Input variables for eos_cli_config_gen¶
This document describes the supported input variables for the role arista.avd.eos_cli_config_gen
.
Since several data models have changed between AVD versions 4.x and 5.x, it is recommended to study the Porting Guide for AVD 5.x.x for existing deployments.
The input variables are documented below in tables and YAML.
All values are optional.
Note
All input variables are validated by a schema. If additional custom keys are desired, a key starting with an underscore _
, will be ignored.
Warning
Available features and variables may vary by platforms, refer to documentation on arista.com for specifics.
Authentication¶
AAA accounting¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
aaa_accounting | Dictionary | ||||
exec | Dictionary | ||||
console | Dictionary | ||||
type | String | Valid Values: - none - start-stop - stop-only |
|||
group | String | Group Name. | |||
logging | Boolean | ||||
default | Dictionary | ||||
type | String | Valid Values: - none - start-stop - stop-only |
|||
group | String | Group Name. | |||
logging | Boolean | ||||
system | Dictionary | ||||
default | Dictionary | ||||
type | String | Valid Values: - none - start-stop - stop-only |
|||
group | String | Group Name. | |||
dot1x | Dictionary | ||||
default | Dictionary | ||||
type | String | Valid Values: - start-stop - stop-only |
|||
group | String | Group Name. | |||
commands | Dictionary | ||||
console | List, items: Dictionary | ||||
- commands | String | Privilege level ‘all’ or 0-15. | |||
type | String | Valid Values: - none - start-stop - stop-only |
|||
group | String | Group Name. | |||
logging | Boolean | ||||
default | List, items: Dictionary | ||||
- commands | String | Privilege level ‘all’ or 0-15. | |||
type | String | Valid Values: - none - start-stop - stop-only |
|||
group | String | Group Name. | |||
logging | Boolean |
aaa_accounting:
exec:
console:
type: <str; "none" | "start-stop" | "stop-only">
# Group Name.
group: <str>
logging: <bool>
default:
type: <str; "none" | "start-stop" | "stop-only">
# Group Name.
group: <str>
logging: <bool>
system:
default:
type: <str; "none" | "start-stop" | "stop-only">
# Group Name.
group: <str>
dot1x:
default:
type: <str; "start-stop" | "stop-only">
# Group Name.
group: <str>
commands:
console:
# Privilege level 'all' or 0-15.
- commands: <str>
type: <str; "none" | "start-stop" | "stop-only">
# Group Name.
group: <str>
logging: <bool>
default:
# Privilege level 'all' or 0-15.
- commands: <str>
type: <str; "none" | "start-stop" | "stop-only">
# Group Name.
group: <str>
logging: <bool>
AAA authentication¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
aaa_authentication | Dictionary | ||||
login | Dictionary | ||||
default | String | Login authentication method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local” |
|||
console | String | Console authentication method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local” |
|||
enable | Dictionary | ||||
default | String | Enable authentication method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local” |
|||
dot1x | Dictionary | ||||
default | String | 802.1x authentication method(s) as a string. Examples: - “group radius” - “group MYGROUP group radius” |
|||
policies | Dictionary | ||||
on_failure_log | Boolean | ||||
on_success_log | Boolean | ||||
local | Dictionary | ||||
allow_nopassword | Boolean | ||||
lockout | Dictionary | ||||
failure | Integer | Min: 1 Max: 255 |
|||
duration | Integer | Min: 1 Max: 4294967295 |
|||
window | Integer | Min: 1 Max: 4294967295 |
aaa_authentication:
login:
# Login authentication method(s) as a string.
# Examples:
# - "group tacacs+ local"
# - "group MYGROUP none"
# - "group radius group MYGROUP local"
default: <str>
# Console authentication method(s) as a string.
# Examples:
# - "group tacacs+ local"
# - "group MYGROUP none"
# - "group radius group MYGROUP local"
console: <str>
enable:
# Enable authentication method(s) as a string.
# Examples:
# - "group tacacs+ local"
# - "group MYGROUP none"
# - "group radius group MYGROUP local"
default: <str>
dot1x:
# 802.1x authentication method(s) as a string.
# Examples:
# - "group radius"
# - "group MYGROUP group radius"
default: <str>
policies:
on_failure_log: <bool>
on_success_log: <bool>
local:
allow_nopassword: <bool>
lockout:
failure: <int; 1-255>
duration: <int; 1-4294967295>
window: <int; 1-4294967295>
AAA authorization¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
aaa_authorization | Dictionary | ||||
policy | Dictionary | ||||
local_default_role | String | ||||
exec | Dictionary | ||||
default | String | Exec authorization method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local” |
|||
config_commands | Boolean | ||||
serial_console | Boolean | ||||
dynamic | Dictionary | ||||
dot1x_additional_groups | List, items: String | Min Length: 1 | |||
- <str> | String | ||||
commands | Dictionary | ||||
all_default | String | Command authorization method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group tacacs+ group MYGROUP local |
|||
privilege | List, items: Dictionary | ||||
- level | String | Privilege level(s) 0-15. | |||
default | String | Command authorization method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group tacacs+ group MYGROUP local” |
aaa_authorization:
policy:
local_default_role: <str>
exec:
# Exec authorization method(s) as a string.
# Examples:
# - "group tacacs+ local"
# - "group MYGROUP none"
# - "group radius group MYGROUP local"
default: <str>
config_commands: <bool>
serial_console: <bool>
dynamic:
dot1x_additional_groups: # >=1 items
- <str>
commands:
# Command authorization method(s) as a string.
# Examples:
# - "group tacacs+ local"
# - "group MYGROUP none"
# - "group tacacs+ group MYGROUP local
all_default: <str>
privilege:
# Privilege level(s) 0-15.
- level: <str>
# Command authorization method(s) as a string.
# Examples:
# - "group tacacs+ local"
# - "group MYGROUP none"
# - "group tacacs+ group MYGROUP local"
default: <str>
AAA root¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
aaa_root | Dictionary | ||||
disabled | Boolean | Set to true to configure no aaa root which is the EOS default. |
|||
secret | Dictionary | ||||
sha512_password | String |
AAA server groups¶
Enable password¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
enable_password | Dictionary | ||||
disabled | Boolean | Set to true to configure no enable password which is the EOS default. |
|||
hash_algorithm | String | Valid Values: - md5 - sha512 |
|||
key | String | Must be the hash of the password using the specified algorithm. By default EOS salts the password, so the simplest is to generate the hash on an EOS device. |
enable_password:
# Set to `true` to configure `no enable password` which is the EOS default.
disabled: <bool>
hash_algorithm: <str; "md5" | "sha512">
# Must be the hash of the password using the specified algorithm.
# By default EOS salts the password, so the simplest is to generate the hash on an EOS device.
key: <str>
IP radius source-interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_radius_source_interfaces | List, items: Dictionary | ||||
- name | String | Interface Name. | |||
vrf | String | VRF Name. |
IP tacacs source-interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_tacacs_source_interfaces | List, items: Dictionary | ||||
- name | String | Interface name. | |||
vrf | String |
Local users¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
local_users | List, items: Dictionary | ||||
- name | String | Required, Unique | Username. | ||
disabled | Boolean | If true, the user will be removed and all other settings are ignored. Useful for removing the default “admin” user. |
|||
privilege | Integer | Min: 0 Max: 15 |
Initial privilege level with local EXEC authorization. |
||
role | String | EOS RBAC Role to be assigned to the user such as “network-admin” or “network-operator”. |
|||
sha512_password | String | SHA512 Hash of Password. Must be the hash of the password. By default EOS salts the password with the username, so the simplest is to generate the hash on an EOS device using the same username. |
|||
no_password | Boolean | If set a password will not be configured for this user. “sha512_password” MUST not be defined for this user. |
|||
ssh_key | String | ||||
secondary_ssh_key | String | ||||
shell | String | Valid Values: - /bin/bash - /bin/sh - /sbin/nologin |
Specify shell for the user. |
local_users:
# Username.
- name: <str; required; unique>
# If true, the user will be removed and all other settings are ignored.
# Useful for removing the default "admin" user.
disabled: <bool>
# Initial privilege level with local EXEC authorization.
privilege: <int; 0-15>
# EOS RBAC Role to be assigned to the user such as "network-admin" or "network-operator".
role: <str>
# SHA512 Hash of Password.
# Must be the hash of the password. By default EOS salts the password with the username, so the simplest is to generate the hash on an EOS device using the same username.
sha512_password: <str>
# If set a password will not be configured for this user. "sha512_password" MUST not be defined for this user.
no_password: <bool>
ssh_key: <str>
secondary_ssh_key: <str>
# Specify shell for the user.
shell: <str; "/bin/bash" | "/bin/sh" | "/sbin/nologin">
Radius servers¶
Roles¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
roles | List, items: Dictionary | ||||
- name | String | Required, Unique | Role name. | ||
sequence_numbers | List, items: Dictionary | ||||
- sequence | Integer | Sequence number. | |||
action | String | Valid Values: - permit - deny |
|||
mode | String | “config”, “config-all”, “exec” or mode key as string. |
|||
command | String | Command as string. |
Tacacs servers¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
tacacs_servers | Dictionary | ||||
timeout | Integer | Min: 1 Max: 1000 |
Timeout in seconds. | ||
hosts | List, items: Dictionary | ||||
- host | String | Host IP address or name. | |||
vrf | String | ||||
key | String | Encrypted key. | |||
key_type | String | 7 |
Valid Values: - 0 - 7 - 8a |
||
single_connection | Boolean | ||||
timeout | Integer | Min: 1 Max: 1000 |
Timeout in seconds. | ||
policy_unknown_mandatory_attribute_ignore | Boolean |
tacacs_servers:
# Timeout in seconds.
timeout: <int; 1-1000>
hosts:
# Host IP address or name.
- host: <str>
vrf: <str>
# Encrypted key.
key: <str>
key_type: <str; "0" | "7" | "8a"; default="7">
single_connection: <bool>
# Timeout in seconds.
timeout: <int; 1-1000>
policy_unknown_mandatory_attribute_ignore: <bool>
ACLs¶
IP Extended access-lists¶
AVD currently supports two different data models for extended ACLs:
- The legacy
access_lists
data model, for compatibility with existing deployments - The improved
ip_access_lists
data model, for access to more EOS features
Both data models can coexists without conflicts, as different keys are used: access_lists
vs ip_access_lists
.
