Input variables for eos_cli_config_gen

This document describes the supported input variables for the role arista.avd.eos_cli_config_gen.

Since several data models have changed between AVD versions 3.x and 4.x, it is recommended to study the Porting Guide for AVD 4.x.x for existing deployments.

The input variables are documented below in tables and YAML.

All values are optional.

Note

All input variables are validated by a schema. If additional custom keys are desired, a key starting with an underscore _, will be ignored.

Warning

Available features and variables may vary by platforms, refer to documentation on arista.com for specifics.

Authentication

AAA accounting

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aaa_accounting	Dictionary
exec	Dictionary
console	Dictionary
type	String			Valid Values: - none - start-stop - stop-only
group	String				Group Name.
logging	Boolean
default	Dictionary
type	String			Valid Values: - none - start-stop - stop-only
group	String				Group Name.
logging	Boolean
system	Dictionary
default	Dictionary
type	String			Valid Values: - none - start-stop - stop-only
group	String				Group Name.
dot1x	Dictionary
default	Dictionary
type	String			Valid Values: - start-stop - stop-only
group	String				Group Name.
commands	Dictionary
console	List, items: Dictionary
- commands	String				Privilege level ‘all’ or 0-15.
type	String			Valid Values: - none - start-stop - stop-only
group	String				Group Name.
logging	Boolean
default	List, items: Dictionary
- commands	String				Privilege level ‘all’ or 0-15.
type	String			Valid Values: - none - start-stop - stop-only
group	String				Group Name.
logging	Boolean

aaa_accounting:
  exec:
    console:
      type: <str; "none" | "start-stop" | "stop-only">

      # Group Name.
      group: <str>
      logging: <bool>
    default:
      type: <str; "none" | "start-stop" | "stop-only">

      # Group Name.
      group: <str>
      logging: <bool>
  system:
    default:
      type: <str; "none" | "start-stop" | "stop-only">

      # Group Name.
      group: <str>
  dot1x:
    default:
      type: <str; "start-stop" | "stop-only">

      # Group Name.
      group: <str>
  commands:
    console:

        # Privilege level 'all' or 0-15.
      - commands: <str>
        type: <str; "none" | "start-stop" | "stop-only">

        # Group Name.
        group: <str>
        logging: <bool>
    default:

        # Privilege level 'all' or 0-15.
      - commands: <str>
        type: <str; "none" | "start-stop" | "stop-only">

        # Group Name.
        group: <str>
        logging: <bool>

AAA authentication

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aaa_authentication	Dictionary
login	Dictionary
default	String				Login authentication method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local”
console	String				Console authentication method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local”
enable	Dictionary
default	String				Enable authentication method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local”
dot1x	Dictionary
default	String				802.1x authentication method(s) as a string. Examples: - “group radius” - “group MYGROUP group radius”
policies	Dictionary
on_failure_log	Boolean
on_success_log	Boolean
local	Dictionary
allow_nopassword	Boolean
lockout	Dictionary
failure	Integer			Min: 1 Max: 255
duration	Integer			Min: 1 Max: 4294967295
window	Integer			Min: 1 Max: 4294967295

aaa_authentication:
  login:

    # Login authentication method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group radius group MYGROUP local"
    default: <str>

    # Console authentication method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group radius group MYGROUP local"
    console: <str>
  enable:

    # Enable authentication method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group radius group MYGROUP local"
    default: <str>
  dot1x:

    # 802.1x authentication method(s) as a string.
    # Examples:
    # - "group radius"
    # - "group MYGROUP group radius"
    default: <str>
  policies:
    on_failure_log: <bool>
    on_success_log: <bool>
    local:
      allow_nopassword: <bool>
    lockout:
      failure: <int; 1-255>
      duration: <int; 1-4294967295>
      window: <int; 1-4294967295>

AAA authorization

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aaa_authorization	Dictionary
policy	Dictionary
local_default_role	String
exec	Dictionary
default	String				Exec authorization method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local”
config_commands	Boolean
serial_console	Boolean
dynamic	Dictionary
dot1x_additional_groups	List, items: String			Min Length: 1
- <str>	String
commands	Dictionary
all_default	String				Command authorization method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group tacacs+ group MYGROUP local
privilege	List, items: Dictionary
- level	String				Privilege level(s) 0-15.
default	String				Command authorization method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group tacacs+ group MYGROUP local”

aaa_authorization:
  policy:
    local_default_role: <str>
  exec:

    # Exec authorization method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group radius group MYGROUP local"
    default: <str>
  config_commands: <bool>
  serial_console: <bool>
  dynamic:
    dot1x_additional_groups: # >=1 items
      - <str>
  commands:

    # Command authorization method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group tacacs+ group MYGROUP local
    all_default: <str>
    privilege:

        # Privilege level(s) 0-15.
      - level: <str>

        # Command authorization method(s) as a string.
        # Examples:
        # - "group tacacs+ local"
        # - "group MYGROUP none"
        # - "group tacacs+ group MYGROUP local"
        default: <str>

AAA root

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aaa_root	Dictionary
secret	Dictionary
sha512_password	String

aaa_root:
  secret:
    sha512_password: <str>

AAA server groups

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aaa_server_groups	List, items: Dictionary
- name	String				Group name.
type	String			Valid Values: - tacacs+ - radius - ldap
servers	List, items: Dictionary
- server	String				Hostname or IP address.
vrf	String				VRF name.

aaa_server_groups:

    # Group name.
  - name: <str>
    type: <str; "tacacs+" | "radius" | "ldap">
    servers:

        # Hostname or IP address.
      - server: <str>

        # VRF name.
        vrf: <str>

Enable password

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
enable_password	Dictionary
hash_algorithm	String			Valid Values: - md5 - sha512
key	String				Must be the hash of the password using the specified algorithm. By default EOS salts the password, so the simplest is to generate the hash on an EOS device.

enable_password:
  hash_algorithm: <str; "md5" | "sha512">

  # Must be the hash of the password using the specified algorithm.
  # By default EOS salts the password, so the simplest is to generate the hash on an EOS device.
  key: <str>

IP radius source-interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_radius_source_interfaces	List, items: Dictionary
- name	String				Interface Name.
vrf	String				VRF Name.

ip_radius_source_interfaces:

    # Interface Name.
  - name: <str>

    # VRF Name.
    vrf: <str>

IP tacacs source-interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_tacacs_source_interfaces	List, items: Dictionary
- name	String				Interface name.
vrf	String

ip_tacacs_source_interfaces:

    # Interface name.
  - name: <str>
    vrf: <str>

Local users

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
local_users	List, items: Dictionary
- name	String	Required, Unique			Username.
disabled	Boolean				If true, the user will be removed and all other settings are ignored. Useful for removing the default “admin” user.
privilege	Integer			Min: 0 Max: 15	Initial privilege level with local EXEC authorization.
role	String				EOS RBAC Role to be assigned to the user such as “network-admin” or “network-operator”.
sha512_password	String				SHA512 Hash of Password. Must be the hash of the password. By default EOS salts the password with the username, so the simplest is to generate the hash on an EOS device using the same username.
no_password	Boolean				If set a password will not be configured for this user. “sha512_password” MUST not be defined for this user.
ssh_key	String
secondary_ssh_key	String
shell	String			Valid Values: - /bin/bash - /bin/sh - /sbin/nologin	Specify shell for the user.

local_users:

    # Username.
  - name: <str; required; unique>

    # If true, the user will be removed and all other settings are ignored.
    # Useful for removing the default "admin" user.
    disabled: <bool>

    # Initial privilege level with local EXEC authorization.
    privilege: <int; 0-15>

    # EOS RBAC Role to be assigned to the user such as "network-admin" or "network-operator".
    role: <str>

    # SHA512 Hash of Password.
    # Must be the hash of the password. By default EOS salts the password with the username, so the simplest is to generate the hash on an EOS device using the same username.
    sha512_password: <str>

    # If set a password will not be configured for this user. "sha512_password" MUST not be defined for this user.
    no_password: <bool>
    ssh_key: <str>
    secondary_ssh_key: <str>

    # Specify shell for the user.
    shell: <str; "/bin/bash" | "/bin/sh" | "/sbin/nologin">

Radius server

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
radius_server	Dictionary
attribute_32_include_in_access_req	Dictionary
hostname	Boolean
format	String				Specify the format of the NAS-Identifier. If ‘hostname’ is set, this is ignored.
dynamic_authorization	Dictionary
port	Integer			Min: 0 Max: 65535	TCP Port.
tls_ssl_profile	String				Name of TLS profile.
hosts	List, items: Dictionary
- host	String	Required, Unique			Host IP address or name.
vrf	String
timeout	Integer			Min: 1 Max: 1000
retransmit	Integer			Min: 0 Max: 100
key	String				Encrypted key.

radius_server:
  attribute_32_include_in_access_req:
    hostname: <bool>

    # Specify the format of the NAS-Identifier. If 'hostname' is set, this is ignored.
    format: <str>
  dynamic_authorization:

    # TCP Port.
    port: <int; 0-65535>

    # Name of TLS profile.
    tls_ssl_profile: <str>
  hosts:

      # Host IP address or name.
    - host: <str; required; unique>
      vrf: <str>
      timeout: <int; 1-1000>
      retransmit: <int; 0-100>

      # Encrypted key.
      key: <str>

Radius servers

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
radius_servers deprecated	List, items: Dictionary				This key is deprecated. Support will be removed in AVD version v5.0.0. Use radius_server.hosts instead.
- host	String				Host IP address or name.
vrf	String
key	String				Encrypted key.

# This key is deprecated.
# Support will be removed in AVD version v5.0.0.
# Use <samp>radius_server.hosts</samp> instead.
radius_servers:

    # Host IP address or name.
  - host: <str>
    vrf: <str>

    # Encrypted key.
    key: <str>

Roles

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
roles	List, items: Dictionary
- name	String				Role name.
sequence_numbers	List, items: Dictionary
- sequence	Integer				Sequence number.
action	String			Valid Values: - permit - deny
mode	String				“config”, “config-all”, “exec” or mode key as string.
command	String				Command as string.

roles:

    # Role name.
  - name: <str>
    sequence_numbers:

        # Sequence number.
      - sequence: <int>
        action: <str; "permit" | "deny">

        # "config", "config-all", "exec" or mode key as string.
        mode: <str>

        # Command as string.
        command: <str>

Tacacs servers

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
tacacs_servers	Dictionary
timeout	Integer			Min: 1 Max: 1000	Timeout in seconds.
hosts	List, items: Dictionary
- host	String				Host IP address or name.
vrf	String
key	String				Encrypted key.
key_type	String		7	Valid Values: - 0 - 7 - 8a
single_connection	Boolean
timeout	Integer			Min: 1 Max: 1000	Timeout in seconds.
policy_unknown_mandatory_attribute_ignore	Boolean

tacacs_servers:

  # Timeout in seconds.
  timeout: <int; 1-1000>
  hosts:

      # Host IP address or name.
    - host: <str>
      vrf: <str>

      # Encrypted key.
      key: <str>
      key_type: <str; "0" | "7" | "8a"; default="7">
      single_connection: <bool>

      # Timeout in seconds.
      timeout: <int; 1-1000>
  policy_unknown_mandatory_attribute_ignore: <bool>

ACLs

IP Extended access-lists

AVD currently supports two different data models for extended ACLs:

• The legacy access_lists data model, for compatibility with existing deployments
• The improved ip_access_lists data model, for access to more EOS features

Both data models can coexists without conflicts, as different keys are used: access_lists vs ip_access_lists. Access list names must be unique.

The legacy data model supports simplified ACL definition with sequence to action mapping:

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
access_lists	List, items: Dictionary
- name	String	Required, Unique			Access-list Name.
counters_per_entry	Boolean
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID.
action	String	Required			Action as string. Example: “deny ip any any”

access_lists:

    # Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "deny ip any any"
        action: <str; required>

The improved data model has a more sophisticated design documented below:

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_access_lists	List, items: Dictionary
- name	String	Required, Unique			Access-list Name.
counters_per_entry	Boolean
entries	List, items: Dictionary				ACL Entries.
- sequence	Integer				ACL entry sequence number.
remark	String				Comment up to 100 characters. If remark is defined, other keys in the ACL entry will be ignored.
action	String			Valid Values: - permit - deny	ACL action. Required except for remarks.
protocol	String				“ip”, “tcp”, “udp”, “icmp” or other protocol name or number. Required except for remarks.
source	String				“any”, “/” or ““. “” without a mask means host. Required except for remarks.
source_ports_match	String		eq	Valid Values: - eq - gt - lt - neq - range
source_ports	List, items: String
- <str>	String				TCP/UDP source port name or number.
destination	String				“any”, “/” or ““. “” without a mask means host. Required except for remarks.
destination_ports_match	String		eq	Valid Values: - eq - gt - lt - neq - range
destination_ports	List, items: String
- <str>	String				TCP/UDP destination port name or number.
tcp_flags	List, items: String
- <str>	String				TCP Flag Name.
fragments	Boolean				Match non-head fragment packets.
log	Boolean				Log matches against this rule.
ttl	Integer			Min: 0 Max: 255	TTL value.
ttl_match	String		eq	Valid Values: - eq - gt - lt - neq
icmp_type	String				Message type name/number for ICMP packets.
icmp_code	String				Message code for ICMP packets.
nexthop_group	String				nexthop-group name.
tracked	Boolean				Match packets in existing ICMP/UDP/TCP connections.
dscp	String				DSCP value or name.
vlan_number	Integer
vlan_inner	Boolean		False
vlan_mask	String				0x000-0xFFF VLAN mask.

ip_access_lists:

    # Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>

    # ACL Entries.
    entries:

        # ACL entry sequence number.
      - sequence: <int>

        # Comment up to 100 characters.
        # If remark is defined, other keys in the ACL entry will be ignored.
        remark: <str>

        # ACL action.
        # Required except for remarks.
        action: <str; "permit" | "deny">

        # "ip", "tcp", "udp", "icmp" or other protocol name or number.
        # Required except for remarks.
        protocol: <str>

        # "any", "<ip>/<mask>" or "<ip>".
        # "<ip>" without a mask means host.
        # Required except for remarks.
        source: <str>
        source_ports_match: <str; "eq" | "gt" | "lt" | "neq" | "range"; default="eq">
        source_ports:

            # TCP/UDP source port name or number.
          - <str>

        # "any", "<ip>/<mask>" or "<ip>".
        # "<ip>" without a mask means host.
        # Required except for remarks.
        destination: <str>
        destination_ports_match: <str; "eq" | "gt" | "lt" | "neq" | "range"; default="eq">
        destination_ports:

            # TCP/UDP destination port name or number.
          - <str>
        tcp_flags:

            # TCP Flag Name.
          - <str>

        # Match non-head fragment packets.
        fragments: <bool>

        # Log matches against this rule.
        log: <bool>

        # TTL value.
        ttl: <int; 0-255>
        ttl_match: <str; "eq" | "gt" | "lt" | "neq"; default="eq">

        # Message type name/number for ICMP packets.
        icmp_type: <str>

        # Message code for ICMP packets.
        icmp_code: <str>

        # nexthop-group name.
        nexthop_group: <str>

        # Match packets in existing ICMP/UDP/TCP connections.
        tracked: <bool>

        # DSCP value or name.
        dscp: <str>
        vlan_number: <int>
        vlan_inner: <bool; default=False>

        # 0x000-0xFFF VLAN mask.
        vlan_mask: <str>

The improved data model allows to limit the number of ACL entries that AVD is allowed to generate by defining ip_access_lists_max_entries. Only normal entries under ip_access_lists will be counted, remarks will be ignored. If the number is above the limit, the playbook will fail. This provides a simplified control over hardware utilization. The numbers must be based on the hardware tests and AVD does not provide any guidance. Note that other EOS features may use the same hardware resources and affect the supported scale.

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_access_lists_max_entries	Integer				Limit ACL entries defined under the ip_access_lists.

# Limit ACL entries defined under the `ip_access_lists`.
ip_access_lists_max_entries: <int>

IPv6 access-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_access_lists	List, items: Dictionary
- name	String	Required, Unique			IPv6 Access-list Name.
counters_per_entry	Boolean
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID.
action	String	Required			Action as string. Example: “deny ipv6 any any”

ipv6_access_lists:

    # IPv6 Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "deny ipv6 any any"
        action: <str; required>

IPv6 standard access-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_standard_access_lists	List, items: Dictionary
- name	String	Required, Unique			Access-list Name.
counters_per_entry	Boolean
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID.
action	String	Required			Action as string. Example: “deny ipv6 any any”

ipv6_standard_access_lists:

    # Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "deny ipv6 any any"
        action: <str; required>

MAC access-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
mac_access_lists	List, items: Dictionary
- name	String	Required, Unique			MAC Access-list Name.
counters_per_entry	Boolean
entries	List, items: Dictionary
- sequence	Integer
action	String

mac_access_lists:

    # MAC Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>
    entries:
      - sequence: <int>
        action: <str>

Standard access-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
standard_access_lists	List, items: Dictionary
- name	String	Required, Unique			Access-list Name.
counters_per_entry	Boolean
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID.
action	String	Required			Action as string. Example: “deny ip any any”

standard_access_lists:

    # Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "deny ip any any"
        action: <str; required>

Endpoint Security

Address-locking

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
address_locking	Dictionary
dhcp_servers_ipv4	List, items: String
- <str>	String				DHCP server IPv4 address.
disabled	Boolean				Disable IP locking on configured ports.
leases	List, items: Dictionary
- ip	String	Required			IP address.
mac	String	Required			MAC address (hhhh.hhhh.hhhh or hh:hh:hh:hh:hh:hh).
local_interface	String
locked_address	Dictionary
expiration_mac_disabled	Boolean				Configure deauthorizing locked addresses upon MAC aging out.
ipv4_enforcement_disabled	Boolean				Configure enforcement for locked IPv4 addresses.
ipv6_enforcement_disabled	Boolean				Configure enforcement for locked IPv6 addresses.

address_locking:
  dhcp_servers_ipv4:

      # DHCP server IPv4 address.
    - <str>

  # Disable IP locking on configured ports.
  disabled: <bool>
  leases:

      # IP address.
    - ip: <str; required>

      # MAC address (hhhh.hhhh.hhhh or hh:hh:hh:hh:hh:hh).
      mac: <str; required>
  local_interface: <str>
  locked_address:

    # Configure deauthorizing locked addresses upon MAC aging out.
    expiration_mac_disabled: <bool>

    # Configure enforcement for locked IPv4 addresses.
    ipv4_enforcement_disabled: <bool>

    # Configure enforcement for locked IPv6 addresses.
    ipv6_enforcement_disabled: <bool>

Dot1x

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
dot1x	Dictionary
system_auth_control	Boolean
protocol_lldp_bypass	Boolean
protocol_bpdu_bypass	Boolean
dynamic_authorization	Boolean
mac_based_authentication	Dictionary
delay	Integer			Min: 0 Max: 300
hold_period	Integer			Min: 1 Max: 300
radius_av_pair	Dictionary
service_type	Boolean
framed_mtu	Integer			Min: 68 Max: 9236
aaa	Dictionary				Configure AAA parameters.
unresponsive	Dictionary				Configure AAA timeout options.
eap_response	String			Valid Values: - success - disabled	EAP response to send.
action	Dictionary				Set action for supplicant when AAA times out.
apply_cached_results	Boolean				Use results from a previous AAA response.
cached_results_timeout	Dictionary
time_duration	Integer			Min: 1	Enable caching for a specific duration - <1-10000> duration in days <1-14400000> duration in minutes <1-240000> duration in hours <1-864000000> duration in seconds
time_duration_unit	String	Required		Valid Values: - days - hours - minutes - seconds
apply_alternate	Boolean				Apply alternate action if primary action fails. eg. aaa unresponsive action apply cached-results else traffic allow
traffic_allow	Boolean				Set action for supplicant traffic when AAA times out.
traffic_allow_vlan	Integer			Min: 1 Max: 4094
phone_action	Dictionary				Set action for supplicant when AAA times out.
apply_cached_results	Boolean				Use results from a previous AAA response.
cached_results_timeout	Dictionary
time_duration	Integer			Min: 1	Enable caching for a specific duration - <1-10000> duration in days <1-14400000> duration in minutes <1-240000> duration in hours <1-864000000> duration in seconds
time_duration_unit	String	Required		Valid Values: - days - hours - minutes - seconds
apply_alternate	Boolean				Apply alternate action if primary action fails. eg. aaa unresponsive phone action apply cached-results else traffic allow
traffic_allow	Boolean				Set action for supplicant traffic when AAA times out.
recovery_action_reauthenticate	Boolean
accounting_update_interval	Integer			Min: 5 Max: 65535	Interval period in seconds.

dot1x:
  system_auth_control: <bool>
  protocol_lldp_bypass: <bool>
  protocol_bpdu_bypass: <bool>
  dynamic_authorization: <bool>
  mac_based_authentication:
    delay: <int; 0-300>
    hold_period: <int; 1-300>
  radius_av_pair:
    service_type: <bool>
    framed_mtu: <int; 68-9236>

  # Configure AAA parameters.
  aaa:

    # Configure AAA timeout options.
    unresponsive:

      # EAP response to send.
      eap_response: <str; "success" | "disabled">

      # Set action for supplicant when AAA times out.
      action:

        # Use results from a previous AAA response.
        apply_cached_results: <bool>
        cached_results_timeout:

          # Enable caching for a specific duration -
          # <1-10000>      duration in days
          # <1-14400000>   duration in minutes
          # <1-240000>     duration in hours
          # <1-864000000>  duration in seconds
          time_duration: <int; >=1>
          time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>

        # Apply alternate action if primary action fails.
        # eg. aaa unresponsive action apply cached-results else traffic allow
        apply_alternate: <bool>

        # Set action for supplicant traffic when AAA times out.
        traffic_allow: <bool>
        traffic_allow_vlan: <int; 1-4094>

      # Set action for supplicant when AAA times out.
      phone_action:

        # Use results from a previous AAA response.
        apply_cached_results: <bool>
        cached_results_timeout:

          # Enable caching for a specific duration -
          # <1-10000>      duration in days
          # <1-14400000>   duration in minutes
          # <1-240000>     duration in hours
          # <1-864000000>  duration in seconds
          time_duration: <int; >=1>
          time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>

        # Apply alternate action if primary action fails.
        # eg. aaa unresponsive phone action apply cached-results else traffic allow
        apply_alternate: <bool>

        # Set action for supplicant traffic when AAA times out.
        traffic_allow: <bool>
      recovery_action_reauthenticate: <bool>

    # Interval period in seconds.
    accounting_update_interval: <int; 5-65535>

MAC security

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
mac_security	Dictionary
license	Dictionary
license_name	String	Required
license_key	String	Required
fips_restrictions	Boolean
profiles	List, items: Dictionary
- name	String	Required, Unique			Profile-Name.
cipher	String			Valid Values: - aes128-gcm - aes128-gcm-xpn - aes256-gcm - aes256-gcm-xpn
connection_keys	List, items: Dictionary
- id	String	Required, Unique
encrypted_key	String
fallback	Boolean
mka	Dictionary
key_server_priority	Integer			Min: 0 Max: 255
session	Dictionary
rekey_period	Integer			Min: 30 Max: 100000	Rekey period in seconds.
sci	Boolean
l2_protocols	Dictionary
ethernet_flow_control	Dictionary
mode	String	Required		Valid Values: - encrypt - bypass
lldp	Dictionary
mode	String	Required		Valid Values: - bypass - bypass unauthorized

mac_security:
  license:
    license_name: <str; required>
    license_key: <str; required>
  fips_restrictions: <bool>
  profiles:

      # Profile-Name.
    - name: <str; required; unique>
      cipher: <str; "aes128-gcm" | "aes128-gcm-xpn" | "aes256-gcm" | "aes256-gcm-xpn">
      connection_keys:
        - id: <str; required; unique>
          encrypted_key: <str>
          fallback: <bool>
      mka:
        key_server_priority: <int; 0-255>
        session:

          # Rekey period in seconds.
          rekey_period: <int; 30-100000>
      sci: <bool>
      l2_protocols:
        ethernet_flow_control:
          mode: <str; "encrypt" | "bypass"; required>
        lldp:
          mode: <str; "bypass" | "bypass unauthorized"; required>

Filters and policies

AS path

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
as_path	Dictionary
regex_mode	String			Valid Values: - asn - string
access_lists	List, items: Dictionary
- name	String				Access List Name.
entries	List, items: Dictionary
- type	String			Valid Values: - permit - deny
match	String				Regex To Match.
origin	String		any	Valid Values: - any - egp - igp - incomplete

as_path:
  regex_mode: <str; "asn" | "string">
  access_lists:

      # Access List Name.
    - name: <str>
      entries:
        - type: <str; "permit" | "deny">

          # Regex To Match.
          match: <str>
          origin: <str; "any" | "egp" | "igp" | "incomplete"; default="any">

Class-maps

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
class_maps	Dictionary
pbr	List, items: Dictionary
- name	String	Required, Unique			Class-Map Name.
ip	Dictionary
access_group	String				Standard Access-List Name.
qos	List, items: Dictionary
- name	String	Required, Unique			Class-Map Name.
vlan	String				VLAN value(s) or range(s) of VLAN values.
cos	String				CoS value(s) or range(s) of CoS values.
ip	Dictionary
access_group	String				IPv4 Access-List Name.
ipv6	Dictionary
access_group	String				IPv6 Access-List Name.

class_maps:
  pbr:

      # Class-Map Name.
    - name: <str; required; unique>
      ip:

        # Standard Access-List Name.
        access_group: <str>
  qos:

      # Class-Map Name.
    - name: <str; required; unique>

      # VLAN value(s) or range(s) of VLAN values.
      vlan: <str>

      # CoS value(s) or range(s) of CoS values.
      cos: <str>
      ip:

        # IPv4 Access-List Name.
        access_group: <str>
      ipv6:

        # IPv6 Access-List Name.
        access_group: <str>

Dynamic prefix lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
dynamic_prefix_lists	List, items: Dictionary
- name	String				Dynamic prefix-list name.
match_map	String				Route-map name.
prefix_list	Dictionary
ipv4	String				Prefix-list name.
ipv6	String				Prefix-list name.

dynamic_prefix_lists:

    # Dynamic prefix-list name.
  - name: <str>

    # Route-map name.
    match_map: <str>
    prefix_list:

      # Prefix-list name.
      ipv4: <str>

      # Prefix-list name.
      ipv6: <str>

IP community lists

AVD currently supports two different data models for community lists:

• The legacy community_lists data model that can be used for compatibility with the existing deployments.
• The improved ip_community_lists data model.

Both data models can coexist without conflicts, as different keys are used: community_lists vs ip_community_lists. Community list names must be unique.

The legacy data model supports simplified community list definition that only allows a single action to be defined as string:

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
community_lists	List, items: Dictionary
- name	String	Required, Unique			Community-list Name.
action	String	Required			Action as string. Example: “permit GSHUT 65123:123”

community_lists:

    # Community-list Name.
  - name: <str; required; unique>

    # Action as string.
    # Example: "permit GSHUT 65123:123"
    action: <str; required>

The improved data model has a better design documented below:

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_community_lists	List, items: Dictionary				Communities and regexp entries MUST not be configured in the same community-list.
- name	String	Required, Unique			IP Community-list Name.
entries	List, items: Dictionary	Required
- action	String	Required		Valid Values: - permit - deny
communities	List, items: String				If defined, a standard community-list will be configured. Supported community strings (case insensitive): - GSHUT - internet - local-as - no-advertise - no-export - <1-4294967040> - aa:nn
- <str>	String
regexp	String				Regular Expression. If defined, a regex community-list will be configured.

# Communities and regexp entries MUST not be configured in the same community-list.
ip_community_lists:

    # IP Community-list Name.
  - name: <str; required; unique>
    entries: # required
      - action: <str; "permit" | "deny"; required>

        # If defined, a standard community-list will be configured.
        # Supported community strings (case insensitive):
        # - GSHUT
        # - internet
        # - local-as
        # - no-advertise
        # - no-export
        # - <1-4294967040>
        # - aa:nn
        communities:
          - <str>

        # Regular Expression.
        # If defined, a regex community-list will be configured.
        regexp: <str>

IP extcommunity-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_extcommunity_lists	List, items: Dictionary
- name	String	Required, Unique			Community-list Name.
entries	List, items: Dictionary	Required
- type	String	Required		Valid Values: - permit - deny
extcommunities	String	Required			Communities as string. Example: “65000:65000”

ip_extcommunity_lists:

    # Community-list Name.
  - name: <str; required; unique>
    entries: # required
      - type: <str; "permit" | "deny"; required>

        # Communities as string.
        # Example: "65000:65000"
        extcommunities: <str; required>

IP extcommunity-lists-regexp

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_extcommunity_lists_regexp	List, items: Dictionary
- name	String	Required, Unique			Community-list Name.
entries	List, items: Dictionary	Required
- type	String	Required		Valid Values: - permit - deny
regexp	String	Required			Regular Expression.

ip_extcommunity_lists_regexp:

    # Community-list Name.
  - name: <str; required; unique>
    entries: # required
      - type: <str; "permit" | "deny"; required>

        # Regular Expression.
        regexp: <str; required>

IPv6 prefix-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_prefix_lists	List, items: Dictionary
- name	String	Required, Unique			Prefix-list Name.
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID.
action	String	Required			Action as string. Example: “permit 1b11:3a00:22b0:0082::/64 eq 128”

ipv6_prefix_lists:

    # Prefix-list Name.
  - name: <str; required; unique>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "permit 1b11:3a00:22b0:0082::/64 eq 128"
        action: <str; required>

Match list input

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
match_list_input	Dictionary
prefix_ipv4	List, items: Dictionary
- name	String	Required, Unique			Prefix-List Name.
prefixes	List, items: String	Required		Min Length: 1	List of IPv4 prefixes (with the subnet mask e.g. 192.0.2.0/24).
- <str>	String
prefix_ipv6	List, items: Dictionary
- name	String	Required, Unique			Prefix-List Name.
prefixes	List, items: String	Required		Min Length: 1	List of IPv6 prefixes (with the subnet mask e.g. 2001:db8:abcd:0013::/64).
- <str>	String
string	List, items: Dictionary
- name	String	Required, Unique			Match-list Name.
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID.
match_regex	String	Required			Regular Expression.

match_list_input:
  prefix_ipv4:

      # Prefix-List Name.
    - name: <str; required; unique>

      # List of IPv4 prefixes (with the subnet mask e.g. 192.0.2.0/24).
      prefixes: # >=1 items; required
        - <str>
  prefix_ipv6:

      # Prefix-List Name.
    - name: <str; required; unique>

      # List of IPv6 prefixes (with the subnet mask e.g. 2001:db8:abcd:0013::/64).
      prefixes: # >=1 items; required
        - <str>
  string:

      # Match-list Name.
    - name: <str; required; unique>
      sequence_numbers: # required

          # Sequence ID.
        - sequence: <int; required; unique>

          # Regular Expression.
          match_regex: <str; required>

Peer-filters

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
peer_filters	List, items: Dictionary
- name	String	Required, Unique			Peer-filter Name.
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID.
match	String	Required			Match as string. Example: “as-range 1-100 result accept”

peer_filters:

    # Peer-filter Name.
  - name: <str; required; unique>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Match as string.
        # Example: "as-range 1-100 result accept"
        match: <str; required>

Policy-maps

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
policy_maps	Dictionary
pbr	List, items: Dictionary				PBR Policy-Maps.
- name	String	Required, Unique			Policy-Map Name.
classes	List, items: Dictionary
- name	String	Required, Unique			Class Name.
index	Integer
drop	Boolean				‘drop’ and ‘set’ are mutually exclusive.
set	Dictionary				Set Nexthop ‘drop’ and ‘set’ are mutually exclusive.
nexthop	Dictionary
ip_address	String				IPv4 or IPv6 Address.
recursive	Boolean
qos	List, items: Dictionary				QOS Policy-Maps.
- name	String	Required, Unique			Policy-Map Name.
classes	List, items: Dictionary
- name	String	Required, Unique			Class Name.
set	Dictionary
cos	Integer
dscp	String
traffic_class	Integer
drop_precedence	Integer
police	Dictionary
rate	Integer				Specify rate. Range in kbps <8-200000000>.
rate_unit	String		bps	Valid Values: - bps - kbps - mbps - pps
rate_burst_size	Integer				Range in bytes <256-128000000>.
rate_burst_size_unit	String		bytes	Valid Values: - bytes - kbytes - mbytes - packets
action	Dictionary
type	String			Valid Values: - dscp - drop-precedence	Set action for policed traffic.
dscp_value	String				Set when action.type is set to “dscp”.
higher_rate	Integer				Specify higher rate. Range in kbps .
higher_rate_unit	String		bps	Valid Values: - bps - kbps - mbps - pps
higher_rate_burst_size	Integer				Range in bytes <256-128000000>.
higher_rate_burst_size_unit	String		bytes	Valid Values: - bytes - kbytes - mbytes - packets
copp_system_policy	Dictionary				Control-plane policy configuration.
classes	List, items: Dictionary
- name	String	Required, Unique
shape	Integer			Min: 0 Max: 10000000	Maximum rate limit.
bandwidth	Integer			Min: 0 Max: 10000000	Minimum bandwidth.
rate_unit	String			Valid Values: - pps - kbps	The rate_unit must be defined for shape and bandwidth.

policy_maps:

  # PBR Policy-Maps.
  pbr:

      # Policy-Map Name.
    - name: <str; required; unique>
      classes:

          # Class Name.
        - name: <str; required; unique>
          index: <int>

          # 'drop' and 'set' are mutually exclusive.
          drop: <bool>

          # Set Nexthop
          # 'drop' and 'set' are mutually exclusive.
          set:
            nexthop:

              # IPv4 or IPv6 Address.
              ip_address: <str>
              recursive: <bool>

  # QOS Policy-Maps.
  qos:

      # Policy-Map Name.
    - name: <str; required; unique>
      classes:

          # Class Name.
        - name: <str; required; unique>
          set:
            cos: <int>
            dscp: <str>
            traffic_class: <int>
            drop_precedence: <int>
          police:

            # Specify rate.
            # Range in kbps <8-200000000>.
            rate: <int>
            rate_unit: <str; "bps" | "kbps" | "mbps" | "pps"; default="bps">

            # Range in bytes <256-128000000>.
            rate_burst_size: <int>
            rate_burst_size_unit: <str; "bytes" | "kbytes" | "mbytes" | "packets"; default="bytes">
            action:

              # Set action for policed traffic.
              type: <str; "dscp" | "drop-precedence">

              # Set when action.type is set to "dscp".
              dscp_value: <str>

            # Specify higher rate.
            # Range in kbps <lower_rate in kbps + 8 - lower_rate in kbps + 200000000>.
            higher_rate: <int>
            higher_rate_unit: <str; "bps" | "kbps" | "mbps" | "pps"; default="bps">

            # Range in bytes <256-128000000>.
            higher_rate_burst_size: <int>
            higher_rate_burst_size_unit: <str; "bytes" | "kbytes" | "mbytes" | "packets"; default="bytes">

  # Control-plane policy configuration.
  copp_system_policy:
    classes:
      - name: <str; required; unique>

        # Maximum rate limit.
        shape: <int; 0-10000000>

        # Minimum bandwidth.
        bandwidth: <int; 0-10000000>

        # The `rate_unit` must be defined for `shape` and `bandwidth`.
        rate_unit: <str; "pps" | "kbps">

Prefix-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
prefix_lists	List, items: Dictionary
- name	String	Required, Unique			Prefix-list Name.
sequence_numbers	List, items: Dictionary
- sequence	Integer	Required, Unique			Sequence ID.
action	String	Required			Action as string. Example: “permit 10.255.0.0/27 eq 32”

prefix_lists:

    # Prefix-list Name.
  - name: <str; required; unique>
    sequence_numbers:

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "permit 10.255.0.0/27 eq 32"
        action: <str; required>

Route-maps

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
route_maps	List, items: Dictionary
- name	String	Required, Unique			Route-map Name.
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID.
type	String	Required		Valid Values: - permit - deny
description	String
match	List, items: String				List of “match” statements.
- <str>	String				Match as string. Example: “ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY”
set	List, items: String				List of “set” statements.
- <str>	String				Set as string. Example: “origin incomplete”
sub_route_map	String				Name of Sub-Route-map.
continue	Dictionary
enabled	Boolean
sequence_number	Integer

route_maps:

    # Route-map Name.
  - name: <str; required; unique>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>
        type: <str; "permit" | "deny"; required>
        description: <str>

        # List of "match" statements.
        match:

            # Match as string.
            # Example: "ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY"
          - <str>

        # List of "set" statements.
        set:

            # Set as string.
            # Example: "origin incomplete"
          - <str>

        # Name of Sub-Route-map.
        sub_route_map: <str>
        continue:
          enabled: <bool>
          sequence_number: <int>

Trackers

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
trackers	List, items: Dictionary
- name	String	Required, Unique			Name of tracker object.
interface	String	Required			Name of tracked interface.
tracked_property	String		line-protocol		Property to track.

trackers:

    # Name of tracker object.
  - name: <str; required; unique>

    # Name of tracked interface.
    interface: <str; required>

    # Property to track.
    tracked_property: <str; default="line-protocol">

Traffic policies

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
traffic_policies	Dictionary
options	Dictionary
counter_per_interface	Boolean
field_sets	Dictionary
ipv4	List, items: Dictionary
- name	String	Required, Unique			IPv4 Prefix Field Set Name.
prefixes	List, items: String
- <str>	String				IPv4 Prefix.
ipv6	List, items: Dictionary
- name	String	Required, Unique			IPv6 Prefix Field Set Name.
prefixes	List, items: String
- <str>	String				IPv6 Prefix.
ports	List, items: Dictionary
- name	String	Required, Unique			L4 Port Field Set Name.
port_range	String				Example: ‘10,20,80,440-450’
policies	List, items: Dictionary
- name	String	Required, Unique			Traffic Policy Name.
matches	List, items: Dictionary
- name	String	Required, Unique			Traffic Policy Item.
type	String			Valid Values: - ipv4 - ipv6
source	Dictionary
prefixes	List, items: String
- <str>	String				IP address or prefix.
prefix_lists	List, items: String				Field-set prefix lists.
- <str>	String
destination	Dictionary
prefixes	List, items: String
- <str>	String				IP address or prefix.
prefix_lists	List, items: String				Field-set prefix lists.
- <str>	String
ttl	String				TTL range.
fragment	Dictionary				The ‘fragment’ command is not supported when ‘source port’ or ‘destination port’ command is configured.
offset	String				Fragment offset range.
protocols	List, items: Dictionary
- protocol	String	Required, Unique
src_port	String				Port range.
dst_port	String				Port range.
src_field	String				L4 port range field set.
dst_field	String				L4 port range field set.
flags	List, items: String
- <str>	String			Valid Values: - established - initial
icmp_type	List, items: String
- <str>	String
actions	Dictionary
dscp	Integer
traffic_class	Integer				Traffic class ID.
count	String				Counter name.
drop	Boolean
log	Boolean				Only supported when action is set to drop.
default_actions	Dictionary
ipv4	Dictionary
dscp	Integer
traffic_class	Integer				Traffic class ID.
count	String				Counter name.
drop	Boolean
log	Boolean				Only supported when action is set to drop.
ipv6	Dictionary
dscp	Integer
traffic_class	Integer				Traffic class ID.
count	String				Counter name.
drop	Boolean
log	Boolean				Only supported when action is set to drop.

traffic_policies:
  options:
    counter_per_interface: <bool>
  field_sets:
    ipv4:

        # IPv4 Prefix Field Set Name.
      - name: <str; required; unique>
        prefixes:

            # IPv4 Prefix.
          - <str>
    ipv6:

        # IPv6 Prefix Field Set Name.
      - name: <str; required; unique>
        prefixes:

            # IPv6 Prefix.
          - <str>
    ports:

        # L4 Port Field Set Name.
      - name: <str; required; unique>

        # Example: '10,20,80,440-450'
        port_range: <str>
  policies:

      # Traffic Policy Name.
    - name: <str; required; unique>
      matches:

          # Traffic Policy Item.
        - name: <str; required; unique>
          type: <str; "ipv4" | "ipv6">
          source:
            prefixes:

                # IP address or prefix.
              - <str>

            # Field-set prefix lists.
            prefix_lists:
              - <str>
          destination:
            prefixes:

                # IP address or prefix.
              - <str>

            # Field-set prefix lists.
            prefix_lists:
              - <str>

          # TTL range.
          ttl: <str>

          # The 'fragment' command is not supported when 'source port'
          # or 'destination port' command is configured.
          fragment:

            # Fragment offset range.
            offset: <str>
          protocols:
            - protocol: <str; required; unique>

              # Port range.
              src_port: <str>

              # Port range.
              dst_port: <str>

              # L4 port range field set.
              src_field: <str>

              # L4 port range field set.
              dst_field: <str>
              flags:
                - <str; "established" | "initial">
              icmp_type:
                - <str>
          actions:
            dscp: <int>

            # Traffic class ID.
            traffic_class: <int>

            # Counter name.
            count: <str>
            drop: <bool>

            # Only supported when action is set to drop.
            log: <bool>
      default_actions:
        ipv4:
          dscp: <int>

          # Traffic class ID.
          traffic_class: <int>

          # Counter name.
          count: <str>
          drop: <bool>

          # Only supported when action is set to drop.
          log: <bool>
        ipv6:
          dscp: <int>

          # Traffic class ID.
          traffic_class: <int>

          # Counter name.
          count: <str>
          drop: <bool>

          # Only supported when action is set to drop.
          log: <bool>

Interfaces

DPS interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
dps_interfaces	List, items: Dictionary			Min Length: 1 Max Length: 1
- name	String	Required, Unique		Valid Values: - Dps1	“Dps1” is currently the only supported interface.
description	String
shutdown	Boolean
mtu	Integer			Min: 68 Max: 65535	Maximum Transmission Unit in bytes.
ip_address	String				IPv4 address/mask.
flow_tracker	Dictionary
sampled	String				Sampled flow tracker name.
hardware	String				Hardware flow tracker name,
tcp_mss_ceiling	Dictionary
ipv4	Integer			Min: 64 Max: 65495	Segment Size for IPv4.
ipv6	Integer			Min: 64 Max: 65475	Segment Size for IPv6.
direction	String			Valid Values: - ingress - egress	Optional direction (‘ingress’, ‘egress’) for tcp mss ceiling.
eos_cli	String				Multiline String with EOS CLI rendered directly on the Dps interface in the final EOS configuration.

dps_interfaces: # 1-1 items

    # "Dps1" is currently the only supported interface.
  - name: <str; "Dps1"; required; unique>
    description: <str>
    shutdown: <bool>

    # Maximum Transmission Unit in bytes.
    mtu: <int; 68-65535>

    # IPv4 address/mask.
    ip_address: <str>
    flow_tracker:

      # Sampled flow tracker name.
      sampled: <str>

      # Hardware flow tracker name,
      hardware: <str>
    tcp_mss_ceiling:

      # Segment Size for IPv4.
      ipv4: <int; 64-65495>

      # Segment Size for IPv6.
      ipv6: <int; 64-65475>

      # Optional direction ('ingress', 'egress')  for tcp mss ceiling.
      direction: <str; "ingress" | "egress">

    # Multiline String with EOS CLI rendered directly on the Dps interface in the final EOS configuration.
    eos_cli: <str>

Errdisable

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
errdisable	Dictionary
detect	Dictionary
causes	List, items: String
- <str>	String			Valid Values: - acl - arp-inspection - dot1x - link-change - tapagg - xcvr-misconfigured - xcvr-overheat - xcvr-power-unsupported
recovery	Dictionary
causes	List, items: String
- <str>	String			Valid Values: - arp-inspection - bpduguard - dot1x - hitless-reload-down - lacp-rate-limit - link-flap - no-internal-vlan - portchannelguard - portsec - speed-misconfigured - tap-port-init - tapagg - uplink-failure-detection - xcvr-misconfigured - xcvr-overheat - xcvr-power-unsupported - xcvr-unsupported
interval	Integer		300	Min: 30 Max: 86400	Interval in seconds.

errdisable:
  detect:
    causes:
      - <str; "acl" | "arp-inspection" | "dot1x" | "link-change" | "tapagg" | "xcvr-misconfigured" | "xcvr-overheat" | "xcvr-power-unsupported">
  recovery:
    causes:
      - <str; "arp-inspection" | "bpduguard" | "dot1x" | "hitless-reload-down" | "lacp-rate-limit" | "link-flap" | "no-internal-vlan" | "portchannelguard" | "portsec" | "speed-misconfigured" | "tap-port-init" | "tapagg" | "uplink-failure-detection" | "xcvr-misconfigured" | "xcvr-overheat" | "xcvr-power-unsupported" | "xcvr-unsupported">

