secret. End date should be greater than start date.
Formats supported:
1. mm/dd/yyyy hh:mm:ss
2. yyyy-mm-dd hh:mm:ss
e.g 2024-12-20 10:00:00
            end_date_time String End date and time of lifetime of the secret. End date should be greater than start date.
Formats supported:
1. mm/dd/yyyy hh:mm:ss
2. yyyy-mm-dd hh:mm:ss
e.g 2024-12-20 10:00:00
          transmit_lifetime Dictionary Required
            infinite Boolean
            start_date_time String Start date and time of lifetime of the secret. End date should be greater than start date.
Formats supported:
1. mm/dd/yyyy hh:mm:ss
2. yyyy-mm-dd hh:mm:ss
e.g 2024-12-20 10:00:00
            end_date_time String End date and time of lifetime of the secret. End date should be greater than start date.
Formats supported:
1. mm/dd/yyyy hh:mm:ss
2. yyyy-mm-dd hh:mm:ss
e.g 2024-12-20 10:00:00
          local_time Boolean Configuring secret using the local timezone from system clock. Default is UTC.
management_security:
  # This key is deprecated.
  # Support will be removed in AVD version v5.0.0.
  # Use <samp>entropy_sources</samp> instead.
  entropy_source: <str>

  # Source of entropy.
  entropy_sources:

    # Use a hardware based source.
    hardware: <bool>

    # Use the HAVEGE algorithm.
    haveged: <bool>

    # Use the Jitter RNG algorithm of a CPU based source.
    cpu_jitter: <bool>

    # Only use entropy from the hardware source.
    hardware_exclusive: <bool>
  password:
    minimum_length: <int; 1-32>
    encryption_key_common: <bool>
    encryption_reversible: <str>
    policies:
      - name: <str; required; unique>
        minimum:
          digits: <int; 1-65535>
          length: <int; 1-65535>
          lower: <int; 1-65535>
          special: <int; 1-65535>
          upper: <int; 1-65535>
        maximum:
          repetitive: <int; 1-65535>
          sequential: <int; 1-65535>
  ssl_profiles:
    - name: <str>

      # List of allowed TLS versions as string.
      # Examples:
      #   - "1.0"
      #   - "1.0 1.1"
      tls_versions: <str>

      # cipher_list syntax follows the openssl cipher strings format.
      # Colon (:) separated list of allowed ciphers as a string.
      cipher_list: <str>
      trust_certificate:

        # List of trust certificate names.
        # Examples:
        #   - test1.crt
        #   - test2.crt
        certificates:
          - <str>
        requirement:
          basic_constraint_ca: <bool>

          # Enforce hostname to be FQDN without wildcard.
          hostname_fqdn: <bool>
        policy_expiry_date_ignore: <bool>

        # Use system-supplied trust certificates.
        system: <bool>
      chain_certificate:

        # List of chain certificate names.
        # Examples:
        #   - chain1.crt
        #   - chain2.crt
        certificates:
          - <str>
        requirement:
          basic_constraint_ca: <bool>
          include_root_ca: <bool>
      certificate:
        file: <str>
        key: <str>

      # List of CRLs (Certificate Revocation List).
      # If specified, one CRL needs to be provided for every certificate in the chain, even if the revocation list in the CRL is empty.
      certificate_revocation_lists:
        - <str>
  shared_secret_profiles:
    - profile: <str; required; unique>
      secrets:
        - name: <str; required; unique>
          secret: <str; required>
          secret_type: <str; "0" | "7" | "8a"; default="7">
          receive_lifetime: # required
            infinite: <bool>

            # Start date and time of lifetime of the secret. End date should be greater than start date.
            # Formats supported:
            # 1. mm/dd/yyyy hh:mm:ss
            # 2. yyyy-mm-dd hh:mm:ss
            # e.g 2024-12-20 10:00:00
            start_date_time: <str>

            # End date and time of lifetime of the secret. End date should be greater than start date.
            # Formats supported:
            # 1. mm/dd/yyyy hh:mm:ss
            # 2. yyyy-mm-dd hh:mm:ss
            # e.g 2024-12-20 10:00:00
            end_date_time: <str>
          transmit_lifetime: # required
            infinite: <bool>

            # Start date and time of lifetime of the secret. End date should be greater than start date.
            # Formats supported:
            # 1. mm/dd/yyyy hh:mm:ss
            # 2. yyyy-mm-dd hh:mm:ss
            # e.g 2024-12-20 10:00:00
            start_date_time: <str>

            # End date and time of lifetime of the secret. End date should be greater than start date.
            # Formats supported:
            # 1. mm/dd/yyyy hh:mm:ss
            # 2. yyyy-mm-dd hh:mm:ss
            # e.g 2024-12-20 10:00:00
            end_date_time: <str>

          # Configuring secret using the local timezone from system clock. Default is UTC.
          local_time: <bool>

Management SSH

Variable Type Required Default Value Restrictions Description
management_ssh Dictionary
  access_groups List, items: Dictionary
    - name String Standard ACL Name.
      vrf String VRF Name.
  ipv6_access_groups List, items: Dictionary
    - name String Standard ACL Name.
      vrf String VRF Name.
  idle_timeout Integer Min: 0
Max: 86400
Idle timeout in minutes.
  cipher List, items: String Cryptographic ciphers for SSH to use.
    - <str> String
  key_exchange List, items: String Cryptographic key exchange methods for SSH to use.
    - <str> String
  mac List, items: String Cryptographic MAC algorithms for SSH to use.
    - <str> String
  fips_restrictions Boolean Use FIPS compliant algorithms.
  hostkey Dictionary
    server List, items: String SSH host key settings.
      - <str> String
    server_cert String Configure switch’s hostkey cert file.
    client_strict_checking Boolean Enforce strict host key checking.
  enable Boolean Enable SSH daemon.
  connection Dictionary
    limit Integer Min: 1
Max: 100
Maximum total number of SSH sessions to device.
    per_host Integer Min: 1
Max: 20
Maximum number of SSH sessions to device from a single host.
  vrfs List, items: Dictionary
    - name String Required, Unique VRF Name.
      enable Boolean Enable SSH in VRF.
  log_level String SSH daemon log level.
  client_alive Dictionary
    count_max Integer Min: 1
Max: 1000
Number of keep-alive packets that can be sent without a response before the connection is assumed dead.
    interval Integer Min: 1
Max: 1000
Time period (in seconds) to send SSH keep-alive packets.
management_ssh:
  access_groups:

      # Standard ACL Name.
    - name: <str>

      # VRF Name.
      vrf: <str>
  ipv6_access_groups:

      # Standard ACL Name.
    - name: <str>

      # VRF Name.
      vrf: <str>

  # Idle timeout in minutes.
  idle_timeout: <int; 0-86400>

  # Cryptographic ciphers for SSH to use.
  cipher:
    - <str>

  # Cryptographic key exchange methods for SSH to use.
  key_exchange:
    - <str>

  # Cryptographic MAC algorithms for SSH to use.
  mac:
    - <str>

  # Use FIPS compliant algorithms.
  fips_restrictions: <bool>
  hostkey:

    # SSH host key settings.
    server:
      - <str>

    # Configure switch's hostkey cert file.
    server_cert: <str>

    # Enforce strict host key checking.
    client_strict_checking: <bool>

  # Enable SSH daemon.
  enable: <bool>
  connection:

    # Maximum total number of SSH sessions to device.
    limit: <int; 1-100>

    # Maximum number of SSH sessions to device from a single host.
    per_host: <int; 1-20>
  vrfs:

      # VRF Name.
    - name: <str; required; unique>

      # Enable SSH in VRF.
      enable: <bool>

  # SSH daemon log level.
  log_level: <str>
  client_alive:

    # Number of keep-alive packets that can be sent without a response before the connection is assumed dead.
    count_max: <int; 1-1000>

    # Time period (in seconds) to send SSH keep-alive packets.
    interval: <int; 1-1000>

Management tech-support

Variable Type Required Default Value Restrictions Description
management_tech_support Dictionary
  policy_show_tech_support Dictionary
    exclude_commands List, items: Dictionary
      - command String Command to exclude from tech-support.
        type String text Valid Values:
- text
- json
The supported values for type are platform dependent.
    include_commands List, items: Dictionary
      - command String Command to include in tech-support.
management_tech_support:
  policy_show_tech_support:
    exclude_commands:

        # Command to exclude from tech-support.
      - command: <str>

        # The supported values for type are platform dependent.
        type: <str; "text" | "json"; default="text">
    include_commands:

        # Command to include in tech-support.
      - command: <str>

Name server

Variable Type Required Default Value Restrictions Description
name_server deprecated Dictionary This key is deprecated. Support will be removed in AVD version v5.0.0. Use ip_name_servers instead.
  source Dictionary
    vrf String VRF Name.
  nodes List, items: String
    - <str> String
# This key is deprecated.
# Support will be removed in AVD version v5.0.0.
# Use <samp>ip_name_servers</samp> instead.
name_server:
  source:

    # VRF Name.
    vrf: <str>
  nodes:
    - <str>

NTP

Variable Type Required Default Value Restrictions Description
ntp Dictionary
  local_interface Dictionary
    name String Source interface.
    vrf String VRF name.
  servers List, items: Dictionary
    - name String IP or hostname e.g., 2.2.2.55, 2001:db8::55, ie.pool.ntp.org.
      burst Boolean
      iburst Boolean
      key Integer Min: 1
Max: 65535
      local_interface String Source interface.
      maxpoll Integer Min: 3
Max: 17
Value of maxpoll between 3 - 17 (Logarithmic).
      minpoll Integer Min: 3
Max: 17
Value of minpoll between 3 - 17 (Logarithmic).
      preferred Boolean
      version Integer Min: 1
Max: 4
      vrf String VRF name.
  authenticate Boolean
  authenticate_servers_only Boolean
  authentication_keys List, items: Dictionary
    - id Integer Required, Unique Min: 1
Max: 65534
Key identifier.
      hash_algorithm String Valid Values:
- md5
- sha1
      key String Obfuscated key.
      key_type String Valid Values:
- 0
- 7
- 8a
  trusted_keys String List of trusted-keys as string ex. 10-12,15.
ntp:
  local_interface:

    # Source interface.
    name: <str>

    # VRF name.
    vrf: <str>
  servers:

      # IP or hostname e.g., 2.2.2.55, 2001:db8::55, ie.pool.ntp.org.
    - name: <str>
      burst: <bool>
      iburst: <bool>
      key: <int; 1-65535>

      # Source interface.
      local_interface: <str>

      # Value of maxpoll between 3 - 17 (Logarithmic).
      maxpoll: <int; 3-17>

      # Value of minpoll between 3 - 17 (Logarithmic).
      minpoll: <int; 3-17>
      preferred: <bool>
      version: <int; 1-4>

      # VRF name.
      vrf: <str>
  authenticate: <bool>
  authenticate_servers_only: <bool>
  authentication_keys:

      # Key identifier.
    - id: <int; 1-65534; required; unique>
      hash_algorithm: <str; "md5" | "sha1">

      # Obfuscated key.
      key: <str>
      key_type: <str; "0" | "7" | "8a">

  # List of trusted-keys as string ex. 10-12,15.
  trusted_keys: <str>

Prompt

Variable Type Required Default Value Restrictions Description
prompt String
prompt: <str>

Terminal

Variable Type Required Default Value Restrictions Description
terminal Dictionary
  length Integer Min: 0
Max: 32767
  width Integer Min: 10
Max: 32767
terminal:
  length: <int; 0-32767>
  width: <int; 10-32767>

Virtual source NAT VRFs

Variable Type Required Default Value Restrictions Description
virtual_source_nat_vrfs List, items: Dictionary
  - name String Required, Unique VRF Name.
    ip_address String IPv4 Address.
virtual_source_nat_vrfs:

    # VRF Name.
  - name: <str; required; unique>

    # IPv4 Address.
    ip_address: <str>

Miscellaneous

Config comment

Variable Type Required Default Value Restrictions Description
config_comment String Add a comment to provide information about the configuration.
This comment will be rendered at the top of the generated configuration.
# Add a comment to provide information about the configuration.
# This comment will be rendered at the top of the generated configuration.
config_comment: <str>

CVX

Variable Type Required Default Value Restrictions Description
cvx Dictionary CVX server features are not supported on physical switches. See management_cvx for client configurations.
  shutdown Boolean
  peer_hosts List, items: String
    - <str> String IP address or hostname.
  services Dictionary
    mcs Dictionary
      redis Dictionary
        password String Hashed password using the password_type.
        password_type String 7 Valid Values:
- 0
- 7
- 8a
      shutdown Boolean
    vxlan Dictionary VXLAN Controller service.
      shutdown Boolean
      vtep_mac_learning String Valid Values:
- control-plane
- data-plane
# CVX server features are not supported on physical switches. See `management_cvx` for client configurations.
cvx:
  shutdown: <bool>
  peer_hosts:

      # IP address or hostname.
    - <str>
  services:
    mcs:
      redis:

        # Hashed password using the password_type.
        password: <str>
        password_type: <str; "0" | "7" | "8a"; default="7">
      shutdown: <bool>

    # VXLAN Controller service.
    vxlan:
      shutdown: <bool>
      vtep_mac_learning: <str; "control-plane" | "data-plane">

EOS cli

Variable Type Required Default Value Restrictions Description
eos_cli String Multiline string with EOS CLI rendered directly on the root level of the final EOS configuration.
# Multiline string with EOS CLI rendered directly on the root level of the final EOS configuration.
eos_cli: <str>

Is deployed

Variable Type Required Default Value Restrictions Description
is_deployed Boolean True Key only used for documentation or validation purposes.
# Key only used for documentation or validation purposes.
is_deployed: <bool; default=True>

Management CVX

Variable Type Required Default Value Restrictions Description
management_cvx Dictionary
  shutdown Boolean
  server_hosts List, items: String
    - <str> String IP or hostname.
  source_interface String Interface name.
  vrf String VRF Name.
management_cvx:
  shutdown: <bool>
  server_hosts:

      # IP or hostname.
    - <str>

  # Interface name.
  source_interface: <str>

  # VRF Name.
  vrf: <str>

MCS client

Variable Type Required Default Value Restrictions Description
mcs_client Dictionary
  shutdown Boolean
  cvx_secondary Dictionary
    name String
    shutdown Boolean
    server_hosts List, items: String
      - <str> String IP or hostname.
mcs_client:
  shutdown: <bool>
  cvx_secondary:
    name: <str>
    shutdown: <bool>
    server_hosts:

        # IP or hostname.
      - <str>

Monitoring

Daemons

Variable Type Required Default Value Restrictions Description
daemons List, items: Dictionary This will add a daemon to the eos configuration that is most useful when trying to run OpenConfig clients like ocprometheus.
  - name String Required, Unique Daemon Name.
    exec String Required command to run as a daemon.
    enabled Boolean True
# This will add a daemon to the eos configuration that is most useful when trying to run OpenConfig clients like ocprometheus.
daemons:

    # Daemon Name.
  - name: <str; required; unique>

    # command to run as a daemon.
    exec: <str; required>
    enabled: <bool; default=True>

Daemon terminattr

Variable Type Required Default Value Restrictions Description
daemon_terminattr Dictionary You can either provide a list of IPs/FQDNs to target on-premise Cloudvision cluster or use DNS name for your Cloudvision as a Service instance.
Streaming to multiple clusters both on-prem and cloud service is supported.

!!! note
For TerminAttr version recommendation and EOS compatibility matrix, please refer to the latest TerminAttr Release Notes
which always contain the latest recommended versions and minimum required versions per EOS release.
  cvaddrs List, items: String Streaming address(es) for CloudVision single cluster.
- TCP 9910 is used for CV on-prem
- TCP 443 is used for CV as a Service
    - <str> String Server address in the format <ip/fqdn>:<port>.
  clusters List, items: Dictionary Multiple CloudVision clusters.
    - name String Required, Unique Cluster Name.
      cvaddrs List, items: String Streaming address(es) for CloudVision cluster.
- TCP 9910 is used for CV on-prem
- TCP 443 is used for CV as a Service
        - <str> String Server address in the format <ip/fqdn>:<port>.
      cvauth Dictionary Authentication scheme used to connect to CloudVision.
        method String Valid Values:
- token
- token-secure
- key
- certs
        key String
        token_file String Token file path.
e.g. “/tmp/token”
        cert_file String Client certificate file path.
e.g. “/persist/secure/ssl/terminattr/primary/certs/client.crt”
        ca_file String CA certificate file path (on-prem only).
e.g. “/persist/secure/ssl/terminattr/primary/certs/ca.crt”
        key_file String Client certificate key file path.
e.g. “/persist/secure/ssl/terminattr/primary/keys/client.key”
      cvobscurekeyfile Boolean Encrypt the private key used for authentication to CloudVision.
      cvproxy String Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
The expected form is http://[user:password@]ip:port, e.g.: http://arista:arista@10.83.12.78:3128. Available as of TerminAttr v1.13.0.
      cvsourceip String Set source IP address in case of in-band management.
      cvsourceintf String Set source interface in case of in-band management. Available as of TerminAttr v1.23.0.
The interface name is case sensitive and has to match the interface name in the running-config, e.g.:Vlan100.
      cvvrf String The VRF to use to connect to CloudVision.
  cvauth Dictionary Authentication scheme used to connect to CloudVision.
    method String Valid Values:
- token
- token-secure
- key
- certs
    key String
    token_file String Token file path.
e.g. “/tmp/token”
    cert_file String Client certificate file path.
e.g. “/persist/secure/ssl/terminattr/primary/certs/client.crt”
    ca_file String CA certificate file path (on-prem only).
e.g. “/persist/secure/ssl/terminattr/primary/certs/ca.crt”
    key_file String Client certificate key file path.
e.g. “/persist/secure/ssl/terminattr/primary/keys/client.key”
  cvobscurekeyfile Boolean Encrypt the private key used for authentication to CloudVision.
  cvproxy String Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
The expected form is http://[user:password@]ip:port, e.g.: http://arista:arista@10.83.12.78:3128. Available as of TerminAttr v1.13.0.
  cvsourceip String Set source IP address in case of in-band management.
  cvsourceintf String Set source interface in case of in-band management.
The interface name is case sensitive and has to match the interface name in the running-config, e.g.:Vlan100.
  cvvrf String The VRF to use to connect to CloudVision.
  cvgnmi Boolean Stream states from EOS gNMI servers (Openconfig) to CloudVision. Available as of TerminAttr v1.13.1.
  disable_aaa Boolean Disable AAA authorization and accounting.
When setting this flag, all commands pushed from CloudVision are applied directly to the CLI without authorization.
  grpcaddr String Set the gRPC server address, the default is 127.0.0.1:6042.
e.g. “MGMT/0.0.0.0:6042”
  grpcreadonly Boolean gNMI read-only mode - Disable gnmi.Set().
  ingestexclude String Exclude paths from Sysdb on the ingest side.
e.g. “/Sysdb/cell/1/agent,/Sysdb/cell/2/agent”
  smashexcludes String Exclude paths from the shared memory table.
e.g. “ale,flexCounter,hardware,kni,pulse,strata”
  taillogs String Enable log file collection; /var/log/messages is streamed by default if no path is set.
e.g. “/var/log/messages”
  ecodhcpaddr String ECO DHCP Collector address or ECO DHCP Fingerprint listening address in standalone mode (default “127.0.0.1:67”).
  ipfix Boolean Enable IPFIX provider (TerminAttr default is true).
This flag is enabled by default and does not have to be added to the daemon configuration.
  ipfixaddr String ECO IPFIX Collector address to listen on to receive IPFIX packets (TerminAttr default “127.0.0.1:4739”).
  sflow Boolean Enable sFlow provider (TerminAttr default is true).
  sflowaddr String ECO sFlow Collector address to listen on to receive sFlow packets (TerminAttr default “127.0.0.1:6343”).
  cvconfig Boolean Subscribe to dynamic device configuration from CloudVision (TerminAttr default is false).
  cvcompression deprecated String The default compression scheme when streaming to CloudVision is gzip since TerminAttr 1.6.1 and CVP 2019.1.0.
There is no need to change the compression scheme.
This key is deprecated. Support will be removed in AVD version v5.0.0.
# You can either provide a list of IPs/FQDNs to target on-premise Cloudvision cluster or use DNS name for your Cloudvision as a Service instance.
# Streaming to multiple clusters both on-prem and cloud service is supported.
#
# !!! note
#     For TerminAttr version recommendation and EOS compatibility matrix, please refer to the latest TerminAttr Release Notes
#     which always contain the latest recommended versions and minimum required versions per EOS release.
daemon_terminattr:

  # Streaming address(es) for CloudVision single cluster.
  # - TCP 9910 is used for CV on-prem
  # - TCP 443 is used for CV as a Service
  cvaddrs:

      # Server address in the format `<ip/fqdn>:<port>`.
    - <str>

  # Multiple CloudVision clusters.
  clusters:

      # Cluster Name.
    - name: <str; required; unique>

      # Streaming address(es) for CloudVision cluster.
      # - TCP 9910 is used for CV on-prem
      # - TCP 443 is used for CV as a Service
      cvaddrs:

          # Server address in the format `<ip/fqdn>:<port>`.
        - <str>

      # Authentication scheme used to connect to CloudVision.
      cvauth:
        method: <str; "token" | "token-secure" | "key" | "certs">
        key: <str>

        # Token file path.
        # e.g. "/tmp/token"
        token_file: <str>

        # Client certificate file path.
        # e.g. "/persist/secure/ssl/terminattr/primary/certs/client.crt"
        cert_file: <str>

        # CA certificate file path (on-prem only).
        # e.g. "/persist/secure/ssl/terminattr/primary/certs/ca.crt"
        ca_file: <str>

        # Client certificate key file path.
        # e.g. "/persist/secure/ssl/terminattr/primary/keys/client.key"
        key_file: <str>

      # Encrypt the private key used for authentication to CloudVision.
      cvobscurekeyfile: <bool>

      # Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
      # The expected form is http://[user:password@]ip:port, e.g.: `http://arista:arista@10.83.12.78:3128`. Available as of TerminAttr v1.13.0.
      cvproxy: <str>

      # Set source IP address in case of in-band management.
      cvsourceip: <str>

      # Set source interface in case of in-band management. Available as of TerminAttr v1.23.0.
      # The interface name is case sensitive and has to match the interface name in the running-config, e.g.:Vlan100.
      cvsourceintf: <str>

      # The VRF to use to connect to CloudVision.
      cvvrf: <str>

  # Authentication scheme used to connect to CloudVision.
  cvauth:
    method: <str; "token" | "token-secure" | "key" | "certs">
    key: <str>

    # Token file path.
    # e.g. "/tmp/token"
    token_file: <str>

    # Client certificate file path.
    # e.g. "/persist/secure/ssl/terminattr/primary/certs/client.crt"
    cert_file: <str>

    # CA certificate file path (on-prem only).
    # e.g. "/persist/secure/ssl/terminattr/primary/certs/ca.crt"
    ca_file: <str>

    # Client certificate key file path.
    # e.g. "/persist/secure/ssl/terminattr/primary/keys/client.key"
    key_file: <str>

  # Encrypt the private key used for authentication to CloudVision.
  cvobscurekeyfile: <bool>

  # Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
  # The expected form is http://[user:password@]ip:port, e.g.: `http://arista:arista@10.83.12.78:3128`. Available as of TerminAttr v1.13.0.
  cvproxy: <str>

  # Set source IP address in case of in-band management.
  cvsourceip: <str>

  # Set source interface in case of in-band management.
  # The interface name is case sensitive and has to match the interface name in the running-config, e.g.:Vlan100.
  cvsourceintf: <str>

  # The VRF to use to connect to CloudVision.
  cvvrf: <str>

  # Stream states from EOS gNMI servers (Openconfig) to CloudVision. Available as of TerminAttr v1.13.1.
  cvgnmi: <bool>

  # Disable AAA authorization and accounting.
  # When setting this flag, all commands pushed from CloudVision are applied directly to the CLI without authorization.
  disable_aaa: <bool>

  # Set the gRPC server address, the default is 127.0.0.1:6042.
  # e.g. "MGMT/0.0.0.0:6042"
  grpcaddr: <str>

  # gNMI read-only mode - Disable gnmi.Set().
  grpcreadonly: <bool>

  # Exclude paths from Sysdb on the ingest side.
  # e.g. "/Sysdb/cell/1/agent,/Sysdb/cell/2/agent"
  ingestexclude: <str>

  # Exclude paths from the shared memory table.
  # e.g. "ale,flexCounter,hardware,kni,pulse,strata"
  smashexcludes: <str>

  # Enable log file collection; /var/log/messages is streamed by default if no path is set.
  # e.g. "/var/log/messages"
  taillogs: <str>

  # ECO DHCP Collector address or ECO DHCP Fingerprint listening address in standalone mode (default "127.0.0.1:67").
  ecodhcpaddr: <str>

  # Enable IPFIX provider (TerminAttr default is true).
  # This flag is enabled by default and does not have to be added to the daemon configuration.
  ipfix: <bool>

  # ECO IPFIX Collector address to listen on to receive IPFIX packets (TerminAttr default "127.0.0.1:4739").
  ipfixaddr: <str>

  # Enable sFlow provider (TerminAttr default is true).
  sflow: <bool>

  # ECO sFlow Collector address to listen on to receive sFlow packets (TerminAttr default "127.0.0.1:6343").
  sflowaddr: <str>

  # Subscribe to dynamic device configuration from CloudVision (TerminAttr default is false).
  cvconfig: <bool>

  # The default compression scheme when streaming to CloudVision is gzip since TerminAttr 1.6.1 and CVP 2019.1.0.
  # There is no need to change the compression scheme.
  # This key is deprecated.
  # Support will be removed in AVD version v5.0.0.
  cvcompression: <str>

Event handlers

Variable Type Required Default Value Restrictions Description
event_handlers List, items: Dictionary Gives the ability to monitor and react to Syslog messages.
Event Handlers provide a powerful and flexible tool that can be used to apply self-healing actions,
customize the system behavior, and implement workarounds to problems discovered in the field.
  - name String Required, Unique Event Handler Name.
    action_type deprecated String Valid Values:
- bash
- increment
- log
This key is deprecated. Support will be removed in AVD version 5.0.0. Use event_handlers.actions instead.
    action deprecated String Command to execute.
This key is deprecated. Support will be removed in AVD version 5.0.0. Use event_handlers.actions instead.
    actions Dictionary Note: bash_command and log are mutually exclusive. bash_command takes precedence over log.
      bash_command String Define BASH command action. Command could be multiline also.
      log Boolean Log a message when the event is triggered.
      increment_device_health_metric String Name of device-health metric.
    delay Integer Event-handler delay in seconds.
    trigger String Valid Values:
- on-boot
- on-counters
- on-intf
- on-logging
- on-maintenance
- on-startup-config
- vm-tracer vm
Configure event trigger condition.
    trigger_on_counters Dictionary
      condition String Set the logical expression to evaluate.
      granularity_per_source Boolean Set the granularity of event counting for a wildcarded condition.
Example -
condition ( Arad*.IptCrcErrCnt.delta > 100 ) and ( Arad*.UcFifoFullDrop.delta > 100 )
[* wildcard is used here]
      poll_interval Integer Min: 1
Max: 1000000
Set the polling interval in seconds.
    trigger_on_logging Dictionary
      poll_interval Integer Min: 1
Max: 1000000
Set the polling interval in seconds.
      regex String Regular expression to use for searching log messages.
    trigger_on_intf Dictionary Trigger condition occurs on specified interface changes.
Note: Any one of the ip, ipv6 and operstatus key needs to be defined along with the interface.
      interface String Required Interface name.
Example - Ethernet4
Loopback4-6
Port-channel4,7
      ip Boolean Action is triggered upon changes to interface IP address assignment.
      ipv6 Boolean Action is triggered upon changes to interface ipv6 address assignment.
      operstatus Boolean Action is triggered upon changes to interface operStatus.
    trigger_on_maintenance Dictionary Settings required for trigger ‘on-maintenance’.
      operation String Required Valid Values:
- enter
- exit
      bgp_peer String Ipv4/Ipv6 address or peer group name.
Trigger condition occurs on maintenance operation of specified BGP peer.
      action String Required Valid Values:
- after
- before
- all
- begin
- end
Action for maintenance operation.
      stage String Valid Values:
- bgp
- linkdown
- mlag
- ratemon
Action is triggered after/before specified stage.
      vrf String VRF name. VRF can be defined for “bgp_peer” only.
      interface String Trigger condition occurs on maintenance operation of specified interface.
      unit String Name of unit. Trigger condition occurs on maintenance operation of specified unit
    regex deprecated String Regular expression to use for searching log messages. Required for on-logging trigger.
This key is deprecated. Support will be removed in AVD version 5.0.0. Use event_handlers.trigger_on_logging.regex instead.
    asynchronous Boolean False Set the action to be non-blocking.
# Gives the ability to monitor and react to Syslog messages.
# Event Handlers provide a powerful and flexible tool that can be used to apply self-healing actions,
# customize the system behavior, and implement workarounds to problems discovered in the field.
event_handlers:

    # Event Handler Name.
  - name: <str; required; unique>
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>event_handlers.actions</samp> instead.
    action_type: <str; "bash" | "increment" | "log">

    # Command to execute.
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>event_handlers.actions</samp> instead.
    action: <str>

    # Note: `bash_command` and `log` are mutually exclusive. `bash_command` takes precedence over `log`.
    actions:

      # Define BASH command action. Command could be multiline also.
      bash_command: <str>

      # Log a message when the event is triggered.
      log: <bool>

      # Name of device-health metric.
      increment_device_health_metric: <str>

    # Event-handler delay in seconds.
    delay: <int>

    # Configure event trigger condition.
    trigger: <str; "on-boot" | "on-counters" | "on-intf" | "on-logging" | "on-maintenance" | "on-startup-config" | "vm-tracer vm">
    trigger_on_counters:

      # Set the logical expression to evaluate.
      condition: <str>

      # Set the granularity of event counting for a wildcarded condition.
      # Example -
      #   condition ( Arad*.IptCrcErrCnt.delta > 100 ) and ( Arad*.UcFifoFullDrop.delta > 100 )
      #   [* wildcard is used here]
      granularity_per_source: <bool>

      # Set the polling interval in seconds.
      poll_interval: <int; 1-1000000>
    trigger_on_logging:

      # Set the polling interval in seconds.
      poll_interval: <int; 1-1000000>

      # Regular expression to use for searching log messages.
      regex: <str>

    # Trigger condition occurs on specified interface changes.
    # Note: Any one of the `ip`, `ipv6` and `operstatus` key needs to be defined along with the `interface`.
    trigger_on_intf:

      # Interface name.
      # Example - Ethernet4
      #           Loopback4-6
      #           Port-channel4,7
      interface: <str; required>

      # Action is triggered upon changes to interface IP address assignment.
      ip: <bool>

      # Action is triggered upon changes to interface ipv6 address assignment.
      ipv6: <bool>

      # Action is triggered upon changes to interface operStatus.
      operstatus: <bool>

    # Settings required for trigger 'on-maintenance'.
    trigger_on_maintenance:
      operation: <str; "enter" | "exit"; required>

      # Ipv4/Ipv6 address or peer group name.
      # Trigger condition occurs on maintenance operation of specified BGP peer.
      bgp_peer: <str>