Access list names must be unique.
The legacy data model supports simplified ACL definition with sequence
to action
mapping:
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
access_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Access-list Name. | ||
counters_per_entry | Boolean | ||||
permit_response_traffic | String | Valid Values: - nat |
Permit response traffic automatically based on NAT translations. Minimum EOS version requirement 4.32.2F. |
||
sequence_numbers | List, items: Dictionary | Required | |||
- sequence | Integer | Required, Unique | Sequence ID. | ||
action | String | Required | Action as string. Example: “deny ip any any” |
access_lists:
# Access-list Name.
- name: <str; required; unique>
counters_per_entry: <bool>
# Permit response traffic automatically based on NAT translations.
# Minimum EOS version requirement 4.32.2F.
permit_response_traffic: <str; "nat">
sequence_numbers: # required
# Sequence ID.
- sequence: <int; required; unique>
# Action as string.
# Example: "deny ip any any"
action: <str; required>
The improved data model has a more sophisticated design documented below:
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_access_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Access-list Name. | ||
counters_per_entry | Boolean | ||||
entries | List, items: Dictionary | ACL Entries. | |||
- sequence | Integer | ACL entry sequence number. | |||
remark | String | Comment up to 100 characters. If remark is defined, other keys in the ACL entry will be ignored. |
|||
action | String | Valid Values: - permit - deny |
ACL action. Required except for remarks. |
||
protocol | String | “ip”, “tcp”, “udp”, “icmp” or other protocol name or number. Required except for remarks. |
|||
source | String | “any”, “ “ Required except for remarks. |
|||
source_ports_match | String | eq |
Valid Values: - eq - gt - lt - neq - range |
||
source_ports | List, items: String | ||||
- <str> | String | TCP/UDP source port name or number. | |||
destination | String | “any”, “ “ Required except for remarks. |
|||
destination_ports_match | String | eq |
Valid Values: - eq - gt - lt - neq - range |
||
destination_ports | List, items: String | ||||
- <str> | String | TCP/UDP destination port name or number. | |||
tcp_flags | List, items: String | ||||
- <str> | String | TCP Flag Name. | |||
fragments | Boolean | Match non-head fragment packets. | |||
log | Boolean | Log matches against this rule. | |||
ttl | Integer | Min: 0 Max: 255 |
TTL value. | ||
ttl_match | String | eq |
Valid Values: - eq - gt - lt - neq |
||
icmp_type | String | Message type name/number for ICMP packets. | |||
icmp_code | String | Message code for ICMP packets. | |||
nexthop_group | String | nexthop-group name. | |||
tracked | Boolean | Match packets in existing ICMP/UDP/TCP connections. | |||
dscp | String | DSCP value or name. | |||
vlan_number | Integer | ||||
vlan_inner | Boolean | False |
|||
vlan_mask | String | 0x000-0xFFF VLAN mask. | |||
permit_response_traffic | String | Valid Values: - nat |
Permit response traffic automatically based on NAT translations. Minimum EOS version requirement 4.32.2F. |
ip_access_lists:
# Access-list Name.
- name: <str; required; unique>
counters_per_entry: <bool>
# ACL Entries.
entries:
# ACL entry sequence number.
- sequence: <int>
# Comment up to 100 characters.
# If remark is defined, other keys in the ACL entry will be ignored.
remark: <str>
# ACL action.
# Required except for remarks.
action: <str; "permit" | "deny">
# "ip", "tcp", "udp", "icmp" or other protocol name or number.
# Required except for remarks.
protocol: <str>
# "any", "<ip>/<mask>" or "<ip>".
# "<ip>" without a mask means host.
# Required except for remarks.
source: <str>
source_ports_match: <str; "eq" | "gt" | "lt" | "neq" | "range"; default="eq">
source_ports:
# TCP/UDP source port name or number.
- <str>
# "any", "<ip>/<mask>" or "<ip>".
# "<ip>" without a mask means host.
# Required except for remarks.
destination: <str>
destination_ports_match: <str; "eq" | "gt" | "lt" | "neq" | "range"; default="eq">
destination_ports:
# TCP/UDP destination port name or number.
- <str>
tcp_flags:
# TCP Flag Name.
- <str>
# Match non-head fragment packets.
fragments: <bool>
# Log matches against this rule.
log: <bool>
# TTL value.
ttl: <int; 0-255>
ttl_match: <str; "eq" | "gt" | "lt" | "neq"; default="eq">
# Message type name/number for ICMP packets.
icmp_type: <str>
# Message code for ICMP packets.
icmp_code: <str>
# nexthop-group name.
nexthop_group: <str>
# Match packets in existing ICMP/UDP/TCP connections.
tracked: <bool>
# DSCP value or name.
dscp: <str>
vlan_number: <int>
vlan_inner: <bool; default=False>
# 0x000-0xFFF VLAN mask.
vlan_mask: <str>
# Permit response traffic automatically based on NAT translations.
# Minimum EOS version requirement 4.32.2F.
permit_response_traffic: <str; "nat">
The improved data model allows to limit the number of ACL entries that AVD is allowed to generate by defining ip_access_lists_max_entries
.
Only normal entries under ip_access_lists
will be counted, remarks will be ignored.
If the number is above the limit, the playbook will fail. This provides a simplified control over hardware utilization.
The numbers must be based on the hardware tests and AVD does not provide any guidance. Note that other EOS features may use the same hardware resources and affect the supported scale.
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_access_lists_max_entries | Integer | Limit ACL entries defined under the ip_access_lists . |
IPv6 access-lists¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ipv6_access_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | IPv6 Access-list Name. | ||
counters_per_entry | Boolean | ||||
sequence_numbers | List, items: Dictionary | Required | |||
- sequence | Integer | Required, Unique | Sequence ID. | ||
action | String | Required | Action as string. Example: “deny ipv6 any any” |
IPv6 standard access-lists¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ipv6_standard_access_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Access-list Name. | ||
counters_per_entry | Boolean | ||||
sequence_numbers | List, items: Dictionary | Required | |||
- sequence | Integer | Required, Unique | Sequence ID. | ||
action | String | Required | Action as string. Example: “deny ipv6 any any” |
MAC access-lists¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
mac_access_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | MAC Access-list Name. | ||
counters_per_entry | Boolean | ||||
entries | List, items: Dictionary | ||||
- sequence | Integer | ||||
action | String |
Standard access-lists¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
standard_access_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Access-list Name. | ||
counters_per_entry | Boolean | ||||
sequence_numbers | List, items: Dictionary | Required | |||
- sequence | Integer | Required, Unique | Sequence ID. | ||
action | String | Required | Action as string. Example: “deny ip any any” |
Endpoint Security¶
Address-locking¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
address_locking | Dictionary | ||||
dhcp_servers_ipv4 | List, items: String | ||||
- <str> | String | DHCP server IPv4 address. | |||
disabled | Boolean | Disable IP locking on configured ports. | |||
leases | List, items: Dictionary | ||||
- ip | String | Required | IP address. | ||
mac | String | Required | MAC address (hhhh.hhhh.hhhh or hh:hh:hh:hh:hh:hh). | ||
local_interface | String | ||||
locked_address | Dictionary | ||||
expiration_mac_disabled | Boolean | Configure deauthorizing locked addresses upon MAC aging out. | |||
ipv4_enforcement_disabled | Boolean | Configure enforcement for locked IPv4 addresses. | |||
ipv6_enforcement_disabled | Boolean | Configure enforcement for locked IPv6 addresses. |
address_locking:
dhcp_servers_ipv4:
# DHCP server IPv4 address.
- <str>
# Disable IP locking on configured ports.
disabled: <bool>
leases:
# IP address.
- ip: <str; required>
# MAC address (hhhh.hhhh.hhhh or hh:hh:hh:hh:hh:hh).
mac: <str; required>
local_interface: <str>
locked_address:
# Configure deauthorizing locked addresses upon MAC aging out.
expiration_mac_disabled: <bool>
# Configure enforcement for locked IPv4 addresses.
ipv4_enforcement_disabled: <bool>
# Configure enforcement for locked IPv6 addresses.
ipv6_enforcement_disabled: <bool>
Dot1x¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
dot1x | Dictionary | ||||
system_auth_control | Boolean | ||||
protocol_lldp_bypass | Boolean | ||||
protocol_bpdu_bypass | Boolean | ||||
dynamic_authorization | Boolean | ||||
mac_based_authentication | Dictionary | ||||
delay | Integer | Min: 0 Max: 300 |
|||
hold_period | Integer | Min: 1 Max: 300 |
|||
radius_av_pair_username_format | Dictionary | RADIUS AV-pair username settings. | |||
delimiter | String | Required | Valid Values: - colon - hyphen - none - period |
Delimiter to use in MAC address string. | |
mac_string_case | String | Required | Valid Values: - lowercase - uppercase |
MAC address string in lowercase/uppercase. | |
radius_av_pair | Dictionary | ||||
service_type | Boolean | ||||
framed_mtu | Integer | Min: 68 Max: 9236 |
|||
aaa | Dictionary | Configure AAA parameters. | |||
unresponsive | Dictionary | Configure AAA timeout options. | |||
eap_response | String | Valid Values: - success - disabled |
EAP response to send. | ||
action | Dictionary | Set action for supplicant when AAA times out. | |||
apply_cached_results | Boolean | Use results from a previous AAA response. | |||
cached_results_timeout | Dictionary | ||||
time_duration | Integer | Min: 1 | Enable caching for a specific duration - <1-10000> duration in days <1-14400000> duration in minutes <1-240000> duration in hours <1-864000000> duration in seconds |
||
time_duration_unit | String | Required | Valid Values: - days - hours - minutes - seconds |
||
apply_alternate | Boolean | Apply alternate action if primary action fails. eg. aaa unresponsive action apply cached-results else traffic allow |
|||
traffic_allow | Boolean | Set action for supplicant traffic when AAA times out. | |||
traffic_allow_vlan | Integer | Min: 1 Max: 4094 |
|||
phone_action | Dictionary | Set action for supplicant when AAA times out. | |||
apply_cached_results | Boolean | Use results from a previous AAA response. | |||
cached_results_timeout | Dictionary | ||||
time_duration | Integer | Min: 1 | Enable caching for a specific duration - <1-10000> duration in days <1-14400000> duration in minutes <1-240000> duration in hours <1-864000000> duration in seconds |
||
time_duration_unit | String | Required | Valid Values: - days - hours - minutes - seconds |
||
apply_alternate | Boolean | Apply alternate action if primary action fails. eg. aaa unresponsive phone action apply cached-results else traffic allow |
|||
traffic_allow | Boolean | Set action for supplicant traffic when AAA times out. | |||
recovery_action_reauthenticate | Boolean | ||||
accounting_update_interval | Integer | Min: 5 Max: 65535 |
Interval period in seconds. | ||
captive_portal | Dictionary | Web authentication feature authenticates a supplicant through a web page, referred to as a captive portal. | |||
enabled | Boolean | Required | |||
url | String | Supported URL type: - http: http:// - https: https:// |
|||
ssl_profile | String | ||||
start_limit_infinite | Boolean | Set captive-portal start limit to infinte. | |||
access_list_ipv4 | String | Standard access-list name. | |||
supplicant | Dictionary | ||||
profiles | List, items: Dictionary | Dot1x supplicant profiles. | |||
- name | String | Required, Unique | |||
eap_method | String | Valid Values: - fast - tls |
Extensible Authentication Protocol method: - EAP Flexible Authentication via Secure Tunneling. - EAP with Transport Layer Security. |
||
identity | String | User identity. | |||
passphrase_type | String | 7 |
Valid Values: - 0 - 7 - 8a |
||
passphrase | String | Extensible Authentication Protocol password. | |||
ssl_profile | String | ||||
logging | Boolean | Enable supplicant logging. | |||
disconnect_cached_results_timeout | Integer | Min: 60 Max: 65535 |
Timeout in seconds for removing a disconnected supplicant. |
dot1x:
system_auth_control: <bool>
protocol_lldp_bypass: <bool>
protocol_bpdu_bypass: <bool>
dynamic_authorization: <bool>
mac_based_authentication:
delay: <int; 0-300>
hold_period: <int; 1-300>
# RADIUS AV-pair username settings.
radius_av_pair_username_format:
# Delimiter to use in MAC address string.
delimiter: <str; "colon" | "hyphen" | "none" | "period"; required>
# MAC address string in lowercase/uppercase.
mac_string_case: <str; "lowercase" | "uppercase"; required>
radius_av_pair:
service_type: <bool>
framed_mtu: <int; 68-9236>
# Configure AAA parameters.
aaa:
# Configure AAA timeout options.
unresponsive:
# EAP response to send.
eap_response: <str; "success" | "disabled">
# Set action for supplicant when AAA times out.
action:
# Use results from a previous AAA response.
apply_cached_results: <bool>
cached_results_timeout:
# Enable caching for a specific duration -
# <1-10000> duration in days
# <1-14400000> duration in minutes
# <1-240000> duration in hours
# <1-864000000> duration in seconds
time_duration: <int; >=1>
time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>
# Apply alternate action if primary action fails.
# eg. aaa unresponsive action apply cached-results else traffic allow
apply_alternate: <bool>
# Set action for supplicant traffic when AAA times out.
traffic_allow: <bool>
traffic_allow_vlan: <int; 1-4094>
# Set action for supplicant when AAA times out.
phone_action:
# Use results from a previous AAA response.
apply_cached_results: <bool>
cached_results_timeout:
# Enable caching for a specific duration -
# <1-10000> duration in days
# <1-14400000> duration in minutes
# <1-240000> duration in hours
# <1-864000000> duration in seconds
time_duration: <int; >=1>
time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>
# Apply alternate action if primary action fails.
# eg. aaa unresponsive phone action apply cached-results else traffic allow
apply_alternate: <bool>
# Set action for supplicant traffic when AAA times out.
traffic_allow: <bool>
recovery_action_reauthenticate: <bool>
# Interval period in seconds.
accounting_update_interval: <int; 5-65535>
# Web authentication feature authenticates a supplicant through a web page, referred to as a captive portal.
captive_portal:
enabled: <bool; required>
# Supported URL type:
# - http: http://<hostname>[:<port>]
# - https: https://<hostname>[:<port>]
url: <str>
ssl_profile: <str>
# Set captive-portal start limit to infinte.
start_limit_infinite: <bool>
# Standard access-list name.
access_list_ipv4: <str>
supplicant:
# Dot1x supplicant profiles.
profiles:
- name: <str; required; unique>
# Extensible Authentication Protocol method:
# - EAP Flexible Authentication via Secure Tunneling.
# - EAP with Transport Layer Security.
eap_method: <str; "fast" | "tls">
# User identity.
identity: <str>
passphrase_type: <str; "0" | "7" | "8a"; default="7">
# Extensible Authentication Protocol password.
passphrase: <str>
ssl_profile: <str>
# Enable supplicant logging.
logging: <bool>
# Timeout in seconds for removing a disconnected supplicant.
disconnect_cached_results_timeout: <int; 60-65535>
MAC security¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
mac_security | Dictionary | ||||
license | Dictionary | ||||
license_name | String | Required | |||
license_key | String | Required | |||
fips_restrictions | Boolean | ||||
profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | Profile-Name. | ||
cipher | String | Valid Values: - aes128-gcm - aes128-gcm-xpn - aes256-gcm - aes256-gcm-xpn |
|||
connection_keys | List, items: Dictionary | ||||
- id | String | Required, Unique | |||
encrypted_key | String | ||||
fallback | Boolean | ||||
mka | Dictionary | ||||
key_server_priority | Integer | Min: 0 Max: 255 |
|||
session | Dictionary | ||||
rekey_period | Integer | Min: 30 Max: 100000 |
Rekey period in seconds. | ||
sci | Boolean | ||||
l2_protocols | Dictionary | ||||
ethernet_flow_control | Dictionary | ||||
mode | String | Required | Valid Values: - encrypt - bypass |
||
lldp | Dictionary | ||||
mode | String | Required | Valid Values: - bypass - bypass unauthorized |
||
traffic_unprotected | Dictionary | ||||
action | String | Required | Valid Values: - allow - drop |
Allow/drop the transmit/receive of unprotected traffic. | |
allow_active_sak | Boolean | Allow transmit/receive of encrypted traffic using operational SAK and block otherwise. |
mac_security:
license:
license_name: <str; required>
license_key: <str; required>
fips_restrictions: <bool>
profiles:
# Profile-Name.
- name: <str; required; unique>
cipher: <str; "aes128-gcm" | "aes128-gcm-xpn" | "aes256-gcm" | "aes256-gcm-xpn">
connection_keys:
- id: <str; required; unique>
encrypted_key: <str>
fallback: <bool>
mka:
key_server_priority: <int; 0-255>
session:
# Rekey period in seconds.
rekey_period: <int; 30-100000>
sci: <bool>
l2_protocols:
ethernet_flow_control:
mode: <str; "encrypt" | "bypass"; required>
lldp:
mode: <str; "bypass" | "bypass unauthorized"; required>
traffic_unprotected:
# Allow/drop the transmit/receive of unprotected traffic.
action: <str; "allow" | "drop"; required>
# Allow transmit/receive of encrypted traffic using operational SAK and block otherwise.
allow_active_sak: <bool>
Filters and policies¶
AS path¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
as_path | Dictionary | ||||
regex_mode | String | Valid Values: - asn - string |
|||
access_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Access List Name. | ||
entries | List, items: Dictionary | ||||
- type | String | Valid Values: - permit - deny |
|||
match | String | Regex To Match. | |||
origin | String | any |
Valid Values: - any - egp - igp - incomplete |
Class-maps¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
class_maps | Dictionary | ||||
pbr | List, items: Dictionary | ||||
- name | String | Required, Unique | Class-Map Name. | ||
ip | Dictionary | ||||
access_group | String | Standard Access-List Name. | |||
qos | List, items: Dictionary | ||||
- name | String | Required, Unique | Class-Map Name. | ||
vlan | String | VLAN value(s) or range(s) of VLAN values. | |||
cos | String | CoS value(s) or range(s) of CoS values. | |||
ip | Dictionary | ||||
access_group | String | IPv4 Access-List Name. | |||
ipv6 | Dictionary | ||||
access_group | String | IPv6 Access-List Name. |
class_maps:
pbr:
# Class-Map Name.
- name: <str; required; unique>
ip:
# Standard Access-List Name.
access_group: <str>
qos:
# Class-Map Name.
- name: <str; required; unique>
# VLAN value(s) or range(s) of VLAN values.
vlan: <str>
# CoS value(s) or range(s) of CoS values.
cos: <str>
ip:
# IPv4 Access-List Name.
access_group: <str>
ipv6:
# IPv6 Access-List Name.
access_group: <str>
Dynamic prefix lists¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
dynamic_prefix_lists | List, items: Dictionary | ||||
- name | String | Dynamic prefix-list name. | |||
match_map | String | Route-map name. | |||
prefix_list | Dictionary | ||||
ipv4 | String | Prefix-list name. | |||
ipv6 | String | Prefix-list name. |
IP community lists¶
AVD currently supports two different data models for community lists:
- The legacy
community_lists
data model that can be used for compatibility with the existing deployments. - The improved
ip_community_lists
data model.