    # Interval in seconds.
    interval: <int; 30-86400; default=300>

Ethernet interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ethernet_interfaces	List, items: Dictionary
- name	String	Required, Unique
description	String
shutdown	Boolean
load_interval	Integer			Min: 0 Max: 600	Interval in seconds for updating interface counters.
speed	String				Speed should be set in the format <interface_speed> or forced <interface_speed> or auto <interface_speed>.
mtu	Integer			Min: 68 Max: 65535
l2_mtu	Integer			Min: 68 Max: 65535	“l2_mtu” should only be defined for platforms supporting the “l2 mtu” CLI.
l2_mru	Integer			Min: 68 Max: 65535	“l2_mru” should only be defined for platforms supporting the “l2 mru” CLI.
vlans	String				List of switchport vlans as string. For a trunk port this would be a range like “1-200,300”. For an access port this would be a single vlan “123”.
native_vlan	Integer
native_vlan_tag	Boolean				If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
mode	String			Valid Values: - access - dot1q-tunnel - trunk - trunk phone
phone	Dictionary
trunk	String			Valid Values: - tagged - tagged phone - untagged - untagged phone
vlan	Integer			Min: 1 Max: 4094
l2_protocol	Dictionary
encapsulation_dot1q_vlan	Integer				Vlan tag to configure on sub-interface.
forwarding_profile	String				L2 protocol forwarding profile.
trunk_groups	List, items: String
- <str>	String
type	String			Valid Values: - routed - switched - l3dot1q - l2dot1q - port-channel-member	l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed. Interface will not be listed in device documentation, unless “type” is set.
snmp_trap_link_change	Boolean
address_locking	Dictionary
ipv4	Boolean				Enable address locking for IPv4.
ipv6	Boolean				Enable address locking for IPv6.
flowcontrol	Dictionary
received	String			Valid Values: - desired - on - off
vrf	String				VRF name.
flow_tracker	Dictionary
sampled	String				Sampled flow tracker name.
hardware	String				Hardware flow tracker name.
error_correction_encoding	Dictionary
enabled	Boolean		True
fire_code	Boolean
reed_solomon	Boolean
link_tracking_groups	List, items: Dictionary
- name	String	Required, Unique			Group name.
direction	String			Valid Values: - upstream - downstream
evpn_ethernet_segment	Dictionary
identifier	String				EVPN Ethernet Segment Identifier (Type 1 format).
redundancy	String			Valid Values: - all-active - single-active
designated_forwarder_election	Dictionary
algorithm	String			Valid Values: - modulus - preference
preference_value	Integer			Min: 0 Max: 65535	Preference_value is only used when “algorithm” is “preference”.
dont_preempt	Boolean				Dont_preempt is only used when “algorithm” is “preference”.
hold_time	Integer
subsequent_hold_time	Integer
candidate_reachability_required	Boolean
mpls	Dictionary
shared_index	Integer			Min: 1 Max: 1024
tunnel_flood_filter_time	Integer
route_target	String				EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
encapsulation_dot1q_vlan	Integer				VLAN tag to configure on sub-interface.
encapsulation_vlan	Dictionary
client	Dictionary
dot1q	Dictionary
vlan	Integer				Client VLAN ID.
outer	Integer				Client Outer VLAN ID.
inner	Integer				Client Inner VLAN ID.
unmatched	Boolean
network	Dictionary				Network encapsulations are all optional and skipped if using client unmatched.
dot1q	Dictionary
vlan	Integer				Network VLAN ID.
outer	Integer				Network outer VLAN ID.
inner	Integer				Network inner VLAN ID.
client	Boolean
vlan_id	Integer			Min: 1 Max: 4094
ip_address	String				IPv4 address/mask or “dhcp”.
ip_address_secondaries	List, items: String
- <str>	String
ip_verify_unicast_source_reachable_via	String			Valid Values: - any - rx
dhcp_client_accept_default_route	Boolean				Install default-route obtained via DHCP.
dhcp_server_ipv4	Boolean				Enable IPv4 DHCP server.
dhcp_server_ipv6	Boolean				Enable IPv6 DHCP server.
ip_helpers	List, items: Dictionary
- ip_helper	String	Required, Unique
source_interface	String				Source interface name.
vrf	String				VRF name.
ip_nat	Dictionary
service_profile	String				NAT interface profile.
destination	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
pool_name	String	Required
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive.
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive.
original_ip	String				IPv4 address. The combination of original_ip and original_port must be unique.
original_port	Integer			Min: 1 Max: 65535	TCP/UDP port. The combination of original_ip and original_port must be unique.
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address.
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’.
source	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
nat_type	String	Required		Valid Values: - overload - pool - pool-address-only - pool-full-cone
pool_name	String				required if ‘nat_type’ is pool, pool-address-only or pool-full-cone. ignored if ‘nat_type’ is overload.
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive.
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive.
original_ip	String				IPv4 address. The combination of original_ip and original_port must be unique.
original_port	Integer			Min: 1 Max: 65535	TCP/UDP port. The combination of original_ip and original_port must be unique.
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address.
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’.
ipv6_enable	Boolean
ipv6_address	String
ipv6_address_link_local	String				Link local IPv6 address/mask.
ipv6_nd_ra_disabled	Boolean
ipv6_nd_managed_config_flag	Boolean
ipv6_nd_prefixes	List, items: Dictionary
- ipv6_prefix	String	Required, Unique
valid_lifetime	String				Infinite or lifetime in seconds.
preferred_lifetime	String				Infinite or lifetime in seconds.
no_autoconfig_flag	Boolean
ipv6_dhcp_relay_destinations	List, items: Dictionary
- address	String	Required, Unique			DHCP server’s IPv6 address.
vrf	String
local_interface	String				Local interface to communicate with DHCP server - mutually exclusive to source_address.
source_address	String				Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface.
link_address	String				Override the default link address specified in the relayed DHCP packet.
access_group_in	String				Access list name.
access_group_out	String				Access list name.
ipv6_access_group_in	String				IPv6 access list name.
ipv6_access_group_out	String				IPv6 access list name.
mac_access_group_in	String				MAC access list name.
mac_access_group_out	String				MAC access list name.
multicast	Dictionary				Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
ipv4	Dictionary
boundaries	List, items: Dictionary
- boundary	String				ACL name or multicast IP subnet.
out	Boolean
static	Boolean
ipv6	Dictionary
boundaries	List, items: Dictionary
- boundary	String				ACL name or multicast IP subnet.
static	Boolean
ospf_network_point_to_point	Boolean
ospf_area	String
ospf_cost	Integer
ospf_authentication	String			Valid Values: - none - simple - message-digest
ospf_authentication_key	String				Encrypted password - only type 7 supported.
ospf_message_digest_keys	List, items: Dictionary
- id	Integer	Required, Unique
hash_algorithm	String			Valid Values: - md5 - sha1 - sha256 - sha384 - sha512
key	String				Encrypted password - only type 7 supported.
pim	Dictionary
ipv4	Dictionary
border_router	Boolean				Configure PIM border router. EOS default is false.
dr_priority	Integer			Min: 0 Max: 429467295
sparse_mode	Boolean
bfd	Boolean				Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
bidirectional	Boolean
hello	Dictionary
count	String				Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
interval	Integer			Min: 1 Max: 65535	PIM hello interval in seconds.
mac_security	Dictionary
profile	String
tcp_mss_ceiling	Dictionary				The TCP MSS clamping feature involves clamping the maximum segment size (MSS) in the TCP header of TCP SYN packets if it exceeds the configured MSS ceiling limit for the interface.
ipv4_segment_size	Integer			Min: 64 Max: 65475
ipv6_segment_size	Integer			Min: 64 Max: 65475
direction	String			Valid Values: - egress - ingress
channel_group	Dictionary
id	Integer
mode	String			Valid Values: - on - active - passive
isis_enable	String				ISIS instance.
isis_bfd	Boolean				Enable BFD for ISIS.
isis_passive	Boolean
isis_metric	Integer
isis_network_point_to_point	Boolean
isis_circuit_type	String			Valid Values: - level-1-2 - level-1 - level-2
isis_hello_padding	Boolean
isis_authentication_mode	String			Valid Values: - text - md5
isis_authentication_key	String				Type-7 encrypted password.
poe	Dictionary
disabled	Boolean		False		Disable PoE on a POE capable port. PoE is enabled on all ports that support it by default in EOS.
priority	String			Valid Values: - critical - high - medium - low	Prioritize a port’s power in the event that one of the switch’s power supplies loses power.
reboot	Dictionary				Set the PoE power behavior for a PoE port when the system is rebooted.
action	String			Valid Values: - maintain - power-off	PoE action for interface.
link_down	Dictionary				Set the PoE power behavior for a PoE port when the port goes down.
action	String			Valid Values: - maintain - power-off	PoE action for interface.
power_off_delay	Integer			Min: 1 Max: 86400	Number of seconds to delay shutting the power off after a link down event occurs. Default value is 5 seconds in EOS.
shutdown	Dictionary				Set the PoE power behavior for a PoE port when the port is admin down.
action	String			Valid Values: - maintain - power-off	PoE action for interface.
limit	Dictionary				Override the hardware-negotiated power limit using either wattage or a power class. Note that if using a power class, AVD will automatically convert the class value to the wattage value corresponding to that power class.
class	Integer			Min: 0 Max: 8
watts	String
fixed	Boolean				Set to ignore hardware classification.
negotiation_lldp	Boolean				Disable to prevent port from negotiating power with powered devices over LLDP. Enabled by default in EOS.
legacy_detect	Boolean				Allow a subset of legacy devices to work with the PoE switch. Disabled by default in EOS because it can cause false positive detections.
ptp	Dictionary
enable	Boolean
announce	Dictionary
interval	Integer
timeout	Integer
delay_req	Integer
delay_mechanism	String			Valid Values: - e2e - p2p
sync_message	Dictionary
interval	Integer
role	String			Valid Values: - master - dynamic
vlan	String				VLAN can be ‘all’ or list of vlans as string.
transport	String			Valid Values: - ipv4 - ipv6 - layer2
profile	String				Interface profile.
storm_control	Dictionary
all	Dictionary
level	String				Configure maximum storm-control level.
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependent.
broadcast	Dictionary
level	String				Configure maximum storm-control level.
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependent.
multicast	Dictionary
level	String				Configure maximum storm-control level.
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependent.
unknown_unicast	Dictionary
level	String				Configure maximum storm-control level.
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependent.
logging	Dictionary
event	Dictionary
link_status	Boolean
congestion_drops	Boolean
spanning_tree	Boolean
storm_control_discards	Boolean				Discards due to storm-control.
lldp	Dictionary
transmit	Boolean
receive	Boolean
ztp_vlan	Integer				ZTP vlan number.
trunk_private_vlan_secondary	Boolean
pvlan_mapping	String				List of vlans as string.
vlan_translations	List, items: Dictionary
- from	String				List of vlans as string (only one vlan if direction is “both”).
to	Integer				VLAN ID.
direction	String		both	Valid Values: - in - out - both
dot1x	Dictionary
port_control	String			Valid Values: - auto - force-authorized - force-unauthorized
port_control_force_authorized_phone	Boolean
reauthentication	Boolean
pae	Dictionary
mode	String			Valid Values: - authenticator
authentication_failure	Dictionary
action	String			Valid Values: - allow - drop
allow_vlan	Integer			Min: 1 Max: 4094
host_mode	Dictionary
mode	String			Valid Values: - multi-host - single-host
multi_host_authenticated	Boolean
mac_based_authentication	Dictionary
enabled	Boolean
always	Boolean
host_mode_common	Boolean
timeout	Dictionary
idle_host	Integer			Min: 10 Max: 65535
quiet_period	Integer			Min: 1 Max: 65535
reauth_period	String				Value can be 60-4294967295 or ‘server’.
reauth_timeout_ignore	Boolean
tx_period	Integer			Min: 1 Max: 65535
reauthorization_request_limit	Integer			Min: 1 Max: 10
unauthorized	Dictionary
access_vlan_membership_egress	Boolean
native_vlan_membership_egress	Boolean
eapol	Dictionary
disabled	Boolean
authentication_failure_fallback_mba	Dictionary
enabled	Boolean
timeout	Integer			Min: 0 Max: 65535
service_profile	String				QOS profile.
shape	Dictionary
rate	String				Rate in kbps, pps or percent. Supported options are platform dependent. Examples: - “5000 kbps” - “1000 pps” - “20 percent”
qos	Dictionary
trust	String			Valid Values: - dscp - cos - disabled
dscp	Integer				DSCP value.
cos	Integer				COS value.
spanning_tree_bpdufilter	String			Valid Values: - enabled - disabled - True - False - true - false
spanning_tree_bpduguard	String			Valid Values: - enabled - disabled - True - False - true - false
spanning_tree_guard	String			Valid Values: - loop - root - disabled
spanning_tree_portfast	String			Valid Values: - edge - network
vmtracer	Boolean
priority_flow_control	Dictionary
enabled	Boolean
priorities	List, items: Dictionary
- priority	Integer	Required, Unique		Min: 0 Max: 7
no_drop	Boolean
bfd	Dictionary
echo	Boolean
interval	Integer				Interval in milliseconds.
min_rx	Integer				Rate in milliseconds.
multiplier	Integer			Min: 3 Max: 50
service_policy	Dictionary
pbr	Dictionary
input	String				Policy Based Routing Policy-map name.
qos	Dictionary
input	String	Required			Quality of Service Policy-map name.
mpls	Dictionary
ip	Boolean
ldp	Dictionary
interface	Boolean
igp_sync	Boolean
lacp_timer	Dictionary
mode	String			Valid Values: - fast - normal
multiplier	Integer			Min: 3 Max: 3000
lacp_port_priority	Integer			Min: 0 Max: 65535
transceiver	Dictionary
frequency	String				Transceiver Laser Frequency in GHz (min 190000, max 200000).
frequency_unit	String			Valid Values: - ghz	Unit of Transceiver Laser Frequency.
media	Dictionary
override	String				Transceiver type.
ip_proxy_arp	Boolean
traffic_policy	Dictionary
input	String				Ingress traffic policy.
output	String				Egress traffic policy.
bgp	Dictionary
session_tracker	String				Name of session tracker.
ip_igmp_host_proxy	Dictionary
enabled	Boolean
groups	List, items: Dictionary
- group	String	Required, Unique			Multicast Address.
exclude	List, items: Dictionary				The same source must not be present both in exclude and include list.
- source	String	Required, Unique
include	List, items: Dictionary				The same source must not be present both in exclude and include list.
- source	String	Required, Unique
report_interval	Integer			Min: 1 Max: 31744	Time interval between unsolicited reports.
access_lists	List, items: Dictionary				Non-standard Access List name.
- name	String	Required, Unique
version	Integer			Min: 1 Max: 3	IGMP version on IGMP host-proxy interface.
peer	String				Key only used for documentation or validation purposes.
peer_interface	String				Key only used for documentation or validation purposes.
peer_type	String				Key only used for documentation or validation purposes.
sflow	Dictionary
enable	Boolean
egress	Dictionary
enable	Boolean
unmodified_enable	Boolean
port_profile	String				Key only used for documentation or validation purposes.
uc_tx_queues	List, items: Dictionary
- id	Integer	Required, Unique			TX-Queue ID.
random_detect	Dictionary
ecn	Dictionary				Explicit Congestion Notification.
count	Boolean				Enable counter for random-detect ECNs.
threshold	Dictionary
units	String	Required		Valid Values: - segments - bytes - kbytes - mbytes - milliseconds	Indicate the units to be used for the threshold values.
min	Integer	Required		Min: 1 Max: 256000000	Set the random-detect ECN minimum-threshold.
max	Integer	Required		Min: 1 Max: 256000000	Set the random-detect ECN maximum-threshold.
max_probability	Integer			Min: 1 Max: 100	Set the random-detect ECN max-mark-probability.
weight	Integer			Min: 0 Max: 15	Set the random-detect ECN weight.
tx_queues	List, items: Dictionary
- id	Integer	Required, Unique			TX-Queue ID.
random_detect	Dictionary
ecn	Dictionary				Explicit Congestion Notification.
count	Boolean				Enable counter for random-detect ECNs.
threshold	Dictionary
units	String	Required		Valid Values: - segments - bytes - kbytes - mbytes - milliseconds	Indicate the units to be used for the threshold values.
min	Integer			Min: 1 Max: 256000000	Set the random-detect ECN minimum-threshold.
max	Integer	Required		Min: 1 Max: 256000000	Set the random-detect ECN maximum-threshold.
max_probability	Integer	Required		Min: 1 Max: 100	Set the random-detect ECN max-mark-probability.
weight	Integer			Min: 0 Max: 15	Set the random-detect ECN weight.
vrrp_ids	List, items: Dictionary				VRRP model.
- id	Integer	Required, Unique			VRID.
priority_level	Integer			Min: 1 Max: 254	Instance priority.
advertisement	Dictionary
interval	Integer			Min: 1 Max: 255	Interval in seconds.
preempt	Dictionary
enabled	Boolean	Required
delay	Dictionary
minimum	Integer			Min: 0 Max: 3600	Minimum preempt delay in seconds.
reload	Integer			Min: 0 Max: 3600	Reload preempt delay in seconds.
timers	Dictionary
delay	Dictionary
reload	Integer			Min: 0 Max: 3600	Delay after reload in seconds.
tracked_object	List, items: Dictionary
- name	String	Required, Unique			Tracked object name.
decrement	Integer			Min: 1 Max: 254	Decrement VRRP priority by 1-254.
shutdown	Boolean
ipv4	Dictionary
address	String	Required			Virtual IPv4 address.
version	Integer			Valid Values: - 2 - 3
ipv6	Dictionary
address	String	Required			Virtual IPv6 address.
validate_state	Boolean				Set to false to disable interface validation by the eos_validate_state role.
switchport	Dictionary
port_security	Dictionary
enabled	Boolean
mac_address_maximum	Dictionary				Maximum number of MAC addresses allowed on the interface.
disabled	Boolean				Disable port level check for port security (only in violation ‘shutdown’ mode).
limit	Integer			Min: 1 Max: 1000	MAC address limit.
violation	Dictionary				Configure violation mode (shutdown or protect), EOS default is ‘shutdown’.
mode	String			Valid Values: - shutdown - protect	Configure port security mode.
protect_log	Boolean				Log new addresses seen after limit is reached in protect mode.
vlan_default_mac_address_maximum	Integer			Min: 0 Max: 1000	Default maximum MAC addresses for all VLANs on this interface.
vlans	List, items: Dictionary
- range	String	Required, Unique			VLAN ID or range(s) of VLAN IDs, <1-4094>. Example: - 3 - 1,3 - 1-10
mac_address_maximum	Integer
eos_cli	String				Multiline EOS CLI rendered directly on the ethernet interface in the final EOS configuration.

ethernet_interfaces:
  - name: <str; required; unique>
    description: <str>
    shutdown: <bool>

    # Interval in seconds for updating interface counters.
    load_interval: <int; 0-600>

    # Speed should be set in the format `<interface_speed>` or `forced <interface_speed>` or `auto <interface_speed>`.
    speed: <str>
    mtu: <int; 68-65535>

    # "l2_mtu" should only be defined for platforms supporting the "l2 mtu" CLI.
    l2_mtu: <int; 68-65535>

    # "l2_mru" should only be defined for platforms supporting the "l2 mru" CLI.
    l2_mru: <int; 68-65535>

    # List of switchport vlans as string.
    # For a trunk port this would be a range like "1-200,300".
    # For an access port this would be a single vlan "123".
    vlans: <str>
    native_vlan: <int>

    # If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
    native_vlan_tag: <bool>
    mode: <str; "access" | "dot1q-tunnel" | "trunk" | "trunk phone">
    phone:
      trunk: <str; "tagged" | "tagged phone" | "untagged" | "untagged phone">
      vlan: <int; 1-4094>
    l2_protocol:

      # Vlan tag to configure on sub-interface.
      encapsulation_dot1q_vlan: <int>

      # L2 protocol forwarding profile.
      forwarding_profile: <str>
    trunk_groups:
      - <str>

    # l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
    # Interface will not be listed in device documentation, unless "type" is set.
    type: <str; "routed" | "switched" | "l3dot1q" | "l2dot1q" | "port-channel-member">
    snmp_trap_link_change: <bool>
    address_locking:

      # Enable address locking for IPv4.
      ipv4: <bool>

      # Enable address locking for IPv6.
      ipv6: <bool>
    flowcontrol:
      received: <str; "desired" | "on" | "off">

    # VRF name.
    vrf: <str>
    flow_tracker:

      # Sampled flow tracker name.
      sampled: <str>

      # Hardware flow tracker name.
      hardware: <str>
    error_correction_encoding:
      enabled: <bool; default=True>
      fire_code: <bool>
      reed_solomon: <bool>
    link_tracking_groups:

        # Group name.
      - name: <str; required; unique>
        direction: <str; "upstream" | "downstream">
    evpn_ethernet_segment:

      # EVPN Ethernet Segment Identifier (Type 1 format).
      identifier: <str>
      redundancy: <str; "all-active" | "single-active">
      designated_forwarder_election:
        algorithm: <str; "modulus" | "preference">

        # Preference_value is only used when "algorithm" is "preference".
        preference_value: <int; 0-65535>

        # Dont_preempt is only used when "algorithm" is "preference".
        dont_preempt: <bool>
        hold_time: <int>
        subsequent_hold_time: <int>
        candidate_reachability_required: <bool>
      mpls:
        shared_index: <int; 1-1024>
        tunnel_flood_filter_time: <int>

      # EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
      route_target: <str>

    # VLAN tag to configure on sub-interface.
    encapsulation_dot1q_vlan: <int>
    encapsulation_vlan:
      client:
        dot1q:

          # Client VLAN ID.
          vlan: <int>

          # Client Outer VLAN ID.
          outer: <int>

          # Client Inner VLAN ID.
          inner: <int>
        unmatched: <bool>

      # Network encapsulations are all optional and skipped if using client unmatched.
      network:
        dot1q:

          # Network VLAN ID.
          vlan: <int>

          # Network outer VLAN ID.
          outer: <int>

          # Network inner VLAN ID.
          inner: <int>
        client: <bool>
    vlan_id: <int; 1-4094>

    # IPv4 address/mask or "dhcp".
    ip_address: <str>
    ip_address_secondaries:
      - <str>
    ip_verify_unicast_source_reachable_via: <str; "any" | "rx">

    # Install default-route obtained via DHCP.
    dhcp_client_accept_default_route: <bool>

    # Enable IPv4 DHCP server.
    dhcp_server_ipv4: <bool>

    # Enable IPv6 DHCP server.
    dhcp_server_ipv6: <bool>
    ip_helpers:
      - ip_helper: <str; required; unique>

        # Source interface name.
        source_interface: <str>

        # VRF name.
        vrf: <str>
    ip_nat:

      # NAT interface profile.
      service_profile: <str>
      destination:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            pool_name: <str; required>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
      source:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>

            # required if 'nat_type' is pool, pool-address-only or pool-full-cone.
            # ignored if 'nat_type' is overload.
            pool_name: <str>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
    ipv6_enable: <bool>
    ipv6_address: <str>

    # Link local IPv6 address/mask.
    ipv6_address_link_local: <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>
    ipv6_nd_prefixes:
      - ipv6_prefix: <str; required; unique>

        # Infinite or lifetime in seconds.
        valid_lifetime: <str>

        # Infinite or lifetime in seconds.
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>
    ipv6_dhcp_relay_destinations:

        # DHCP server's IPv6 address.
      - address: <str; required; unique>
        vrf: <str>

        # Local interface to communicate with DHCP server - mutually exclusive to source_address.
        local_interface: <str>

        # Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface.
        source_address: <str>

        # Override the default link address specified in the relayed DHCP packet.
        link_address: <str>

    # Access list name.
    access_group_in: <str>

    # Access list name.
    access_group_out: <str>

    # IPv6 access list name.
    ipv6_access_group_in: <str>

    # IPv6 access list name.
    ipv6_access_group_out: <str>

    # MAC access list name.
    mac_access_group_in: <str>

    # MAC access list name.
    mac_access_group_out: <str>

    # Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
    multicast:
      ipv4:
        boundaries:

            # ACL name or multicast IP subnet.
          - boundary: <str>
            out: <bool>
        static: <bool>
      ipv6:
        boundaries:

            # ACL name or multicast IP subnet.
          - boundary: <str>
        static: <bool>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str; "none" | "simple" | "message-digest">

    # Encrypted password - only type 7 supported.
    ospf_authentication_key: <str>
    ospf_message_digest_keys:
      - id: <int; required; unique>
        hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">

        # Encrypted password - only type 7 supported.
        key: <str>
    pim:
      ipv4:

        # Configure PIM border router. EOS default is false.
        border_router: <bool>
        dr_priority: <int; 0-429467295>
        sparse_mode: <bool>

        # Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
        bfd: <bool>
        bidirectional: <bool>
        hello:

          # Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
          count: <str>

          # PIM hello interval in seconds.
          interval: <int; 1-65535>
    mac_security:
      profile: <str>

    # The TCP MSS clamping feature involves clamping the maximum segment size (MSS) in the TCP header
    # of TCP SYN packets if it exceeds the configured MSS ceiling limit for the interface.
    tcp_mss_ceiling:
      ipv4_segment_size: <int; 64-65475>
      ipv6_segment_size: <int; 64-65475>
      direction: <str; "egress" | "ingress">
    channel_group:
      id: <int>
      mode: <str; "on" | "active" | "passive">

    # ISIS instance.
    isis_enable: <str>

    # Enable BFD for ISIS.
    isis_bfd: <bool>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    isis_circuit_type: <str; "level-1-2" | "level-1" | "level-2">
    isis_hello_padding: <bool>
    isis_authentication_mode: <str; "text" | "md5">

    # Type-7 encrypted password.
    isis_authentication_key: <str>
    poe:

      # Disable PoE on a POE capable port. PoE is enabled on all ports that support it by default in EOS.
      disabled: <bool; default=False>

      # Prioritize a port's power in the event that one of the switch's power supplies loses power.
      priority: <str; "critical" | "high" | "medium" | "low">

      # Set the PoE power behavior for a PoE port when the system is rebooted.
      reboot:

        # PoE action for interface.
        action: <str; "maintain" | "power-off">

      # Set the PoE power behavior for a PoE port when the port goes down.
      link_down:

        # PoE action for interface.
        action: <str; "maintain" | "power-off">

        # Number of seconds to delay shutting the power off after a link down event occurs. Default value is 5 seconds in EOS.
        power_off_delay: <int; 1-86400>

      # Set the PoE power behavior for a PoE port when the port is admin down.
      shutdown:

        # PoE action for interface.
        action: <str; "maintain" | "power-off">

      # Override the hardware-negotiated power limit using either wattage or a power class. Note that if using a power class, AVD will automatically convert the class value to the wattage value corresponding to that power class.
      limit:
        class: <int; 0-8>
        watts: <str>

        # Set to ignore hardware classification.
        fixed: <bool>

      # Disable to prevent port from negotiating power with powered devices over LLDP. Enabled by default in EOS.
      negotiation_lldp: <bool>

      # Allow a subset of legacy devices to work with the PoE switch. Disabled by default in EOS because it can cause false positive detections.
      legacy_detect: <bool>
    ptp:
      enable: <bool>
      announce:
        interval: <int>
        timeout: <int>
      delay_req: <int>
      delay_mechanism: <str; "e2e" | "p2p">
      sync_message:
        interval: <int>
      role: <str; "master" | "dynamic">

      # VLAN can be 'all' or list of vlans as string.
      vlan: <str>
      transport: <str; "ipv4" | "ipv6" | "layer2">

    # Interface profile.
    profile: <str>
    storm_control:
      all:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      broadcast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      multicast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      unknown_unicast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
    logging:
      event:
        link_status: <bool>
        congestion_drops: <bool>
        spanning_tree: <bool>

        # Discards due to storm-control.
        storm_control_discards: <bool>
    lldp:
      transmit: <bool>
      receive: <bool>

      # ZTP vlan number.
      ztp_vlan: <int>
    trunk_private_vlan_secondary: <bool>

    # List of vlans as string.
    pvlan_mapping: <str>
    vlan_translations:

        # List of vlans as string (only one vlan if direction is "both").
      - from: <str>

        # VLAN ID.
        to: <int>
        direction: <str; "in" | "out" | "both"; default="both">
    dot1x:
      port_control: <str; "auto" | "force-authorized" | "force-unauthorized">
      port_control_force_authorized_phone: <bool>
      reauthentication: <bool>
      pae:
        mode: <str; "authenticator">
      authentication_failure:
        action: <str; "allow" | "drop">
        allow_vlan: <int; 1-4094>
      host_mode:
        mode: <str; "multi-host" | "single-host">
        multi_host_authenticated: <bool>
      mac_based_authentication:
        enabled: <bool>
        always: <bool>
        host_mode_common: <bool>
      timeout:
        idle_host: <int; 10-65535>
        quiet_period: <int; 1-65535>

        # Value can be 60-4294967295 or 'server'.
        reauth_period: <str>
        reauth_timeout_ignore: <bool>
        tx_period: <int; 1-65535>
      reauthorization_request_limit: <int; 1-10>
      unauthorized:
        access_vlan_membership_egress: <bool>
        native_vlan_membership_egress: <bool>
      eapol:
        disabled: <bool>
        authentication_failure_fallback_mba:
          enabled: <bool>
          timeout: <int; 0-65535>

    # QOS profile.
    service_profile: <str>
    shape:

      # Rate in kbps, pps or percent.
      # Supported options are platform dependent.
      # Examples:
      # - "5000 kbps"
      # - "1000 pps"
      # - "20 percent"
      rate: <str>
    qos:
      trust: <str; "dscp" | "cos" | "disabled">

      # DSCP value.
      dscp: <int>

      # COS value.
      cos: <int>
    spanning_tree_bpdufilter: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
    spanning_tree_bpduguard: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
    spanning_tree_guard: <str; "loop" | "root" | "disabled">
    spanning_tree_portfast: <str; "edge" | "network">
    vmtracer: <bool>
    priority_flow_control:
      enabled: <bool>
      priorities:
        - priority: <int; 0-7; required; unique>
          no_drop: <bool>
    bfd:
      echo: <bool>

      # Interval in milliseconds.
      interval: <int>

      # Rate in milliseconds.
      min_rx: <int>
      multiplier: <int; 3-50>
    service_policy:
      pbr:

        # Policy Based Routing Policy-map name.
        input: <str>
      qos:

        # Quality of Service Policy-map name.
        input: <str; required>
    mpls:
      ip: <bool>
      ldp:
        interface: <bool>
        igp_sync: <bool>
    lacp_timer:
      mode: <str; "fast" | "normal">
      multiplier: <int; 3-3000>
    lacp_port_priority: <int; 0-65535>
    transceiver:

      # Transceiver Laser Frequency in GHz (min 190000, max 200000).
      frequency: <str>

      # Unit of Transceiver Laser Frequency.
      frequency_unit: <str; "ghz">
      media:

        # Transceiver type.
        override: <str>
    ip_proxy_arp: <bool>
    traffic_policy:

      # Ingress traffic policy.
      input: <str>

      # Egress traffic policy.
      output: <str>
    bgp:

      # Name of session tracker.
      session_tracker: <str>
    ip_igmp_host_proxy:
      enabled: <bool>
      groups:

          # Multicast Address.
        - group: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          exclude:
            - source: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          include:
            - source: <str; required; unique>

      # Time interval between unsolicited reports.
      report_interval: <int; 1-31744>

      # Non-standard Access List name.
      access_lists:
        - name: <str; required; unique>

      # IGMP version on IGMP host-proxy interface.
      version: <int; 1-3>

    # Key only used for documentation or validation purposes.
    peer: <str>

    # Key only used for documentation or validation purposes.
    peer_interface: <str>

    # Key only used for documentation or validation purposes.
    peer_type: <str>
    sflow:
      enable: <bool>
      egress:
        enable: <bool>
        unmodified_enable: <bool>

    # Key only used for documentation or validation purposes.
    port_profile: <str>
    uc_tx_queues:

        # TX-Queue ID.
      - id: <int; required; unique>
        random_detect:

          # Explicit Congestion Notification.
          ecn:

            # Enable counter for random-detect ECNs.
            count: <bool>
            threshold:

              # Indicate the units to be used for the threshold values.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>

              # Set the random-detect ECN minimum-threshold.
              min: <int; 1-256000000; required>

              # Set the random-detect ECN maximum-threshold.
              max: <int; 1-256000000; required>

              # Set the random-detect ECN max-mark-probability.
              max_probability: <int; 1-100>

              # Set the random-detect ECN weight.
              weight: <int; 0-15>
    tx_queues:

        # TX-Queue ID.
      - id: <int; required; unique>
        random_detect:

          # Explicit Congestion Notification.
          ecn:

            # Enable counter for random-detect ECNs.
            count: <bool>
            threshold:

              # Indicate the units to be used for the threshold values.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>

              # Set the random-detect ECN minimum-threshold.
              min: <int; 1-256000000>

              # Set the random-detect ECN maximum-threshold.
              max: <int; 1-256000000; required>

              # Set the random-detect ECN max-mark-probability.
              max_probability: <int; 1-100; required>

              # Set the random-detect ECN weight.
              weight: <int; 0-15>

    # VRRP model.
    vrrp_ids:

        # VRID.
      - id: <int; required; unique>

        # Instance priority.
        priority_level: <int; 1-254>
        advertisement:

          # Interval in seconds.
          interval: <int; 1-255>
        preempt:
          enabled: <bool; required>
          delay:

            # Minimum preempt delay in seconds.
            minimum: <int; 0-3600>

            # Reload preempt delay in seconds.
            reload: <int; 0-3600>
        timers:
          delay:

            # Delay after reload in seconds.
            reload: <int; 0-3600>
        tracked_object:

            # Tracked object name.
          - name: <str; required; unique>

            # Decrement VRRP priority by 1-254.
            decrement: <int; 1-254>
            shutdown: <bool>
        ipv4:

          # Virtual IPv4 address.
          address: <str; required>
          version: <int; 2 | 3>
        ipv6:

          # Virtual IPv6 address.
          address: <str; required>

    # Set to false to disable interface validation by the `eos_validate_state` role.
    validate_state: <bool>
    switchport:
      port_security:
        enabled: <bool>

        # Maximum number of MAC addresses allowed on the interface.
        mac_address_maximum:

          # Disable port level check for port security (only in violation 'shutdown' mode).
          disabled: <bool>

          # MAC address limit.
          limit: <int; 1-1000>

        # Configure violation mode (shutdown or protect), EOS default is 'shutdown'.
        violation:

          # Configure port security mode.
          mode: <str; "shutdown" | "protect">

          # Log new addresses seen after limit is reached in protect mode.
          protect_log: <bool>

        # Default maximum MAC addresses for all VLANs on this interface.
        vlan_default_mac_address_maximum: <int; 0-1000>
        vlans:

            # VLAN ID or range(s) of VLAN IDs, <1-4094>.
            # Example:
            #   - 3
            #   - 1,3
            #   - 1-10
          - range: <str; required; unique>
            mac_address_maximum: <int>

    # Multiline EOS CLI rendered directly on the ethernet interface in the final EOS configuration.
    eos_cli: <str>

Interface defaults

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
interface_defaults	Dictionary
ethernet	Dictionary
shutdown	Boolean
mtu	Integer

interface_defaults:
  ethernet:
    shutdown: <bool>
  mtu: <int>

Interface profiles

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
interface_profiles	List, items: Dictionary
- name	String	Required, Unique			Interface-Profile Name.
commands	List, items: String	Required
- <str>	String				EOS CLI interface command. Example: “switchport mode access”

interface_profiles:

    # Interface-Profile Name.
  - name: <str; required; unique>
    commands: # required

        # EOS CLI interface command.
        # Example: "switchport mode access"
      - <str>

LACP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
lacp	Dictionary				Set Link Aggregation Control Protocol (LACP) parameters.
port_id	Dictionary				LACP port-ID range configuration.
range	Dictionary
begin	Integer				Minimum LACP port-ID range.
end	Integer				Maximum LACP port-ID range.
rate_limit	Dictionary				Set LACPDU rate limit options.
default	Boolean				Enable LACPDU rate limiting by default on all ports.
system_priority	Integer			Min: 0 Max: 65535	Set local system LACP priority.

# Set Link Aggregation Control Protocol (LACP) parameters.
lacp:

  # LACP port-ID range configuration.
  port_id:
    range:

      # Minimum LACP port-ID range.
      begin: <int>

      # Maximum LACP port-ID range.
      end: <int>

  # Set LACPDU rate limit options.
  rate_limit:

    # Enable LACPDU rate limiting by default on all ports.
    default: <bool>

  # Set local system LACP priority.
  system_priority: <int; 0-65535>

Link tracking groups

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
link_tracking_groups	List, items: Dictionary
- name	String	Required, Unique
links_minimum	Integer			Min: 1 Max: 100000
recovery_delay	Integer			Min: 0 Max: 3600

link_tracking_groups:
  - name: <str; required; unique>
    links_minimum: <int; 1-100000>
    recovery_delay: <int; 0-3600>

LLDP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
lldp	Dictionary
timer	Integer
timer_reinitialization	String
holdtime	Integer
management_address	String
vrf	String
receive_packet_tagged_drop	String
tlvs	List, items: Dictionary
- name	String	Required, Unique		Valid Values: - link-aggregation - management-address - max-frame-size - med - port-description - port-vlan - power-via-mdi - system-capabilities - system-description - system-name - vlan-name
transmit	Boolean
run	Boolean

lldp:
  timer: <int>
  timer_reinitialization: <str>
  holdtime: <int>
  management_address: <str>
  vrf: <str>
  receive_packet_tagged_drop: <str>
  tlvs:
    - name: <str; "link-aggregation" | "management-address" | "max-frame-size" | "med" | "port-description" | "port-vlan" | "power-via-mdi" | "system-capabilities" | "system-description" | "system-name" | "vlan-name"; required; unique>
      transmit: <bool>
  run: <bool>

Loopback interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
loopback_interfaces	List, items: Dictionary
- name	String	Required, Unique			Loopback interface name e.g. “Loopback0”.
description	String
shutdown	Boolean
vrf	String				VRF name.
ip_address	String				IPv4_address/Mask.
ip_address_secondaries	List, items: String
- <str>	String				IPv4_address/Mask.
ipv6_enable	Boolean
ipv6_address	String				IPv6_address/Mask.
ip_proxy_arp	Boolean
ospf_area	String
mpls	Dictionary
ldp	Dictionary
interface	Boolean
isis_enable	String				ISIS instance name.
isis_bfd	Boolean				Enable BFD for ISIS.
isis_passive	Boolean
isis_metric	Integer
isis_network_point_to_point	Boolean
node_segment	Dictionary
ipv4_index	Integer
ipv6_index	Integer
eos_cli	String				EOS CLI rendered directly on the loopback interface in the final EOS configuration.

loopback_interfaces:

    # Loopback interface name e.g. "Loopback0".
  - name: <str; required; unique>
    description: <str>
    shutdown: <bool>

    # VRF name.
    vrf: <str>

    # IPv4_address/Mask.
    ip_address: <str>
    ip_address_secondaries:

        # IPv4_address/Mask.
      - <str>
    ipv6_enable: <bool>

    # IPv6_address/Mask.
    ipv6_address: <str>
    ip_proxy_arp: <bool>
    ospf_area: <str>
    mpls:
      ldp:
        interface: <bool>

    # ISIS instance name.
    isis_enable: <str>

    # Enable BFD for ISIS.
    isis_bfd: <bool>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    node_segment:
      ipv4_index: <int>
      ipv6_index: <int>

    # EOS CLI rendered directly on the loopback interface in the final EOS configuration.
    eos_cli: <str>

Management interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_interfaces	List, items: Dictionary
- name	String	Required, Unique			Management Interface Name.
description	String
shutdown	Boolean
speed	String				Speed should be set in the format <interface_speed> or forced <interface_speed> or auto <interface_speed>.
mtu	Integer
vrf	String				VRF Name.
ip_address	String				IPv4_address/Mask.
ipv6_enable	Boolean
ipv6_address	String				IPv6_address/Mask.
type	String		oob	Valid Values: - oob - inband	For documentation purposes only.
gateway	String				IPv4 address of default gateway in management VRF.
ipv6_gateway	String				IPv6 address of default gateway in management VRF.
mac_address	String				MAC address.
lldp	Dictionary
transmit	Boolean
receive	Boolean
ztp_vlan	Integer				ZTP vlan number.
eos_cli	String				Multiline EOS CLI rendered directly on the management interface in the final EOS configuration.

management_interfaces:

    # Management Interface Name.
  - name: <str; required; unique>
    description: <str>
    shutdown: <bool>

    # Speed should be set in the format `<interface_speed>` or `forced <interface_speed>` or `auto <interface_speed>`.
    speed: <str>
    mtu: <int>

    # VRF Name.
    vrf: <str>

    # IPv4_address/Mask.
    ip_address: <str>
    ipv6_enable: <bool>

    # IPv6_address/Mask.
    ipv6_address: <str>

    # For documentation purposes only.
    type: <str; "oob" | "inband"; default="oob">

    # IPv4 address of default gateway in management VRF.
    gateway: <str>

    # IPv6 address of default gateway in management VRF.
    ipv6_gateway: <str>

    # MAC address.
    mac_address: <str>
    lldp:
      transmit: <bool>
      receive: <bool>

      # ZTP vlan number.
      ztp_vlan: <int>

    # Multiline EOS CLI rendered directly on the management interface in the final EOS configuration.
    eos_cli: <str>

Patch panel

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
patch_panel	Dictionary
patches	List, items: Dictionary
- name	String	Required, Unique
enabled	Boolean
connectors	List, items: Dictionary			Min Length: 2 Max Length: 2	Must have exactly two connectors to a patch of which at least one must be of type “interface”.
- id	String	Required, Unique
type	String	Required		Valid Values: - interface - pseudowire
endpoint	String	Required			String with relevant endpoint depending on type. Examples: - “Ethernet1” - “Ethernet1 dot1q vlan 123” - “bgp vpws TENANT_A pseudowire VPWS_PW_1” - “ldp LDP_PW_1”

patch_panel:
  patches:
    - name: <str; required; unique>
      enabled: <bool>

      # Must have exactly two connectors to a patch of which at least one must be of type "interface".
      connectors: # 2-2 items
        - id: <str; required; unique>
          type: <str; "interface" | "pseudowire"; required>

          # String with relevant endpoint depending on type.
          # Examples:
          # - "Ethernet1"
          # - "Ethernet1 dot1q vlan 123"
          # - "bgp vpws TENANT_A pseudowire VPWS_PW_1"
          # - "ldp LDP_PW_1"
          endpoint: <str; required>

Port-channel interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
port_channel_interfaces	List, items: Dictionary
- name	String	Required, Unique
description	String
logging	Dictionary
event	Dictionary
link_status	Boolean
storm_control_discards	Boolean				Discards due to storm-control.
shutdown	Boolean
l2_mtu	Integer			Min: 68 Max: 65535	“l2_mtu” should only be defined for platforms supporting the “l2 mtu” CLI.
l2_mru	Integer			Min: 68 Max: 65535	“l2_mru” should only be defined for platforms supporting the “l2 mru” CLI.
vlans	String				List of switchport vlans as string. For a trunk port this would be a range like “1-200,300”. For an access port this would be a single vlan “123”.
snmp_trap_link_change	Boolean
type	String			Valid Values: - routed - switched - l3dot1q - l2dot1q	l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed. Interface will not be listed in device documentation, unless “type” is set.
encapsulation_dot1q_vlan	Integer				VLAN tag to configure on sub-interface.
vrf	String				VRF name.
encapsulation_vlan	Dictionary
client	Dictionary
dot1q	Dictionary
vlan	Integer				Client VLAN ID.
outer	Integer				Client Outer VLAN ID.
inner	Integer				Client Inner VLAN ID.
unmatched	Boolean
network	Dictionary				Network encapsulation are all optional, and skipped if using client unmatched.
dot1q	Dictionary
vlan	Integer				Network VLAN ID.
outer	Integer				Network Outer VLAN ID.
inner	Integer				Network Inner VLAN ID.
client	Boolean
vlan_id	Integer			Min: 1 Max: 4094
mode	String			Valid Values: - access - dot1q-tunnel - trunk - trunk phone
native_vlan	Integer				If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
native_vlan_tag	Boolean		False		If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
link_tracking_groups	List, items: Dictionary
- name	String	Required, Unique			Group name.
direction	String			Valid Values: - upstream - downstream
phone	Dictionary
trunk	String			Valid Values: - tagged - untagged
vlan	Integer			Min: 1 Max: 4094
l2_protocol	Dictionary
encapsulation_dot1q_vlan	Integer				Vlan tag to configure on sub-interface.
forwarding_profile	String				L2 protocol forwarding profile.
mtu	Integer			Min: 68 Max: 65535
mlag	Integer			Min: 1 Max: 2000	MLAG ID.
trunk_groups	List, items: String
- <str>	String
lacp_fallback_timeout	Integer		90	Min: 0 Max: 300	Timeout in seconds.
lacp_fallback_mode	String			Valid Values: - individual - static
qos	Dictionary
trust	String			Valid Values: - dscp - cos - disabled
dscp	Integer				DSCP value.
cos	Integer				COS value.
bfd	Dictionary
echo	Boolean
interval	Integer				Interval in milliseconds.
min_rx	Integer				Rate in milliseconds.
multiplier	Integer			Min: 3 Max: 50
neighbor	String				IPv4 or IPv6 address. When the Port-channel is a L2 interface, a local L3 BFD address (router_bfd.local_address) has to be defined globally on the switch.
per_link	Dictionary
enabled	Boolean
rfc_7130	Boolean
service_policy	Dictionary
pbr	Dictionary
input	String				Policy Based Routing Policy-map name.
qos	Dictionary
input	String	Required			Quality of Service Policy-map name.
mpls	Dictionary
ip	Boolean
ldp	Dictionary
interface	Boolean
igp_sync	Boolean
trunk_private_vlan_secondary	Boolean
pvlan_mapping	String				List of vlans as string.
vlan_translations	List, items: Dictionary
- from	String				List of vlans as string (only one vlan if direction is “both”).
to	Integer				VLAN ID.
direction	String		both	Valid Values: - in - out - both
shape	Dictionary
rate	String				Rate in kbps, pps or percent. Supported options are platform dependent. Examples: - “5000 kbps” - “1000 pps” - “20 percent”
storm_control	Dictionary
all	Dictionary
level	String				Configure maximum storm-control level.
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependent.
broadcast	Dictionary
level	String				Configure maximum storm-control level.
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependent.
multicast	Dictionary
level	String				Configure maximum storm-control level.
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependent.
unknown_unicast	Dictionary
level	String				Configure maximum storm-control level.
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependent.
ip_proxy_arp	Boolean
isis_enable	String				ISIS instance.
isis_bfd	Boolean				Enable BFD for ISIS.
isis_passive	Boolean
isis_metric	Integer
isis_network_point_to_point	Boolean
isis_circuit_type	String			Valid Values: - level-1-2 - level-1 - level-2
isis_hello_padding	Boolean
isis_authentication_mode	String			Valid Values: - text - md5
isis_authentication_key	String				Type-7 encrypted password.
traffic_policy	Dictionary
input	String				Ingress traffic policy.
output	String				Egress traffic policy.
evpn_ethernet_segment	Dictionary
identifier	String				EVPN Ethernet Segment Identifier (Type 1 format).
redundancy	String			Valid Values: - all-active - single-active
designated_forwarder_election	Dictionary
algorithm	String			Valid Values: - modulus - preference
preference_value	Integer			Min: 0 Max: 65535	Preference_value is only used when “algorithm” is “preference”.
dont_preempt	Boolean		False		Dont_preempt is only used when “algorithm” is “preference”.
hold_time	Integer
subsequent_hold_time	Integer
candidate_reachability_required	Boolean
mpls	Dictionary
shared_index	Integer			Min: 1 Max: 1024
tunnel_flood_filter_time	Integer
route_target	String				EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
esi deprecated	String				EVPN Ethernet Segment Identifier (Type 1 format). If both “esi” and “evpn_ethernet_segment.identifier” are defined, the new variable takes precedence. This key is deprecated. Support will be removed in AVD version 5.0.0. Use evpn_ethernet_segment.identifier instead.
rt deprecated	String				EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx. If both “rt” and “evpn_ethernet_segment.route_target” are defined, the new variable takes precedence. This key is deprecated. Support will be removed in AVD version 5.0.0. Use evpn_ethernet_segment.route_target instead.
lacp_id	String				LACP ID with format xxxx.xxxx.xxxx.
spanning_tree_bpdufilter	String			Valid Values: - enabled - disabled - True - False - true - false
spanning_tree_bpduguard	String			Valid Values: - enabled - disabled - True - False - true - false
spanning_tree_guard	String			Valid Values: - loop - root - disabled
spanning_tree_portfast	String			Valid Values: - edge - network
vmtracer	Boolean
ptp	Dictionary
enable	Boolean
announce	Dictionary
interval	Integer
timeout	Integer
delay_req	Integer
delay_mechanism	String			Valid Values: - e2e - p2p
sync_message	Dictionary
interval	Integer
role	String			Valid Values: - master - dynamic
vlan	String				VLAN can be ‘all’ or list of vlans as string.
transport	String			Valid Values: - ipv4 - ipv6 - layer2
mpass	Boolean				When MPASS is enabled on an MLAG port-channel, MLAG peers coordinate to function as a single PTP logical device. Arista PTP enabled devices always place PTP messages on the same physical link within the port-channel. Hence, MPASS is needed only on MLAG port-channels connected to non-Arista devices.
ip_address	String				IPv4 address/mask.
ip_verify_unicast_source_reachable_via	String			Valid Values: - any - rx
ip_nat	Dictionary
destination	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
pool_name	String	Required
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive.
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive.
original_ip	String				IPv4 address. The combination of original_ip and original_port must be unique.
original_port	Integer			Min: 1 Max: 65535	TCP/UDP port. The combination of original_ip and original_port must be unique.
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address.
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’.
source	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
nat_type	String	Required		Valid Values: - overload - pool - pool-address-only - pool-full-cone
pool_name	String				required if ‘nat_type’ is pool, pool-address-only or pool-full-cone. ignored if ‘nat_type’ is overload.
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive.
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive.
original_ip	String				IPv4 address. The combination of original_ip and original_port must be unique.
original_port	Integer			Min: 1 Max: 65535	TCP/UDP port. The combination of original_ip and original_port must be unique.
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address.
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’.
ipv6_enable	Boolean
ipv6_address	String				IPv6 address/mask.
ipv6_address_link_local	String				Link local IPv6 address/mask.
ipv6_nd_ra_disabled	Boolean
ipv6_nd_managed_config_flag	Boolean
ipv6_nd_prefixes	List, items: Dictionary
- ipv6_prefix	String	Required, Unique
valid_lifetime	String				Infinite or lifetime in seconds.
preferred_lifetime	String				Infinite or lifetime in seconds.
no_autoconfig_flag	Boolean
access_group_in	String				Access list name.
access_group_out	String				Access list name.
ipv6_access_group_in	String				IPv6 access list name.
ipv6_access_group_out	String				IPv6 access list name.
mac_access_group_in	String				MAC access list name.
mac_access_group_out	String				MAC access list name.
pim	Dictionary
ipv4	Dictionary
border_router	Boolean				Configure PIM border router. EOS default is false.
dr_priority	Integer			Min: 0 Max: 429467295
sparse_mode	Boolean
bfd	Boolean				Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
bidirectional	Boolean
hello	Dictionary
count	String				Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
interval	Integer			Min: 1 Max: 65535	PIM hello interval in seconds.
service_profile	String				QOS profile.
ospf_network_point_to_point	Boolean
ospf_area	String
ospf_cost	Integer
ospf_authentication	String			Valid Values: - none - simple - message-digest
ospf_authentication_key	String				Encrypted password.
ospf_message_digest_keys	List, items: Dictionary
- id	Integer	Required, Unique
hash_algorithm	String			Valid Values: - md5 - sha1 - sha256 - sha384 - sha512
key	String				Encrypted password.
flow_tracker	Dictionary
sampled	String				Sampled flow tracker name.
hardware	String				Hardware flow tracker name.
bgp	Dictionary
session_tracker	String				Name of session tracker.
ip_igmp_host_proxy	Dictionary
enabled	Boolean
groups	List, items: Dictionary
- group	String	Required, Unique			Multicast Address.
exclude	List, items: Dictionary				The same source must not be present both in exclude and include list.
- source	String	Required, Unique
include	List, items: Dictionary				The same source must not be present both in exclude and include list.
- source	String	Required, Unique
report_interval	Integer			Min: 1 Max: 31744	Time interval between unsolicited reports.
access_lists	List, items: Dictionary				Non-standard Access List name.
- name	String	Required, Unique
version	Integer			Min: 1 Max: 3	IGMP version on IGMP host-proxy interface.
peer	String				Key only used for documentation or validation purposes.
peer_interface	String				Key only used for documentation or validation purposes.
peer_type	String				Key only used for documentation or validation purposes.
sflow	Dictionary
enable	Boolean
egress	Dictionary
enable	Boolean
unmodified_enable	Boolean
validate_state	Boolean				Set to false to disable interface validation by the eos_validate_state role.
eos_cli	String				Multiline EOS CLI rendered directly on the port-channel interface in the final EOS configuration.

port_channel_interfaces:
  - name: <str; required; unique>
    description: <str>
    logging:
      event:
        link_status: <bool>