      # Action for maintenance operation.
      action: <str; "after" | "before" | "all" | "begin" | "end"; required>

      # Action is triggered after/before specified stage.
      stage: <str; "bgp" | "linkdown" | "mlag" | "ratemon">

      # VRF name. VRF can be defined for "bgp_peer" only.
      vrf: <str>

      # Trigger condition occurs on maintenance operation of specified interface.
      interface: <str>

      # Name of unit. Trigger condition occurs on maintenance operation of specified unit
      unit: <str>

    # Regular expression to use for searching log messages. Required for on-logging trigger.
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>event_handlers.trigger_on_logging.regex</samp> instead.
    regex: <str>

    # Set the action to be non-blocking.
    asynchronous: <bool; default=False>

Event monitor

Variable Type Required Default Value Restrictions Description
event_monitor Dictionary
  enabled Boolean
event_monitor:
  enabled: <bool>

Flow tracking

Variable Type Required Default Value Restrictions Description
flow_tracking Dictionary
  sampled Dictionary
    encapsulation Dictionary
      ipv4_ipv6 Boolean
      mpls Boolean
    sample Integer Min: 1
Max: 4294967295
    hardware_offload Dictionary
      ipv4 Boolean Configure hardware offload for IPv4 traffic.
      ipv6 Boolean Configure hardware offload for IPv6 traffic.
      threshold_minimum Integer Min: 1
Max: 4294967295
Minimum number of samples.
    trackers List, items: Dictionary
      - table_size Integer Min: 1
Max: 614400
Maximum number of entries in flow table.
        record_export Dictionary
          mpls Boolean Export MPLS forwarding information.
          on_inactive_timeout Integer Min: 3000
Max: 900000
Flow record inactive export timeout in milliseconds.
          on_interval Integer Min: 1000
Max: 36000000
Flow record export interval in milliseconds.
        name String Required, Unique Tracker Name.
        exporters List, items: Dictionary
          - name String Required, Unique Exporter Name.
            collector Dictionary
              host String Collector IPv4 address or IPv6 address or fully qualified domain name.
              port Integer Min: 1
Max: 65535
Collector Port Number.
            format Dictionary
              ipfix_version Integer
            local_interface String Local Source Interface.
            template_interval Integer Min: 5000
Max: 3600000
Template interval in milliseconds.
    shutdown Boolean False
  hardware Dictionary
    record Dictionary
      format_ipfix_standard_timestamps_counters Boolean Enable software export of IPFIX data records.
    trackers List, items: Dictionary
      - name String Required, Unique Tracker Name.
        record_export Dictionary
          on_inactive_timeout Integer Min: 3000
Max: 900000
Flow record inactive export timeout in milliseconds.
          on_interval Integer Min: 1000
Max: 36000000
Flow record export interval in milliseconds.
        exporters List, items: Dictionary
          - name String Required, Unique Exporter Name.
            collector Dictionary
              host String Collector IPv4 address or IPv6 address or fully qualified domain name.
              port Integer Min: 1
Max: 65535
Collector Port Number.
            format Dictionary
              ipfix_version Integer
            local_interface String Local Source Interface.
            template_interval Integer Min: 5000
Max: 3600000
Template interval in milliseconds.
    shutdown Boolean False
flow_trackings deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version v5.0.0. Use flow_tracking instead.
  - type String Required, Unique Valid Values:
- sampled
Flow Tracking Type - only ‘sampled’ supported for now.
    sample Integer Min: 1
Max: 4294967295
    trackers List, items: Dictionary
      - name String Required, Unique Tracker Name.
        record_export Dictionary
          on_inactive_timeout Integer Min: 3000
Max: 900000
Flow record inactive export timeout in milliseconds.
          on_interval Integer Min: 1000
Max: 36000000
Flow record export interval in milliseconds.
          mpls Boolean Export MPLS forwarding information.
        exporters List, items: Dictionary
          - name String Required, Unique Exporter Name.
            collector Dictionary
              host String Collector IPv4 address or IPv6 address or fully qualified domain name.
              port Integer Min: 1
Max: 65535
Collector Port Number.
            format Dictionary
              ipfix_version Integer
            local_interface String Local Source Interface.
            template_interval Integer Min: 5000
Max: 3600000
Template interval in milliseconds.
        table_size Integer Min: 1
Max: 614400
Maximum number of entries in flow table.
    shutdown Boolean False
flow_tracking:
  sampled:
    encapsulation:
      ipv4_ipv6: <bool>
      mpls: <bool>
    sample: <int; 1-4294967295>
    hardware_offload:

      # Configure hardware offload for IPv4 traffic.
      ipv4: <bool>

      # Configure hardware offload for IPv6 traffic.
      ipv6: <bool>

      # Minimum number of samples.
      threshold_minimum: <int; 1-4294967295>
    trackers:

        # Maximum number of entries in flow table.
      - table_size: <int; 1-614400>
        record_export:

          # Export MPLS forwarding information.
          mpls: <bool>

          # Flow record inactive export timeout in milliseconds.
          on_inactive_timeout: <int; 3000-900000>

          # Flow record export interval in milliseconds.
          on_interval: <int; 1000-36000000>

        # Tracker Name.
        name: <str; required; unique>
        exporters:

            # Exporter Name.
          - name: <str; required; unique>
            collector:

              # Collector IPv4 address or IPv6 address or fully qualified domain name.
              host: <str>

              # Collector Port Number.
              port: <int; 1-65535>
            format:
              ipfix_version: <int>

            # Local Source Interface.
            local_interface: <str>

            # Template interval in milliseconds.
            template_interval: <int; 5000-3600000>
    shutdown: <bool; default=False>
  hardware:
    record:

      # Enable software export of IPFIX data records.
      format_ipfix_standard_timestamps_counters: <bool>
    trackers:

        # Tracker Name.
      - name: <str; required; unique>
        record_export:

          # Flow record inactive export timeout in milliseconds.
          on_inactive_timeout: <int; 3000-900000>

          # Flow record export interval in milliseconds.
          on_interval: <int; 1000-36000000>
        exporters:

            # Exporter Name.
          - name: <str; required; unique>
            collector:

              # Collector IPv4 address or IPv6 address or fully qualified domain name.
              host: <str>

              # Collector Port Number.
              port: <int; 1-65535>
            format:
              ipfix_version: <int>

            # Local Source Interface.
            local_interface: <str>

            # Template interval in milliseconds.
            template_interval: <int; 5000-3600000>
    shutdown: <bool; default=False>
# This key is deprecated.
# Support will be removed in AVD version v5.0.0.
# Use <samp>flow_tracking</samp> instead.
flow_trackings:

    # Flow Tracking Type - only 'sampled' supported for now.
  - type: <str; "sampled"; required; unique>
    sample: <int; 1-4294967295>
    trackers:

        # Tracker Name.
      - name: <str; required; unique>
        record_export:

          # Flow record inactive export timeout in milliseconds.
          on_inactive_timeout: <int; 3000-900000>

          # Flow record export interval in milliseconds.
          on_interval: <int; 1000-36000000>

          # Export MPLS forwarding information.
          mpls: <bool>
        exporters:

            # Exporter Name.
          - name: <str; required; unique>
            collector:

              # Collector IPv4 address or IPv6 address or fully qualified domain name.
              host: <str>

              # Collector Port Number.
              port: <int; 1-65535>
            format:
              ipfix_version: <int>

            # Local Source Interface.
            local_interface: <str>

            # Template interval in milliseconds.
            template_interval: <int; 5000-3600000>

        # Maximum number of entries in flow table.
        table_size: <int; 1-614400>
    shutdown: <bool; default=False>

Load interval

Variable Type Required Default Value Restrictions Description
load_interval Dictionary
  default Integer Default load interval in seconds.
load_interval:

  # Default load interval in seconds.
  default: <int>

Logging

Variable Type Required Default Value Restrictions Description
logging Dictionary
  console String Valid Values:
- debugging
- informational
- notifications
- warnings
- errors
- critical
- alerts
- emergencies
- disabled
Console logging severity level.
  monitor String Valid Values:
- debugging
- informational
- notifications
- warnings
- errors
- critical
- alerts
- emergencies
- disabled
Monitor logging severity level.
  buffered Dictionary
    size Integer Min: 10
Max: 2147483647
    level String Valid Values:
- alerts
- critical
- debugging
- emergencies
- errors
- informational
- notifications
- warnings
- disabled
Buffer logging severity level.
  trap String Valid Values:
- alerts
- critical
- debugging
- emergencies
- errors
- informational
- notifications
- system
- warnings
- disabled
Trap logging severity level.
  synchronous Dictionary
    level String critical Valid Values:
- alerts
- all
- critical
- debugging
- emergencies
- errors
- informational
- notifications
- warnings
- disabled
Synchronous logging severity level.
  format Dictionary
    timestamp String Valid Values:
- high-resolution
- traditional
- traditional timezone
- traditional year
- traditional timezone year
- traditional year timezone
Timestamp format.
    hostname String Valid Values:
- fqdn
- ipv4
Hostname format in syslogs. For hostname only, remove the line. (default EOS CLI behaviour).
    sequence_numbers Boolean Add sequence numbers to log messages.
    rfc5424 Boolean Forward logs in RFC5424 format.
  facility String Valid Values:
- auth
- cron
- daemon
- kern
- local0
- local1
- local2
- local3
- local4
- local5
- local6
- local7
- lpr
- mail
- news
- sys9
- sys10
- sys11
- sys12
- sys13
- sys14
- syslog
- user
- uucp
  source_interface String Source Interface Name.
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name.
      source_interface String Source interface name.
      hosts List, items: Dictionary
        - name String Required, Unique Syslog server name.
          protocol String udp Valid Values:
- tcp
- udp
          ports List, items: Integer
            - <int> Integer
  policy Dictionary
    match Dictionary
      match_lists List, items: Dictionary
        - name String Required, Unique Match list.
          action String Valid Values:
- discard
  event Dictionary
    storm_control Dictionary
      discards Dictionary
        global Boolean
        interval Integer Min: 10
Max: 65535
Logging interval in seconds.
  level List, items: Dictionary Configure logging severity.
    - facility String Required, Unique
      severity String Valid Values:
- alerts
- critical
- debugging
- emergencies
- errors
- informational
- notifications
- warnings
- 0
- 1
- 2
- 3
- 4
- 5
- 6
- 7
Severity of facility. Below are the supported severites.
emergencies System is unusable (severity=0)
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
errors Error conditions (severity=3)
warnings Warning conditions (severity=4)
notifications Normal but significant conditions (severity=5)
informational Informational messages (severity=6)
debugging Debugging messages (severity=7)
<0-7> Severity level value
logging:

  # Console logging severity level.
  console: <str; "debugging" | "informational" | "notifications" | "warnings" | "errors" | "critical" | "alerts" | "emergencies" | "disabled">

  # Monitor logging severity level.
  monitor: <str; "debugging" | "informational" | "notifications" | "warnings" | "errors" | "critical" | "alerts" | "emergencies" | "disabled">
  buffered:
    size: <int; 10-2147483647>

    # Buffer logging severity level.
    level: <str; "alerts" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "warnings" | "disabled">

  # Trap logging severity level.
  trap: <str; "alerts" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "system" | "warnings" | "disabled">
  synchronous:

    # Synchronous logging severity level.
    level: <str; "alerts" | "all" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "warnings" | "disabled"; default="critical">
  format:

    # Timestamp format.
    timestamp: <str; "high-resolution" | "traditional" | "traditional timezone" | "traditional year" | "traditional timezone year" | "traditional year timezone">

    # Hostname format in syslogs. For hostname _only_, remove the line. (default EOS CLI behaviour).
    hostname: <str; "fqdn" | "ipv4">

    # Add sequence numbers to log messages.
    sequence_numbers: <bool>

    # Forward logs in RFC5424 format.
    rfc5424: <bool>
  facility: <str; "auth" | "cron" | "daemon" | "kern" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7" | "lpr" | "mail" | "news" | "sys9" | "sys10" | "sys11" | "sys12" | "sys13" | "sys14" | "syslog" | "user" | "uucp">

  # Source Interface Name.
  source_interface: <str>
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # Source interface name.
      source_interface: <str>
      hosts:

          # Syslog server name.
        - name: <str; required; unique>
          protocol: <str; "tcp" | "udp"; default="udp">
          ports:
            - <int>
  policy:
    match:
      match_lists:

          # Match list.
        - name: <str; required; unique>
          action: <str; "discard">
  event:
    storm_control:
      discards:
        global: <bool>

        # Logging interval in seconds.
        interval: <int; 10-65535>

  # Configure logging severity.
  level:
    - facility: <str; required; unique>

      # Severity of facility. Below are the supported severites.
      # emergencies    System is unusable                (severity=0)
      # alerts         Immediate action needed           (severity=1)
      # critical       Critical conditions               (severity=2)
      # errors         Error conditions                  (severity=3)
      # warnings       Warning conditions                (severity=4)
      # notifications  Normal but significant conditions (severity=5)
      # informational  Informational messages            (severity=6)
      # debugging      Debugging messages                (severity=7)
      # <0-7>          Severity level value
      severity: <str; "alerts" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "warnings" | "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7">

Management API gNMI

Variable Type Required Default Value Restrictions Description
management_api_gnmi Dictionary
  provider String eos-native
  transport Dictionary
    grpc List, items: Dictionary
      - name String Transport name.
        ssl_profile String SSL profile name.
        vrf String VRF name is optional.
        notification_timestamp String Valid Values:
- send-time
- last-change-time
Per the gNMI specification, the default timestamp field of a notification message is set to be
the time at which the value of the underlying data source changes or when the reported event takes place.
In order to facilitate integration in legacy environments oriented around polling style operations,
an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F.
        ip_access_group String ACL name.
        port Integer GNMI port.
Make sure to update the control-plane ACL accordingly in order for the service to be reachable by external applications.
    grpc_tunnels List, items: Dictionary
      - name String Required, Unique Transport name.
        shutdown Boolean Operational status of the gRPC tunnel.
        tunnel_ssl_profile String Tunnel SSL profile name.
        gnmi_ssl_profile String gNMI SSL profile name.
        vrf String VRF name.
        destination Dictionary
          address String Required IP address or hostname.
          port Integer Required Min: 1
Max: 65535
TCP Port.
        local_interface Dictionary
          name String Required Interface name.
          port Integer Required Min: 1
Max: 65535
TCP Port.
        target Dictionary
          use_serial_number Boolean Use serial number as the Target ID.
          target_ids List, items: String Target IDs as a list.
            - <str> String
  enable_vrfs deprecated List, items: Dictionary These should not be mixed with the new keys above.
This key is deprecated. Support will be removed in AVD version 5.0.0. Use transport.grpc instead.
    - name String Required, Unique VRF name.
      access_group String Standard IPv4 ACL name.
  octa deprecated Dictionary These should not be mixed with the new keys above.
Octa activates eos-native provider and it is the only provider currently supported by EOS.
This key is deprecated. Support will be removed in AVD version 5.0.0. Use provider instead.
management_api_gnmi:
  provider: <str; default="eos-native">
  transport:
    grpc:

        # Transport name.
      - name: <str>

        # SSL profile name.
        ssl_profile: <str>

        # VRF name is optional.
        vrf: <str>

        # Per the gNMI specification, the default timestamp field of a notification message is set to be
        # the time at which the value of the underlying data source changes or when the reported event takes place.
        # In order to facilitate integration in legacy environments oriented around polling style operations,
        # an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F.
        notification_timestamp: <str; "send-time" | "last-change-time">

        # ACL name.
        ip_access_group: <str>

        # GNMI port.
        # Make sure to update the control-plane ACL accordingly in order for the service to be reachable by external applications.
        port: <int>
    grpc_tunnels:

        # Transport name.
      - name: <str; required; unique>

        # Operational status of the gRPC tunnel.
        shutdown: <bool>

        # Tunnel SSL profile name.
        tunnel_ssl_profile: <str>

        # gNMI SSL profile name.
        gnmi_ssl_profile: <str>

        # VRF name.
        vrf: <str>
        destination:

          # IP address or hostname.
          address: <str; required>

          # TCP Port.
          port: <int; 1-65535; required>
        local_interface:

          # Interface name.
          name: <str; required>

          # TCP Port.
          port: <int; 1-65535; required>
        target:

          # Use serial number as the Target ID.
          use_serial_number: <bool>

          # Target IDs as a list.
          target_ids:
            - <str>

  # These should not be mixed with the new keys above.
  # This key is deprecated.
  # Support will be removed in AVD version 5.0.0.
  # Use <samp>transport.grpc</samp> instead.
  enable_vrfs:

      # VRF name.
    - name: <str; required; unique>

      # Standard IPv4 ACL name.
      access_group: <str>

  # These should not be mixed with the new keys above.
  # Octa activates `eos-native` provider and it is the only provider currently supported by EOS.
  # This key is deprecated.
  # Support will be removed in AVD version 5.0.0.
  # Use <samp>provider</samp> instead.
  octa: <dict>

Monitor connectivity

Variable Type Required Default Value Restrictions Description
monitor_connectivity Dictionary
  shutdown Boolean
  interval Integer
  interface_sets List, items: Dictionary
    - name String
      interfaces String Interface range(s) should be of same type, Ethernet, Loopback, Management etc.
Multiple interface ranges can be specified separated by “,”.
  local_interfaces String
  address_only Boolean True PREVIEW: This key is in preview.
When address-only is configured, the source IP of the packet is set to the interface
IP but the packet may exit the device via a different interface.
When set to false, the probe uses the interface to exit the device.
Not supported yet in EOS.
  hosts List, items: Dictionary
    - name String Host Name.
      description String
      ip String
      local_interfaces String
      address_only Boolean True PREVIEW: This key is in preview.
When address-only is configured, the source IP of the packet is set to the interface
IP but the packet may exit the device via a different interface.
When set to false, the probe uses the interface to exit the device.
Not supported yet in EOS.
      url String
  vrfs List, items: Dictionary
    - name String Required, Unique VRF Name.
      description String
      interface_sets List, items: Dictionary
        - name String
          interfaces String
      local_interfaces String
      address_only Boolean True PREVIEW: This key is in preview.
When address-only is configured, the source IP of the packet is set to the interface
IP but the packet may exit the device via a different interface.
When set to false, the probe uses the interface to exit the device.
Not supported yet in EOS.
      hosts List, items: Dictionary
        - name String Host name.
          description String
          ip String
          local_interfaces String
          address_only Boolean True PREVIEW: This key is in preview.
When address-only is configured, the source IP of the packet is set to the interface
IP but the packet may exit the device via a different interface.
When set to false, the probe uses the interface to exit the device.
Not supported yet in EOS.
          url String
monitor_connectivity:
  shutdown: <bool>
  interval: <int>
  interface_sets:
    - name: <str>

      # Interface range(s) should be of same type, Ethernet, Loopback, Management etc.
      # Multiple interface ranges can be specified separated by ",".
      interfaces: <str>
  local_interfaces: <str>

  # PREVIEW: This key is in preview.
  # When address-only is configured, the source IP of the packet is set to the interface
  # IP but the packet may exit the device via a different interface.
  # When set to `false`, the probe uses the interface to exit the device.
  # Not supported yet in EOS.
  address_only: <bool; default=True>
  hosts:

      # Host Name.
    - name: <str>
      description: <str>
      ip: <str>
      local_interfaces: <str>

      # PREVIEW: This key is in preview.
      # When address-only is configured, the source IP of the packet is set to the interface
      # IP but the packet may exit the device via a different interface.
      # When set to `false`, the probe uses the interface to exit the device.
      # Not supported yet in EOS.
      address_only: <bool; default=True>
      url: <str>
  vrfs:

      # VRF Name.
    - name: <str; required; unique>
      description: <str>
      interface_sets:
        - name: <str>
          interfaces: <str>
      local_interfaces: <str>

      # PREVIEW: This key is in preview.
      # When address-only is configured, the source IP of the packet is set to the interface
      # IP but the packet may exit the device via a different interface.
      # When set to `false`, the probe uses the interface to exit the device.
      # Not supported yet in EOS.
      address_only: <bool; default=True>
      hosts:

          # Host name.
        - name: <str>
          description: <str>
          ip: <str>
          local_interfaces: <str>

          # PREVIEW: This key is in preview.
          # When address-only is configured, the source IP of the packet is set to the interface
          # IP but the packet may exit the device via a different interface.
          # When set to `false`, the probe uses the interface to exit the device.
          # Not supported yet in EOS.
          address_only: <bool; default=True>
          url: <str>

Monitor sessions

Variable Type Required Default Value Restrictions Description
monitor_sessions List, items: Dictionary
  - name String Required Session Name.
    sources List, items: Dictionary
      - name String Interface name, range or comma separated list.
        direction String Valid Values:
- rx
- tx
- both
        access_group Dictionary
          type String Valid Values:
- ip
- ipv6
- mac
          name String ACL Name.
          priority Integer
    destinations List, items: String
      - <str> String ‘cpu’ or interface name, range or comma separated list.
    encapsulation_gre_metadata_tx Boolean
    header_remove_size Integer Number of bytes to remove from header.
    access_group Dictionary
      type String Valid Values:
- ip
- ipv6
- mac
      name String ACL Name.
    rate_limit_per_ingress_chip String Ratelimit and unit as string.
Examples:
“100000 bps”
“100 kbps”
“10 mbps”
    rate_limit_per_egress_chip String Ratelimit and unit as string.
Examples:
“100000 bps”
“100 kbps”
“10 mbps”
    sample Integer
    truncate Dictionary
      enabled Boolean
      size Integer Size in bytes.
monitor_sessions:

    # Session Name.
  - name: <str; required>
    sources:

        # Interface name, range or comma separated list.
      - name: <str>
        direction: <str; "rx" | "tx" | "both">
        access_group:
          type: <str; "ip" | "ipv6" | "mac">

          # ACL Name.
          name: <str>
          priority: <int>
    destinations:

        # 'cpu' or interface name, range or comma separated list.
      - <str>
    encapsulation_gre_metadata_tx: <bool>

    # Number of bytes to remove from header.
    header_remove_size: <int>
    access_group:
      type: <str; "ip" | "ipv6" | "mac">

      # ACL Name.
      name: <str>

    # Ratelimit and unit as string.
    # Examples:
    #   "100000 bps"
    #   "100 kbps"
    #   "10 mbps"
    rate_limit_per_ingress_chip: <str>

    # Ratelimit and unit as string.
    # Examples:
    #   "100000 bps"
    #   "100 kbps"
    #   "10 mbps"
    rate_limit_per_egress_chip: <str>
    sample: <int>
    truncate:
      enabled: <bool>

      # Size in bytes.
      size: <int>

Monitor layer 1

Variable Type Required Default Value Restrictions Description
monitor_layer1 Dictionary Enable SYSLOG messages on transceiver SMBus communication failures.
  enabled Boolean Required Enable monitor layer1.
  logging_mac_fault Boolean Enable MAC fault logging.
  logging_transceiver Dictionary Configure transceiver monitoring logging.
    dom Boolean Enable transceiver Digital Optical Monitoring (DOM) logging.
    communication Boolean Enable transceiver SMBus fail and reset logging.
    enabled Boolean Some platforms support only the logging transceiver command. enabled key configures this command.
# Enable SYSLOG messages on transceiver SMBus communication failures.
monitor_layer1:

  # Enable monitor layer1.
  enabled: <bool; required>

  # Enable MAC fault logging.
  logging_mac_fault: <bool>

  # Configure transceiver monitoring logging.
  logging_transceiver:

    # Enable transceiver Digital Optical Monitoring (DOM) logging.
    dom: <bool>

    # Enable transceiver SMBus fail and reset logging.
    communication: <bool>

    # Some platforms support only the `logging transceiver` command. `enabled` key configures this command.
    enabled: <bool>

SFLOW

Variable Type Required Default Value Restrictions Description
sflow Dictionary
  sample Integer
  sample_input_subinterface Boolean
  sample_output_subinterface Boolean
  dangerous Boolean
  polling_interval Integer Polling interval in seconds.
  vrfs List, items: Dictionary
    - name String Required, Unique
      destinations List, items: Dictionary
        - destination String Required, Unique Sflow Destination IP Address.
          port Integer Port Number
      source String Source IP Address.
“source” and “source_interface” are mutually exclusive. If both are defined, “source_interface” takes precedence.
      source_interface String Source Interface.
  destinations List, items: Dictionary
    - destination String Required, Unique Sflow Destination IP Address.
      port Integer Port Number.
  source String Source IP Address.
“source” and “source_interface” are mutually exclusive. If both are defined, “source_interface” takes precedence.
  source_interface String Source Interface.
  extensions List, items: Dictionary
    - name String Required, Unique Extension Name.
      enabled Boolean Required Enable or Disable Extension.
  interface Dictionary
    disable Dictionary
      default Boolean
    egress Dictionary
      enable_default Boolean Enable egress sFlow by default.
      unmodified Boolean Enable egress sFlow unmodified.
Platform dependent feature.
  run Boolean
  hardware_acceleration Dictionary
    enabled Boolean
    sample Integer
    modules List, items: Dictionary
      - name String Required, Unique
        enabled Boolean True
sflow:
  sample: <int>
  sample_input_subinterface: <bool>
  sample_output_subinterface: <bool>
  dangerous: <bool>

  # Polling interval in seconds.
  polling_interval: <int>
  vrfs:
    - name: <str; required; unique>
      destinations:

          # Sflow Destination IP Address.
        - destination: <str; required; unique>

          # Port Number
          port: <int>

      # Source IP Address.
      # "source" and "source_interface" are mutually exclusive. If both are defined, "source_interface" takes precedence.
      source: <str>

      # Source Interface.
      source_interface: <str>
  destinations:

      # Sflow Destination IP Address.
    - destination: <str; required; unique>

      # Port Number.
      port: <int>

  # Source IP Address.
  # "source" and "source_interface" are mutually exclusive. If both are defined, "source_interface" takes precedence.
  source: <str>

  # Source Interface.
  source_interface: <str>
  extensions:

      # Extension Name.
    - name: <str; required; unique>

      # Enable or Disable Extension.
      enabled: <bool; required>
  interface:
    disable:
      default: <bool>
    egress:

      # Enable egress sFlow by default.
      enable_default: <bool>

      # Enable egress sFlow unmodified.
      # Platform dependent feature.
      unmodified: <bool>
  run: <bool>
  hardware_acceleration:
    enabled: <bool>
    sample: <int>
    modules:
      - name: <str; required; unique>
        enabled: <bool; default=True>

SNMP server

Variable Type Required Default Value Restrictions Description
snmp_server Dictionary SNMP settings.
  engine_ids Dictionary
    local String Engine ID in hexadecimal.
    remotes List, items: Dictionary
      - id String Remote engine ID in hexadecimal.
        address String Hostname or IP of remote engine.
        udp_port Integer
  contact String SNMP contact.
  location String SNMP location.
  communities List, items: Dictionary
    - name String Required, Unique Community name.
      access String Valid Values:
- ro
- rw
      access_list_ipv4 Dictionary
        name String IPv4 access list name.
      access_list_ipv6 Dictionary
        name String IPv6 access list name.
      view String
  ipv4_acls List, items: Dictionary
    - name String IPv4 access list name.
      vrf String
  ipv6_acls List, items: Dictionary
    - name String IPv6 access list name.
      vrf String
  local_interfaces List, items: Dictionary
    - name String Required, Unique Interface name.
      vrf String
  views List, items: Dictionary
    - name String SNMP view name.
      mib_family_name String
      included Boolean
      MIB_family_name deprecated String This key is deprecated. Support will be removed in AVD version 5.0.0. Use mib_family_name instead.
  groups List, items: Dictionary
    - name String Group name.
      version String Valid Values:
- v1
- v2c
- v3
      authentication String Valid Values:
- auth
- noauth
- priv
      read String Read view.
      write String Write view.
      notify String Notify view.
  users List, items: Dictionary
    - name String Username.
      group String Group name.
      remote_address String Hostname or ip of remote engine.
The remote_address and udp_port are used for remote users.
      udp_port Integer udp_port will not be used if no remote_address is configured.
      version String Valid Values:
- v1
- v2c
- v3
      localized String Engine ID in hexadecimal for localizing auth and/or priv.
      auth String Hash algorithm.
      auth_passphrase String Hashed authentication passphrase if localized is used else cleartext authentication passphrase.
      priv String Encryption algorithm.
      priv_passphrase String Hashed privacy passphrase if localized is used else cleartext privacy passphrase.
  hosts List, items: Dictionary
    - host String Host IP address or name.
      vrf String
      version String Valid Values:
- 1
- 2c
- 3
      community String Community name.
      users List, items: Dictionary
        - username String
          authentication_level String Valid Values:
- auth
- noauth
- priv
  traps Dictionary
    enable Boolean False Enable or disable all snmp-traps.
    snmp_traps List, items: Dictionary
      - name String Enable or disable specific snmp-traps and their sub_traps.
Examples:
- “bgp”
- “bgp established”
        enabled Boolean True
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name.
      enable Boolean
# SNMP settings.
snmp_server:
  engine_ids:

    # Engine ID in hexadecimal.
    local: <str>
    remotes:

        # Remote engine ID in hexadecimal.
      - id: <str>

        # Hostname or IP of remote engine.
        address: <str>
        udp_port: <int>

  # SNMP contact.
  contact: <str>

  # SNMP location.
  location: <str>
  communities:

      # Community name.
    - name: <str; required; unique>
      access: <str; "ro" | "rw">
      access_list_ipv4:

        # IPv4 access list name.
        name: <str>
      access_list_ipv6:

        # IPv6 access list name.
        name: <str>
      view: <str>
  ipv4_acls:

      # IPv4 access list name.
    - name: <str>
      vrf: <str>
  ipv6_acls:

      # IPv6 access list name.
    - name: <str>
      vrf: <str>
  local_interfaces:

      # Interface name.
    - name: <str; required; unique>
      vrf: <str>
  views:

      # SNMP view name.
    - name: <str>
      mib_family_name: <str>
      included: <bool>
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>mib_family_name</samp> instead.
      MIB_family_name: <str>
  groups:

      # Group name.
    - name: <str>
      version: <str; "v1" | "v2c" | "v3">
      authentication: <str; "auth" | "noauth" | "priv">

      # Read view.
      read: <str>

      # Write view.
      write: <str>

      # Notify view.
      notify: <str>
  users:

      # Username.
    - name: <str>

      # Group name.
      group: <str>

      # Hostname or ip of remote engine.
      # The remote_address and udp_port are used for remote users.
      remote_address: <str>

      # udp_port will not be used if no remote_address is configured.
      udp_port: <int>
      version: <str; "v1" | "v2c" | "v3">

      # Engine ID in hexadecimal for localizing auth and/or priv.
      localized: <str>

      # Hash algorithm.
      auth: <str>

      # Hashed authentication passphrase if localized is used else cleartext authentication passphrase.
      auth_passphrase: <str>

      # Encryption algorithm.
      priv: <str>

      # Hashed privacy passphrase if localized is used else cleartext privacy passphrase.
      priv_passphrase: <str>
  hosts:

      # Host IP address or name.
    - host: <str>
      vrf: <str>
      version: <str; "1" | "2c" | "3">

      # Community name.
      community: <str>
      users:
        - username: <str>
          authentication_level: <str; "auth" | "noauth" | "priv">
  traps:

    # Enable or disable all snmp-traps.
    enable: <bool; default=False>
    snmp_traps:

        # Enable or disable specific snmp-traps and their sub_traps.
        # Examples:
        # - "bgp"
        # - "bgp established"
      - name: <str>
        enabled: <bool; default=True>
  vrfs:

      # VRF name.
    - name: <str; required; unique>
      enable: <bool>

Tap aggregation

Variable Type Required Default Value Restrictions Description
tap_aggregation Dictionary
  mode Dictionary
    exclusive Dictionary
      enabled Boolean
      profile String Profile Name.
      no_errdisable List, items: String
        - <str> String Interface name e.g Ethernet1, Port-Channel1.
  encapsulation_dot1br_strip Boolean
  encapsulation_vn_tag_strip Boolean
  protocol_lldp_trap Boolean
  truncation_size Integer Allowed truncation_size values vary depending on the platform.
  mac Dictionary
    timestamp Dictionary mac.timestamp.replace_source_mac and mac.timestamp.header.format are mutually exclsuive. If both are defined, replace_source_mac takes precedence.
      replace_source_mac Boolean
      header Dictionary
        format String Valid Values:
- 48-bit
- 64-bit
        eth_type Integer EtherType.
    fcs_append Boolean mac.fcs_append and mac.fcs_error are mutually exclusive. If both are defined, mac.fcs_append takes precedence.
    fcs_error String Valid Values:
- correct
- discard
- pass-through
tap_aggregation:
  mode:
    exclusive:
      enabled: <bool>

      # Profile Name.
      profile: <str>
      no_errdisable:

          # Interface name e.g Ethernet1, Port-Channel1.
        - <str>
  encapsulation_dot1br_strip: <bool>
  encapsulation_vn_tag_strip: <bool>
  protocol_lldp_trap: <bool>

  # Allowed truncation_size values vary depending on the platform.
  truncation_size: <int>
  mac:

    # mac.timestamp.replace_source_mac and mac.timestamp.header.format are mutually exclsuive. If both are defined, replace_source_mac takes precedence.
    timestamp:
      replace_source_mac: <bool>
      header:
        format: <str; "48-bit" | "64-bit">

        # EtherType.
        eth_type: <int>

    # mac.fcs_append and mac.fcs_error are mutually exclusive. If both are defined, mac.fcs_append takes precedence.
    fcs_append: <bool>
    fcs_error: <str; "correct" | "discard" | "pass-through">

VM tracer-sessions

Variable Type Required Default Value Restrictions Description
vmtracer_sessions List, items: Dictionary
  - name String Required, Unique Vmtracer Session Name.
    url String
    username String
    password String Type 7 Password Hash.
    autovlan_disable Boolean
    source_interface String
vmtracer_sessions:

    # Vmtracer Session Name.
  - name: <str; required; unique>
    url: <str>
    username: <str>

    # Type 7 Password Hash.
    password: <str>
    autovlan_disable: <bool>
    source_interface: <str>

Multicast

IP IGMP snooping

Variable Type Required Default Value Restrictions Description
ip_igmp_snooping Dictionary
  globally_enabled Boolean True Activate or deactivate IGMP snooping for all vlans where vlans allows user to activate / deactivate IGMP snooping per vlan.
  robustness_variable Integer
  restart_query_interval Integer
  interface_restart_query Integer
  fast_leave Boolean
  querier Dictionary
    enabled Boolean
    address String IP Address.
    query_interval Integer
    max_response_time Integer
    last_member_query_interval Integer
    last_member_query_count Integer
    startup_query_interval Integer
    startup_query_count Integer
    version Integer
  proxy Boolean
  vlans List, items: Dictionary
    - id Integer Required, Unique VLAN ID.
      enabled Boolean
      querier Dictionary
        enabled Boolean
        address String IP Address.
        query_interval Integer
        max_response_time Integer
        last_member_query_interval Integer
        last_member_query_count Integer
        startup_query_interval Integer
        startup_query_count Integer
        version Integer
      max_groups Integer
      fast_leave Boolean
      proxy Boolean Global proxy settings should be enabled before enabling per-vlan.
ip_igmp_snooping:

  # Activate or deactivate IGMP snooping for all vlans where `vlans` allows user to activate / deactivate IGMP snooping per vlan.
  globally_enabled: <bool; default=True>
  robustness_variable: <int>
  restart_query_interval: <int>
  interface_restart_query: <int>
  fast_leave: <bool>
  querier:
    enabled: <bool>

    # IP Address.
    address: <str>
    query_interval: <int>
    max_response_time: <int>
    last_member_query_interval: <int>
    last_member_query_count: <int>
    startup_query_interval: <int>
    startup_query_count: <int>
    version: <int>
  proxy: <bool>
  vlans:

      # VLAN ID.
    - id: <int; required; unique>
      enabled: <bool>
      querier:
        enabled: <bool>

        # IP Address.
        address: <str>
        query_interval: <int>
        max_response_time: <int>
        last_member_query_interval: <int>
        last_member_query_count: <int>
        startup_query_interval: <int>
        startup_query_count: <int>
        version: <int>
      max_groups: <int>
      fast_leave: <bool>

      # Global proxy settings should be enabled before enabling per-vlan.
      proxy: <bool>

Router IGMP

Variable Type Required Default Value Restrictions Description
router_igmp Dictionary
  host_proxy_match_mroute String Valid Values:
- all
- iif
Specify conditions for sending IGMP joins for host-proxy.
‘iif’ will enable igmp host-proxy to work in iif aware.
‘all’ will enable igmp host-proxy to work in iif unaware mode (EOS default).
  ssm_aware Boolean
  vrfs List, items: Dictionary Configure IGMP in a VRF.
VRF ‘default’ is not supported in EOS, please see keys directly under ‘router_igmp’.
    - name String Required, Unique VRF name.
      host_proxy_match_mroute String Valid Values:
- all
- iif
Specify conditions for sending IGMP joins for host-proxy.
‘iif’ will enable igmp host-proxy to work in iif aware.
‘all’ will enable igmp host-proxy to work in iif unaware mode (EOS default).
router_igmp:

  # Specify conditions for sending IGMP joins for host-proxy.
  # 'iif' will enable igmp host-proxy to work in iif aware.
  # 'all' will enable igmp host-proxy to work in iif unaware mode (EOS default).
  host_proxy_match_mroute: <str; "all" | "iif">
  ssm_aware: <bool>

  # Configure IGMP in a VRF.
  # VRF 'default' is not supported in EOS, please see keys directly under 'router_igmp'.
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # Specify conditions for sending IGMP joins for host-proxy.
      # 'iif' will enable igmp host-proxy to work in iif aware.
      # 'all' will enable igmp host-proxy to work in iif unaware mode (EOS default).
      host_proxy_match_mroute: <str; "all" | "iif">

Router MSDP

Variable Type Required Default Value Restrictions Description
router_msdp Dictionary
  originator_id_local_interface String Interface to use for originator ID.
  rejected_limit Integer Min: 0
Max: 40000
Maximum number of rejected SA messages allowed in cache.
  forward_register_packets Boolean
  connection_retry_interval Integer Min: 1
Max: 65535
  group_limits List, items: Dictionary
    - source_prefix String Required, Unique Source address prefix.
      limit Integer Required Min: 0
Max: 40000
Limit for SAs matching the source address prefix.
  peers List, items: Dictionary
    - ipv4_address String Required, Unique Peer IP Address.
      default_peer Dictionary
        enabled Boolean
        prefix_list String Prefix list to filter source of SA messages.
      local_interface String
      description String
      disabled Boolean Disable the MSDP peer.
      sa_limit Integer Min: 0
Max: 40000
Maximum number of SA messages allowed in cache.
      mesh_groups List, items: Dictionary
        - name String Required, Unique Mesh group name.
      keepalive Dictionary
        keepalive_timer Integer Required Min: 1
Max: 65535
        hold_timer Integer Required Min: 1
Max: 65535
Must be greater than keepalive timer.
      sa_filter Dictionary
        in_list String ACL to filter inbound SA messages.
        out_list String ACL to filter outbound SA messages.
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name.
      originator_id_local_interface String Interface to use for originator ID.
      rejected_limit Integer Min: 0
Max: 40000
Maximum number of rejected SA messages allowed in cache.
      forward_register_packets Boolean
      connection_retry_interval Integer Min: 1
Max: 65535
      group_limits List, items: Dictionary
        - source_prefix String Required, Unique Source address prefix.
          limit Integer Required Min: 0
Max: 40000
Limit for SAs matching the source address prefix.
      peers List, items: Dictionary
        - ipv4_address String Required, Unique Peer IP Address.
          default_peer Dictionary
            enabled Boolean
            prefix_list String Prefix list to filter source of SA messages.
          local_interface String
          description String
          disabled Boolean Disable the MSDP peer.
          sa_limit Integer Min: 0
Max: 40000
Maximum number of SA messages allowed in cache.
          mesh_groups List, items: Dictionary
            - name String Required, Unique Mesh group name.
          keepalive Dictionary
            keepalive_timer Integer Required Min: 1
Max: 65535
            hold_timer Integer Required Min: 1
Max: 65535
Must be greater than keepalive timer.
          sa_filter Dictionary
            in_list String ACL to filter inbound SA messages.
            out_list String ACL to filter outbound SA messages.
router_msdp:

  # Interface to use for originator ID.
  originator_id_local_interface: <str>

  # Maximum number of rejected SA messages allowed in cache.
  rejected_limit: <int; 0-40000>
  forward_register_packets: <bool>
  connection_retry_interval: <int; 1-65535>
  group_limits:

      # Source address prefix.
    - source_prefix: <str; required; unique>

      # Limit for SAs matching the source address prefix.
      limit: <int; 0-40000; required>
  peers:

      # Peer IP Address.
    - ipv4_address: <str; required; unique>
      default_peer:
        enabled: <bool>

        # Prefix list to filter source of SA messages.
        prefix_list: <str>
      local_interface: <str>
      description: <str>

      # Disable the MSDP peer.
      disabled: <bool>

      # Maximum number of SA messages allowed in cache.
      sa_limit: <int; 0-40000>
      mesh_groups:

          # Mesh group name.
        - name: <str; required; unique>
      keepalive:
        keepalive_timer: <int; 1-65535; required>

        # Must be greater than keepalive timer.
        hold_timer: <int; 1-65535; required>
      sa_filter:

        # ACL to filter inbound SA messages.
        in_list: <str>

        # ACL to filter outbound SA messages.
        out_list: <str>
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # Interface to use for originator ID.
      originator_id_local_interface: <str>

      # Maximum number of rejected SA messages allowed in cache.
      rejected_limit: <int; 0-40000>
      forward_register_packets: <bool>
      connection_retry_interval: <int; 1-65535>
      group_limits:

          # Source address prefix.
        - source_prefix: <str; required; unique>

          # Limit for SAs matching the source address prefix.
          limit: <int; 0-40000; required>
      peers:

          # Peer IP Address.
        - ipv4_address: <str; required; unique>
          default_peer:
            enabled: <bool>

            # Prefix list to filter source of SA messages.
            prefix_list: <str>
          local_interface: <str>
          description: <str>

          # Disable the MSDP peer.
          disabled: <bool>

          # Maximum number of SA messages allowed in cache.
          sa_limit: <int; 0-40000>
          mesh_groups:

              # Mesh group name.
            - name: <str; required; unique>
          keepalive:
            keepalive_timer: <int; 1-65535; required>

            # Must be greater than keepalive timer.
            hold_timer: <int; 1-65535; required>
          sa_filter:

            # ACL to filter inbound SA messages.
            in_list: <str>

            # ACL to filter outbound SA messages.
            out_list: <str>

Router multicast

Variable Type Required Default Value Restrictions Description
router_multicast Dictionary
  ipv4 Dictionary
    activity_polling_interval Integer Min: 1
Max: 60
MFIB entry activity polling interval.
    counters Dictionary
      rate_period_decay Integer Min: 0
Max: 600
Rate in seconds.
    routing Boolean
    multipath String Valid Values:
- none
- deterministic
- deterministic color
- deterministic router-id
    software_forwarding String Valid Values:
- kernel
- sfe
    rpf Dictionary
      routes List, items: Dictionary
        - source_prefix String Required Source address A.B.C.D or Source prefix A.B.C.D/E.
          destinations List, items: Dictionary Required
            - nexthop String Required Next-hop IP address or interface name.
              distance Integer Min: 1
Max: 255
Administrative distance for this route.
  ipv6 Dictionary
    activity_polling_interval Integer Min: 1
Max: 60
MFIB entry activity polling interval.
  vrfs List, items: Dictionary
    - name String Required, Unique
      ipv4 Dictionary
        routing Boolean
router_multicast:
  ipv4:

    # MFIB entry activity polling interval.
    activity_polling_interval: <int; 1-60>
    counters:

      # Rate in seconds.
      rate_period_decay: <int; 0-600>
    routing: <bool>
    multipath: <str; "none" | "deterministic" | "deterministic color" | "deterministic router-id">
    software_forwarding: <str; "kernel" | "sfe">
    rpf:
      routes:

          # Source address A.B.C.D or Source prefix A.B.C.D/E.
        - source_prefix: <str; required>
          destinations: # required

              # Next-hop IP address or interface name.
            - nexthop: <str; required>

              # Administrative distance for this route.
              distance: <int; 1-255>
  ipv6:

    # MFIB entry activity polling interval.
    activity_polling_interval: <int; 1-60>
  vrfs:
    - name: <str; required; unique>
      ipv4:
        routing: <bool>

Router PIM sparse-mode

Variable Type Required Default Value Restrictions Description
router_pim_sparse_mode Dictionary
  ipv4 Dictionary
    bfd Boolean Enable/Disable BFD.
    ssm_range String IPv4 Prefix associated with SSM.
    rp_addresses List, items: Dictionary
      - address String Required, Unique RP Address.
        groups List, items: String
          - <str> String
        access_lists List, items: String
          - <str> String
        priority Integer Min: 0
Max: 255
        hashmask Integer Min: 0
Max: 32
        override Boolean
    anycast_rps List, items: Dictionary
      - address String Required, Unique Anycast RP Address.
        other_anycast_rp_addresses List, items: Dictionary
          - address String Required, Unique Other Anycast RP Address.
            register_count Integer
  vrfs List, items: Dictionary
    - name String Required, Unique VRF Name.
      ipv4 Dictionary
        bfd Boolean Enable/Disable BFD.
        rp_addresses List, items: Dictionary
          - address String Required RP Address.
            groups List, items: String
              - <str> String
            access_lists List, items: String
              - <str> String
            priority Integer Min: 0
Max: 255
            hashmask Integer Min: 0
Max: 32
            override Boolean
router_pim_sparse_mode:
  ipv4:

    # Enable/Disable BFD.
    bfd: <bool>

    # IPv4 Prefix associated with SSM.
    ssm_range: <str>
    rp_addresses:

        # RP Address.
      - address: <str; required; unique>
        groups:
          - <str>
        access_lists:
          - <str>
        priority: <int; 0-255>
        hashmask: <int; 0-32>
        override: <bool>
    anycast_rps:

        # Anycast RP Address.
      - address: <str; required; unique>
        other_anycast_rp_addresses:

            # Other Anycast RP Address.
          - address: <str; required; unique>
            register_count: <int>
  vrfs:

      # VRF Name.
    - name: <str; required; unique>
      ipv4:

        # Enable/Disable BFD.
        bfd: <bool>
        rp_addresses:

            # RP Address.
          - address: <str; required>
            groups:
              - <str>
            access_lists:
              - <str>
            priority: <int; 0-255>
            hashmask: <int; 0-32>
            override: <bool>

Quality of Service

Priority flow control

Variable Type Required Default Value Restrictions Description
priority_flow_control Dictionary Global Priority Flow Control settings.
  all_off Boolean Disable PFC on all interfaces.
  watchdog Dictionary
    action String Valid Values:
- drop
- no-drop
Action on stuck queue.
    timeout String Pattern: ^\d+(.\d{1,2})?$ Timeout in seconds after which port should be errdisabled or
should start dropping on congested priorities.
This should be decimal with up to 2 decimal point.
Example: 0.01 or 60
    polling_interval String Pattern: ^\d+(.\d{1,3})?$ Time interval in seconds at which the watchdog should poll the queues.
This should be decimal with up to 3 decimal point.
Example: 0.005 or 60
    recovery_time String Pattern: ^\d+(.\d{1,2})?$ Recovery-time in seconds after which stuck queue should
recover and start forwarding again.
This should be decimal with up to 2 decimal point.
Example: 0.01 or 60
    override_action_drop Boolean Override configured action on stuck queue to drop.
# Global Priority Flow Control settings.
priority_flow_control:

  # Disable PFC on all interfaces.
  all_off: <bool>
  watchdog:

    # Action on stuck queue.
    action: <str; "drop" | "no-drop">

    # Timeout in seconds after which port should be errdisabled or
    # should start dropping on congested priorities.
    # This should be decimal with up to 2 decimal point.
    # Example: 0.01 or 60
    timeout: <str>

    # Time interval in seconds at which the watchdog should poll the queues.
    # This should be decimal with up to 3 decimal point.
    # Example: 0.005 or 60
    polling_interval: <str>

    # Recovery-time in seconds after which stuck queue should
    # recover and start forwarding again.
    # This should be decimal with up to 2 decimal point.
    # Example: 0.01 or 60
    recovery_time: <str>

    # Override configured action on stuck queue to drop.
    override_action_drop: <bool>

QoS

Variable Type Required Default Value Restrictions Description
qos Dictionary
  map Dictionary
    cos List, items: String
      - <str> String Example: “0 1 to traffic-class 1”
    dscp List, items: String
      - <str> String Example: “8 9 10 to traffic-class 1”
    exp List, items: String
      - <str> String Example “0 to traffic-class 0”
    traffic_class List, items: String
      - <str> String Example: “1 to dscp 32”
  rewrite_dscp Boolean
  random_detect Dictionary Global random-detect settings.
    ecn Dictionary Global ECN Configuration.
      allow_non_ect Dictionary
        enabled Boolean Allow non-ect and set drop-precedence 1 in a policy map simultaneously.
Check which command is required for your platform.
        chip_based Boolean Allow non-ect chip-based.
qos:
  map:
    cos:

        # Example: "0 1 to traffic-class 1"
      - <str>
    dscp:

        # Example: "8 9 10 to traffic-class 1"
      - <str>
    exp:

        # Example "0 to traffic-class 0"
      - <str>
    traffic_class:

        # Example: "1 to dscp 32"
      - <str>
  rewrite_dscp: <bool>

  # Global random-detect settings.
  random_detect:

    # Global ECN Configuration.
    ecn:
      allow_non_ect:

        # Allow non-ect and set drop-precedence 1 in a policy map simultaneously.
        # Check which command is required for your platform.
        enabled: <bool>

        # Allow non-ect chip-based.
        chip_based: <bool>

QoS profiles

Variable Type Required Default Value Restrictions Description
qos_profiles List, items: Dictionary
  - name String Required, Unique Profile-Name.
    trust String Valid Values:
- cos
- dscp
- disabled
    cos Integer
    dscp Integer
    shape Dictionary
      rate String Supported options are platform dependent.
Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
    service_policy Dictionary
      type Dictionary
        qos_input String Policy-map name.
    tx_queues List, items: Dictionary
      - id Integer Required, Unique TX-Queue ID.
        bandwidth_percent Integer
        bandwidth_guaranteed_percent Integer
        priority String Valid Values:
- priority strict
- no priority
        shape Dictionary
          rate String Supported options are platform dependent.
Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
        comment String Text comment added to queue.
        random_detect Dictionary
          ecn Dictionary Explicit Congestion Notification.
            count Boolean Enable counter for random-detect ECNs.
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- milliseconds
Units to be used for the threshold values.
This should be one of segments, byte, kbytes, mbytes.
              min Integer Required Min: 1 Random-detect ECN minimum-threshold.
              max Integer Required Min: 1 Random-detect ECN maximum-threshold.
              max_probability Integer Min: 1
Max: 100
Random-detect ECN maximum mark probability.
              weight Integer Min: 0
Max: 15
Random-detect ECN weight.
          drop Dictionary Set WRED parameters.
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- microseconds
- milliseconds
Units to be used for the threshold values.
              drop_precedence Integer Min: 0
Max: 2
Specify Drop Precedence value.
              min Integer Required Min: 1 WRED minimum-threshold.
              max Integer Required Min: 1 WRED maximum-threshold.
              drop_probability Integer Required Min: 1
Max: 100
WRED drop probability.
              weight Integer Min: 0
Max: 15
WRED weight.
    uc_tx_queues List, items: Dictionary
      - id Integer Required, Unique UC TX queue ID.
        bandwidth_percent Integer
        bandwidth_guaranteed_percent Integer
        priority String Valid Values:
- priority strict
- no priority
        shape Dictionary
          rate String Supported options are platform dependent.
Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
        comment String Text comment added to queue.
        random_detect Dictionary
          ecn Dictionary Explicit Congestion Notification.
            count Boolean Enable counter for random-detect ECNs.
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- milliseconds
Unit to be used for the threshold values.
              min Integer Required Min: 1 Random-detect ECN minimum-threshold.
              max Integer Required Min: 1 Random-detect ECN maximum-threshold.
              max_probability Integer Min: 1
Max: 100
Random-detect ECN maximum mark probability.
              weight Integer Min: 0
Max: 15
Random-detect ECN weight.
          drop Dictionary Set WRED parameters.
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- microseconds
- milliseconds
Units to be used for the threshold values.
              drop_precedence Integer Min: 0
Max: 2
Specify Drop Precedence value.
              min Integer Required Min: 1 WRED minimum-threshold.
              max Integer Required Min: 1 WRED maximum-threshold.
              drop_probability Integer Required Min: 1
Max: 100
WRED drop probability.
              weight Integer Min: 0
Max: 15
WRED weight.
    mc_tx_queues List, items: Dictionary
      - id Integer Required, Unique MC TX queue ID.
        bandwidth_percent Integer
        bandwidth_guaranteed_percent Integer
        priority String Valid Values:
- priority strict
- no priority
        shape Dictionary
          rate String Supported options are platform dependent.
Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
        comment String Text comment added to queue.
    priority_flow_control Dictionary Priority Flow Control settings.
      enabled Boolean Enable Priority Flow control.
      watchdog Dictionary Watchdog can detect stuck transmit queues.
        enabled Boolean Required Enable the watchdog on stuck transmit queues.
        action String Valid Values:
- drop
- notify-only
Override the default error-disable action to either drop
traffic on the stuck queue or notify-only
without making any actions on the stuck queue.
        timer Dictionary Timer thresholds whilst monitoring queues.
          timeout String Required Pattern: ^\d+(.\d{1,2})?$ Timeout in seconds after which port should be errdisabled or
should start dropping on congested priorities.
This should be decimal with up to 2 decimal point.
Example: 0.01 or 60
          polling_interval String Required Pattern: ^auto \d+(.\d{1,3})?$
          recovery_time String Required Pattern: ^\d+(.\d{1,2})?$ Recovery-time in seconds after which stuck queue should
recover and start forwarding again.
This should be decimal with up to 2 decimal point.
Example: 0.01 or 60
          forced Boolean Force recover any stuck queue(s) after the duration,
irrespective of whether PFC frames are being
received or not.
      priorities List, items: Dictionary Set the drop/no_drop on each queue.
        - priority Integer Required, Unique Min: 0
Max: 7
Priority queue number (COS value).
          no_drop Boolean Required Enable Priority Flow Control frames on this queue.
qos_profiles:

    # Profile-Name.
  - name: <str; required; unique>
    trust: <str; "cos" | "dscp" | "disabled">
    cos: <int>
    dscp: <int>
    shape:

      # Supported options are platform dependent.
      # Example: "< rate > kbps", "1-100 percent", "< rate > pps"
      rate: <str>
    service_policy:
      type:

        # Policy-map name.
        qos_input: <str>
    tx_queues:

        # TX-Queue ID.
      - id: <int; required; unique>
        bandwidth_percent: <int>
        bandwidth_guaranteed_percent: <int>
        priority: <str; "priority strict" | "no priority">
        shape:

          # Supported options are platform dependent.
          # Example: "< rate > kbps", "1-100 percent", "< rate > pps"
          rate: <str>

        # Text comment added to queue.
        comment: <str>
        random_detect:

          # Explicit Congestion Notification.
          ecn:

            # Enable counter for random-detect ECNs.
            count: <bool>
            threshold:

              # Units to be used for the threshold values.
              # This should be one of segments, byte, kbytes, mbytes.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>

              # Random-detect ECN minimum-threshold.
              min: <int; >=1; required>

              # Random-detect ECN maximum-threshold.
              max: <int; >=1; required>

              # Random-detect ECN maximum mark probability.
              max_probability: <int; 1-100>

              # Random-detect ECN weight.
              weight: <int; 0-15>

          # Set WRED parameters.
          drop:
            threshold:

              # Units to be used for the threshold values.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "microseconds" | "milliseconds"; required>

              # Specify Drop Precedence value.
              drop_precedence: <int; 0-2>

              # WRED minimum-threshold.
              min: <int; >=1; required>

              # WRED maximum-threshold.
              max: <int; >=1; required>

              # WRED drop probability.
              drop_probability: <int; 1-100; required>

              # WRED weight.
              weight: <int; 0-15>
    uc_tx_queues:

        # UC TX queue ID.
      - id: <int; required; unique>
        bandwidth_percent: <int>
        bandwidth_guaranteed_percent: <int>
        priority: <str; "priority strict" | "no priority">
        shape:

          # Supported options are platform dependent.
          # Example: "< rate > kbps", "1-100 percent", "< rate > pps"
          rate: <str>

        # Text comment added to queue.
        comment: <str>
        random_detect:

          # Explicit Congestion Notification.
          ecn:

            # Enable counter for random-detect ECNs.
            count: <bool>
            threshold:

              # Unit to be used for the threshold values.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>

              # Random-detect ECN minimum-threshold.
              min: <int; >=1; required>

              # Random-detect ECN maximum-threshold.
              max: <int; >=1; required>

              # Random-detect ECN maximum mark probability.
              max_probability: <int; 1-100>

              # Random-detect ECN weight.
              weight: <int; 0-15>

          # Set WRED parameters.
          drop:
            threshold:

              # Units to be used for the threshold values.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "microseconds" | "milliseconds"; required>

              # Specify Drop Precedence value.
              drop_precedence: <int; 0-2>

              # WRED minimum-threshold.
              min: <int; >=1; required>

              # WRED maximum-threshold.
              max: <int; >=1; required>

              # WRED drop probability.
              drop_probability: <int; 1-100; required>

              # WRED weight.
              weight: <int; 0-15>
    mc_tx_queues:

        # MC TX queue ID.
      - id: <int; required; unique>
        bandwidth_percent: <int>
        bandwidth_guaranteed_percent: <int>
        priority: <str; "priority strict" | "no priority">
        shape:

          # Supported options are platform dependent.
          # Example: "< rate > kbps", "1-100 percent", "< rate > pps"
          rate: <str>

        # Text comment added to queue.
        comment: <str>

    # Priority Flow Control settings.
    priority_flow_control:

      # Enable Priority Flow control.
      enabled: <bool>

      # Watchdog can detect stuck transmit queues.
      watchdog:

        # Enable the watchdog on stuck transmit queues.
        enabled: <bool; required>

        # Override the default error-disable action to either drop
        # traffic on the stuck queue or notify-only
        # without making any actions on the stuck queue.
        action: <str; "drop" | "notify-only">

        # Timer thresholds whilst monitoring queues.
        timer:

          # Timeout in seconds after which port should be errdisabled or
          # should start dropping on congested priorities.
          # This should be decimal with up to 2 decimal point.
          # Example: 0.01 or 60
          timeout: <str; required>

          # Time interval in seconds at which the watchdog should poll the queues.
          # This should be decimal with up to 3 decimal point or set
          # to 'auto' based on recovery_time and timeout values.
          # Example: 0.005 or 60
          polling_interval: <str; required>

          # Recovery-time in seconds after which stuck queue should
          # recover and start forwarding again.
          # This should be decimal with up to 2 decimal point.
          # Example: 0.01 or 60
          recovery_time: <str; required>

          # Force recover any stuck queue(s) after the duration,
          # irrespective of whether PFC frames are being
          # received or not.
          forced: <bool>

      # Set the drop/no_drop on each queue.
      priorities:

          # Priority queue number (COS value).
        - priority: <int; 0-7; required; unique>

          # Enable Priority Flow Control frames on this queue.
          no_drop: <bool; required>

Queue monitor-length

Variable Type Required Default Value Restrictions Description
queue_monitor_length Dictionary
  enabled Boolean Required
  default_thresholds Dictionary
    high Integer Required Default high threshold for Ethernet Interfaces.
    low Integer Default low threshold for Ethernet Interfaces.
Low threshold support is platform dependent.
  log Integer Logging interval in seconds.
  notifying Boolean Should only be used for platforms supporting the “queue-monitor length notifying” CLI.
  cpu Dictionary
    thresholds Dictionary
      high Integer Required
      low Integer
  tx_latency Boolean Enable tx-latency mode.
queue_monitor_length:
  enabled: <bool; required>
  default_thresholds:

    # Default high threshold for Ethernet Interfaces.
    high: <int; required>

    # Default low threshold for Ethernet Interfaces.
    # Low threshold support is platform dependent.
    low: <int>

  # Logging interval in seconds.
  log: <int>

  # Should only be used for platforms supporting the "queue-monitor length notifying" CLI.
  notifying: <bool>
  cpu:
    thresholds:
      high: <int; required>
      low: <int>

  # Enable tx-latency mode.
  tx_latency: <bool>

Queue monitor-streaming

Variable Type Required Default Value Restrictions Description
queue_monitor_streaming Dictionary
  enable Boolean
  ip_access_group String Name of IP ACL.
  ipv6_access_group String Name of IPv6 ACL.
  max_connections Integer Min: 1
Max: 100
  vrf String
queue_monitor_streaming:
  enable: <bool>