Both data models can coexist without conflicts, as different keys are used: community_lists
vs ip_community_lists
.
Community list names must be unique.
The legacy data model supports simplified community list definition that only allows a single action to be defined as string:
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
community_lists deprecated | List, items: Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. Use ip_community_lists instead. | |||
- name | String | Required, Unique | Community-list Name. | ||
action | String | Required | Action as string. Example: “permit GSHUT 65123:123” |
The improved data model has a better design documented below:
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_community_lists | List, items: Dictionary | Communities and regexp entries MUST not be configured in the same community-list. |
|||
- name | String | Required, Unique | IP Community-list Name. | ||
entries | List, items: Dictionary | Required | |||
- action | String | Required | Valid Values: - permit - deny |
||
communities | List, items: String | If defined, a standard community-list will be configured. Supported community strings (case insensitive): - GSHUT - internet - local-as - no-advertise - no-export - <1-4294967040> - aa:nn |
|||
- <str> | String | ||||
regexp | String | Regular Expression. If defined, a regex community-list will be configured. |
# Communities and regexp entries MUST not be configured in the same community-list.
ip_community_lists:
# IP Community-list Name.
- name: <str; required; unique>
entries: # required
- action: <str; "permit" | "deny"; required>
# If defined, a standard community-list will be configured.
# Supported community strings (case insensitive):
# - GSHUT
# - internet
# - local-as
# - no-advertise
# - no-export
# - <1-4294967040>
# - aa:nn
communities:
- <str>
# Regular Expression.
# If defined, a regex community-list will be configured.
regexp: <str>
IP extcommunity-lists¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_extcommunity_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Community-list Name. | ||
entries | List, items: Dictionary | Required | |||
- type | String | Required | Valid Values: - permit - deny |
||
extcommunities | String | Required | Communities as string. Example: “65000:65000” |
IP extcommunity-lists-regexp¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_extcommunity_lists_regexp | List, items: Dictionary | ||||
- name | String | Required, Unique | Community-list Name. | ||
entries | List, items: Dictionary | Required | |||
- type | String | Required | Valid Values: - permit - deny |
||
regexp | String | Required | Regular Expression. |
IPv6 prefix-lists¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ipv6_prefix_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Prefix-list Name. | ||
sequence_numbers | List, items: Dictionary | Required | |||
- sequence | Integer | Required, Unique | Sequence ID. | ||
action | String | Required | Action as string. Example: “permit 1b11:3a00:22b0:0082::/64 eq 128” |
Match list input¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
match_list_input | Dictionary | ||||
prefix_ipv4 | List, items: Dictionary | ||||
- name | String | Required, Unique | Prefix-List Name. | ||
prefixes | List, items: String | Required | Min Length: 1 | List of IPv4 prefixes (with the subnet mask e.g. 192.0.2.0/24). | |
- <str> | String | ||||
prefix_ipv6 | List, items: Dictionary | ||||
- name | String | Required, Unique | Prefix-List Name. | ||
prefixes | List, items: String | Required | Min Length: 1 | List of IPv6 prefixes (with the subnet mask e.g. 2001:db8:abcd:0013::/64). | |
- <str> | String | ||||
string | List, items: Dictionary | ||||
- name | String | Required, Unique | Match-list Name. | ||
sequence_numbers | List, items: Dictionary | Required | |||
- sequence | Integer | Required, Unique | Sequence ID. | ||
match_regex | String | Required | Regular Expression. |
match_list_input:
prefix_ipv4:
# Prefix-List Name.
- name: <str; required; unique>
# List of IPv4 prefixes (with the subnet mask e.g. 192.0.2.0/24).
prefixes: # >=1 items; required
- <str>
prefix_ipv6:
# Prefix-List Name.
- name: <str; required; unique>
# List of IPv6 prefixes (with the subnet mask e.g. 2001:db8:abcd:0013::/64).
prefixes: # >=1 items; required
- <str>
string:
# Match-list Name.
- name: <str; required; unique>
sequence_numbers: # required
# Sequence ID.
- sequence: <int; required; unique>
# Regular Expression.
match_regex: <str; required>
Peer-filters¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
peer_filters | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-filter Name. | ||
sequence_numbers | List, items: Dictionary | Required | |||
- sequence | Integer | Required, Unique | Sequence ID. | ||
match | String | Required | Match as string. Example: “as-range 1-100 result accept” |
Policy-maps¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
policy_maps | Dictionary | ||||
pbr | List, items: Dictionary | PBR Policy-Maps. | |||
- name | String | Required, Unique | Policy-Map Name. | ||
classes | List, items: Dictionary | ||||
- name | String | Required, Unique | Class Name. | ||
index | Integer | ||||
drop | Boolean | ‘drop’ and ‘set’ are mutually exclusive. | |||
set | Dictionary | Set Nexthop ‘drop’ and ‘set’ are mutually exclusive. |
|||
nexthop | Dictionary | ||||
ip_address | String | IPv4 or IPv6 Address. | |||
recursive | Boolean | ||||
qos | List, items: Dictionary | QOS Policy-Maps. | |||
- name | String | Required, Unique | Policy-Map Name. | ||
classes | List, items: Dictionary | ||||
- name | String | Required, Unique | Class Name. | ||
set | Dictionary | ||||
cos | Integer | ||||
dscp | String | ||||
traffic_class | Integer | ||||
drop_precedence | Integer | ||||
police | Dictionary | ||||
rate | Integer | Specify rate. Range in kbps <8-200000000>. |
|||
rate_unit | String | bps |
Valid Values: - bps - kbps - mbps - pps |
||
rate_burst_size | Integer | Range in bytes <256-128000000>. | |||
rate_burst_size_unit | String | bytes |
Valid Values: - bytes - kbytes - mbytes - packets |
||
action | Dictionary | ||||
type | String | Valid Values: - dscp - drop-precedence |
Set action for policed traffic. | ||
dscp_value | String | Set when action.type is set to “dscp”. | |||
higher_rate | Integer | Specify higher rate. Range in kbps |
|||
higher_rate_unit | String | bps |
Valid Values: - bps - kbps - mbps - pps |
||
higher_rate_burst_size | Integer | Range in bytes <256-128000000>. | |||
higher_rate_burst_size_unit | String | bytes |
Valid Values: - bytes - kbytes - mbytes - packets |
||
copp_system_policy | Dictionary | Control-plane policy configuration. | |||
classes | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
shape | Integer | Min: 0 Max: 10000000 |
Maximum rate limit. | ||
bandwidth | Integer | Min: 0 Max: 10000000 |
Minimum bandwidth. | ||
rate_unit | String | Valid Values: - pps - kbps |
The rate_unit must be defined for shape and bandwidth . |
policy_maps:
# PBR Policy-Maps.
pbr:
# Policy-Map Name.
- name: <str; required; unique>
classes:
# Class Name.
- name: <str; required; unique>
index: <int>
# 'drop' and 'set' are mutually exclusive.
drop: <bool>
# Set Nexthop
# 'drop' and 'set' are mutually exclusive.
set:
nexthop:
# IPv4 or IPv6 Address.
ip_address: <str>
recursive: <bool>
# QOS Policy-Maps.
qos:
# Policy-Map Name.
- name: <str; required; unique>
classes:
# Class Name.
- name: <str; required; unique>
set:
cos: <int>
dscp: <str>
traffic_class: <int>
drop_precedence: <int>
police:
# Specify rate.
# Range in kbps <8-200000000>.
rate: <int>
rate_unit: <str; "bps" | "kbps" | "mbps" | "pps"; default="bps">
# Range in bytes <256-128000000>.
rate_burst_size: <int>
rate_burst_size_unit: <str; "bytes" | "kbytes" | "mbytes" | "packets"; default="bytes">
action:
# Set action for policed traffic.
type: <str; "dscp" | "drop-precedence">
# Set when action.type is set to "dscp".
dscp_value: <str>
# Specify higher rate.
# Range in kbps <lower_rate in kbps + 8 - lower_rate in kbps + 200000000>.
higher_rate: <int>
higher_rate_unit: <str; "bps" | "kbps" | "mbps" | "pps"; default="bps">
# Range in bytes <256-128000000>.
higher_rate_burst_size: <int>
higher_rate_burst_size_unit: <str; "bytes" | "kbytes" | "mbytes" | "packets"; default="bytes">
# Control-plane policy configuration.
copp_system_policy:
classes:
- name: <str; required; unique>
# Maximum rate limit.
shape: <int; 0-10000000>
# Minimum bandwidth.
bandwidth: <int; 0-10000000>
# The `rate_unit` must be defined for `shape` and `bandwidth`.
rate_unit: <str; "pps" | "kbps">
Prefix-lists¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
prefix_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Prefix-list Name. | ||
sequence_numbers | List, items: Dictionary | ||||
- sequence | Integer | Required, Unique | Sequence ID. | ||
action | String | Required | Action as string. Example: “permit 10.255.0.0/27 eq 32” |
Route-maps¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
route_maps | List, items: Dictionary | ||||
- name | String | Required, Unique | Route-map Name. | ||
sequence_numbers | List, items: Dictionary | Required | |||
- sequence | Integer | Required, Unique | Sequence ID. | ||
type | String | Required | Valid Values: - permit - deny |
||
description | String | ||||
match | List, items: String | List of “match” statements. | |||
- <str> | String | Match as string. Example: “ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY” |
|||
set | List, items: String | List of “set” statements. | |||
- <str> | String | Set as string. Example: “origin incomplete” |
|||
sub_route_map | String | Name of Sub-Route-map. | |||
continue | Dictionary | ||||
enabled | Boolean | ||||
sequence_number | Integer |
route_maps:
# Route-map Name.
- name: <str; required; unique>
sequence_numbers: # required
# Sequence ID.
- sequence: <int; required; unique>
type: <str; "permit" | "deny"; required>
description: <str>
# List of "match" statements.
match:
# Match as string.
# Example: "ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY"
- <str>
# List of "set" statements.
set:
# Set as string.
# Example: "origin incomplete"
- <str>
# Name of Sub-Route-map.
sub_route_map: <str>
continue:
enabled: <bool>
sequence_number: <int>
Trackers¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
trackers | List, items: Dictionary | ||||
- name | String | Required, Unique | Name of tracker object. | ||
interface | String | Required | Name of tracked interface. | ||
tracked_property | String | line-protocol |
Property to track. |
Traffic policies¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
traffic_policies | Dictionary | ||||
options | Dictionary | ||||
counter_per_interface | Boolean | ||||
field_sets | Dictionary | ||||
ipv4 | List, items: Dictionary | ||||
- name | String | Required, Unique | IPv4 Prefix Field Set Name. | ||
prefixes | List, items: String | ||||
- <str> | String | IPv4 Prefix. | |||
ipv6 | List, items: Dictionary | ||||
- name | String | Required, Unique | IPv6 Prefix Field Set Name. | ||
prefixes | List, items: String | ||||
- <str> | String | IPv6 Prefix. | |||
ports | List, items: Dictionary | ||||
- name | String | Required, Unique | L4 Port Field Set Name. | ||
port_range | String | Example: ‘10,20,80,440-450’ | |||
policies | List, items: Dictionary | ||||
- name | String | Required, Unique | Traffic Policy Name. | ||
matches | List, items: Dictionary | ||||
- name | String | Required, Unique | Traffic Policy Item. | ||
type | String | Required | Valid Values: - ipv4 - ipv6 |
||
source | Dictionary | ||||
prefixes | List, items: String | ||||
- <str> | String | IP address or prefix. | |||
prefix_lists | List, items: String | Field-set prefix lists. | |||
- <str> | String | ||||
destination | Dictionary | ||||
prefixes | List, items: String | ||||
- <str> | String | IP address or prefix. | |||
prefix_lists | List, items: String | Field-set prefix lists. | |||
- <str> | String | ||||
ttl | String | TTL range. | |||
fragment | Dictionary | The ‘fragment’ command is not supported when ‘source port’ or ‘destination port’ command is configured. |
|||
offset | String | Fragment offset range. | |||
protocols | List, items: Dictionary | ||||
- protocol | String | Required, Unique | |||
src_port | String | Port range. | |||
dst_port | String | Port range. | |||
src_field | String | L4 port range field set. | |||
dst_field | String | L4 port range field set. | |||
flags | List, items: String | ||||
- <str> | String | Valid Values: - established - initial |
|||
icmp_type | List, items: String | ||||
- <str> | String | ||||
enforce_gtsm | Boolean | Enforce the GTSM for BGP speakers. Only supported when protocol is set to ‘neighbors’. | |||
actions | Dictionary | ||||
dscp | Integer | ||||
traffic_class | Integer | Traffic class ID. | |||
count | String | Counter name. | |||
drop | Boolean | ||||
log | Boolean | Only supported when action is set to drop. | |||
default_actions | Dictionary | ||||
ipv4 | Dictionary | ||||
dscp | Integer | ||||
traffic_class | Integer | Traffic class ID. | |||
count | String | Counter name. | |||
drop | Boolean | ||||
log | Boolean | Only supported when action is set to drop. | |||
ipv6 | Dictionary | ||||
dscp | Integer | ||||
traffic_class | Integer | Traffic class ID. | |||
count | String | Counter name. | |||
drop | Boolean | ||||
log | Boolean | Only supported when action is set to drop. |
traffic_policies:
options:
counter_per_interface: <bool>
field_sets:
ipv4:
# IPv4 Prefix Field Set Name.
- name: <str; required; unique>
prefixes:
# IPv4 Prefix.
- <str>
ipv6:
# IPv6 Prefix Field Set Name.
- name: <str; required; unique>
prefixes:
# IPv6 Prefix.
- <str>
ports:
# L4 Port Field Set Name.
- name: <str; required; unique>
# Example: '10,20,80,440-450'
port_range: <str>
policies:
# Traffic Policy Name.
- name: <str; required; unique>
matches:
# Traffic Policy Item.
- name: <str; required; unique>
type: <str; "ipv4" | "ipv6"; required>
source:
prefixes:
# IP address or prefix.
- <str>
# Field-set prefix lists.
prefix_lists:
- <str>
destination:
prefixes:
# IP address or prefix.
- <str>
# Field-set prefix lists.
prefix_lists:
- <str>
# TTL range.
ttl: <str>
# The 'fragment' command is not supported when 'source port'
# or 'destination port' command is configured.
fragment:
# Fragment offset range.
offset: <str>
protocols:
- protocol: <str; required; unique>
# Port range.
src_port: <str>
# Port range.
dst_port: <str>
# L4 port range field set.
src_field: <str>
# L4 port range field set.
dst_field: <str>
flags:
- <str; "established" | "initial">
icmp_type:
- <str>
# Enforce the GTSM for BGP speakers. Only supported when protocol is set to 'neighbors'.
enforce_gtsm: <bool>
actions:
dscp: <int>
# Traffic class ID.
traffic_class: <int>
# Counter name.
count: <str>
drop: <bool>
# Only supported when action is set to drop.
log: <bool>
default_actions:
ipv4:
dscp: <int>
# Traffic class ID.
traffic_class: <int>
# Counter name.
count: <str>
drop: <bool>
# Only supported when action is set to drop.
log: <bool>
ipv6:
dscp: <int>
# Traffic class ID.
traffic_class: <int>
# Counter name.
count: <str>
drop: <bool>
# Only supported when action is set to drop.
log: <bool>
Interfaces¶
DPS interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
dps_interfaces | List, items: Dictionary | Min Length: 1 Max Length: 1 |
|||
- name | String | Required, Unique | Valid Values: - Dps1 |
“Dps1” is currently the only supported interface. | |
description | String | ||||
shutdown | Boolean | ||||
mtu | Integer | Min: 68 Max: 65535 |
Maximum Transmission Unit in bytes. | ||
ip_address | String | IPv4 address/mask. | |||
flow_tracker | Dictionary | ||||
sampled | String | Sampled flow tracker name. | |||
hardware | String | Hardware flow tracker name, | |||
tcp_mss_ceiling | Dictionary | ||||
ipv4 | Integer | Min: 64 Max: 65495 |
Segment Size for IPv4. | ||
ipv6 | Integer | Min: 64 Max: 65475 |
Segment Size for IPv6. | ||
direction | String | Valid Values: - ingress - egress |
Optional direction (‘ingress’, ‘egress’) for tcp mss ceiling. | ||
eos_cli | String | Multiline String with EOS CLI rendered directly on the Dps interface in the final EOS configuration. |
dps_interfaces: # 1-1 items
# "Dps1" is currently the only supported interface.
- name: <str; "Dps1"; required; unique>
description: <str>
shutdown: <bool>
# Maximum Transmission Unit in bytes.
mtu: <int; 68-65535>
# IPv4 address/mask.
ip_address: <str>
flow_tracker:
# Sampled flow tracker name.
sampled: <str>
# Hardware flow tracker name,
hardware: <str>
tcp_mss_ceiling:
# Segment Size for IPv4.
ipv4: <int; 64-65495>
# Segment Size for IPv6.
ipv6: <int; 64-65475>
# Optional direction ('ingress', 'egress') for tcp mss ceiling.
direction: <str; "ingress" | "egress">
# Multiline String with EOS CLI rendered directly on the Dps interface in the final EOS configuration.
eos_cli: <str>
Errdisable¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
errdisable | Dictionary | ||||
detect | Dictionary | ||||
causes | List, items: String | ||||
- <str> | String | Valid Values: - acl - arp-inspection - dot1x - link-change - tapagg - xcvr-misconfigured - xcvr-overheat - xcvr-power-unsupported |
|||
recovery | Dictionary | ||||
causes | List, items: String | ||||
- <str> | String | Valid Values: - arp-inspection - bpduguard - dot1x - hitless-reload-down - lacp-rate-limit - link-flap - no-internal-vlan - portchannelguard - portsec - speed-misconfigured - tap-port-init - tapagg - uplink-failure-detection - xcvr-misconfigured - xcvr-overheat - xcvr-power-unsupported - xcvr-unsupported |
|||
interval | Integer | 300 |
Min: 30 Max: 86400 |
Interval in seconds. |
errdisable:
detect:
causes:
- <str; "acl" | "arp-inspection" | "dot1x" | "link-change" | "tapagg" | "xcvr-misconfigured" | "xcvr-overheat" | "xcvr-power-unsupported">
recovery:
causes:
- <str; "arp-inspection" | "bpduguard" | "dot1x" | "hitless-reload-down" | "lacp-rate-limit" | "link-flap" | "no-internal-vlan" | "portchannelguard" | "portsec" | "speed-misconfigured" | "tap-port-init" | "tapagg" | "uplink-failure-detection" | "xcvr-misconfigured" | "xcvr-overheat" | "xcvr-power-unsupported" | "xcvr-unsupported">