        # Discards due to storm-control.
        storm_control_discards: <bool>
    shutdown: <bool>

    # "l2_mtu" should only be defined for platforms supporting the "l2 mtu" CLI.
    l2_mtu: <int; 68-65535>

    # "l2_mru" should only be defined for platforms supporting the "l2 mru" CLI.
    l2_mru: <int; 68-65535>

    # List of switchport vlans as string.
    # For a trunk port this would be a range like "1-200,300".
    # For an access port this would be a single vlan "123".
    vlans: <str>
    snmp_trap_link_change: <bool>

    # l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
    # Interface will not be listed in device documentation, unless "type" is set.
    type: <str; "routed" | "switched" | "l3dot1q" | "l2dot1q">

    # VLAN tag to configure on sub-interface.
    encapsulation_dot1q_vlan: <int>

    # VRF name.
    vrf: <str>
    encapsulation_vlan:
      client:
        dot1q:

          # Client VLAN ID.
          vlan: <int>

          # Client Outer VLAN ID.
          outer: <int>

          # Client Inner VLAN ID.
          inner: <int>
        unmatched: <bool>

      # Network encapsulation are all optional, and skipped if using client unmatched.
      network:
        dot1q:

          # Network VLAN ID.
          vlan: <int>

          # Network Outer VLAN ID.
          outer: <int>

          # Network Inner VLAN ID.
          inner: <int>
        client: <bool>
    vlan_id: <int; 1-4094>
    mode: <str; "access" | "dot1q-tunnel" | "trunk" | "trunk phone">

    # If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
    native_vlan: <int>

    # If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
    native_vlan_tag: <bool; default=False>
    link_tracking_groups:

        # Group name.
      - name: <str; required; unique>
        direction: <str; "upstream" | "downstream">
    phone:
      trunk: <str; "tagged" | "untagged">
      vlan: <int; 1-4094>
    l2_protocol:

      # Vlan tag to configure on sub-interface.
      encapsulation_dot1q_vlan: <int>

      # L2 protocol forwarding profile.
      forwarding_profile: <str>
    mtu: <int; 68-65535>

    # MLAG ID.
    mlag: <int; 1-2000>
    trunk_groups:
      - <str>

    # Timeout in seconds.
    lacp_fallback_timeout: <int; 0-300; default=90>
    lacp_fallback_mode: <str; "individual" | "static">
    qos:
      trust: <str; "dscp" | "cos" | "disabled">

      # DSCP value.
      dscp: <int>

      # COS value.
      cos: <int>
    bfd:
      echo: <bool>

      # Interval in milliseconds.
      interval: <int>

      # Rate in milliseconds.
      min_rx: <int>
      multiplier: <int; 3-50>

      # IPv4 or IPv6 address. When the Port-channel is a L2 interface, a local L3 BFD address (router_bfd.local_address) has to be defined globally on the switch.
      neighbor: <str>
      per_link:
        enabled: <bool>
        rfc_7130: <bool>
    service_policy:
      pbr:

        # Policy Based Routing Policy-map name.
        input: <str>
      qos:

        # Quality of Service Policy-map name.
        input: <str; required>
    mpls:
      ip: <bool>
      ldp:
        interface: <bool>
        igp_sync: <bool>
    trunk_private_vlan_secondary: <bool>

    # List of vlans as string.
    pvlan_mapping: <str>
    vlan_translations:

        # List of vlans as string (only one vlan if direction is "both").
      - from: <str>

        # VLAN ID.
        to: <int>
        direction: <str; "in" | "out" | "both"; default="both">
    shape:

      # Rate in kbps, pps or percent.
      # Supported options are platform dependent.
      # Examples:
      # - "5000 kbps"
      # - "1000 pps"
      # - "20 percent"
      rate: <str>
    storm_control:
      all:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      broadcast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      multicast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      unknown_unicast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
    ip_proxy_arp: <bool>

    # ISIS instance.
    isis_enable: <str>

    # Enable BFD for ISIS.
    isis_bfd: <bool>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    isis_circuit_type: <str; "level-1-2" | "level-1" | "level-2">
    isis_hello_padding: <bool>
    isis_authentication_mode: <str; "text" | "md5">

    # Type-7 encrypted password.
    isis_authentication_key: <str>
    traffic_policy:

      # Ingress traffic policy.
      input: <str>

      # Egress traffic policy.
      output: <str>
    evpn_ethernet_segment:

      # EVPN Ethernet Segment Identifier (Type 1 format).
      identifier: <str>
      redundancy: <str; "all-active" | "single-active">
      designated_forwarder_election:
        algorithm: <str; "modulus" | "preference">

        # Preference_value is only used when "algorithm" is "preference".
        preference_value: <int; 0-65535>

        # Dont_preempt is only used when "algorithm" is "preference".
        dont_preempt: <bool; default=False>
        hold_time: <int>
        subsequent_hold_time: <int>
        candidate_reachability_required: <bool>
      mpls:
        shared_index: <int; 1-1024>
        tunnel_flood_filter_time: <int>

      # EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
      route_target: <str>

    # EVPN Ethernet Segment Identifier (Type 1 format).
    # If both "esi" and "evpn_ethernet_segment.identifier" are defined, the new variable takes precedence.
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>evpn_ethernet_segment.identifier</samp> instead.
    esi: <str>

    # EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
    # If both "rt" and "evpn_ethernet_segment.route_target" are defined, the new variable takes precedence.
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>evpn_ethernet_segment.route_target</samp> instead.
    rt: <str>

    # LACP ID with format xxxx.xxxx.xxxx.
    lacp_id: <str>
    spanning_tree_bpdufilter: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
    spanning_tree_bpduguard: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
    spanning_tree_guard: <str; "loop" | "root" | "disabled">
    spanning_tree_portfast: <str; "edge" | "network">
    vmtracer: <bool>
    ptp:
      enable: <bool>
      announce:
        interval: <int>
        timeout: <int>
      delay_req: <int>
      delay_mechanism: <str; "e2e" | "p2p">
      sync_message:
        interval: <int>
      role: <str; "master" | "dynamic">

      # VLAN can be 'all' or list of vlans as string.
      vlan: <str>
      transport: <str; "ipv4" | "ipv6" | "layer2">

      # When MPASS is enabled on an MLAG port-channel, MLAG peers coordinate to function as a single PTP logical device.
      # Arista PTP enabled devices always place PTP messages on the same physical link within the port-channel.
      # Hence, MPASS is needed only on MLAG port-channels connected to non-Arista devices.
      mpass: <bool>

    # IPv4 address/mask.
    ip_address: <str>
    ip_verify_unicast_source_reachable_via: <str; "any" | "rx">
    ip_nat:
      destination:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            pool_name: <str; required>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
      source:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>

            # required if 'nat_type' is pool, pool-address-only or pool-full-cone.
            # ignored if 'nat_type' is overload.
            pool_name: <str>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
    ipv6_enable: <bool>

    # IPv6 address/mask.
    ipv6_address: <str>

    # Link local IPv6 address/mask.
    ipv6_address_link_local: <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>
    ipv6_nd_prefixes:
      - ipv6_prefix: <str; required; unique>

        # Infinite or lifetime in seconds.
        valid_lifetime: <str>

        # Infinite or lifetime in seconds.
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>

    # Access list name.
    access_group_in: <str>

    # Access list name.
    access_group_out: <str>

    # IPv6 access list name.
    ipv6_access_group_in: <str>

    # IPv6 access list name.
    ipv6_access_group_out: <str>

    # MAC access list name.
    mac_access_group_in: <str>

    # MAC access list name.
    mac_access_group_out: <str>
    pim:
      ipv4:

        # Configure PIM border router. EOS default is false.
        border_router: <bool>
        dr_priority: <int; 0-429467295>
        sparse_mode: <bool>

        # Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
        bfd: <bool>
        bidirectional: <bool>
        hello:

          # Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
          count: <str>

          # PIM hello interval in seconds.
          interval: <int; 1-65535>

    # QOS profile.
    service_profile: <str>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str; "none" | "simple" | "message-digest">

    # Encrypted password.
    ospf_authentication_key: <str>
    ospf_message_digest_keys:
      - id: <int; required; unique>
        hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">

        # Encrypted password.
        key: <str>
    flow_tracker:

      # Sampled flow tracker name.
      sampled: <str>

      # Hardware flow tracker name.
      hardware: <str>
    bgp:

      # Name of session tracker.
      session_tracker: <str>
    ip_igmp_host_proxy:
      enabled: <bool>
      groups:

          # Multicast Address.
        - group: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          exclude:
            - source: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          include:
            - source: <str; required; unique>

      # Time interval between unsolicited reports.
      report_interval: <int; 1-31744>

      # Non-standard Access List name.
      access_lists:
        - name: <str; required; unique>

      # IGMP version on IGMP host-proxy interface.
      version: <int; 1-3>

    # Key only used for documentation or validation purposes.
    peer: <str>

    # Key only used for documentation or validation purposes.
    peer_interface: <str>

    # Key only used for documentation or validation purposes.
    peer_type: <str>
    sflow:
      enable: <bool>
      egress:
        enable: <bool>
        unmodified_enable: <bool>

    # Set to false to disable interface validation by the `eos_validate_state` role.
    validate_state: <bool>

    # Multiline EOS CLI rendered directly on the port-channel interface in the final EOS configuration.
    eos_cli: <str>

Switchport default

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
switchport_default	Dictionary
mode	String			Valid Values: - routed - access
phone	Dictionary
cos	Integer			Min: 0 Max: 7
trunk	String			Valid Values: - tagged - untagged
vlan	Integer			Min: 1 Max: 4094	VLAN ID.

switchport_default:
  mode: <str; "routed" | "access">
  phone:
    cos: <int; 0-7>
    trunk: <str; "tagged" | "untagged">

    # VLAN ID.
    vlan: <int; 1-4094>

Switchport port security

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
switchport_port_security	Dictionary
mac_address	Dictionary
aging	Boolean
moveable	Boolean
persistence_disabled	Boolean
violation_protect_chip_based	Boolean

switchport_port_security:
  mac_address:
    aging: <bool>
    moveable: <bool>
  persistence_disabled: <bool>
  violation_protect_chip_based: <bool>

Transceiver QSFP default mode 4x10

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
transceiver_qsfp_default_mode_4x10	Boolean		True		On all front panel ports which support this feature, the following global configuration command changes the QSFP mode from 40G to 4x10G (default). When set to false the command reverts the default QSFP mode back to 40G.

# On all front panel ports which support this feature, the following global configuration command changes the QSFP mode from 40G to 4x10G (default). When set to false the command reverts the default QSFP mode back to 40G.
transceiver_qsfp_default_mode_4x10: <bool; default=True>

Tunnel interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
tunnel_interfaces	List, items: Dictionary
- name	String	Required, Unique			Tunnel Interface Name.
description	String
shutdown	Boolean
mtu	Integer			Min: 68 Max: 65535
vrf	String				VRF Name.
ip_address	String			Format: ipv4_cidr	IPv4_address/Mask.
ipv6_enable	Boolean
ipv6_address	String			Format: ipv6_cidr	IPv6_address/Mask.
access_group_in	String				IPv4 ACL Name for ingress.
access_group_out	String				IPv4 ACL Name for egress.
ipv6_access_group_in	String				IPv6 ACL Name for ingress.
ipv6_access_group_out	String				IPv6 ACL Name for egress.
tcp_mss_ceiling	Dictionary
ipv4	Integer			Min: 64 Max: 65495	Segment Size for IPv4.
ipv6	Integer			Min: 64 Max: 65475	Segment Size for IPv6.
direction	String			Valid Values: - ingress - egress	Optional direction (‘ingress’, ‘egress’) for tcp mss ceiling.
tunnel_mode	String			Valid Values: - gre - ipsec	Tunnel encapsulation method. gre: Generic route encapsulation protocol, ipsec: IPsec-over-IP encapsulation.
source_interface	String				Tunnel Source Interface Name.
destination	String				IPv4 or IPv6 Address Tunnel Destination.
path_mtu_discovery	Boolean				Enable Path MTU Discovery On Tunnel.
ipsec_profile	String				Used only when tunnel_mode is set to ipsec. It must target a defined IPsec profile.
nat_profile	String				NAT interface profile.
eos_cli	String				Multiline String with EOS CLI rendered directly on the Tunnel interface in the final EOS configuration.

tunnel_interfaces:

    # Tunnel Interface Name.
  - name: <str; required; unique>
    description: <str>
    shutdown: <bool>
    mtu: <int; 68-65535>

    # VRF Name.
    vrf: <str>

    # IPv4_address/Mask.
    ip_address: <str>
    ipv6_enable: <bool>

    # IPv6_address/Mask.
    ipv6_address: <str>

    # IPv4 ACL Name for ingress.
    access_group_in: <str>

    # IPv4 ACL Name for egress.
    access_group_out: <str>

    # IPv6 ACL Name for ingress.
    ipv6_access_group_in: <str>

    # IPv6 ACL Name for egress.
    ipv6_access_group_out: <str>
    tcp_mss_ceiling:

      # Segment Size for IPv4.
      ipv4: <int; 64-65495>

      # Segment Size for IPv6.
      ipv6: <int; 64-65475>

      # Optional direction ('ingress', 'egress')  for tcp mss ceiling.
      direction: <str; "ingress" | "egress">

    # Tunnel encapsulation method.
    # `gre`: Generic route encapsulation protocol,
    # `ipsec`: IPsec-over-IP encapsulation.
    tunnel_mode: <str; "gre" | "ipsec">

    # Tunnel Source Interface Name.
    source_interface: <str>

    # IPv4 or IPv6 Address Tunnel Destination.
    destination: <str>

    # Enable Path MTU Discovery On Tunnel.
    path_mtu_discovery: <bool>

    # Used only when `tunnel_mode` is set to `ipsec`.
    # It must target a defined IPsec profile.
    ipsec_profile: <str>

    # NAT interface profile.
    nat_profile: <str>

    # Multiline String with EOS CLI rendered directly on the Tunnel interface in the final EOS configuration.
    eos_cli: <str>

VLAN interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
vlan_interfaces	List, items: Dictionary
- name	String	Required, Unique			VLAN interface name like “Vlan123”.
description	String
logging	Dictionary
event	Dictionary
link_status	Boolean
shutdown	Boolean
vrf	String				VRF name.
arp_aging_timeout	Integer			Min: 1 Max: 65535	In seconds.
arp_cache_dynamic_capacity	Integer			Min: 0 Max: 4294967295
arp_gratuitous_accept	Boolean
arp_monitor_mac_address	Boolean
ip_proxy_arp	Boolean
ip_directed_broadcast	Boolean
ip_address	String				IPv4_address/Mask.
ip_address_secondaries	List, items: String
- <str>	String				IPv4_address/Mask.
ip_virtual_router_addresses	List, items: String
- <str>	String				IPv4 address or IPv4_address/Mask.
ip_address_virtual	String				IPv4_address/Mask.
ip_address_virtual_secondaries	List, items: String
- <str>	String				IPv4_address/Mask.
ip_verify_unicast_source_reachable_via	String			Valid Values: - any - rx
ip_igmp	Boolean
ip_igmp_version	Integer			Min: 1 Max: 3
ip_igmp_host_proxy	Dictionary
enabled	Boolean
groups	List, items: Dictionary
- group	String	Required, Unique			Multicast Address.
exclude	List, items: Dictionary				The same source must not be present both in exclude and include list.
- source	String	Required, Unique
include	List, items: Dictionary				The same source must not be present both in exclude and include list.
- source	String	Required, Unique
report_interval	Integer			Min: 1 Max: 31744	Time interval between unsolicited reports.
access_lists	List, items: Dictionary				Non-standard Access List name.
- name	String	Required, Unique
version	Integer			Min: 1 Max: 3	IGMP version on IGMP host-proxy interface.
ip_helpers	List, items: Dictionary				List of DHCP servers.
- ip_helper	String	Required, Unique			IP address or hostname of DHCP server.
source_interface	String				Interface used as source for forwarded DHCP packets.
vrf	String				VRF where DHCP server can be reached.
ip_dhcp_relay_all_subnets	Boolean				Allow forwarding requests with secondary IP addresses in the gateway address “giaddr” field.
ip_nat	Dictionary
destination	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
pool_name	String	Required
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive.
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive.
original_ip	String				IPv4 address. The combination of original_ip and original_port must be unique.
original_port	Integer			Min: 1 Max: 65535	TCP/UDP port. The combination of original_ip and original_port must be unique.
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address.
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’.
source	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
nat_type	String	Required		Valid Values: - overload - pool - pool-address-only - pool-full-cone
pool_name	String				required if ‘nat_type’ is pool, pool-address-only or pool-full-cone. ignored if ‘nat_type’ is overload.
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive.
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive.
original_ip	String				IPv4 address. The combination of original_ip and original_port must be unique.
original_port	Integer			Min: 1 Max: 65535	TCP/UDP port. The combination of original_ip and original_port must be unique.
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address.
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’.
ipv6_enable	Boolean
ipv6_address	String				IPv6_address/Mask.
ipv6_address_virtual deprecated	String				IPv6_address/Mask. If both “ipv6_address_virtual” and “ipv6_address_virtuals” are set, all addresses will be configured. This key is deprecated. Support will be removed in AVD version 5.0.0. Use ipv6_address_virtuals instead.
ipv6_address_virtuals	List, items: String				The new “ipv6_address_virtuals” key support multiple virtual ipv6 addresses.
- <str>	String				IPv6_address/Mask.
ipv6_address_link_local	String				IPv6_address/Mask.
ipv6_virtual_router_address deprecated	String				“ipv6_virtual_router_address” should not be mixed with the new “ipv6_virtual_router_addresses” key below to avoid conflicts. This key is deprecated. Support will be removed in AVD version 5.0.0. Use ipv6_virtual_router_addresses instead.
ipv6_virtual_router_addresses	List, items: String				Improved “VARPv6” data model to support multiple VARPv6 addresses.
- <str>	String				IPv6 address or IPv6_address/Mask.
ipv6_nd_ra_disabled	Boolean
ipv6_nd_managed_config_flag	Boolean
ipv6_nd_other_config_flag	Boolean				Set the “other stateful configuration” flag in IPv6 router advertisements.
ipv6_nd_cache	Dictionary				IPv6 neighbor cache options.
dynamic_capacity	Integer			Min: 0 Max: 4294967295	Capacity of dynamic cache entries.
expire	Integer			Min: 1 Max: 65535	Cache entries expirery in seconds.
refresh_always	Boolean				Force refresh on cache expiry.
ipv6_nd_prefixes	List, items: Dictionary
- ipv6_prefix	String	Required, Unique			IPv6_address/Mask.
valid_lifetime	String				In seconds <0-4294967295> or infinite.
preferred_lifetime	String				In seconds <0-4294967295> or infinite.
no_autoconfig_flag	Boolean
ipv6_dhcp_relay_destinations	List, items: Dictionary
- address	String	Required, Unique			DHCP server’s IPv6 address.
vrf	String
local_interface	String				Local interface to communicate with DHCP server - mutually exclusive to source_address.
source_address	String				Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface.
link_address	String				Override the default link address specified in the relayed DHCP packet.
ipv6_dhcp_relay_all_subnets	Boolean				Allow forwarding requests with additional IPv6 addresses in the gateway address “giaddr” field.
access_group_in	String				IPv4 access-list name.
access_group_out	String				IPv4 access-list name.
ipv6_access_group_in	String				IPv6 access-list name.
ipv6_access_group_out	String				IPv6 access-list name.
multicast	Dictionary
ipv4	Dictionary
boundaries	List, items: Dictionary				Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
- boundary	String	Required, Unique			IPv4 access-list name or IPv4 multicast group prefix with mask.
out	Boolean
source_route_export	Dictionary
enabled	Boolean	Required
administrative_distance	Integer			Min: 1 Max: 255
static	Boolean
ipv6	Dictionary
boundaries	List, items: Dictionary				Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
- boundary	String	Required, Unique			IPv6 access-list name or IPv6 multicast group prefix with mask.
source_route_export	Dictionary
enabled	Boolean	Required
administrative_distance	Integer			Min: 1 Max: 255
static	Boolean
ospf_network_point_to_point	Boolean
ospf_area	String
ospf_cost	Integer
ospf_authentication	String			Valid Values: - none - simple - message-digest
ospf_authentication_key	String				Encrypted password used for simple authentication.
ospf_message_digest_keys	List, items: Dictionary				Keys used for message-digest authentication.
- id	Integer	Required, Unique
hash_algorithm	String			Valid Values: - md5 - sha1 - sha256 - sha384 - sha512
key	String				Encrypted password.
pim	Dictionary
ipv4	Dictionary
border_router	Boolean				Configure PIM border router. EOS default is false.
dr_priority	Integer			Min: 0 Max: 429467295
sparse_mode	Boolean
local_interface	String
bfd	Boolean				Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
bidirectional	Boolean
hello	Dictionary
count	String				Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
interval	Integer			Min: 1 Max: 65535	PIM hello interval in seconds.
isis_enable	String				ISIS instance name.
isis_bfd	Boolean				Enable BFD for ISIS.
isis_passive	Boolean
isis_metric	Integer
isis_network_point_to_point	Boolean
mtu	Integer
no_autostate	Boolean
vrrp_ids	List, items: Dictionary				Improved “vrrp” data model to support multiple VRRP IDs.
- id	Integer	Required, Unique			VRID.
priority_level	Integer			Min: 1 Max: 254	Instance priority.
advertisement	Dictionary
interval	Integer			Min: 1 Max: 255	Interval in seconds.
preempt	Dictionary
enabled	Boolean	Required
delay	Dictionary
minimum	Integer			Min: 0 Max: 3600	Minimum preempt delay in seconds.
reload	Integer			Min: 0 Max: 3600	Reload preempt delay in seconds.
timers	Dictionary
delay	Dictionary
reload	Integer			Min: 0 Max: 3600	Delay after reload in seconds.
tracked_object	List, items: Dictionary
- name	String	Required, Unique			Tracked object name.
decrement	Integer			Min: 1 Max: 254	Decrement VRRP priority by 1-254.
shutdown	Boolean
ipv4	Dictionary
address	String	Required			Virtual IPv4 address.
version	Integer			Valid Values: - 2 - 3
ipv6	Dictionary
address	String	Required			Virtual IPv6 address.
vrrp deprecated	Dictionary				“vrrp” should not be mixed with the new “vrrp_ids” key above to avoid conflicts. This key is deprecated. Support will be removed in AVD version 5.0.0. Use vrrp_ids instead.
virtual_router	String				Virtual Router ID.
priority	Integer				Instance priority.
advertisement_interval	Integer
preempt_delay_minimum	Integer
ipv4	String				Virtual IPv4 address.
ipv6	String				Virtual IPv6 address.
ip_attached_host_route_export	Dictionary
enabled	Boolean	Required
distance	Integer			Min: 1 Max: 255
ipv6_attached_host_route_export	Dictionary
enabled	Boolean	Required
distance	Integer			Min: 1 Max: 255	Administrative distance for generated routes.
prefix_length	Integer			Min: 0 Max: 128	Prefix length for generated routes.
bfd	Dictionary
echo	Boolean
interval	Integer				Rate in milliseconds.
min_rx	Integer				Minimum RX hold time in milliseconds.
multiplier	Integer			Min: 3 Max: 50
service_policy	Dictionary
pbr	Dictionary
input	String				Name of policy-map used for policy based routing.
pvlan_mapping	String				List of VLANs as string.
tenant	String				Key only used for documentation or validation purposes.
tags	List, items: String				Key only used for documentation or validation purposes.
- <str>	String
type	String				Key only used for documentation or validation purposes.
eos_cli	String				Multiline EOS CLI rendered directly on the VLAN interface in the final EOS configuration.

vlan_interfaces:

    # VLAN interface name like "Vlan123".
  - name: <str; required; unique>
    description: <str>
    logging:
      event:
        link_status: <bool>
    shutdown: <bool>

    # VRF name.
    vrf: <str>

    # In seconds.
    arp_aging_timeout: <int; 1-65535>
    arp_cache_dynamic_capacity: <int; 0-4294967295>
    arp_gratuitous_accept: <bool>
    arp_monitor_mac_address: <bool>
    ip_proxy_arp: <bool>
    ip_directed_broadcast: <bool>

    # IPv4_address/Mask.
    ip_address: <str>
    ip_address_secondaries:

        # IPv4_address/Mask.
      - <str>
    ip_virtual_router_addresses:

        # IPv4 address or IPv4_address/Mask.
      - <str>

    # IPv4_address/Mask.
    ip_address_virtual: <str>
    ip_address_virtual_secondaries:

        # IPv4_address/Mask.
      - <str>
    ip_verify_unicast_source_reachable_via: <str; "any" | "rx">
    ip_igmp: <bool>
    ip_igmp_version: <int; 1-3>
    ip_igmp_host_proxy:
      enabled: <bool>
      groups:

          # Multicast Address.
        - group: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          exclude:
            - source: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          include:
            - source: <str; required; unique>

      # Time interval between unsolicited reports.
      report_interval: <int; 1-31744>

      # Non-standard Access List name.
      access_lists:
        - name: <str; required; unique>

      # IGMP version on IGMP host-proxy interface.
      version: <int; 1-3>

    # List of DHCP servers.
    ip_helpers:

        # IP address or hostname of DHCP server.
      - ip_helper: <str; required; unique>

        # Interface used as source for forwarded DHCP packets.
        source_interface: <str>

        # VRF where DHCP server can be reached.
        vrf: <str>

    # Allow forwarding requests with secondary IP addresses in the gateway address "giaddr" field.
    ip_dhcp_relay_all_subnets: <bool>
    ip_nat:
      destination:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            pool_name: <str; required>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
      source:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>

            # required if 'nat_type' is pool, pool-address-only or pool-full-cone.
            # ignored if 'nat_type' is overload.
            pool_name: <str>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
    ipv6_enable: <bool>

    # IPv6_address/Mask.
    ipv6_address: <str>

    # IPv6_address/Mask.
    # If both "ipv6_address_virtual" and "ipv6_address_virtuals" are set, all addresses will be configured.
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>ipv6_address_virtuals</samp> instead.
    ipv6_address_virtual: <str>

    # The new "ipv6_address_virtuals" key support multiple virtual ipv6 addresses.
    ipv6_address_virtuals:

        # IPv6_address/Mask.
      - <str>

    # IPv6_address/Mask.
    ipv6_address_link_local: <str>

    # "ipv6_virtual_router_address" should not be mixed with
    # the new "ipv6_virtual_router_addresses" key below to avoid conflicts.
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>ipv6_virtual_router_addresses</samp> instead.
    ipv6_virtual_router_address: <str>

    # Improved "VARPv6" data model to support multiple VARPv6 addresses.
    ipv6_virtual_router_addresses:

        # IPv6 address or IPv6_address/Mask.
      - <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>

    # Set the "other stateful configuration" flag in IPv6 router advertisements.
    ipv6_nd_other_config_flag: <bool>

    # IPv6 neighbor cache options.
    ipv6_nd_cache:

      # Capacity of dynamic cache entries.
      dynamic_capacity: <int; 0-4294967295>

      # Cache entries expirery in seconds.
      expire: <int; 1-65535>

      # Force refresh on cache expiry.
      refresh_always: <bool>
    ipv6_nd_prefixes:

        # IPv6_address/Mask.
      - ipv6_prefix: <str; required; unique>

        # In seconds <0-4294967295> or infinite.
        valid_lifetime: <str>

        # In seconds <0-4294967295> or infinite.
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>
    ipv6_dhcp_relay_destinations:

        # DHCP server's IPv6 address.
      - address: <str; required; unique>
        vrf: <str>

        # Local interface to communicate with DHCP server - mutually exclusive to source_address.
        local_interface: <str>

        # Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface.
        source_address: <str>

        # Override the default link address specified in the relayed DHCP packet.
        link_address: <str>

    # Allow forwarding requests with additional IPv6 addresses in the gateway address "giaddr" field.
    ipv6_dhcp_relay_all_subnets: <bool>

    # IPv4 access-list name.
    access_group_in: <str>

    # IPv4 access-list name.
    access_group_out: <str>

    # IPv6 access-list name.
    ipv6_access_group_in: <str>

    # IPv6 access-list name.
    ipv6_access_group_out: <str>
    multicast:
      ipv4:

        # Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
        boundaries:

            # IPv4 access-list name or IPv4 multicast group prefix with mask.
          - boundary: <str; required; unique>
            out: <bool>
        source_route_export:
          enabled: <bool; required>
          administrative_distance: <int; 1-255>
        static: <bool>
      ipv6:

        # Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
        boundaries:

            # IPv6 access-list name or IPv6 multicast group prefix with mask.
          - boundary: <str; required; unique>
        source_route_export:
          enabled: <bool; required>
          administrative_distance: <int; 1-255>
        static: <bool>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str; "none" | "simple" | "message-digest">

    # Encrypted password used for simple authentication.
    ospf_authentication_key: <str>

    # Keys used for message-digest authentication.
    ospf_message_digest_keys:
      - id: <int; required; unique>
        hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">

        # Encrypted password.
        key: <str>
    pim:
      ipv4:

        # Configure PIM border router. EOS default is false.
        border_router: <bool>
        dr_priority: <int; 0-429467295>
        sparse_mode: <bool>
        local_interface: <str>

        # Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
        bfd: <bool>
        bidirectional: <bool>
        hello:

          # Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
          count: <str>

          # PIM hello interval in seconds.
          interval: <int; 1-65535>

    # ISIS instance name.
    isis_enable: <str>

    # Enable BFD for ISIS.
    isis_bfd: <bool>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    mtu: <int>
    no_autostate: <bool>

    # Improved "vrrp" data model to support multiple VRRP IDs.
    vrrp_ids:

        # VRID.
      - id: <int; required; unique>

        # Instance priority.
        priority_level: <int; 1-254>
        advertisement:

          # Interval in seconds.
          interval: <int; 1-255>
        preempt:
          enabled: <bool; required>
          delay:

            # Minimum preempt delay in seconds.
            minimum: <int; 0-3600>

            # Reload preempt delay in seconds.
            reload: <int; 0-3600>
        timers:
          delay:

            # Delay after reload in seconds.
            reload: <int; 0-3600>
        tracked_object:

            # Tracked object name.
          - name: <str; required; unique>

            # Decrement VRRP priority by 1-254.
            decrement: <int; 1-254>
            shutdown: <bool>
        ipv4:

          # Virtual IPv4 address.
          address: <str; required>
          version: <int; 2 | 3>
        ipv6:

          # Virtual IPv6 address.
          address: <str; required>

    # "vrrp" should not be mixed with the new "vrrp_ids" key above to avoid conflicts.
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>vrrp_ids</samp> instead.
    vrrp:

      # Virtual Router ID.
      virtual_router: <str>

      # Instance priority.
      priority: <int>
      advertisement_interval: <int>
      preempt_delay_minimum: <int>

      # Virtual IPv4 address.
      ipv4: <str>

      # Virtual IPv6 address.
      ipv6: <str>
    ip_attached_host_route_export:
      enabled: <bool; required>
      distance: <int; 1-255>
    ipv6_attached_host_route_export:
      enabled: <bool; required>

      # Administrative distance for generated routes.
      distance: <int; 1-255>

      # Prefix length for generated routes.
      prefix_length: <int; 0-128>
    bfd:
      echo: <bool>

      # Rate in milliseconds.
      interval: <int>

      # Minimum RX hold time in milliseconds.
      min_rx: <int>
      multiplier: <int; 3-50>
    service_policy:
      pbr:

        # Name of policy-map used for policy based routing.
        input: <str>

    # List of VLANs as string.
    pvlan_mapping: <str>

    # Key only used for documentation or validation purposes.
    tenant: <str>

    # Key only used for documentation or validation purposes.
    tags:
      - <str>

    # Key only used for documentation or validation purposes.
    type: <str>

    # Multiline EOS CLI rendered directly on the VLAN interface in the final EOS configuration.
    eos_cli: <str>

VXLAN interface

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
vxlan_interface	Dictionary
Vxlan1	Dictionary
description	String
vxlan	Dictionary
source_interface	String				Source Interface Name.
multicast	Dictionary
headend_replication	Boolean
controller_client	Dictionary				Client to CVX Controllers.
enabled	Boolean
mlag_source_interface	String
udp_port	Integer
vtep_to_vtep_bridging	Boolean				Enable bridging between different VTEPs in vxlan overlay.
virtual_router_encapsulation_mac_address	String				“mlag-system-id” or ethernet_address (H.H.H).
bfd_vtep_evpn	Dictionary
interval	Integer
min_rx	Integer
multiplier	Integer			Min: 3 Max: 50
prefix_list	String
qos	Dictionary				For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in “DSCP Trust” mode. !!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping.
dscp_propagation_encapsulation	Boolean
ecn_propagation	Boolean				Enable copying the ECN marking to/from encapsulated packets.
map_dscp_to_traffic_class_decapsulation	Boolean
vlans	List, items: Dictionary
- id	Integer	Required, Unique			VLAN ID.
vni	Integer
multicast_group	String				IP Multicast Group Address.
flood_vteps	List, items: String
- <str>	String				Remote VTEP IP Address.
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF Name.
vni	Integer
multicast_group	String				IP Multicast Group Address.
flood_vteps	List, items: String
- <str>	String				Remote VTEP IP Address.
flood_vtep_learned_data_plane	Boolean
eos_cli	String				Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration.

vxlan_interface:
  Vxlan1:
    description: <str>
    vxlan:

      # Source Interface Name.
      source_interface: <str>
      multicast:
        headend_replication: <bool>

      # Client to CVX Controllers.
      controller_client:
        enabled: <bool>
      mlag_source_interface: <str>
      udp_port: <int>

      # Enable bridging between different VTEPs in vxlan overlay.
      vtep_to_vtep_bridging: <bool>

      # "mlag-system-id" or ethernet_address (H.H.H).
      virtual_router_encapsulation_mac_address: <str>
      bfd_vtep_evpn:
        interval: <int>
        min_rx: <int>
        multiplier: <int; 3-50>
        prefix_list: <str>

      # For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in "DSCP Trust" mode.
      # !!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping.
      qos:
        dscp_propagation_encapsulation: <bool>

        # Enable copying the ECN marking to/from encapsulated packets.
        ecn_propagation: <bool>
        map_dscp_to_traffic_class_decapsulation: <bool>
      vlans:

          # VLAN ID.
        - id: <int; required; unique>
          vni: <int>

          # IP Multicast Group Address.
          multicast_group: <str>
          flood_vteps:

              # Remote VTEP IP Address.
            - <str>
      vrfs:

          # VRF Name.
        - name: <str; required; unique>
          vni: <int>

          # IP Multicast Group Address.
          multicast_group: <str>
      flood_vteps:

          # Remote VTEP IP Address.
        - <str>
      flood_vtep_learned_data_plane: <bool>

    # Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration.
    eos_cli: <str>

Maintenance Mode

BGP groups

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
bgp_groups	List, items: Dictionary
- name	String	Required, Unique			Group Name.
vrf	String
neighbors	List, items: String
- <str>	String
bgp_maintenance_profiles	List, items: String
- <str>	String				Profile Name.

bgp_groups:

    # Group Name.
  - name: <str; required; unique>
    vrf: <str>
    neighbors:
      - <str>
    bgp_maintenance_profiles:

        # Profile Name.
      - <str>

Interface groups

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
interface_groups	List, items: Dictionary
- name	String	Required, Unique			Interface-Group name.
interfaces	List, items: String
- <str>	String				Interface Name.
bgp_maintenance_profiles	List, items: String
- <str>	String				Name of BGP Maintenance Profile.
interface_maintenance_profiles	List, items: String
- <str>	String				Name of Interface Maintenance Profile.

interface_groups:

    # Interface-Group name.
  - name: <str; required; unique>
    interfaces:

        # Interface Name.
      - <str>
    bgp_maintenance_profiles:

        # Name of BGP Maintenance Profile.
      - <str>
    interface_maintenance_profiles:

        # Name of Interface Maintenance Profile.
      - <str>

Maintenance

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
maintenance	Dictionary
default_interface_profile	String				Name of default Interface Profile.
default_bgp_profile	String				Name of default BGP Profile.
default_unit_profile	String				Name of default Unit Profile.
interface_profiles	List, items: Dictionary
- name	String	Required, Unique
rate_monitoring	Dictionary
load_interval	Integer				Load Interval in Seconds.
threshold	Integer				Threshold in kbps.
shutdown	Dictionary
max_delay	Integer				Max delay in seconds.
bgp_profiles	List, items: Dictionary
- name	String	Required, Unique			BGP Profile Name.
initiator	Dictionary
route_map_inout	String				Route Map.
unit_profiles	List, items: Dictionary
- name	String	Required, Unique			Unit Profile Name.
on_boot	Dictionary
duration	Integer			Min: 300 Max: 3600	On-boot in seconds.
units	List, items: Dictionary
- name	String	Required, Unique			Unit Name.
quiesce	Boolean
profile	String				Name of Unit Profile.
groups	Dictionary
bgp_groups	List, items: String
- <str>	String				Name of BGP Group.
interface_groups	List, items: String
- <str>	String				Name of Interface Group.

maintenance:

  # Name of default Interface Profile.
  default_interface_profile: <str>

  # Name of default BGP Profile.
  default_bgp_profile: <str>

  # Name of default Unit Profile.
  default_unit_profile: <str>
  interface_profiles:
    - name: <str; required; unique>
      rate_monitoring:

        # Load Interval in Seconds.
        load_interval: <int>

        # Threshold in kbps.
        threshold: <int>
      shutdown:

        # Max delay in seconds.
        max_delay: <int>
  bgp_profiles:

      # BGP Profile Name.
    - name: <str; required; unique>
      initiator:

        # Route Map.
        route_map_inout: <str>
  unit_profiles:

      # Unit Profile Name.
    - name: <str; required; unique>
      on_boot:

        # On-boot in seconds.
        duration: <int; 300-3600>
  units:

      # Unit Name.
    - name: <str; required; unique>
      quiesce: <bool>

      # Name of Unit Profile.
      profile: <str>
      groups:
        bgp_groups:

            # Name of BGP Group.
          - <str>
        interface_groups:

            # Name of Interface Group.
          - <str>

Management

Aliases

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aliases	String				Multi-line string with one or more alias commands. Example: yaml<br>aliases: |<br> alias wr copy running-config startup-config<br> alias siib show ip interface brief<br>

# Multi-line string with one or more alias commands.
#
# Example:
#
# ```yaml
# aliases: |
#   alias wr copy running-config startup-config
#   alias siib show ip interface brief
# ```
aliases: <str>

Banners

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
banners	Dictionary
login	String				Multiline string ending with EOF on the last line.
motd	String				Multiline string ending with EOF on the last line.

banners:

  # Multiline string ending with EOF on the last line.
  login: <str>

  # Multiline string ending with EOF on the last line.
  motd: <str>

Boot

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
boot	Dictionary				Set the Aboot password.
secret	Dictionary
hash_algorithm	String		sha512	Valid Values: - md5 - sha512
key	String				Hashed Password.

# Set the Aboot password.
boot:
  secret:
    hash_algorithm: <str; "md5" | "sha512"; default="sha512">

    # Hashed Password.
    key: <str>

Clock

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
clock	Dictionary
timezone	String

clock:
  timezone: <str>

DNS domain

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
dns_domain	String				Domain Name.

# Domain Name.
dns_domain: <str>

Domain-list

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
domain_list	List, items: String				Search list of DNS domains.
- <str>	String				Domain name.

# Search list of DNS domains.
domain_list:

    # Domain name.
  - <str>

Hostname

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
hostname	String

hostname: <str>

IP domain lookup

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_domain_lookup	Dictionary
source_interfaces	List, items: Dictionary
- name	String	Required, Unique			Source Interface.
vrf	String

ip_domain_lookup:
  source_interfaces:

      # Source Interface.
    - name: <str; required; unique>
      vrf: <str>

IP HTTP client source-interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_http_client_source_interfaces	List, items: Dictionary
- name	String				Interface Name.
vrf	String

ip_http_client_source_interfaces:

    # Interface Name.
  - name: <str>
    vrf: <str>

IP name servers

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_name_servers	List, items: Dictionary
- ip_address	String				IPv4 or IPv6 address for DNS server.
vrf	String				VRF Name.
priority	Integer			Min: 0 Max: 4	Priority value (lower is first).

ip_name_servers:

    # IPv4 or IPv6 address for DNS server.
  - ip_address: <str>

    # VRF Name.
    vrf: <str>

    # Priority value (lower is first).
    priority: <int; 0-4>

IP SSH client source-interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_ssh_client_source_interfaces	List, items: Dictionary
- name	String				Interface Name.
vrf	String		default

ip_ssh_client_source_interfaces:

    # Interface Name.
  - name: <str>
    vrf: <str; default="default">

Management accounts

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_accounts	Dictionary
password	Dictionary
policy	String

management_accounts:
  password:
    policy: <str>

Management API HTTP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_api_http	Dictionary
enable_http	Boolean
enable_https	Boolean
https_ssl_profile	String				SSL Profile Name.
default_services	Boolean				Enable default services: capi-doc and tapagg.
enable_vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF Name.
access_group	String				Standard IPv4 ACL name.
ipv6_access_group	String				Standard IPv6 ACL name.
protocol_https_certificate	Dictionary
certificate	String				Name of certificate; private key must also be specified.
private_key	String				Name of private key; certificate must also be specified.

management_api_http:
  enable_http: <bool>
  enable_https: <bool>

  # SSL Profile Name.
  https_ssl_profile: <str>

  # Enable default services: capi-doc and tapagg.
  default_services: <bool>
  enable_vrfs:

      # VRF Name.
    - name: <str; required; unique>

      # Standard IPv4 ACL name.
      access_group: <str>

      # Standard IPv6 ACL name.
      ipv6_access_group: <str>
  protocol_https_certificate:

    # Name of certificate; private key must also be specified.
    certificate: <str>

    # Name of private key; certificate must also be specified.
    private_key: <str>

Management API models

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_api_models	Dictionary
providers	List, items: Dictionary
- name	String			Valid Values: - sysdb - smash
paths	List, items: Dictionary
- path	String
disabled	Boolean		False

management_api_models:
  providers:
    - name: <str; "sysdb" | "smash">
      paths:
        - path: <str>
          disabled: <bool; default=False>

Management console

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_console	Dictionary
idle_timeout	Integer			Min: 0 Max: 86400

management_console:
  idle_timeout: <int; 0-86400>

Management defaults

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_defaults	Dictionary
secret	Dictionary
hash	String			Valid Values: - md5 - sha512

management_defaults:
  secret:
    hash: <str; "md5" | "sha512">

Management security

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_security	Dictionary
entropy_source deprecated	String				This key is deprecated. Support will be removed in AVD version v5.0.0. Use entropy_sources instead.
entropy_sources	Dictionary				Source of entropy.
hardware	Boolean				Use a hardware based source.
haveged	Boolean				Use the HAVEGE algorithm.
cpu_jitter	Boolean				Use the Jitter RNG algorithm of a CPU based source.
hardware_exclusive	Boolean				Only use entropy from the hardware source.
password	Dictionary
minimum_length	Integer			Min: 1 Max: 32
encryption_key_common	Boolean
encryption_reversible	String
policies	List, items: Dictionary
- name	String	Required, Unique
minimum	Dictionary
digits	Integer			Min: 1 Max: 65535
length	Integer			Min: 1 Max: 65535
lower	Integer			Min: 1 Max: 65535
special	Integer			Min: 1 Max: 65535
upper	Integer			Min: 1 Max: 65535
maximum	Dictionary
repetitive	Integer			Min: 1 Max: 65535
sequential	Integer			Min: 1 Max: 65535
ssl_profiles	List, items: Dictionary
- name	String
tls_versions	String				List of allowed TLS versions as string. Examples: - “1.0” - “1.0 1.1”
cipher_list	String				cipher_list syntax follows the openssl cipher strings format. Colon (:) separated list of allowed ciphers as a string.
trust_certificate	Dictionary
certificates	List, items: String				List of trust certificate names. Examples: - test1.crt - test2.crt
- <str>	String
requirement	Dictionary
basic_constraint_ca	Boolean
hostname_fqdn	Boolean				Enforce hostname to be FQDN without wildcard.
policy_expiry_date_ignore	Boolean
system	Boolean				Use system-supplied trust certificates.
chain_certificate	Dictionary
certificates	List, items: String				List of chain certificate names. Examples: - chain1.crt - chain2.crt
- <str>	String
requirement	Dictionary
basic_constraint_ca	Boolean
include_root_ca	Boolean
certificate	Dictionary
file	String
key	String
certificate_revocation_lists	List, items: String				List of CRLs (Certificate Revocation List). If specified, one CRL needs to be provided for every certificate in the chain, even if the revocation list in the CRL is empty.
- <str>	String
shared_secret_profiles	List, items: Dictionary
- profile	String	Required, Unique
secrets	List, items: Dictionary
- name	String	Required, Unique
secret	String	Required
secret_type	String		7	Valid Values: - 0 - 7 - 8a
receive_lifetime	Dictionary	Required
infinite	Boolean
start_date_time	String				Start date and time of lifetime of the secret. End date should be greater than start date. Formats supported: 1. mm/dd/yyyy hh:mm:ss 2. yyyy-mm-dd hh:mm:ss e.g 2024-12-20 10:00:00
end_date_time	String				End date and time of lifetime of the secret. End date should be greater than start date. Formats supported: 1. mm/dd/yyyy hh:mm:ss 2. yyyy-mm-dd hh:mm:ss e.g 2024-12-20 10:00:00
transmit_lifetime	Dictionary	Required
infinite	Boolean
start_date_time	String				Start date and time of lifetime of the secret. End date should be greater than start date. Formats supported: 1. mm/dd/yyyy hh:mm:ss 2. yyyy-mm-dd hh:mm:ss e.g 2024-12-20 10:00:00
end_date_time	String				End date and time of lifetime of the secret. End date should be greater than start date. Formats supported: 1. mm/dd/yyyy hh:mm:ss 2. yyyy-mm-dd hh:mm:ss e.g 2024-12-20 10:00:00
local_time	Boolean				Configuring secret using the local timezone from system clock. Default is UTC.

management_security:
  # This key is deprecated.
  # Support will be removed in AVD version v5.0.0.
  # Use <samp>entropy_sources</samp> instead.
  entropy_source: <str>

  # Source of entropy.
  entropy_sources:

    # Use a hardware based source.
    hardware: <bool>

    # Use the HAVEGE algorithm.
    haveged: <bool>

    # Use the Jitter RNG algorithm of a CPU based source.
    cpu_jitter: <bool>

    # Only use entropy from the hardware source.
    hardware_exclusive: <bool>
  password:
    minimum_length: <int; 1-32>
    encryption_key_common: <bool>
    encryption_reversible: <str>
    policies:
      - name: <str; required; unique>
        minimum:
          digits: <int; 1-65535>
          length: <int; 1-65535>
          lower: <int; 1-65535>
          special: <int; 1-65535>
          upper: <int; 1-65535>
        maximum:
          repetitive: <int; 1-65535>
          sequential: <int; 1-65535>
  ssl_profiles:
    - name: <str>

      # List of allowed TLS versions as string.
      # Examples:
      #   - "1.0"
      #   - "1.0 1.1"
      tls_versions: <str>

      # cipher_list syntax follows the openssl cipher strings format.
      # Colon (:) separated list of allowed ciphers as a string.
      cipher_list: <str>
      trust_certificate:

        # List of trust certificate names.
        # Examples:
        #   - test1.crt
        #   - test2.crt
        certificates:
          - <str>
        requirement:
          basic_constraint_ca: <bool>

          # Enforce hostname to be FQDN without wildcard.
          hostname_fqdn: <bool>
        policy_expiry_date_ignore: <bool>

        # Use system-supplied trust certificates.
        system: <bool>
      chain_certificate:

        # List of chain certificate names.
        # Examples:
        #   - chain1.crt
        #   - chain2.crt
        certificates:
          - <str>
        requirement:
          basic_constraint_ca: <bool>
          include_root_ca: <bool>
      certificate:
        file: <str>
        key: <str>

      # List of CRLs (Certificate Revocation List).
      # If specified, one CRL needs to be provided for every certificate in the chain, even if the revocation list in the CRL is empty.
      certificate_revocation_lists:
        - <str>
  shared_secret_profiles:
    - profile: <str; required; unique>
      secrets:
        - name: <str; required; unique>
          secret: <str; required>
          secret_type: <str; "0" | "7" | "8a"; default="7">
          receive_lifetime: # required
            infinite: <bool>

            # Start date and time of lifetime of the secret. End date should be greater than start date.
            # Formats supported:
            # 1. mm/dd/yyyy hh:mm:ss
            # 2. yyyy-mm-dd hh:mm:ss
            # e.g 2024-12-20 10:00:00
            start_date_time: <str>

            # End date and time of lifetime of the secret. End date should be greater than start date.
            # Formats supported:
            # 1. mm/dd/yyyy hh:mm:ss
            # 2. yyyy-mm-dd hh:mm:ss
            # e.g 2024-12-20 10:00:00
            end_date_time: <str>
          transmit_lifetime: # required
            infinite: <bool>

            # Start date and time of lifetime of the secret. End date should be greater than start date.
            # Formats supported:
            # 1. mm/dd/yyyy hh:mm:ss
            # 2. yyyy-mm-dd hh:mm:ss
            # e.g 2024-12-20 10:00:00
            start_date_time: <str>

            # End date and time of lifetime of the secret. End date should be greater than start date.
            # Formats supported:
            # 1. mm/dd/yyyy hh:mm:ss
            # 2. yyyy-mm-dd hh:mm:ss
            # e.g 2024-12-20 10:00:00
            end_date_time: <str>

          # Configuring secret using the local timezone from system clock. Default is UTC.
          local_time: <bool>

Management SSH

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_ssh	Dictionary
access_groups	List, items: Dictionary
- name	String				Standard ACL Name.
vrf	String				VRF Name.
ipv6_access_groups	List, items: Dictionary
- name	String				Standard ACL Name.
vrf	String				VRF Name.
idle_timeout	Integer			Min: 0 Max: 86400	Idle timeout in minutes.
cipher	List, items: String				Cryptographic ciphers for SSH to use.
- <str>	String
key_exchange	List, items: String				Cryptographic key exchange methods for SSH to use.
- <str>	String
mac	List, items: String				Cryptographic MAC algorithms for SSH to use.
- <str>	String
fips_restrictions	Boolean				Use FIPS compliant algorithms.
hostkey	Dictionary
server	List, items: String				SSH host key settings.
- <str>	String
server_cert	String				Configure switch’s hostkey cert file.
client_strict_checking	Boolean				Enforce strict host key checking.
enable	Boolean				Enable SSH daemon.
connection	Dictionary
limit	Integer			Min: 1 Max: 100	Maximum total number of SSH sessions to device.
per_host	Integer			Min: 1 Max: 20	Maximum number of SSH sessions to device from a single host.
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF Name.
enable	Boolean				Enable SSH in VRF.
log_level	String				SSH daemon log level.
client_alive	Dictionary
count_max	Integer			Min: 1 Max: 1000	Number of keep-alive packets that can be sent without a response before the connection is assumed dead.
interval	Integer			Min: 1 Max: 1000	Time period (in seconds) to send SSH keep-alive packets.

management_ssh:
  access_groups:

      # Standard ACL Name.
    - name: <str>

      # VRF Name.
      vrf: <str>
  ipv6_access_groups:

      # Standard ACL Name.
    - name: <str>

      # VRF Name.
      vrf: <str>

  # Idle timeout in minutes.
  idle_timeout: <int; 0-86400>

  # Cryptographic ciphers for SSH to use.
  cipher:
    - <str>

  # Cryptographic key exchange methods for SSH to use.
  key_exchange:
    - <str>

  # Cryptographic MAC algorithms for SSH to use.
  mac:
    - <str>

  # Use FIPS compliant algorithms.
  fips_restrictions: <bool>
  hostkey:

    # SSH host key settings.
    server:
      - <str>

    # Configure switch's hostkey cert file.
    server_cert: <str>

    # Enforce strict host key checking.
    client_strict_checking: <bool>

  # Enable SSH daemon.
  enable: <bool>
  connection:

    # Maximum total number of SSH sessions to device.
    limit: <int; 1-100>

    # Maximum number of SSH sessions to device from a single host.
    per_host: <int; 1-20>
  vrfs:

      # VRF Name.
    - name: <str; required; unique>

      # Enable SSH in VRF.
      enable: <bool>

  # SSH daemon log level.
  log_level: <str>
  client_alive:

    # Number of keep-alive packets that can be sent without a response before the connection is assumed dead.
    count_max: <int; 1-1000>

    # Time period (in seconds) to send SSH keep-alive packets.
    interval: <int; 1-1000>

Management tech-support

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_tech_support	Dictionary
policy_show_tech_support	Dictionary
exclude_commands	List, items: Dictionary
- command	String				Command to exclude from tech-support.
type	String		text	Valid Values: - text - json	The supported values for type are platform dependent.
include_commands	List, items: Dictionary
- command	String				Command to include in tech-support.

management_tech_support:
  policy_show_tech_support:
    exclude_commands:

        # Command to exclude from tech-support.
      - command: <str>

        # The supported values for type are platform dependent.
        type: <str; "text" | "json"; default="text">
    include_commands:

        # Command to include in tech-support.
      - command: <str>

Name server

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
name_server deprecated	Dictionary				This key is deprecated. Support will be removed in AVD version v5.0.0. Use ip_name_servers instead.
source	Dictionary
vrf	String				VRF Name.
nodes	List, items: String
- <str>	String

# This key is deprecated.
# Support will be removed in AVD version v5.0.0.
# Use <samp>ip_name_servers</samp> instead.
name_server:
  source:

    # VRF Name.
    vrf: <str>
  nodes:
    - <str>

NTP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ntp	Dictionary
local_interface	Dictionary
name	String				Source interface.
vrf	String				VRF name.
servers	List, items: Dictionary
- name	String				IP or hostname e.g., 2.2.2.55, 2001:db8::55, ie.pool.ntp.org.
burst	Boolean
iburst	Boolean
key	Integer			Min: 1 Max: 65535
local_interface	String				Source interface.
maxpoll	Integer			Min: 3 Max: 17	Value of maxpoll between 3 - 17 (Logarithmic).
minpoll	Integer			Min: 3 Max: 17	Value of minpoll between 3 - 17 (Logarithmic).
preferred	Boolean
version	Integer			Min: 1 Max: 4
vrf	String				VRF name.
authenticate	Boolean
authenticate_servers_only	Boolean
authentication_keys	List, items: Dictionary
- id	Integer	Required, Unique		Min: 1 Max: 65534	Key identifier.
hash_algorithm	String			Valid Values: - md5 - sha1
key	String				Obfuscated key.
key_type	String			Valid Values: - 0 - 7 - 8a
trusted_keys	String				List of trusted-keys as string ex. 10-12,15.

ntp:
  local_interface:

    # Source interface.
    name: <str>

    # VRF name.
    vrf: <str>
  servers:

      # IP or hostname e.g., 2.2.2.55, 2001:db8::55, ie.pool.ntp.org.
    - name: <str>
      burst: <bool>
      iburst: <bool>
      key: <int; 1-65535>

      # Source interface.
      local_interface: <str>

      # Value of maxpoll between 3 - 17 (Logarithmic).
      maxpoll: <int; 3-17>

      # Value of minpoll between 3 - 17 (Logarithmic).
      minpoll: <int; 3-17>
      preferred: <bool>
      version: <int; 1-4>

      # VRF name.
      vrf: <str>
  authenticate: <bool>
  authenticate_servers_only: <bool>
  authentication_keys:

      # Key identifier.
    - id: <int; 1-65534; required; unique>
      hash_algorithm: <str; "md5" | "sha1">

      # Obfuscated key.
      key: <str>
      key_type: <str; "0" | "7" | "8a">

  # List of trusted-keys as string ex. 10-12,15.
  trusted_keys: <str>

Prompt

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
prompt	String

prompt: <str>

Terminal

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
terminal	Dictionary
length	Integer			Min: 0 Max: 32767
width	Integer			Min: 10 Max: 32767

terminal:
  length: <int; 0-32767>
  width: <int; 10-32767>

Virtual source NAT VRFs

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
virtual_source_nat_vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF Name.
ip_address	String				IPv4 Address.

virtual_source_nat_vrfs:

    # VRF Name.
  - name: <str; required; unique>

    # IPv4 Address.
    ip_address: <str>

Miscellaneous

Config comment

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
config_comment	String				Add a comment to provide information about the configuration. This comment will be rendered at the top of the generated configuration.