  # Name of IP ACL.
  ip_access_group: <str>

  # Name of IPv6 ACL.
  ipv6_access_group: <str>
  max_connections: <int; 1-100>
  vrf: <str>

Application traffic recognition

Variable Type Required Default Value Restrictions Description
application_traffic_recognition Dictionary Application traffic recognition configuration.
  categories List, items: Dictionary List of categories.
    - name String Required, Unique Category name.
      applications List, items: Dictionary List of applications.
        - name String Application name.
          service String Valid Values:
- audio-video
- chat
- default
- file-transfer
- networking-protocols
- peer-to-peer
- software-update
Service Name.
Specific service to target for this application.
If no service is specified, all supported services of the application are matched.
Not all valid values are valid for all applications, check on EOS CLI.
  field_sets Dictionary
    l4_ports List, items: Dictionary L4 port field-set.
      - name String Required, Unique L4 port field-set name.
        port_values List, items: String
          - <str> String Port values or range of port values.
Port values are between 0 and 65535.
    ipv4_prefixes List, items: Dictionary IPv4 prefix field set.
      - name String Required, Unique IPv4 prefix field-set name.
        prefix_values List, items: String
          - <str> String IP prefix (ex 1.2.3.0/24).
  applications Dictionary
    ipv4_applications List, items: Dictionary List of user defined IPv4 applications. The name should be unique over all defined applications (ipv4 and l4).
      - name String Required, Unique Application name.
        src_prefix_set_name String Source prefix set name.
        dest_prefix_set_name String Destination prefix set name.
        protocols List, items: String List of protocols to consider for this application.
To use port field-sets (source, destination or both), the list
must contain only one or two protocols, either tcp or udp.
When using both protocols, one line is rendered for each in the configuration,
hence the field-sets must have the same value for tcp_src_port_set_name and
udp_src_port_set_name and for tcp_dest_port_set_name and udp_dest_port_set_name
if set in order to generate valid configuration in EOS.
          - <str> String Valid Values:
- ahp
- esp
- icmp
- igmp
- ospf
- pim
- rsvp
- tcp
- udp
- vrrp
        protocol_ranges List, items: String Accept protocol value(s) or range(s).
Protocol values can be between 1 and 255.
          - <str> String
        udp_src_port_set_name String Name of field set for UDP source ports.
When the protocols list contain both tcp and udp, this key value
must be the same as tcp_src_port_set_name.
        tcp_src_port_set_name String Name of field set for TCP source ports.
When the protocols list contain both tcp and udp, this key value
must be the same as udp_src_port_set_name.
        udp_dest_port_set_name String Name of field set for UDP destination ports.
When the protocols list contain both tcp and udp, this key value
must be the same as tcp_dest_port_set_name.
        tcp_dest_port_set_name String Name of field set for TCP destination ports.
When the protocols list contain both tcp and udp, this key value
must be the same as udp_dest_port_set_name.
    l4_applications List, items: Dictionary List of user defined L4 applications. The name should be unique over all defined applications (ipv4 and l4).
      - name String Required, Unique Application name.
        protocols List, items: String List of protocols to consider for this application.
To use port field-sets (source, destination or both), the list
must contain only one or two protocols, either tcp or udp.
When using both protocols, one line is rendered for each in the configuration,
hence the field-sets must have the same value for tcp_src_port_set_name and
udp_src_port_set_name and for tcp_dest_port_set_name and udp_dest_port_set_name
if set in order to generate valid configuration in EOS.
          - <str> String Valid Values:
- ahp
- esp
- icmp
- igmp
- ospf
- pim
- rsvp
- tcp
- udp
- vrrp
        protocol_ranges List, items: String Accept protocol value(s) or range(s).
Protocol values can be between 1 and 255.
          - <str> String
        udp_src_port_set_name String Name of field set for UDP source ports.
When the protocols list contain both tcp and udp, this key value
must be the same as tcp_src_port_set_name.
        tcp_src_port_set_name String Name of field set for TCP source ports.
When the protocols list contain both tcp and udp, this key value
must be the same as udp_src_port_set_name.
        udp_dest_port_set_name String Name of field set for UDP destination ports.
When the protocols list contain both tcp and udp, this key value
must be the same as tcp_dest_port_set_name.
        tcp_dest_port_set_name String Name of field set for TCP destination ports.
When the protocols list contain both tcp and udp, this key value
must be the same as udp_dest_port_set_name.
  application_profiles List, items: Dictionary Group of applications.
    - name String Application Profile name.
      applications List, items: Dictionary List of applications part of the application profile.
        - name String Application Name.
          service String Valid Values:
- audio-video
- chat
- default
- file-transfer
- networking-protocols
- peer-to-peer
- software-update
Service Name.
Specific service to target for this application.
If no service is specified, all supported services of the application are matched.
Not all valid values are valid for all applications, check on EOS CLI.
      application_transports List, items: String List of transport protocols.
        - <str> String Valid Values:
- http
- https
- udp
- tcp
- ip
- ip6
- ssl
- rtp
- sctp
- quic
Transport name.
      categories List, items: Dictionary Categories under this application profile.
        - name String Name of a category.
          service String Valid Values:
- audio-video
- chat
- default
- file-transfer
- networking-protocols
- peer-to-peer
- software-update
Service Name.
Specific service to target for this application.
If no service is specified, all supported services of the application are matched.
Not all valid values are valid for all applications, check on EOS CLI.
# Application traffic recognition configuration.
application_traffic_recognition:

  # List of categories.
  categories:

      # Category name.
    - name: <str; required; unique>

      # List of applications.
      applications:

          # Application name.
        - name: <str>

          # Service Name.
          # Specific service to target for this application.
          # If no service is specified, all supported services of the application are matched.
          # Not all valid values are valid for all applications, check on EOS CLI.
          service: <str; "audio-video" | "chat" | "default" | "file-transfer" | "networking-protocols" | "peer-to-peer" | "software-update">
  field_sets:

    # L4 port field-set.
    l4_ports:

        # L4 port field-set name.
      - name: <str; required; unique>
        port_values:

            # Port values or range of port values.
            # Port values are between 0 and 65535.
          - <str>

    # IPv4 prefix field set.
    ipv4_prefixes:

        # IPv4 prefix field-set name.
      - name: <str; required; unique>
        prefix_values:

            # IP prefix (ex 1.2.3.0/24).
          - <str>
  applications:

    # List of user defined IPv4 applications. The name should be unique over all defined applications (ipv4 and l4).
    ipv4_applications:

        # Application name.
      - name: <str; required; unique>

        # Source prefix set name.
        src_prefix_set_name: <str>

        # Destination prefix set name.
        dest_prefix_set_name: <str>

        # List of protocols to consider for this application.
        # To use port field-sets (source, destination or both), the list
        # must contain only one or two protocols, either `tcp` or `udp`.
        # When using both protocols, one line is rendered for each in the configuration,
        # hence the field-sets must have the same value for `tcp_src_port_set_name` and
        # `udp_src_port_set_name` and for `tcp_dest_port_set_name` and `udp_dest_port_set_name`
        # if set in order to generate valid configuration in EOS.
        protocols:
          - <str; "ahp" | "esp" | "icmp" | "igmp" | "ospf" | "pim" | "rsvp" | "tcp" | "udp" | "vrrp">

        # Accept protocol value(s) or range(s).
        # Protocol values can be between 1 and 255.
        protocol_ranges:
          - <str>

        # Name of field set for UDP source ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `tcp_src_port_set_name`.
        udp_src_port_set_name: <str>

        # Name of field set for TCP source ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `udp_src_port_set_name`.
        tcp_src_port_set_name: <str>

        # Name of field set for UDP destination ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `tcp_dest_port_set_name`.
        udp_dest_port_set_name: <str>

        # Name of field set for TCP destination ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `udp_dest_port_set_name`.
        tcp_dest_port_set_name: <str>

    # List of user defined L4 applications. The name should be unique over all defined applications (ipv4 and l4).
    l4_applications:

        # Application name.
      - name: <str; required; unique>

        # List of protocols to consider for this application.
        # To use port field-sets (source, destination or both), the list
        # must contain only one or two protocols, either `tcp` or `udp`.
        # When using both protocols, one line is rendered for each in the configuration,
        # hence the field-sets must have the same value for `tcp_src_port_set_name` and
        # `udp_src_port_set_name` and for `tcp_dest_port_set_name` and `udp_dest_port_set_name`
        # if set in order to generate valid configuration in EOS.
        protocols:
          - <str; "ahp" | "esp" | "icmp" | "igmp" | "ospf" | "pim" | "rsvp" | "tcp" | "udp" | "vrrp">

        # Accept protocol value(s) or range(s).
        # Protocol values can be between 1 and 255.
        protocol_ranges:
          - <str>

        # Name of field set for UDP source ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `tcp_src_port_set_name`.
        udp_src_port_set_name: <str>

        # Name of field set for TCP source ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `udp_src_port_set_name`.
        tcp_src_port_set_name: <str>

        # Name of field set for UDP destination ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `tcp_dest_port_set_name`.
        udp_dest_port_set_name: <str>

        # Name of field set for TCP destination ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `udp_dest_port_set_name`.
        tcp_dest_port_set_name: <str>

  # Group of applications.
  application_profiles:

      # Application Profile name.
    - name: <str>

      # List of applications part of the application profile.
      applications:

          # Application Name.
        - name: <str>

          # Service Name.
          # Specific service to target for this application.
          # If no service is specified, all supported services of the application are matched.
          # Not all valid values are valid for all applications, check on EOS CLI.
          service: <str; "audio-video" | "chat" | "default" | "file-transfer" | "networking-protocols" | "peer-to-peer" | "software-update">

      # List of transport protocols.
      application_transports:

          # Transport name.
        - <str; "http" | "https" | "udp" | "tcp" | "ip" | "ip6" | "ssl" | "rtp" | "sctp" | "quic">

      # Categories under this application profile.
      categories:

          # Name of a category.
        - name: <str>

          # Service Name.
          # Specific service to target for this application.
          # If no service is specified, all supported services of the application are matched.
          # Not all valid values are valid for all applications, check on EOS CLI.
          service: <str; "audio-video" | "chat" | "default" | "file-transfer" | "networking-protocols" | "peer-to-peer" | "software-update">

Routing

ARP

Variable Type Required Default Value Restrictions Description
arp Dictionary
  aging Dictionary
    timeout_default Integer Min: 60
Max: 65535
Timeout in seconds.
  static_entries List, items: Dictionary Static ARP entries.
    - ipv4_address String Required ARP entry IPv4 address.
      vrf String ARP entry VRF.
      mac_address String Required Pattern: ^[0-9A-Fa-f]{4}.[0-9A-Fa-f]{4}.[0-9A-Fa-f]{4}$ ARP entry MAC address.
arp:
  aging:

    # Timeout in seconds.
    timeout_default: <int; 60-65535>

  # Static ARP entries.
  static_entries:

      # ARP entry IPv4 address.
    - ipv4_address: <str; required>

      # ARP entry VRF.
      vrf: <str>

      # ARP entry MAC address.
      mac_address: <str; required>

DHCP relay

Variable Type Required Default Value Restrictions Description
dhcp_relay Dictionary
  servers List, items: String
    - <str> String Server IP or Hostname.
  tunnel_requests_disabled Boolean
  mlag_peerlink_requests_disabled Boolean
dhcp_relay:
  servers:

      # Server IP or Hostname.
    - <str>
  tunnel_requests_disabled: <bool>
  mlag_peerlink_requests_disabled: <bool>

IP DHCP relay

Variable Type Required Default Value Restrictions Description
ip_dhcp_relay Dictionary
  always_on Boolean DhcpRelay Agent will be in always-on mode.
  all_subnets Boolean Allow forwarding requests with secondary IP addresses in the gateway address “giaddr” field.
  information_option Boolean Insert Option-82 information.
ip_dhcp_relay:

  # DhcpRelay Agent will be in always-on mode.
  always_on: <bool>

  # Allow forwarding requests with secondary IP addresses in the gateway address "giaddr" field.
  all_subnets: <bool>

  # Insert Option-82 information.
  information_option: <bool>

IP DHCP Snooping

Variable Type Required Default Value Restrictions Description
ip_dhcp_snooping Dictionary
  enabled Boolean
  bridging Boolean
  information_option Dictionary
    enabled Boolean Enable insertion of option-82 in DHCP request packets.
    circuit_id_type String “none” or <0 - 255>.
    circuit_id_format String Valid Values:
- %h:%p
- %p:%v
Required if circuit_id_type is set.
- “%h:%p” Hostname and interface name
- “%p:%v” Interface name and VLAN ID
  vlan String VLAN range as string.
“< vlan_id >, < vlan_id >-< vlan_id >”
Example: 15,16,17,18
ip_dhcp_snooping:
  enabled: <bool>
  bridging: <bool>
  information_option:

    # Enable insertion of option-82 in DHCP request packets.
    enabled: <bool>

    # "none" or <0 - 255>.
    circuit_id_type: <str>

    # Required if `circuit_id_type` is set.
    # - "%h:%p" Hostname and interface name
    # - "%p:%v" Interface name and VLAN ID
    circuit_id_format: <str; "%h:%p" | "%p:%v">

  # VLAN range as string.
  # "< vlan_id >, < vlan_id >-< vlan_id >"
  # Example: 15,16,17,18
  vlan: <str>

DHCP Servers

Variable Type Required Default Value Restrictions Description
dhcp_servers List, items: Dictionary
  - disabled Boolean
    vrf String Required, Unique VRF in which to configure the DHCP server, use default to indicate default VRF.
    dns_domain_name_ipv4 String
    dns_domain_name_ipv6 String
    dns_servers_ipv4 List, items: String Min Length: 1 List of DNS servers for IPv4 clients.
      - <str> String Required IPv4 address of DNS server.
    dns_servers_ipv6 List, items: String Min Length: 1 List of DNS servers for IPv6 clients.
      - <str> String Required IPv6 address of DNS server.
    tftp_server Dictionary
      file_ipv4 String Min Length: 1
Max Length: 255
Name of TFTP file for IPv4 clients.
      file_ipv6 String Min Length: 1
Max Length: 255
Name of TFTP file for IPv6 clients.
    ipv4_vendor_options List, items: Dictionary
      - vendor_id String Required, Unique
        sub_options List, items: Dictionary
          - code Integer Required, Unique Min: 1
Max: 254
            string String String value for suboption data.
Only one of string, ipv4_address and array_ipv4_address variables should be used for any one suboption.
The order of precedence if multiple of these variables are defined is string -> ipv4_address -> array_ipv4_address.
            ipv4_address String IPv4 address value for suboption data.
Only one of string, ipv4_address and array_ipv4_address variables should be used for any one suboption.
The order of precedence if multiple of these variables are defined is string -> ipv4_address -> array_ipv4_address.
            array_ipv4_address List, items: String Array of IPv4 addresses for suboption data.
Only one of string, ipv4_address and array_ipv4_address variables should be used for any one suboption.
The order of precedence if multiple of these variables are defined is string -> ipv4_address -> array_ipv4_address.
              - <str> String
    subnets List, items: Dictionary
      - subnet String Required, Unique
        name String
        default_gateway String
        dns_servers List, items: String
          - <str> String
        ranges List, items: Dictionary
          - start String Required
            end String Required
        lease_time Dictionary
          days Integer Required Min: 0
Max: 2000
          hours Integer Required Min: 0
Max: 23
          minutes Integer Required Min: 0
Max: 59
dhcp_servers:
  - disabled: <bool>

    # VRF in which to configure the DHCP server, use `default` to indicate default VRF.
    vrf: <str; required; unique>
    dns_domain_name_ipv4: <str>
    dns_domain_name_ipv6: <str>

    # List of DNS servers for IPv4 clients.
    dns_servers_ipv4: # >=1 items

        # IPv4 address of DNS server.
      - <str; required>

    # List of DNS servers for IPv6 clients.
    dns_servers_ipv6: # >=1 items

        # IPv6 address of DNS server.
      - <str; required>
    tftp_server:

      # Name of TFTP file for IPv4 clients.
      file_ipv4: <str; length 1-255>

      # Name of TFTP file for IPv6 clients.
      file_ipv6: <str; length 1-255>
    ipv4_vendor_options:
      - vendor_id: <str; required; unique>
        sub_options:
          - code: <int; 1-254; required; unique>

            # String value for suboption data.
            # Only one of `string`, `ipv4_address` and `array_ipv4_address` variables should be used for any one suboption.
            # The order of precedence if multiple of these variables are defined is `string` -> `ipv4_address` -> `array_ipv4_address`.
            string: <str>

            # IPv4 address value for suboption data.
            # Only one of `string`, `ipv4_address` and `array_ipv4_address` variables should be used for any one suboption.
            # The order of precedence if multiple of these variables are defined is `string` -> `ipv4_address` -> `array_ipv4_address`.
            ipv4_address: <str>

            # Array of IPv4 addresses for suboption data.
            # Only one of `string`, `ipv4_address` and `array_ipv4_address` variables should be used for any one suboption.
            # The order of precedence if multiple of these variables are defined is `string` -> `ipv4_address` -> `array_ipv4_address`.
            array_ipv4_address:
              - <str>
    subnets:
      - subnet: <str; required; unique>
        name: <str>
        default_gateway: <str>
        dns_servers:
          - <str>
        ranges:
          - start: <str; required>
            end: <str; required>
        lease_time:
          days: <int; 0-2000; required>
          hours: <int; 0-23; required>
          minutes: <int; 0-59; required>

IP ICMP redirect

Variable Type Required Default Value Restrictions Description
ip_icmp_redirect Boolean
ip_icmp_redirect: <bool>

IP NAT

Variable Type Required Default Value Restrictions Description
ip_nat Dictionary
  kernel_buffer_size Integer Min: 1
Max: 64
Buffer size in MB.
  profiles List, items: Dictionary
    - name String Required, Unique
      vrf String Specify VRF for NAT profile.
      destination Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            pool_name String Required
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive.
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive.
            original_ip String IPv4 address. The combination of original_ip and original_port must be unique.
            original_port Integer Min: 1
Max: 65535
TCP/UDP port. The combination of original_ip and original_port must be unique.
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address.
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’.
      source Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            nat_type String Required Valid Values:
- overload
- pool
- pool-address-only
- pool-full-cone
            pool_name String required if ‘nat_type’ is pool, pool-address-only or pool-full-cone.
ignored if ‘nat_type’ is overload.
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive.
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive.
            original_ip String IPv4 address. The combination of original_ip and original_port must be unique.
            original_port Integer Min: 1
Max: 65535
TCP/UDP port. The combination of original_ip and original_port must be unique.
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address.
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’.
  pools List, items: Dictionary
    - name String Required, Unique
      type String ip-port Valid Values:
- ip-port
- port-only
      prefix_length Integer Min: 16
Max: 32
It is only used and required when type is ip-port.
      ranges List, items: Dictionary
        - first_ip String IPv4 address.
Required when type is ip-port and ignored otherwise.
          last_ip String IPv4 address.
Required when type is ip-port and ignored otherwise.
first_ip and last_ip ip addresses should lie in same subnet.
          first_port Integer Min: 1
Max: 65535
          last_port Integer Min: 1
Max: 65535
Required when first_port is set.
last_port must be greater than or equal to first_port.
      utilization_log_threshold Integer Min: 1
Max: 100
  synchronization Dictionary
    description String
    expiry_interval Integer Min: 60
Max: 3600
In seconds.
    local_interface String EOS interface name.
    peer_address String IPv4 address.
    port_range Dictionary
      first_port Integer Min: 1024
Max: 65535
      last_port Integer Min: 1024
Max: 65535
>= first_port.
      split_disabled Boolean
    shutdown Boolean
  translation Dictionary
    address_selection Dictionary
      any Boolean
      hash_field_source_ip Boolean
    counters Boolean
    low_mark Dictionary
      percentage Integer Min: 1
Max: 99
Used to render ‘ip nat translation low-mark ‘.
      host_percentage Integer Min: 1
Max: 99
Used to render ‘ip nat translation low-mark host’.
    max_entries Dictionary
      limit Integer Min: 0
Max: 4294967295
      host_limit Integer Min: 0
Max: 4294967295
      ip_limits List, items: Dictionary
        - ip String Required, Unique IPv4 address.
          limit Integer Required Min: 0
Max: 4294967295
    timeouts List, items: Dictionary
      - protocol String Required, Unique Valid Values:
- tcp
- udp
        timeout Integer Required Min: 0
Max: 4294967295
In seconds.
ip_nat:

  # Buffer size in MB.
  kernel_buffer_size: <int; 1-64>
  profiles:
    - name: <str; required; unique>

      # Specify VRF for NAT profile.
      vrf: <str>
      destination:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            pool_name: <str; required>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
      source:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>

            # required if 'nat_type' is pool, pool-address-only or pool-full-cone.
            # ignored if 'nat_type' is overload.
            pool_name: <str>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
  pools:
    - name: <str; required; unique>
      type: <str; "ip-port" | "port-only"; default="ip-port">

      # It is only used and required when `type` is `ip-port`.
      prefix_length: <int; 16-32>
      ranges:

          # IPv4 address.
          # Required when `type` is `ip-port` and ignored otherwise.
        - first_ip: <str>

          # IPv4 address.
          # Required when `type` is `ip-port` and ignored otherwise.
          # `first_ip` and `last_ip` ip addresses should lie in same subnet.
          last_ip: <str>
          first_port: <int; 1-65535>

          # Required when `first_port` is set.
          # `last_port` must be greater than or equal to `first_port`.
          last_port: <int; 1-65535>
      utilization_log_threshold: <int; 1-100>
  synchronization:
    description: <str>

    # In seconds.
    expiry_interval: <int; 60-3600>

    # EOS interface name.
    local_interface: <str>

    # IPv4 address.
    peer_address: <str>
    port_range:
      first_port: <int; 1024-65535>

      # >= first_port.
      last_port: <int; 1024-65535>
      split_disabled: <bool>
    shutdown: <bool>
  translation:
    address_selection:
      any: <bool>
      hash_field_source_ip: <bool>
    counters: <bool>
    low_mark:

      # Used to render 'ip nat translation low-mark <percentage>'.
      percentage: <int; 1-99>

      # Used to render 'ip nat translation low-mark <host_percentage> host'.
      host_percentage: <int; 1-99>
    max_entries:
      limit: <int; 0-4294967295>
      host_limit: <int; 0-4294967295>
      ip_limits:

          # IPv4 address.
        - ip: <str; required; unique>
          limit: <int; 0-4294967295; required>
    timeouts:
      - protocol: <str; "tcp" | "udp"; required; unique>

        # In seconds.
        timeout: <int; 0-4294967295; required>

IP routing IPv6 interfaces

Variable Type Required Default Value Restrictions Description
ip_routing_ipv6_interfaces Boolean
ip_routing_ipv6_interfaces: <bool>

IP routing

Variable Type Required Default Value Restrictions Description
ip_routing Boolean
ip_routing: <bool>

IP virtual router MAC address

Variable Type Required Default Value Restrictions Description
ip_virtual_router_mac_address String MAC address (hh:hh:hh:hh:hh:hh).
# MAC address (hh:hh:hh:hh:hh:hh).
ip_virtual_router_mac_address: <str>

IPv6 DHCP relay

Variable Type Required Default Value Restrictions Description
ipv6_dhcp_relay Dictionary
  always_on Boolean DhcpRelay Agent will be in always-on mode, off by default.
  all_subnets Boolean Allow forwarding requests with additional IPv6 addresses in the gateway address “giaddr” field.
  option Dictionary Insert DHCP Option.
    link_layer_address Boolean Add Option 79 (Link Layer Address Option).
    remote_id_format String Valid Values:
- %m:%i
- %m:%p
Add RemoteID option 37 in format MAC address and interface ID (%m:%i) or MAC address and interface name (%m:%p).
ipv6_dhcp_relay:

  # DhcpRelay Agent will be in always-on mode, off by default.
  always_on: <bool>

  # Allow forwarding requests with additional IPv6 addresses in the gateway address "giaddr" field.
  all_subnets: <bool>

  # Insert DHCP Option.
  option:

    # Add Option 79 (Link Layer Address Option).
    link_layer_address: <bool>

    # Add RemoteID option 37 in format MAC address and interface ID (`%m:%i`) or MAC address and interface name (`%m:%p`).
    remote_id_format: <str; "%m:%i" | "%m:%p">

IPv6 ICMP redirects

Variable Type Required Default Value Restrictions Description
ipv6_icmp_redirect Boolean
ipv6_icmp_redirect: <bool>

IPv6 static routes

Variable Type Required Default Value Restrictions Description
ipv6_static_routes List, items: Dictionary
  - vrf String
    destination_address_prefix String IPv6 Network/Mask.
    interface String
    gateway String IPv6 Address.
    track_bfd Boolean Track next-hop using BFD.
    distance Integer Min: 1
Max: 255
    tag Integer Min: 0
Max: 4294967295
    name String Description.
    metric Integer Min: 0
Max: 4294967295
ipv6_static_routes:
  - vrf: <str>

    # IPv6 Network/Mask.
    destination_address_prefix: <str>
    interface: <str>

    # IPv6 Address.
    gateway: <str>

    # Track next-hop using BFD.
    track_bfd: <bool>
    distance: <int; 1-255>
    tag: <int; 0-4294967295>

    # Description.
    name: <str>
    metric: <int; 0-4294967295>

IPv6 unicast routing

Variable Type Required Default Value Restrictions Description
ipv6_unicast_routing Boolean
ipv6_unicast_routing: <bool>

MPLS

Variable Type Required Default Value Restrictions Description
mpls Dictionary
  ip Boolean
  ldp Dictionary
    interface_disabled_default Boolean
    router_id String
    shutdown Boolean
    transport_address_interface String Interface Name.
mpls:
  ip: <bool>
  ldp:
    interface_disabled_default: <bool>
    router_id: <str>
    shutdown: <bool>

    # Interface Name.
    transport_address_interface: <str>

Router adaptive virtual topology

Variable Type Required Default Value Restrictions Description
router_adaptive_virtual_topology Dictionary
  topology_role String Valid Values:
- edge
- pathfinder
- transit region
- transit zone
Role name.
  region Dictionary Region name and ID.
    name String Required Pattern: ^[A-Za-z0-9_.:{}[]-]+$
    id Integer Required Min: 1
Max: 255
  zone Dictionary Zone name and ID.
    name String Required Pattern: ^[A-Za-z0-9_.:{}[]-]+$
    id Integer Required Min: 1
Max: 10000
  site Dictionary Site name and ID.
    name String Required Pattern: ^[A-Za-z0-9_.:{}[]-]+$
    id Integer Required Min: 1
Max: 10000
  profiles List, items: Dictionary
    - name String Required, Unique AVT Name.
      load_balance_policy String Name of the load-balance policy.
      internet_exit_policy String Name of the internet exit policy.
  policies List, items: Dictionary A sequence of application profiles mapped to some virtual topologies.

When wan_mode is set to autovpn, the rules are indexed using 10* in the list.
    - name String Required, Unique Policy name.
      matches List, items: Dictionary
        - application_profile String Application profile name.
          avt_profile String AVT Profile name.
          dscp Integer Min: 0
Max: 63
Set DSCP for matched traffic.
          traffic_class Integer Min: 0
Max: 7
Set traffic-class for matched traffic.
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name.
      policy String AVT Policy name.
      profiles List, items: Dictionary AVT profiles in this VRF.
        - name String AVT profile name.
          id Integer Required, Unique Min: 1
Max: 254
Unique ID for this AVT (per VRF).
router_adaptive_virtual_topology:

  # Role name.
  topology_role: <str; "edge" | "pathfinder" | "transit region" | "transit zone">

  # Region name and ID.
  region:
    name: <str; required>
    id: <int; 1-255; required>

  # Zone name and ID.
  zone:
    name: <str; required>
    id: <int; 1-10000; required>

  # Site name and ID.
  site:
    name: <str; required>
    id: <int; 1-10000; required>
  profiles:

      # AVT Name.
    - name: <str; required; unique>

      # Name of the load-balance policy.
      load_balance_policy: <str>

      # Name of the internet exit policy.
      internet_exit_policy: <str>

  # A sequence of application profiles mapped to some virtual topologies.
  #
  # When `wan_mode` is set to `autovpn`, the rules are indexed using 10*<index> in the list.
  policies:

      # Policy name.
    - name: <str; required; unique>
      matches:

          # Application profile name.
        - application_profile: <str>

          # AVT Profile name.
          avt_profile: <str>

          # Set DSCP for matched traffic.
          dscp: <int; 0-63>

          # Set traffic-class for matched traffic.
          traffic_class: <int; 0-7>
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # AVT Policy name.
      policy: <str>

      # AVT profiles in this VRF.
      profiles:

          # AVT profile name.
        - name: <str>

          # Unique ID for this AVT (per VRF).
          id: <int; 1-254; required; unique>

Router BFD

Variable Type Required Default Value Restrictions Description
router_bfd Dictionary
  interval Integer Rate in milliseconds.
  local_address String Configure BFD local IP/IPv6 address.
  min_rx Integer Rate in milliseconds.
  multiplier Integer Min: 3
Max: 50
  multihop Dictionary
    interval Integer Rate in milliseconds.
    min_rx Integer Rate in milliseconds.
    multiplier Integer Min: 3
Max: 50
  session_snapshot_interval Integer Min: 1
Max: 3600
Interval in seconds.
Intervals below 10 are considered “dangerous” on EOS and must have session_snapshot_interval_dangerous set to true.
  session_snapshot_interval_dangerous Boolean
  sbfd Dictionary
    local_interface Dictionary
      name String Interface Name.
      protocols Dictionary
        ipv4 Boolean
        ipv6 Boolean
    initiator_interval Integer Rate in milliseconds.
    initiator_multiplier Integer Min: 3
Max: 50
    initiator_measurement_round_trip Boolean Enable round-trip delay measurement.
    reflector Dictionary
      min_rx Integer Rate in milliseconds.
      local_discriminator String IPv4 address or 32 bit integer.
router_bfd:

  # Rate in milliseconds.
  interval: <int>

  # Configure BFD local IP/IPv6 address.
  local_address: <str>

  # Rate in milliseconds.
  min_rx: <int>
  multiplier: <int; 3-50>
  multihop:

    # Rate in milliseconds.
    interval: <int>

    # Rate in milliseconds.
    min_rx: <int>
    multiplier: <int; 3-50>

  # Interval in seconds.
  # Intervals below 10 are considered "dangerous" on EOS and must have `session_snapshot_interval_dangerous` set to `true`.
  session_snapshot_interval: <int; 1-3600>
  session_snapshot_interval_dangerous: <bool>
  sbfd:
    local_interface:

      # Interface Name.
      name: <str>
      protocols:
        ipv4: <bool>
        ipv6: <bool>

    # Rate in milliseconds.
    initiator_interval: <int>
    initiator_multiplier: <int; 3-50>

    # Enable round-trip delay measurement.
    initiator_measurement_round_trip: <bool>
    reflector:

      # Rate in milliseconds.
      min_rx: <int>

      # IPv4 address or 32 bit integer.
      local_discriminator: <str>

Router BGP

Variable Type Required Default Value Restrictions Description
router_bgp Dictionary
  as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
  as_notation String Valid Values:
- asdot
- asplain
BGP AS can be deplayed in the asplain <1-4294967295> or asdot notation “<1-65535>.<0-65535>”. This flag indicates which mode is preferred - asplain is the default.
  router_id String In IP address format A.B.C.D.
  distance Dictionary
    external_routes Integer Required Min: 1
Max: 255
    internal_routes Integer Required Min: 1
Max: 255
    local_routes Integer Required Min: 1
Max: 255
  graceful_restart Dictionary
    enabled Boolean
    restart_time Integer Min: 1
Max: 3600
Number of seconds.
    stalepath_time Integer Min: 1
Max: 3600
Number of seconds.
  graceful_restart_helper Dictionary
    enabled Boolean
    restart_time Integer Min: 1
Max: 100000000
Number of seconds
graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
restart-time will take precedence if both are configured.
    long_lived Boolean graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
restart-time will take precedence if both are configured.
  maximum_paths Dictionary
    paths Integer Required Min: 1
Max: 600
    ecmp Integer Min: 1
Max: 600
  updates Dictionary
    wait_for_convergence Boolean Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
    wait_install Boolean Do not advertise reachability to a prefix until that prefix has been installed in hardware.
This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
  bgp_cluster_id String IP Address A.B.C.D.
  bgp_defaults List, items: String BGP command as string.
    - <str> String
  bgp Dictionary
    default Dictionary
      ipv4_unicast Boolean Default activation of IPv4 unicast address-family on all IPv4 neighbors (EOS default = True).
      ipv4_unicast_transport_ipv6 Boolean Default activation of IPv4 unicast address-family on all IPv6 neighbors (EOS default == False).
    route_reflector_preserve_attributes Dictionary
      enabled Boolean
      always Boolean
    bestpath Dictionary
      d_path Boolean
  listen_ranges List, items: Dictionary Improved “listen_ranges” data model to support multiple listen ranges and additional filter capabilities.
    - prefix String IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
      peer_id_include_router_id Boolean Include router ID as part of peer filter.
      peer_group String Peer group name.
      peer_filter String Peer-filter name.
note: peer_filter or remote_as is required but mutually exclusive.
If both are defined, peer_filter takes precedence
      remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
  peer_groups List, items: Dictionary
    - name String Required, Unique Peer-group name.
      type String Key only used for documentation or validation purposes.
      remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      local_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      description String
      shutdown Boolean
      as_path Dictionary BGP AS-PATH options.
        remote_as_replace_out Boolean Replace AS number with local AS number.
        prepend_own_disabled Boolean Disable prepending own AS number to AS path.
      remove_private_as Dictionary Remove private AS numbers in outbound AS path.
        enabled Boolean
        all Boolean
        replace_as Boolean
      remove_private_as_ingress Dictionary
        enabled Boolean
        replace_as Boolean
      peer_filter deprecated String Peer-filter name.
note: bgp_listen_range_prefix and peer_filter should not be mixed with
the new listen_ranges key above to avoid conflicts.
This key is deprecated. Support will be removed in AVD version 5.0.0. Use listen_ranges instead.
      next_hop_unchanged Boolean
      update_source String IP address or interface name.
      route_reflector_client Boolean
      bfd Boolean Enable BFD.
      bfd_timers Dictionary Override default BFD timers. BFD must be enabled with bfd: true.
        interval Integer Required Min: 50
Max: 60000
Interval in milliseconds.
        min_rx Integer Required Min: 50
Max: 60000
Rate in milliseconds.
        multiplier Integer Required Min: 3
Max: 50
      ebgp_multihop Integer Min: 1
Max: 255
Time-to-live in range of hops.
      next_hop_self Boolean
      password String
      passive Boolean
      default_originate Dictionary
        enabled Boolean
        always Boolean
        route_map String Route-map name.
      send_community String ‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’.
      maximum_routes Integer Min: 0
Max: 4294967294
Maximum number of routes (0 means unlimited).
      maximum_routes_warning_limit String Maximum number of routes after which a warning is issued (0 means never warn) or
Percentage of maximum number of routes at which to warn (“<1-100> percent”).
      maximum_routes_warning_only Boolean
      link_bandwidth Dictionary
        enabled Boolean
        default String nn.nn(K
      allowas_in Dictionary
        enabled Boolean
        times Integer Min: 1
Max: 10
Number of local ASNs allowed in a BGP update.
      weight Integer Min: 0
Max: 65535
      timers String BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”.
      rib_in_pre_policy_retain Dictionary
        enabled Boolean
        all Boolean
      route_map_in String Inbound route-map name.
      route_map_out String Outbound route-map name.
      bgp_listen_range_prefix deprecated String IP prefix range.
note: bgp_listen_range_prefix and peer_filter should not be mixed with
the new listen_ranges key above to avoid conflicts.
This key is deprecated. Support will be removed in AVD version 5.0.0. Use listen_ranges instead.
      session_tracker String
      shared_secret Dictionary
        profile String Required Name of profile defined under management_security.
        hash_algorithm String Required Valid Values:
- aes-128-cmac-96
- hmac-sha-256
- hmac-sha1-96
Note: Algorithm hmac-sha-256 requires EOS version 4.31.1F and above.
      ttl_maximum_hops Integer Min: 0
Max: 254
Maximum number of hops.
  neighbors List, items: Dictionary
    - ip_address String Required, Unique
      peer_group String
      remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      local_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      as_path Dictionary BGP AS-PATH options.
        remote_as_replace_out Boolean Replace AS number with local AS number.
        prepend_own_disabled Boolean Disable prepending own AS number to AS path.
      peer String Key only used for documentation or validation purposes.
      description String
      route_reflector_client Boolean
      password String
      passive Boolean
      shutdown Boolean
      update_source String Source Interface.
      bfd Boolean Enable BFD.
      bfd_timers Dictionary Override default BFD timers. BFD must be enabled with bfd: true.
        interval Integer Required Min: 50
Max: 60000
Interval in milliseconds.
        min_rx Integer Required Min: 50
Max: 60000
Rate in milliseconds.
        multiplier Integer Required Min: 3
Max: 50
      weight Integer Min: 0
Max: 65535
      timers String BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”.
      route_map_in String Inbound route-map name.
      route_map_out String Outbound route-map name.
      default_originate Dictionary
        enabled Boolean
        always Boolean
        route_map String
      send_community String ‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’.
      maximum_routes Integer Min: 0
Max: 4294967294
Maximum number of routes (0 means unlimited).
      maximum_routes_warning_limit String Maximum number of routes after which a warning is issued (0 means never warn) or
Percentage of maximum number of routes at which to warn (“<1-100> percent”).
      maximum_routes_warning_only Boolean
      allowas_in Dictionary
        enabled Boolean
        times Integer Min: 1
Max: 10
Number of local ASNs allowed in a BGP update.
      ebgp_multihop Integer Min: 1
Max: 255
Time-to-live in range of hops.
      next_hop_self Boolean
      link_bandwidth Dictionary
        enabled Boolean
        default String nn.nn(K
      rib_in_pre_policy_retain Dictionary
        enabled Boolean
        all Boolean
      remove_private_as Dictionary Remove private AS numbers in outbound AS path.
        enabled Boolean
        all Boolean
        replace_as Boolean
      remove_private_as_ingress Dictionary
        enabled Boolean
        replace_as Boolean
      session_tracker String
      shared_secret Dictionary
        profile String Required Name of profile defined under management_security.
        hash_algorithm String Required Valid Values:
- aes-128-cmac-96
- hmac-sha-256
- hmac-sha1-96
Note: Algorithm hmac-sha-256 requires EOS version 4.31.1F and above.
      ttl_maximum_hops Integer Min: 0
Max: 254
Maximum number of hops.
  neighbor_interfaces List, items: Dictionary
    - name String Required, Unique Interface name.
      remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      peer String Key only used for documentation or validation purposes.
      peer_group String Peer-group name
      description String
      peer_filter String Peer-filter name.
  aggregate_addresses List, items: Dictionary
    - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
      advertise_only Boolean
      as_set Boolean
      advertise_map String Route-map name.
      supress_map String Route-map name.
      summary_only Boolean
      attribute_map String Route-map name.
      match_map String Route-map name.
  redistribute_routes List, items: Dictionary
    - source_protocol String Required, Unique Valid Values:
- attached-host
- bgp
- connected
- dynamic
- isis
- ospf
- ospfv3
- rip
- static
- user
      route_map String
      rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is one of connected, static, isis, user, dynamic.
      include_leaked Boolean
  vlan_aware_bundles List, items: Dictionary
    - name String Required, Unique VLAN aware bundle name.
      tenant String Key only used for documentation or validation purposes.
      description String Key only used for documentation or validation purposes.
      rd String Route distinguisher.
      rd_evpn_domain Dictionary
        domain String Valid Values:
- remote
- all
        rd String Route distinguisher.
      route_targets Dictionary
        both List, items: String
          - <str> String
        import List, items: String
          - <str> String
        export List, items: String
          - <str> String
        import_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
        export_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
        import_export_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
      redistribute_routes List, items: String
        - <str> String
      no_redistribute_routes List, items: String
        - <str> String
      vlan String VLAN range as string. Example “100-200,300”.
      eos_cli String Multiline EOS CLI rendered directly on the Router BGP, VLAN-aware-bundle definition in the final EOS configuration.
  vlans List, items: Dictionary
    - id Integer Required, Unique
      tenant String Key only used for documentation or validation purposes.
      rd String Route distinguisher.
      rd_evpn_domain Dictionary
        domain String Valid Values:
- remote
- all
        rd String Route distinguisher.
      eos_cli String Multiline EOS CLI rendered directly on the Router BGP, VLAN definition in the final EOS configuration.
      route_targets Dictionary
        both List, items: String
          - <str> String
        import List, items: String
          - <str> String
        export List, items: String
          - <str> String
        import_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
        export_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
        import_export_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
      redistribute_routes List, items: String
        - <str> String
      no_redistribute_routes List, items: String
        - <str> String
  vpws List, items: Dictionary
    - name String Required, Unique VPWS instance name.
      rd String Route distinguisher.
      route_targets Dictionary
        import_export String Route Target.
      mpls_control_word Boolean
      label_flow Boolean
      mtu Integer
      pseudowires List, items: Dictionary
        - name String Required, Unique Pseudowire name.
          id_local Integer Must match id_remote on other pe.
          id_remote Integer Must match id_local on other pe.
  address_family_evpn Dictionary
    domain_identifier String
    neighbor_default Dictionary
      encapsulation String Valid Values:
- vxlan
- mpls
      next_hop_self_source_interface String Source interface name.
      next_hop_self_received_evpn_routes Dictionary
        enable Boolean
        inter_domain Boolean
    next_hop_mpls_resolution_ribs List, items: Dictionary Min Length: 1
Max Length: 3
Specify the RIBs used to resolve MPLS next-hops. The order of this list determines the order of RIB lookups.
      - rib_type String Required Valid Values:
- system-connected
- tunnel-rib-colored
- tunnel-rib
Type of RIB. For ‘tunnel-rib’, use ‘rib_name’ to specify the name of the Tunnel-RIB to use.
        rib_name String The name of the tunnel-rib to use when using ‘tunnel-rib’ type.
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        domain_remote Boolean
        encapsulation String Valid Values:
- vxlan
- mpls
        additional_paths Dictionary
          receive Boolean
          send Dictionary
            any Boolean
            backup Boolean
            ecmp Boolean
            ecmp_limit Integer Min: 2
Max: 64
Amount of ECMP paths to send.
            limit Integer Min: 2
Max: 64
Amount of paths to send.
    evpn_hostflap_detection Dictionary
      enabled Boolean
      window Integer Min: 0
Max: 4294967295
Time (in seconds) to detect a MAC duplication issue.
      threshold Integer Min: 0
Max: 4294967295
Minimum number of MAC moves that indicate a MAC Duplication issue.
      expiry_timeout Integer Min: 0
Max: 4294967295
Time (in seconds) to purge a MAC duplication issue.
    next_hop Dictionary
      resolution_disabled Boolean
    route Dictionary
      import_match_failure_action String Valid Values:
- discard
      import_ethernet_segment_ip_mass_withdraw Boolean
      import_overlay_index_gateway Boolean
      export_ethernet_segment_ip_mass_withdraw Boolean
    next_hop_unchanged Boolean
    bgp_additional_paths Dictionary BGP additional-paths commands.
      receive Boolean Receive multiple paths.
      send Dictionary Send multiple paths.
        any Boolean Any eligible path.
        backup Boolean Best path and installed backup path.
        ecmp Boolean All paths in best path ECMP group.
        ecmp_limit Integer Min: 2
Max: 64
Amount of ECMP paths to send.
        limit Integer Min: 2
Max: 64
Amount of paths to send.
    layer_2_fec_in_place_update Dictionary BGP layer-2 in-place FEC operation.
      enabled Boolean Required
      timeout Integer Min: 0
Max: 300
In-place FEC update tracking timeout in seconds.
  address_family_rtc Dictionary
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        default_route_target Dictionary
          only Boolean
          encoding_origin_as_omit String
  address_family_ipv4 Dictionary
    networks List, items: Dictionary
      - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
        route_map String Route-map name.
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        default_originate Dictionary
          always Boolean
          route_map String Route-map name.
        next_hop Dictionary
          address_family_ipv6 Dictionary
            enabled Boolean Required
            originate Boolean
          address_family_ipv6_originate deprecated Boolean This key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_ipv6 instead.
        prefix_list_in String Inbound prefix-list name.
        prefix_list_out String Outbound prefix-list name.
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        prefix_list_in String Inbound prefix-list name.
        prefix_list_out String Prefix-list name.
        default_originate Dictionary
          always Boolean
          route_map String
    redistribute_routes List, items: Dictionary
      - source_protocol String Required, Unique Valid Values:
- attached-host
- bgp
- connected
- dynamic
- isis
- ospf
- ospfv3
- rip
- static
- user
        route_map String
        include_leaked Boolean Only applicable if source_protocol is one of connected, static, isis, ospf, ospfv3.
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is one of connected, static, isis, user, dynamic.
  address_family_ipv4_multicast Dictionary
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
    redistribute_routes List, items: Dictionary
      - source_protocol String Required, Unique
        route_map String
        include_leaked Boolean Only applicable if source_protocol is isis.
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is isis.
  address_family_ipv4_sr_te Dictionary
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
  address_family_ipv6 Dictionary
    networks List, items: Dictionary
      - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
        route_map String Route-map name.
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        prefix_list_in String Inbound prefix-list name.
        prefix_list_out String Outbound prefix-list name.
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        prefix_list_in String Inbound prefix-list name.
        prefix_list_out String Outbound prefix-list name.
    redistribute_routes List, items: Dictionary
      - source_protocol String Required, Unique
        route_map String
        include_leaked Boolean
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only used if source_protocol is one of connected, static, isis, user, dynamic.
  address_family_ipv6_multicast Dictionary
    bgp Dictionary
      missing_policy Dictionary
        direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
        direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
      additional_paths Dictionary
        receive Boolean
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
    networks List, items: Dictionary
      - prefix String Required, Unique IPv6 prefix “A:B:C:D:E:F:G:H/I”.
        route_map String
    redistribute_routes List, items: Dictionary
      - source_protocol String Required, Unique Valid Values:
- connected
- isis
- ospf
- ospfv3
- static
        include_leaked Boolean Only applicable if source_protocol is isis.
        route_map String
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is isis.
  address_family_ipv6_sr_te Dictionary
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
  address_family_link_state Dictionary
    bgp Dictionary
      missing_policy Dictionary
        direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
        direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        missing_policy Dictionary
          direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
          direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        missing_policy Dictionary
          direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
          direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
    path_selection Dictionary
      roles Dictionary
        producer Boolean
        consumer Boolean
        propagator Boolean
  address_family_flow_spec_ipv4 Dictionary
    bgp Dictionary
      missing_policy Dictionary
        direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
        direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
  address_family_flow_spec_ipv6 Dictionary
    bgp Dictionary
      missing_policy Dictionary
        direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
        direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
  address_family_path_selection Dictionary
    bgp Dictionary
      additional_paths Dictionary
        receive Boolean
        send Dictionary
          any Boolean
          backup Boolean
          ecmp Boolean
          ecmp_limit Integer Min: 2
Max: 64
Amount of ECMP paths to send.
          limit Integer Min: 2
Max: 64
Amount of paths to send.
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        additional_paths Dictionary
          install Boolean
          install_ecmp_primary Boolean
          receive Boolean
          send Dictionary
            any Boolean
            backup Boolean
            ecmp Boolean
            ecmp_limit Integer Min: 2
Max: 64
Amount of ECMP paths to send.
            limit Integer Min: 2
Max: 64
Amount of paths to send.
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        additional_paths Dictionary
          install Boolean
          install_ecmp_primary Boolean
          receive Boolean
          send Dictionary
            any Boolean
            backup Boolean
            ecmp Boolean
            ecmp_limit Integer Min: 2
Max: 64
Amount of ECMP paths to send.
            limit Integer Min: 2
Max: 64
Amount of paths to send.
  address_family_vpn_ipv4 Dictionary
    domain_identifier String
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
    route Dictionary
      import_match_failure_action String Valid Values:
- discard
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
    neighbor_default_encapsulation_mpls_next_hop_self Dictionary
      source_interface String
  address_family_vpn_ipv6 Dictionary
    domain_identifier String
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
    route Dictionary
      import_match_failure_action String Valid Values:
- discard
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
    neighbor_default_encapsulation_mpls_next_hop_self Dictionary
      source_interface String
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name.
      rd String Route distinguisher.
      evpn_multicast Boolean
      evpn_multicast_address_family Dictionary Enable per-AF EVPN multicast settings.
        ipv4 Dictionary
          transit Boolean Enable EVPN multicast transit mode.
      route_targets Dictionary
        import List, items: Dictionary
          - address_family String Required, Unique
            route_targets List, items: String
              - <str> String
            route_map String Only applicable if address_family is one of evpn, vpn-ipv4 or vpn-ipv6.
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
Only applicable if address_family is one of evpn, vpn-ipv4 or vpn-ipv6.
            vpn_route_filter_rcf String RCF function name with parenthesis for filtering VPN routes. Also requires rcf to be set.
Example: MyFunction(myarg).
Only applicable if address_family is one of vpn-ipv4 or vpn-ipv6.
        export List, items: Dictionary
          - address_family String Required, Unique
            route_targets List, items: String
              - <str> String
            route_map String Only applicable if address_family is one of evpn, vpn-ipv4 or vpn-ipv6.
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
Only applicable if address_family is one of evpn, vpn-ipv4 or vpn-ipv6.
            vpn_route_filter_rcf String RCF function name with parenthesis for filtering VPN routes. Also requires rcf to be set.
Example: MyFunction(myarg).
Only applicable if address_family is one of vpn-ipv4 or vpn-ipv6.
      router_id String in IP address format A.B.C.D.
      timers String BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”.
      networks List, items: Dictionary
        - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
          route_map String
      updates Dictionary
        wait_for_convergence Boolean Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
        wait_install Boolean Do not advertise reachability to a prefix until that prefix has been installed in hardware.
This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
      listen_ranges List, items: Dictionary Improved “listen_ranges” data model to support multiple listen ranges and additional filter capabilities.
        - prefix String IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
          peer_id_include_router_id Boolean Include router ID as part of peer filter.
          peer_group String Peer-group name.
          peer_filter String Peer-filter name.
note: peer_filter`` orremote_as` is required but mutually exclusive.
If both are defined, peer_filter takes precedence.
          remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      neighbors List, items: Dictionary
        - ip_address String Required, Unique
          peer_group String Peer-group name.
          remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          password String
          passive Boolean
          remove_private_as Dictionary Remove private AS numbers in outbound AS path.
            enabled Boolean
            all Boolean
            replace_as Boolean
          remove_private_as_ingress Dictionary
            enabled Boolean
            replace_as Boolean
          weight Integer Min: 0
Max: 65535
          local_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          as_path Dictionary BGP AS-PATH options.
            remote_as_replace_out Boolean Replace AS number with local AS number.
            prepend_own_disabled Boolean Disable prepending own AS number to AS path.
          description String
          route_reflector_client Boolean
          ebgp_multihop Integer Min: 1
Max: 255
Time-to-live in range of hops.
          next_hop_self Boolean
          shutdown Boolean
          bfd Boolean Enable BFD.
          bfd_timers Dictionary Override default BFD timers. BFD must be enabled with bfd: true.
            interval Integer Required Min: 50
Max: 60000
Interval in milliseconds.
            min_rx Integer Required Min: 50
Max: 60000
Rate in milliseconds.
            multiplier Integer Required Min: 3
Max: 50
          timers String BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”.
          rib_in_pre_policy_retain Dictionary
            enabled Boolean
            all Boolean
          send_community String ‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’.
          maximum_routes Integer
          maximum_routes_warning_limit String Maximum number of routes after which a warning is issued (0 means never warn) or
Percentage of maximum number of routes at which to warn (“<1-100> percent”).
          maximum_routes_warning_only Boolean
          allowas_in Dictionary
            enabled Boolean
            times Integer Min: 1
Max: 10
Number of local ASNs allowed in a BGP update.
          default_originate Dictionary
            enabled Boolean
            always Boolean
            route_map String
          update_source String
          route_map_in String Inbound route-map name.
          route_map_out String Outbound route-map name.
          prefix_list_in deprecated String Inbound prefix-list name.This key is deprecated. Support will be removed in AVD version 5.0.0. Use router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_in or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_in instead.
          prefix_list_out deprecated String Outbound prefix-list name.This key is deprecated. Support will be removed in AVD version 5.0.0. Use router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_out or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_out instead.
      neighbor_interfaces List, items: Dictionary
        - name String Required, Unique Interface name.
          remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          peer_group String Peer-group name.
          peer_filter String Peer-filter name.
          description String
      redistribute_routes List, items: Dictionary
        - source_protocol String Required, Unique
          route_map String
          include_leaked Boolean
          rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is one of connected, dynamic, isis, static and user.
      aggregate_addresses List, items: Dictionary
        - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
          advertise_only Boolean
          as_set Boolean
          advertise_map String Route-map name.
          supress_map String Route-map name.
          summary_only Boolean
          attribute_map String
          match_map String
      address_family_ipv4 Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
          additional_paths Dictionary
            install Boolean
            install_ecmp_primary Boolean
            receive Boolean
            send Dictionary
              any Boolean
              backup Boolean
              ecmp Boolean
              ecmp_limit Integer Min: 2
Max: 64
Amount of ECMP paths to send.
              limit Integer Min: 2
Max: 64
Amount of paths to send.
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
            route_map_in String Inbound route-map name.
            route_map_out String Outbound route-map name.
            rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
            rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
            prefix_list_in String Inbound prefix-list name.
            prefix_list_out String Outbound prefix-list name.
            next_hop Dictionary
              address_family_ipv6 Dictionary
                enabled Boolean Required
                originate Boolean
        networks List, items: Dictionary
          - prefix String Required, Unique IPv4 prefix “A.B.C.D/E”.
            route_map String
        redistribute_routes List, items: Dictionary
          - source_protocol String Required, Unique Valid Values:
- attached-host
- bgp
- connected
- dynamic
- isis
- ospf
- ospfv3
- rip
- static
- user
            route_map String
            include_leaked Boolean
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is one of connected, dynamic, isis, static and user.
      address_family_ipv6 Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
          additional_paths Dictionary
            install Boolean
            install_ecmp_primary Boolean
            receive Boolean
            send Dictionary
              any Boolean
              backup Boolean
              ecmp Boolean
              ecmp_limit Integer Min: 2
Max: 64
Amount of ECMP paths to send.
              limit Integer Min: 2
Max: 64
Amount of paths to send.
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
            route_map_in String Inbound route-map name.
            route_map_out String Outbound route-map name.
            rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
            rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
            prefix_list_in String Inbound prefix-list name.
            prefix_list_out String Outbound prefix-list name.
        networks List, items: Dictionary
          - prefix String Required, Unique IPv6 prefix “A:B:C:D:E:F:G:H/I”.
            route_map String
        redistribute_routes List, items: Dictionary
          - source_protocol String Required, Unique Valid Values:
- attached-host
- bgp
- connected
- dhcp
- dynamic
- isis
- ospfv3
- static
- user
            route_map String
            include_leaked Boolean
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is one of connected, dynamic, isis, static and user.
      address_family_ipv4_multicast Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
          additional_paths Dictionary
            receive Boolean
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
            route_map_in String Inbound route-map name.
            route_map_out String Outbound route-map name.
        networks List, items: Dictionary
          - prefix String Required, Unique IPv6 prefix “A.B.C.D/E”.
            route_map String
        redistribute_routes List, items: Dictionary
          - source_protocol String Required, Unique Valid Values:
- attached-host
- connected
- isis
- ospf
- ospfv3
- static
            route_map String
            include_leaked Boolean Only applicable if source_protocol is isis.
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is isis.
      address_family_ipv6_multicast Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
          additional_paths Dictionary
            receive Boolean
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
            route_map_in String Inbound route-map name.
            route_map_out String Outbound route-map name.
        networks List, items: Dictionary
          - prefix String Required, Unique IPv6 prefix “A:B:C:D:E:F:G:H/I”.
            route_map String
        redistribute_routes List, items: Dictionary
          - source_protocol String Required, Unique Valid Values:
- connected
- isis
- ospf
- ospfv3
- static
            route_map String
            include_leaked Boolean Only applicable if source_protocol is isis.
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is isis.
      address_family_flow_spec_ipv4 Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
      address_family_flow_spec_ipv6 Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
      address_families deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_* instead.
        - address_family String Required, Unique
          bgp Dictionary
            missing_policy Dictionary
              direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
              direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
            additional_paths List, items: String
              - <str> String
          neighbors List, items: Dictionary
            - ip_address String Required, Unique
              activate Boolean
              route_map_in String Inbound route-map name.
              route_map_out String Outbound route-map name.
          peer_groups List, items: Dictionary
            - name String Required, Unique Peer-group name.
              activate Boolean
              next_hop Dictionary
                address_family_ipv6_originate Boolean
          networks List, items: Dictionary
            - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
              route_map String
      eos_cli String Multiline EOS CLI rendered directly on the Router BGP, VRF definition in the final EOS configuration.
  session_trackers List, items: Dictionary
    - name String Required, Unique Name of session tracker.
      recovery_delay Integer Min: 1
Max: 3600
Recovery delay in seconds.
  eos_cli String Multiline EOS CLI rendered directly on the Router BGP in the final EOS configuration.
router_bgp:

  # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
  # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
  as: <str>

  # BGP AS can be deplayed in the asplain <1-4294967295> or asdot notation "<1-65535>.<0-65535>". This flag indicates which mode is preferred - asplain is the default.
  as_notation: <str; "asdot" | "asplain">

  # In IP address format A.B.C.D.
  router_id: <str>
  distance:
    external_routes: <int; 1-255; required>
    internal_routes: <int; 1-255; required>
    local_routes: <int; 1-255; required>
  graceful_restart:
    enabled: <bool>

    # Number of seconds.
    restart_time: <int; 1-3600>

    # Number of seconds.
    stalepath_time: <int; 1-3600>
  graceful_restart_helper:
    enabled: <bool>

    # Number of seconds
    # graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
    # restart-time will take precedence if both are configured.
    restart_time: <int; 1-100000000>

    # graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
    # restart-time will take precedence if both are configured.
    long_lived: <bool>
  maximum_paths:
    paths: <int; 1-600; required>
    ecmp: <int; 1-600>
  updates:

    # Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
    wait_for_convergence: <bool>

    # Do not advertise reachability to a prefix until that prefix has been installed in hardware.
    # This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
    wait_install: <bool>

  # IP Address A.B.C.D.
  bgp_cluster_id: <str>

  # BGP command as string.
  bgp_defaults:
    - <str>
  bgp:
    default:

      # Default activation of IPv4 unicast address-family on all IPv4 neighbors (EOS default = True).
      ipv4_unicast: <bool>

      # Default activation of IPv4 unicast address-family on all IPv6 neighbors (EOS default == False).
      ipv4_unicast_transport_ipv6: <bool>
    route_reflector_preserve_attributes:
      enabled: <bool>
      always: <bool>
    bestpath:
      d_path: <bool>

  # Improved "listen_ranges" data model to support multiple listen ranges and additional filter capabilities.
  listen_ranges:

      # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
    - prefix: <str>

      # Include router ID as part of peer filter.
      peer_id_include_router_id: <bool>

      # Peer group name.
      peer_group: <str>

      # Peer-filter name.
      # note: `peer_filter` or `remote_as` is required but mutually exclusive.
      # If both are defined, `peer_filter` takes precedence
      peer_filter: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      remote_as: <str>
  peer_groups:

      # Peer-group name.
    - name: <str; required; unique>

      # Key only used for documentation or validation purposes.
      type: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      remote_as: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      local_as: <str>
      description: <str>
      shutdown: <bool>

      # BGP AS-PATH options.
      as_path:

        # Replace AS number with local AS number.
        remote_as_replace_out: <bool>

        # Disable prepending own AS number to AS path.
        prepend_own_disabled: <bool>

      # Remove private AS numbers in outbound AS path.
      remove_private_as:
        enabled: <bool>
        all: <bool>
        replace_as: <bool>
      remove_private_as_ingress:
        enabled: <bool>
        replace_as: <bool>

      # Peer-filter name.
      # note: `bgp_listen_range_prefix` and `peer_filter` should not be mixed with
      # the new `listen_ranges` key above to avoid conflicts.
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>listen_ranges</samp> instead.
      peer_filter: <str>
      next_hop_unchanged: <bool>

      # IP address or interface name.
      update_source: <str>
      route_reflector_client: <bool>

      # Enable BFD.
      bfd: <bool>

      # Override default BFD timers. BFD must be enabled with `bfd: true`.
      bfd_timers:

        # Interval in milliseconds.
        interval: <int; 50-60000; required>

        # Rate in milliseconds.
        min_rx: <int; 50-60000; required>
        multiplier: <int; 3-50; required>

      # Time-to-live in range of hops.
      ebgp_multihop: <int; 1-255>
      next_hop_self: <bool>
      password: <str>
      passive: <bool>
      default_originate:
        enabled: <bool>
        always: <bool>

        # Route-map name.
        route_map: <str>

      # 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'.
      send_community: <str>

      # Maximum number of routes (0 means unlimited).
      maximum_routes: <int; 0-4294967294>

      # Maximum number of routes after which a warning is issued (0 means never warn) or
      # Percentage of maximum number of routes at which to warn ("<1-100> percent").
      maximum_routes_warning_limit: <str>
      maximum_routes_warning_only: <bool>
      link_bandwidth:
        enabled: <bool>

        # nn.nn(K|M|G) link speed in bits/second.
        default: <str>
      allowas_in:
        enabled: <bool>

        # Number of local ASNs allowed in a BGP update.
        times: <int; 1-10>
      weight: <int; 0-65535>

      # BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>".
      timers: <str>
      rib_in_pre_policy_retain:
        enabled: <bool>
        all: <bool>

      # Inbound route-map name.
      route_map_in: <str>

      # Outbound route-map name.
      route_map_out: <str>

      # IP prefix range.
      # note: `bgp_listen_range_prefix` and `peer_filter` should not be mixed with
      # the new `listen_ranges` key above to avoid conflicts.
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>listen_ranges</samp> instead.
      bgp_listen_range_prefix: <str>
      session_tracker: <str>
      shared_secret:

        # Name of profile defined under `management_security`.
        profile: <str; required>

        # Note: Algorithm hmac-sha-256 requires EOS version 4.31.1F and above.
        hash_algorithm: <str; "aes-128-cmac-96" | "hmac-sha-256" | "hmac-sha1-96"; required>

      # Maximum number of hops.
      ttl_maximum_hops: <int; 0-254>
  neighbors:
    - ip_address: <str; required; unique>
      peer_group: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      remote_as: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      local_as: <str>

      # BGP AS-PATH options.
      as_path:

        # Replace AS number with local AS number.
        remote_as_replace_out: <bool>

        # Disable prepending own AS number to AS path.
        prepend_own_disabled: <bool>

      # Key only used for documentation or validation purposes.
      peer: <str>
      description: <str>
      route_reflector_client: <bool>
      password: <str>
      passive: <bool>
      shutdown: <bool>

      # Source Interface.
      update_source: <str>

      # Enable BFD.
      bfd: <bool>

      # Override default BFD timers. BFD must be enabled with `bfd: true`.
      bfd_timers:

        # Interval in milliseconds.
        interval: <int; 50-60000; required>

        # Rate in milliseconds.
        min_rx: <int; 50-60000; required>
        multiplier: <int; 3-50; required>
      weight: <int; 0-65535>

      # BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>".
      timers: <str>

      # Inbound route-map name.
      route_map_in: <str>

      # Outbound route-map name.
      route_map_out: <str>
      default_originate:
        enabled: <bool>
        always: <bool>
        route_map: <str>

      # 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'.
      send_community: <str>

      # Maximum number of routes (0 means unlimited).
      maximum_routes: <int; 0-4294967294>

      # Maximum number of routes after which a warning is issued (0 means never warn) or
      # Percentage of maximum number of routes at which to warn ("<1-100> percent").
      maximum_routes_warning_limit: <str>
      maximum_routes_warning_only: <bool>
      allowas_in:
        enabled: <bool>

        # Number of local ASNs allowed in a BGP update.
        times: <int; 1-10>

      # Time-to-live in range of hops.
      ebgp_multihop: <int; 1-255>
      next_hop_self: <bool>
      link_bandwidth:
        enabled: <bool>

        # nn.nn(K|M|G) link speed in bits/second.
        default: <str>
      rib_in_pre_policy_retain:
        enabled: <bool>
        all: <bool>

      # Remove private AS numbers in outbound AS path.
      remove_private_as:
        enabled: <bool>
        all: <bool>
        replace_as: <bool>
      remove_private_as_ingress:
        enabled: <bool>
        replace_as: <bool>
      session_tracker: <str>
      shared_secret:

        # Name of profile defined under `management_security`.
        profile: <str; required>

        # Note: Algorithm hmac-sha-256 requires EOS version 4.31.1F and above.
        hash_algorithm: <str; "aes-128-cmac-96" | "hmac-sha-256" | "hmac-sha1-96"; required>

      # Maximum number of hops.
      ttl_maximum_hops: <int; 0-254>
  neighbor_interfaces:

      # Interface name.
    - name: <str; required; unique>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      remote_as: <str>

      # Key only used for documentation or validation purposes.
      peer: <str>
      peer_group: <str; default="Peer-group name">
      description: <str>

      # Peer-filter name.
      peer_filter: <str>
  aggregate_addresses:

      # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
    - prefix: <str; required; unique>
      advertise_only: <bool>
      as_set: <bool>

      # Route-map name.
      advertise_map: <str>

      # Route-map name.
      supress_map: <str>
      summary_only: <bool>

      # Route-map name.
      attribute_map: <str>

      # Route-map name.
      match_map: <str>
  redistribute_routes:
    - source_protocol: <str; "attached-host" | "bgp" | "connected" | "dynamic" | "isis" | "ospf" | "ospfv3" | "rip" | "static" | "user"; required; unique>
      route_map: <str>

      # RCF function name with parenthesis.
      # Example: MyFunction(myarg).
      # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
      # Only applicable if `source_protocol` is one of `connected`, `static`, `isis`, `user`, `dynamic`.
      rcf: <str>
      include_leaked: <bool>
  vlan_aware_bundles:

      # VLAN aware bundle name.
    - name: <str; required; unique>

      # Key only used for documentation or validation purposes.
      tenant: <str>

      # Key only used for documentation or validation purposes.
      description: <str>

      # Route distinguisher.
      rd: <str>
      rd_evpn_domain:
        domain: <str; "remote" | "all">

        # Route distinguisher.
        rd: <str>
      route_targets:
        both:
          - <str>
        import:
          - <str>
        export:
          - <str>
        import_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
        export_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
        import_export_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
      redistribute_routes:
        - <str>
      no_redistribute_routes:
        - <str>

      # VLAN range as string. Example "100-200,300".
      vlan: <str>

      # Multiline EOS CLI rendered directly on the Router BGP, VLAN-aware-bundle definition in the final EOS configuration.
      eos_cli: <str>
  vlans:
    - id: <int; required; unique>

      # Key only used for documentation or validation purposes.
      tenant: <str>

      # Route distinguisher.
      rd: <str>
      rd_evpn_domain:
        domain: <str; "remote" | "all">

        # Route distinguisher.
        rd: <str>

      # Multiline EOS CLI rendered directly on the Router BGP, VLAN definition in the final EOS configuration.
      eos_cli: <str>
      route_targets:
        both:
          - <str>
        import:
          - <str>
        export:
          - <str>
        import_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
        export_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
        import_export_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
      redistribute_routes:
        - <str>
      no_redistribute_routes:
        - <str>
  vpws:

      # VPWS instance name.
    - name: <str; required; unique>

      # Route distinguisher.
      rd: <str>
      route_targets:

        # Route Target.
        import_export: <str>
      mpls_control_word: <bool>
      label_flow: <bool>
      mtu: <int>
      pseudowires:

          # Pseudowire name.
        - name: <str; required; unique>

          # Must match id_remote on other pe.
          id_local: <int>

          # Must match id_local on other pe.
          id_remote: <int>
  address_family_evpn:
    domain_identifier: <str>
    neighbor_default:
      encapsulation: <str; "vxlan" | "mpls">

      # Source interface name.
      next_hop_self_source_interface: <str>
      next_hop_self_received_evpn_routes:
        enable: <bool>
        inter_domain: <bool>

    # Specify the RIBs used to resolve MPLS next-hops. The order of this list determines the order of RIB lookups.
    next_hop_mpls_resolution_ribs: # 1-3 items

        # Type of RIB. For 'tunnel-rib', use 'rib_name' to specify the name of the Tunnel-RIB to use.
      - rib_type: <str; "system-connected" | "tunnel-rib-colored" | "tunnel-rib"; required>

        # The name of the tunnel-rib to use when using 'tunnel-rib' type.
        rib_name: <str>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
        domain_remote: <bool>
        encapsulation: <str; "vxlan" | "mpls">
        additional_paths:
          receive: <bool>
          send:
            any: <bool>
            backup: <bool>
            ecmp: <bool>

            # Amount of ECMP paths to send.
            ecmp_limit: <int; 2-64>

            # Amount of paths to send.
            limit: <int; 2-64>
    evpn_hostflap_detection:
      enabled: <bool>

      # Time (in seconds) to detect a MAC duplication issue.
      window: <int; 0-4294967295>

      # Minimum number of MAC moves that indicate a MAC Duplication issue.
      threshold: <int; 0-4294967295>

      # Time (in seconds) to purge a MAC duplication issue.
      expiry_timeout: <int; 0-4294967295>
    next_hop:
      resolution_disabled: <bool>
    route:
      import_match_failure_action: <str; "discard">
      import_ethernet_segment_ip_mass_withdraw: <bool>
      import_overlay_index_gateway: <bool>
      export_ethernet_segment_ip_mass_withdraw: <bool>
    next_hop_unchanged: <bool>

    # BGP additional-paths commands.
    bgp_additional_paths:

      # Receive multiple paths.
      receive: <bool>

      # Send multiple paths.
      send:

        # Any eligible path.
        any: <bool>

        # Best path and installed backup path.
        backup: <bool>

        # All paths in best path ECMP group.
        ecmp: <bool>

        # Amount of ECMP paths to send.
        ecmp_limit: <int; 2-64>

        # Amount of paths to send.
        limit: <int; 2-64>

    # BGP layer-2 in-place FEC operation.
    layer_2_fec_in_place_update:
      enabled: <bool; required>

      # In-place FEC update tracking timeout in seconds.
      timeout: <int; 0-300>
  address_family_rtc:
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
        default_route_target:
          only: <bool>
          encoding_origin_as_omit: <str>
  address_family_ipv4:
    networks:

        # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
      - prefix: <str; required; unique>

        # Route-map name.
        route_map: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
        default_originate:
          always: <bool>

          # Route-map name.
          route_map: <str>
        next_hop:
          address_family_ipv6:
            enabled: <bool; required>
            originate: <bool>
          # This key is deprecated.
          # Support will be removed in AVD version 5.0.0.
          # Use <samp>address_family_ipv6</samp> instead.
          address_family_ipv6_originate: <bool>

        # Inbound prefix-list name.
        prefix_list_in: <str>

        # Outbound prefix-list name.
        prefix_list_out: <str>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>

        # Inbound prefix-list name.
        prefix_list_in: <str>

        # Prefix-list name.
        prefix_list_out: <str>
        default_originate:
          always: <bool>
          route_map: <str>
    redistribute_routes:
      - source_protocol: <str; "attached-host" | "bgp" | "connected" | "dynamic" | "isis" | "ospf" | "ospfv3" | "rip" | "static" | "user"; required; unique>
        route_map: <str>

        # Only applicable if `source_protocol` is one of `connected`, `static`, `isis`, `ospf`, `ospfv3`.
        include_leaked: <bool>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        # Only applicable if `source_protocol` is one of `connected`, `static`, `isis`, `user`, `dynamic`.
        rcf: <str>
  address_family_ipv4_multicast:
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
    redistribute_routes:
      - source_protocol: <str; required; unique>
        route_map: <str>

        # Only applicable if `source_protocol` is `isis`.
        include_leaked: <bool>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        # Only applicable if `source_protocol` is `isis`.
        rcf: <str>
  address_family_ipv4_sr_te:
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
  address_family_ipv6:
    networks:

        # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
      - prefix: <str; required; unique>

        # Route-map name.
        route_map: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>

        # Inbound prefix-list name.
        prefix_list_in: <str>

        # Outbound prefix-list name.
        prefix_list_out: <str>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>

        # Inbound prefix-list name.
        prefix_list_in: <str>

        # Outbound prefix-list name.
        prefix_list_out: <str>
    redistribute_routes:
      - source_protocol: <str; required; unique>
        route_map: <str>
        include_leaked: <bool>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        # Only used if `source_protocol` is one of `connected`, `static`, `isis`, `user`, `dynamic`.
        rcf: <str>
  address_family_ipv6_multicast:
    bgp:
      missing_policy:
        direction_in_action: <str; "deny" | "deny-in-out" | "permit">
        direction_out_action: <str; "deny" | "deny-in-out" | "permit">
      additional_paths:
        receive: <bool>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
    networks:

        # IPv6 prefix "A:B:C:D:E:F:G:H/I".
      - prefix: <str; required; unique>
        route_map: <str>
    redistribute_routes:
      - source_protocol: <str; "connected" | "isis" | "ospf" | "ospfv3" | "static"; required; unique>

        # Only applicable if `source_protocol` is `isis`.
        include_leaked: <bool>
        route_map: <str>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        # Only applicable if `source_protocol` is `isis`.
        rcf: <str>
  address_family_ipv6_sr_te:
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
  address_family_link_state:
    bgp:
      missing_policy:
        direction_in_action: <str; "deny" | "deny-in-out" | "permit">
        direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
        missing_policy:
          direction_in_action: <str; "deny" | "deny-in-out" | "permit">
          direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>
        missing_policy:
          direction_in_action: <str; "deny" | "deny-in-out" | "permit">
          direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    path_selection:
      roles:
        producer: <bool>
        consumer: <bool>
        propagator: <bool>
  address_family_flow_spec_ipv4:
    bgp:
      missing_policy:
        direction_in_action: <str; "deny" | "deny-in-out" | "permit">
        direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
  address_family_flow_spec_ipv6:
    bgp:
      missing_policy:
        direction_in_action: <str; "deny" | "deny-in-out" | "permit">
        direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
  address_family_path_selection:
    bgp:
      additional_paths:
        receive: <bool>
        send:
          any: <bool>
          backup: <bool>
          ecmp: <bool>

          # Amount of ECMP paths to send.
          ecmp_limit: <int; 2-64>

          # Amount of paths to send.
          limit: <int; 2-64>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>
        additional_paths:
          install: <bool>
          install_ecmp_primary: <bool>
          receive: <bool>
          send:
            any: <bool>
            backup: <bool>
            ecmp: <bool>

            # Amount of ECMP paths to send.
            ecmp_limit: <int; 2-64>

            # Amount of paths to send.
            limit: <int; 2-64>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
        additional_paths:
          install: <bool>
          install_ecmp_primary: <bool>
          receive: <bool>
          send:
            any: <bool>
            backup: <bool>
            ecmp: <bool>

            # Amount of ECMP paths to send.
            ecmp_limit: <int; 2-64>

            # Amount of paths to send.
            limit: <int; 2-64>
  address_family_vpn_ipv4:
    domain_identifier: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
    route:
      import_match_failure_action: <str; "discard">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
    neighbor_default_encapsulation_mpls_next_hop_self:
      source_interface: <str>
  address_family_vpn_ipv6:
    domain_identifier: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
    route:
      import_match_failure_action: <str; "discard">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
    neighbor_default_encapsulation_mpls_next_hop_self:
      source_interface: <str>
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # Route distinguisher.
      rd: <str>
      evpn_multicast: <bool>

      # Enable per-AF EVPN multicast settings.
      evpn_multicast_address_family:
        ipv4:

          # Enable EVPN multicast transit mode.
          transit: <bool>
      route_targets:
        import:
          - address_family: <str; required; unique>
            route_targets:
              - <str>

            # Only applicable if `address_family` is one of `evpn`, `vpn-ipv4` or `vpn-ipv6`.
            route_map: <str>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # Only applicable if `address_family` is one of `evpn`, `vpn-ipv4` or `vpn-ipv6`.
            rcf: <str>

            # RCF function name with parenthesis for filtering VPN routes. Also requires `rcf` to be set.
            # Example: MyFunction(myarg).
            # Only applicable if `address_family` is one of `vpn-ipv4` or `vpn-ipv6`.
            vpn_route_filter_rcf: <str>
        export:
          - address_family: <str; required; unique>
            route_targets:
              - <str>

            # Only applicable if `address_family` is one of `evpn`, `vpn-ipv4` or `vpn-ipv6`.
            route_map: <str>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # Only applicable if `address_family` is one of `evpn`, `vpn-ipv4` or `vpn-ipv6`.
            rcf: <str>

            # RCF function name with parenthesis for filtering VPN routes. Also requires `rcf` to be set.
            # Example: MyFunction(myarg).
            # Only applicable if `address_family` is one of `vpn-ipv4` or `vpn-ipv6`.
            vpn_route_filter_rcf: <str>

      # in IP address format A.B.C.D.
      router_id: <str>

      # BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>".
      timers: <str>
      networks:

          # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
        - prefix: <str; required; unique>
          route_map: <str>
      updates:

        # Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
        wait_for_convergence: <bool>

        # Do not advertise reachability to a prefix until that prefix has been installed in hardware.
        # This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
        wait_install: <bool>

      # Improved "listen_ranges" data model to support multiple listen ranges and additional filter capabilities.
      listen_ranges:

          # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
        - prefix: <str>

          # Include router ID as part of peer filter.
          peer_id_include_router_id: <bool>

          # Peer-group name.
          peer_group: <str>

          # Peer-filter name.
          # note: `peer_filter`` or `remote_as` is required but mutually exclusive.
          # If both are defined, peer_filter takes precedence.
          peer_filter: <str>

          # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
          # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          remote_as: <str>
      neighbors:
        - ip_address: <str; required; unique>

          # Peer-group name.
          peer_group: <str>

          # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
          # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          remote_as: <str>
          password: <str>
          passive: <bool>

          # Remove private AS numbers in outbound AS path.
          remove_private_as:
            enabled: <bool>
            all: <bool>
            replace_as: <bool>
          remove_private_as_ingress:
            enabled: <bool>
            replace_as: <bool>
          weight: <int; 0-65535>

          # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
          # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          local_as: <str>

          # BGP AS-PATH options.
          as_path:

            # Replace AS number with local AS number.
            remote_as_replace_out: <bool>

            # Disable prepending own AS number to AS path.
            prepend_own_disabled: <bool>
          description: <str>
          route_reflector_client: <bool>

          # Time-to-live in range of hops.
          ebgp_multihop: <int; 1-255>
          next_hop_self: <bool>
          shutdown: <bool>

          # Enable BFD.
          bfd: <bool>

          # Override default BFD timers. BFD must be enabled with `bfd: true`.
          bfd_timers:

            # Interval in milliseconds.
            interval: <int; 50-60000; required>

            # Rate in milliseconds.
            min_rx: <int; 50-60000; required>
            multiplier: <int; 3-50; required>

          # BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>".
          timers: <str>
          rib_in_pre_policy_retain:
            enabled: <bool>
            all: <bool>

          # 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'.
          send_community: <str>
          maximum_routes: <int>

          # Maximum number of routes after which a warning is issued (0 means never warn) or
          # Percentage of maximum number of routes at which to warn ("<1-100> percent").
          maximum_routes_warning_limit: <str>
          maximum_routes_warning_only: <bool>
          allowas_in:
            enabled: <bool>

            # Number of local ASNs allowed in a BGP update.
            times: <int; 1-10>
          default_originate:
            enabled: <bool>
            always: <bool>
            route_map: <str>
          update_source: <str>

          # Inbound route-map name.
          route_map_in: <str>

          # Outbound route-map name.
          route_map_out: <str>

          # Inbound prefix-list name.
          # This key is deprecated.
          # Support will be removed in AVD version 5.0.0.
          # Use <samp>router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_in or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_in</samp> instead.
          prefix_list_in: <str>

          # Outbound prefix-list name.
          # This key is deprecated.
          # Support will be removed in AVD version 5.0.0.
          # Use <samp>router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_out or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_out</samp> instead.
          prefix_list_out: <str>
      neighbor_interfaces:

          # Interface name.
        - name: <str; required; unique>

          # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
          # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          remote_as: <str>

          # Peer-group name.
          peer_group: <str>

          # Peer-filter name.
          peer_filter: <str>
          description: <str>
      redistribute_routes:
        - source_protocol: <str; required; unique>
          route_map: <str>
          include_leaked: <bool>

          # RCF function name with parenthesis.
          # Example: MyFunction(myarg).
          # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
          # Only applicable if `source_protocol` is one of `connected`, `dynamic`, `isis`, `static` and `user`.
          rcf: <str>
      aggregate_addresses:

          # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
        - prefix: <str; required; unique>
          advertise_only: <bool>
          as_set: <bool>

          # Route-map name.
          advertise_map: <str>

          # Route-map name.
          supress_map: <str>
          summary_only: <bool>
          attribute_map: <str>
          match_map: <str>
      address_family_ipv4:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
          additional_paths:
            install: <bool>
            install_ecmp_primary: <bool>
            receive: <bool>
            send:
              any: <bool>
              backup: <bool>
              ecmp: <bool>

              # Amount of ECMP paths to send.
              ecmp_limit: <int; 2-64>

              # Amount of paths to send.
              limit: <int; 2-64>
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>

            # Inbound route-map name.
            route_map_in: <str>

            # Outbound route-map name.
            route_map_out: <str>

            # Inbound RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            rcf_in: <str>

            # Outbound RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            rcf_out: <str>

            # Inbound prefix-list name.
            prefix_list_in: <str>

            # Outbound prefix-list name.
            prefix_list_out: <str>
            next_hop:
              address_family_ipv6:
                enabled: <bool; required>
                originate: <bool>
        networks:

            # IPv4 prefix "A.B.C.D/E".
          - prefix: <str; required; unique>
            route_map: <str>
        redistribute_routes:
          - source_protocol: <str; "attached-host" | "bgp" | "connected" | "dynamic" | "isis" | "ospf" | "ospfv3" | "rip" | "static" | "user"; required; unique>
            route_map: <str>
            include_leaked: <bool>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            # Only applicable if `source_protocol` is one of `connected`, `dynamic`, `isis`, `static` and `user`.
            rcf: <str>
      address_family_ipv6:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
          additional_paths:
            install: <bool>
            install_ecmp_primary: <bool>
            receive: <bool>
            send:
              any: <bool>
              backup: <bool>
              ecmp: <bool>

              # Amount of ECMP paths to send.
              ecmp_limit: <int; 2-64>

              # Amount of paths to send.
              limit: <int; 2-64>
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>

            # Inbound route-map name.
            route_map_in: <str>

            # Outbound route-map name.
            route_map_out: <str>

            # Inbound RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            rcf_in: <str>

            # Outbound RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            rcf_out: <str>

            # Inbound prefix-list name.
            prefix_list_in: <str>

            # Outbound prefix-list name.
            prefix_list_out: <str>
        networks:

            # IPv6 prefix "A:B:C:D:E:F:G:H/I".
          - prefix: <str; required; unique>
            route_map: <str>
        redistribute_routes:
          - source_protocol: <str; "attached-host" | "bgp" | "connected" | "dhcp" | "dynamic" | "isis" | "ospfv3" | "static" | "user"; required; unique>
            route_map: <str>
            include_leaked: <bool>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            # Only applicable if `source_protocol` is one of `connected`, `dynamic`, `isis`, `static` and `user`.
            rcf: <str>
      address_family_ipv4_multicast:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
          additional_paths:
            receive: <bool>
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>

            # Inbound route-map name.
            route_map_in: <str>

            # Outbound route-map name.
            route_map_out: <str>
        networks:

            # IPv6 prefix "A.B.C.D/E".
          - prefix: <str; required; unique>
            route_map: <str>
        redistribute_routes:
          - source_protocol: <str; "attached-host" | "connected" | "isis" | "ospf" | "ospfv3" | "static"; required; unique>
            route_map: <str>

            # Only applicable if `source_protocol` is `isis`.
            include_leaked: <bool>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            # Only applicable if `source_protocol` is `isis`.
            rcf: <str>
      address_family_ipv6_multicast:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
          additional_paths:
            receive: <bool>
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>

            # Inbound route-map name.
            route_map_in: <str>

            # Outbound route-map name.
            route_map_out: <str>
        networks:

            # IPv6 prefix "A:B:C:D:E:F:G:H/I".
          - prefix: <str; required; unique>
            route_map: <str>
        redistribute_routes:
          - source_protocol: <str; "connected" | "isis" | "ospf" | "ospfv3" | "static"; required; unique>
            route_map: <str>

            # Only applicable if `source_protocol` is `isis`.
            include_leaked: <bool>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            # Only applicable if `source_protocol` is `isis`.
            rcf: <str>
      address_family_flow_spec_ipv4:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>
      address_family_flow_spec_ipv6:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>address_family_*</samp> instead.
      address_families:
        - address_family: <str; required; unique>
          bgp:
            missing_policy:
              direction_in_action: <str; "deny" | "deny-in-out" | "permit">
              direction_out_action: <str; "deny" | "deny-in-out" | "permit">
            additional_paths:
              - <str>
          neighbors:
            - ip_address: <str; required; unique>
              activate: <bool>

              # Inbound route-map name.
              route_map_in: <str>

              # Outbound route-map name.
              route_map_out: <str>
          peer_groups:

              # Peer-group name.
            - name: <str; required; unique>
              activate: <bool>
              next_hop:
                address_family_ipv6_originate: <bool>
          networks:

              # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
            - prefix: <str; required; unique>
              route_map: <str>

      # Multiline EOS CLI rendered directly on the Router BGP, VRF definition in the final EOS configuration.
      eos_cli: <str>
  session_trackers:

      # Name of session tracker.
    - name: <str; required; unique>

      # Recovery delay in seconds.
      recovery_delay: <int; 1-3600>

  # Multiline EOS CLI rendered directly on the Router BGP in the final EOS configuration.
  eos_cli: <str>

Router general

Variable Type Required Default Value Restrictions Description
router_general Dictionary
  router_id Dictionary
    ipv4 String IPv4 Address.
    ipv6 String IPv6 Address.
  nexthop_fast_failover Boolean False
  vrfs List, items: Dictionary
    - name String Required, Unique Destination-VRF.
      leak_routes List, items: Dictionary
        - source_vrf String
          subscribe_policy String Route-Map Policy.
      routes Dictionary
        dynamic_prefix_lists List, items: Dictionary
          - name String Dynamic Prefix List Name.
  control_functions Dictionary Routing control functions (RCF) used to filter and update routes from a peer or during redistributions.
Warning:
This configuration cannot be pushed with eos_config_deploy_eapi, because of limitations in arista.eos and ansible.netcommon plugins.
The configuration can be pushed via CloudVision with eos_config_deploy_cvp or cv_deploy.
    code_units List, items: Dictionary
      - name String Required, Unique Name of the code unit.
        content String Required Content of route control function.
e.g.
function ACCEPT_ALL() {
return true;
}
EOF
router_general:
  router_id:

    # IPv4 Address.
    ipv4: <str>

    # IPv6 Address.
    ipv6: <str>
  nexthop_fast_failover: <bool; default=False>
  vrfs:

      # Destination-VRF.
    - name: <str; required; unique>
      leak_routes:
        - source_vrf: <str>

          # Route-Map Policy.
          subscribe_policy: <str>
      routes:
        dynamic_prefix_lists:

            # Dynamic Prefix List Name.
          - name: <str>

  # Routing control functions (RCF) used to filter and update routes from a peer or during redistributions.
  # Warning:
  # This configuration cannot be pushed with `eos_config_deploy_eapi`, because of limitations in `arista.eos` and `ansible.netcommon` plugins.
  # The configuration can be pushed via CloudVision with `eos_config_deploy_cvp` or `cv_deploy`.
  control_functions:
    code_units:

        # Name of the code unit.
      - name: <str; required; unique>

        # Content of route control function.
        # e.g.
        # function ACCEPT_ALL() {
        #   return true;
        #   }
        # EOF
        content: <str; required>

Router internet-exit

Variable Type Required Default Value Restrictions Description
router_internet_exit Dictionary Internet-exit feature to configure internet bound service for virtual topologies.
  policies List, items: Dictionary Internet-exit policy represent a policy which can be attached to a virtual topology profile.
    - name String Required, Unique
      exit_groups List, items: Dictionary The exit groups that are configured under a policy are strictly ordered, meaning an exit group appearing first has more priority than the exit group that follows it.
        - name String
  exit_groups List, items: Dictionary Exit groups represent a group of exit options (connections).
Traffic flows are load balanced in a round robin fashion across all the members (exits) of the exit-group.
    - name String Required, Unique
      fib_default Boolean Fib default exit indicates that the flows that select this exit will follow the default route available in the VRF of the flow.
      local_connections List, items: Dictionary Local connections refer to connections configured under the router_service_insertion.
The service-insertion module reports the health of the connection and the exit will qualify for use only when it is healthy.
        - name String
# Internet-exit feature to configure internet bound service for virtual topologies.
router_internet_exit:

  # Internet-exit policy represent a policy which can be attached to a virtual topology profile.
  policies:
    - name: <str; required; unique>

      # The exit groups that are configured under a policy are strictly ordered, meaning an exit group appearing first has more priority than the exit group that follows it.
      exit_groups:
        - name: <str>

  # Exit groups represent a group of exit options (connections).
  # Traffic flows are load balanced in a round robin fashion across all the members (exits) of the exit-group.
  exit_groups:
    - name: <str; required; unique>

      # Fib default exit indicates that the flows that select this exit will follow the default route available in the VRF of the flow.
      fib_default: <bool>

      # Local connections refer to connections configured under the `router_service_insertion`.
      # The service-insertion module reports the health of the connection and the exit will qualify for use only when it is healthy.
      local_connections:
        - name: <str>

Router ISIS

Variable Type Required Default Value Restrictions Description
router_isis Dictionary
  instance String Required ISIS Instance Name.
  net String CLNS Address like “49.0001.0001.0000.0001.00”.
  router_id String IPv4 Address.
  is_type String Valid Values:
- level-1
- level-1-2
- level-2
  log_adjacency_changes Boolean
  mpls_ldp_sync_default Boolean
  timers Dictionary
    local_convergence Dictionary
      protected_prefixes Boolean
      delay Integer 10000 Delay in milliseconds.
  set_overload_bit Dictionary
    enabled Boolean
    on_startup Dictionary
      delay Integer Number of seconds.
      wait_for_bgp Dictionary
        enabled Boolean
        timeout Integer Number of seconds.
  authentication Dictionary
    both Dictionary Authentication settings for level-1 and level-2. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
      key_type String Valid Values:
- 0
- 7
- 8a
Configure authentication key type. Default key_id is 0.
      key String Password string.
      key_ids List, items: Dictionary
        - id Integer Required, Unique Min: 1
Max: 65535
Configure authentication key-id.
          algorithm String Required Valid Values:
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
          key_type String Required Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
          key String Required Password string.
          rfc_5310 Boolean SHA digest computation according to rfc5310.
      mode String Valid Values:
- md5
- sha
- text
- shared_secret
Authentication mode.
      sha Dictionary Required settings for authentication mode ‘sha’.
        key_id Integer Required Min: 1
Max: 65535
      shared_secret Dictionary Required settings for authentication mode ‘shared_secret’.
        profile String Required
        algorithm String Required Valid Values:
- md5
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
      rx_disabled Boolean
    level_1 Dictionary Authentication settings for level-1. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
      key_type String Valid Values:
- 0
- 7
- 8a
Configure authentication key type. Default key_id is 0.
      key String Password string.
      key_ids List, items: Dictionary
        - id Integer Required, Unique Min: 1
Max: 65535
Configure authentication key-id.
          algorithm String Required Valid Values:
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
          key_type String Required Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
          key String Required Password string.
          rfc_5310 Boolean SHA digest computation according to rfc5310.
      mode String Valid Values:
- md5
- sha
- text
- shared_secret
Authentication mode.
      sha Dictionary Required settings for authentication mode ‘sha’.
        key_id Integer Required Min: 1
Max: 65535
      shared_secret Dictionary Required settings for authentication mode ‘shared_secret’.
        profile String Required
        algorithm String Required Valid Values:
- md5
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
      rx_disabled Boolean
    level_2 Dictionary Authentication settings for level-2. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
      key_type String Valid Values:
- 0
- 7
- 8a
Configure authentication key type. Default key_id is 0.
      key String Password string.
      key_ids List, items: Dictionary
        - id Integer Required, Unique Min: 1
Max: 65535
Configure authentication key-id.
          algorithm String Required Valid Values:
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
          key_type String Required Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
          key String Required Password string.
          rfc_5310 Boolean SHA digest computation according to rfc5310.
      mode String Valid Values:
- md5
- sha
- text
- shared_secret
Authentication mode.
      sha Dictionary Required settings for authentication mode ‘sha’.
        key_id Integer Required Min: 1
Max: 65535
      shared_secret Dictionary Required settings for authentication mode ‘shared_secret’.
        profile String Required
        algorithm String Required Valid Values:
- md5
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
      rx_disabled Boolean
  advertise Dictionary
    passive_only Boolean
  address_family List, items: String
    - <str> deprecated String Valid Values:
- ipv4
- ipv6
- ipv4 unicast
- ipv6 unicast
Address Family.This key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_ipv4.enabled or address_family_ipv6.enabled instead.
  isis_af_defaults List, items: String
    - <str> deprecated String EOS CLI rendered under the address families.
Example “maximum-paths 64”
This key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_ipv4/address_family_ipv6 instead.
  redistribute_routes List, items: Dictionary
    - source_protocol String Required Valid Values:
- bgp
- connected
- isis
- ospf
- ospfv3
- static
      route_map String Route-map name.
      include_leaked Boolean
      ospf_route_type String Valid Values:
- external
- internal
- nssa-external
ospf_route_type is required with source_protocols ‘ospf’ and ‘ospfv3’.
  address_family_ipv4 Dictionary
    enabled Boolean
    maximum_paths Integer Min: 1
Max: 128
    bfd_all_interfaces Boolean Enable BFD on all interfaces.
    fast_reroute_ti_lfa Dictionary
      mode String Valid Values:
- link-protection
- node-protection
      level String Valid Values:
- level-1
- level-2
      srlg Dictionary Shared Risk Link Group.
        enable Boolean
        strict Boolean
    tunnel_source_labeled_unicast Dictionary
      enabled Boolean
      rcf String Route Control Function.
  address_family_ipv6 Dictionary
    enabled Boolean
    maximum_paths Integer Min: 1
Max: 128
    bfd_all_interfaces Boolean Enable BFD on all interfaces.
    fast_reroute_ti_lfa Dictionary
      mode String Valid Values:
- link-protection
- node-protection
      level String Valid Values:
- level-1
- level-2
Optional, default is to protect all levels.
      srlg Dictionary Shared Risk Link Group.
        enable Boolean
        strict Boolean
  segment_routing_mpls Dictionary
    enabled Boolean
    router_id String
    prefix_segments List, items: Dictionary
      - prefix String
        index Integer
  spf_interval Dictionary
    interval Integer Maximum interval between two SPFs in seconds or milliseconds.
Range in seconds: <1-300>
Range in milliseconds: <1-300000>
    interval_unit String Valid Values:
- seconds
- milliseconds
If interval unit is not defined EOS takes seconds by default.
    wait_interval Integer Min: 1
Max: 300000
Initial wait interval for SPF in milliseconds.
    hold_interval Integer Min: 1
Max: 300000
Hold interval between the first and second SPF runs in milliseconds.
  graceful_restart Dictionary
    enabled Boolean
    restart_hold_time Integer Min: 5
Max: 300
Number of seconds.
    t2 Dictionary
      level_1_wait_time Integer Min: 5
Max: 300
Level-1 LSP database sync wait time in seconds.
      level_2_wait_time Integer Min: 5
Max: 300
Level-2 LSP database sync wait time in seconds.
  eos_cli String Multiline EOS CLI rendered directly on the router isis in the final EOS configuration.
router_isis:

  # ISIS Instance Name.
  instance: <str; required>

  # CLNS Address like "49.0001.0001.0000.0001.00".
  net: <str>

  # IPv4 Address.
  router_id: <str>
  is_type: <str; "level-1" | "level-1-2" | "level-2">
  log_adjacency_changes: <bool>
  mpls_ldp_sync_default: <bool>
  timers:
    local_convergence:
      protected_prefixes: <bool>

      # Delay in milliseconds.
      delay: <int; default=10000>
  set_overload_bit:
    enabled: <bool>
    on_startup:

      # Number of seconds.
      delay: <int>
      wait_for_bgp:
        enabled: <bool>

        # Number of seconds.
        timeout: <int>
  authentication:

    # Authentication settings for level-1 and level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
    both:

      # Configure authentication key type. Default key_id is 0.
      key_type: <str; "0" | "7" | "8a">

      # Password string.
      key: <str>
      key_ids:

          # Configure authentication key-id.
        - id: <int; 1-65535; required; unique>
          algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

          # Configure authentication key type.
          key_type: <str; "0" | "7" | "8a"; required>

          # Password string.
          key: <str; required>

          # SHA digest computation according to rfc5310.
          rfc_5310: <bool>

      # Authentication mode.
      mode: <str; "md5" | "sha" | "text" | "shared_secret">

      # Required settings for authentication mode 'sha'.
      sha:
        key_id: <int; 1-65535; required>

      # Required settings for authentication mode 'shared_secret'.
      shared_secret:
        profile: <str; required>
        algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
      rx_disabled: <bool>

    # Authentication settings for level-1. 'both' takes precedence over 'level_1' and 'level_2' settings.
    level_1:

      # Configure authentication key type. Default key_id is 0.
      key_type: <str; "0" | "7" | "8a">

      # Password string.
      key: <str>
      key_ids:

          # Configure authentication key-id.
        - id: <int; 1-65535; required; unique>
          algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

          # Configure authentication key type.
          key_type: <str; "0" | "7" | "8a"; required>

          # Password string.
          key: <str; required>

          # SHA digest computation according to rfc5310.
          rfc_5310: <bool>

      # Authentication mode.
      mode: <str; "md5" | "sha" | "text" | "shared_secret">

      # Required settings for authentication mode 'sha'.
      sha:
        key_id: <int; 1-65535; required>

      # Required settings for authentication mode 'shared_secret'.
      shared_secret:
        profile: <str; required>
        algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
      rx_disabled: <bool>

    # Authentication settings for level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
    level_2:

      # Configure authentication key type. Default key_id is 0.
      key_type: <str; "0" | "7" | "8a">

      # Password string.
      key: <str>
      key_ids:

          # Configure authentication key-id.
        - id: <int; 1-65535; required; unique>
          algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

          # Configure authentication key type.
          key_type: <str; "0" | "7" | "8a"; required>

          # Password string.
          key: <str; required>

          # SHA digest computation according to rfc5310.
          rfc_5310: <bool>

      # Authentication mode.
      mode: <str; "md5" | "sha" | "text" | "shared_secret">

      # Required settings for authentication mode 'sha'.
      sha:
        key_id: <int; 1-65535; required>

      # Required settings for authentication mode 'shared_secret'.
      shared_secret:
        profile: <str; required>
        algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
      rx_disabled: <bool>
  advertise:
    passive_only: <bool>
  address_family:

      # Address Family.
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>address_family_ipv4.enabled or address_family_ipv6.enabled</samp> instead.
    - <str; "ipv4" | "ipv6" | "ipv4 unicast" | "ipv6 unicast">
  isis_af_defaults:

      # EOS CLI rendered under the address families.
      # Example "maximum-paths 64"
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>address_family_ipv4/address_family_ipv6</samp> instead.
    - <str>
  redistribute_routes:
    - source_protocol: <str; "bgp" | "connected" | "isis" | "ospf" | "ospfv3" | "static"; required>

      # Route-map name.
      route_map: <str>
      include_leaked: <bool>

      # ospf_route_type is required with source_protocols 'ospf' and 'ospfv3'.
      ospf_route_type: <str; "external" | "internal" | "nssa-external">
  address_family_ipv4:
    enabled: <bool>
    maximum_paths: <int; 1-128>

    # Enable BFD on all interfaces.
    bfd_all_interfaces: <bool>
    fast_reroute_ti_lfa:
      mode: <str; "link-protection" | "node-protection">
      level: <str; "level-1" | "level-2">

      # Shared Risk Link Group.
      srlg:
        enable: <bool>
        strict: <bool>
    tunnel_source_labeled_unicast:
      enabled: <bool>

      # Route Control Function.
      rcf: <str>
  address_family_ipv6:
    enabled: <bool>
    maximum_paths: <int; 1-128>

    # Enable BFD on all interfaces.
    bfd_all_interfaces: <bool>
    fast_reroute_ti_lfa:
      mode: <str; "link-protection" | "node-protection">

      # Optional, default is to protect all levels.
      level: <str; "level-1" | "level-2">

      # Shared Risk Link Group.
      srlg:
        enable: <bool>
        strict: <bool>
  segment_routing_mpls:
    enabled: <bool>
    router_id: <str>
    prefix_segments:
      - prefix: <str>
        index: <int>
  spf_interval:

    # Maximum interval between two SPFs in seconds or milliseconds.
    # Range in seconds: <1-300>
    # Range in milliseconds: <1-300000>
    interval: <int>

    # If interval unit is not defined EOS takes `seconds` by default.
    interval_unit: <str; "seconds" | "milliseconds">

    # Initial wait interval for SPF in milliseconds.
    wait_interval: <int; 1-300000>

    # Hold interval between the first and second SPF runs in milliseconds.
    hold_interval: <int; 1-300000>
  graceful_restart:
    enabled: <bool>

    # Number of seconds.
    restart_hold_time: <int; 5-300>
    t2:

      # Level-1 LSP database sync wait time in seconds.
      level_1_wait_time: <int; 5-300>

      # Level-2 LSP database sync wait time in seconds.
      level_2_wait_time: <int; 5-300>

  # Multiline EOS CLI rendered directly on the router isis in the final EOS configuration.
  eos_cli: <str>

Router L2 VPN

Variable Type Required Default Value Restrictions Description
router_l2_vpn Dictionary
  arp_learning_bridged Boolean
  arp_proxy Dictionary
    prefix_list String Prefix-list name. ARP Proxying is disabled for IPv4 addresses defined in the prefix-list.
  arp_selective_install Boolean
  nd_learning_bridged Boolean
  nd_proxy Dictionary
    prefix_list String Prefix-list name. Neighbor Discovery Proxying is disabled for IPv6 addresses defined in the prefix-list.
  nd_rs_flooding_disabled Boolean
  virtual_router_nd_ra_flooding_disabled Boolean
router_l2_vpn:
  arp_learning_bridged: <bool>
  arp_proxy:

    # Prefix-list name. ARP Proxying is disabled for IPv4 addresses defined in the prefix-list.
    prefix_list: <str>
  arp_selective_install: <bool>
  nd_learning_bridged: <bool>
  nd_proxy:

    # Prefix-list name. Neighbor Discovery Proxying is disabled for IPv6 addresses defined in the prefix-list.
    prefix_list: <str>
  nd_rs_flooding_disabled: <bool>
  virtual_router_nd_ra_flooding_disabled: <bool>

Router OSPF

Variable Type Required Default Value Restrictions Description
router_ospf Dictionary
  process_ids List, items: Dictionary
    - id Integer Required, Unique OSPF Process ID.
      vrf String VRF Name for OSPF Process.
      passive_interface_default Boolean
      router_id String IPv4 Address.
      distance Dictionary
        external Integer Min: 1
Max: 255
        inter_area Integer Min: 1
Max: 255
        intra_area Integer Min: 1
Max: 255
      log_adjacency_changes_detail Boolean
      network_prefixes List, items: Dictionary
        - ipv4_prefix String Required, Unique
          area String
      bfd_enable Boolean
      bfd_adjacency_state_any Boolean
      no_passive_interfaces List, items: String
        - <str> String Interface Name.
      distribute_list_in Dictionary
        route_map String
      max_lsa Integer
      timers Dictionary
        lsa Dictionary
          rx_min_interval Integer Min: 0
Max: 600000
Min interval in msecs between accepting the same LSA.
          tx_delay Dictionary
            initial Integer Min: 0
Max: 600000
Delay to generate first occurrence of LSA in msecs.
            min Integer Min: 1
Max: 600000
Min delay between originating the same LSA in msecs.
            max Integer Min: 1
Max: 600000
1-600000 Maximum delay between originating the same LSA in msec.
        spf_delay Dictionary
          initial Integer Min: 0
Max: 600000
Initial SPF schedule delay in msecs.
          min Integer Min: 0
Max: 65535000
Min Hold time between two SPFs in msecs.
          max Integer Min: 0
Max: 65535000
Max wait time between two SPFs in msecs.
      default_information_originate Dictionary
        always Boolean
        metric Integer Min: 1
Max: 65535
Metric for default route.
        metric_type Integer Valid Values:
- 1
- 2
OSPF metric type for default route.
      summary_addresses List, items: Dictionary
        - prefix String Required, Unique Summary Prefix Address.
          tag Integer
          attribute_map String
          not_advertise Boolean
      redistribute Dictionary
        static Dictionary
          route_map String Route Map Name.
          include_leaked Boolean
        connected Dictionary
          route_map String Route Map Name.
          include_leaked Boolean
        bgp Dictionary
          route_map String Route Map Name.
          include_leaked Boolean
      auto_cost_reference_bandwidth Integer Bandwidth in mbps.
      areas List, items: Dictionary
        - id String Required, Unique
          filter Dictionary
            networks List, items: String
              - <str> String IPv4 Prefix.
            prefix_list String Prefix-List Name.
          type String normal Valid Values:
- normal
- stub
- nssa
          no_summary Boolean
          nssa_only Boolean
          default_information_originate Dictionary
            metric Integer Min: 1
Max: 65535
Metric for default route.
            metric_type Integer Valid Values:
- 1
- 2
OSPF metric type for default route.
      maximum_paths Integer Min: 1
Max: 128
      max_metric Dictionary
        router_lsa Dictionary
          external_lsa Dictionary
            override_metric Integer Min: 1
Max: 16777215
          include_stub Boolean
          on_startup String “wait-for-bgp” or Integer 5-86400.
Example: “wait-for-bgp” Or “222”
          summary_lsa Dictionary
            override_metric Integer Min: 1
Max: 16777215
      mpls_ldp_sync_default Boolean
      eos_cli String Multiline EOS CLI rendered directly on the Router OSPF process ID in the final EOS configuration.
router_ospf:
  process_ids:

      # OSPF Process ID.
    - id: <int; required; unique>

      # VRF Name for OSPF Process.
      vrf: <str>
      passive_interface_default: <bool>

      # IPv4 Address.
      router_id: <str>
      distance:
        external: <int; 1-255>
        inter_area: <int; 1-255>
        intra_area: <int; 1-255>
      log_adjacency_changes_detail: <bool>
      network_prefixes:
        - ipv4_prefix: <str; required; unique>
          area: <str>
      bfd_enable: <bool>
      bfd_adjacency_state_any: <bool>
      no_passive_interfaces:

          # Interface Name.
        - <str>
      distribute_list_in:
        route_map: <str>
      max_lsa: <int>
      timers:
        lsa:

          # Min interval in msecs between accepting the same LSA.
          rx_min_interval: <int; 0-600000>
          tx_delay:

            # Delay to generate first occurrence of LSA in msecs.
            initial: <int; 0-600000>

            # Min delay between originating the same LSA in msecs.
            min: <int; 1-600000>

            # 1-600000 Maximum delay between originating the same LSA in msec.
            max: <int; 1-600000>
        spf_delay:

          # Initial SPF schedule delay in msecs.
          initial: <int; 0-600000>

          # Min Hold time between two SPFs in msecs.
          min: <int; 0-65535000>

          # Max wait time between two SPFs in msecs.
          max: <int; 0-65535000>
      default_information_originate:
        always: <bool>

        # Metric for default route.
        metric: <int; 1-65535>

        # OSPF metric type for default route.
        metric_type: <int; 1 | 2>
      summary_addresses:

          # Summary Prefix Address.
        - prefix: <str; required; unique>
          tag: <int>
          attribute_map: <str>
          not_advertise: <bool>
      redistribute:
        static:

          # Route Map Name.
          route_map: <str>
          include_leaked: <bool>
        connected:

          # Route Map Name.
          route_map: <str>
          include_leaked: <bool>
        bgp:

          # Route Map Name.
          route_map: <str>
          include_leaked: <bool>

      # Bandwidth in mbps.
      auto_cost_reference_bandwidth: <int>
      areas:
        - id: <str; required; unique>
          filter:
            networks:

                # IPv4 Prefix.
              - <str>

            # Prefix-List Name.
            prefix_list: <str>
          type: <str; "normal" | "stub" | "nssa"; default="normal">
          no_summary: <bool>
          nssa_only: <bool>
          default_information_originate:

            # Metric for default route.
            metric: <int; 1-65535>

            # OSPF metric type for default route.
            metric_type: <int; 1 | 2>
      maximum_paths: <int; 1-128>
      max_metric:
        router_lsa:
          external_lsa:
            override_metric: <int; 1-16777215>
          include_stub: <bool>

          # "wait-for-bgp" or Integer 5-86400.
          # Example: "wait-for-bgp" Or "222"
          on_startup: <str>
          summary_lsa:
            override_metric: <int; 1-16777215>
      mpls_ldp_sync_default: <bool>

      # Multiline EOS CLI rendered directly on the Router OSPF process ID in the final EOS configuration.
      eos_cli: <str>

Router path selection

Variable Type Required Default Value Restrictions Description
router_path_selection Dictionary Dynamic path selection configuration.
  peer_dynamic_source String Valid Values:
- stun
Source of dynamic peer discovery.
  path_groups List, items: Dictionary
    - name String Required, Unique Path group name.
      id Integer Min: 1
Max: 65535
Path group ID.
      ipsec_profile String IPSec profile for the path group.
      flow_assignment String Valid Values:
- lan
Flow assignment lan can not be configured in a path group with dynamic peers.
      local_interfaces List, items: Dictionary
        - name String Required, Unique Pattern: ^Ethernet\d+(/\d+)*(.\d+)?$ Local interface name.
          public_address String Public IP assigned by NAT.
          stun Dictionary
            server_profiles List, items: String Required Min Length: 1
Max Length: 12
STUN server-profile names.
              - <str> String
      local_ips List, items: Dictionary
        - ip_address String Required, Unique
          public_address String Public IP assigned by NAT.
          stun Dictionary
            server_profiles List, items: String Required Min Length: 1
Max Length: 12
STUN server-profile names.
              - <str> String
      dynamic_peers Dictionary Flow assignment lan can not be configured in a path group with dynamic peers.
        enabled Boolean Enable peer dynamic.
        ip_local Boolean Prefer local IP address.
        ipsec Boolean IPsec configuration for dynamic peers.
      static_peers List, items: Dictionary
        - router_ip String Required, Unique Peer router IP.
          name String Name of the site.
          ipv4_addresses List, items: String Static IPv4 addresses.
            - <str> String
      keepalive Dictionary
        auto Boolean False Enable adaptive keepalive and feedback interval.
        interval Integer Min: 50
Max: 60000
Interval in milliseconds.
        failure_threshold Integer Min: 2
Max: 100
Failure threshold in number of intervals. Required when interval is set.
  load_balance_policies List, items: Dictionary
    - name String Required, Unique Load-balance policy name.
      lowest_hop_count Boolean Prefer paths with lowest hop-count.
      jitter Integer Min: 0
Max: 10000
Jitter requirement for this load balance policy in milliseconds.
      latency Integer Min: 0
Max: 10000
One way delay requirement for this load balance policy in milliseconds.
      loss_rate String Pattern: ^\d+(.\d{1,2})?$ Loss Rate requirement in percentage for this load balance policy.
Value between 0.00 and 100.00.
      path_groups List, items: Dictionary List of path-groups to use for this load balance policy.
        - name String Required, Unique Path-group name.
          priority Integer Min: 1
Max: 65535
Priority for this path-group.
The EOS default value is 1.
  policies List, items: Dictionary
    - name String Required, Unique DPS policy name.
      default_match Dictionary
        load_balance String Name of the load-balance policy.
      rules List, items: Dictionary
        - id Integer Required, Unique Min: 1
Max: 255
Rule ID.
          application_profile String Required
          load_balance String Name of the load-balance policy.
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name.
      path_selection_policy String DPS policy name to use for this VRF.
  tcp_mss_ceiling Dictionary
    ipv4_segment_size String Segment Size for IPv4.
Can be an integer in the range 64-65515 or “auto”.
“auto” will enable auto-discovery which clamps the TCP MSS value to the minimum of all the direct paths
and multi-hop path MTU towards a remote VTEP (minus 40bytes to account for IP + TCP header).
    direction String ingress Valid Values:
- ingress
Enforce on packets through DPS tunnel for a specific direction.
Only ‘ingress’ direction is supported.
# Dynamic path selection configuration.
router_path_selection:

  # Source of dynamic peer discovery.
  peer_dynamic_source: <str; "stun">
  path_groups:

      # Path group name.
    - name: <str; required; unique>

      # Path group ID.
      id: <int; 1-65535>

      # IPSec profile for the path group.
      ipsec_profile: <str>

      # Flow assignment `lan` can not be configured in a path group with dynamic peers.
      flow_assignment: <str; "lan">
      local_interfaces:

          # Local interface name.
        - name: <str; required; unique>

          # Public IP assigned by NAT.
          public_address: <str>
          stun:

            # STUN server-profile names.
            server_profiles: # 1-12 items; required
              - <str>
      local_ips:
        - ip_address: <str; required; unique>

          # Public IP assigned by NAT.
          public_address: <str>
          stun:

            # STUN server-profile names.
            server_profiles: # 1-12 items; required
              - <str>

      # Flow assignment `lan` can not be configured in a path group with dynamic peers.
      dynamic_peers:

        # Enable `peer dynamic`.
        enabled: <bool>

        # Prefer local IP address.
        ip_local: <bool>

        # IPsec configuration for dynamic peers.
        ipsec: <bool>
      static_peers:

          # Peer router IP.
        - router_ip: <str; required; unique>

          # Name of the site.
          name: <str>

          # Static IPv4 addresses.
          ipv4_addresses:
            - <str>
      keepalive:

        # Enable adaptive keepalive and feedback interval.
        auto: <bool; default=False>

        # Interval in milliseconds.
        interval: <int; 50-60000>

        # Failure threshold in number of intervals. Required when `interval` is set.
        failure_threshold: <int; 2-100>
  load_balance_policies:

      # Load-balance policy name.
    - name: <str; required; unique>

      # Prefer paths with lowest hop-count.
      lowest_hop_count: <bool>

      # Jitter requirement for this load balance policy in milliseconds.
      jitter: <int; 0-10000>

      # One way delay requirement for this load balance policy in milliseconds.
      latency: <int; 0-10000>

      # Loss Rate requirement in percentage for this load balance policy.
      # Value between 0.00 and 100.00.
      loss_rate: <str>

      # List of path-groups to use for this load balance policy.
      path_groups:

          # Path-group name.
        - name: <str; required; unique>

          # Priority for this path-group.
          # The EOS default value is 1.
          priority: <int; 1-65535>
  policies:

      # DPS policy name.
    - name: <str; required; unique>
      default_match:

        # Name of the load-balance policy.
        load_balance: <str>
      rules:

          # Rule ID.
        - id: <int; 1-255; required; unique>
          application_profile: <str; required>

          # Name of the load-balance policy.
          load_balance: <str>
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # DPS policy name to use for this VRF.
      path_selection_policy: <str>
  tcp_mss_ceiling:

    # Segment Size for IPv4.
    # Can be an integer in the range 64-65515 or "auto".
    # "auto" will enable auto-discovery which clamps the TCP MSS value to the minimum of all the direct paths
    # and multi-hop path MTU towards a remote VTEP (minus 40bytes to account for IP + TCP header).
    ipv4_segment_size: <str>

    # Enforce on packets through DPS tunnel for a specific direction.
    # Only 'ingress' direction is supported.
    direction: <str; "ingress"; default="ingress">

Router service-insertion

Variable Type Required Default Value Restrictions Description
router_service_insertion Dictionary Configure network services inserted to data forwarding.
  enabled Boolean
  connections List, items: Dictionary
    - name String Required, Unique Connection name.
      ethernet_interface Dictionary Outgoing physical interface or subinterface to use for the connection.
If both ethernet_interface and tunnel_interface are configured, ethernet_interface will be used.
        name String Required e.g. Ethernet2 or Ethernet2/2.2
        next_hop String Required Next-hop IPv4 address (without mask).
      tunnel_interface Dictionary Outgoing tunnel interface(s) to use for this connection.
If both ethernet_interface and tunnel_interface are configured, ethernet_interface will be used.
        primary String e.g. Tunnel2
        secondary String e.g. Tunnel3
      monitor_connectivity_host String Name of the host defined under monitor_connectivity.hosts used to derive the health of the connection.
# Configure network services inserted to data forwarding.
router_service_insertion:
  enabled: <bool>
  connections:

      # Connection name.
    - name: <str; required; unique>

      # Outgoing physical interface or subinterface to use for the connection.
      # If both `ethernet_interface` and `tunnel_interface` are configured, `ethernet_interface` will be used.
      ethernet_interface:

        # e.g. Ethernet2 or Ethernet2/2.2
        name: <str; required>

        # Next-hop IPv4 address (without mask).
        next_hop: <str; required>

      # Outgoing tunnel interface(s) to use for this connection.
      # If both `ethernet_interface` and `tunnel_interface` are configured, `ethernet_interface` will be used.
      tunnel_interface:

        # e.g. Tunnel2
        primary: <str>

        # e.g. Tunnel3
        secondary: <str>

      # Name of the host defined under `monitor_connectivity.hosts` used to derive the health of the connection.
      monitor_connectivity_host: <str>

Router traffic engineering

Variable Type Required Default Value Restrictions Description
router_traffic_engineering Dictionary
  enabled Boolean
  router_id Dictionary
    ipv4 String
    ipv6 String
  segment_routing Dictionary
    colored_tunnel_rib Boolean
    policy_endpoints List, items: Dictionary
      - address String IPv4 or IPv6 address.
        colors List, items: Dictionary
          - value Integer Required, Unique
            binding_sid Integer
            description String
            name String
            sbfd_remote_discriminator String IPv4 address or 32 bit integer.
            path_group List, items: Dictionary
              - preference Integer
                explicit_null String Valid Values:
- ipv4
- ipv6
- ipv4 ipv6
- none
                segment_list List, items: Dictionary
                  - label_stack String Label Stack as string.
Example: “100 2000 30”
                    weight Integer
                    index Integer
router_traffic_engineering:
  enabled: <bool>
  router_id:
    ipv4: <str>
    ipv6: <str>
  segment_routing:
    colored_tunnel_rib: <bool>
    policy_endpoints:

        # IPv4 or IPv6 address.
      - address: <str>
        colors:
          - value: <int; required; unique>
            binding_sid: <int>
            description: <str>
            name: <str>

            # IPv4 address or 32 bit integer.
            sbfd_remote_discriminator: <str>
            path_group:
              - preference: <int>
                explicit_null: <str; "ipv4" | "ipv6" | "ipv4 ipv6" | "none">
                segment_list:

                    # Label Stack as string.
                    # Example: "100 2000 30"
                  - label_stack: <str>
                    weight: <int>
                    index: <int>

Service routing configuration bgp

Variable Type Required Default Value Restrictions Description
service_routing_configuration_bgp Dictionary
  no_equals_default Boolean
service_routing_configuration_bgp:
  no_equals_default: <bool>

Service routing protocols model

Variable Type Required Default Value Restrictions Description
service_routing_protocols_model String Valid Values:
- multi-agent
- ribd
service_routing_protocols_model: <str; "multi-agent" | "ribd">

Static routes

Variable Type Required Default Value Restrictions Description
static_routes List, items: Dictionary
  - vrf String VRF Name.
    destination_address_prefix String IPv4_network/Mask.
    interface String
    gateway String IPv4 Address.
    track_bfd Boolean Track next-hop using BFD.
    distance Integer Min: 1
Max: 255
    tag Integer Min: 0
Max: 4294967295
    name String Description.
    metric Integer Min: 0
Max: 4294967295
static_routes:

    # VRF Name.
  - vrf: <str>

    # IPv4_network/Mask.
    destination_address_prefix: <str>
    interface: <str>

    # IPv4 Address.
    gateway: <str>

    # Track next-hop using BFD.
    track_bfd: <bool>
    distance: <int; 1-255>
    tag: <int; 0-4294967295>

    # Description.
    name: <str>
    metric: <int; 0-4294967295>

STUN

Variable Type Required Default Value Restrictions Description
stun Dictionary STUN configuration.
  client Dictionary STUN client settings.
    server_profiles List, items: Dictionary List of server profiles for the client.
      - name String Required, Unique
        ip_address String
        ssl_profile String SSL profile name.
        port Integer Min: 1
Max: 65535
Destination port for the request STUN server (default - 3478).
  server Dictionary STUN server settings.
    local_interface deprecated String This key is deprecated. Support will be removed in AVD version v5.0.0. Use local_interfaces instead.
    local_interfaces List, items: String Min Length: 1
      - <str> String
    bindings_timeout Integer Min: 10
Max: 7200
Timeout for bindings stored on STUN server in seconds.
    ssl_profile String SSL profile name.
    ssl_connection_lifetime Dictionary SSL connection lifetime in minutes or hours.
If both are specified, minutes is given higher precedence.
      minutes Integer Min: 1
Max: 1440
SSL connection lifetime in minutes (default - 120).
      hours Integer Min: 1
Max: 24
SSL connection lifetime in hours (default - 2).
    port Integer Min: 1
Max: 65535
Listening port for STUN server (default - 3478).
# STUN configuration.
stun:

  # STUN client settings.
  client:

    # List of server profiles for the client.
    server_profiles:
      - name: <str; required; unique>
        ip_address: <str>

        # SSL profile name.
        ssl_profile: <str>

        # Destination port for the request STUN server (default - 3478).
        port: <int; 1-65535>

  # STUN server settings.
  server:
    # This key is deprecated.
    # Support will be removed in AVD version v5.0.0.
    # Use <samp>local_interfaces</samp> instead.
    local_interface: <str>
    local_interfaces: # >=1 items
      - <str>

    # Timeout for bindings stored on STUN server in seconds.
    bindings_timeout: <int; 10-7200>

    # SSL profile name.
    ssl_profile: <str>

    # SSL connection lifetime in minutes or hours.
    # If both are specified, minutes is given higher precedence.
    ssl_connection_lifetime:

      # SSL connection lifetime in minutes (default - 120).
      minutes: <int; 1-1440>

      # SSL connection lifetime in hours (default - 2).
      hours: <int; 1-24>

    # Listening port for STUN server (default - 3478).
    port: <int; 1-65535>

VRFs

Variable Type Required Default Value Restrictions Description
vrfs List, items: Dictionary These keys are ignored if the name of the vrf is ‘default’.
  - name String Required, Unique VRF Name.
    description String
    ip_routing Boolean
    ipv6_routing Boolean
    ip_routing_ipv6_interfaces Boolean
    tenant String Key only used for documentation or validation purposes.
# These keys are ignored if the name of the vrf is 'default'.
vrfs:

    # VRF Name.
  - name: <str; required; unique>
    description: <str>
    ip_routing: <bool>
    ipv6_routing: <bool>
    ip_routing_ipv6_interfaces: <bool>

    # Key only used for documentation or validation purposes.
    tenant: <str>

Security

IP Security

Variable Type Required Default Value Restrictions Description
ip_security Dictionary
  ike_policies List, items: Dictionary Internet Security Association and Key Mgmt Protocol.
    - name String Required, Unique Policy name.
      local_id String Local IKE identification.
Can be an IPv4 or an IPv6 address.
If both local_id and local_id_fqdn are set, local_id_fqdn takes precedence.
      local_id_fqdn String Local FQDN or UFQDN IKE identification.
If both local_id and local_id_fqdn are set, local_id_fqdn takes precedence.
      ike_lifetime Integer Min: 1
Max: 24
IKE lifetime in hours.
      encryption String Valid Values:
- 3des
- aes128
- aes256
IKE encryption algorithm.
      dh_group Integer Valid Values:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 20
- 21
- 24
Diffie-Hellman group for the key exchange.
  sa_policies List, items: Dictionary Security Association policies.
    - name String Required, Unique Name of the SA policy. The “null” value is deprecated and will be removed in AVD 5.0.0.
      sa_lifetime Dictionary
        value Integer Lifetime value for this SA.
Valid range depends on the unit.
<1-24> Lifetime in hours ( default )
<1-4000000> Packet limit in thousands
<1-6000> Byte limit in GB ( 1024 MB )
<1-6144000> Byte limit in MB ( 1024 KB )
        unit String hours Valid Values:
- gigabytes
- hours
- megabytes
- thousand-packets
      esp Dictionary
        integrity String Valid Values:
- disabled
- sha1
- sha256
- null
        encryption String Valid Values:
- disabled
- aes128
- aes128gcm128
- aes128gcm64
- aes256
- aes256gcm128
- null
      pfs_dh_group Integer Valid Values:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 20
- 21
- 24
  profiles List, items: Dictionary IPSec profiles.
    - name String Required, Unique Name of the IPsec profile.
      ike_policy String Name of the IKE policy to use in this profile.
      sa_policy String Name of the Security Association to use in this profile.
      connection String Valid Values:
- add
- start
- route
IPsec connection (Initiator/Responder/Dynamic).
      shared_key String Encrypted password - only type 7 supported.
      dpd Dictionary Dead Peer Detection.
        interval Integer Required Min: 2
Max: 3600
Interval (in seconds) between keep-alive messages.
        time Integer Required Min: 10
Max: 3600
Time (in seconds) after which the action is applied.
        action String Required Valid Values:
- clear
- hold
- restart
Action to apply.