# Interval in seconds.
interval: <int; 30-86400; default=300>
Ethernet interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ethernet_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
description | String | ||||
shutdown | Boolean | ||||
load_interval | Integer | Min: 0 Max: 600 |
Interval in seconds for updating interface counters. | ||
speed | String | Speed should be set in the format <interface_speed> or forced <interface_speed> or auto <interface_speed> . |
|||
mtu | Integer | Min: 68 Max: 65535 |
|||
l2_mtu | Integer | Min: 68 Max: 65535 |
“l2_mtu” should only be defined for platforms supporting the “l2 mtu” CLI. |
||
l2_mru | Integer | Min: 68 Max: 65535 |
“l2_mru” should only be defined for platforms supporting the “l2 mru” CLI. |
||
vlans deprecated | String | List of switchport vlans as string. For a trunk port this would be a range like “1-200,300”. For an access port this would be a single vlan “123”. This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.access_vlan or switchport.trunk.allowed_vlan instead. |
|||
native_vlan deprecated | Integer | This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.trunk.native_vlan instead. | |||
native_vlan_tag deprecated | Boolean | If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.trunk.native_vlan_tag instead. | |||
mode deprecated | String | Valid Values: - access - dot1q-tunnel - trunk - trunk phone |
This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.mode instead. | ||
phone deprecated | Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.phone instead. | |||
trunk | String | Valid Values: - tagged - tagged phone - untagged - untagged phone |
|||
vlan | Integer | Min: 1 Max: 4094 |
|||
l2_protocol | Dictionary | ||||
encapsulation_dot1q_vlan | Integer | Vlan tag to configure on sub-interface. | |||
forwarding_profile | String | L2 protocol forwarding profile. | |||
trunk_groups deprecated | List, items: String | This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.trunk.groups instead. | |||
- <str> | String | ||||
type deprecated | String | Valid Values: - routed - switched - l3dot1q - l2dot1q - port-channel-member |
l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed. The type = switched/routed should not be combined with switchport .This key is deprecated. Support will be removed in AVD version 6.0.0. See here for details. |
||
snmp_trap_link_change | Boolean | ||||
address_locking | Dictionary | ||||
ipv4 | Boolean | Enable address locking for IPv4. | |||
ipv6 | Boolean | Enable address locking for IPv6. | |||
flowcontrol | Dictionary | ||||
received | String | Valid Values: - desired - on - off |
|||
vrf | String | VRF name. | |||
flow_tracker | Dictionary | ||||
sampled | String | Sampled flow tracker name. | |||
hardware | String | Hardware flow tracker name. | |||
error_correction_encoding | Dictionary | ||||
enabled | Boolean | True |
|||
fire_code | Boolean | ||||
reed_solomon | Boolean | ||||
link_tracking_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Group name. | ||
direction | String | Valid Values: - upstream - downstream |
|||
evpn_ethernet_segment | Dictionary | ||||
identifier | String | EVPN Ethernet Segment Identifier (Type 1 format). | |||
redundancy | String | Valid Values: - all-active - single-active |
|||
designated_forwarder_election | Dictionary | ||||
algorithm | String | Valid Values: - modulus - preference |
|||
preference_value | Integer | Min: 0 Max: 65535 |
Preference_value is only used when “algorithm” is “preference”. | ||
dont_preempt | Boolean | Dont_preempt is only used when “algorithm” is “preference”. | |||
hold_time | Integer | ||||
subsequent_hold_time | Integer | ||||
candidate_reachability_required | Boolean | ||||
mpls | Dictionary | ||||
shared_index | Integer | Min: 1 Max: 1024 |
|||
tunnel_flood_filter_time | Integer | ||||
route_target | String | EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx. | |||
encapsulation_dot1q_vlan deprecated | Integer | VLAN tag to configure on sub-interface.This key is deprecated. Support will be removed in AVD version 6.0.0. Use encapsulation_dot1q.vlan instead. | |||
encapsulation_dot1q | Dictionary | Warning: encapsulation_dot1q should not be combined with ethernet_interfaces[].type: l3dot1q or ethernet_interfaces[].type: l2dot1q . |
|||
vlan | Integer | Required | Min: 1 Max: 4094 |
VLAD ID. | |
inner_vlan | Integer | Min: 1 Max: 4094 |
Inner VLAN ID. This setting can only be applied to sub-interfaces on EOS. | ||
encapsulation_vlan | Dictionary | This setting can only be applied to sub-interfaces on EOS. Warning: encapsulation_vlan should not be combined with ethernet_interfaces[].type: l3dot1q or ethernet_interfaces[].type: l2dot1q . |
|||
client | Dictionary | ||||
dot1q deprecated | Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. | |||
vlan | Integer | Min: 1 Max: 4094 |
Client VLAN ID. | ||
outer | Integer | Min: 1 Max: 4094 |
Client Outer VLAN ID. | ||
inner | Integer | Client Inner VLAN ID. | |||
unmatched deprecated | Boolean | This key is deprecated. Support will be removed in AVD version 6.0.0. | |||
encapsulation | String | Valid Values: - dot1q - dot1ad - unmatched - untagged |
|||
vlan | Integer | Min: 1 Max: 4094 |
Client VLAN ID. Not applicable for encapsulation: untagged or encapsulation: unmatched . |
||
outer_vlan | Integer | Min: 1 Max: 4094 |
Client Outer VLAN ID. Not applicable for encapsulation: untagged or encapsulation: unmatched . |
||
inner_vlan | Integer | Min: 1 Max: 4094 |
Client Inner VLAN ID. Not applicable for encapsulation: untagged or encapsulation: unmatched . |
||
inner_encapsulation | String | Valid Values: - dot1q - dot1ad |
|||
network | Dictionary | Network encapsulations are all optional and skipped if using client unmatched. | |||
dot1q deprecated | Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. | |||
vlan | Integer | Min: 1 Max: 4094 |
Network VLAN ID. | ||
outer | Integer | Min: 1 Max: 4094 |
Network outer VLAN ID. | ||
inner | Integer | Min: 1 Max: 4094 |
Network inner VLAN ID. | ||
client deprecated | Boolean | This key is deprecated. Support will be removed in AVD version 6.0.0. | |||
encapsulation | String | Valid Values: - dot1q - dot1ad - client - client inner - untagged |
untagged (no encapsulation) is applicable for untagged client only.client and client inner (retain client encapsulation) is not applicable for untagged client. |
||
vlan | Integer | Min: 1 Max: 4094 |
Network VLAN ID. Not applicable for encapsulation: untagged or encapsulation: client . |
||
outer_vlan | Integer | Min: 1 Max: 4094 |
Network outer VLAN ID. Not applicable for encapsulation: untagged or encapsulation: client . |
||
inner_vlan | Integer | Min: 1 Max: 4094 |
Network inner VLAN ID. Not applicable for encapsulation: untagged or encapsulation: client . |
||
inner_encapsulation | String | Valid Values: - dot1q - dot1ad |
|||
vlan_id | Integer | Min: 1 Max: 4094 |
This setting can only be applied to sub-interfaces on EOS. Warning: vlan_id should not be combined with ethernet_interfaces[].type == l2dot1q . |
||
ip_address | String | IPv4 address/mask or “dhcp”. | |||
ip_address_secondaries | List, items: String | ||||
- <str> | String | ||||
ip_verify_unicast_source_reachable_via | String | Valid Values: - any - rx |
|||
dhcp_client_accept_default_route | Boolean | Install default-route obtained via DHCP. | |||
dhcp_server_ipv4 | Boolean | Enable IPv4 DHCP server. | |||
dhcp_server_ipv6 | Boolean | Enable IPv6 DHCP server. | |||
ip_helpers | List, items: Dictionary | ||||
- ip_helper | String | Required, Unique | |||
source_interface | String | Source interface name. | |||
vrf | String | VRF name. | |||
ip_nat | Dictionary | ||||
service_profile | String | NAT interface profile. | |||
destination | Dictionary | ||||
dynamic | List, items: Dictionary | ||||
- access_list | String | Required, Unique | |||
comment | String | ||||
pool_name | String | Required | |||
priority | Integer | Min: 0 Max: 4294967295 |
|||
static | List, items: Dictionary | ||||
- access_list | String | ‘access_list’ and ‘group’ are mutual exclusive. | |||
comment | String | ||||
direction | String | Valid Values: - egress - ingress |
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW. |
||
group | Integer | Min: 1 Max: 65535 |
‘access_list’ and ‘group’ are mutual exclusive. | ||
original_ip | String | IPv4 address. The combination of original_ip and original_port must be unique. |
|||
original_port | Integer | Min: 1 Max: 65535 |
TCP/UDP port. The combination of original_ip and original_port must be unique. |
||
priority | Integer | Min: 0 Max: 4294967295 |
|||
protocol | String | Valid Values: - udp - tcp |
|||
translated_ip | String | Required | IPv4 address. | ||
translated_port | Integer | Min: 1 Max: 65535 |
requires ‘original_port’. | ||
source | Dictionary | ||||
dynamic | List, items: Dictionary | ||||
- access_list | String | Required, Unique | |||
comment | String | ||||
nat_type | String | Required | Valid Values: - overload - pool - pool-address-only - pool-full-cone |
||
pool_name | String | required if ‘nat_type’ is pool, pool-address-only or pool-full-cone. ignored if ‘nat_type’ is overload. |
|||
priority | Integer | Min: 0 Max: 4294967295 |
|||
static | List, items: Dictionary | ||||
- access_list | String | ‘access_list’ and ‘group’ are mutual exclusive. | |||
comment | String | ||||
direction | String | Valid Values: - egress - ingress |
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW. |
||
group | Integer | Min: 1 Max: 65535 |
‘access_list’ and ‘group’ are mutual exclusive. | ||
original_ip | String | IPv4 address. The combination of original_ip and original_port must be unique. |
|||
original_port | Integer | Min: 1 Max: 65535 |
TCP/UDP port. The combination of original_ip and original_port must be unique. |