# Add a comment to provide information about the configuration.
# This comment will be rendered at the top of the generated configuration.
config_comment: <str>

CVX

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
cvx	Dictionary				CVX server features are not supported on physical switches. See management_cvx for client configurations.
shutdown	Boolean
peer_hosts	List, items: String
- <str>	String				IP address or hostname.
services	Dictionary
mcs	Dictionary
redis	Dictionary
password	String				Hashed password using the password_type.
password_type	String		7	Valid Values: - 0 - 7 - 8a
shutdown	Boolean
vxlan	Dictionary				VXLAN Controller service.
shutdown	Boolean
vtep_mac_learning	String			Valid Values: - control-plane - data-plane

# CVX server features are not supported on physical switches. See `management_cvx` for client configurations.
cvx:
  shutdown: <bool>
  peer_hosts:

      # IP address or hostname.
    - <str>
  services:
    mcs:
      redis:

        # Hashed password using the password_type.
        password: <str>
        password_type: <str; "0" | "7" | "8a"; default="7">
      shutdown: <bool>

    # VXLAN Controller service.
    vxlan:
      shutdown: <bool>
      vtep_mac_learning: <str; "control-plane" | "data-plane">

EOS cli

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
eos_cli	String				Multiline string with EOS CLI rendered directly on the root level of the final EOS configuration.

# Multiline string with EOS CLI rendered directly on the root level of the final EOS configuration.
eos_cli: <str>

Is deployed

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
is_deployed	Boolean		True		Key only used for documentation or validation purposes.

# Key only used for documentation or validation purposes.
is_deployed: <bool; default=True>

Management CVX

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_cvx	Dictionary
shutdown	Boolean
server_hosts	List, items: String
- <str>	String				IP or hostname.
source_interface	String				Interface name.
vrf	String				VRF Name.

management_cvx:
  shutdown: <bool>
  server_hosts:

      # IP or hostname.
    - <str>

  # Interface name.
  source_interface: <str>

  # VRF Name.
  vrf: <str>

MCS client

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
mcs_client	Dictionary
shutdown	Boolean
cvx_secondary	Dictionary
name	String
shutdown	Boolean
server_hosts	List, items: String
- <str>	String				IP or hostname.

mcs_client:
  shutdown: <bool>
  cvx_secondary:
    name: <str>
    shutdown: <bool>
    server_hosts:

        # IP or hostname.
      - <str>

Monitoring

Daemons

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
daemons	List, items: Dictionary				This will add a daemon to the eos configuration that is most useful when trying to run OpenConfig clients like ocprometheus.
- name	String	Required, Unique			Daemon Name.
exec	String	Required			command to run as a daemon.
enabled	Boolean		True

# This will add a daemon to the eos configuration that is most useful when trying to run OpenConfig clients like ocprometheus.
daemons:

    # Daemon Name.
  - name: <str; required; unique>

    # command to run as a daemon.
    exec: <str; required>
    enabled: <bool; default=True>

Daemon terminattr

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
daemon_terminattr	Dictionary				You can either provide a list of IPs/FQDNs to target on-premise Cloudvision cluster or use DNS name for your Cloudvision as a Service instance. Streaming to multiple clusters both on-prem and cloud service is supported. !!! note For TerminAttr version recommendation and EOS compatibility matrix, please refer to the latest TerminAttr Release Notes which always contain the latest recommended versions and minimum required versions per EOS release.
cvaddrs	List, items: String				Streaming address(es) for CloudVision single cluster. - TCP 9910 is used for CV on-prem - TCP 443 is used for CV as a Service
- <str>	String				Server address in the format <ip/fqdn>:<port>.
clusters	List, items: Dictionary				Multiple CloudVision clusters.
- name	String	Required, Unique			Cluster Name.
cvaddrs	List, items: String				Streaming address(es) for CloudVision cluster. - TCP 9910 is used for CV on-prem - TCP 443 is used for CV as a Service
- <str>	String				Server address in the format <ip/fqdn>:<port>.
cvauth	Dictionary				Authentication scheme used to connect to CloudVision.
method	String			Valid Values: - token - token-secure - key - certs
key	String
token_file	String				Token file path. e.g. “/tmp/token”
cert_file	String				Client certificate file path. e.g. “/persist/secure/ssl/terminattr/primary/certs/client.crt”
ca_file	String				CA certificate file path (on-prem only). e.g. “/persist/secure/ssl/terminattr/primary/certs/ca.crt”
key_file	String				Client certificate key file path. e.g. “/persist/secure/ssl/terminattr/primary/keys/client.key”
cvobscurekeyfile	Boolean				Encrypt the private key used for authentication to CloudVision.
cvproxy	String				Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud. The expected form is http://[user:password@]ip:port, e.g.: http://arista:arista@10.83.12.78:3128. Available as of TerminAttr v1.13.0.
cvsourceip	String				Set source IP address in case of in-band management.
cvsourceintf	String				Set source interface in case of in-band management. Available as of TerminAttr v1.23.0. The interface name is case sensitive and has to match the interface name in the running-config, e.g.:Vlan100.
cvvrf	String				The VRF to use to connect to CloudVision.
cvauth	Dictionary				Authentication scheme used to connect to CloudVision.
method	String			Valid Values: - token - token-secure - key - certs
key	String
token_file	String				Token file path. e.g. “/tmp/token”
cert_file	String				Client certificate file path. e.g. “/persist/secure/ssl/terminattr/primary/certs/client.crt”
ca_file	String				CA certificate file path (on-prem only). e.g. “/persist/secure/ssl/terminattr/primary/certs/ca.crt”
key_file	String				Client certificate key file path. e.g. “/persist/secure/ssl/terminattr/primary/keys/client.key”
cvobscurekeyfile	Boolean				Encrypt the private key used for authentication to CloudVision.
cvproxy	String				Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud. The expected form is http://[user:password@]ip:port, e.g.: http://arista:arista@10.83.12.78:3128. Available as of TerminAttr v1.13.0.
cvsourceip	String				Set source IP address in case of in-band management.
cvsourceintf	String				Set source interface in case of in-band management. The interface name is case sensitive and has to match the interface name in the running-config, e.g.:Vlan100.
cvvrf	String				The VRF to use to connect to CloudVision.
cvgnmi	Boolean				Stream states from EOS gNMI servers (Openconfig) to CloudVision. Available as of TerminAttr v1.13.1.
disable_aaa	Boolean				Disable AAA authorization and accounting. When setting this flag, all commands pushed from CloudVision are applied directly to the CLI without authorization.
grpcaddr	String				Set the gRPC server address, the default is 127.0.0.1:6042. e.g. “MGMT/0.0.0.0:6042”
grpcreadonly	Boolean				gNMI read-only mode - Disable gnmi.Set().
ingestexclude	String				Exclude paths from Sysdb on the ingest side. e.g. “/Sysdb/cell/1/agent,/Sysdb/cell/2/agent”
smashexcludes	String				Exclude paths from the shared memory table. e.g. “ale,flexCounter,hardware,kni,pulse,strata”
taillogs	String				Enable log file collection; /var/log/messages is streamed by default if no path is set. e.g. “/var/log/messages”
ecodhcpaddr	String				ECO DHCP Collector address or ECO DHCP Fingerprint listening address in standalone mode (default “127.0.0.1:67”).
ipfix	Boolean				Enable IPFIX provider (TerminAttr default is true). This flag is enabled by default and does not have to be added to the daemon configuration.
ipfixaddr	String				ECO IPFIX Collector address to listen on to receive IPFIX packets (TerminAttr default “127.0.0.1:4739”).
sflow	Boolean				Enable sFlow provider (TerminAttr default is true).
sflowaddr	String				ECO sFlow Collector address to listen on to receive sFlow packets (TerminAttr default “127.0.0.1:6343”).
cvconfig	Boolean				Subscribe to dynamic device configuration from CloudVision (TerminAttr default is false).
cvcompression deprecated	String				The default compression scheme when streaming to CloudVision is gzip since TerminAttr 1.6.1 and CVP 2019.1.0. There is no need to change the compression scheme. This key is deprecated. Support will be removed in AVD version v5.0.0.

# You can either provide a list of IPs/FQDNs to target on-premise Cloudvision cluster or use DNS name for your Cloudvision as a Service instance.
# Streaming to multiple clusters both on-prem and cloud service is supported.
#
# !!! note
#     For TerminAttr version recommendation and EOS compatibility matrix, please refer to the latest TerminAttr Release Notes
#     which always contain the latest recommended versions and minimum required versions per EOS release.
daemon_terminattr:

  # Streaming address(es) for CloudVision single cluster.
  # - TCP 9910 is used for CV on-prem
  # - TCP 443 is used for CV as a Service
  cvaddrs:

      # Server address in the format `<ip/fqdn>:<port>`.
    - <str>

  # Multiple CloudVision clusters.
  clusters:

      # Cluster Name.
    - name: <str; required; unique>

      # Streaming address(es) for CloudVision cluster.
      # - TCP 9910 is used for CV on-prem
      # - TCP 443 is used for CV as a Service
      cvaddrs:

          # Server address in the format `<ip/fqdn>:<port>`.
        - <str>

      # Authentication scheme used to connect to CloudVision.
      cvauth:
        method: <str; "token" | "token-secure" | "key" | "certs">
        key: <str>

        # Token file path.
        # e.g. "/tmp/token"
        token_file: <str>

        # Client certificate file path.
        # e.g. "/persist/secure/ssl/terminattr/primary/certs/client.crt"
        cert_file: <str>

        # CA certificate file path (on-prem only).
        # e.g. "/persist/secure/ssl/terminattr/primary/certs/ca.crt"
        ca_file: <str>

        # Client certificate key file path.
        # e.g. "/persist/secure/ssl/terminattr/primary/keys/client.key"
        key_file: <str>

      # Encrypt the private key used for authentication to CloudVision.
      cvobscurekeyfile: <bool>

      # Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
      # The expected form is http://[user:password@]ip:port, e.g.: `http://arista:arista@10.83.12.78:3128`. Available as of TerminAttr v1.13.0.
      cvproxy: <str>

      # Set source IP address in case of in-band management.
      cvsourceip: <str>

      # Set source interface in case of in-band management. Available as of TerminAttr v1.23.0.
      # The interface name is case sensitive and has to match the interface name in the running-config, e.g.:Vlan100.
      cvsourceintf: <str>

      # The VRF to use to connect to CloudVision.
      cvvrf: <str>

  # Authentication scheme used to connect to CloudVision.
  cvauth:
    method: <str; "token" | "token-secure" | "key" | "certs">
    key: <str>

    # Token file path.
    # e.g. "/tmp/token"
    token_file: <str>

    # Client certificate file path.
    # e.g. "/persist/secure/ssl/terminattr/primary/certs/client.crt"
    cert_file: <str>

    # CA certificate file path (on-prem only).
    # e.g. "/persist/secure/ssl/terminattr/primary/certs/ca.crt"
    ca_file: <str>

    # Client certificate key file path.
    # e.g. "/persist/secure/ssl/terminattr/primary/keys/client.key"
    key_file: <str>

  # Encrypt the private key used for authentication to CloudVision.
  cvobscurekeyfile: <bool>

  # Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
  # The expected form is http://[user:password@]ip:port, e.g.: `http://arista:arista@10.83.12.78:3128`. Available as of TerminAttr v1.13.0.
  cvproxy: <str>

  # Set source IP address in case of in-band management.
  cvsourceip: <str>

  # Set source interface in case of in-band management.
  # The interface name is case sensitive and has to match the interface name in the running-config, e.g.:Vlan100.
  cvsourceintf: <str>

  # The VRF to use to connect to CloudVision.
  cvvrf: <str>

  # Stream states from EOS gNMI servers (Openconfig) to CloudVision. Available as of TerminAttr v1.13.1.
  cvgnmi: <bool>

  # Disable AAA authorization and accounting.
  # When setting this flag, all commands pushed from CloudVision are applied directly to the CLI without authorization.
  disable_aaa: <bool>

  # Set the gRPC server address, the default is 127.0.0.1:6042.
  # e.g. "MGMT/0.0.0.0:6042"
  grpcaddr: <str>

  # gNMI read-only mode - Disable gnmi.Set().
  grpcreadonly: <bool>

  # Exclude paths from Sysdb on the ingest side.
  # e.g. "/Sysdb/cell/1/agent,/Sysdb/cell/2/agent"
  ingestexclude: <str>

  # Exclude paths from the shared memory table.
  # e.g. "ale,flexCounter,hardware,kni,pulse,strata"
  smashexcludes: <str>

  # Enable log file collection; /var/log/messages is streamed by default if no path is set.
  # e.g. "/var/log/messages"
  taillogs: <str>

  # ECO DHCP Collector address or ECO DHCP Fingerprint listening address in standalone mode (default "127.0.0.1:67").
  ecodhcpaddr: <str>

  # Enable IPFIX provider (TerminAttr default is true).
  # This flag is enabled by default and does not have to be added to the daemon configuration.
  ipfix: <bool>

  # ECO IPFIX Collector address to listen on to receive IPFIX packets (TerminAttr default "127.0.0.1:4739").
  ipfixaddr: <str>

  # Enable sFlow provider (TerminAttr default is true).
  sflow: <bool>

  # ECO sFlow Collector address to listen on to receive sFlow packets (TerminAttr default "127.0.0.1:6343").
  sflowaddr: <str>

  # Subscribe to dynamic device configuration from CloudVision (TerminAttr default is false).
  cvconfig: <bool>

  # The default compression scheme when streaming to CloudVision is gzip since TerminAttr 1.6.1 and CVP 2019.1.0.
  # There is no need to change the compression scheme.
  # This key is deprecated.
  # Support will be removed in AVD version v5.0.0.
  cvcompression: <str>

Event handlers

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
event_handlers	List, items: Dictionary				Gives the ability to monitor and react to Syslog messages. Event Handlers provide a powerful and flexible tool that can be used to apply self-healing actions, customize the system behavior, and implement workarounds to problems discovered in the field.
- name	String	Required, Unique			Event Handler Name.
action_type deprecated	String			Valid Values: - bash - increment - log	This key is deprecated. Support will be removed in AVD version 5.0.0. Use event_handlers.actions instead.
action deprecated	String				Command to execute. This key is deprecated. Support will be removed in AVD version 5.0.0. Use event_handlers.actions instead.
actions	Dictionary				Note: bash_command and log are mutually exclusive. bash_command takes precedence over log.
bash_command	String				Define BASH command action. Command could be multiline also.
log	Boolean				Log a message when the event is triggered.
increment_device_health_metric	String				Name of device-health metric.
delay	Integer				Event-handler delay in seconds.
trigger	String			Valid Values: - on-boot - on-counters - on-intf - on-logging - on-maintenance - on-startup-config - vm-tracer vm	Configure event trigger condition.
trigger_on_counters	Dictionary
condition	String				Set the logical expression to evaluate.
granularity_per_source	Boolean				Set the granularity of event counting for a wildcarded condition. Example - condition ( Arad*.IptCrcErrCnt.delta > 100 ) and ( Arad*.UcFifoFullDrop.delta > 100 ) [* wildcard is used here]
poll_interval	Integer			Min: 1 Max: 1000000	Set the polling interval in seconds.
trigger_on_logging	Dictionary
poll_interval	Integer			Min: 1 Max: 1000000	Set the polling interval in seconds.
regex	String				Regular expression to use for searching log messages.
trigger_on_intf	Dictionary				Trigger condition occurs on specified interface changes. Note: Any one of the ip, ipv6 and operstatus key needs to be defined along with the interface.
interface	String	Required			Interface name. Example - Ethernet4 Loopback4-6 Port-channel4,7
ip	Boolean				Action is triggered upon changes to interface IP address assignment.
ipv6	Boolean				Action is triggered upon changes to interface ipv6 address assignment.
operstatus	Boolean				Action is triggered upon changes to interface operStatus.
trigger_on_maintenance	Dictionary				Settings required for trigger ‘on-maintenance’.
operation	String	Required		Valid Values: - enter - exit
bgp_peer	String				Ipv4/Ipv6 address or peer group name. Trigger condition occurs on maintenance operation of specified BGP peer.
action	String	Required		Valid Values: - after - before - all - begin - end	Action for maintenance operation.
stage	String			Valid Values: - bgp - linkdown - mlag - ratemon	Action is triggered after/before specified stage.
vrf	String				VRF name. VRF can be defined for “bgp_peer” only.
interface	String				Trigger condition occurs on maintenance operation of specified interface.
unit	String				Name of unit. Trigger condition occurs on maintenance operation of specified unit
regex deprecated	String				Regular expression to use for searching log messages. Required for on-logging trigger. This key is deprecated. Support will be removed in AVD version 5.0.0. Use event_handlers.trigger_on_logging.regex instead.
asynchronous	Boolean		False		Set the action to be non-blocking.

# Gives the ability to monitor and react to Syslog messages.
# Event Handlers provide a powerful and flexible tool that can be used to apply self-healing actions,
# customize the system behavior, and implement workarounds to problems discovered in the field.
event_handlers:

    # Event Handler Name.
  - name: <str; required; unique>
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>event_handlers.actions</samp> instead.
    action_type: <str; "bash" | "increment" | "log">

    # Command to execute.
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>event_handlers.actions</samp> instead.
    action: <str>

    # Note: `bash_command` and `log` are mutually exclusive. `bash_command` takes precedence over `log`.
    actions:

      # Define BASH command action. Command could be multiline also.
      bash_command: <str>

      # Log a message when the event is triggered.
      log: <bool>

      # Name of device-health metric.
      increment_device_health_metric: <str>

    # Event-handler delay in seconds.
    delay: <int>

    # Configure event trigger condition.
    trigger: <str; "on-boot" | "on-counters" | "on-intf" | "on-logging" | "on-maintenance" | "on-startup-config" | "vm-tracer vm">
    trigger_on_counters:

      # Set the logical expression to evaluate.
      condition: <str>

      # Set the granularity of event counting for a wildcarded condition.
      # Example -
      #   condition ( Arad*.IptCrcErrCnt.delta > 100 ) and ( Arad*.UcFifoFullDrop.delta > 100 )
      #   [* wildcard is used here]
      granularity_per_source: <bool>

      # Set the polling interval in seconds.
      poll_interval: <int; 1-1000000>
    trigger_on_logging:

      # Set the polling interval in seconds.
      poll_interval: <int; 1-1000000>

      # Regular expression to use for searching log messages.
      regex: <str>

    # Trigger condition occurs on specified interface changes.
    # Note: Any one of the `ip`, `ipv6` and `operstatus` key needs to be defined along with the `interface`.
    trigger_on_intf:

      # Interface name.
      # Example - Ethernet4
      #           Loopback4-6
      #           Port-channel4,7
      interface: <str; required>

      # Action is triggered upon changes to interface IP address assignment.
      ip: <bool>

      # Action is triggered upon changes to interface ipv6 address assignment.
      ipv6: <bool>

      # Action is triggered upon changes to interface operStatus.
      operstatus: <bool>

    # Settings required for trigger 'on-maintenance'.
    trigger_on_maintenance:
      operation: <str; "enter" | "exit"; required>

      # Ipv4/Ipv6 address or peer group name.
      # Trigger condition occurs on maintenance operation of specified BGP peer.
      bgp_peer: <str>

      # Action for maintenance operation.
      action: <str; "after" | "before" | "all" | "begin" | "end"; required>

      # Action is triggered after/before specified stage.
      stage: <str; "bgp" | "linkdown" | "mlag" | "ratemon">

      # VRF name. VRF can be defined for "bgp_peer" only.
      vrf: <str>

      # Trigger condition occurs on maintenance operation of specified interface.
      interface: <str>

      # Name of unit. Trigger condition occurs on maintenance operation of specified unit
      unit: <str>

    # Regular expression to use for searching log messages. Required for on-logging trigger.
    # This key is deprecated.
    # Support will be removed in AVD version 5.0.0.
    # Use <samp>event_handlers.trigger_on_logging.regex</samp> instead.
    regex: <str>

    # Set the action to be non-blocking.
    asynchronous: <bool; default=False>

Event monitor

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
event_monitor	Dictionary
enabled	Boolean

event_monitor:
  enabled: <bool>

Flow tracking

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
flow_tracking	Dictionary
sampled	Dictionary
encapsulation	Dictionary
ipv4_ipv6	Boolean
mpls	Boolean
sample	Integer			Min: 1 Max: 4294967295
hardware_offload	Dictionary
ipv4	Boolean				Configure hardware offload for IPv4 traffic.
ipv6	Boolean				Configure hardware offload for IPv6 traffic.
threshold_minimum	Integer			Min: 1 Max: 4294967295	Minimum number of samples.
trackers	List, items: Dictionary
- table_size	Integer			Min: 1 Max: 614400	Maximum number of entries in flow table.
record_export	Dictionary
mpls	Boolean				Export MPLS forwarding information.
on_inactive_timeout	Integer			Min: 3000 Max: 900000	Flow record inactive export timeout in milliseconds.
on_interval	Integer			Min: 1000 Max: 36000000	Flow record export interval in milliseconds.
name	String	Required, Unique			Tracker Name.
exporters	List, items: Dictionary
- name	String	Required, Unique			Exporter Name.
collector	Dictionary
host	String				Collector IPv4 address or IPv6 address or fully qualified domain name.
port	Integer			Min: 1 Max: 65535	Collector Port Number.
format	Dictionary
ipfix_version	Integer
local_interface	String				Local Source Interface.
template_interval	Integer			Min: 5000 Max: 3600000	Template interval in milliseconds.
shutdown	Boolean		False
hardware	Dictionary
record	Dictionary
format_ipfix_standard_timestamps_counters	Boolean				Enable software export of IPFIX data records.
trackers	List, items: Dictionary
- name	String	Required, Unique			Tracker Name.
record_export	Dictionary
on_inactive_timeout	Integer			Min: 3000 Max: 900000	Flow record inactive export timeout in milliseconds.
on_interval	Integer			Min: 1000 Max: 36000000	Flow record export interval in milliseconds.
exporters	List, items: Dictionary
- name	String	Required, Unique			Exporter Name.
collector	Dictionary
host	String				Collector IPv4 address or IPv6 address or fully qualified domain name.
port	Integer			Min: 1 Max: 65535	Collector Port Number.
format	Dictionary
ipfix_version	Integer
local_interface	String				Local Source Interface.
template_interval	Integer			Min: 5000 Max: 3600000	Template interval in milliseconds.
shutdown	Boolean		False
flow_trackings deprecated	List, items: Dictionary				This key is deprecated. Support will be removed in AVD version v5.0.0. Use flow_tracking instead.
- type	String	Required, Unique		Valid Values: - sampled	Flow Tracking Type - only ‘sampled’ supported for now.
sample	Integer			Min: 1 Max: 4294967295
trackers	List, items: Dictionary
- name	String	Required, Unique			Tracker Name.
record_export	Dictionary
on_inactive_timeout	Integer			Min: 3000 Max: 900000	Flow record inactive export timeout in milliseconds.
on_interval	Integer			Min: 1000 Max: 36000000	Flow record export interval in milliseconds.
mpls	Boolean				Export MPLS forwarding information.
exporters	List, items: Dictionary
- name	String	Required, Unique			Exporter Name.
collector	Dictionary
host	String				Collector IPv4 address or IPv6 address or fully qualified domain name.
port	Integer			Min: 1 Max: 65535	Collector Port Number.
format	Dictionary
ipfix_version	Integer
local_interface	String				Local Source Interface.
template_interval	Integer			Min: 5000 Max: 3600000	Template interval in milliseconds.
table_size	Integer			Min: 1 Max: 614400	Maximum number of entries in flow table.
shutdown	Boolean		False

flow_tracking:
  sampled:
    encapsulation:
      ipv4_ipv6: <bool>
      mpls: <bool>
    sample: <int; 1-4294967295>
    hardware_offload:

      # Configure hardware offload for IPv4 traffic.
      ipv4: <bool>

      # Configure hardware offload for IPv6 traffic.
      ipv6: <bool>

      # Minimum number of samples.
      threshold_minimum: <int; 1-4294967295>
    trackers:

        # Maximum number of entries in flow table.
      - table_size: <int; 1-614400>
        record_export:

          # Export MPLS forwarding information.
          mpls: <bool>

          # Flow record inactive export timeout in milliseconds.
          on_inactive_timeout: <int; 3000-900000>

          # Flow record export interval in milliseconds.
          on_interval: <int; 1000-36000000>

        # Tracker Name.
        name: <str; required; unique>
        exporters:

            # Exporter Name.
          - name: <str; required; unique>
            collector:

              # Collector IPv4 address or IPv6 address or fully qualified domain name.
              host: <str>

              # Collector Port Number.
              port: <int; 1-65535>
            format:
              ipfix_version: <int>

            # Local Source Interface.
            local_interface: <str>

            # Template interval in milliseconds.
            template_interval: <int; 5000-3600000>
    shutdown: <bool; default=False>
  hardware:
    record:

      # Enable software export of IPFIX data records.
      format_ipfix_standard_timestamps_counters: <bool>
    trackers:

        # Tracker Name.
      - name: <str; required; unique>
        record_export:

          # Flow record inactive export timeout in milliseconds.
          on_inactive_timeout: <int; 3000-900000>

          # Flow record export interval in milliseconds.
          on_interval: <int; 1000-36000000>
        exporters:

            # Exporter Name.
          - name: <str; required; unique>
            collector:

              # Collector IPv4 address or IPv6 address or fully qualified domain name.
              host: <str>

              # Collector Port Number.
              port: <int; 1-65535>
            format:
              ipfix_version: <int>

            # Local Source Interface.
            local_interface: <str>

            # Template interval in milliseconds.
            template_interval: <int; 5000-3600000>
    shutdown: <bool; default=False>
# This key is deprecated.
# Support will be removed in AVD version v5.0.0.
# Use <samp>flow_tracking</samp> instead.
flow_trackings:

    # Flow Tracking Type - only 'sampled' supported for now.
  - type: <str; "sampled"; required; unique>
    sample: <int; 1-4294967295>
    trackers:

        # Tracker Name.
      - name: <str; required; unique>
        record_export:

          # Flow record inactive export timeout in milliseconds.
          on_inactive_timeout: <int; 3000-900000>

          # Flow record export interval in milliseconds.
          on_interval: <int; 1000-36000000>

          # Export MPLS forwarding information.
          mpls: <bool>
        exporters:

            # Exporter Name.
          - name: <str; required; unique>
            collector:

              # Collector IPv4 address or IPv6 address or fully qualified domain name.
              host: <str>

              # Collector Port Number.
              port: <int; 1-65535>
            format:
              ipfix_version: <int>

            # Local Source Interface.
            local_interface: <str>

            # Template interval in milliseconds.
            template_interval: <int; 5000-3600000>

        # Maximum number of entries in flow table.
        table_size: <int; 1-614400>
    shutdown: <bool; default=False>

Load interval

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
load_interval	Dictionary
default	Integer				Default load interval in seconds.

load_interval:

  # Default load interval in seconds.
  default: <int>

Logging

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
logging	Dictionary
console	String			Valid Values: - debugging - informational - notifications - warnings - errors - critical - alerts - emergencies - disabled	Console logging severity level.
monitor	String			Valid Values: - debugging - informational - notifications - warnings - errors - critical - alerts - emergencies - disabled	Monitor logging severity level.
buffered	Dictionary
size	Integer			Min: 10 Max: 2147483647
level	String			Valid Values: - alerts - critical - debugging - emergencies - errors - informational - notifications - warnings - disabled	Buffer logging severity level.
trap	String			Valid Values: - alerts - critical - debugging - emergencies - errors - informational - notifications - system - warnings - disabled	Trap logging severity level.
synchronous	Dictionary
level	String		critical	Valid Values: - alerts - all - critical - debugging - emergencies - errors - informational - notifications - warnings - disabled	Synchronous logging severity level.
format	Dictionary
timestamp	String			Valid Values: - high-resolution - traditional - traditional timezone - traditional year - traditional timezone year - traditional year timezone	Timestamp format.
hostname	String			Valid Values: - fqdn - ipv4	Hostname format in syslogs. For hostname only, remove the line. (default EOS CLI behaviour).
sequence_numbers	Boolean				Add sequence numbers to log messages.
rfc5424	Boolean				Forward logs in RFC5424 format.
facility	String			Valid Values: - auth - cron - daemon - kern - local0 - local1 - local2 - local3 - local4 - local5 - local6 - local7 - lpr - mail - news - sys9 - sys10 - sys11 - sys12 - sys13 - sys14 - syslog - user - uucp
source_interface	String				Source Interface Name.
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF name.
source_interface	String				Source interface name.
hosts	List, items: Dictionary
- name	String	Required, Unique			Syslog server name.
protocol	String		udp	Valid Values: - tcp - udp
ports	List, items: Integer
- <int>	Integer
policy	Dictionary
match	Dictionary
match_lists	List, items: Dictionary
- name	String	Required, Unique			Match list.
action	String			Valid Values: - discard
event	Dictionary
storm_control	Dictionary
discards	Dictionary
global	Boolean
interval	Integer			Min: 10 Max: 65535	Logging interval in seconds.
level	List, items: Dictionary				Configure logging severity.
- facility	String	Required, Unique
severity	String			Valid Values: - alerts - critical - debugging - emergencies - errors - informational - notifications - warnings - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7	Severity of facility. Below are the supported severites. emergencies System is unusable (severity=0) alerts Immediate action needed (severity=1) critical Critical conditions (severity=2) errors Error conditions (severity=3) warnings Warning conditions (severity=4) notifications Normal but significant conditions (severity=5) informational Informational messages (severity=6) debugging Debugging messages (severity=7) <0-7> Severity level value

logging:

  # Console logging severity level.
  console: <str; "debugging" | "informational" | "notifications" | "warnings" | "errors" | "critical" | "alerts" | "emergencies" | "disabled">

  # Monitor logging severity level.
  monitor: <str; "debugging" | "informational" | "notifications" | "warnings" | "errors" | "critical" | "alerts" | "emergencies" | "disabled">
  buffered:
    size: <int; 10-2147483647>

    # Buffer logging severity level.
    level: <str; "alerts" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "warnings" | "disabled">

  # Trap logging severity level.
  trap: <str; "alerts" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "system" | "warnings" | "disabled">
  synchronous:

    # Synchronous logging severity level.
    level: <str; "alerts" | "all" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "warnings" | "disabled"; default="critical">
  format:

    # Timestamp format.
    timestamp: <str; "high-resolution" | "traditional" | "traditional timezone" | "traditional year" | "traditional timezone year" | "traditional year timezone">

    # Hostname format in syslogs. For hostname _only_, remove the line. (default EOS CLI behaviour).
    hostname: <str; "fqdn" | "ipv4">

    # Add sequence numbers to log messages.
    sequence_numbers: <bool>

    # Forward logs in RFC5424 format.
    rfc5424: <bool>
  facility: <str; "auth" | "cron" | "daemon" | "kern" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7" | "lpr" | "mail" | "news" | "sys9" | "sys10" | "sys11" | "sys12" | "sys13" | "sys14" | "syslog" | "user" | "uucp">

  # Source Interface Name.
  source_interface: <str>
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # Source interface name.
      source_interface: <str>
      hosts:

          # Syslog server name.
        - name: <str; required; unique>
          protocol: <str; "tcp" | "udp"; default="udp">
          ports:
            - <int>
  policy:
    match:
      match_lists:

          # Match list.
        - name: <str; required; unique>
          action: <str; "discard">
  event:
    storm_control:
      discards:
        global: <bool>

        # Logging interval in seconds.
        interval: <int; 10-65535>

  # Configure logging severity.
  level:
    - facility: <str; required; unique>

      # Severity of facility. Below are the supported severites.
      # emergencies    System is unusable                (severity=0)
      # alerts         Immediate action needed           (severity=1)
      # critical       Critical conditions               (severity=2)
      # errors         Error conditions                  (severity=3)
      # warnings       Warning conditions                (severity=4)
      # notifications  Normal but significant conditions (severity=5)
      # informational  Informational messages            (severity=6)
      # debugging      Debugging messages                (severity=7)
      # <0-7>          Severity level value
      severity: <str; "alerts" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "warnings" | "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7">

Management API gNMI

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_api_gnmi	Dictionary
provider	String		eos-native
transport	Dictionary
grpc	List, items: Dictionary
- name	String				Transport name.
ssl_profile	String				SSL profile name.
vrf	String				VRF name is optional.
notification_timestamp	String			Valid Values: - send-time - last-change-time	Per the gNMI specification, the default timestamp field of a notification message is set to be the time at which the value of the underlying data source changes or when the reported event takes place. In order to facilitate integration in legacy environments oriented around polling style operations, an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F.
ip_access_group	String				ACL name.
port	Integer				GNMI port. Make sure to update the control-plane ACL accordingly in order for the service to be reachable by external applications.
grpc_tunnels	List, items: Dictionary
- name	String	Required, Unique			Transport name.
shutdown	Boolean				Operational status of the gRPC tunnel.
tunnel_ssl_profile	String				Tunnel SSL profile name.
gnmi_ssl_profile	String				gNMI SSL profile name.
vrf	String				VRF name.
destination	Dictionary
address	String	Required			IP address or hostname.
port	Integer	Required		Min: 1 Max: 65535	TCP Port.
local_interface	Dictionary
name	String	Required			Interface name.
port	Integer	Required		Min: 1 Max: 65535	TCP Port.
target	Dictionary
use_serial_number	Boolean				Use serial number as the Target ID.
target_ids	List, items: String				Target IDs as a list.
- <str>	String
enable_vrfs deprecated	List, items: Dictionary				These should not be mixed with the new keys above. This key is deprecated. Support will be removed in AVD version 5.0.0. Use transport.grpc instead.
- name	String	Required, Unique			VRF name.
access_group	String				Standard IPv4 ACL name.
octa deprecated	Dictionary				These should not be mixed with the new keys above. Octa activates eos-native provider and it is the only provider currently supported by EOS. This key is deprecated. Support will be removed in AVD version 5.0.0. Use provider instead.

management_api_gnmi:
  provider: <str; default="eos-native">
  transport:
    grpc:

        # Transport name.
      - name: <str>

        # SSL profile name.
        ssl_profile: <str>

        # VRF name is optional.
        vrf: <str>

        # Per the gNMI specification, the default timestamp field of a notification message is set to be
        # the time at which the value of the underlying data source changes or when the reported event takes place.
        # In order to facilitate integration in legacy environments oriented around polling style operations,
        # an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F.
        notification_timestamp: <str; "send-time" | "last-change-time">

        # ACL name.
        ip_access_group: <str>

        # GNMI port.
        # Make sure to update the control-plane ACL accordingly in order for the service to be reachable by external applications.
        port: <int>
    grpc_tunnels:

        # Transport name.
      - name: <str; required; unique>

        # Operational status of the gRPC tunnel.
        shutdown: <bool>

        # Tunnel SSL profile name.
        tunnel_ssl_profile: <str>

        # gNMI SSL profile name.
        gnmi_ssl_profile: <str>

        # VRF name.
        vrf: <str>
        destination:

          # IP address or hostname.
          address: <str; required>

          # TCP Port.
          port: <int; 1-65535; required>
        local_interface:

          # Interface name.
          name: <str; required>

          # TCP Port.
          port: <int; 1-65535; required>
        target:

          # Use serial number as the Target ID.
          use_serial_number: <bool>

          # Target IDs as a list.
          target_ids:
            - <str>

  # These should not be mixed with the new keys above.
  # This key is deprecated.
  # Support will be removed in AVD version 5.0.0.
  # Use <samp>transport.grpc</samp> instead.
  enable_vrfs:

      # VRF name.
    - name: <str; required; unique>

      # Standard IPv4 ACL name.
      access_group: <str>

  # These should not be mixed with the new keys above.
  # Octa activates `eos-native` provider and it is the only provider currently supported by EOS.
  # This key is deprecated.
  # Support will be removed in AVD version 5.0.0.
  # Use <samp>provider</samp> instead.
  octa: <dict>

Monitor connectivity

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
monitor_connectivity	Dictionary
shutdown	Boolean
interval	Integer
interface_sets	List, items: Dictionary
- name	String
interfaces	String				Interface range(s) should be of same type, Ethernet, Loopback, Management etc. Multiple interface ranges can be specified separated by “,”.
local_interfaces	String
address_only	Boolean		True		PREVIEW: This key is in preview. When address-only is configured, the source IP of the packet is set to the interface IP but the packet may exit the device via a different interface. When set to false, the probe uses the interface to exit the device. Not supported yet in EOS.
hosts	List, items: Dictionary
- name	String				Host Name.
description	String
ip	String
local_interfaces	String
address_only	Boolean		True		PREVIEW: This key is in preview. When address-only is configured, the source IP of the packet is set to the interface IP but the packet may exit the device via a different interface. When set to false, the probe uses the interface to exit the device. Not supported yet in EOS.
url	String
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF Name.
description	String
interface_sets	List, items: Dictionary
- name	String
interfaces	String
local_interfaces	String
address_only	Boolean		True		PREVIEW: This key is in preview. When address-only is configured, the source IP of the packet is set to the interface IP but the packet may exit the device via a different interface. When set to false, the probe uses the interface to exit the device. Not supported yet in EOS.
hosts	List, items: Dictionary
- name	String				Host name.
description	String
ip	String
local_interfaces	String
address_only	Boolean		True		PREVIEW: This key is in preview. When address-only is configured, the source IP of the packet is set to the interface IP but the packet may exit the device via a different interface. When set to false, the probe uses the interface to exit the device. Not supported yet in EOS.
url	String

monitor_connectivity:
  shutdown: <bool>
  interval: <int>
  interface_sets:
    - name: <str>

      # Interface range(s) should be of same type, Ethernet, Loopback, Management etc.
      # Multiple interface ranges can be specified separated by ",".
      interfaces: <str>
  local_interfaces: <str>

  # PREVIEW: This key is in preview.
  # When address-only is configured, the source IP of the packet is set to the interface
  # IP but the packet may exit the device via a different interface.
  # When set to `false`, the probe uses the interface to exit the device.
  # Not supported yet in EOS.
  address_only: <bool; default=True>
  hosts:

      # Host Name.
    - name: <str>
      description: <str>
      ip: <str>
      local_interfaces: <str>

      # PREVIEW: This key is in preview.
      # When address-only is configured, the source IP of the packet is set to the interface
      # IP but the packet may exit the device via a different interface.
      # When set to `false`, the probe uses the interface to exit the device.
      # Not supported yet in EOS.
      address_only: <bool; default=True>
      url: <str>
  vrfs:

      # VRF Name.
    - name: <str; required; unique>
      description: <str>
      interface_sets:
        - name: <str>
          interfaces: <str>
      local_interfaces: <str>

      # PREVIEW: This key is in preview.
      # When address-only is configured, the source IP of the packet is set to the interface
      # IP but the packet may exit the device via a different interface.
      # When set to `false`, the probe uses the interface to exit the device.
      # Not supported yet in EOS.
      address_only: <bool; default=True>
      hosts:

          # Host name.
        - name: <str>
          description: <str>
          ip: <str>
          local_interfaces: <str>

          # PREVIEW: This key is in preview.
          # When address-only is configured, the source IP of the packet is set to the interface
          # IP but the packet may exit the device via a different interface.
          # When set to `false`, the probe uses the interface to exit the device.
          # Not supported yet in EOS.
          address_only: <bool; default=True>
          url: <str>

Monitor sessions

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
monitor_sessions	List, items: Dictionary
- name	String	Required			Session Name.
sources	List, items: Dictionary
- name	String				Interface name, range or comma separated list.
direction	String			Valid Values: - rx - tx - both
access_group	Dictionary
type	String			Valid Values: - ip - ipv6 - mac
name	String				ACL Name.
priority	Integer
destinations	List, items: String
- <str>	String				‘cpu’ or interface name, range or comma separated list.
encapsulation_gre_metadata_tx	Boolean
header_remove_size	Integer				Number of bytes to remove from header.
access_group	Dictionary
type	String			Valid Values: - ip - ipv6 - mac
name	String				ACL Name.
rate_limit_per_ingress_chip	String				Ratelimit and unit as string. Examples: “100000 bps” “100 kbps” “10 mbps”
rate_limit_per_egress_chip	String				Ratelimit and unit as string. Examples: “100000 bps” “100 kbps” “10 mbps”
sample	Integer
truncate	Dictionary
enabled	Boolean
size	Integer				Size in bytes.

monitor_sessions:

    # Session Name.
  - name: <str; required>
    sources:

        # Interface name, range or comma separated list.
      - name: <str>
        direction: <str; "rx" | "tx" | "both">
        access_group:
          type: <str; "ip" | "ipv6" | "mac">

          # ACL Name.
          name: <str>
          priority: <int>
    destinations:

        # 'cpu' or interface name, range or comma separated list.
      - <str>
    encapsulation_gre_metadata_tx: <bool>

    # Number of bytes to remove from header.
    header_remove_size: <int>
    access_group:
      type: <str; "ip" | "ipv6" | "mac">

      # ACL Name.
      name: <str>

    # Ratelimit and unit as string.
    # Examples:
    #   "100000 bps"
    #   "100 kbps"
    #   "10 mbps"
    rate_limit_per_ingress_chip: <str>

    # Ratelimit and unit as string.
    # Examples:
    #   "100000 bps"
    #   "100 kbps"
    #   "10 mbps"
    rate_limit_per_egress_chip: <str>
    sample: <int>
    truncate:
      enabled: <bool>

      # Size in bytes.
      size: <int>

Monitor layer 1

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
monitor_layer1	Dictionary				Enable SYSLOG messages on transceiver SMBus communication failures.
enabled	Boolean	Required			Enable monitor layer1.
logging_mac_fault	Boolean				Enable MAC fault logging.
logging_transceiver	Dictionary				Configure transceiver monitoring logging.
dom	Boolean				Enable transceiver Digital Optical Monitoring (DOM) logging.
communication	Boolean				Enable transceiver SMBus fail and reset logging.
enabled	Boolean				Some platforms support only the logging transceiver command. enabled key configures this command.