* ‘clear’: Delete all connections
* ‘hold’: Re-negotiate connection on demand
* ‘restart’: Restart connection immediately
      mode String Valid Values:
- transport
- tunnel
Ipsec mode type.
      flow_parallelization_encapsulation_udp Boolean Enable flow parallelization.
When enabled, multiple cores are used to parallelize the IPsec encryption and decryption processing.
  key_controller Dictionary
    profile String IPsec profile name to use.
  hardware_encryption_disabled Boolean False Disable hardware encryption.
An SFE restart is needed for this change to take effect.
ip_security:

  # Internet Security Association and Key Mgmt Protocol.
  ike_policies:

      # Policy name.
    - name: <str; required; unique>

      # Local IKE identification.
      # Can be an IPv4 or an IPv6 address.
      # If both `local_id` and `local_id_fqdn` are set, `local_id_fqdn` takes precedence.
      local_id: <str>

      # Local FQDN or UFQDN IKE identification.
      # If both `local_id` and `local_id_fqdn` are set, `local_id_fqdn` takes precedence.
      local_id_fqdn: <str>

      # IKE lifetime in hours.
      ike_lifetime: <int; 1-24>

      # IKE encryption algorithm.
      encryption: <str; "3des" | "aes128" | "aes256">

      # Diffie-Hellman group for the key exchange.
      dh_group: <int; 1 | 2 | 5 | 14 | 15 | 16 | 17 | 20 | 21 | 24>

  # Security Association policies.
  sa_policies:

      # Name of the SA policy. The "null" value is deprecated and will be removed in AVD 5.0.0.
    - name: <str; required; unique>
      sa_lifetime:

        # Lifetime value for this SA.
        # Valid range depends on the unit.
        # <1-24>       Lifetime in hours ( default )
        # <1-4000000>  Packet limit in thousands
        # <1-6000>     Byte limit in GB ( 1024 MB )
        # <1-6144000>  Byte limit in MB ( 1024 KB )
        value: <int>
        unit: <str; "gigabytes" | "hours" | "megabytes" | "thousand-packets"; default="hours">
      esp:
        integrity: <str; "disabled" | "sha1" | "sha256" | "null">
        encryption: <str; "disabled" | "aes128" | "aes128gcm128" | "aes128gcm64" | "aes256" | "aes256gcm128" | "null">
      pfs_dh_group: <int; 1 | 2 | 5 | 14 | 15 | 16 | 17 | 20 | 21 | 24>

  # IPSec profiles.
  profiles:

      # Name of the IPsec profile.
    - name: <str; required; unique>

      # Name of the IKE policy to use in this profile.
      ike_policy: <str>

      # Name of the Security Association to use in this profile.
      sa_policy: <str>

      # IPsec connection (Initiator/Responder/Dynamic).
      connection: <str; "add" | "start" | "route">

      # Encrypted password - only type 7 supported.
      shared_key: <str>

      # Dead Peer Detection.
      dpd:

        # Interval (in seconds) between keep-alive messages.
        interval: <int; 2-3600; required>

        # Time (in seconds) after which the action is applied.
        time: <int; 10-3600; required>

        # Action to apply.
        #
        # * 'clear': Delete all connections
        # * 'hold': Re-negotiate connection on demand
        # * 'restart': Restart connection immediately
        action: <str; "clear" | "hold" | "restart"; required>

      # Ipsec mode type.
      mode: <str; "transport" | "tunnel">

      # Enable flow parallelization.
      # When enabled, multiple cores are used to parallelize the IPsec encryption and decryption processing.
      flow_parallelization_encapsulation_udp: <bool>
  key_controller:

    # IPsec profile name to use.
    profile: <str>

  # Disable hardware encryption.
  # An SFE restart is needed for this change to take effect.
  hardware_encryption_disabled: <bool; default=False>

Switching

MLAG configuration

Variable Type Required Default Value Restrictions Description
mlag_configuration Dictionary
  domain_id String
  heartbeat_interval Integer Heartbeat interval in milliseconds.
  local_interface String Local Interface Name.
  peer_address String IPv4 or IPv6 Address.
  peer_address_heartbeat Dictionary
    peer_ip String IPv4 or IPv6 Address.
    vrf String VRF Name.
  dual_primary_detection_delay Integer Min: 0
Max: 86400
Delay in seconds.
  dual_primary_recovery_delay_mlag Integer Min: 0
Max: 86400
Delay in seconds.
  dual_primary_recovery_delay_non_mlag Integer Min: 0
Max: 86400
Delay in seconds.
  peer_link String Port-Channel interface name.
  reload_delay_mlag String Delay in seconds <0-86400> or ‘infinity’.
  reload_delay_non_mlag String Delay in seconds <0-86400> or ‘infinity’.
mlag_configuration:
  domain_id: <str>

  # Heartbeat interval in milliseconds.
  heartbeat_interval: <int>

  # Local Interface Name.
  local_interface: <str>

  # IPv4 or IPv6 Address.
  peer_address: <str>
  peer_address_heartbeat:

    # IPv4 or IPv6 Address.
    peer_ip: <str>

    # VRF Name.
    vrf: <str>

  # Delay in seconds.
  dual_primary_detection_delay: <int; 0-86400>

  # Delay in seconds.
  dual_primary_recovery_delay_mlag: <int; 0-86400>

  # Delay in seconds.
  dual_primary_recovery_delay_non_mlag: <int; 0-86400>

  # Port-Channel interface name.
  peer_link: <str>

  # Delay in seconds <0-86400> or 'infinity'.
  reload_delay_mlag: <str>

  # Delay in seconds <0-86400> or 'infinity'.
  reload_delay_non_mlag: <str>

Spanning-tree

Variable Type Required Default Value Restrictions Description
spanning_tree Dictionary
  root_super Boolean
  edge_port Dictionary
    bpdufilter_default Boolean
    bpduguard_default Boolean
  mode String Valid Values:
- mstp
- rstp
- rapid-pvst
- none
  bpduguard_rate_limit Dictionary
    default Boolean
    count Integer Maximum number of BPDUs per timer interval.
  rstp_priority Integer
  mst Dictionary
    pvst_border Boolean
    configuration Dictionary
      name String
      revision Integer 0-65535.
      instances List, items: Dictionary
        - id Integer Required, Unique Instance ID.
          vlans String ”< vlan_id >, < vlan_id >-< vlan_id >”
Example: 15,16,17,18
  mst_instances List, items: Dictionary
    - id String Required, Unique Instance ID.
      priority Integer
  no_spanning_tree_vlan String ”< vlan_id >, < vlan_id >-< vlan_id >”
Example: 105,202,505-506
  rapid_pvst_instances List, items: Dictionary
    - id String Required, Unique ”< vlan_id >, < vlan_id >-< vlan_id >”
Example: 105,202,505-506
      priority Integer
spanning_tree:
  root_super: <bool>
  edge_port:
    bpdufilter_default: <bool>
    bpduguard_default: <bool>
  mode: <str; "mstp" | "rstp" | "rapid-pvst" | "none">
  bpduguard_rate_limit:
    default: <bool>

    # Maximum number of BPDUs per timer interval.
    count: <int>
  rstp_priority: <int>
  mst:
    pvst_border: <bool>
    configuration:
      name: <str>

      # 0-65535.
      revision: <int>
      instances:

          # Instance ID.
        - id: <int; required; unique>

          # "< vlan_id >, < vlan_id >-< vlan_id >"
          # Example: 15,16,17,18
          vlans: <str>
  mst_instances:

      # Instance ID.
    - id: <str; required; unique>
      priority: <int>

  # "< vlan_id >, < vlan_id >-< vlan_id >"
  # Example: 105,202,505-506
  no_spanning_tree_vlan: <str>
  rapid_pvst_instances:

      # "< vlan_id >, < vlan_id >-< vlan_id >"
      # Example: 105,202,505-506
    - id: <str; required; unique>
      priority: <int>

VLAN internal order

Variable Type Required Default Value Restrictions Description
vlan_internal_order Dictionary
  allocation String Required Valid Values:
- ascending
- descending
  range Dictionary Required
    beginning Integer Required Min: 2
Max: 4094
First VLAN ID.
    ending Integer Required Min: 2
Max: 4094
Last VLAN ID.
vlan_internal_order:
  allocation: <str; "ascending" | "descending"; required>
  range: # required

    # First VLAN ID.
    beginning: <int; 2-4094; required>

    # Last VLAN ID.
    ending: <int; 2-4094; required>

VLANs

Variable Type Required Default Value Restrictions Description
vlans List, items: Dictionary
  - id Integer Required, Unique VLAN ID.
    name String VLAN Name.
    state String Valid Values:
- active
- suspend
    trunk_groups List, items: String
      - <str> String Trunk Group Name.
    private_vlan Dictionary
      type String Valid Values:
- community
- isolated
      primary_vlan Integer Primary VLAN ID.
    tenant String Key only used for documentation or validation purposes.
vlans:

    # VLAN ID.
  - id: <int; required; unique>

    # VLAN Name.
    name: <str>
    state: <str; "active" | "suspend">
    trunk_groups:

        # Trunk Group Name.
      - <str>
    private_vlan:
      type: <str; "community" | "isolated">

      # Primary VLAN ID.
      primary_vlan: <int>

    # Key only used for documentation or validation purposes.
    tenant: <str>

System settings

Agents

Variable Type Required Default Value Restrictions Description
agents List, items: Dictionary
  - name String Required, Unique Agent name.
    environment_variables List, items: Dictionary Min Length: 1
      - name String Required, Unique Environment variable name.
        value String Required Environment variable value.
agents:

    # Agent name.
  - name: <str; required; unique>
    environment_variables: # >=1 items

        # Environment variable name.
      - name: <str; required; unique>

        # Environment variable value.
        value: <str; required>

Hardware counters

Variable Type Required Default Value Restrictions Description
hardware_counters Dictionary
  features List, items: Dictionary This data model allows to configure the list of hardware counters feature
available on Arista platforms.

The name key accepts a list of valid_values which MUST be updated to support
new feature as they are released in EOS.

The available values of the different keys like ‘direction’ or ‘address_type’
are feature and hardware dependent and this model DOES NOT validate that the
combinations are valid. It is the responsibility of the user of this data model
to make sure that the rendered CLI is accepted by the targeted device.

Examples:

* Use:
yaml<br> hardware_counters:<br> features:<br> - name: ip<br> direction: out<br> layer3: true<br> units_packets: true<br>

to render:
eos<br> hardware counter feature ip out layer3 units packets<br>
* Use:
yaml<br> hardware_counters:<br> features:<br> - name: route<br> address_type: ipv4<br> vrf: test<br> prefix: 192.168.0.0/24<br>

to render:
eos<br> hardware counter feature route ipv4 vrf test 192.168.0.0/24<br>
    - name String Valid Values:
- acl
- decap-group
- directflow
- ecn
- flow-spec
- gre tunnel interface
- ip
- mpls interface
- mpls lfib
- mpls tunnel
- multicast
- nexthop
- pbr
- pdp
- policing interface
- qos
- qos dual-rate-policer
- route
- routed-port
- segment-security
- subinterface
- tapagg
- traffic-class
- traffic-policy
- vlan
- vlan-interface
- vni decap
- vni encap
- vtep decap
- vtep encap
      direction String Valid Values:
- in
- out
- cpu
Most features support only ‘in’ and ‘out’. Some like traffic-policy support ‘cpu’.
Some features DO NOT have any direction.
This validation IS NOT made by the schemas.
      address_type String Valid Values:
- ipv4
- ipv6
- mac
Supported only for the following features:
- acl: [ipv4, ipv6, mac] if direction is ‘out’
- multicast: [ipv4, ipv6]
- route: [ipv4, ipv6]
This validation IS NOT made by the schemas.
      layer3 Boolean Supported only for the ‘ip’ feature.
      vrf String Supported only for the ‘route’ feature.
This validation IS NOT made by the schemas.
      prefix String Supported only for the ‘route’ feature.
Mandatory for the ‘route’ feature.
This validation IS NOT made by the schemas.
      units_packets Boolean
hardware_counters:

  # This data model allows to configure the list of hardware counters feature
  # available on Arista platforms.
  #
  # The `name` key accepts a list of valid_values which MUST be updated to support
  # new feature as they are released in EOS.
  #
  # The available values of the different keys like 'direction' or 'address_type'
  # are feature and hardware dependent and this model DOES NOT validate that the
  # combinations are valid. It is the responsibility of the user of this data model
  # to make sure that the rendered CLI is accepted by the targeted device.
  #
  # Examples:
  #
  #   * Use:
  #     ```yaml
  #     hardware_counters:
  #       features:
  #         - name: ip
  #           direction: out
  #           layer3: true
  #           units_packets: true
  #     ```
  #
  #     to render:
  #     ```eos
  #     hardware counter feature ip out layer3 units packets
  #     ```
  #   * Use:
  #     ```yaml
  #     hardware_counters:
  #       features:
  #         - name: route
  #           address_type: ipv4
  #           vrf: test
  #           prefix: 192.168.0.0/24
  #     ```
  #
  #     to render:
  #     ```eos
  #     hardware counter feature route ipv4 vrf test 192.168.0.0/24
  #     ```
  features:
    - name: <str; "acl" | "decap-group" | "directflow" | "ecn" | "flow-spec" | "gre tunnel interface" | "ip" | "mpls interface" | "mpls lfib" | "mpls tunnel" | "multicast" | "nexthop" | "pbr" | "pdp" | "policing interface" | "qos" | "qos dual-rate-policer" | "route" | "routed-port" | "segment-security" | "subinterface" | "tapagg" | "traffic-class" | "traffic-policy" | "vlan" | "vlan-interface" | "vni decap" | "vni encap" | "vtep decap" | "vtep encap">

      # Most features support only 'in' and 'out'. Some like traffic-policy support 'cpu'.
      # Some features DO NOT have any direction.
      # This validation IS NOT made by the schemas.
      direction: <str; "in" | "out" | "cpu">

      # Supported only for the following features:
      # - acl: [ipv4, ipv6, mac] if direction is 'out'
      # - multicast: [ipv4, ipv6]
      # - route: [ipv4, ipv6]
      # This validation IS NOT made by the schemas.
      address_type: <str; "ipv4" | "ipv6" | "mac">

      # Supported only for the 'ip' feature.
      layer3: <bool>

      # Supported only for the 'route' feature.
      # This validation IS NOT made by the schemas.
      vrf: <str>

      # Supported only for the 'route' feature.
      # Mandatory for the 'route' feature.
      # This validation IS NOT made by the schemas.
      prefix: <str>
      units_packets: <bool>

Hardware

Variable Type Required Default Value Restrictions Description
hardware Dictionary
  access_list Dictionary
    mechanism String Valid Values:
- algomatch
- none
- tcam
  speed_groups List, items: Dictionary
    - speed_group String Required, Unique
      serdes String Serdes speed like “10g” or “25g”.
hardware:
  access_list:
    mechanism: <str; "algomatch" | "none" | "tcam">
  speed_groups:
    - speed_group: <str; required; unique>

      # Serdes speed like "10g" or "25g".
      serdes: <str>

IP hardware

Variable Type Required Default Value Restrictions Description
ip_hardware Dictionary
  fib Dictionary
    optimize Dictionary
      prefixes Dictionary
        profile String Valid Values:
- internet
- urpf-internet
ip_hardware:
  fib:
    optimize:
      prefixes:
        profile: <str; "internet" | "urpf-internet">

IPv6 hardware

Variable Type Required Default Value Restrictions Description
ipv6_hardware Dictionary
  fib Dictionary
    optimize Dictionary
      prefixes Dictionary
        profile String Pre-defined profile ‘internet’ or user-defined profile name.
ipv6_hardware:
  fib:
    optimize:
      prefixes:

        # Pre-defined profile 'internet' or user-defined profile name.
        profile: <str>

L2 protocol

Variable Type Required Default Value Restrictions Description
l2_protocol Dictionary
  forwarding_profiles List, items: Dictionary
    - name String Required, Unique
      protocols List, items: Dictionary
        - name String Required, Unique Valid Values:
- bfd per-link rfc-7130
- e-lmi
- isis
- lacp
- lldp
- macsec
- pause
- stp
          forward Boolean
          tagged_forward Boolean
          untagged_forward Boolean
l2_protocol:
  forwarding_profiles:
    - name: <str; required; unique>
      protocols:
        - name: <str; "bfd per-link rfc-7130" | "e-lmi" | "isis" | "lacp" | "lldp" | "macsec" | "pause" | "stp"; required; unique>
          forward: <bool>
          tagged_forward: <bool>
          untagged_forward: <bool>

MAC address-table

Variable Type Required Default Value Restrictions Description
mac_address_table Dictionary
  aging_time Integer Aging time in seconds.
  notification_host_flap Dictionary
    logging Boolean
    detection Dictionary
      window Integer Min: 2
Max: 300
      moves Integer Min: 2
Max: 10
mac_address_table:

  # Aging time in seconds.
  aging_time: <int>
  notification_host_flap:
    logging: <bool>
    detection:
      window: <int; 2-300>
      moves: <int; 2-10>

Platform

Variable Type Required Default Value Restrictions Description
platform Dictionary Every key below this point is platform dependent.
  trident Dictionary
    forwarding_table_partition String
    mmu Dictionary Memory Management Unit settings.
      active_profile String The queue profile to be applied to the platform.
      queue_profiles List, items: Dictionary
        - name String Required, Unique
          multicast_queues List, items: Dictionary
            - id Integer Required, Unique Min: 0
Max: 7
              unit String Valid Values:
- bytes
- cells
Unit to be used for the reservation value. If not specified, default is bytes.
              reserved Integer Amount of memory that should be reserved for this
queue.
              threshold String Dynamic Shared Memory threshold.
              drop Dictionary
                precedence Integer Required Valid Values:
- 1
- 2
                threshold String Required Drop Threshold. This value may also be fractions.
Example: 7/8 or 3/4 or 1/2
          unicast_queues List, items: Dictionary
            - id Integer Required, Unique Min: 0
Max: 7
              unit String Valid Values:
- bytes
- cells
Unit to be used for the reservation value. If not specified, default is bytes.
              reserved Integer Amount of memory that should be reserved for this
queue.
              threshold String Dynamic Shared Memory threshold.
              drop Dictionary
                precedence Integer Required Valid Values:
- 1
- 2
                threshold String Required Drop Threshold. This value may also be fractions.
Example: 7/8 or 3/4 or 1/2
  sand Dictionary Most of the platform sand options are hardware dependent and optional.
    qos_maps List, items: Dictionary
      - traffic_class Integer Min: 0
Max: 7
        to_network_qos Integer Min: 0
Max: 63
    lag Dictionary
      hardware_only Boolean
      mode String
    forwarding_mode String
    multicast_replication Dictionary
      default String Valid Values:
- ingress
- egress
    mdb_profile String Valid Values:
- balanced
- balanced-xl
- l3
- l3-xl
- l3-xxl
- l3-xxxl
Sand platforms MDB Profile configuration. Note: l3-xxxl does not support MLAG.
  sfe Dictionary Sfe (Software Forwarding Engine) settings.
    data_plane_cpu_allocation_max Integer Min: 1
Max: 128
Maximum number of CPUs used for data plane traffic forwarding.
# Every key below this point is platform dependent.
platform:
  trident:
    forwarding_table_partition: <str>

    # Memory Management Unit settings.
    mmu:

      # The queue profile to be applied to the platform.
      active_profile: <str>
      queue_profiles:
        - name: <str; required; unique>
          multicast_queues:
            - id: <int; 0-7; required; unique>

              # Unit to be used for the reservation value. If not specified, default is bytes.
              unit: <str; "bytes" | "cells">

              # Amount of memory that should be reserved for this
              # queue.
              reserved: <int>

              # Dynamic Shared Memory threshold.
              threshold: <str>
              drop:
                precedence: <int; 1 | 2; required>

                # Drop Threshold. This value may also be fractions.
                # Example: 7/8 or 3/4 or 1/2
                threshold: <str; required>
          unicast_queues:
            - id: <int; 0-7; required; unique>

              # Unit to be used for the reservation value. If not specified, default is bytes.
              unit: <str; "bytes" | "cells">

              # Amount of memory that should be reserved for this
              # queue.
              reserved: <int>

              # Dynamic Shared Memory threshold.
              threshold: <str>
              drop:
                precedence: <int; 1 | 2; required>

                # Drop Threshold. This value may also be fractions.
                # Example: 7/8 or 3/4 or 1/2
                threshold: <str; required>

  # Most of the platform sand options are hardware dependent and optional.
  sand:
    qos_maps:
      - traffic_class: <int; 0-7>
        to_network_qos: <int; 0-63>
    lag:
      hardware_only: <bool>
      mode: <str>
    forwarding_mode: <str>
    multicast_replication:
      default: <str; "ingress" | "egress">

    # Sand platforms MDB Profile configuration. Note: l3-xxxl does not support MLAG.
    mdb_profile: <str; "balanced" | "balanced-xl" | "l3" | "l3-xl" | "l3-xxl" | "l3-xxxl">

  # Sfe (Software Forwarding Engine) settings.
  sfe:

    # Maximum number of CPUs used for data plane traffic forwarding.
    data_plane_cpu_allocation_max: <int; 1-128>

PoE

Variable Type Required Default Value Restrictions Description
poe Dictionary
  reboot Dictionary Set the global PoE power behavior for PoE ports when the system is rebooted.
    action String Valid Values:
- power-off
- maintain
PoE action for interface. By default in EOS, reboot action is set to power-off.
  interface_shutdown Dictionary Set the global PoE power behavior for PoE ports when ports are admin down.
    action String Valid Values:
- power-off
- maintain
PoE action for interface. By default in EOS, interface shutdown action is set to maintain.
poe:

  # Set the global PoE power behavior for PoE ports when the system is rebooted.
  reboot:

    # PoE action for interface. By default in EOS, reboot action is set to power-off.
    action: <str; "power-off" | "maintain">

  # Set the global PoE power behavior for PoE ports when ports are admin down.
  interface_shutdown:

    # PoE action for interface. By default in EOS, interface shutdown action is set to maintain.
    action: <str; "power-off" | "maintain">

PTP

Variable Type Required Default Value Restrictions Description
ptp Dictionary
  mode String Valid Values:
- boundary
- disabled
- e2etransparent
- gptp
- ordinarymaster
- p2ptransparent
  mode_one_step Boolean
  forward_unicast Boolean
  clock_identity String The clock-id in xx:xx:xx:xx:xx:xx format.
  source Dictionary
    ip String Source IP.
  priority1 Integer Min: 0
Max: 255
  priority2 Integer Min: 0
Max: 255
  ttl Integer Min: 1
Max: 255
  domain Integer Min: 0
Max: 255
  message_type Dictionary
    general Dictionary
      dscp Integer
    event Dictionary
      dscp Integer
  monitor Dictionary
    enabled Boolean True
    threshold Dictionary
      offset_from_master Integer Min: 0
Max: 1000000000
      mean_path_delay Integer Min: 0
Max: 1000000000
      drop Dictionary
        offset_from_master Integer Min: 0
Max: 1000000000
        mean_path_delay Integer Min: 0
Max: 1000000000
    missing_message Dictionary
      intervals Dictionary
        announce Integer Min: 2
Max: 255
        follow_up Integer Min: 2
Max: 255
        sync Integer Min: 2
Max: 255
      sequence_ids Dictionary
        enabled Boolean
        announce Integer Min: 2
Max: 255
        delay_resp Integer Min: 2
Max: 255
        follow_up Integer Min: 2
Max: 255
        sync Integer Min: 2
Max: 255
ptp:
  mode: <str; "boundary" | "disabled" | "e2etransparent" | "gptp" | "ordinarymaster" | "p2ptransparent">
  mode_one_step: <bool>
  forward_unicast: <bool>

  # The clock-id in xx:xx:xx:xx:xx:xx format.
  clock_identity: <str>
  source:

    # Source IP.
    ip: <str>
  priority1: <int; 0-255>
  priority2: <int; 0-255>
  ttl: <int; 1-255>
  domain: <int; 0-255>
  message_type:
    general:
      dscp: <int>
    event:
      dscp: <int>
  monitor:
    enabled: <bool; default=True>
    threshold:
      offset_from_master: <int; 0-1000000000>
      mean_path_delay: <int; 0-1000000000>
      drop:
        offset_from_master: <int; 0-1000000000>
        mean_path_delay: <int; 0-1000000000>
    missing_message:
      intervals:
        announce: <int; 2-255>
        follow_up: <int; 2-255>
        sync: <int; 2-255>
      sequence_ids:
        enabled: <bool>
        announce: <int; 2-255>
        delay_resp: <int; 2-255>
        follow_up: <int; 2-255>
        sync: <int; 2-255>

Redundancy

Variable Type Required Default Value Restrictions Description
redundancy Dictionary
  protocol String Redundancy Protocol.
redundancy:

  # Redundancy Protocol.
  protocol: <str>

System

Variable Type Required Default Value Restrictions Description
system Dictionary
  control_plane Dictionary
    tcp_mss Dictionary
      ipv4 Integer Segment size.
      ipv6 Integer Segment size.
    ipv4_access_groups List, items: Dictionary
      - acl_name String Required, Unique
        vrf String
    ipv6_access_groups List, items: Dictionary
      - acl_name String Required, Unique
        vrf String
  l1 Dictionary
    unsupported_speed_action String Valid Values:
- error
- warn
    unsupported_error_correction_action String Valid Values:
- error
- warn
system:
  control_plane:
    tcp_mss:

      # Segment size.
      ipv4: <int>

      # Segment size.
      ipv6: <int>
    ipv4_access_groups:
      - acl_name: <str; required; unique>
        vrf: <str>
    ipv6_access_groups:
      - acl_name: <str; required; unique>
        vrf: <str>
  l1:
    unsupported_speed_action: <str; "error" | "warn">
    unsupported_error_correction_action: <str; "error" | "warn">

TCAM profile

Variable Type Required Default Value Restrictions Description
tcam_profile Dictionary
  system String TCAM profile name to activate.
  profiles List, items: Dictionary
    - name String Required, Unique Tcam-Profile Name.
      config String TCAM Profile Config. Since these can be very long, it is often a good idea to import the config from a file.
Example: “{{ lookup(‘file’, ‘TCAM_TRAFFIC_POLICY.conf’) }}”
      source String TCAM profile local source path. Used to read the TCAM profile from a local path existing on the device.
tcam_profile:

  # TCAM profile name to activate.
  system: <str>
  profiles:

      # Tcam-Profile Name.
    - name: <str; required; unique>

      # TCAM Profile Config. Since these can be very long, it is often a good idea to import the config from a file.
      # Example: "{{ lookup('file', 'TCAM_TRAFFIC_POLICY.conf') }}"
      config: <str>

      # TCAM profile local source path. Used to read the TCAM profile from a local path existing on the device.
      source: <str>

Metadata

These fields are not generating any configuration. They are meant to be used by tools that parse structured configuration.

Variable Type Required Default Value Restrictions Description
metadata Dictionary The data under metadata is used for documentation, validation or integration purposes.
It will not affect the generated EOS configuration.
  platform String
  system_mac_address String
  cv_tags Dictionary
    device_tags List, items: Dictionary
      - name String Required
        value String Required
    interface_tags List, items: Dictionary
      - interface String Required
        tags List, items: Dictionary
          - name String Required
            value String Required
  cv_pathfinder Dictionary Metadata used for CV Pathfinder visualization on CloudVision.
    role String
    region String
    zone String
    site String
    vtep_ip String
    ssl_profile String
    address String
    pathfinders List, items: Dictionary
      - vtep_ip String Required
    interfaces List, items: Dictionary
      - name String
        carrier String
        circuit_id String
        pathgroup String
        public_ip String
    pathgroups List, items: Dictionary
      - name String Required
        carriers List, items: Dictionary
          - name String
        imported_carriers List, items: Dictionary
          - name String
    regions List, items: Dictionary
      - id Integer
        name String
        zones List, items: Dictionary
          - id Integer
            name String
            sites List, items: Dictionary
              - id Integer
                name String
                location Dictionary
                  address String
    vrfs List, items: Dictionary
      - name String
        vni Integer
        avts List, items: Dictionary
          - constraints Dictionary
              jitter Integer
              latency Integer
              lossrate String
            description String
            id Integer
            name String
            pathgroups List, items: Dictionary
              - name String
                preference String
    internet_exit_policies List, items: Dictionary
      - name String Required
        type String Required
        city String Required
        country String Required
        upload_bandwidth Integer
        download_bandwidth Integer
        firewall Boolean Required
        ips_control Boolean Required
        acceptable_use_policy Boolean Required
        vpn_credentials List, items: Dictionary Required
          - fqdn String Required
            vpn_type String Required
            pre_shared_key String Required
        tunnels List, items: Dictionary Required
          - name String Required
            preference String Required
# The data under `metadata` is used for documentation, validation or integration purposes.
# It will not affect the generated EOS configuration.
metadata:
  platform: <str>
  system_mac_address: <str>
  cv_tags:
    device_tags:
      - name: <str; required>
        value: <str; required>
    interface_tags:
      - interface: <str; required>
        tags:
          - name: <str; required>
            value: <str; required>

  # Metadata used for CV Pathfinder visualization on CloudVision.
  cv_pathfinder:
    role: <str>
    region: <str>
    zone: <str>
    site: <str>
    vtep_ip: <str>
    ssl_profile: <str>
    address: <str>
    pathfinders:
      - vtep_ip: <str; required>
    interfaces:
      - name: <str>
        carrier: <str>
        circuit_id: <str>
        pathgroup: <str>
        public_ip: <str>
    pathgroups:
      - name: <str; required>
        carriers:
          - name: <str>
        imported_carriers:
          - name: <str>
    regions:
      - id: <int>
        name: <str>
        zones:
          - id: <int>
            name: <str>
            sites:
              - id: <int>
                name: <str>
                location:
                  address: <str>
    vrfs:
      - name: <str>
        vni: <int>
        avts:
          - constraints:
              jitter: <int>
              latency: <int>
              lossrate: <str>
            description: <str>
            id: <int>
            name: <str>
            pathgroups:
              - name: <str>
                preference: <str>
    internet_exit_policies:
      - name: <str; required>
        type: <str; required>
        city: <str; required>
        country: <str; required>
        upload_bandwidth: <int>
        download_bandwidth: <int>
        firewall: <bool; required>
        ips_control: <bool; required>
        acceptable_use_policy: <bool; required>
        vpn_credentials: # required
          - fqdn: <str; required>
            vpn_type: <str; required>
            pre_shared_key: <str; required>
        tunnels: # required
          - name: <str; required>
            preference: <str; required>