||
priority | Integer | Min: 0 Max: 4294967295 |
|||
protocol | String | Valid Values: - udp - tcp |
|||
translated_ip | String | Required | IPv4 address. | ||
translated_port | Integer | Min: 1 Max: 65535 |
requires ‘original_port’. | ||
ipv6_enable | Boolean | ||||
ipv6_address | String | ||||
ipv6_address_link_local | String | Link local IPv6 address/mask. | |||
ipv6_nd_ra_disabled | Boolean | ||||
ipv6_nd_managed_config_flag | Boolean | ||||
ipv6_nd_prefixes | List, items: Dictionary | ||||
- ipv6_prefix | String | Required, Unique | |||
valid_lifetime | String | Infinite or lifetime in seconds. | |||
preferred_lifetime | String | Infinite or lifetime in seconds. | |||
no_autoconfig_flag | Boolean | ||||
ipv6_dhcp_relay_destinations | List, items: Dictionary | ||||
- address | String | Required, Unique | DHCP server’s IPv6 address. | ||
vrf | String | ||||
local_interface | String | Local interface to communicate with DHCP server - mutually exclusive to source_address. | |||
source_address | String | Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface. | |||
link_address | String | Override the default link address specified in the relayed DHCP packet. | |||
access_group_in | String | Access list name. | |||
access_group_out | String | Access list name. | |||
ipv6_access_group_in | String | IPv6 access list name. | |||
ipv6_access_group_out | String | IPv6 access list name. | |||
mac_access_group_in | String | MAC access list name. | |||
mac_access_group_out | String | MAC access list name. | |||
multicast | Dictionary | Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both. | |||
ipv4 | Dictionary | ||||
boundaries | List, items: Dictionary | ||||
- boundary | String | ACL name or multicast IP subnet. | |||
out | Boolean | ||||
static | Boolean | ||||
ipv6 | Dictionary | ||||
boundaries | List, items: Dictionary | ||||
- boundary | String | ACL name or multicast IP subnet. | |||
static | Boolean | ||||
ospf_network_point_to_point | Boolean | ||||
ospf_area | String | ||||
ospf_cost | Integer | ||||
ospf_authentication | String | Valid Values: - none - simple - message-digest |
|||
ospf_authentication_key | String | Encrypted password - only type 7 supported. | |||
ospf_message_digest_keys | List, items: Dictionary | ||||
- id | Integer | Required, Unique | |||
hash_algorithm | String | Valid Values: - md5 - sha1 - sha256 - sha384 - sha512 |
|||
key | String | Encrypted password - only type 7 supported. | |||
pim | Dictionary | ||||
ipv4 | Dictionary | ||||
border_router | Boolean | Configure PIM border router. EOS default is false. | |||
dr_priority | Integer | Min: 0 Max: 429467295 |
|||
sparse_mode | Boolean | ||||
bfd | Boolean | Set the default for whether Bidirectional Forwarding Detection is enabled for PIM. | |||
bidirectional | Boolean | ||||
hello | Dictionary | ||||
count | String | Number of missed hellos after which the neighbor expires. Range <1.5-65535>. | |||
interval | Integer | Min: 1 Max: 65535 |
PIM hello interval in seconds. | ||
mac_security | Dictionary | ||||
profile | String | ||||
tcp_mss_ceiling | Dictionary | The TCP MSS clamping feature involves clamping the maximum segment size (MSS) in the TCP header of TCP SYN packets if it exceeds the configured MSS ceiling limit for the interface. |
|||
ipv4_segment_size | Integer | Min: 64 Max: 65475 |
|||
ipv6_segment_size | Integer | Min: 64 Max: 65475 |
|||
direction | String | Valid Values: - egress - ingress |
|||
channel_group | Dictionary | ||||
id | Integer | ||||
mode | String | Valid Values: - on - active - passive |
|||
isis_enable | String | ISIS instance. | |||
isis_bfd | Boolean | Enable BFD for ISIS. | |||
isis_passive | Boolean | ||||
isis_metric | Integer | ||||
isis_network_point_to_point | Boolean | ||||
isis_circuit_type | String | Valid Values: - level-1-2 - level-1 - level-2 |
|||
isis_hello_padding | Boolean | ||||
isis_authentication_mode | String | Valid Values: - text - md5 |
|||
isis_authentication_key | String | Type-7 encrypted password. | |||
poe | Dictionary | ||||
disabled | Boolean | False |
Disable PoE on a POE capable port. PoE is enabled on all ports that support it by default in EOS. | ||
priority | String | Valid Values: - critical - high - medium - low |
Prioritize a port’s power in the event that one of the switch’s power supplies loses power. | ||
reboot | Dictionary | Set the PoE power behavior for a PoE port when the system is rebooted. | |||
action | String | Valid Values: - maintain - power-off |
PoE action for interface. | ||
link_down | Dictionary | Set the PoE power behavior for a PoE port when the port goes down. | |||
action | String | Valid Values: - maintain - power-off |
PoE action for interface. | ||
power_off_delay | Integer | Min: 1 Max: 86400 |
Number of seconds to delay shutting the power off after a link down event occurs. Default value is 5 seconds in EOS. | ||
shutdown | Dictionary | Set the PoE power behavior for a PoE port when the port is admin down. | |||
action | String | Valid Values: - maintain - power-off |
PoE action for interface. | ||
limit | Dictionary | Override the hardware-negotiated power limit using either wattage or a power class. Note that if using a power class, AVD will automatically convert the class value to the wattage value corresponding to that power class. | |||
class | Integer | Min: 0 Max: 8 |
|||
watts | String | ||||
fixed | Boolean | Set to ignore hardware classification. | |||
negotiation_lldp | Boolean | Disable to prevent port from negotiating power with powered devices over LLDP. Enabled by default in EOS. | |||
legacy_detect | Boolean | Allow a subset of legacy devices to work with the PoE switch. Disabled by default in EOS because it can cause false positive detections. | |||
ptp | Dictionary | ||||
enable | Boolean | ||||
announce | Dictionary | ||||
interval | Integer | ||||
timeout | Integer | ||||
delay_req | Integer | ||||
delay_mechanism | String | Valid Values: - e2e - p2p |
|||
profile | Dictionary | ||||
g8275_1 | Dictionary | ||||
destination_mac_address | String | Valid Values: - forwardable - non-forwardable |
|||
sync_message | Dictionary | ||||
interval | Integer | ||||
role | String | Valid Values: - master - dynamic |
|||
vlan | String | VLAN can be ‘all’ or list of vlans as string. | |||
transport | String | Valid Values: - ipv4 - ipv6 - layer2 |
|||
profile | String | Interface profile. | |||
storm_control | Dictionary | ||||
all | Dictionary | ||||
level | String | Configure maximum storm-control level. | |||
unit | String | percent |
Valid Values: - percent - pps |
Optional field and is hardware dependent. | |
broadcast | Dictionary | ||||
level | String | Configure maximum storm-control level. | |||
unit | String | percent |
Valid Values: - percent - pps |
Optional field and is hardware dependent. | |
multicast | Dictionary | ||||
level | String | Configure maximum storm-control level. | |||
unit | String | percent |
Valid Values: - percent - pps |
Optional field and is hardware dependent. | |
unknown_unicast | Dictionary | ||||
level | String | Configure maximum storm-control level. | |||
unit | String | percent |
Valid Values: - percent - pps |
Optional field and is hardware dependent. | |
logging | Dictionary | ||||
event | Dictionary | ||||
link_status | Boolean | ||||
congestion_drops | Boolean | ||||
spanning_tree | Boolean | ||||
storm_control_discards | Boolean | Discards due to storm-control. |
|||
lldp | Dictionary | ||||
transmit | Boolean | ||||
receive | Boolean | ||||
ztp_vlan | Integer | ZTP vlan number. | |||
trunk_private_vlan_secondary deprecated | Boolean | This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.trunk.private_vlan_secondary instead. | |||
pvlan_mapping deprecated | String | List of vlans as string.This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.pvlan_mapping instead. | |||
vlan_translations deprecated | List, items: Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.vlan_translations instead. | |||
- from | String | List of vlans as string (only one vlan if direction is “both”). | |||
to | Integer | VLAN ID. | |||
direction | String | both |
Valid Values: - in - out - both |
||
dot1x | Dictionary | ||||
port_control | String | Valid Values: - auto - force-authorized - force-unauthorized |
|||
port_control_force_authorized_phone | Boolean | ||||
reauthentication | Boolean | ||||
pae | Dictionary | ||||
mode | String | Valid Values: - authenticator |
|||
authentication_failure | Dictionary | ||||
action | String | Valid Values: - allow - drop |
|||
allow_vlan | Integer | Min: 1 Max: 4094 |
|||
host_mode | Dictionary | ||||
mode | String | Valid Values: - multi-host - single-host |
|||
multi_host_authenticated | Boolean | ||||
mac_based_authentication | Dictionary | ||||
enabled | Boolean | ||||
always | Boolean | ||||
host_mode_common | Boolean | ||||
mac_based_access_list | Boolean | Operate interface in per-mac access-list mode. | |||
timeout | Dictionary | ||||
idle_host | Integer | Min: 10 Max: 65535 |
|||
quiet_period | Integer | Min: 1 Max: 65535 |
|||
reauth_period | String | Value can be 60-4294967295 or ‘server’. | |||
reauth_timeout_ignore | Boolean | ||||
tx_period | Integer | Min: 1 Max: 65535 |
|||
reauthorization_request_limit | Integer | Min: 1 Max: 10 |
|||
unauthorized | Dictionary | ||||
access_vlan_membership_egress | Boolean | ||||
native_vlan_membership_egress | Boolean | ||||
eapol | Dictionary | ||||
disabled | Boolean | ||||
authentication_failure_fallback_mba | Dictionary | ||||
enabled | Boolean | ||||
timeout | Integer | Min: 0 Max: 65535 |
|||
aaa | Dictionary | ||||
unresponsive | Dictionary | Configure AAA timeout options. | |||
eap_response | String | Valid Values: - success - disabled |
EAP response to send. EOS default is success . |
||