# Enable SYSLOG messages on transceiver SMBus communication failures.
monitor_layer1:

  # Enable monitor layer1.
  enabled: <bool; required>

  # Enable MAC fault logging.
  logging_mac_fault: <bool>

  # Configure transceiver monitoring logging.
  logging_transceiver:

    # Enable transceiver Digital Optical Monitoring (DOM) logging.
    dom: <bool>

    # Enable transceiver SMBus fail and reset logging.
    communication: <bool>

    # Some platforms support only the `logging transceiver` command. `enabled` key configures this command.
    enabled: <bool>

SFLOW

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
sflow	Dictionary
sample	Integer
sample_input_subinterface	Boolean
sample_output_subinterface	Boolean
dangerous	Boolean
polling_interval	Integer				Polling interval in seconds.
vrfs	List, items: Dictionary
- name	String	Required, Unique
destinations	List, items: Dictionary
- destination	String	Required, Unique			Sflow Destination IP Address.
port	Integer				Port Number
source	String				Source IP Address. “source” and “source_interface” are mutually exclusive. If both are defined, “source_interface” takes precedence.
source_interface	String				Source Interface.
destinations	List, items: Dictionary
- destination	String	Required, Unique			Sflow Destination IP Address.
port	Integer				Port Number.
source	String				Source IP Address. “source” and “source_interface” are mutually exclusive. If both are defined, “source_interface” takes precedence.
source_interface	String				Source Interface.
extensions	List, items: Dictionary
- name	String	Required, Unique			Extension Name.
enabled	Boolean	Required			Enable or Disable Extension.
interface	Dictionary
disable	Dictionary
default	Boolean
egress	Dictionary
enable_default	Boolean				Enable egress sFlow by default.
unmodified	Boolean				Enable egress sFlow unmodified. Platform dependent feature.
run	Boolean
hardware_acceleration	Dictionary
enabled	Boolean
sample	Integer
modules	List, items: Dictionary
- name	String	Required, Unique
enabled	Boolean		True

sflow:
  sample: <int>
  sample_input_subinterface: <bool>
  sample_output_subinterface: <bool>
  dangerous: <bool>

  # Polling interval in seconds.
  polling_interval: <int>
  vrfs:
    - name: <str; required; unique>
      destinations:

          # Sflow Destination IP Address.
        - destination: <str; required; unique>

          # Port Number
          port: <int>

      # Source IP Address.
      # "source" and "source_interface" are mutually exclusive. If both are defined, "source_interface" takes precedence.
      source: <str>

      # Source Interface.
      source_interface: <str>
  destinations:

      # Sflow Destination IP Address.
    - destination: <str; required; unique>

      # Port Number.
      port: <int>

  # Source IP Address.
  # "source" and "source_interface" are mutually exclusive. If both are defined, "source_interface" takes precedence.
  source: <str>

  # Source Interface.
  source_interface: <str>
  extensions:

      # Extension Name.
    - name: <str; required; unique>

      # Enable or Disable Extension.
      enabled: <bool; required>
  interface:
    disable:
      default: <bool>
    egress:

      # Enable egress sFlow by default.
      enable_default: <bool>

      # Enable egress sFlow unmodified.
      # Platform dependent feature.
      unmodified: <bool>
  run: <bool>
  hardware_acceleration:
    enabled: <bool>
    sample: <int>
    modules:
      - name: <str; required; unique>
        enabled: <bool; default=True>

SNMP server

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
snmp_server	Dictionary				SNMP settings.
engine_ids	Dictionary
local	String				Engine ID in hexadecimal.
remotes	List, items: Dictionary
- id	String				Remote engine ID in hexadecimal.
address	String				Hostname or IP of remote engine.
udp_port	Integer
contact	String				SNMP contact.
location	String				SNMP location.
communities	List, items: Dictionary
- name	String	Required, Unique			Community name.
access	String			Valid Values: - ro - rw
access_list_ipv4	Dictionary
name	String				IPv4 access list name.
access_list_ipv6	Dictionary
name	String				IPv6 access list name.
view	String
ipv4_acls	List, items: Dictionary
- name	String				IPv4 access list name.
vrf	String
ipv6_acls	List, items: Dictionary
- name	String				IPv6 access list name.
vrf	String
local_interfaces	List, items: Dictionary
- name	String	Required, Unique			Interface name.
vrf	String
views	List, items: Dictionary
- name	String				SNMP view name.
mib_family_name	String
included	Boolean
MIB_family_name deprecated	String				This key is deprecated. Support will be removed in AVD version 5.0.0. Use mib_family_name instead.
groups	List, items: Dictionary
- name	String				Group name.
version	String			Valid Values: - v1 - v2c - v3
authentication	String			Valid Values: - auth - noauth - priv
read	String				Read view.
write	String				Write view.
notify	String				Notify view.
users	List, items: Dictionary
- name	String				Username.
group	String				Group name.
remote_address	String				Hostname or ip of remote engine. The remote_address and udp_port are used for remote users.
udp_port	Integer				udp_port will not be used if no remote_address is configured.
version	String			Valid Values: - v1 - v2c - v3
localized	String				Engine ID in hexadecimal for localizing auth and/or priv.
auth	String				Hash algorithm.
auth_passphrase	String				Hashed authentication passphrase if localized is used else cleartext authentication passphrase.
priv	String				Encryption algorithm.
priv_passphrase	String				Hashed privacy passphrase if localized is used else cleartext privacy passphrase.
hosts	List, items: Dictionary
- host	String				Host IP address or name.
vrf	String
version	String			Valid Values: - 1 - 2c - 3
community	String				Community name.
users	List, items: Dictionary
- username	String
authentication_level	String			Valid Values: - auth - noauth - priv
traps	Dictionary
enable	Boolean		False		Enable or disable all snmp-traps.
snmp_traps	List, items: Dictionary
- name	String				Enable or disable specific snmp-traps and their sub_traps. Examples: - “bgp” - “bgp established”
enabled	Boolean		True
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF name.
enable	Boolean

# SNMP settings.
snmp_server:
  engine_ids:

    # Engine ID in hexadecimal.
    local: <str>
    remotes:

        # Remote engine ID in hexadecimal.
      - id: <str>

        # Hostname or IP of remote engine.
        address: <str>
        udp_port: <int>

  # SNMP contact.
  contact: <str>

  # SNMP location.
  location: <str>
  communities:

      # Community name.
    - name: <str; required; unique>
      access: <str; "ro" | "rw">
      access_list_ipv4:

        # IPv4 access list name.
        name: <str>
      access_list_ipv6:

        # IPv6 access list name.
        name: <str>
      view: <str>
  ipv4_acls:

      # IPv4 access list name.
    - name: <str>
      vrf: <str>
  ipv6_acls:

      # IPv6 access list name.
    - name: <str>
      vrf: <str>
  local_interfaces:

      # Interface name.
    - name: <str; required; unique>
      vrf: <str>
  views:

      # SNMP view name.
    - name: <str>
      mib_family_name: <str>
      included: <bool>
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>mib_family_name</samp> instead.
      MIB_family_name: <str>
  groups:

      # Group name.
    - name: <str>
      version: <str; "v1" | "v2c" | "v3">
      authentication: <str; "auth" | "noauth" | "priv">

      # Read view.
      read: <str>

      # Write view.
      write: <str>

      # Notify view.
      notify: <str>
  users:

      # Username.
    - name: <str>

      # Group name.
      group: <str>

      # Hostname or ip of remote engine.
      # The remote_address and udp_port are used for remote users.
      remote_address: <str>

      # udp_port will not be used if no remote_address is configured.
      udp_port: <int>
      version: <str; "v1" | "v2c" | "v3">

      # Engine ID in hexadecimal for localizing auth and/or priv.
      localized: <str>

      # Hash algorithm.
      auth: <str>

      # Hashed authentication passphrase if localized is used else cleartext authentication passphrase.
      auth_passphrase: <str>

      # Encryption algorithm.
      priv: <str>

      # Hashed privacy passphrase if localized is used else cleartext privacy passphrase.
      priv_passphrase: <str>
  hosts:

      # Host IP address or name.
    - host: <str>
      vrf: <str>
      version: <str; "1" | "2c" | "3">

      # Community name.
      community: <str>
      users:
        - username: <str>
          authentication_level: <str; "auth" | "noauth" | "priv">
  traps:

    # Enable or disable all snmp-traps.
    enable: <bool; default=False>
    snmp_traps:

        # Enable or disable specific snmp-traps and their sub_traps.
        # Examples:
        # - "bgp"
        # - "bgp established"
      - name: <str>
        enabled: <bool; default=True>
  vrfs:

      # VRF name.
    - name: <str; required; unique>
      enable: <bool>

Tap aggregation

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
tap_aggregation	Dictionary
mode	Dictionary
exclusive	Dictionary
enabled	Boolean
profile	String				Profile Name.
no_errdisable	List, items: String
- <str>	String				Interface name e.g Ethernet1, Port-Channel1.
encapsulation_dot1br_strip	Boolean
encapsulation_vn_tag_strip	Boolean
protocol_lldp_trap	Boolean
truncation_size	Integer				Allowed truncation_size values vary depending on the platform.
mac	Dictionary
timestamp	Dictionary				mac.timestamp.replace_source_mac and mac.timestamp.header.format are mutually exclsuive. If both are defined, replace_source_mac takes precedence.
replace_source_mac	Boolean
header	Dictionary
format	String			Valid Values: - 48-bit - 64-bit
eth_type	Integer				EtherType.
fcs_append	Boolean				mac.fcs_append and mac.fcs_error are mutually exclusive. If both are defined, mac.fcs_append takes precedence.
fcs_error	String			Valid Values: - correct - discard - pass-through

tap_aggregation:
  mode:
    exclusive:
      enabled: <bool>

      # Profile Name.
      profile: <str>
      no_errdisable:

          # Interface name e.g Ethernet1, Port-Channel1.
        - <str>
  encapsulation_dot1br_strip: <bool>
  encapsulation_vn_tag_strip: <bool>
  protocol_lldp_trap: <bool>

  # Allowed truncation_size values vary depending on the platform.
  truncation_size: <int>
  mac:

    # mac.timestamp.replace_source_mac and mac.timestamp.header.format are mutually exclsuive. If both are defined, replace_source_mac takes precedence.
    timestamp:
      replace_source_mac: <bool>
      header:
        format: <str; "48-bit" | "64-bit">

        # EtherType.
        eth_type: <int>

    # mac.fcs_append and mac.fcs_error are mutually exclusive. If both are defined, mac.fcs_append takes precedence.
    fcs_append: <bool>
    fcs_error: <str; "correct" | "discard" | "pass-through">

VM tracer-sessions

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
vmtracer_sessions	List, items: Dictionary
- name	String	Required, Unique			Vmtracer Session Name.
url	String
username	String
password	String				Type 7 Password Hash.
autovlan_disable	Boolean
source_interface	String

vmtracer_sessions:

    # Vmtracer Session Name.
  - name: <str; required; unique>
    url: <str>
    username: <str>

    # Type 7 Password Hash.
    password: <str>
    autovlan_disable: <bool>
    source_interface: <str>

Multicast

IP IGMP snooping

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_igmp_snooping	Dictionary
globally_enabled	Boolean		True		Activate or deactivate IGMP snooping for all vlans where vlans allows user to activate / deactivate IGMP snooping per vlan.
robustness_variable	Integer
restart_query_interval	Integer
interface_restart_query	Integer
fast_leave	Boolean
querier	Dictionary
enabled	Boolean
address	String				IP Address.
query_interval	Integer
max_response_time	Integer
last_member_query_interval	Integer
last_member_query_count	Integer
startup_query_interval	Integer
startup_query_count	Integer
version	Integer
proxy	Boolean
vlans	List, items: Dictionary
- id	Integer	Required, Unique			VLAN ID.
enabled	Boolean
querier	Dictionary
enabled	Boolean
address	String				IP Address.
query_interval	Integer
max_response_time	Integer
last_member_query_interval	Integer
last_member_query_count	Integer
startup_query_interval	Integer
startup_query_count	Integer
version	Integer
max_groups	Integer
fast_leave	Boolean
proxy	Boolean				Global proxy settings should be enabled before enabling per-vlan.

ip_igmp_snooping:

  # Activate or deactivate IGMP snooping for all vlans where `vlans` allows user to activate / deactivate IGMP snooping per vlan.
  globally_enabled: <bool; default=True>
  robustness_variable: <int>
  restart_query_interval: <int>
  interface_restart_query: <int>
  fast_leave: <bool>
  querier:
    enabled: <bool>

    # IP Address.
    address: <str>
    query_interval: <int>
    max_response_time: <int>
    last_member_query_interval: <int>
    last_member_query_count: <int>
    startup_query_interval: <int>
    startup_query_count: <int>
    version: <int>
  proxy: <bool>
  vlans:

      # VLAN ID.
    - id: <int; required; unique>
      enabled: <bool>
      querier:
        enabled: <bool>

        # IP Address.
        address: <str>
        query_interval: <int>
        max_response_time: <int>
        last_member_query_interval: <int>
        last_member_query_count: <int>
        startup_query_interval: <int>
        startup_query_count: <int>
        version: <int>
      max_groups: <int>
      fast_leave: <bool>

      # Global proxy settings should be enabled before enabling per-vlan.
      proxy: <bool>

Router IGMP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_igmp	Dictionary
host_proxy_match_mroute	String			Valid Values: - all - iif	Specify conditions for sending IGMP joins for host-proxy. ‘iif’ will enable igmp host-proxy to work in iif aware. ‘all’ will enable igmp host-proxy to work in iif unaware mode (EOS default).
ssm_aware	Boolean
vrfs	List, items: Dictionary				Configure IGMP in a VRF. VRF ‘default’ is not supported in EOS, please see keys directly under ‘router_igmp’.
- name	String	Required, Unique			VRF name.
host_proxy_match_mroute	String			Valid Values: - all - iif	Specify conditions for sending IGMP joins for host-proxy. ‘iif’ will enable igmp host-proxy to work in iif aware. ‘all’ will enable igmp host-proxy to work in iif unaware mode (EOS default).

router_igmp:

  # Specify conditions for sending IGMP joins for host-proxy.
  # 'iif' will enable igmp host-proxy to work in iif aware.
  # 'all' will enable igmp host-proxy to work in iif unaware mode (EOS default).
  host_proxy_match_mroute: <str; "all" | "iif">
  ssm_aware: <bool>

  # Configure IGMP in a VRF.
  # VRF 'default' is not supported in EOS, please see keys directly under 'router_igmp'.
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # Specify conditions for sending IGMP joins for host-proxy.
      # 'iif' will enable igmp host-proxy to work in iif aware.
      # 'all' will enable igmp host-proxy to work in iif unaware mode (EOS default).
      host_proxy_match_mroute: <str; "all" | "iif">

Router MSDP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_msdp	Dictionary
originator_id_local_interface	String				Interface to use for originator ID.
rejected_limit	Integer			Min: 0 Max: 40000	Maximum number of rejected SA messages allowed in cache.
forward_register_packets	Boolean
connection_retry_interval	Integer			Min: 1 Max: 65535
group_limits	List, items: Dictionary
- source_prefix	String	Required, Unique			Source address prefix.
limit	Integer	Required		Min: 0 Max: 40000	Limit for SAs matching the source address prefix.
peers	List, items: Dictionary
- ipv4_address	String	Required, Unique			Peer IP Address.
default_peer	Dictionary
enabled	Boolean
prefix_list	String				Prefix list to filter source of SA messages.
local_interface	String
description	String
disabled	Boolean				Disable the MSDP peer.
sa_limit	Integer			Min: 0 Max: 40000	Maximum number of SA messages allowed in cache.
mesh_groups	List, items: Dictionary
- name	String	Required, Unique			Mesh group name.
keepalive	Dictionary
keepalive_timer	Integer	Required		Min: 1 Max: 65535
hold_timer	Integer	Required		Min: 1 Max: 65535	Must be greater than keepalive timer.
sa_filter	Dictionary
in_list	String				ACL to filter inbound SA messages.
out_list	String				ACL to filter outbound SA messages.
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF name.
originator_id_local_interface	String				Interface to use for originator ID.
rejected_limit	Integer			Min: 0 Max: 40000	Maximum number of rejected SA messages allowed in cache.
forward_register_packets	Boolean
connection_retry_interval	Integer			Min: 1 Max: 65535
group_limits	List, items: Dictionary
- source_prefix	String	Required, Unique			Source address prefix.
limit	Integer	Required		Min: 0 Max: 40000	Limit for SAs matching the source address prefix.
peers	List, items: Dictionary
- ipv4_address	String	Required, Unique			Peer IP Address.
default_peer	Dictionary
enabled	Boolean
prefix_list	String				Prefix list to filter source of SA messages.
local_interface	String
description	String
disabled	Boolean				Disable the MSDP peer.
sa_limit	Integer			Min: 0 Max: 40000	Maximum number of SA messages allowed in cache.
mesh_groups	List, items: Dictionary
- name	String	Required, Unique			Mesh group name.
keepalive	Dictionary
keepalive_timer	Integer	Required		Min: 1 Max: 65535
hold_timer	Integer	Required		Min: 1 Max: 65535	Must be greater than keepalive timer.
sa_filter	Dictionary
in_list	String				ACL to filter inbound SA messages.
out_list	String				ACL to filter outbound SA messages.

router_msdp:

  # Interface to use for originator ID.
  originator_id_local_interface: <str>

  # Maximum number of rejected SA messages allowed in cache.
  rejected_limit: <int; 0-40000>
  forward_register_packets: <bool>
  connection_retry_interval: <int; 1-65535>
  group_limits:

      # Source address prefix.
    - source_prefix: <str; required; unique>

      # Limit for SAs matching the source address prefix.
      limit: <int; 0-40000; required>
  peers:

      # Peer IP Address.
    - ipv4_address: <str; required; unique>
      default_peer:
        enabled: <bool>

        # Prefix list to filter source of SA messages.
        prefix_list: <str>
      local_interface: <str>
      description: <str>

      # Disable the MSDP peer.
      disabled: <bool>

      # Maximum number of SA messages allowed in cache.
      sa_limit: <int; 0-40000>
      mesh_groups:

          # Mesh group name.
        - name: <str; required; unique>
      keepalive:
        keepalive_timer: <int; 1-65535; required>

        # Must be greater than keepalive timer.
        hold_timer: <int; 1-65535; required>
      sa_filter:

        # ACL to filter inbound SA messages.
        in_list: <str>

        # ACL to filter outbound SA messages.
        out_list: <str>
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # Interface to use for originator ID.
      originator_id_local_interface: <str>

      # Maximum number of rejected SA messages allowed in cache.
      rejected_limit: <int; 0-40000>
      forward_register_packets: <bool>
      connection_retry_interval: <int; 1-65535>
      group_limits:

          # Source address prefix.
        - source_prefix: <str; required; unique>

          # Limit for SAs matching the source address prefix.
          limit: <int; 0-40000; required>
      peers:

          # Peer IP Address.
        - ipv4_address: <str; required; unique>
          default_peer:
            enabled: <bool>

            # Prefix list to filter source of SA messages.
            prefix_list: <str>
          local_interface: <str>
          description: <str>

          # Disable the MSDP peer.
          disabled: <bool>

          # Maximum number of SA messages allowed in cache.
          sa_limit: <int; 0-40000>
          mesh_groups:

              # Mesh group name.
            - name: <str; required; unique>
          keepalive:
            keepalive_timer: <int; 1-65535; required>

            # Must be greater than keepalive timer.
            hold_timer: <int; 1-65535; required>
          sa_filter:

            # ACL to filter inbound SA messages.
            in_list: <str>

            # ACL to filter outbound SA messages.
            out_list: <str>

Router multicast

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_multicast	Dictionary
ipv4	Dictionary
activity_polling_interval	Integer			Min: 1 Max: 60	MFIB entry activity polling interval.
counters	Dictionary
rate_period_decay	Integer			Min: 0 Max: 600	Rate in seconds.
routing	Boolean
multipath	String			Valid Values: - none - deterministic - deterministic color - deterministic router-id
software_forwarding	String			Valid Values: - kernel - sfe
rpf	Dictionary
routes	List, items: Dictionary
- source_prefix	String	Required			Source address A.B.C.D or Source prefix A.B.C.D/E.
destinations	List, items: Dictionary	Required
- nexthop	String	Required			Next-hop IP address or interface name.
distance	Integer			Min: 1 Max: 255	Administrative distance for this route.
ipv6	Dictionary
activity_polling_interval	Integer			Min: 1 Max: 60	MFIB entry activity polling interval.
vrfs	List, items: Dictionary
- name	String	Required, Unique
ipv4	Dictionary
routing	Boolean

router_multicast:
  ipv4:

    # MFIB entry activity polling interval.
    activity_polling_interval: <int; 1-60>
    counters:

      # Rate in seconds.
      rate_period_decay: <int; 0-600>
    routing: <bool>
    multipath: <str; "none" | "deterministic" | "deterministic color" | "deterministic router-id">
    software_forwarding: <str; "kernel" | "sfe">
    rpf:
      routes:

          # Source address A.B.C.D or Source prefix A.B.C.D/E.
        - source_prefix: <str; required>
          destinations: # required

              # Next-hop IP address or interface name.
            - nexthop: <str; required>

              # Administrative distance for this route.
              distance: <int; 1-255>
  ipv6:

    # MFIB entry activity polling interval.
    activity_polling_interval: <int; 1-60>
  vrfs:
    - name: <str; required; unique>
      ipv4:
        routing: <bool>

Router PIM sparse-mode

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_pim_sparse_mode	Dictionary
ipv4	Dictionary
bfd	Boolean				Enable/Disable BFD.
ssm_range	String				IPv4 Prefix associated with SSM.
rp_addresses	List, items: Dictionary
- address	String	Required, Unique			RP Address.
groups	List, items: String
- <str>	String
access_lists	List, items: String
- <str>	String
priority	Integer			Min: 0 Max: 255
hashmask	Integer			Min: 0 Max: 32
override	Boolean
anycast_rps	List, items: Dictionary
- address	String	Required, Unique			Anycast RP Address.
other_anycast_rp_addresses	List, items: Dictionary
- address	String	Required, Unique			Other Anycast RP Address.
register_count	Integer
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF Name.
ipv4	Dictionary
bfd	Boolean				Enable/Disable BFD.
rp_addresses	List, items: Dictionary
- address	String	Required			RP Address.
groups	List, items: String
- <str>	String
access_lists	List, items: String
- <str>	String
priority	Integer			Min: 0 Max: 255
hashmask	Integer			Min: 0 Max: 32
override	Boolean

router_pim_sparse_mode:
  ipv4:

    # Enable/Disable BFD.
    bfd: <bool>

    # IPv4 Prefix associated with SSM.
    ssm_range: <str>
    rp_addresses:

        # RP Address.
      - address: <str; required; unique>
        groups:
          - <str>
        access_lists:
          - <str>
        priority: <int; 0-255>
        hashmask: <int; 0-32>
        override: <bool>
    anycast_rps:

        # Anycast RP Address.
      - address: <str; required; unique>
        other_anycast_rp_addresses:

            # Other Anycast RP Address.
          - address: <str; required; unique>
            register_count: <int>
  vrfs:

      # VRF Name.
    - name: <str; required; unique>
      ipv4:

        # Enable/Disable BFD.
        bfd: <bool>
        rp_addresses:

            # RP Address.
          - address: <str; required>
            groups:
              - <str>
            access_lists:
              - <str>
            priority: <int; 0-255>
            hashmask: <int; 0-32>
            override: <bool>

Quality of Service

Priority flow control

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
priority_flow_control	Dictionary				Global Priority Flow Control settings.
all_off	Boolean				Disable PFC on all interfaces.
watchdog	Dictionary
action	String			Valid Values: - drop - no-drop	Action on stuck queue.
timeout	String			Pattern: ^\d+(.\d{1,2})?$	Timeout in seconds after which port should be errdisabled or should start dropping on congested priorities. This should be decimal with up to 2 decimal point. Example: 0.01 or 60
polling_interval	String			Pattern: ^\d+(.\d{1,3})?$	Time interval in seconds at which the watchdog should poll the queues. This should be decimal with up to 3 decimal point. Example: 0.005 or 60
recovery_time	String			Pattern: ^\d+(.\d{1,2})?$	Recovery-time in seconds after which stuck queue should recover and start forwarding again. This should be decimal with up to 2 decimal point. Example: 0.01 or 60
override_action_drop	Boolean				Override configured action on stuck queue to drop.

# Global Priority Flow Control settings.
priority_flow_control:

  # Disable PFC on all interfaces.
  all_off: <bool>
  watchdog:

    # Action on stuck queue.
    action: <str; "drop" | "no-drop">

    # Timeout in seconds after which port should be errdisabled or
    # should start dropping on congested priorities.
    # This should be decimal with up to 2 decimal point.
    # Example: 0.01 or 60
    timeout: <str>

    # Time interval in seconds at which the watchdog should poll the queues.
    # This should be decimal with up to 3 decimal point.
    # Example: 0.005 or 60
    polling_interval: <str>

    # Recovery-time in seconds after which stuck queue should
    # recover and start forwarding again.
    # This should be decimal with up to 2 decimal point.
    # Example: 0.01 or 60
    recovery_time: <str>

    # Override configured action on stuck queue to drop.
    override_action_drop: <bool>

QoS

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
qos	Dictionary
map	Dictionary
cos	List, items: String
- <str>	String				Example: “0 1 to traffic-class 1”
dscp	List, items: String
- <str>	String				Example: “8 9 10 to traffic-class 1”
exp	List, items: String
- <str>	String				Example “0 to traffic-class 0”
traffic_class	List, items: String
- <str>	String				Example: “1 to dscp 32”
rewrite_dscp	Boolean
random_detect	Dictionary				Global random-detect settings.
ecn	Dictionary				Global ECN Configuration.
allow_non_ect	Dictionary
enabled	Boolean				Allow non-ect and set drop-precedence 1 in a policy map simultaneously. Check which command is required for your platform.
chip_based	Boolean				Allow non-ect chip-based.

qos:
  map:
    cos:

        # Example: "0 1 to traffic-class 1"
      - <str>
    dscp:

        # Example: "8 9 10 to traffic-class 1"
      - <str>
    exp:

        # Example "0 to traffic-class 0"
      - <str>
    traffic_class:

        # Example: "1 to dscp 32"
      - <str>
  rewrite_dscp: <bool>

  # Global random-detect settings.
  random_detect:

    # Global ECN Configuration.
    ecn:
      allow_non_ect:

        # Allow non-ect and set drop-precedence 1 in a policy map simultaneously.
        # Check which command is required for your platform.
        enabled: <bool>

        # Allow non-ect chip-based.
        chip_based: <bool>

QoS profiles

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
qos_profiles	List, items: Dictionary
- name	String	Required, Unique			Profile-Name.
trust	String			Valid Values: - cos - dscp - disabled
cos	Integer
dscp	Integer
shape	Dictionary
rate	String				Supported options are platform dependent. Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
service_policy	Dictionary
type	Dictionary
qos_input	String				Policy-map name.
tx_queues	List, items: Dictionary
- id	Integer	Required, Unique			TX-Queue ID.
bandwidth_percent	Integer
bandwidth_guaranteed_percent	Integer
priority	String			Valid Values: - priority strict - no priority
shape	Dictionary
rate	String				Supported options are platform dependent. Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
comment	String				Text comment added to queue.
random_detect	Dictionary
ecn	Dictionary				Explicit Congestion Notification.
count	Boolean				Enable counter for random-detect ECNs.
threshold	Dictionary
units	String	Required		Valid Values: - segments - bytes - kbytes - mbytes - milliseconds	Units to be used for the threshold values. This should be one of segments, byte, kbytes, mbytes.
min	Integer	Required		Min: 1	Random-detect ECN minimum-threshold.
max	Integer	Required		Min: 1	Random-detect ECN maximum-threshold.
max_probability	Integer			Min: 1 Max: 100	Random-detect ECN maximum mark probability.
weight	Integer			Min: 0 Max: 15	Random-detect ECN weight.
drop	Dictionary				Set WRED parameters.
threshold	Dictionary
units	String	Required		Valid Values: - segments - bytes - kbytes - mbytes - microseconds - milliseconds	Units to be used for the threshold values.
drop_precedence	Integer			Min: 0 Max: 2	Specify Drop Precedence value.
min	Integer	Required		Min: 1	WRED minimum-threshold.
max	Integer	Required		Min: 1	WRED maximum-threshold.
drop_probability	Integer	Required		Min: 1 Max: 100	WRED drop probability.
weight	Integer			Min: 0 Max: 15	WRED weight.
uc_tx_queues	List, items: Dictionary
- id	Integer	Required, Unique			UC TX queue ID.
bandwidth_percent	Integer
bandwidth_guaranteed_percent	Integer
priority	String			Valid Values: - priority strict - no priority
shape	Dictionary
rate	String				Supported options are platform dependent. Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
comment	String				Text comment added to queue.
random_detect	Dictionary
ecn	Dictionary				Explicit Congestion Notification.
count	Boolean				Enable counter for random-detect ECNs.
threshold	Dictionary
units	String	Required		Valid Values: - segments - bytes - kbytes - mbytes - milliseconds	Unit to be used for the threshold values.
min	Integer	Required		Min: 1	Random-detect ECN minimum-threshold.
max	Integer	Required		Min: 1	Random-detect ECN maximum-threshold.
max_probability	Integer			Min: 1 Max: 100	Random-detect ECN maximum mark probability.
weight	Integer			Min: 0 Max: 15	Random-detect ECN weight.
drop	Dictionary				Set WRED parameters.
threshold	Dictionary
units	String	Required		Valid Values: - segments - bytes - kbytes - mbytes - microseconds - milliseconds	Units to be used for the threshold values.
drop_precedence	Integer			Min: 0 Max: 2	Specify Drop Precedence value.
min	Integer	Required		Min: 1	WRED minimum-threshold.
max	Integer	Required		Min: 1	WRED maximum-threshold.
drop_probability	Integer	Required		Min: 1 Max: 100	WRED drop probability.
weight	Integer			Min: 0 Max: 15	WRED weight.
mc_tx_queues	List, items: Dictionary
- id	Integer	Required, Unique			MC TX queue ID.
bandwidth_percent	Integer
bandwidth_guaranteed_percent	Integer
priority	String			Valid Values: - priority strict - no priority
shape	Dictionary
rate	String				Supported options are platform dependent. Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
comment	String				Text comment added to queue.
priority_flow_control	Dictionary				Priority Flow Control settings.
enabled	Boolean				Enable Priority Flow control.
watchdog	Dictionary				Watchdog can detect stuck transmit queues.
enabled	Boolean	Required			Enable the watchdog on stuck transmit queues.
action	String			Valid Values: - drop - notify-only	Override the default error-disable action to either drop traffic on the stuck queue or notify-only without making any actions on the stuck queue.
timer	Dictionary				Timer thresholds whilst monitoring queues.
timeout	String	Required		Pattern: ^\d+(.\d{1,2})?$	Timeout in seconds after which port should be errdisabled or should start dropping on congested priorities. This should be decimal with up to 2 decimal point. Example: 0.01 or 60
polling_interval	String	Required		Pattern: ^auto	\d+(.\d{1,3})?$
recovery_time	String	Required		Pattern: ^\d+(.\d{1,2})?$	Recovery-time in seconds after which stuck queue should recover and start forwarding again. This should be decimal with up to 2 decimal point. Example: 0.01 or 60
forced	Boolean				Force recover any stuck queue(s) after the duration, irrespective of whether PFC frames are being received or not.
priorities	List, items: Dictionary				Set the drop/no_drop on each queue.
- priority	Integer	Required, Unique		Min: 0 Max: 7	Priority queue number (COS value).
no_drop	Boolean	Required			Enable Priority Flow Control frames on this queue.

qos_profiles:

    # Profile-Name.
  - name: <str; required; unique>
    trust: <str; "cos" | "dscp" | "disabled">
    cos: <int>
    dscp: <int>
    shape:

      # Supported options are platform dependent.
      # Example: "< rate > kbps", "1-100 percent", "< rate > pps"
      rate: <str>
    service_policy:
      type:

        # Policy-map name.
        qos_input: <str>
    tx_queues:

        # TX-Queue ID.
      - id: <int; required; unique>
        bandwidth_percent: <int>
        bandwidth_guaranteed_percent: <int>
        priority: <str; "priority strict" | "no priority">
        shape:

          # Supported options are platform dependent.
          # Example: "< rate > kbps", "1-100 percent", "< rate > pps"
          rate: <str>

        # Text comment added to queue.
        comment: <str>
        random_detect:

          # Explicit Congestion Notification.
          ecn:

            # Enable counter for random-detect ECNs.
            count: <bool>
            threshold:

              # Units to be used for the threshold values.
              # This should be one of segments, byte, kbytes, mbytes.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>

              # Random-detect ECN minimum-threshold.
              min: <int; >=1; required>

              # Random-detect ECN maximum-threshold.
              max: <int; >=1; required>

              # Random-detect ECN maximum mark probability.
              max_probability: <int; 1-100>

              # Random-detect ECN weight.
              weight: <int; 0-15>

          # Set WRED parameters.
          drop:
            threshold:

              # Units to be used for the threshold values.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "microseconds" | "milliseconds"; required>

              # Specify Drop Precedence value.
              drop_precedence: <int; 0-2>

              # WRED minimum-threshold.
              min: <int; >=1; required>

              # WRED maximum-threshold.
              max: <int; >=1; required>

              # WRED drop probability.
              drop_probability: <int; 1-100; required>

              # WRED weight.
              weight: <int; 0-15>
    uc_tx_queues:

        # UC TX queue ID.
      - id: <int; required; unique>
        bandwidth_percent: <int>
        bandwidth_guaranteed_percent: <int>
        priority: <str; "priority strict" | "no priority">
        shape:

          # Supported options are platform dependent.
          # Example: "< rate > kbps", "1-100 percent", "< rate > pps"
          rate: <str>

        # Text comment added to queue.
        comment: <str>
        random_detect:

          # Explicit Congestion Notification.
          ecn:

            # Enable counter for random-detect ECNs.
            count: <bool>
            threshold:

              # Unit to be used for the threshold values.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>

              # Random-detect ECN minimum-threshold.
              min: <int; >=1; required>

              # Random-detect ECN maximum-threshold.
              max: <int; >=1; required>

              # Random-detect ECN maximum mark probability.
              max_probability: <int; 1-100>

              # Random-detect ECN weight.
              weight: <int; 0-15>

          # Set WRED parameters.
          drop:
            threshold:

              # Units to be used for the threshold values.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "microseconds" | "milliseconds"; required>

              # Specify Drop Precedence value.
              drop_precedence: <int; 0-2>

              # WRED minimum-threshold.
              min: <int; >=1; required>

              # WRED maximum-threshold.
              max: <int; >=1; required>

              # WRED drop probability.
              drop_probability: <int; 1-100; required>

              # WRED weight.
              weight: <int; 0-15>
    mc_tx_queues:

        # MC TX queue ID.
      - id: <int; required; unique>
        bandwidth_percent: <int>
        bandwidth_guaranteed_percent: <int>
        priority: <str; "priority strict" | "no priority">
        shape:

          # Supported options are platform dependent.
          # Example: "< rate > kbps", "1-100 percent", "< rate > pps"
          rate: <str>

        # Text comment added to queue.
        comment: <str>

    # Priority Flow Control settings.
    priority_flow_control:

      # Enable Priority Flow control.
      enabled: <bool>

      # Watchdog can detect stuck transmit queues.
      watchdog:

        # Enable the watchdog on stuck transmit queues.
        enabled: <bool; required>

        # Override the default error-disable action to either drop
        # traffic on the stuck queue or notify-only
        # without making any actions on the stuck queue.
        action: <str; "drop" | "notify-only">

        # Timer thresholds whilst monitoring queues.
        timer:

          # Timeout in seconds after which port should be errdisabled or
          # should start dropping on congested priorities.
          # This should be decimal with up to 2 decimal point.
          # Example: 0.01 or 60
          timeout: <str; required>

          # Time interval in seconds at which the watchdog should poll the queues.
          # This should be decimal with up to 3 decimal point or set
          # to 'auto' based on recovery_time and timeout values.
          # Example: 0.005 or 60
          polling_interval: <str; required>

          # Recovery-time in seconds after which stuck queue should
          # recover and start forwarding again.
          # This should be decimal with up to 2 decimal point.
          # Example: 0.01 or 60
          recovery_time: <str; required>

          # Force recover any stuck queue(s) after the duration,
          # irrespective of whether PFC frames are being
          # received or not.
          forced: <bool>

      # Set the drop/no_drop on each queue.
      priorities:

          # Priority queue number (COS value).
        - priority: <int; 0-7; required; unique>

          # Enable Priority Flow Control frames on this queue.
          no_drop: <bool; required>

Queue monitor-length

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
queue_monitor_length	Dictionary
enabled	Boolean	Required
default_thresholds	Dictionary
high	Integer	Required			Default high threshold for Ethernet Interfaces.
low	Integer				Default low threshold for Ethernet Interfaces. Low threshold support is platform dependent.
log	Integer				Logging interval in seconds.
notifying	Boolean				Should only be used for platforms supporting the “queue-monitor length notifying” CLI.
cpu	Dictionary
thresholds	Dictionary
high	Integer	Required
low	Integer
tx_latency	Boolean				Enable tx-latency mode.

queue_monitor_length:
  enabled: <bool; required>
  default_thresholds:

    # Default high threshold for Ethernet Interfaces.
    high: <int; required>

    # Default low threshold for Ethernet Interfaces.
    # Low threshold support is platform dependent.
    low: <int>

  # Logging interval in seconds.
  log: <int>

  # Should only be used for platforms supporting the "queue-monitor length notifying" CLI.
  notifying: <bool>
  cpu:
    thresholds:
      high: <int; required>
      low: <int>

  # Enable tx-latency mode.
  tx_latency: <bool>

Queue monitor-streaming

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
queue_monitor_streaming	Dictionary
enable	Boolean
ip_access_group	String				Name of IP ACL.
ipv6_access_group	String				Name of IPv6 ACL.
max_connections	Integer			Min: 1 Max: 100
vrf	String

queue_monitor_streaming:
  enable: <bool>

  # Name of IP ACL.
  ip_access_group: <str>

  # Name of IPv6 ACL.
  ipv6_access_group: <str>
  max_connections: <int; 1-100>
  vrf: <str>

Application traffic recognition

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
application_traffic_recognition	Dictionary				Application traffic recognition configuration.
categories	List, items: Dictionary				List of categories.
- name	String	Required, Unique			Category name.
applications	List, items: Dictionary				List of applications.
- name	String				Application name.
service	String			Valid Values: - audio-video - chat - default - file-transfer - networking-protocols - peer-to-peer - software-update	Service Name. Specific service to target for this application. If no service is specified, all supported services of the application are matched. Not all valid values are valid for all applications, check on EOS CLI.
field_sets	Dictionary
l4_ports	List, items: Dictionary				L4 port field-set.
- name	String	Required, Unique			L4 port field-set name.
port_values	List, items: String
- <str>	String				Port values or range of port values. Port values are between 0 and 65535.
ipv4_prefixes	List, items: Dictionary				IPv4 prefix field set.
- name	String	Required, Unique			IPv4 prefix field-set name.
prefix_values	List, items: String
- <str>	String				IP prefix (ex 1.2.3.0/24).
applications	Dictionary
ipv4_applications	List, items: Dictionary				List of user defined IPv4 applications. The name should be unique over all defined applications (ipv4 and l4).
- name	String	Required, Unique			Application name.
src_prefix_set_name	String				Source prefix set name.
dest_prefix_set_name	String				Destination prefix set name.
protocols	List, items: String				List of protocols to consider for this application. To use port field-sets (source, destination or both), the list must contain only one or two protocols, either tcp or udp. When using both protocols, one line is rendered for each in the configuration, hence the field-sets must have the same value for tcp_src_port_set_name and udp_src_port_set_name and for tcp_dest_port_set_name and udp_dest_port_set_name if set in order to generate valid configuration in EOS.
- <str>	String			Valid Values: - ahp - esp - icmp - igmp - ospf - pim - rsvp - tcp - udp - vrrp
protocol_ranges	List, items: String				Accept protocol value(s) or range(s). Protocol values can be between 1 and 255.
- <str>	String
udp_src_port_set_name	String				Name of field set for UDP source ports. When the protocols list contain both tcp and udp, this key value must be the same as tcp_src_port_set_name.
tcp_src_port_set_name	String				Name of field set for TCP source ports. When the protocols list contain both tcp and udp, this key value must be the same as udp_src_port_set_name.
udp_dest_port_set_name	String				Name of field set for UDP destination ports. When the protocols list contain both tcp and udp, this key value must be the same as tcp_dest_port_set_name.
tcp_dest_port_set_name	String				Name of field set for TCP destination ports. When the protocols list contain both tcp and udp, this key value must be the same as udp_dest_port_set_name.
l4_applications	List, items: Dictionary				List of user defined L4 applications. The name should be unique over all defined applications (ipv4 and l4).
- name	String	Required, Unique			Application name.
protocols	List, items: String				List of protocols to consider for this application. To use port field-sets (source, destination or both), the list must contain only one or two protocols, either tcp or udp. When using both protocols, one line is rendered for each in the configuration, hence the field-sets must have the same value for tcp_src_port_set_name and udp_src_port_set_name and for tcp_dest_port_set_name and udp_dest_port_set_name if set in order to generate valid configuration in EOS.
- <str>	String			Valid Values: - ahp - esp - icmp - igmp - ospf - pim - rsvp - tcp - udp - vrrp
protocol_ranges	List, items: String				Accept protocol value(s) or range(s). Protocol values can be between 1 and 255.
- <str>	String
udp_src_port_set_name	String				Name of field set for UDP source ports. When the protocols list contain both tcp and udp, this key value must be the same as tcp_src_port_set_name.
tcp_src_port_set_name	String				Name of field set for TCP source ports. When the protocols list contain both tcp and udp, this key value must be the same as udp_src_port_set_name.
udp_dest_port_set_name	String				Name of field set for UDP destination ports. When the protocols list contain both tcp and udp, this key value must be the same as tcp_dest_port_set_name.
tcp_dest_port_set_name	String				Name of field set for TCP destination ports. When the protocols list contain both tcp and udp, this key value must be the same as udp_dest_port_set_name.
application_profiles	List, items: Dictionary				Group of applications.
- name	String				Application Profile name.
applications	List, items: Dictionary				List of applications part of the application profile.
- name	String				Application Name.
service	String			Valid Values: - audio-video - chat - default - file-transfer - networking-protocols - peer-to-peer - software-update	Service Name. Specific service to target for this application. If no service is specified, all supported services of the application are matched. Not all valid values are valid for all applications, check on EOS CLI.
application_transports	List, items: String				List of transport protocols.
- <str>	String			Valid Values: - http - https - udp - tcp - ip - ip6 - ssl - rtp - sctp - quic	Transport name.
categories	List, items: Dictionary				Categories under this application profile.
- name	String				Name of a category.
service	String			Valid Values: - audio-video - chat - default - file-transfer - networking-protocols - peer-to-peer - software-update	Service Name. Specific service to target for this application. If no service is specified, all supported services of the application are matched. Not all valid values are valid for all applications, check on EOS CLI.

# Application traffic recognition configuration.
application_traffic_recognition:

  # List of categories.
  categories:

      # Category name.
    - name: <str; required; unique>

      # List of applications.
      applications:

          # Application name.
        - name: <str>

          # Service Name.
          # Specific service to target for this application.
          # If no service is specified, all supported services of the application are matched.
          # Not all valid values are valid for all applications, check on EOS CLI.
          service: <str; "audio-video" | "chat" | "default" | "file-transfer" | "networking-protocols" | "peer-to-peer" | "software-update">
  field_sets:

    # L4 port field-set.
    l4_ports:

        # L4 port field-set name.
      - name: <str; required; unique>
        port_values:

            # Port values or range of port values.
            # Port values are between 0 and 65535.
          - <str>

    # IPv4 prefix field set.
    ipv4_prefixes:

        # IPv4 prefix field-set name.
      - name: <str; required; unique>
        prefix_values:

            # IP prefix (ex 1.2.3.0/24).
          - <str>
  applications:

    # List of user defined IPv4 applications. The name should be unique over all defined applications (ipv4 and l4).
    ipv4_applications:

        # Application name.
      - name: <str; required; unique>

        # Source prefix set name.
        src_prefix_set_name: <str>

        # Destination prefix set name.
        dest_prefix_set_name: <str>

        # List of protocols to consider for this application.
        # To use port field-sets (source, destination or both), the list
        # must contain only one or two protocols, either `tcp` or `udp`.
        # When using both protocols, one line is rendered for each in the configuration,
        # hence the field-sets must have the same value for `tcp_src_port_set_name` and
        # `udp_src_port_set_name` and for `tcp_dest_port_set_name` and `udp_dest_port_set_name`
        # if set in order to generate valid configuration in EOS.
        protocols:
          - <str; "ahp" | "esp" | "icmp" | "igmp" | "ospf" | "pim" | "rsvp" | "tcp" | "udp" | "vrrp">

        # Accept protocol value(s) or range(s).
        # Protocol values can be between 1 and 255.
        protocol_ranges:
          - <str>

        # Name of field set for UDP source ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `tcp_src_port_set_name`.
        udp_src_port_set_name: <str>

        # Name of field set for TCP source ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `udp_src_port_set_name`.
        tcp_src_port_set_name: <str>

        # Name of field set for UDP destination ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `tcp_dest_port_set_name`.
        udp_dest_port_set_name: <str>

        # Name of field set for TCP destination ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `udp_dest_port_set_name`.
        tcp_dest_port_set_name: <str>

    # List of user defined L4 applications. The name should be unique over all defined applications (ipv4 and l4).
    l4_applications:

        # Application name.
      - name: <str; required; unique>

        # List of protocols to consider for this application.
        # To use port field-sets (source, destination or both), the list
        # must contain only one or two protocols, either `tcp` or `udp`.
        # When using both protocols, one line is rendered for each in the configuration,
        # hence the field-sets must have the same value for `tcp_src_port_set_name` and
        # `udp_src_port_set_name` and for `tcp_dest_port_set_name` and `udp_dest_port_set_name`
        # if set in order to generate valid configuration in EOS.
        protocols:
          - <str; "ahp" | "esp" | "icmp" | "igmp" | "ospf" | "pim" | "rsvp" | "tcp" | "udp" | "vrrp">

        # Accept protocol value(s) or range(s).
        # Protocol values can be between 1 and 255.
        protocol_ranges:
          - <str>

        # Name of field set for UDP source ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `tcp_src_port_set_name`.
        udp_src_port_set_name: <str>

        # Name of field set for TCP source ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `udp_src_port_set_name`.
        tcp_src_port_set_name: <str>

        # Name of field set for UDP destination ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `tcp_dest_port_set_name`.
        udp_dest_port_set_name: <str>

        # Name of field set for TCP destination ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `udp_dest_port_set_name`.
        tcp_dest_port_set_name: <str>

  # Group of applications.
  application_profiles:

      # Application Profile name.
    - name: <str>

      # List of applications part of the application profile.
      applications:

          # Application Name.
        - name: <str>

          # Service Name.
          # Specific service to target for this application.
          # If no service is specified, all supported services of the application are matched.
          # Not all valid values are valid for all applications, check on EOS CLI.
          service: <str; "audio-video" | "chat" | "default" | "file-transfer" | "networking-protocols" | "peer-to-peer" | "software-update">

      # List of transport protocols.
      application_transports:

          # Transport name.
        - <str; "http" | "https" | "udp" | "tcp" | "ip" | "ip6" | "ssl" | "rtp" | "sctp" | "quic">

      # Categories under this application profile.
      categories:

          # Name of a category.
        - name: <str>

          # Service Name.
          # Specific service to target for this application.
          # If no service is specified, all supported services of the application are matched.
          # Not all valid values are valid for all applications, check on EOS CLI.
          service: <str; "audio-video" | "chat" | "default" | "file-transfer" | "networking-protocols" | "peer-to-peer" | "software-update">

Routing

ARP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
arp	Dictionary
aging	Dictionary
timeout_default	Integer			Min: 60 Max: 65535	Timeout in seconds.
static_entries	List, items: Dictionary				Static ARP entries.
- ipv4_address	String	Required			ARP entry IPv4 address.
vrf	String				ARP entry VRF.
mac_address	String	Required		Pattern: ^[0-9A-Fa-f]{4}.[0-9A-Fa-f]{4}.[0-9A-Fa-f]{4}$	ARP entry MAC address.

arp:
  aging:

    # Timeout in seconds.
    timeout_default: <int; 60-65535>

  # Static ARP entries.
  static_entries:

      # ARP entry IPv4 address.
    - ipv4_address: <str; required>

      # ARP entry VRF.
      vrf: <str>

      # ARP entry MAC address.
      mac_address: <str; required>

DHCP relay

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
dhcp_relay	Dictionary
servers	List, items: String
- <str>	String				Server IP or Hostname.
tunnel_requests_disabled	Boolean
mlag_peerlink_requests_disabled	Boolean

dhcp_relay:
  servers:

      # Server IP or Hostname.
    - <str>
  tunnel_requests_disabled: <bool>
  mlag_peerlink_requests_disabled: <bool>

IP DHCP relay

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_dhcp_relay	Dictionary
always_on	Boolean				DhcpRelay Agent will be in always-on mode.
all_subnets	Boolean				Allow forwarding requests with secondary IP addresses in the gateway address “giaddr” field.
information_option	Boolean				Insert Option-82 information.

ip_dhcp_relay:

  # DhcpRelay Agent will be in always-on mode.
  always_on: <bool>

  # Allow forwarding requests with secondary IP addresses in the gateway address "giaddr" field.
  all_subnets: <bool>

  # Insert Option-82 information.
  information_option: <bool>

IP DHCP Snooping

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_dhcp_snooping	Dictionary
enabled	Boolean
bridging	Boolean
information_option	Dictionary
enabled	Boolean				Enable insertion of option-82 in DHCP request packets.
circuit_id_type	String				“none” or <0 - 255>.
circuit_id_format	String			Valid Values: - %h:%p - %p:%v	Required if circuit_id_type is set. - “%h:%p” Hostname and interface name - “%p:%v” Interface name and VLAN ID
vlan	String				VLAN range as string. “< vlan_id >, < vlan_id >-< vlan_id >” Example: 15,16,17,18

ip_dhcp_snooping:
  enabled: <bool>
  bridging: <bool>
  information_option:

    # Enable insertion of option-82 in DHCP request packets.
    enabled: <bool>

    # "none" or <0 - 255>.
    circuit_id_type: <str>

    # Required if `circuit_id_type` is set.
    # - "%h:%p" Hostname and interface name
    # - "%p:%v" Interface name and VLAN ID
    circuit_id_format: <str; "%h:%p" | "%p:%v">

  # VLAN range as string.
  # "< vlan_id >, < vlan_id >-< vlan_id >"
  # Example: 15,16,17,18
  vlan: <str>

DHCP Servers

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
dhcp_servers	List, items: Dictionary
- disabled	Boolean
vrf	String	Required, Unique			VRF in which to configure the DHCP server, use default to indicate default VRF.
dns_domain_name_ipv4	String
dns_domain_name_ipv6	String
dns_servers_ipv4	List, items: String			Min Length: 1	List of DNS servers for IPv4 clients.
- <str>	String	Required			IPv4 address of DNS server.
dns_servers_ipv6	List, items: String			Min Length: 1	List of DNS servers for IPv6 clients.
- <str>	String	Required			IPv6 address of DNS server.
tftp_server	Dictionary
file_ipv4	String			Min Length: 1 Max Length: 255	Name of TFTP file for IPv4 clients.
file_ipv6	String			Min Length: 1 Max Length: 255	Name of TFTP file for IPv6 clients.
ipv4_vendor_options	List, items: Dictionary
- vendor_id	String	Required, Unique
sub_options	List, items: Dictionary
- code	Integer	Required, Unique		Min: 1 Max: 254
string	String				String value for suboption data. Only one of string, ipv4_address and array_ipv4_address variables should be used for any one suboption. The order of precedence if multiple of these variables are defined is string -> ipv4_address -> array_ipv4_address.
ipv4_address	String				IPv4 address value for suboption data. Only one of string, ipv4_address and array_ipv4_address variables should be used for any one suboption. The order of precedence if multiple of these variables are defined is string -> ipv4_address -> array_ipv4_address.
array_ipv4_address	List, items: String				Array of IPv4 addresses for suboption data. Only one of string, ipv4_address and array_ipv4_address variables should be used for any one suboption. The order of precedence if multiple of these variables are defined is string -> ipv4_address -> array_ipv4_address.
- <str>	String
subnets	List, items: Dictionary
- subnet	String	Required, Unique
name	String
default_gateway	String
dns_servers	List, items: String
- <str>	String
ranges	List, items: Dictionary
- start	String	Required
end	String	Required
lease_time	Dictionary
days	Integer	Required		Min: 0 Max: 2000
hours	Integer	Required		Min: 0 Max: 23
minutes	Integer	Required		Min: 0 Max: 59

dhcp_servers:
  - disabled: <bool>

    # VRF in which to configure the DHCP server, use `default` to indicate default VRF.
    vrf: <str; required; unique>
    dns_domain_name_ipv4: <str>
    dns_domain_name_ipv6: <str>

    # List of DNS servers for IPv4 clients.
    dns_servers_ipv4: # >=1 items

        # IPv4 address of DNS server.
      - <str; required>

    # List of DNS servers for IPv6 clients.
    dns_servers_ipv6: # >=1 items

        # IPv6 address of DNS server.
      - <str; required>
    tftp_server:

      # Name of TFTP file for IPv4 clients.
      file_ipv4: <str; length 1-255>

      # Name of TFTP file for IPv6 clients.
      file_ipv6: <str; length 1-255>
    ipv4_vendor_options:
      - vendor_id: <str; required; unique>
        sub_options:
          - code: <int; 1-254; required; unique>

            # String value for suboption data.
            # Only one of `string`, `ipv4_address` and `array_ipv4_address` variables should be used for any one suboption.
            # The order of precedence if multiple of these variables are defined is `string` -> `ipv4_address` -> `array_ipv4_address`.
            string: <str>

            # IPv4 address value for suboption data.
            # Only one of `string`, `ipv4_address` and `array_ipv4_address` variables should be used for any one suboption.
            # The order of precedence if multiple of these variables are defined is `string` -> `ipv4_address` -> `array_ipv4_address`.
            ipv4_address: <str>

            # Array of IPv4 addresses for suboption data.
            # Only one of `string`, `ipv4_address` and `array_ipv4_address` variables should be used for any one suboption.
            # The order of precedence if multiple of these variables are defined is `string` -> `ipv4_address` -> `array_ipv4_address`.
            array_ipv4_address:
              - <str>
    subnets:
      - subnet: <str; required; unique>
        name: <str>
        default_gateway: <str>
        dns_servers:
          - <str>
        ranges:
          - start: <str; required>
            end: <str; required>
        lease_time:
          days: <int; 0-2000; required>
          hours: <int; 0-23; required>
          minutes: <int; 0-59; required>

IP ICMP redirect

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_icmp_redirect	Boolean

ip_icmp_redirect: <bool>

IP NAT

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_nat	Dictionary
kernel_buffer_size	Integer			Min: 1 Max: 64	Buffer size in MB.
profiles	List, items: Dictionary
- name	String	Required, Unique
vrf	String				Specify VRF for NAT profile.
destination	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
pool_name	String	Required
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive.
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive.
original_ip	String				IPv4 address. The combination of original_ip and original_port must be unique.
original_port	Integer			Min: 1 Max: 65535	TCP/UDP port. The combination of original_ip and original_port must be unique.
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address.
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’.
source	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
nat_type	String	Required		Valid Values: - overload - pool - pool-address-only - pool-full-cone
pool_name	String				required if ‘nat_type’ is pool, pool-address-only or pool-full-cone. ignored if ‘nat_type’ is overload.
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive.
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive.
original_ip	String				IPv4 address. The combination of original_ip and original_port must be unique.
original_port	Integer			Min: 1 Max: 65535	TCP/UDP port. The combination of original_ip and original_port must be unique.
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address.
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’.
pools	List, items: Dictionary
- name	String	Required, Unique
type	String		ip-port	Valid Values: - ip-port - port-only
prefix_length	Integer			Min: 16 Max: 32	It is only used and required when type is ip-port.
ranges	List, items: Dictionary
- first_ip	String				IPv4 address. Required when type is ip-port and ignored otherwise.
last_ip	String				IPv4 address. Required when type is ip-port and ignored otherwise. first_ip and last_ip ip addresses should lie in same subnet.
first_port	Integer			Min: 1 Max: 65535
last_port	Integer			Min: 1 Max: 65535	Required when first_port is set. last_port must be greater than or equal to first_port.
utilization_log_threshold	Integer			Min: 1 Max: 100
synchronization	Dictionary
description	String
expiry_interval	Integer			Min: 60 Max: 3600	In seconds.
local_interface	String				EOS interface name.
peer_address	String				IPv4 address.
port_range	Dictionary
first_port	Integer			Min: 1024 Max: 65535
last_port	Integer			Min: 1024 Max: 65535	>= first_port.
split_disabled	Boolean
shutdown	Boolean
translation	Dictionary
address_selection	Dictionary
any	Boolean
hash_field_source_ip	Boolean
counters	Boolean
low_mark	Dictionary
percentage	Integer			Min: 1 Max: 99	Used to render ‘ip nat translation low-mark ‘.
host_percentage	Integer			Min: 1 Max: 99	Used to render ‘ip nat translation low-mark host’.
max_entries	Dictionary
limit	Integer			Min: 0 Max: 4294967295
host_limit	Integer			Min: 0 Max: 4294967295
ip_limits	List, items: Dictionary
- ip	String	Required, Unique			IPv4 address.
limit	Integer	Required		Min: 0 Max: 4294967295
timeouts	List, items: Dictionary
- protocol	String	Required, Unique		Valid Values: - tcp - udp
timeout	Integer	Required		Min: 0 Max: 4294967295	In seconds.

ip_nat:

  # Buffer size in MB.
  kernel_buffer_size: <int; 1-64>
  profiles:
    - name: <str; required; unique>

      # Specify VRF for NAT profile.
      vrf: <str>
      destination:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            pool_name: <str; required>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
      source:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>

            # required if 'nat_type' is pool, pool-address-only or pool-full-cone.
            # ignored if 'nat_type' is overload.
            pool_name: <str>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
  pools:
    - name: <str; required; unique>
      type: <str; "ip-port" | "port-only"; default="ip-port">

      # It is only used and required when `type` is `ip-port`.
      prefix_length: <int; 16-32>
      ranges:

          # IPv4 address.
          # Required when `type` is `ip-port` and ignored otherwise.
        - first_ip: <str>

          # IPv4 address.
          # Required when `type` is `ip-port` and ignored otherwise.
          # `first_ip` and `last_ip` ip addresses should lie in same subnet.
          last_ip: <str>
          first_port: <int; 1-65535>

          # Required when `first_port` is set.
          # `last_port` must be greater than or equal to `first_port`.
          last_port: <int; 1-65535>
      utilization_log_threshold: <int; 1-100>
  synchronization:
    description: <str>

    # In seconds.
    expiry_interval: <int; 60-3600>

    # EOS interface name.
    local_interface: <str>

    # IPv4 address.
    peer_address: <str>
    port_range:
      first_port: <int; 1024-65535>

      # >= first_port.
      last_port: <int; 1024-65535>
      split_disabled: <bool>
    shutdown: <bool>
  translation:
    address_selection:
      any: <bool>
      hash_field_source_ip: <bool>
    counters: <bool>
    low_mark:

      # Used to render 'ip nat translation low-mark <percentage>'.
      percentage: <int; 1-99>

      # Used to render 'ip nat translation low-mark <host_percentage> host'.
      host_percentage: <int; 1-99>
    max_entries:
      limit: <int; 0-4294967295>
      host_limit: <int; 0-4294967295>
      ip_limits:

          # IPv4 address.
        - ip: <str; required; unique>
          limit: <int; 0-4294967295; required>
    timeouts:
      - protocol: <str; "tcp" | "udp"; required; unique>

        # In seconds.
        timeout: <int; 0-4294967295; required>

IP routing IPv6 interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_routing_ipv6_interfaces	Boolean

ip_routing_ipv6_interfaces: <bool>

IP routing

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_routing	Boolean

ip_routing: <bool>

IP virtual router MAC address

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_virtual_router_mac_address	String				MAC address (hh:hh:hh:hh:hh:hh).

# MAC address (hh:hh:hh:hh:hh:hh).
ip_virtual_router_mac_address: <str>

IPv6 DHCP relay

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_dhcp_relay	Dictionary
always_on	Boolean				DhcpRelay Agent will be in always-on mode, off by default.
all_subnets	Boolean				Allow forwarding requests with additional IPv6 addresses in the gateway address “giaddr” field.
option	Dictionary				Insert DHCP Option.
link_layer_address	Boolean				Add Option 79 (Link Layer Address Option).
remote_id_format	String			Valid Values: - %m:%i - %m:%p	Add RemoteID option 37 in format MAC address and interface ID (%m:%i) or MAC address and interface name (%m:%p).

ipv6_dhcp_relay:

  # DhcpRelay Agent will be in always-on mode, off by default.
  always_on: <bool>

  # Allow forwarding requests with additional IPv6 addresses in the gateway address "giaddr" field.
  all_subnets: <bool>

  # Insert DHCP Option.
  option:

    # Add Option 79 (Link Layer Address Option).
    link_layer_address: <bool>

    # Add RemoteID option 37 in format MAC address and interface ID (`%m:%i`) or MAC address and interface name (`%m:%p`).
    remote_id_format: <str; "%m:%i" | "%m:%p">

IPv6 ICMP redirects

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_icmp_redirect	Boolean

ipv6_icmp_redirect: <bool>

IPv6 static routes

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_static_routes	List, items: Dictionary
- vrf	String
destination_address_prefix	String				IPv6 Network/Mask.
interface	String
gateway	String				IPv6 Address.
track_bfd	Boolean				Track next-hop using BFD.
distance	Integer			Min: 1 Max: 255
tag	Integer			Min: 0 Max: 4294967295
name	String				Description.
metric	Integer			Min: 0 Max: 4294967295

ipv6_static_routes:
  - vrf: <str>

    # IPv6 Network/Mask.
    destination_address_prefix: <str>
    interface: <str>

    # IPv6 Address.
    gateway: <str>

    # Track next-hop using BFD.
    track_bfd: <bool>
    distance: <int; 1-255>
    tag: <int; 0-4294967295>

    # Description.
    name: <str>
    metric: <int; 0-4294967295>

IPv6 unicast routing

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_unicast_routing	Boolean

ipv6_unicast_routing: <bool>

MPLS

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
mpls	Dictionary
ip	Boolean
ldp	Dictionary
interface_disabled_default	Boolean
router_id	String
shutdown	Boolean
transport_address_interface	String				Interface Name.

mpls:
  ip: <bool>
  ldp:
    interface_disabled_default: <bool>
    router_id: <str>
    shutdown: <bool>

    # Interface Name.
    transport_address_interface: <str>

Router adaptive virtual topology

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_adaptive_virtual_topology	Dictionary
topology_role	String			Valid Values: - edge - pathfinder - transit region - transit zone	Role name.
region	Dictionary				Region name and ID.
name	String	Required		Pattern: ^[A-Za-z0-9_.:{}[]-]+$
id	Integer	Required		Min: 1 Max: 255
zone	Dictionary				Zone name and ID.
name	String	Required		Pattern: ^[A-Za-z0-9_.:{}[]-]+$
id	Integer	Required		Min: 1 Max: 10000
site	Dictionary				Site name and ID.
name	String	Required		Pattern: ^[A-Za-z0-9_.:{}[]-]+$
id	Integer	Required		Min: 1 Max: 10000
profiles	List, items: Dictionary
- name	String	Required, Unique			AVT Name.
load_balance_policy	String				Name of the load-balance policy.
internet_exit_policy	String				Name of the internet exit policy.
policies	List, items: Dictionary				A sequence of application profiles mapped to some virtual topologies. When wan_mode is set to autovpn, the rules are indexed using 10* in the list.
- name	String	Required, Unique			Policy name.
matches	List, items: Dictionary
- application_profile	String				Application profile name.
avt_profile	String				AVT Profile name.
dscp	Integer			Min: 0 Max: 63	Set DSCP for matched traffic.
traffic_class	Integer			Min: 0 Max: 7	Set traffic-class for matched traffic.
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF name.
policy	String				AVT Policy name.
profiles	List, items: Dictionary				AVT profiles in this VRF.
- name	String				AVT profile name.
id	Integer	Required, Unique		Min: 1 Max: 254	Unique ID for this AVT (per VRF).

router_adaptive_virtual_topology:

  # Role name.
  topology_role: <str; "edge" | "pathfinder" | "transit region" | "transit zone">

  # Region name and ID.
  region:
    name: <str; required>
    id: <int; 1-255; required>

  # Zone name and ID.
  zone:
    name: <str; required>
    id: <int; 1-10000; required>

  # Site name and ID.
  site:
    name: <str; required>
    id: <int; 1-10000; required>
  profiles:

      # AVT Name.
    - name: <str; required; unique>

      # Name of the load-balance policy.
      load_balance_policy: <str>

      # Name of the internet exit policy.
      internet_exit_policy: <str>

  # A sequence of application profiles mapped to some virtual topologies.
  #
  # When `wan_mode` is set to `autovpn`, the rules are indexed using 10*<index> in the list.
  policies:

      # Policy name.
    - name: <str; required; unique>
      matches:

          # Application profile name.
        - application_profile: <str>

          # AVT Profile name.
          avt_profile: <str>

          # Set DSCP for matched traffic.
          dscp: <int; 0-63>

          # Set traffic-class for matched traffic.
          traffic_class: <int; 0-7>
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # AVT Policy name.
      policy: <str>

      # AVT profiles in this VRF.
      profiles:

          # AVT profile name.
        - name: <str>

          # Unique ID for this AVT (per VRF).
          id: <int; 1-254; required; unique>

Router BFD

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_bfd	Dictionary
interval	Integer				Rate in milliseconds.
local_address	String				Configure BFD local IP/IPv6 address.
min_rx	Integer				Rate in milliseconds.
multiplier	Integer			Min: 3 Max: 50
multihop	Dictionary
interval	Integer				Rate in milliseconds.
min_rx	Integer				Rate in milliseconds.
multiplier	Integer			Min: 3 Max: 50
session_snapshot_interval	Integer			Min: 1 Max: 3600	Interval in seconds. Intervals below 10 are considered “dangerous” on EOS and must have session_snapshot_interval_dangerous set to true.
session_snapshot_interval_dangerous	Boolean
sbfd	Dictionary
local_interface	Dictionary
name	String				Interface Name.
protocols	Dictionary
ipv4	Boolean
ipv6	Boolean
initiator_interval	Integer				Rate in milliseconds.
initiator_multiplier	Integer			Min: 3 Max: 50
initiator_measurement_round_trip	Boolean				Enable round-trip delay measurement.
reflector	Dictionary
min_rx	Integer				Rate in milliseconds.
local_discriminator	String				IPv4 address or 32 bit integer.

router_bfd:

  # Rate in milliseconds.
  interval: <int>

  # Configure BFD local IP/IPv6 address.
  local_address: <str>

  # Rate in milliseconds.
  min_rx: <int>
  multiplier: <int; 3-50>
  multihop:

    # Rate in milliseconds.
    interval: <int>

    # Rate in milliseconds.
    min_rx: <int>
    multiplier: <int; 3-50>

  # Interval in seconds.
  # Intervals below 10 are considered "dangerous" on EOS and must have `session_snapshot_interval_dangerous` set to `true`.
  session_snapshot_interval: <int; 1-3600>
  session_snapshot_interval_dangerous: <bool>
  sbfd:
    local_interface:

      # Interface Name.
      name: <str>
      protocols:
        ipv4: <bool>
        ipv6: <bool>

    # Rate in milliseconds.
    initiator_interval: <int>
    initiator_multiplier: <int; 3-50>

    # Enable round-trip delay measurement.
    initiator_measurement_round_trip: <bool>
    reflector:

      # Rate in milliseconds.
      min_rx: <int>

      # IPv4 address or 32 bit integer.
      local_discriminator: <str>

Router BGP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_bgp	Dictionary
as	String				BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
as_notation	String			Valid Values: - asdot - asplain	BGP AS can be deplayed in the asplain <1-4294967295> or asdot notation “<1-65535>.<0-65535>”. This flag indicates which mode is preferred - asplain is the default.
router_id	String				In IP address format A.B.C.D.
distance	Dictionary
external_routes	Integer	Required		Min: 1 Max: 255
internal_routes	Integer	Required		Min: 1 Max: 255
local_routes	Integer	Required		Min: 1 Max: 255
graceful_restart	Dictionary
enabled	Boolean
restart_time	Integer			Min: 1 Max: 3600	Number of seconds.
stalepath_time	Integer			Min: 1 Max: 3600	Number of seconds.
graceful_restart_helper	Dictionary
enabled	Boolean
restart_time	Integer			Min: 1 Max: 100000000	Number of seconds graceful-restart-help long-lived and restart-time are mutually exclusive in CLI. restart-time will take precedence if both are configured.
long_lived	Boolean				graceful-restart-help long-lived and restart-time are mutually exclusive in CLI. restart-time will take precedence if both are configured.
maximum_paths	Dictionary
paths	Integer	Required		Min: 1 Max: 600
ecmp	Integer			Min: 1 Max: 600
updates	Dictionary
wait_for_convergence	Boolean				Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
wait_install	Boolean				Do not advertise reachability to a prefix until that prefix has been installed in hardware. This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
bgp_cluster_id	String				IP Address A.B.C.D.
bgp_defaults	List, items: String				BGP command as string.
- <str>	String
bgp	Dictionary
default	Dictionary
ipv4_unicast	Boolean				Default activation of IPv4 unicast address-family on all IPv4 neighbors (EOS default = True).
ipv4_unicast_transport_ipv6	Boolean				Default activation of IPv4 unicast address-family on all IPv6 neighbors (EOS default == False).
route_reflector_preserve_attributes	Dictionary
enabled	Boolean
always	Boolean
bestpath	Dictionary
d_path	Boolean
listen_ranges	List, items: Dictionary				Improved “listen_ranges” data model to support multiple listen ranges and additional filter capabilities.
- prefix	String				IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
peer_id_include_router_id	Boolean				Include router ID as part of peer filter.
peer_group	String				Peer group name.
peer_filter	String				Peer-filter name. note: peer_filter or remote_as is required but mutually exclusive. If both are defined, peer_filter takes precedence
remote_as	String				BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name.
type	String				Key only used for documentation or validation purposes.
remote_as	String				BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
local_as	String				BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
description	String
shutdown	Boolean
as_path	Dictionary				BGP AS-PATH options.
remote_as_replace_out	Boolean				Replace AS number with local AS number.
prepend_own_disabled	Boolean				Disable prepending own AS number to AS path.
remove_private_as	Dictionary				Remove private AS numbers in outbound AS path.
enabled	Boolean
all	Boolean
replace_as	Boolean
remove_private_as_ingress	Dictionary
enabled	Boolean
replace_as	Boolean
peer_filter deprecated	String				Peer-filter name. note: bgp_listen_range_prefix and peer_filter should not be mixed with the new listen_ranges key above to avoid conflicts. This key is deprecated. Support will be removed in AVD version 5.0.0. Use listen_ranges instead.
next_hop_unchanged	Boolean
update_source	String				IP address or interface name.
route_reflector_client	Boolean
bfd	Boolean				Enable BFD.
bfd_timers	Dictionary				Override default BFD timers. BFD must be enabled with bfd: true.
interval	Integer	Required		Min: 50 Max: 60000	Interval in milliseconds.
min_rx	Integer	Required		Min: 50 Max: 60000	Rate in milliseconds.
multiplier	Integer	Required		Min: 3 Max: 50
ebgp_multihop	Integer			Min: 1 Max: 255	Time-to-live in range of hops.
next_hop_self	Boolean
password	String
passive	Boolean
default_originate	Dictionary
enabled	Boolean
always	Boolean
route_map	String				Route-map name.
send_community	String				‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’.
maximum_routes	Integer			Min: 0 Max: 4294967294	Maximum number of routes (0 means unlimited).
maximum_routes_warning_limit	String				Maximum number of routes after which a warning is issued (0 means never warn) or Percentage of maximum number of routes at which to warn (“<1-100> percent”).
maximum_routes_warning_only	Boolean
link_bandwidth	Dictionary
enabled	Boolean
default	String				nn.nn(K
allowas_in	Dictionary
enabled	Boolean
times	Integer			Min: 1 Max: 10	Number of local ASNs allowed in a BGP update.
weight	Integer			Min: 0 Max: 65535
timers	String				BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”.
rib_in_pre_policy_retain	Dictionary
enabled	Boolean
all	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
bgp_listen_range_prefix deprecated	String				IP prefix range. note: bgp_listen_range_prefix and peer_filter should not be mixed with the new listen_ranges key above to avoid conflicts. This key is deprecated. Support will be removed in AVD version 5.0.0. Use listen_ranges instead.
session_tracker	String
shared_secret	Dictionary
profile	String	Required			Name of profile defined under management_security.
hash_algorithm	String	Required		Valid Values: - aes-128-cmac-96 - hmac-sha-256 - hmac-sha1-96	Note: Algorithm hmac-sha-256 requires EOS version 4.31.1F and above.
ttl_maximum_hops	Integer			Min: 0 Max: 254	Maximum number of hops.
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
peer_group	String
remote_as	String				BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
local_as	String				BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
as_path	Dictionary				BGP AS-PATH options.
remote_as_replace_out	Boolean				Replace AS number with local AS number.
prepend_own_disabled	Boolean				Disable prepending own AS number to AS path.
peer	String				Key only used for documentation or validation purposes.
description	String
route_reflector_client	Boolean
password	String
passive	Boolean
shutdown	Boolean
update_source	String				Source Interface.
bfd	Boolean				Enable BFD.
bfd_timers	Dictionary				Override default BFD timers. BFD must be enabled with bfd: true.
interval	Integer	Required		Min: 50 Max: 60000	Interval in milliseconds.
min_rx	Integer	Required		Min: 50 Max: 60000	Rate in milliseconds.
multiplier	Integer	Required		Min: 3 Max: 50
weight	Integer			Min: 0 Max: 65535
timers	String				BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”.
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
default_originate	Dictionary
enabled	Boolean
always	Boolean
route_map	String
send_community	String				‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’.
maximum_routes	Integer			Min: 0 Max: 4294967294	Maximum number of routes (0 means unlimited).
maximum_routes_warning_limit	String				Maximum number of routes after which a warning is issued (0 means never warn) or Percentage of maximum number of routes at which to warn (“<1-100> percent”).
maximum_routes_warning_only	Boolean
allowas_in	Dictionary
enabled	Boolean
times	Integer			Min: 1 Max: 10	Number of local ASNs allowed in a BGP update.
ebgp_multihop	Integer			Min: 1 Max: 255	Time-to-live in range of hops.
next_hop_self	Boolean
link_bandwidth	Dictionary
enabled	Boolean
default	String				nn.nn(K
rib_in_pre_policy_retain	Dictionary
enabled	Boolean
all	Boolean
remove_private_as	Dictionary				Remove private AS numbers in outbound AS path.
enabled	Boolean
all	Boolean
replace_as	Boolean
remove_private_as_ingress	Dictionary
enabled	Boolean
replace_as	Boolean
session_tracker	String
shared_secret	Dictionary
profile	String	Required			Name of profile defined under management_security.
hash_algorithm	String	Required		Valid Values: - aes-128-cmac-96 - hmac-sha-256 - hmac-sha1-96	Note: Algorithm hmac-sha-256 requires EOS version 4.31.1F and above.
ttl_maximum_hops	Integer			Min: 0 Max: 254	Maximum number of hops.
neighbor_interfaces	List, items: Dictionary
- name	String	Required, Unique			Interface name.
remote_as	String				BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
peer	String				Key only used for documentation or validation purposes.
peer_group	String		Peer-group name
description	String
peer_filter	String				Peer-filter name.
aggregate_addresses	List, items: Dictionary
- prefix	String	Required, Unique			IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
advertise_only	Boolean
as_set	Boolean
advertise_map	String				Route-map name.
supress_map	String				Route-map name.
summary_only	Boolean
attribute_map	String				Route-map name.
match_map	String				Route-map name.
redistribute_routes	List, items: Dictionary
- source_protocol	String	Required, Unique		Valid Values: - attached-host - bgp - connected - dynamic - isis - ospf - ospfv3 - rip - static - user
route_map	String
rcf	String				RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. Only applicable if source_protocol is one of connected, static, isis, user, dynamic.
include_leaked	Boolean
vlan_aware_bundles	List, items: Dictionary
- name	String	Required, Unique			VLAN aware bundle name.
tenant	String				Key only used for documentation or validation purposes.
description	String				Key only used for documentation or validation purposes.
rd	String				Route distinguisher.
rd_evpn_domain	Dictionary
domain	String			Valid Values: - remote - all
rd	String				Route distinguisher.
route_targets	Dictionary
both	List, items: String
- <str>	String
import	List, items: String
- <str>	String
export	List, items: String
- <str>	String
import_evpn_domains	List, items: Dictionary
- domain	String			Valid Values: - remote - all
route_target	String
export_evpn_domains	List, items: Dictionary
- domain	String			Valid Values: - remote - all
route_target	String
import_export_evpn_domains	List, items: Dictionary
- domain	String			Valid Values: - remote - all
route_target	String
redistribute_routes	List, items: String
- <str>	String
no_redistribute_routes	List, items: String
- <str>	String
vlan	String				VLAN range as string. Example “100-200,300”.
eos_cli	String				Multiline EOS CLI rendered directly on the Router BGP, VLAN-aware-bundle definition in the final EOS configuration.
vlans	List, items: Dictionary
- id	Integer	Required, Unique
tenant	String				Key only used for documentation or validation purposes.
rd	String				Route distinguisher.
rd_evpn_domain	Dictionary
domain	String			Valid Values: - remote - all
rd	String				Route distinguisher.
eos_cli	String				Multiline EOS CLI rendered directly on the Router BGP, VLAN definition in the final EOS configuration.
route_targets	Dictionary
both	List, items: String
- <str>	String
import	List, items: String
- <str>	String
export	List, items: String
- <str>	String
import_evpn_domains	List, items: Dictionary
- domain	String			Valid Values: - remote - all
route_target	String
export_evpn_domains	List, items: Dictionary
- domain	String			Valid Values: - remote - all
route_target	String
import_export_evpn_domains	List, items: Dictionary
- domain	String			Valid Values: - remote - all
route_target	String
redistribute_routes	List, items: String
- <str>	String
no_redistribute_routes	List, items: String
- <str>	String
vpws	List, items: Dictionary
- name	String	Required, Unique			VPWS instance name.
rd	String				Route distinguisher.
route_targets	Dictionary
import_export	String				Route Target.
mpls_control_word	Boolean
label_flow	Boolean
mtu	Integer
pseudowires	List, items: Dictionary
- name	String	Required, Unique			Pseudowire name.
id_local	Integer				Must match id_remote on other pe.
id_remote	Integer				Must match id_local on other pe.
address_family_evpn	Dictionary
domain_identifier	String
neighbor_default	Dictionary
encapsulation	String			Valid Values: - vxlan - mpls
next_hop_self_source_interface	String				Source interface name.
next_hop_self_received_evpn_routes	Dictionary
enable	Boolean
inter_domain	Boolean
next_hop_mpls_resolution_ribs	List, items: Dictionary			Min Length: 1 Max Length: 3	Specify the RIBs used to resolve MPLS next-hops. The order of this list determines the order of RIB lookups.
- rib_type	String	Required		Valid Values: - system-connected - tunnel-rib-colored - tunnel-rib	Type of RIB. For ‘tunnel-rib’, use ‘rib_name’ to specify the name of the Tunnel-RIB to use.
rib_name	String				The name of the tunnel-rib to use when using ‘tunnel-rib’ type.
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
rcf_in	String				Inbound RCF function name with parenthesis. Example: MyFunction(myarg).
rcf_out	String				Outbound RCF function name with parenthesis. Example: MyFunction(myarg).
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name.
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
rcf_in	String				Inbound RCF function name with parenthesis. Example: MyFunction(myarg).
rcf_out	String				Outbound RCF function name with parenthesis. Example: MyFunction(myarg).
domain_remote	Boolean
encapsulation	String			Valid Values: - vxlan - mpls
additional_paths	Dictionary
receive	Boolean
send	Dictionary
any	Boolean
backup	Boolean
ecmp	Boolean
ecmp_limit	Integer			Min: 2 Max: 64	Amount of ECMP paths to send.
limit	Integer			Min: 2 Max: 64	Amount of paths to send.
evpn_hostflap_detection	Dictionary
enabled	Boolean
window	Integer			Min: 0 Max: 4294967295	Time (in seconds) to detect a MAC duplication issue.
threshold	Integer			Min: 0 Max: 4294967295	Minimum number of MAC moves that indicate a MAC Duplication issue.
expiry_timeout	Integer			Min: 0 Max: 4294967295	Time (in seconds) to purge a MAC duplication issue.
next_hop	Dictionary
resolution_disabled	Boolean
route	Dictionary
import_match_failure_action	String			Valid Values: - discard
import_ethernet_segment_ip_mass_withdraw	Boolean
import_overlay_index_gateway	Boolean
export_ethernet_segment_ip_mass_withdraw	Boolean
next_hop_unchanged	Boolean
bgp_additional_paths	Dictionary				BGP additional-paths commands.
receive	Boolean				Receive multiple paths.
send	Dictionary				Send multiple paths.
any	Boolean				Any eligible path.
backup	Boolean				Best path and installed backup path.
ecmp	Boolean				All paths in best path ECMP group.
ecmp_limit	Integer			Min: 2 Max: 64	Amount of ECMP paths to send.
limit	Integer			Min: 2 Max: 64	Amount of paths to send.
layer_2_fec_in_place_update	Dictionary				BGP layer-2 in-place FEC operation.
enabled	Boolean	Required
timeout	Integer			Min: 0 Max: 300	In-place FEC update tracking timeout in seconds.
address_family_rtc	Dictionary
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name.
activate	Boolean
default_route_target	Dictionary
only	Boolean
encoding_origin_as_omit	String
address_family_ipv4	Dictionary
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
route_map	String				Route-map name.
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name.
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
rcf_in	String				Inbound RCF function name with parenthesis. Example: MyFunction(myarg).
rcf_out	String				Outbound RCF function name with parenthesis. Example: MyFunction(myarg).
default_originate	Dictionary
always	Boolean
route_map	String				Route-map name.
next_hop	Dictionary
address_family_ipv6	Dictionary
enabled	Boolean	Required
originate	Boolean
address_family_ipv6_originate deprecated	Boolean				This key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_ipv6 instead.
prefix_list_in	String				Inbound prefix-list name.
prefix_list_out	String				Outbound prefix-list name.
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
rcf_in	String				Inbound RCF function name with parenthesis. Example: MyFunction(myarg).
rcf_out	String				Outbound RCF function name with parenthesis. Example: MyFunction(myarg).
prefix_list_in	String				Inbound prefix-list name.
prefix_list_out	String				Prefix-list name.
default_originate	Dictionary
always	Boolean
route_map	String
redistribute_routes	List, items: Dictionary
- source_protocol	String	Required, Unique		Valid Values: - attached-host - bgp - connected - dynamic - isis - ospf - ospfv3 - rip - static - user
route_map	String
include_leaked	Boolean				Only applicable if source_protocol is one of connected, static, isis, ospf, ospfv3.
rcf	String				RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. Only applicable if source_protocol is one of connected, static, isis, user, dynamic.
address_family_ipv4_multicast	Dictionary
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name.
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
redistribute_routes	List, items: Dictionary
- source_protocol	String	Required, Unique
route_map	String
include_leaked	Boolean				Only applicable if source_protocol is isis.
rcf	String				RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. Only applicable if source_protocol is isis.
address_family_ipv4_sr_te	Dictionary
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name.
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
address_family_ipv6	Dictionary
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
route_map	String				Route-map name.
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name.
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
rcf_in	String				Inbound RCF function name with parenthesis. Example: MyFunction(myarg).
rcf_out	String				Outbound RCF function name with parenthesis. Example: MyFunction(myarg).
prefix_list_in	String				Inbound prefix-list name.
prefix_list_out	String				Outbound prefix-list name.
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
rcf_in	String				Inbound RCF function name with parenthesis. Example: MyFunction(myarg).
rcf_out	String				Outbound RCF function name with parenthesis. Example: MyFunction(myarg).
prefix_list_in	String				Inbound prefix-list name.
prefix_list_out	String				Outbound prefix-list name.
redistribute_routes	List, items: Dictionary
- source_protocol	String	Required, Unique
route_map	String
include_leaked	Boolean
rcf	String				RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. Only used if source_protocol is one of connected, static, isis, user, dynamic.
address_family_ipv6_multicast	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
additional_paths	Dictionary
receive	Boolean
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name.
activate	Boolean
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv6 prefix “A:B:C:D:E:F:G:H/I”.
route_map	String
redistribute_routes	List, items: Dictionary
- source_protocol	String	Required, Unique		Valid Values: - connected - isis - ospf - ospfv3 - static
include_leaked	Boolean				Only applicable if source_protocol is isis.
route_map	String
rcf	String				RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. Only applicable if source_protocol is isis.
address_family_ipv6_sr_te	Dictionary
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name.
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
address_family_link_state	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name.
activate	Boolean
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
path_selection	Dictionary
roles	Dictionary
producer	Boolean
consumer	Boolean
propagator	Boolean
address_family_flow_spec_ipv4	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name.
activate	Boolean
address_family_flow_spec_ipv6	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name.
activate	Boolean
address_family_path_selection	Dictionary
bgp	Dictionary
additional_paths	Dictionary
receive	Boolean
send	Dictionary
any	Boolean
backup	Boolean
ecmp	Boolean
ecmp_limit	Integer			Min: 2 Max: 64	Amount of ECMP paths to send.
limit	Integer			Min: 2 Max: 64	Amount of paths to send.
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
additional_paths	Dictionary
install	Boolean
install_ecmp_primary	Boolean
receive	Boolean
send	Dictionary
any	Boolean
backup	Boolean
ecmp	Boolean
ecmp_limit	Integer			Min: 2 Max: 64	Amount of ECMP paths to send.
limit	Integer			Min: 2 Max: 64	Amount of paths to send.
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name.
activate	Boolean
additional_paths	Dictionary
install	Boolean
install_ecmp_primary	Boolean
receive	Boolean
send	Dictionary
any	Boolean
backup	Boolean
ecmp	Boolean
ecmp_limit	Integer			Min: 2 Max: 64	Amount of ECMP paths to send.
limit	Integer			Min: 2 Max: 64	Amount of paths to send.
address_family_vpn_ipv4	Dictionary
domain_identifier	String
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name.
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
rcf_in	String				Inbound RCF function name with parenthesis. Example: MyFunction(myarg).
rcf_out	String				Outbound RCF function name with parenthesis. Example: MyFunction(myarg).
route	Dictionary
import_match_failure_action	String			Valid Values: - discard
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
rcf_in	String				Inbound RCF function name with parenthesis. Example: MyFunction(myarg).
rcf_out	String				Outbound RCF function name with parenthesis. Example: MyFunction(myarg).
neighbor_default_encapsulation_mpls_next_hop_self	Dictionary
source_interface	String
address_family_vpn_ipv6	Dictionary
domain_identifier	String
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name.
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
rcf_in	String				Inbound RCF function name with parenthesis. Example: MyFunction(myarg).
rcf_out	String				Outbound RCF function name with parenthesis. Example: MyFunction(myarg).
route	Dictionary
import_match_failure_action	String			Valid Values: - discard
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
rcf_in	String				Inbound RCF function name with parenthesis. Example: MyFunction(myarg).
rcf_out	String				Outbound RCF function name with parenthesis. Example: MyFunction(myarg).
neighbor_default_encapsulation_mpls_next_hop_self	Dictionary
source_interface	String
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF name.
rd	String				Route distinguisher.
evpn_multicast	Boolean
evpn_multicast_address_family	Dictionary				Enable per-AF EVPN multicast settings.
ipv4	Dictionary
transit	Boolean				Enable EVPN multicast transit mode.
route_targets	Dictionary
import	List, items: Dictionary
- address_family	String	Required, Unique
route_targets	List, items: String
- <str>	String
route_map	String				Only applicable if address_family is one of evpn, vpn-ipv4 or vpn-ipv6.
rcf	String				RCF function name with parenthesis. Example: MyFunction(myarg). Only applicable if address_family is one of evpn, vpn-ipv4 or vpn-ipv6.
vpn_route_filter_rcf	String				RCF function name with parenthesis for filtering VPN routes. Also requires rcf to be set. Example: MyFunction(myarg). Only applicable if address_family is one of vpn-ipv4 or vpn-ipv6.
export	List, items: Dictionary
- address_family	String	Required, Unique
route_targets	List, items: String
- <str>	String
route_map	String				Only applicable if address_family is one of evpn, vpn-ipv4 or vpn-ipv6.
rcf	String				RCF function name with parenthesis. Example: MyFunction(myarg). Only applicable if address_family is one of evpn, vpn-ipv4 or vpn-ipv6.
vpn_route_filter_rcf	String				RCF function name with parenthesis for filtering VPN routes. Also requires rcf to be set. Example: MyFunction(myarg). Only applicable if address_family is one of vpn-ipv4 or vpn-ipv6.
router_id	String				in IP address format A.B.C.D.
timers	String				BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”.
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
route_map	String
updates	Dictionary
wait_for_convergence	Boolean				Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
wait_install	Boolean				Do not advertise reachability to a prefix until that prefix has been installed in hardware. This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
listen_ranges	List, items: Dictionary				Improved “listen_ranges” data model to support multiple listen ranges and additional filter capabilities.
- prefix	String				IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
peer_id_include_router_id	Boolean				Include router ID as part of peer filter.
peer_group	String				Peer-group name.
peer_filter	String				Peer-filter name. note: peer_filter`` orremote_as` is required but mutually exclusive. If both are defined, peer_filter takes precedence.
remote_as	String				BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
peer_group	String				Peer-group name.
remote_as	String				BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
password	String
passive	Boolean
remove_private_as	Dictionary				Remove private AS numbers in outbound AS path.
enabled	Boolean
all	Boolean
replace_as	Boolean
remove_private_as_ingress	Dictionary
enabled	Boolean
replace_as	Boolean
weight	Integer			Min: 0 Max: 65535
local_as	String				BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
as_path	Dictionary				BGP AS-PATH options.
remote_as_replace_out	Boolean				Replace AS number with local AS number.
prepend_own_disabled	Boolean				Disable prepending own AS number to AS path.
description	String
route_reflector_client	Boolean
ebgp_multihop	Integer			Min: 1 Max: 255	Time-to-live in range of hops.
next_hop_self	Boolean
shutdown	Boolean
bfd	Boolean				Enable BFD.
bfd_timers	Dictionary				Override default BFD timers. BFD must be enabled with bfd: true.
interval	Integer	Required		Min: 50 Max: 60000	Interval in milliseconds.
min_rx	Integer	Required		Min: 50 Max: 60000	Rate in milliseconds.
multiplier	Integer	Required		Min: 3 Max: 50
timers	String				BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”.
rib_in_pre_policy_retain	Dictionary
enabled	Boolean
all	Boolean
send_community	String				‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’.
maximum_routes	Integer
maximum_routes_warning_limit	String				Maximum number of routes after which a warning is issued (0 means never warn) or Percentage of maximum number of routes at which to warn (“<1-100> percent”).
maximum_routes_warning_only	Boolean
allowas_in	Dictionary
enabled	Boolean
times	Integer			Min: 1 Max: 10	Number of local ASNs allowed in a BGP update.
default_originate	Dictionary
enabled	Boolean
always	Boolean
route_map	String
update_source	String
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
prefix_list_in deprecated	String				Inbound prefix-list name.This key is deprecated. Support will be removed in AVD version 5.0.0. Use router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_in or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_in instead.
prefix_list_out deprecated	String				Outbound prefix-list name.This key is deprecated. Support will be removed in AVD version 5.0.0. Use router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_out or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_out instead.
neighbor_interfaces	List, items: Dictionary
- name	String	Required, Unique			Interface name.
remote_as	String				BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
peer_group	String				Peer-group name.
peer_filter	String				Peer-filter name.
description	String
redistribute_routes	List, items: Dictionary
- source_protocol	String	Required, Unique
route_map	String
include_leaked	Boolean
rcf	String				RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. Only applicable if source_protocol is one of connected, dynamic, isis, static and user.
aggregate_addresses	List, items: Dictionary
- prefix	String	Required, Unique			IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
advertise_only	Boolean
as_set	Boolean
advertise_map	String				Route-map name.
supress_map	String				Route-map name.
summary_only	Boolean
attribute_map	String
match_map	String
address_family_ipv4	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
additional_paths	Dictionary
install	Boolean
install_ecmp_primary	Boolean
receive	Boolean
send	Dictionary
any	Boolean
backup	Boolean
ecmp	Boolean
ecmp_limit	Integer			Min: 2 Max: 64	Amount of ECMP paths to send.
limit	Integer			Min: 2 Max: 64	Amount of paths to send.
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
rcf_in	String				Inbound RCF function name with parenthesis. Example: MyFunction(myarg).
rcf_out	String				Outbound RCF function name with parenthesis. Example: MyFunction(myarg).
prefix_list_in	String				Inbound prefix-list name.
prefix_list_out	String				Outbound prefix-list name.
next_hop	Dictionary
address_family_ipv6	Dictionary
enabled	Boolean	Required
originate	Boolean
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv4 prefix “A.B.C.D/E”.
route_map	String
redistribute_routes	List, items: Dictionary
- source_protocol	String	Required, Unique		Valid Values: - attached-host - bgp - connected - dynamic - isis - ospf - ospfv3 - rip - static - user
route_map	String
include_leaked	Boolean
rcf	String				RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. Only applicable if source_protocol is one of connected, dynamic, isis, static and user.
address_family_ipv6	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
additional_paths	Dictionary
install	Boolean
install_ecmp_primary	Boolean
receive	Boolean
send	Dictionary
any	Boolean
backup	Boolean
ecmp	Boolean
ecmp_limit	Integer			Min: 2 Max: 64	Amount of ECMP paths to send.
limit	Integer			Min: 2 Max: 64	Amount of paths to send.
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
rcf_in	String				Inbound RCF function name with parenthesis. Example: MyFunction(myarg).
rcf_out	String				Outbound RCF function name with parenthesis. Example: MyFunction(myarg).
prefix_list_in	String				Inbound prefix-list name.
prefix_list_out	String				Outbound prefix-list name.
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv6 prefix “A:B:C:D:E:F:G:H/I”.
route_map	String
redistribute_routes	List, items: Dictionary
- source_protocol	String	Required, Unique		Valid Values: - attached-host - bgp - connected - dhcp - dynamic - isis - ospfv3 - static - user
route_map	String
include_leaked	Boolean
rcf	String				RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. Only applicable if source_protocol is one of connected, dynamic, isis, static and user.
address_family_ipv4_multicast	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
additional_paths	Dictionary
receive	Boolean
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv6 prefix “A.B.C.D/E”.
route_map	String
redistribute_routes	List, items: Dictionary
- source_protocol	String	Required, Unique		Valid Values: - attached-host - connected - isis - ospf - ospfv3 - static
route_map	String
include_leaked	Boolean				Only applicable if source_protocol is isis.
rcf	String				RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. Only applicable if source_protocol is isis.
address_family_ipv6_multicast	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
additional_paths	Dictionary
receive	Boolean
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv6 prefix “A:B:C:D:E:F:G:H/I”.
route_map	String
redistribute_routes	List, items: Dictionary
- source_protocol	String	Required, Unique		Valid Values: - connected - isis - ospf - ospfv3 - static
route_map	String
include_leaked	Boolean				Only applicable if source_protocol is isis.
rcf	String				RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. Only applicable if source_protocol is isis.
address_family_flow_spec_ipv4	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
address_family_flow_spec_ipv6	Dictionary
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
address_families deprecated	List, items: Dictionary				This key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_* instead.
- address_family	String	Required, Unique
bgp	Dictionary
missing_policy	Dictionary
direction_in_action	String			Valid Values: - deny - deny-in-out - permit
direction_out_action	String			Valid Values: - deny - deny-in-out - permit
additional_paths	List, items: String
- <str>	String
neighbors	List, items: Dictionary
- ip_address	String	Required, Unique
activate	Boolean
route_map_in	String				Inbound route-map name.
route_map_out	String				Outbound route-map name.
peer_groups	List, items: Dictionary
- name	String	Required, Unique			Peer-group name.
activate	Boolean
next_hop	Dictionary
address_family_ipv6_originate	Boolean
networks	List, items: Dictionary
- prefix	String	Required, Unique			IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
route_map	String
eos_cli	String				Multiline EOS CLI rendered directly on the Router BGP, VRF definition in the final EOS configuration.
session_trackers	List, items: Dictionary
- name	String	Required, Unique			Name of session tracker.
recovery_delay	Integer			Min: 1 Max: 3600	Recovery delay in seconds.
eos_cli	String				Multiline EOS CLI rendered directly on the Router BGP in the final EOS configuration.

router_bgp:

  # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
  # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
  as: <str>

  # BGP AS can be deplayed in the asplain <1-4294967295> or asdot notation "<1-65535>.<0-65535>". This flag indicates which mode is preferred - asplain is the default.
  as_notation: <str; "asdot" | "asplain">

  # In IP address format A.B.C.D.
  router_id: <str>
  distance:
    external_routes: <int; 1-255; required>
    internal_routes: <int; 1-255; required>
    local_routes: <int; 1-255; required>
  graceful_restart:
    enabled: <bool>

    # Number of seconds.
    restart_time: <int; 1-3600>

    # Number of seconds.
    stalepath_time: <int; 1-3600>
  graceful_restart_helper:
    enabled: <bool>

    # Number of seconds
    # graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
    # restart-time will take precedence if both are configured.
    restart_time: <int; 1-100000000>

    # graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
    # restart-time will take precedence if both are configured.
    long_lived: <bool>
  maximum_paths:
    paths: <int; 1-600; required>
    ecmp: <int; 1-600>
  updates:

    # Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
    wait_for_convergence: <bool>

    # Do not advertise reachability to a prefix until that prefix has been installed in hardware.
    # This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
    wait_install: <bool>

  # IP Address A.B.C.D.
  bgp_cluster_id: <str>

  # BGP command as string.
  bgp_defaults:
    - <str>
  bgp:
    default:

      # Default activation of IPv4 unicast address-family on all IPv4 neighbors (EOS default = True).
      ipv4_unicast: <bool>

      # Default activation of IPv4 unicast address-family on all IPv6 neighbors (EOS default == False).
      ipv4_unicast_transport_ipv6: <bool>
    route_reflector_preserve_attributes:
      enabled: <bool>
      always: <bool>
    bestpath:
      d_path: <bool>

  # Improved "listen_ranges" data model to support multiple listen ranges and additional filter capabilities.
  listen_ranges:

      # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
    - prefix: <str>

      # Include router ID as part of peer filter.
      peer_id_include_router_id: <bool>

      # Peer group name.
      peer_group: <str>

      # Peer-filter name.
      # note: `peer_filter` or `remote_as` is required but mutually exclusive.
      # If both are defined, `peer_filter` takes precedence
      peer_filter: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      remote_as: <str>
  peer_groups:

      # Peer-group name.
    - name: <str; required; unique>

      # Key only used for documentation or validation purposes.
      type: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      remote_as: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      local_as: <str>
      description: <str>
      shutdown: <bool>

      # BGP AS-PATH options.
      as_path:

        # Replace AS number with local AS number.
        remote_as_replace_out: <bool>

        # Disable prepending own AS number to AS path.
        prepend_own_disabled: <bool>

      # Remove private AS numbers in outbound AS path.
      remove_private_as:
        enabled: <bool>
        all: <bool>
        replace_as: <bool>
      remove_private_as_ingress:
        enabled: <bool>
        replace_as: <bool>

      # Peer-filter name.
      # note: `bgp_listen_range_prefix` and `peer_filter` should not be mixed with
      # the new `listen_ranges` key above to avoid conflicts.
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>listen_ranges</samp> instead.
      peer_filter: <str>
      next_hop_unchanged: <bool>

      # IP address or interface name.
      update_source: <str>
      route_reflector_client: <bool>

      # Enable BFD.
      bfd: <bool>

      # Override default BFD timers. BFD must be enabled with `bfd: true`.
      bfd_timers:

        # Interval in milliseconds.
        interval: <int; 50-60000; required>

        # Rate in milliseconds.
        min_rx: <int; 50-60000; required>
        multiplier: <int; 3-50; required>

      # Time-to-live in range of hops.
      ebgp_multihop: <int; 1-255>
      next_hop_self: <bool>
      password: <str>
      passive: <bool>
      default_originate:
        enabled: <bool>
        always: <bool>

        # Route-map name.
        route_map: <str>

      # 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'.
      send_community: <str>

      # Maximum number of routes (0 means unlimited).
      maximum_routes: <int; 0-4294967294>

      # Maximum number of routes after which a warning is issued (0 means never warn) or
      # Percentage of maximum number of routes at which to warn ("<1-100> percent").
      maximum_routes_warning_limit: <str>
      maximum_routes_warning_only: <bool>
      link_bandwidth:
        enabled: <bool>

        # nn.nn(K|M|G) link speed in bits/second.
        default: <str>
      allowas_in:
        enabled: <bool>

        # Number of local ASNs allowed in a BGP update.
        times: <int; 1-10>
      weight: <int; 0-65535>

      # BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>".
      timers: <str>
      rib_in_pre_policy_retain:
        enabled: <bool>
        all: <bool>

      # Inbound route-map name.
      route_map_in: <str>

      # Outbound route-map name.
      route_map_out: <str>

      # IP prefix range.
      # note: `bgp_listen_range_prefix` and `peer_filter` should not be mixed with
      # the new `listen_ranges` key above to avoid conflicts.
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>listen_ranges</samp> instead.
      bgp_listen_range_prefix: <str>
      session_tracker: <str>
      shared_secret:

        # Name of profile defined under `management_security`.
        profile: <str; required>

        # Note: Algorithm hmac-sha-256 requires EOS version 4.31.1F and above.
        hash_algorithm: <str; "aes-128-cmac-96" | "hmac-sha-256" | "hmac-sha1-96"; required>

      # Maximum number of hops.
      ttl_maximum_hops: <int; 0-254>
  neighbors:
    - ip_address: <str; required; unique>
      peer_group: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      remote_as: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      local_as: <str>

      # BGP AS-PATH options.
      as_path:

        # Replace AS number with local AS number.
        remote_as_replace_out: <bool>

        # Disable prepending own AS number to AS path.
        prepend_own_disabled: <bool>

      # Key only used for documentation or validation purposes.
      peer: <str>
      description: <str>
      route_reflector_client: <bool>
      password: <str>
      passive: <bool>
      shutdown: <bool>

      # Source Interface.
      update_source: <str>

      # Enable BFD.
      bfd: <bool>

      # Override default BFD timers. BFD must be enabled with `bfd: true`.
      bfd_timers:

        # Interval in milliseconds.
        interval: <int; 50-60000; required>

        # Rate in milliseconds.
        min_rx: <int; 50-60000; required>
        multiplier: <int; 3-50; required>
      weight: <int; 0-65535>

      # BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>".
      timers: <str>

      # Inbound route-map name.
      route_map_in: <str>

      # Outbound route-map name.
      route_map_out: <str>
      default_originate:
        enabled: <bool>
        always: <bool>
        route_map: <str>

      # 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'.
      send_community: <str>

      # Maximum number of routes (0 means unlimited).
      maximum_routes: <int; 0-4294967294>

      # Maximum number of routes after which a warning is issued (0 means never warn) or
      # Percentage of maximum number of routes at which to warn ("<1-100> percent").
      maximum_routes_warning_limit: <str>
      maximum_routes_warning_only: <bool>
      allowas_in:
        enabled: <bool>

        # Number of local ASNs allowed in a BGP update.
        times: <int; 1-10>

      # Time-to-live in range of hops.
      ebgp_multihop: <int; 1-255>
      next_hop_self: <bool>
      link_bandwidth:
        enabled: <bool>

        # nn.nn(K|M|G) link speed in bits/second.
        default: <str>
      rib_in_pre_policy_retain:
        enabled: <bool>
        all: <bool>

      # Remove private AS numbers in outbound AS path.
      remove_private_as:
        enabled: <bool>
        all: <bool>
        replace_as: <bool>
      remove_private_as_ingress:
        enabled: <bool>
        replace_as: <bool>
      session_tracker: <str>
      shared_secret:

        # Name of profile defined under `management_security`.
        profile: <str; required>

        # Note: Algorithm hmac-sha-256 requires EOS version 4.31.1F and above.
        hash_algorithm: <str; "aes-128-cmac-96" | "hmac-sha-256" | "hmac-sha1-96"; required>

      # Maximum number of hops.
      ttl_maximum_hops: <int; 0-254>
  neighbor_interfaces:

      # Interface name.
    - name: <str; required; unique>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      remote_as: <str>

      # Key only used for documentation or validation purposes.
      peer: <str>
      peer_group: <str; default="Peer-group name">
      description: <str>

      # Peer-filter name.
      peer_filter: <str>
  aggregate_addresses:

      # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
    - prefix: <str; required; unique>
      advertise_only: <bool>
      as_set: <bool>

      # Route-map name.
      advertise_map: <str>

      # Route-map name.
      supress_map: <str>
      summary_only: <bool>

      # Route-map name.
      attribute_map: <str>

      # Route-map name.
      match_map: <str>
  redistribute_routes:
    - source_protocol: <str; "attached-host" | "bgp" | "connected" | "dynamic" | "isis" | "ospf" | "ospfv3" | "rip" | "static" | "user"; required; unique>
      route_map: <str>

      # RCF function name with parenthesis.
      # Example: MyFunction(myarg).
      # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
      # Only applicable if `source_protocol` is one of `connected`, `static`, `isis`, `user`, `dynamic`.
      rcf: <str>
      include_leaked: <bool>
  vlan_aware_bundles:

      # VLAN aware bundle name.
    - name: <str; required; unique>

      # Key only used for documentation or validation purposes.
      tenant: <str>

      # Key only used for documentation or validation purposes.
      description: <str>

      # Route distinguisher.
      rd: <str>
      rd_evpn_domain:
        domain: <str; "remote" | "all">

        # Route distinguisher.
        rd: <str>
      route_targets:
        both:
          - <str>
        import:
          - <str>
        export:
          - <str>
        import_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
        export_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
        import_export_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
      redistribute_routes:
        - <str>
      no_redistribute_routes:
        - <str>

      # VLAN range as string. Example "100-200,300".
      vlan: <str>

      # Multiline EOS CLI rendered directly on the Router BGP, VLAN-aware-bundle definition in the final EOS configuration.
      eos_cli: <str>
  vlans:
    - id: <int; required; unique>

      # Key only used for documentation or validation purposes.
      tenant: <str>

      # Route distinguisher.
      rd: <str>
      rd_evpn_domain:
        domain: <str; "remote" | "all">

        # Route distinguisher.
        rd: <str>

      # Multiline EOS CLI rendered directly on the Router BGP, VLAN definition in the final EOS configuration.
      eos_cli: <str>
      route_targets:
        both:
          - <str>
        import:
          - <str>
        export:
          - <str>
        import_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
        export_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
        import_export_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
      redistribute_routes:
        - <str>
      no_redistribute_routes:
        - <str>
  vpws:

      # VPWS instance name.
    - name: <str; required; unique>

      # Route distinguisher.
      rd: <str>
      route_targets:

        # Route Target.
        import_export: <str>
      mpls_control_word: <bool>
      label_flow: <bool>
      mtu: <int>
      pseudowires:

          # Pseudowire name.
        - name: <str; required; unique>

          # Must match id_remote on other pe.
          id_local: <int>

          # Must match id_local on other pe.
          id_remote: <int>
  address_family_evpn:
    domain_identifier: <str>
    neighbor_default:
      encapsulation: <str; "vxlan" | "mpls">

      # Source interface name.
      next_hop_self_source_interface: <str>
      next_hop_self_received_evpn_routes:
        enable: <bool>
        inter_domain: <bool>

    # Specify the RIBs used to resolve MPLS next-hops. The order of this list determines the order of RIB lookups.
    next_hop_mpls_resolution_ribs: # 1-3 items

        # Type of RIB. For 'tunnel-rib', use 'rib_name' to specify the name of the Tunnel-RIB to use.
      - rib_type: <str; "system-connected" | "tunnel-rib-colored" | "tunnel-rib"; required>

        # The name of the tunnel-rib to use when using 'tunnel-rib' type.
        rib_name: <str>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
        domain_remote: <bool>
        encapsulation: <str; "vxlan" | "mpls">
        additional_paths:
          receive: <bool>
          send:
            any: <bool>
            backup: <bool>
            ecmp: <bool>

            # Amount of ECMP paths to send.
            ecmp_limit: <int; 2-64>

            # Amount of paths to send.
            limit: <int; 2-64>
    evpn_hostflap_detection:
      enabled: <bool>

      # Time (in seconds) to detect a MAC duplication issue.
      window: <int; 0-4294967295>

      # Minimum number of MAC moves that indicate a MAC Duplication issue.
      threshold: <int; 0-4294967295>

      # Time (in seconds) to purge a MAC duplication issue.
      expiry_timeout: <int; 0-4294967295>
    next_hop:
      resolution_disabled: <bool>
    route:
      import_match_failure_action: <str; "discard">
      import_ethernet_segment_ip_mass_withdraw: <bool>
      import_overlay_index_gateway: <bool>
      export_ethernet_segment_ip_mass_withdraw: <bool>
    next_hop_unchanged: <bool>

    # BGP additional-paths commands.
    bgp_additional_paths:

      # Receive multiple paths.
      receive: <bool>

      # Send multiple paths.
      send:

        # Any eligible path.
        any: <bool>

        # Best path and installed backup path.
        backup: <bool>

        # All paths in best path ECMP group.
        ecmp: <bool>

        # Amount of ECMP paths to send.
        ecmp_limit: <int; 2-64>

        # Amount of paths to send.
        limit: <int; 2-64>

    # BGP layer-2 in-place FEC operation.
    layer_2_fec_in_place_update:
      enabled: <bool; required>

      # In-place FEC update tracking timeout in seconds.
      timeout: <int; 0-300>
  address_family_rtc:
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
        default_route_target:
          only: <bool>
          encoding_origin_as_omit: <str>
  address_family_ipv4:
    networks:

        # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
      - prefix: <str; required; unique>

        # Route-map name.
        route_map: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
        default_originate:
          always: <bool>

          # Route-map name.
          route_map: <str>
        next_hop:
          address_family_ipv6:
            enabled: <bool; required>
            originate: <bool>
          # This key is deprecated.
          # Support will be removed in AVD version 5.0.0.
          # Use <samp>address_family_ipv6</samp> instead.
          address_family_ipv6_originate: <bool>

        # Inbound prefix-list name.
        prefix_list_in: <str>

        # Outbound prefix-list name.
        prefix_list_out: <str>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>

        # Inbound prefix-list name.
        prefix_list_in: <str>

        # Prefix-list name.
        prefix_list_out: <str>
        default_originate:
          always: <bool>
          route_map: <str>
    redistribute_routes:
      - source_protocol: <str; "attached-host" | "bgp" | "connected" | "dynamic" | "isis" | "ospf" | "ospfv3" | "rip" | "static" | "user"; required; unique>
        route_map: <str>

        # Only applicable if `source_protocol` is one of `connected`, `static`, `isis`, `ospf`, `ospfv3`.
        include_leaked: <bool>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        # Only applicable if `source_protocol` is one of `connected`, `static`, `isis`, `user`, `dynamic`.
        rcf: <str>
  address_family_ipv4_multicast:
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
    redistribute_routes:
      - source_protocol: <str; required; unique>
        route_map: <str>

        # Only applicable if `source_protocol` is `isis`.
        include_leaked: <bool>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        # Only applicable if `source_protocol` is `isis`.
        rcf: <str>
  address_family_ipv4_sr_te:
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
  address_family_ipv6:
    networks:

        # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
      - prefix: <str; required; unique>

        # Route-map name.
        route_map: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>

        # Inbound prefix-list name.
        prefix_list_in: <str>

        # Outbound prefix-list name.
        prefix_list_out: <str>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>

        # Inbound prefix-list name.
        prefix_list_in: <str>

        # Outbound prefix-list name.
        prefix_list_out: <str>
    redistribute_routes:
      - source_protocol: <str; required; unique>
        route_map: <str>
        include_leaked: <bool>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        # Only used if `source_protocol` is one of `connected`, `static`, `isis`, `user`, `dynamic`.
        rcf: <str>
  address_family_ipv6_multicast:
    bgp:
      missing_policy:
        direction_in_action: <str; "deny" | "deny-in-out" | "permit">
        direction_out_action: <str; "deny" | "deny-in-out" | "permit">
      additional_paths:
        receive: <bool>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
    networks:

        # IPv6 prefix "A:B:C:D:E:F:G:H/I".
      - prefix: <str; required; unique>
        route_map: <str>
    redistribute_routes:
      - source_protocol: <str; "connected" | "isis" | "ospf" | "ospfv3" | "static"; required; unique>

        # Only applicable if `source_protocol` is `isis`.
        include_leaked: <bool>
        route_map: <str>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        # Only applicable if `source_protocol` is `isis`.
        rcf: <str>
  address_family_ipv6_sr_te:
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
  address_family_link_state:
    bgp:
      missing_policy:
        direction_in_action: <str; "deny" | "deny-in-out" | "permit">
        direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
        missing_policy:
          direction_in_action: <str; "deny" | "deny-in-out" | "permit">
          direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>
        missing_policy:
          direction_in_action: <str; "deny" | "deny-in-out" | "permit">
          direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    path_selection:
      roles:
        producer: <bool>
        consumer: <bool>
        propagator: <bool>
  address_family_flow_spec_ipv4:
    bgp:
      missing_policy:
        direction_in_action: <str; "deny" | "deny-in-out" | "permit">
        direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
  address_family_flow_spec_ipv6:
    bgp:
      missing_policy:
        direction_in_action: <str; "deny" | "deny-in-out" | "permit">
        direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
  address_family_path_selection:
    bgp:
      additional_paths:
        receive: <bool>
        send:
          any: <bool>
          backup: <bool>
          ecmp: <bool>

          # Amount of ECMP paths to send.
          ecmp_limit: <int; 2-64>

          # Amount of paths to send.
          limit: <int; 2-64>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>
        additional_paths:
          install: <bool>
          install_ecmp_primary: <bool>
          receive: <bool>
          send:
            any: <bool>
            backup: <bool>
            ecmp: <bool>

            # Amount of ECMP paths to send.
            ecmp_limit: <int; 2-64>

            # Amount of paths to send.
            limit: <int; 2-64>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
        additional_paths:
          install: <bool>
          install_ecmp_primary: <bool>
          receive: <bool>
          send:
            any: <bool>
            backup: <bool>
            ecmp: <bool>

            # Amount of ECMP paths to send.
            ecmp_limit: <int; 2-64>

            # Amount of paths to send.
            limit: <int; 2-64>
  address_family_vpn_ipv4:
    domain_identifier: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
    route:
      import_match_failure_action: <str; "discard">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
    neighbor_default_encapsulation_mpls_next_hop_self:
      source_interface: <str>
  address_family_vpn_ipv6:
    domain_identifier: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
    route:
      import_match_failure_action: <str; "discard">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
    neighbor_default_encapsulation_mpls_next_hop_self:
      source_interface: <str>
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # Route distinguisher.
      rd: <str>
      evpn_multicast: <bool>

      # Enable per-AF EVPN multicast settings.
      evpn_multicast_address_family:
        ipv4:

          # Enable EVPN multicast transit mode.
          transit: <bool>
      route_targets:
        import:
          - address_family: <str; required; unique>
            route_targets:
              - <str>

            # Only applicable if `address_family` is one of `evpn`, `vpn-ipv4` or `vpn-ipv6`.
            route_map: <str>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # Only applicable if `address_family` is one of `evpn`, `vpn-ipv4` or `vpn-ipv6`.
            rcf: <str>

            # RCF function name with parenthesis for filtering VPN routes. Also requires `rcf` to be set.
            # Example: MyFunction(myarg).
            # Only applicable if `address_family` is one of `vpn-ipv4` or `vpn-ipv6`.
            vpn_route_filter_rcf: <str>
        export:
          - address_family: <str; required; unique>
            route_targets:
              - <str>

            # Only applicable if `address_family` is one of `evpn`, `vpn-ipv4` or `vpn-ipv6`.
            route_map: <str>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # Only applicable if `address_family` is one of `evpn`, `vpn-ipv4` or `vpn-ipv6`.
            rcf: <str>

            # RCF function name with parenthesis for filtering VPN routes. Also requires `rcf` to be set.
            # Example: MyFunction(myarg).
            # Only applicable if `address_family` is one of `vpn-ipv4` or `vpn-ipv6`.
            vpn_route_filter_rcf: <str>

      # in IP address format A.B.C.D.
      router_id: <str>

      # BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>".
      timers: <str>
      networks:

          # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
        - prefix: <str; required; unique>
          route_map: <str>
      updates:

        # Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
        wait_for_convergence: <bool>

        # Do not advertise reachability to a prefix until that prefix has been installed in hardware.
        # This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
        wait_install: <bool>

      # Improved "listen_ranges" data model to support multiple listen ranges and additional filter capabilities.
      listen_ranges:

          # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
        - prefix: <str>

          # Include router ID as part of peer filter.
          peer_id_include_router_id: <bool>

          # Peer-group name.
          peer_group: <str>

          # Peer-filter name.
          # note: `peer_filter`` or `remote_as` is required but mutually exclusive.
          # If both are defined, peer_filter takes precedence.
          peer_filter: <str>

          # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
          # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          remote_as: <str>
      neighbors:
        - ip_address: <str; required; unique>

          # Peer-group name.
          peer_group: <str>

          # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
          # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          remote_as: <str>
          password: <str>
          passive: <bool>

          # Remove private AS numbers in outbound AS path.
          remove_private_as:
            enabled: <bool>
            all: <bool>
            replace_as: <bool>
          remove_private_as_ingress:
            enabled: <bool>
            replace_as: <bool>
          weight: <int; 0-65535>

          # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
          # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          local_as: <str>

          # BGP AS-PATH options.
          as_path:

            # Replace AS number with local AS number.
            remote_as_replace_out: <bool>

            # Disable prepending own AS number to AS path.
            prepend_own_disabled: <bool>
          description: <str>
          route_reflector_client: <bool>

          # Time-to-live in range of hops.
          ebgp_multihop: <int; 1-255>
          next_hop_self: <bool>
          shutdown: <bool>

          # Enable BFD.
          bfd: <bool>

          # Override default BFD timers. BFD must be enabled with `bfd: true`.
          bfd_timers:

            # Interval in milliseconds.
            interval: <int; 50-60000; required>

            # Rate in milliseconds.
            min_rx: <int; 50-60000; required>
            multiplier: <int; 3-50; required>

          # BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>".
          timers: <str>
          rib_in_pre_policy_retain:
            enabled: <bool>
            all: <bool>

          # 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'.
          send_community: <str>
          maximum_routes: <int>

          # Maximum number of routes after which a warning is issued (0 means never warn) or
          # Percentage of maximum number of routes at which to warn ("<1-100> percent").
          maximum_routes_warning_limit: <str>
          maximum_routes_warning_only: <bool>
          allowas_in:
            enabled: <bool>

            # Number of local ASNs allowed in a BGP update.
            times: <int; 1-10>
          default_originate:
            enabled: <bool>
            always: <bool>
            route_map: <str>
          update_source: <str>

          # Inbound route-map name.
          route_map_in: <str>

          # Outbound route-map name.
          route_map_out: <str>

          # Inbound prefix-list name.
          # This key is deprecated.
          # Support will be removed in AVD version 5.0.0.
          # Use <samp>router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_in or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_in</samp> instead.
          prefix_list_in: <str>

          # Outbound prefix-list name.
          # This key is deprecated.
          # Support will be removed in AVD version 5.0.0.
          # Use <samp>router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_out or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_out</samp> instead.
          prefix_list_out: <str>
      neighbor_interfaces:

          # Interface name.
        - name: <str; required; unique>

          # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
          # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          remote_as: <str>

          # Peer-group name.
          peer_group: <str>

          # Peer-filter name.
          peer_filter: <str>
          description: <str>
      redistribute_routes:
        - source_protocol: <str; required; unique>
          route_map: <str>
          include_leaked: <bool>

          # RCF function name with parenthesis.
          # Example: MyFunction(myarg).
          # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
          # Only applicable if `source_protocol` is one of `connected`, `dynamic`, `isis`, `static` and `user`.
          rcf: <str>
      aggregate_addresses:

          # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
        - prefix: <str; required; unique>
          advertise_only: <bool>
          as_set: <bool>

          # Route-map name.
          advertise_map: <str>

          # Route-map name.
          supress_map: <str>
          summary_only: <bool>
          attribute_map: <str>
          match_map: <str>
      address_family_ipv4:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
          additional_paths:
            install: <bool>
            install_ecmp_primary: <bool>
            receive: <bool>
            send:
              any: <bool>
              backup: <bool>
              ecmp: <bool>

              # Amount of ECMP paths to send.
              ecmp_limit: <int; 2-64>

              # Amount of paths to send.
              limit: <int; 2-64>
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>

            # Inbound route-map name.
            route_map_in: <str>

            # Outbound route-map name.
            route_map_out: <str>

            # Inbound RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            rcf_in: <str>

            # Outbound RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            rcf_out: <str>

            # Inbound prefix-list name.
            prefix_list_in: <str>

            # Outbound prefix-list name.
            prefix_list_out: <str>
            next_hop:
              address_family_ipv6:
                enabled: <bool; required>
                originate: <bool>
        networks:

            # IPv4 prefix "A.B.C.D/E".
          - prefix: <str; required; unique>
            route_map: <str>
        redistribute_routes:
          - source_protocol: <str; "attached-host" | "bgp" | "connected" | "dynamic" | "isis" | "ospf" | "ospfv3" | "rip" | "static" | "user"; required; unique>
            route_map: <str>
            include_leaked: <bool>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            # Only applicable if `source_protocol` is one of `connected`, `dynamic`, `isis`, `static` and `user`.
            rcf: <str>
      address_family_ipv6:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
          additional_paths:
            install: <bool>
            install_ecmp_primary: <bool>
            receive: <bool>
            send:
              any: <bool>
              backup: <bool>
              ecmp: <bool>

              # Amount of ECMP paths to send.
              ecmp_limit: <int; 2-64>

              # Amount of paths to send.
              limit: <int; 2-64>
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>

            # Inbound route-map name.
            route_map_in: <str>

            # Outbound route-map name.
            route_map_out: <str>

            # Inbound RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            rcf_in: <str>

            # Outbound RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            rcf_out: <str>

            # Inbound prefix-list name.
            prefix_list_in: <str>

            # Outbound prefix-list name.
            prefix_list_out: <str>
        networks:

            # IPv6 prefix "A:B:C:D:E:F:G:H/I".
          - prefix: <str; required; unique>
            route_map: <str>
        redistribute_routes:
          - source_protocol: <str; "attached-host" | "bgp" | "connected" | "dhcp" | "dynamic" | "isis" | "ospfv3" | "static" | "user"; required; unique>
            route_map: <str>
            include_leaked: <bool>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            # Only applicable if `source_protocol` is one of `connected`, `dynamic`, `isis`, `static` and `user`.
            rcf: <str>
      address_family_ipv4_multicast:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
          additional_paths:
            receive: <bool>
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>

            # Inbound route-map name.
            route_map_in: <str>

            # Outbound route-map name.
            route_map_out: <str>
        networks:

            # IPv6 prefix "A.B.C.D/E".
          - prefix: <str; required; unique>
            route_map: <str>
        redistribute_routes:
          - source_protocol: <str; "attached-host" | "connected" | "isis" | "ospf" | "ospfv3" | "static"; required; unique>
            route_map: <str>

            # Only applicable if `source_protocol` is `isis`.
            include_leaked: <bool>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            # Only applicable if `source_protocol` is `isis`.
            rcf: <str>
      address_family_ipv6_multicast:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
          additional_paths:
            receive: <bool>
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>

            # Inbound route-map name.
            route_map_in: <str>

            # Outbound route-map name.
            route_map_out: <str>
        networks:

            # IPv6 prefix "A:B:C:D:E:F:G:H/I".
          - prefix: <str; required; unique>
            route_map: <str>
        redistribute_routes:
          - source_protocol: <str; "connected" | "isis" | "ospf" | "ospfv3" | "static"; required; unique>
            route_map: <str>

            # Only applicable if `source_protocol` is `isis`.
            include_leaked: <bool>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            # Only applicable if `source_protocol` is `isis`.
            rcf: <str>
      address_family_flow_spec_ipv4:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>
      address_family_flow_spec_ipv6:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>address_family_*</samp> instead.
      address_families:
        - address_family: <str; required; unique>
          bgp:
            missing_policy:
              direction_in_action: <str; "deny" | "deny-in-out" | "permit">
              direction_out_action: <str; "deny" | "deny-in-out" | "permit">
            additional_paths:
              - <str>
          neighbors:
            - ip_address: <str; required; unique>
              activate: <bool>

              # Inbound route-map name.
              route_map_in: <str>

              # Outbound route-map name.
              route_map_out: <str>
          peer_groups:

              # Peer-group name.
            - name: <str; required; unique>
              activate: <bool>
              next_hop:
                address_family_ipv6_originate: <bool>
          networks:

              # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
            - prefix: <str; required; unique>
              route_map: <str>

      # Multiline EOS CLI rendered directly on the Router BGP, VRF definition in the final EOS configuration.
      eos_cli: <str>
  session_trackers:

      # Name of session tracker.
    - name: <str; required; unique>

      # Recovery delay in seconds.
      recovery_delay: <int; 1-3600>

  # Multiline EOS CLI rendered directly on the Router BGP in the final EOS configuration.
  eos_cli: <str>

Router general

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_general	Dictionary
router_id	Dictionary
ipv4	String				IPv4 Address.
ipv6	String				IPv6 Address.
nexthop_fast_failover	Boolean		False
vrfs	List, items: Dictionary
- name	String	Required, Unique			Destination-VRF.
leak_routes	List, items: Dictionary
- source_vrf	String
subscribe_policy	String				Route-Map Policy.
routes	Dictionary
dynamic_prefix_lists	List, items: Dictionary
- name	String				Dynamic Prefix List Name.
control_functions	Dictionary				Routing control functions (RCF) used to filter and update routes from a peer or during redistributions. Warning: This configuration cannot be pushed with eos_config_deploy_eapi, because of limitations in arista.eos and ansible.netcommon plugins. The configuration can be pushed via CloudVision with eos_config_deploy_cvp or cv_deploy.
code_units	List, items: Dictionary
- name	String	Required, Unique			Name of the code unit.
content	String	Required			Content of route control function. e.g. function ACCEPT_ALL() { return true; } EOF

router_general:
  router_id:

    # IPv4 Address.
    ipv4: <str>

    # IPv6 Address.
    ipv6: <str>
  nexthop_fast_failover: <bool; default=False>
  vrfs:

      # Destination-VRF.
    - name: <str; required; unique>
      leak_routes:
        - source_vrf: <str>

          # Route-Map Policy.
          subscribe_policy: <str>
      routes:
        dynamic_prefix_lists:

            # Dynamic Prefix List Name.
          - name: <str>

  # Routing control functions (RCF) used to filter and update routes from a peer or during redistributions.
  # Warning:
  # This configuration cannot be pushed with `eos_config_deploy_eapi`, because of limitations in `arista.eos` and `ansible.netcommon` plugins.
  # The configuration can be pushed via CloudVision with `eos_config_deploy_cvp` or `cv_deploy`.
  control_functions:
    code_units:

        # Name of the code unit.
      - name: <str; required; unique>

        # Content of route control function.
        # e.g.
        # function ACCEPT_ALL() {
        #   return true;
        #   }
        # EOF
        content: <str; required>

Router internet-exit

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_internet_exit	Dictionary				Internet-exit feature to configure internet bound service for virtual topologies.
policies	List, items: Dictionary				Internet-exit policy represent a policy which can be attached to a virtual topology profile.
- name	String	Required, Unique
exit_groups	List, items: Dictionary				The exit groups that are configured under a policy are strictly ordered, meaning an exit group appearing first has more priority than the exit group that follows it.
- name	String
exit_groups	List, items: Dictionary				Exit groups represent a group of exit options (connections). Traffic flows are load balanced in a round robin fashion across all the members (exits) of the exit-group.
- name	String	Required, Unique
fib_default	Boolean				Fib default exit indicates that the flows that select this exit will follow the default route available in the VRF of the flow.
local_connections	List, items: Dictionary				Local connections refer to connections configured under the router_service_insertion. The service-insertion module reports the health of the connection and the exit will qualify for use only when it is healthy.
- name	String

# Internet-exit feature to configure internet bound service for virtual topologies.
router_internet_exit:

  # Internet-exit policy represent a policy which can be attached to a virtual topology profile.
  policies:
    - name: <str; required; unique>

      # The exit groups that are configured under a policy are strictly ordered, meaning an exit group appearing first has more priority than the exit group that follows it.
      exit_groups:
        - name: <str>

  # Exit groups represent a group of exit options (connections).
  # Traffic flows are load balanced in a round robin fashion across all the members (exits) of the exit-group.
  exit_groups:
    - name: <str; required; unique>

      # Fib default exit indicates that the flows that select this exit will follow the default route available in the VRF of the flow.
      fib_default: <bool>

      # Local connections refer to connections configured under the `router_service_insertion`.
      # The service-insertion module reports the health of the connection and the exit will qualify for use only when it is healthy.
      local_connections:
        - name: <str>

Router ISIS

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_isis	Dictionary
instance	String	Required			ISIS Instance Name.
net	String				CLNS Address like “49.0001.0001.0000.0001.00”.
router_id	String				IPv4 Address.
is_type	String			Valid Values: - level-1 - level-1-2 - level-2
log_adjacency_changes	Boolean
mpls_ldp_sync_default	Boolean
timers	Dictionary
local_convergence	Dictionary
protected_prefixes	Boolean
delay	Integer		10000		Delay in milliseconds.
set_overload_bit	Dictionary
enabled	Boolean
on_startup	Dictionary
delay	Integer				Number of seconds.
wait_for_bgp	Dictionary
enabled	Boolean
timeout	Integer				Number of seconds.
authentication	Dictionary
both	Dictionary				Authentication settings for level-1 and level-2. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
key_type	String			Valid Values: - 0 - 7 - 8a	Configure authentication key type. Default key_id is 0.
key	String				Password string.
key_ids	List, items: Dictionary
- id	Integer	Required, Unique		Min: 1 Max: 65535	Configure authentication key-id.
algorithm	String	Required		Valid Values: - sha-1 - sha-224 - sha-256 - sha-384 - sha-512
key_type	String	Required		Valid Values: - 0 - 7 - 8a	Configure authentication key type.
key	String	Required			Password string.
rfc_5310	Boolean				SHA digest computation according to rfc5310.
mode	String			Valid Values: - md5 - sha - text - shared_secret	Authentication mode.
sha	Dictionary				Required settings for authentication mode ‘sha’.
key_id	Integer	Required		Min: 1 Max: 65535
shared_secret	Dictionary				Required settings for authentication mode ‘shared_secret’.
profile	String	Required
algorithm	String	Required		Valid Values: - md5 - sha-1 - sha-224 - sha-256 - sha-384 - sha-512
rx_disabled	Boolean
level_1	Dictionary				Authentication settings for level-1. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
key_type	String			Valid Values: - 0 - 7 - 8a	Configure authentication key type. Default key_id is 0.
key	String				Password string.
key_ids	List, items: Dictionary
- id	Integer	Required, Unique		Min: 1 Max: 65535	Configure authentication key-id.
algorithm	String	Required		Valid Values: - sha-1 - sha-224 - sha-256 - sha-384 - sha-512
key_type	String	Required		Valid Values: - 0 - 7 - 8a	Configure authentication key type.
key	String	Required			Password string.
rfc_5310	Boolean				SHA digest computation according to rfc5310.
mode	String			Valid Values: - md5 - sha - text - shared_secret	Authentication mode.
sha	Dictionary				Required settings for authentication mode ‘sha’.
key_id	Integer	Required		Min: 1 Max: 65535
shared_secret	Dictionary				Required settings for authentication mode ‘shared_secret’.
profile	String	Required
algorithm	String	Required		Valid Values: - md5 - sha-1 - sha-224 - sha-256 - sha-384 - sha-512
rx_disabled	Boolean
level_2	Dictionary				Authentication settings for level-2. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
key_type	String			Valid Values: - 0 - 7 - 8a	Configure authentication key type. Default key_id is 0.
key	String				Password string.
key_ids	List, items: Dictionary
- id	Integer	Required, Unique		Min: 1 Max: 65535	Configure authentication key-id.
algorithm	String	Required		Valid Values: - sha-1 - sha-224 - sha-256 - sha-384 - sha-512
key_type	String	Required		Valid Values: - 0 - 7 - 8a	Configure authentication key type.
key	String	Required			Password string.
rfc_5310	Boolean				SHA digest computation according to rfc5310.
mode	String			Valid Values: - md5 - sha - text - shared_secret	Authentication mode.
sha	Dictionary				Required settings for authentication mode ‘sha’.
key_id	Integer	Required		Min: 1 Max: 65535
shared_secret	Dictionary				Required settings for authentication mode ‘shared_secret’.
profile	String	Required
algorithm	String	Required		Valid Values: - md5 - sha-1 - sha-224 - sha-256 - sha-384 - sha-512
rx_disabled	Boolean
advertise	Dictionary
passive_only	Boolean
address_family	List, items: String
- <str> deprecated	String			Valid Values: - ipv4 - ipv6 - ipv4 unicast - ipv6 unicast	Address Family.This key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_ipv4.enabled or address_family_ipv6.enabled instead.
isis_af_defaults	List, items: String
- <str> deprecated	String				EOS CLI rendered under the address families. Example “maximum-paths 64” This key is deprecated. Support will be removed in AVD version 5.0.0. Use address_family_ipv4/address_family_ipv6 instead.
redistribute_routes	List, items: Dictionary
- source_protocol	String	Required		Valid Values: - bgp - connected - isis - ospf - ospfv3 - static
route_map	String				Route-map name.
include_leaked	Boolean
ospf_route_type	String			Valid Values: - external - internal - nssa-external	ospf_route_type is required with source_protocols ‘ospf’ and ‘ospfv3’.
address_family_ipv4	Dictionary
enabled	Boolean
maximum_paths	Integer			Min: 1 Max: 128
bfd_all_interfaces	Boolean				Enable BFD on all interfaces.
fast_reroute_ti_lfa	Dictionary
mode	String			Valid Values: - link-protection - node-protection
level	String			Valid Values: - level-1 - level-2
srlg	Dictionary				Shared Risk Link Group.
enable	Boolean
strict	Boolean
tunnel_source_labeled_unicast	Dictionary
enabled	Boolean
rcf	String				Route Control Function.
address_family_ipv6	Dictionary
enabled	Boolean
maximum_paths	Integer			Min: 1 Max: 128
bfd_all_interfaces	Boolean				Enable BFD on all interfaces.
fast_reroute_ti_lfa	Dictionary
mode	String			Valid Values: - link-protection - node-protection
level	String			Valid Values: - level-1 - level-2	Optional, default is to protect all levels.
srlg	Dictionary				Shared Risk Link Group.
enable	Boolean
strict	Boolean
segment_routing_mpls	Dictionary
enabled	Boolean
router_id	String
prefix_segments	List, items: Dictionary
- prefix	String
index	Integer
spf_interval	Dictionary
interval	Integer				Maximum interval between two SPFs in seconds or milliseconds. Range in seconds: <1-300> Range in milliseconds: <1-300000>
interval_unit	String			Valid Values: - seconds - milliseconds	If interval unit is not defined EOS takes seconds by default.
wait_interval	Integer			Min: 1 Max: 300000	Initial wait interval for SPF in milliseconds.
hold_interval	Integer			Min: 1 Max: 300000	Hold interval between the first and second SPF runs in milliseconds.
graceful_restart	Dictionary
enabled	Boolean
restart_hold_time	Integer			Min: 5 Max: 300	Number of seconds.
t2	Dictionary
level_1_wait_time	Integer			Min: 5 Max: 300	Level-1 LSP database sync wait time in seconds.
level_2_wait_time	Integer			Min: 5 Max: 300	Level-2 LSP database sync wait time in seconds.
eos_cli	String				Multiline EOS CLI rendered directly on the router isis in the final EOS configuration.

router_isis:

  # ISIS Instance Name.
  instance: <str; required>

  # CLNS Address like "49.0001.0001.0000.0001.00".
  net: <str>

  # IPv4 Address.
  router_id: <str>
  is_type: <str; "level-1" | "level-1-2" | "level-2">
  log_adjacency_changes: <bool>
  mpls_ldp_sync_default: <bool>
  timers:
    local_convergence:
      protected_prefixes: <bool>

      # Delay in milliseconds.
      delay: <int; default=10000>
  set_overload_bit:
    enabled: <bool>
    on_startup:

      # Number of seconds.
      delay: <int>
      wait_for_bgp:
        enabled: <bool>

        # Number of seconds.
        timeout: <int>
  authentication:

    # Authentication settings for level-1 and level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
    both:

      # Configure authentication key type. Default key_id is 0.
      key_type: <str; "0" | "7" | "8a">

      # Password string.
      key: <str>
      key_ids:

          # Configure authentication key-id.
        - id: <int; 1-65535; required; unique>
          algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

          # Configure authentication key type.
          key_type: <str; "0" | "7" | "8a"; required>

          # Password string.
          key: <str; required>

          # SHA digest computation according to rfc5310.
          rfc_5310: <bool>

      # Authentication mode.
      mode: <str; "md5" | "sha" | "text" | "shared_secret">

      # Required settings for authentication mode 'sha'.
      sha:
        key_id: <int; 1-65535; required>

      # Required settings for authentication mode 'shared_secret'.
      shared_secret:
        profile: <str; required>
        algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
      rx_disabled: <bool>

    # Authentication settings for level-1. 'both' takes precedence over 'level_1' and 'level_2' settings.
    level_1:

      # Configure authentication key type. Default key_id is 0.
      key_type: <str; "0" | "7" | "8a">

      # Password string.
      key: <str>
      key_ids:

          # Configure authentication key-id.
        - id: <int; 1-65535; required; unique>
          algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

          # Configure authentication key type.
          key_type: <str; "0" | "7" | "8a"; required>

          # Password string.
          key: <str; required>

          # SHA digest computation according to rfc5310.
          rfc_5310: <bool>

      # Authentication mode.
      mode: <str; "md5" | "sha" | "text" | "shared_secret">

      # Required settings for authentication mode 'sha'.
      sha:
        key_id: <int; 1-65535; required>

      # Required settings for authentication mode 'shared_secret'.
      shared_secret:
        profile: <str; required>
        algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
      rx_disabled: <bool>

    # Authentication settings for level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
    level_2:

      # Configure authentication key type. Default key_id is 0.
      key_type: <str; "0" | "7" | "8a">

      # Password string.
      key: <str>
      key_ids:

          # Configure authentication key-id.
        - id: <int; 1-65535; required; unique>
          algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

          # Configure authentication key type.
          key_type: <str; "0" | "7" | "8a"; required>

          # Password string.
          key: <str; required>

          # SHA digest computation according to rfc5310.
          rfc_5310: <bool>

      # Authentication mode.
      mode: <str; "md5" | "sha" | "text" | "shared_secret">

      # Required settings for authentication mode 'sha'.
      sha:
        key_id: <int; 1-65535; required>

      # Required settings for authentication mode 'shared_secret'.
      shared_secret:
        profile: <str; required>
        algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
      rx_disabled: <bool>
  advertise:
    passive_only: <bool>
  address_family:

      # Address Family.
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>address_family_ipv4.enabled or address_family_ipv6.enabled</samp> instead.
    - <str; "ipv4" | "ipv6" | "ipv4 unicast" | "ipv6 unicast">
  isis_af_defaults:

      # EOS CLI rendered under the address families.
      # Example "maximum-paths 64"
      # This key is deprecated.
      # Support will be removed in AVD version 5.0.0.
      # Use <samp>address_family_ipv4/address_family_ipv6</samp> instead.
    - <str>
  redistribute_routes:
    - source_protocol: <str; "bgp" | "connected" | "isis" | "ospf" | "ospfv3" | "static"; required>

      # Route-map name.
      route_map: <str>
      include_leaked: <bool>

      # ospf_route_type is required with source_protocols 'ospf' and 'ospfv3'.
      ospf_route_type: <str; "external" | "internal" | "nssa-external">
  address_family_ipv4:
    enabled: <bool>
    maximum_paths: <int; 1-128>

    # Enable BFD on all interfaces.
    bfd_all_interfaces: <bool>
    fast_reroute_ti_lfa:
      mode: <str; "link-protection" | "node-protection">
      level: <str; "level-1" | "level-2">

      # Shared Risk Link Group.
      srlg:
        enable: <bool>
        strict: <bool>
    tunnel_source_labeled_unicast:
      enabled: <bool>

      # Route Control Function.
      rcf: <str>
  address_family_ipv6:
    enabled: <bool>
    maximum_paths: <int; 1-128>

    # Enable BFD on all interfaces.
    bfd_all_interfaces: <bool>
    fast_reroute_ti_lfa:
      mode: <str; "link-protection" | "node-protection">

      # Optional, default is to protect all levels.
      level: <str; "level-1" | "level-2">

      # Shared Risk Link Group.
      srlg:
        enable: <bool>
        strict: <bool>
  segment_routing_mpls:
    enabled: <bool>
    router_id: <str>
    prefix_segments:
      - prefix: <str>
        index: <int>
  spf_interval:

    # Maximum interval between two SPFs in seconds or milliseconds.
    # Range in seconds: <1-300>
    # Range in milliseconds: <1-300000>
    interval: <int>

    # If interval unit is not defined EOS takes `seconds` by default.
    interval_unit: <str; "seconds" | "milliseconds">

    # Initial wait interval for SPF in milliseconds.
    wait_interval: <int; 1-300000>

    # Hold interval between the first and second SPF runs in milliseconds.
    hold_interval: <int; 1-300000>
  graceful_restart:
    enabled: <bool>

    # Number of seconds.
    restart_hold_time: <int; 5-300>
    t2:

      # Level-1 LSP database sync wait time in seconds.
      level_1_wait_time: <int; 5-300>

      # Level-2 LSP database sync wait time in seconds.
      level_2_wait_time: <int; 5-300>

  # Multiline EOS CLI rendered directly on the router isis in the final EOS configuration.
  eos_cli: <str>

Router L2 VPN

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_l2_vpn	Dictionary
arp_learning_bridged	Boolean
arp_proxy	Dictionary
prefix_list	String				Prefix-list name. ARP Proxying is disabled for IPv4 addresses defined in the prefix-list.
arp_selective_install	Boolean
nd_learning_bridged	Boolean
nd_proxy	Dictionary
prefix_list	String				Prefix-list name. Neighbor Discovery Proxying is disabled for IPv6 addresses defined in the prefix-list.
nd_rs_flooding_disabled	Boolean
virtual_router_nd_ra_flooding_disabled	Boolean

router_l2_vpn:
  arp_learning_bridged: <bool>
  arp_proxy:

    # Prefix-list name. ARP Proxying is disabled for IPv4 addresses defined in the prefix-list.
    prefix_list: <str>
  arp_selective_install: <bool>
  nd_learning_bridged: <bool>
  nd_proxy:

    # Prefix-list name. Neighbor Discovery Proxying is disabled for IPv6 addresses defined in the prefix-list.
    prefix_list: <str>
  nd_rs_flooding_disabled: <bool>
  virtual_router_nd_ra_flooding_disabled: <bool>

Router OSPF

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_ospf	Dictionary
process_ids	List, items: Dictionary
- id	Integer	Required, Unique			OSPF Process ID.
vrf	String				VRF Name for OSPF Process.
passive_interface_default	Boolean
router_id	String				IPv4 Address.
distance	Dictionary
external	Integer			Min: 1 Max: 255
inter_area	Integer			Min: 1 Max: 255
intra_area	Integer			Min: 1 Max: 255
log_adjacency_changes_detail	Boolean
network_prefixes	List, items: Dictionary
- ipv4_prefix	String	Required, Unique
area	String
bfd_enable	Boolean
bfd_adjacency_state_any	Boolean
no_passive_interfaces	List, items: String
- <str>	String				Interface Name.
distribute_list_in	Dictionary
route_map	String
max_lsa	Integer
timers	Dictionary
lsa	Dictionary
rx_min_interval	Integer			Min: 0 Max: 600000	Min interval in msecs between accepting the same LSA.
tx_delay	Dictionary
initial	Integer			Min: 0 Max: 600000	Delay to generate first occurrence of LSA in msecs.
min	Integer			Min: 1 Max: 600000	Min delay between originating the same LSA in msecs.
max	Integer			Min: 1 Max: 600000	1-600000 Maximum delay between originating the same LSA in msec.
spf_delay	Dictionary
initial	Integer			Min: 0 Max: 600000	Initial SPF schedule delay in msecs.
min	Integer			Min: 0 Max: 65535000	Min Hold time between two SPFs in msecs.
max	Integer			Min: 0 Max: 65535000	Max wait time between two SPFs in msecs.
default_information_originate	Dictionary
always	Boolean
metric	Integer			Min: 1 Max: 65535	Metric for default route.
metric_type	Integer			Valid Values: - 1 - 2	OSPF metric type for default route.
summary_addresses	List, items: Dictionary
- prefix	String	Required, Unique			Summary Prefix Address.
tag	Integer
attribute_map	String
not_advertise	Boolean
redistribute	Dictionary
static	Dictionary
route_map	String				Route Map Name.
include_leaked	Boolean
connected	Dictionary
route_map	String				Route Map Name.
include_leaked	Boolean
bgp	Dictionary
route_map	String				Route Map Name.
include_leaked	Boolean
auto_cost_reference_bandwidth	Integer				Bandwidth in mbps.
areas	List, items: Dictionary
- id	String	Required, Unique
filter	Dictionary
networks	List, items: String
- <str>	String				IPv4 Prefix.
prefix_list	String				Prefix-List Name.
type	String		normal	Valid Values: - normal - stub - nssa
no_summary	Boolean
nssa_only	Boolean
default_information_originate	Dictionary
metric	Integer			Min: 1 Max: 65535	Metric for default route.
metric_type	Integer			Valid Values: - 1 - 2	OSPF metric type for default route.
maximum_paths	Integer			Min: 1 Max: 128
max_metric	Dictionary
router_lsa	Dictionary
external_lsa	Dictionary
override_metric	Integer			Min: 1 Max: 16777215
include_stub	Boolean
on_startup	String				“wait-for-bgp” or Integer 5-86400. Example: “wait-for-bgp” Or “222”
summary_lsa	Dictionary
override_metric	Integer			Min: 1 Max: 16777215
mpls_ldp_sync_default	Boolean
eos_cli	String				Multiline EOS CLI rendered directly on the Router OSPF process ID in the final EOS configuration.

router_ospf:
  process_ids:

      # OSPF Process ID.
    - id: <int; required; unique>

      # VRF Name for OSPF Process.
      vrf: <str>
      passive_interface_default: <bool>

      # IPv4 Address.
      router_id: <str>
      distance:
        external: <int; 1-255>
        inter_area: <int; 1-255>
        intra_area: <int; 1-255>
      log_adjacency_changes_detail: <bool>
      network_prefixes:
        - ipv4_prefix: <str; required; unique>
          area: <str>
      bfd_enable: <bool>
      bfd_adjacency_state_any: <bool>
      no_passive_interfaces:

          # Interface Name.
        - <str>
      distribute_list_in:
        route_map: <str>
      max_lsa: <int>
      timers:
        lsa:

          # Min interval in msecs between accepting the same LSA.
          rx_min_interval: <int; 0-600000>
          tx_delay:

            # Delay to generate first occurrence of LSA in msecs.
            initial: <int; 0-600000>

            # Min delay between originating the same LSA in msecs.
            min: <int; 1-600000>

            # 1-600000 Maximum delay between originating the same LSA in msec.
            max: <int; 1-600000>
        spf_delay:

          # Initial SPF schedule delay in msecs.
          initial: <int; 0-600000>

          # Min Hold time between two SPFs in msecs.
          min: <int; 0-65535000>

          # Max wait time between two SPFs in msecs.
          max: <int; 0-65535000>
      default_information_originate:
        always: <bool>

        # Metric for default route.
        metric: <int; 1-65535>

        # OSPF metric type for default route.
        metric_type: <int; 1 | 2>
      summary_addresses:

          # Summary Prefix Address.
        - prefix: <str; required; unique>
          tag: <int>
          attribute_map: <str>
          not_advertise: <bool>
      redistribute:
        static:

          # Route Map Name.
          route_map: <str>
          include_leaked: <bool>
        connected:

          # Route Map Name.
          route_map: <str>
          include_leaked: <bool>
        bgp:

          # Route Map Name.
          route_map: <str>
          include_leaked: <bool>

      # Bandwidth in mbps.
      auto_cost_reference_bandwidth: <int>
      areas:
        - id: <str; required; unique>
          filter:
            networks:

                # IPv4 Prefix.
              - <str>

            # Prefix-List Name.
            prefix_list: <str>
          type: <str; "normal" | "stub" | "nssa"; default="normal">
          no_summary: <bool>
          nssa_only: <bool>
          default_information_originate:

            # Metric for default route.
            metric: <int; 1-65535>

            # OSPF metric type for default route.
            metric_type: <int; 1 | 2>
      maximum_paths: <int; 1-128>
      max_metric:
        router_lsa:
          external_lsa:
            override_metric: <int; 1-16777215>
          include_stub: <bool>

          # "wait-for-bgp" or Integer 5-86400.
          # Example: "wait-for-bgp" Or "222"
          on_startup: <str>
          summary_lsa:
            override_metric: <int; 1-16777215>
      mpls_ldp_sync_default: <bool>

      # Multiline EOS CLI rendered directly on the Router OSPF process ID in the final EOS configuration.
      eos_cli: <str>

Router path selection

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_path_selection	Dictionary				Dynamic path selection configuration.
peer_dynamic_source	String			Valid Values: - stun	Source of dynamic peer discovery.
path_groups	List, items: Dictionary
- name	String	Required, Unique			Path group name.
id	Integer			Min: 1 Max: 65535	Path group ID.
ipsec_profile	String				IPSec profile for the path group.
flow_assignment	String			Valid Values: - lan	Flow assignment lan can not be configured in a path group with dynamic peers.
local_interfaces	List, items: Dictionary
- name	String	Required, Unique		Pattern: ^Ethernet\d+(/\d+)*(.\d+)?$	Local interface name.
public_address	String				Public IP assigned by NAT.
stun	Dictionary
server_profiles	List, items: String	Required		Min Length: 1 Max Length: 12	STUN server-profile names.
- <str>	String
local_ips	List, items: Dictionary
- ip_address	String	Required, Unique
public_address	String				Public IP assigned by NAT.
stun	Dictionary
server_profiles	List, items: String	Required		Min Length: 1 Max Length: 12	STUN server-profile names.
- <str>	String
dynamic_peers	Dictionary				Flow assignment lan can not be configured in a path group with dynamic peers.
enabled	Boolean				Enable peer dynamic.
ip_local	Boolean				Prefer local IP address.
ipsec	Boolean				IPsec configuration for dynamic peers.
static_peers	List, items: Dictionary
- router_ip	String	Required, Unique			Peer router IP.
name	String				Name of the site.
ipv4_addresses	List, items: String				Static IPv4 addresses.
- <str>	String
keepalive	Dictionary
auto	Boolean		False		Enable adaptive keepalive and feedback interval.
interval	Integer			Min: 50 Max: 60000	Interval in milliseconds.
failure_threshold	Integer			Min: 2 Max: 100	Failure threshold in number of intervals. Required when interval is set.
load_balance_policies	List, items: Dictionary
- name	String	Required, Unique			Load-balance policy name.
lowest_hop_count	Boolean				Prefer paths with lowest hop-count.
jitter	Integer			Min: 0 Max: 10000	Jitter requirement for this load balance policy in milliseconds.
latency	Integer			Min: 0 Max: 10000	One way delay requirement for this load balance policy in milliseconds.
loss_rate	String			Pattern: ^\d+(.\d{1,2})?$	Loss Rate requirement in percentage for this load balance policy. Value between 0.00 and 100.00.
path_groups	List, items: Dictionary				List of path-groups to use for this load balance policy.
- name	String	Required, Unique			Path-group name.
priority	Integer			Min: 1 Max: 65535	Priority for this path-group. The EOS default value is 1.
policies	List, items: Dictionary
- name	String	Required, Unique			DPS policy name.
default_match	Dictionary
load_balance	String				Name of the load-balance policy.
rules	List, items: Dictionary
- id	Integer	Required, Unique		Min: 1 Max: 255	Rule ID.
application_profile	String	Required
load_balance	String				Name of the load-balance policy.
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF name.
path_selection_policy	String				DPS policy name to use for this VRF.
tcp_mss_ceiling	Dictionary
ipv4_segment_size	String				Segment Size for IPv4. Can be an integer in the range 64-65515 or “auto”. “auto” will enable auto-discovery which clamps the TCP MSS value to the minimum of all the direct paths and multi-hop path MTU towards a remote VTEP (minus 40bytes to account for IP + TCP header).
direction	String		ingress	Valid Values: - ingress	Enforce on packets through DPS tunnel for a specific direction. Only ‘ingress’ direction is supported.

# Dynamic path selection configuration.
router_path_selection:

  # Source of dynamic peer discovery.
  peer_dynamic_source: <str; "stun">
  path_groups:

      # Path group name.
    - name: <str; required; unique>

      # Path group ID.
      id: <int; 1-65535>

      # IPSec profile for the path group.
      ipsec_profile: <str>

      # Flow assignment `lan` can not be configured in a path group with dynamic peers.
      flow_assignment: <str; "lan">
      local_interfaces:

          # Local interface name.
        - name: <str; required; unique>

          # Public IP assigned by NAT.
          public_address: <str>
          stun:

            # STUN server-profile names.
            server_profiles: # 1-12 items; required
              - <str>
      local_ips:
        - ip_address: <str; required; unique>

          # Public IP assigned by NAT.
          public_address: <str>
          stun:

            # STUN server-profile names.
            server_profiles: # 1-12 items; required
              - <str>

      # Flow assignment `lan` can not be configured in a path group with dynamic peers.
      dynamic_peers:

        # Enable `peer dynamic`.
        enabled: <bool>

        # Prefer local IP address.
        ip_local: <bool>

        # IPsec configuration for dynamic peers.
        ipsec: <bool>
      static_peers:

          # Peer router IP.
        - router_ip: <str; required; unique>

          # Name of the site.
          name: <str>

          # Static IPv4 addresses.
          ipv4_addresses:
            - <str>
      keepalive:

        # Enable adaptive keepalive and feedback interval.
        auto: <bool; default=False>

        # Interval in milliseconds.
        interval: <int; 50-60000>

        # Failure threshold in number of intervals. Required when `interval` is set.
        failure_threshold: <int; 2-100>
  load_balance_policies:

      # Load-balance policy name.
    - name: <str; required; unique>

      # Prefer paths with lowest hop-count.
      lowest_hop_count: <bool>

      # Jitter requirement for this load balance policy in milliseconds.
      jitter: <int; 0-10000>

      # One way delay requirement for this load balance policy in milliseconds.
      latency: <int; 0-10000>

      # Loss Rate requirement in percentage for this load balance policy.
      # Value between 0.00 and 100.00.
      loss_rate: <str>

      # List of path-groups to use for this load balance policy.
      path_groups:

          # Path-group name.
        - name: <str; required; unique>

          # Priority for this path-group.
          # The EOS default value is 1.
          priority: <int; 1-65535>
  policies:

      # DPS policy name.
    - name: <str; required; unique>
      default_match:

        # Name of the load-balance policy.
        load_balance: <str>
      rules:

          # Rule ID.
        - id: <int; 1-255; required; unique>
          application_profile: <str; required>

          # Name of the load-balance policy.
          load_balance: <str>
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # DPS policy name to use for this VRF.
      path_selection_policy: <str>
  tcp_mss_ceiling:

    # Segment Size for IPv4.
    # Can be an integer in the range 64-65515 or "auto".
    # "auto" will enable auto-discovery which clamps the TCP MSS value to the minimum of all the direct paths
    # and multi-hop path MTU towards a remote VTEP (minus 40bytes to account for IP + TCP header).
    ipv4_segment_size: <str>

    # Enforce on packets through DPS tunnel for a specific direction.
    # Only 'ingress' direction is supported.
    direction: <str; "ingress"; default="ingress">

Router service-insertion

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_service_insertion	Dictionary				Configure network services inserted to data forwarding.
enabled	Boolean
connections	List, items: Dictionary
- name	String	Required, Unique			Connection name.
ethernet_interface	Dictionary				Outgoing physical interface or subinterface to use for the connection. If both ethernet_interface and tunnel_interface are configured, ethernet_interface will be used.
name	String	Required			e.g. Ethernet2 or Ethernet2/2.2
next_hop	String	Required			Next-hop IPv4 address (without mask).
tunnel_interface	Dictionary				Outgoing tunnel interface(s) to use for this connection. If both ethernet_interface and tunnel_interface are configured, ethernet_interface will be used.
primary	String				e.g. Tunnel2
secondary	String				e.g. Tunnel3
monitor_connectivity_host	String				Name of the host defined under monitor_connectivity.hosts used to derive the health of the connection.

# Configure network services inserted to data forwarding.
router_service_insertion:
  enabled: <bool>
  connections:

      # Connection name.
    - name: <str; required; unique>

      # Outgoing physical interface or subinterface to use for the connection.
      # If both `ethernet_interface` and `tunnel_interface` are configured, `ethernet_interface` will be used.
      ethernet_interface:

        # e.g. Ethernet2 or Ethernet2/2.2
        name: <str; required>

        # Next-hop IPv4 address (without mask).
        next_hop: <str; required>

      # Outgoing tunnel interface(s) to use for this connection.
      # If both `ethernet_interface` and `tunnel_interface` are configured, `ethernet_interface` will be used.
      tunnel_interface:

        # e.g. Tunnel2
        primary: <str>

        # e.g. Tunnel3
        secondary: <str>

      # Name of the host defined under `monitor_connectivity.hosts` used to derive the health of the connection.
      monitor_connectivity_host: <str>

Router traffic engineering

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_traffic_engineering	Dictionary
enabled	Boolean
router_id	Dictionary
ipv4	String
ipv6	String
segment_routing	Dictionary
colored_tunnel_rib	Boolean
policy_endpoints	List, items: Dictionary
- address	String				IPv4 or IPv6 address.
colors	List, items: Dictionary
- value	Integer	Required, Unique
binding_sid	Integer
description	String
name	String
sbfd_remote_discriminator	String				IPv4 address or 32 bit integer.
path_group	List, items: Dictionary
- preference	Integer
explicit_null	String			Valid Values: - ipv4 - ipv6 - ipv4 ipv6 - none
segment_list	List, items: Dictionary
- label_stack	String				Label Stack as string. Example: “100 2000 30”
weight	Integer
index	Integer

router_traffic_engineering:
  enabled: <bool>
  router_id:
    ipv4: <str>
    ipv6: <str>
  segment_routing:
    colored_tunnel_rib: <bool>
    policy_endpoints:

        # IPv4 or IPv6 address.
      - address: <str>
        colors:
          - value: <int; required; unique>
            binding_sid: <int>
            description: <str>
            name: <str>

            # IPv4 address or 32 bit integer.
            sbfd_remote_discriminator: <str>
            path_group:
              - preference: <int>
                explicit_null: <str; "ipv4" | "ipv6" | "ipv4 ipv6" | "none">
                segment_list:

                    # Label Stack as string.
                    # Example: "100 2000 30"
                  - label_stack: <str>
                    weight: <int>
                    index: <int>

Service routing configuration bgp

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
service_routing_configuration_bgp	Dictionary
no_equals_default	Boolean

service_routing_configuration_bgp:
  no_equals_default: <bool>

Service routing protocols model

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
service_routing_protocols_model	String			Valid Values: - multi-agent - ribd

service_routing_protocols_model: <str; "multi-agent" | "ribd">

Static routes

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
static_routes	List, items: Dictionary
- vrf	String				VRF Name.
destination_address_prefix	String				IPv4_network/Mask.
interface	String
gateway	String				IPv4 Address.
track_bfd	Boolean				Track next-hop using BFD.
distance	Integer			Min: 1 Max: 255
tag	Integer			Min: 0 Max: 4294967295
name	String				Description.
metric	Integer			Min: 0 Max: 4294967295

static_routes:

    # VRF Name.
  - vrf: <str>

    # IPv4_network/Mask.
    destination_address_prefix: <str>
    interface: <str>

    # IPv4 Address.
    gateway: <str>

    # Track next-hop using BFD.
    track_bfd: <bool>
    distance: <int; 1-255>
    tag: <int; 0-4294967295>

    # Description.
    name: <str>
    metric: <int; 0-4294967295>

STUN

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
stun	Dictionary				STUN configuration.
client	Dictionary				STUN client settings.
server_profiles	List, items: Dictionary				List of server profiles for the client.
- name	String	Required, Unique
ip_address	String
ssl_profile	String				SSL profile name.
port	Integer			Min: 1 Max: 65535	Destination port for the request STUN server (default - 3478).
server	Dictionary				STUN server settings.
local_interface deprecated	String				This key is deprecated. Support will be removed in AVD version v5.0.0. Use local_interfaces instead.
local_interfaces	List, items: String			Min Length: 1
- <str>	String
bindings_timeout	Integer			Min: 10 Max: 7200	Timeout for bindings stored on STUN server in seconds.
ssl_profile	String				SSL profile name.
ssl_connection_lifetime	Dictionary				SSL connection lifetime in minutes or hours. If both are specified, minutes is given higher precedence.
minutes	Integer			Min: 1 Max: 1440	SSL connection lifetime in minutes (default - 120).
hours	Integer			Min: 1 Max: 24	SSL connection lifetime in hours (default - 2).
port	Integer			Min: 1 Max: 65535	Listening port for STUN server (default - 3478).

# STUN configuration.
stun:

  # STUN client settings.
  client:

    # List of server profiles for the client.
    server_profiles:
      - name: <str; required; unique>
        ip_address: <str>

        # SSL profile name.
        ssl_profile: <str>

        # Destination port for the request STUN server (default - 3478).
        port: <int; 1-65535>

  # STUN server settings.
  server:
    # This key is deprecated.
    # Support will be removed in AVD version v5.0.0.
    # Use <samp>local_interfaces</samp> instead.
    local_interface: <str>
    local_interfaces: # >=1 items
      - <str>

    # Timeout for bindings stored on STUN server in seconds.
    bindings_timeout: <int; 10-7200>

    # SSL profile name.
    ssl_profile: <str>

    # SSL connection lifetime in minutes or hours.
    # If both are specified, minutes is given higher precedence.
    ssl_connection_lifetime:

      # SSL connection lifetime in minutes (default - 120).
      minutes: <int; 1-1440>

      # SSL connection lifetime in hours (default - 2).
      hours: <int; 1-24>

    # Listening port for STUN server (default - 3478).
    port: <int; 1-65535>

VRFs

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
vrfs	List, items: Dictionary				These keys are ignored if the name of the vrf is ‘default’.
- name	String	Required, Unique			VRF Name.
description	String
ip_routing	Boolean
ipv6_routing	Boolean
ip_routing_ipv6_interfaces	Boolean
tenant	String				Key only used for documentation or validation purposes.

# These keys are ignored if the name of the vrf is 'default'.
vrfs:

    # VRF Name.
  - name: <str; required; unique>
    description: <str>
    ip_routing: <bool>
    ipv6_routing: <bool>
    ip_routing_ipv6_interfaces: <bool>

    # Key only used for documentation or validation purposes.
    tenant: <str>

Security

IP Security

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_security	Dictionary
ike_policies	List, items: Dictionary				Internet Security Association and Key Mgmt Protocol.
- name	String	Required, Unique			Policy name.
local_id	String				Local IKE identification. Can be an IPv4 or an IPv6 address. If both local_id and local_id_fqdn are set, local_id_fqdn takes precedence.
local_id_fqdn	String				Local FQDN or UFQDN IKE identification. If both local_id and local_id_fqdn are set, local_id_fqdn takes precedence.
ike_lifetime	Integer			Min: 1 Max: 24	IKE lifetime in hours.
encryption	String			Valid Values: - 3des - aes128 - aes256	IKE encryption algorithm.
dh_group	Integer			Valid Values: - 1 - 2 - 5 - 14 - 15 - 16 - 17 - 20 - 21 - 24	Diffie-Hellman group for the key exchange.
sa_policies	List, items: Dictionary				Security Association policies.
- name	String	Required, Unique			Name of the SA policy. The “null” value is deprecated and will be removed in AVD 5.0.0.
sa_lifetime	Dictionary
value	Integer				Lifetime value for this SA. Valid range depends on the unit. <1-24> Lifetime in hours ( default ) <1-4000000> Packet limit in thousands <1-6000> Byte limit in GB ( 1024 MB ) <1-6144000> Byte limit in MB ( 1024 KB )
unit	String		hours	Valid Values: - gigabytes - hours - megabytes - thousand-packets
esp	Dictionary
integrity	String			Valid Values: - disabled - sha1 - sha256 - null
encryption	String			Valid Values: - disabled - aes128 - aes128gcm128 - aes128gcm64 - aes256 - aes256gcm128 - null
pfs_dh_group	Integer			Valid Values: - 1 - 2 - 5 - 14 - 15 - 16 - 17 - 20 - 21 - 24
profiles	List, items: Dictionary				IPSec profiles.
- name	String	Required, Unique			Name of the IPsec profile.
ike_policy	String				Name of the IKE policy to use in this profile.
sa_policy	String				Name of the Security Association to use in this profile.
connection	String			Valid Values: - add - start - route	IPsec connection (Initiator/Responder/Dynamic).
shared_key	String				Encrypted password - only type 7 supported.
dpd	Dictionary				Dead Peer Detection.
interval	Integer	Required		Min: 2 Max: 3600	Interval (in seconds) between keep-alive messages.
time	Integer	Required		Min: 10 Max: 3600	Time (in seconds) after which the action is applied.
action	String	Required		Valid Values: - clear - hold - restart	Action to apply. * ‘clear’: Delete all connections * ‘hold’: Re-negotiate connection on demand * ‘restart’: Restart connection immediately
mode	String			Valid Values: - transport - tunnel	Ipsec mode type.
flow_parallelization_encapsulation_udp	Boolean				Enable flow parallelization. When enabled, multiple cores are used to parallelize the IPsec encryption and decryption processing.
key_controller	Dictionary
profile	String				IPsec profile name to use.
hardware_encryption_disabled	Boolean		False		Disable hardware encryption. An SFE restart is needed for this change to take effect.

ip_security:

  # Internet Security Association and Key Mgmt Protocol.
  ike_policies:

      # Policy name.
    - name: <str; required; unique>

      # Local IKE identification.
      # Can be an IPv4 or an IPv6 address.
      # If both `local_id` and `local_id_fqdn` are set, `local_id_fqdn` takes precedence.
      local_id: <str>

      # Local FQDN or UFQDN IKE identification.
      # If both `local_id` and `local_id_fqdn` are set, `local_id_fqdn` takes precedence.
      local_id_fqdn: <str>

      # IKE lifetime in hours.
      ike_lifetime: <int; 1-24>

      # IKE encryption algorithm.
      encryption: <str; "3des" | "aes128" | "aes256">

      # Diffie-Hellman group for the key exchange.
      dh_group: <int; 1 | 2 | 5 | 14 | 15 | 16 | 17 | 20 | 21 | 24>

  # Security Association policies.
  sa_policies:

      # Name of the SA policy. The "null" value is deprecated and will be removed in AVD 5.0.0.
    - name: <str; required; unique>
      sa_lifetime:

        # Lifetime value for this SA.
        # Valid range depends on the unit.
        # <1-24>       Lifetime in hours ( default )
        # <1-4000000>  Packet limit in thousands
        # <1-6000>     Byte limit in GB ( 1024 MB )
        # <1-6144000>  Byte limit in MB ( 1024 KB )
        value: <int>
        unit: <str; "gigabytes" | "hours" | "megabytes" | "thousand-packets"; default="hours">
      esp:
        integrity: <str; "disabled" | "sha1" | "sha256" | "null">
        encryption: <str; "disabled" | "aes128" | "aes128gcm128" | "aes128gcm64" | "aes256" | "aes256gcm128" | "null">
      pfs_dh_group: <int; 1 | 2 | 5 | 14 | 15 | 16 | 17 | 20 | 21 | 24>

  # IPSec profiles.
  profiles:

      # Name of the IPsec profile.
    - name: <str; required; unique>

      # Name of the IKE policy to use in this profile.
      ike_policy: <str>

      # Name of the Security Association to use in this profile.
      sa_policy: <str>

      # IPsec connection (Initiator/Responder/Dynamic).
      connection: <str; "add" | "start" | "route">

      # Encrypted password - only type 7 supported.
      shared_key: <str>

      # Dead Peer Detection.
      dpd:

        # Interval (in seconds) between keep-alive messages.
        interval: <int; 2-3600; required>

        # Time (in seconds) after which the action is applied.
        time: <int; 10-3600; required>

        # Action to apply.
        #
        # * 'clear': Delete all connections
        # * 'hold': Re-negotiate connection on demand
        # * 'restart': Restart connection immediately
        action: <str; "clear" | "hold" | "restart"; required>

      # Ipsec mode type.
      mode: <str; "transport" | "tunnel">

      # Enable flow parallelization.
      # When enabled, multiple cores are used to parallelize the IPsec encryption and decryption processing.
      flow_parallelization_encapsulation_udp: <bool>
  key_controller:

    # IPsec profile name to use.
    profile: <str>

  # Disable hardware encryption.
  # An SFE restart is needed for this change to take effect.
  hardware_encryption_disabled: <bool; default=False>

Switching

MLAG configuration

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
mlag_configuration	Dictionary
domain_id	String
heartbeat_interval	Integer				Heartbeat interval in milliseconds.
local_interface	String				Local Interface Name.
peer_address	String				IPv4 or IPv6 Address.
peer_address_heartbeat	Dictionary
peer_ip	String				IPv4 or IPv6 Address.
vrf	String				VRF Name.
dual_primary_detection_delay	Integer			Min: 0 Max: 86400	Delay in seconds.
dual_primary_recovery_delay_mlag	Integer			Min: 0 Max: 86400	Delay in seconds.
dual_primary_recovery_delay_non_mlag	Integer			Min: 0 Max: 86400	Delay in seconds.
peer_link	String				Port-Channel interface name.
reload_delay_mlag	String				Delay in seconds <0-86400> or ‘infinity’.
reload_delay_non_mlag	String				Delay in seconds <0-86400> or ‘infinity’.

mlag_configuration:
  domain_id: <str>

  # Heartbeat interval in milliseconds.
  heartbeat_interval: <int>

  # Local Interface Name.
  local_interface: <str>

  # IPv4 or IPv6 Address.
  peer_address: <str>
  peer_address_heartbeat:

    # IPv4 or IPv6 Address.
    peer_ip: <str>

    # VRF Name.
    vrf: <str>

  # Delay in seconds.
  dual_primary_detection_delay: <int; 0-86400>

  # Delay in seconds.
  dual_primary_recovery_delay_mlag: <int; 0-86400>

  # Delay in seconds.
  dual_primary_recovery_delay_non_mlag: <int; 0-86400>

  # Port-Channel interface name.
  peer_link: <str>

  # Delay in seconds <0-86400> or 'infinity'.
  reload_delay_mlag: <str>

  # Delay in seconds <0-86400> or 'infinity'.
  reload_delay_non_mlag: <str>

Spanning-tree

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
spanning_tree	Dictionary
root_super	Boolean
edge_port	Dictionary
bpdufilter_default	Boolean
bpduguard_default	Boolean
mode	String			Valid Values: - mstp - rstp - rapid-pvst - none
bpduguard_rate_limit	Dictionary
default	Boolean
count	Integer				Maximum number of BPDUs per timer interval.
rstp_priority	Integer
mst	Dictionary
pvst_border	Boolean
configuration	Dictionary
name	String
revision	Integer				0-65535.
instances	List, items: Dictionary
- id	Integer	Required, Unique			Instance ID.
vlans	String				”< vlan_id >, < vlan_id >-< vlan_id >” Example: 15,16,17,18
mst_instances	List, items: Dictionary
- id	String	Required, Unique			Instance ID.
priority	Integer
no_spanning_tree_vlan	String				”< vlan_id >, < vlan_id >-< vlan_id >” Example: 105,202,505-506
rapid_pvst_instances	List, items: Dictionary
- id	String	Required, Unique			”< vlan_id >, < vlan_id >-< vlan_id >” Example: 105,202,505-506
priority	Integer

spanning_tree:
  root_super: <bool>
  edge_port:
    bpdufilter_default: <bool>
    bpduguard_default: <bool>
  mode: <str; "mstp" | "rstp" | "rapid-pvst" | "none">
  bpduguard_rate_limit:
    default: <bool>

    # Maximum number of BPDUs per timer interval.
    count: <int>
  rstp_priority: <int>
  mst:
    pvst_border: <bool>
    configuration:
      name: <str>

      # 0-65535.
      revision: <int>
      instances:

          # Instance ID.
        - id: <int; required; unique>

          # "< vlan_id >, < vlan_id >-< vlan_id >"
          # Example: 15,16,17,18
          vlans: <str>
  mst_instances:

      # Instance ID.
    - id: <str; required; unique>
      priority: <int>

  # "< vlan_id >, < vlan_id >-< vlan_id >"
  # Example: 105,202,505-506
  no_spanning_tree_vlan: <str>
  rapid_pvst_instances:

      # "< vlan_id >, < vlan_id >-< vlan_id >"
      # Example: 105,202,505-506
    - id: <str; required; unique>
      priority: <int>

VLAN internal order

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
vlan_internal_order	Dictionary
allocation	String	Required		Valid Values: - ascending - descending
range	Dictionary	Required
beginning	Integer	Required		Min: 2 Max: 4094	First VLAN ID.
ending	Integer	Required		Min: 2 Max: 4094	Last VLAN ID.

vlan_internal_order:
  allocation: <str; "ascending" | "descending"; required>
  range: # required

    # First VLAN ID.
    beginning: <int; 2-4094; required>

    # Last VLAN ID.
    ending: <int; 2-4094; required>

VLANs

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
vlans	List, items: Dictionary
- id	Integer	Required, Unique			VLAN ID.
name	String				VLAN Name.
state	String			Valid Values: - active - suspend
trunk_groups	List, items: String
- <str>	String				Trunk Group Name.
private_vlan	Dictionary
type	String			Valid Values: - community - isolated
primary_vlan	Integer				Primary VLAN ID.
tenant	String				Key only used for documentation or validation purposes.

vlans:

    # VLAN ID.
  - id: <int; required; unique>

    # VLAN Name.
    name: <str>
    state: <str; "active" | "suspend">
    trunk_groups:

        # Trunk Group Name.
      - <str>
    private_vlan:
      type: <str; "community" | "isolated">

      # Primary VLAN ID.
      primary_vlan: <int>

    # Key only used for documentation or validation purposes.
    tenant: <str>

System settings

Agents

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
agents	List, items: Dictionary
- name	String	Required, Unique			Agent name.
environment_variables	List, items: Dictionary			Min Length: 1
- name	String	Required, Unique			Environment variable name.
value	String	Required			Environment variable value.

agents:

    # Agent name.
  - name: <str; required; unique>
    environment_variables: # >=1 items

        # Environment variable name.
      - name: <str; required; unique>

        # Environment variable value.
        value: <str; required>

Hardware counters

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
hardware_counters	Dictionary
features	List, items: Dictionary				This data model allows to configure the list of hardware counters feature available on Arista platforms. The name key accepts a list of valid_values which MUST be updated to support new feature as they are released in EOS. The available values of the different keys like ‘direction’ or ‘address_type’ are feature and hardware dependent and this model DOES NOT validate that the combinations are valid. It is the responsibility of the user of this data model to make sure that the rendered CLI is accepted by the targeted device. Examples: * Use: yaml<br> hardware_counters:<br> features:<br> - name: ip<br> direction: out<br> layer3: true<br> units_packets: true<br> to render: eos<br> hardware counter feature ip out layer3 units packets<br> * Use: yaml<br> hardware_counters:<br> features:<br> - name: route<br> address_type: ipv4<br> vrf: test<br> prefix: 192.168.0.0/24<br> to render: eos<br> hardware counter feature route ipv4 vrf test 192.168.0.0/24<br>
- name	String			Valid Values: - acl - decap-group - directflow - ecn - flow-spec - gre tunnel interface - ip - mpls interface - mpls lfib - mpls tunnel - multicast - nexthop - pbr - pdp - policing interface - qos - qos dual-rate-policer - route - routed-port - segment-security - subinterface - tapagg - traffic-class - traffic-policy - vlan - vlan-interface - vni decap - vni encap - vtep decap - vtep encap
direction	String			Valid Values: - in - out - cpu	Most features support only ‘in’ and ‘out’. Some like traffic-policy support ‘cpu’. Some features DO NOT have any direction. This validation IS NOT made by the schemas.
address_type	String			Valid Values: - ipv4 - ipv6 - mac	Supported only for the following features: - acl: [ipv4, ipv6, mac] if direction is ‘out’ - multicast: [ipv4, ipv6] - route: [ipv4, ipv6] This validation IS NOT made by the schemas.
layer3	Boolean				Supported only for the ‘ip’ feature.
vrf	String				Supported only for the ‘route’ feature. This validation IS NOT made by the schemas.
prefix	String				Supported only for the ‘route’ feature. Mandatory for the ‘route’ feature. This validation IS NOT made by the schemas.
units_packets	Boolean

hardware_counters:

  # This data model allows to configure the list of hardware counters feature
  # available on Arista platforms.
  #
  # The `name` key accepts a list of valid_values which MUST be updated to support
  # new feature as they are released in EOS.
  #
  # The available values of the different keys like 'direction' or 'address_type'
  # are feature and hardware dependent and this model DOES NOT validate that the
  # combinations are valid. It is the responsibility of the user of this data model
  # to make sure that the rendered CLI is accepted by the targeted device.
  #
  # Examples:
  #
  #   * Use:
  #     ```yaml
  #     hardware_counters:
  #       features:
  #         - name: ip
  #           direction: out
  #           layer3: true
  #           units_packets: true
  #     ```
  #
  #     to render:
  #     ```eos
  #     hardware counter feature ip out layer3 units packets
  #     ```
  #   * Use:
  #     ```yaml
  #     hardware_counters:
  #       features:
  #         - name: route
  #           address_type: ipv4
  #           vrf: test
  #           prefix: 192.168.0.0/24
  #     ```
  #
  #     to render:
  #     ```eos
  #     hardware counter feature route ipv4 vrf test 192.168.0.0/24
  #     ```
  features:
    - name: <str; "acl" | "decap-group" | "directflow" | "ecn" | "flow-spec" | "gre tunnel interface" | "ip" | "mpls interface" | "mpls lfib" | "mpls tunnel" | "multicast" | "nexthop" | "pbr" | "pdp" | "policing interface" | "qos" | "qos dual-rate-policer" | "route" | "routed-port" | "segment-security" | "subinterface" | "tapagg" | "traffic-class" | "traffic-policy" | "vlan" | "vlan-interface" | "vni decap" | "vni encap" | "vtep decap" | "vtep encap">

      # Most features support only 'in' and 'out'. Some like traffic-policy support 'cpu'.
      # Some features DO NOT have any direction.
      # This validation IS NOT made by the schemas.
      direction: <str; "in" | "out" | "cpu">

      # Supported only for the following features:
      # - acl: [ipv4, ipv6, mac] if direction is 'out'
      # - multicast: [ipv4, ipv6]
      # - route: [ipv4, ipv6]
      # This validation IS NOT made by the schemas.
      address_type: <str; "ipv4" | "ipv6" | "mac">

      # Supported only for the 'ip' feature.
      layer3: <bool>

      # Supported only for the 'route' feature.
      # This validation IS NOT made by the schemas.
      vrf: <str>

      # Supported only for the 'route' feature.
      # Mandatory for the 'route' feature.
      # This validation IS NOT made by the schemas.
      prefix: <str>
      units_packets: <bool>

Hardware

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
hardware	Dictionary
access_list	Dictionary
mechanism	String			Valid Values: - algomatch - none - tcam
speed_groups	List, items: Dictionary
- speed_group	String	Required, Unique
serdes	String				Serdes speed like “10g” or “25g”.

hardware:
  access_list:
    mechanism: <str; "algomatch" | "none" | "tcam">
  speed_groups:
    - speed_group: <str; required; unique>

      # Serdes speed like "10g" or "25g".
      serdes: <str>

IP hardware

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_hardware	Dictionary
fib	Dictionary
optimize	Dictionary
prefixes	Dictionary
profile	String			Valid Values: - internet - urpf-internet

ip_hardware:
  fib:
    optimize:
      prefixes:
        profile: <str; "internet" | "urpf-internet">

IPv6 hardware

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_hardware	Dictionary
fib	Dictionary
optimize	Dictionary
prefixes	Dictionary
profile	String				Pre-defined profile ‘internet’ or user-defined profile name.

ipv6_hardware:
  fib:
    optimize:
      prefixes:

        # Pre-defined profile 'internet' or user-defined profile name.
        profile: <str>

L2 protocol

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
l2_protocol	Dictionary
forwarding_profiles	List, items: Dictionary
- name	String	Required, Unique
protocols	List, items: Dictionary
- name	String	Required, Unique		Valid Values: - bfd per-link rfc-7130 - e-lmi - isis - lacp - lldp - macsec - pause - stp
forward	Boolean
tagged_forward	Boolean
untagged_forward	Boolean

l2_protocol:
  forwarding_profiles:
    - name: <str; required; unique>
      protocols:
        - name: <str; "bfd per-link rfc-7130" | "e-lmi" | "isis" | "lacp" | "lldp" | "macsec" | "pause" | "stp"; required; unique>
          forward: <bool>
          tagged_forward: <bool>
          untagged_forward: <bool>

MAC address-table

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
mac_address_table	Dictionary
aging_time	Integer				Aging time in seconds.
notification_host_flap	Dictionary
logging	Boolean
detection	Dictionary
window	Integer			Min: 2 Max: 300
moves	Integer			Min: 2 Max: 10

mac_address_table:

  # Aging time in seconds.
  aging_time: <int>
  notification_host_flap:
    logging: <bool>
    detection:
      window: <int; 2-300>
      moves: <int; 2-10>

Platform

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
platform	Dictionary				Every key below this point is platform dependent.
trident	Dictionary
forwarding_table_partition	String
mmu	Dictionary				Memory Management Unit settings.
active_profile	String				The queue profile to be applied to the platform.
queue_profiles	List, items: Dictionary
- name	String	Required, Unique
multicast_queues	List, items: Dictionary
- id	Integer	Required, Unique		Min: 0 Max: 7
unit	String			Valid Values: - bytes - cells	Unit to be used for the reservation value. If not specified, default is bytes.
reserved	Integer				Amount of memory that should be reserved for this queue.
threshold	String				Dynamic Shared Memory threshold.
drop	Dictionary
precedence	Integer	Required		Valid Values: - 1 - 2
threshold	String	Required			Drop Threshold. This value may also be fractions. Example: 7/8 or 3/4 or 1/2
unicast_queues	List, items: Dictionary
- id	Integer	Required, Unique		Min: 0 Max: 7
unit	String			Valid Values: - bytes - cells	Unit to be used for the reservation value. If not specified, default is bytes.
reserved	Integer				Amount of memory that should be reserved for this queue.
threshold	String				Dynamic Shared Memory threshold.
drop	Dictionary
precedence	Integer	Required		Valid Values: - 1 - 2
threshold	String	Required			Drop Threshold. This value may also be fractions. Example: 7/8 or 3/4 or 1/2
sand	Dictionary				Most of the platform sand options are hardware dependent and optional.
qos_maps	List, items: Dictionary
- traffic_class	Integer			Min: 0 Max: 7
to_network_qos	Integer			Min: 0 Max: 63
lag	Dictionary
hardware_only	Boolean
mode	String
forwarding_mode	String
multicast_replication	Dictionary
default	String			Valid Values: - ingress - egress
mdb_profile	String			Valid Values: - balanced - balanced-xl - l3 - l3-xl - l3-xxl - l3-xxxl	Sand platforms MDB Profile configuration. Note: l3-xxxl does not support MLAG.
sfe	Dictionary				Sfe (Software Forwarding Engine) settings.
data_plane_cpu_allocation_max	Integer			Min: 1 Max: 128	Maximum number of CPUs used for data plane traffic forwarding.

# Every key below this point is platform dependent.
platform:
  trident:
    forwarding_table_partition: <str>

    # Memory Management Unit settings.
    mmu:

      # The queue profile to be applied to the platform.
      active_profile: <str>
      queue_profiles:
        - name: <str; required; unique>
          multicast_queues:
            - id: <int; 0-7; required; unique>

              # Unit to be used for the reservation value. If not specified, default is bytes.
              unit: <str; "bytes" | "cells">

              # Amount of memory that should be reserved for this
              # queue.
              reserved: <int>

              # Dynamic Shared Memory threshold.
              threshold: <str>
              drop:
                precedence: <int; 1 | 2; required>

                # Drop Threshold. This value may also be fractions.
                # Example: 7/8 or 3/4 or 1/2
                threshold: <str; required>
          unicast_queues:
            - id: <int; 0-7; required; unique>

              # Unit to be used for the reservation value. If not specified, default is bytes.
              unit: <str; "bytes" | "cells">

              # Amount of memory that should be reserved for this
              # queue.
              reserved: <int>

              # Dynamic Shared Memory threshold.
              threshold: <str>
              drop:
                precedence: <int; 1 | 2; required>

                # Drop Threshold. This value may also be fractions.
                # Example: 7/8 or 3/4 or 1/2
                threshold: <str; required>

  # Most of the platform sand options are hardware dependent and optional.
  sand:
    qos_maps:
      - traffic_class: <int; 0-7>
        to_network_qos: <int; 0-63>
    lag:
      hardware_only: <bool>
      mode: <str>
    forwarding_mode: <str>
    multicast_replication:
      default: <str; "ingress" | "egress">

    # Sand platforms MDB Profile configuration. Note: l3-xxxl does not support MLAG.
    mdb_profile: <str; "balanced" | "balanced-xl" | "l3" | "l3-xl" | "l3-xxl" | "l3-xxxl">

  # Sfe (Software Forwarding Engine) settings.
  sfe:

    # Maximum number of CPUs used for data plane traffic forwarding.
    data_plane_cpu_allocation_max: <int; 1-128>

PoE

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
poe	Dictionary
reboot	Dictionary				Set the global PoE power behavior for PoE ports when the system is rebooted.
action	String			Valid Values: - power-off - maintain	PoE action for interface. By default in EOS, reboot action is set to power-off.
interface_shutdown	Dictionary				Set the global PoE power behavior for PoE ports when ports are admin down.
action	String			Valid Values: - power-off - maintain	PoE action for interface. By default in EOS, interface shutdown action is set to maintain.

poe:

  # Set the global PoE power behavior for PoE ports when the system is rebooted.
  reboot:

    # PoE action for interface. By default in EOS, reboot action is set to power-off.
    action: <str; "power-off" | "maintain">

  # Set the global PoE power behavior for PoE ports when ports are admin down.
  interface_shutdown:

    # PoE action for interface. By default in EOS, interface shutdown action is set to maintain.
    action: <str; "power-off" | "maintain">

PTP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ptp	Dictionary
mode	String			Valid Values: - boundary - disabled - e2etransparent - gptp - ordinarymaster - p2ptransparent
mode_one_step	Boolean
forward_unicast	Boolean
clock_identity	String				The clock-id in xx:xx:xx:xx:xx:xx format.
source	Dictionary
ip	String				Source IP.
priority1	Integer			Min: 0 Max: 255
priority2	Integer			Min: 0 Max: 255
ttl	Integer			Min: 1 Max: 255
domain	Integer			Min: 0 Max: 255
message_type	Dictionary
general	Dictionary
dscp	Integer
event	Dictionary
dscp	Integer
monitor	Dictionary
enabled	Boolean		True
threshold	Dictionary
offset_from_master	Integer			Min: 0 Max: 1000000000
mean_path_delay	Integer			Min: 0 Max: 1000000000
drop	Dictionary
offset_from_master	Integer			Min: 0 Max: 1000000000
mean_path_delay	Integer			Min: 0 Max: 1000000000
missing_message	Dictionary
intervals	Dictionary
announce	Integer			Min: 2 Max: 255
follow_up	Integer			Min: 2 Max: 255
sync	Integer			Min: 2 Max: 255
sequence_ids	Dictionary
enabled	Boolean
announce	Integer			Min: 2 Max: 255
delay_resp	Integer			Min: 2 Max: 255
follow_up	Integer			Min: 2 Max: 255
sync	Integer			Min: 2 Max: 255

ptp:
  mode: <str; "boundary" | "disabled" | "e2etransparent" | "gptp" | "ordinarymaster" | "p2ptransparent">
  mode_one_step: <bool>
  forward_unicast: <bool>

  # The clock-id in xx:xx:xx:xx:xx:xx format.
  clock_identity: <str>
  source:

    # Source IP.
    ip: <str>
  priority1: <int; 0-255>
  priority2: <int; 0-255>
  ttl: <int; 1-255>
  domain: <int; 0-255>
  message_type:
    general:
      dscp: <int>
    event:
      dscp: <int>
  monitor:
    enabled: <bool; default=True>
    threshold:
      offset_from_master: <int; 0-1000000000>
      mean_path_delay: <int; 0-1000000000>
      drop:
        offset_from_master: <int; 0-1000000000>
        mean_path_delay: <int; 0-1000000000>
    missing_message:
      intervals:
        announce: <int; 2-255>
        follow_up: <int; 2-255>
        sync: <int; 2-255>
      sequence_ids:
        enabled: <bool>
        announce: <int; 2-255>
        delay_resp: <int; 2-255>
        follow_up: <int; 2-255>
        sync: <int; 2-255>

Redundancy

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
redundancy	Dictionary
protocol	String				Redundancy Protocol.

redundancy:

  # Redundancy Protocol.
  protocol: <str>

System

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
system	Dictionary
control_plane	Dictionary
tcp_mss	Dictionary
ipv4	Integer				Segment size.
ipv6	Integer				Segment size.
ipv4_access_groups	List, items: Dictionary
- acl_name	String	Required, Unique
vrf	String
ipv6_access_groups	List, items: Dictionary
- acl_name	String	Required, Unique
vrf	String
l1	Dictionary
unsupported_speed_action	String			Valid Values: - error - warn
unsupported_error_correction_action	String			Valid Values: - error - warn

system:
  control_plane:
    tcp_mss:

      # Segment size.
      ipv4: <int>

      # Segment size.
      ipv6: <int>
    ipv4_access_groups:
      - acl_name: <str; required; unique>
        vrf: <str>
    ipv6_access_groups:
      - acl_name: <str; required; unique>
        vrf: <str>
  l1:
    unsupported_speed_action: <str; "error" | "warn">
    unsupported_error_correction_action: <str; "error" | "warn">

TCAM profile

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
tcam_profile	Dictionary
system	String				TCAM profile name to activate.
profiles	List, items: Dictionary
- name	String	Required, Unique			Tcam-Profile Name.
config	String				TCAM Profile Config. Since these can be very long, it is often a good idea to import the config from a file. Example: “{{ lookup(‘file’, ‘TCAM_TRAFFIC_POLICY.conf’) }}”
source	String				TCAM profile local source path. Used to read the TCAM profile from a local path existing on the device.

tcam_profile:

  # TCAM profile name to activate.
  system: <str>
  profiles:

      # Tcam-Profile Name.
    - name: <str; required; unique>

      # TCAM Profile Config. Since these can be very long, it is often a good idea to import the config from a file.
      # Example: "{{ lookup('file', 'TCAM_TRAFFIC_POLICY.conf') }}"
      config: <str>

      # TCAM profile local source path. Used to read the TCAM profile from a local path existing on the device.
      source: <str>

Metadata

These fields are not generating any configuration. They are meant to be used by tools that parse structured configuration.

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
metadata	Dictionary				The data under metadata is used for documentation, validation or integration purposes. It will not affect the generated EOS configuration.
platform	String
system_mac_address	String
cv_tags	Dictionary
device_tags	List, items: Dictionary
- name	String	Required
value	String	Required
interface_tags	List, items: Dictionary
- interface	String	Required
tags	List, items: Dictionary
- name	String	Required
value	String	Required
cv_pathfinder	Dictionary				Metadata used for CV Pathfinder visualization on CloudVision.
role	String
region	String
zone	String
site	String
vtep_ip	String
ssl_profile	String
address	String
pathfinders	List, items: Dictionary
- vtep_ip	String	Required
interfaces	List, items: Dictionary
- name	String
carrier	String
circuit_id	String
pathgroup	String
public_ip	String
pathgroups	List, items: Dictionary
- name	String	Required
carriers	List, items: Dictionary
- name	String
imported_carriers	List, items: Dictionary
- name	String
regions	List, items: Dictionary
- id	Integer
name	String
zones	List, items: Dictionary
- id	Integer
name	String
sites	List, items: Dictionary
- id	Integer
name	String
location	Dictionary
address	String
vrfs	List, items: Dictionary
- name	String
vni	Integer
avts	List, items: Dictionary
- constraints	Dictionary
jitter	Integer
latency	Integer
lossrate	String
description	String
id	Integer
name	String
pathgroups	List, items: Dictionary
- name	String
preference	String
internet_exit_policies	List, items: Dictionary
- name	String	Required
type	String	Required
city	String	Required
country	String	Required
upload_bandwidth	Integer
download_bandwidth	Integer
firewall	Boolean	Required
ips_control	Boolean	Required
acceptable_use_policy	Boolean	Required
vpn_credentials	List, items: Dictionary	Required
- fqdn	String	Required
vpn_type	String	Required
pre_shared_key	String	Required
tunnels	List, items: Dictionary	Required
- name	String	Required
preference	String	Required

# The data under `metadata` is used for documentation, validation or integration purposes.
# It will not affect the generated EOS configuration.
metadata:
  platform: <str>
  system_mac_address: <str>
  cv_tags:
    device_tags:
      - name: <str; required>
        value: <str; required>
    interface_tags:
      - interface: <str; required>
        tags:
          - name: <str; required>
            value: <str; required>

  # Metadata used for CV Pathfinder visualization on CloudVision.
  cv_pathfinder:
    role: <str>
    region: <str>
    zone: <str>
    site: <str>
    vtep_ip: <str>
    ssl_profile: <str>
    address: <str>
    pathfinders:
      - vtep_ip: <str; required>
    interfaces:
      - name: <str>
        carrier: <str>
        circuit_id: <str>
        pathgroup: <str>
        public_ip: <str>
    pathgroups:
      - name: <str; required>
        carriers:
          - name: <str>
        imported_carriers:
          - name: <str>
    regions:
      - id: <int>
        name: <str>
        zones:
          - id: <int>
            name: <str>
            sites:
              - id: <int>
                name: <str>
                location:
                  address: <str>
    vrfs:
      - name: <str>
        vni: <int>
        avts:
          - constraints:
              jitter: <int>
              latency: <int>
              lossrate: <str>
            description: <str>
            id: <int>
            name: <str>
            pathgroups:
              - name: <str>
                preference: <str>
    internet_exit_policies:
      - name: <str; required>
        type: <str; required>
        city: <str; required>
        country: <str; required>
        upload_bandwidth: <int>
        download_bandwidth: <int>
        firewall: <bool; required>
        ips_control: <bool; required>
        acceptable_use_policy: <bool; required>
        vpn_credentials: # required
          - fqdn: <str; required>
            vpn_type: <str; required>
            pre_shared_key: <str; required>
        tunnels: # required
          - name: <str; required>
            preference: <str; required>