action | Dictionary | Set action for supplicant when AAA times out. | |||
traffic_allow_access_list | String | Name of standard access-list to apply when AAA times out. | |||
apply_cached_results | Boolean | Use results from a previous AAA response. | |||
cached_results_timeout | Dictionary | ||||
time_duration | Integer | Min: 1 | Enable caching for a specific duration - <1-10000> duration in days <1-14400000> duration in minutes <1-240000> duration in hours <1-864000000> duration in seconds |
||
time_duration_unit | String | Required | Valid Values: - days - hours - minutes - seconds |
||
apply_alternate | Boolean | Apply alternate action if primary action fails. eg. aaa unresponsive action apply cached-results else traffic allow |
|||
traffic_allow | Boolean | Set action for supplicant traffic when AAA times out. | |||
traffic_allow_vlan | Integer | Min: 1 Max: 4094 |
|||
phone_action | Dictionary | Set action for supplicant when AAA times out. | |||
apply_cached_results | Boolean | Use results from a previous AAA response. | |||
cached_results_timeout | Dictionary | ||||
time_duration | Integer | Min: 1 | Enable caching for a specific duration - <1-10000> duration in days <1-14400000> duration in minutes <1-240000> duration in hours <1-864000000> duration in seconds |
||
time_duration_unit | String | Required | Valid Values: - days - hours - minutes - seconds |
||
apply_alternate | Boolean | Apply alternate action if primary action fails. eg. aaa unresponsive phone action apply cached-results else traffic allow |
|||
traffic_allow | Boolean | Set action for supplicant traffic when AAA times out. | |||
service_profile | String | QOS profile. | |||
shape | Dictionary | ||||
rate | String | Rate in kbps, pps or percent. Supported options are platform dependent. Examples: - “5000 kbps” - “1000 pps” - “20 percent” |
|||
qos | Dictionary | ||||
trust | String | Valid Values: - dscp - cos - disabled |
|||
dscp | Integer | DSCP value. | |||
cos | Integer | COS value. | |||
spanning_tree_bpdufilter | String | Valid Values: - enabled - disabled - True - False - true - false |
|||
spanning_tree_bpduguard | String | Valid Values: - enabled - disabled - True - False - true - false |
|||
spanning_tree_guard | String | Valid Values: - loop - root - disabled |
|||
spanning_tree_portfast | String | Valid Values: - edge - network |
|||
vmtracer | Boolean | ||||
priority_flow_control | Dictionary | ||||
enabled | Boolean | ||||
priorities | List, items: Dictionary | ||||
- priority | Integer | Required, Unique | Min: 0 Max: 7 |
||
no_drop | Boolean | ||||
bfd | Dictionary | ||||
echo | Boolean | ||||
interval | Integer | Interval in milliseconds. | |||
min_rx | Integer | Rate in milliseconds. | |||
multiplier | Integer | Min: 3 Max: 50 |
|||
service_policy | Dictionary | ||||
pbr | Dictionary | ||||
input | String | Policy Based Routing Policy-map name. | |||
qos | Dictionary | ||||
input | String | Required | Quality of Service Policy-map name. | ||
mpls | Dictionary | ||||
ip | Boolean | ||||
ldp | Dictionary | ||||
interface | Boolean | ||||
igp_sync | Boolean | ||||
lacp_timer | Dictionary | ||||
mode | String | Valid Values: - fast - normal |
|||
multiplier | Integer | Min: 3 Max: 3000 |
|||
lacp_port_priority | Integer | Min: 0 Max: 65535 |
|||
transceiver | Dictionary | ||||
frequency | String | Transceiver Laser Frequency in GHz (min 190000, max 200000). | |||
frequency_unit | String | Valid Values: - ghz |
Unit of Transceiver Laser Frequency. | ||
media | Dictionary | ||||
override | String | Transceiver type. | |||
ip_proxy_arp | Boolean | ||||
traffic_policy | Dictionary | ||||
input | String | Ingress traffic policy. | |||
output | String | Egress traffic policy. | |||
bgp | Dictionary | ||||
session_tracker | String | Name of session tracker. | |||
ip_igmp_host_proxy | Dictionary | ||||
enabled | Boolean | ||||
groups | List, items: Dictionary | ||||
- group | String | Required, Unique | Multicast Address. | ||
exclude | List, items: Dictionary | The same source must not be present both in exclude and include list. |
|||
- source | String | Required, Unique | |||
include | List, items: Dictionary | The same source must not be present both in exclude and include list. |
|||
- source | String | Required, Unique | |||
report_interval | Integer | Min: 1 Max: 31744 |
Time interval between unsolicited reports. | ||
access_lists | List, items: Dictionary | Non-standard Access List name. | |||
- name | String | Required, Unique | |||
version | Integer | Min: 1 Max: 3 |
IGMP version on IGMP host-proxy interface. | ||
peer | String | Key only used for documentation or validation purposes. | |||
peer_interface | String | Key only used for documentation or validation purposes. | |||
peer_type | String | Key only used for documentation or validation purposes. | |||
sflow | Dictionary | ||||
enable | Boolean | ||||
egress | Dictionary | ||||
enable | Boolean | ||||
unmodified_enable | Boolean | ||||
sync_e | Dictionary | ||||
enable | Boolean | ||||
priority | String | The priority is used to influence the reference clock selection. The EOS default priority is 127. The priority can be configured to any integer between 1-255, or set to disabled . |
|||
port_profile | String | Key only used for documentation or validation purposes. | |||
uc_tx_queues | List, items: Dictionary | ||||
- id | Integer | Required, Unique | TX-Queue ID. | ||
random_detect | Dictionary | ||||
ecn | Dictionary | Explicit Congestion Notification. | |||
count | Boolean | Enable counter for random-detect ECNs. | |||
threshold | Dictionary | ||||
units | String | Required | Valid Values: - segments - bytes - kbytes - mbytes - milliseconds |
Indicate the units to be used for the threshold values. | |
min | Integer | Required | Min: 1 Max: 256000000 |
Set the random-detect ECN minimum-threshold. | |
max | Integer | Required | Min: 1 Max: 256000000 |
Set the random-detect ECN maximum-threshold. | |
max_probability | Integer | Min: 1 Max: 100 |
Set the random-detect ECN max-mark-probability. | ||
weight | Integer | Min: 0 Max: 15 |
Set the random-detect ECN weight. | ||
tx_queues | List, items: Dictionary | ||||
- id | Integer | Required, Unique | TX-Queue ID. | ||
random_detect | Dictionary | ||||
ecn | Dictionary | Explicit Congestion Notification. | |||
count | Boolean | Enable counter for random-detect ECNs. | |||
threshold | Dictionary | ||||
units | String | Required | Valid Values: - segments - bytes - kbytes - mbytes - milliseconds |
Indicate the units to be used for the threshold values. | |
min | Integer | Min: 1 Max: 256000000 |
Set the random-detect ECN minimum-threshold. | ||
max | Integer | Required | Min: 1 Max: 256000000 |
Set the random-detect ECN maximum-threshold. | |
max_probability | Integer | Required | Min: 1 Max: 100 |
Set the random-detect ECN max-mark-probability. | |
weight | Integer | Min: 0 Max: 15 |
Set the random-detect ECN weight. | ||
vrrp_ids | List, items: Dictionary | VRRP model. | |||
- id | Integer | Required, Unique | VRID. | ||
priority_level | Integer | Min: 1 Max: 254 |
Instance priority. | ||
advertisement | Dictionary | ||||
interval | Integer | Min: 1 Max: 255 |
Interval in seconds. | ||
preempt | Dictionary | ||||
enabled | Boolean | Required | |||
delay | Dictionary | ||||
minimum | Integer | Min: 0 Max: 3600 |
Minimum preempt delay in seconds. | ||
reload | Integer | Min: 0 Max: 3600 |
Reload preempt delay in seconds. | ||
timers | Dictionary | ||||
delay | Dictionary | ||||
reload | Integer | Min: 0 Max: 3600 |
Delay after reload in seconds. | ||
tracked_object | List, items: Dictionary | ||||
- name | String | Required, Unique | Tracked object name. | ||
decrement | Integer | Min: 1 Max: 254 |
Decrement VRRP priority by 1-254. | ||
shutdown | Boolean | ||||
ipv4 | Dictionary | ||||
address | String | Required | Virtual IPv4 address. | ||
version | Integer | Valid Values: - 2 - 3 |
|||
ipv6 | Dictionary | ||||
address | String | Required | Virtual IPv6 address. | ||
validate_state | Boolean | Set to false to disable interface validation by the eos_validate_state role. |
|||
switchport | Dictionary | This should not be combined with ethernet_interfaces[].type = switched/routed . |
|||
enabled | Boolean | Warning: This should not be combined with ethernet_interfaces[].type = routed . |
|||
mode | String | Valid Values: - access - dot1q-tunnel - trunk - trunk phone |
Warning: This should not be combined with ethernet_interfaces[].mode . |
||
access_vlan | Integer | Min: 1 Max: 4094 |
Set VLAN when interface is in access mode. Warning: This should not be combined with ethernet_interfaces[].mode = access/dot1q-tunnel and ethernet_interface[].vlans . |
||
trunk | Dictionary | ||||
allowed_vlan | String | VLAN ID or range(s) of VLAN IDs. Warning: This should not be combined with ethernet_interfaces[].mode = trunk and ethernet_interface[].vlans . |
|||
native_vlan | Integer | Min: 1 Max: 4094 |
Set native VLAN when interface is in trunking mode. Warning: This should not be combined with ethernet_interfaces[].native_vlan . |
||
native_vlan_tag | Boolean | If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence. Warning: This should not be combined with ethernet_interfaces[].native_vlan_tag . |
|||
private_vlan_secondary | Boolean | Enable secondary VLAN mapping for a private vlan. Warning: This should not be combined with ethernet_ineterfaces[].trunk_private_vlan_secondary . |
|||
groups | List, items: String | Warning: This should not be combined with ethernet_ineterfaces[].trunk_groups . |
|||
- <str> | String | Trunk group name. | |||
phone | Dictionary | Warning: This should not be combined with ethernet_interfaces[].phone . |
|||
vlan | Integer | Min: 1 Max: 4094 |
Warning: This should not be combined with ethernet_interfaces[].phone.vlan . |
||
trunk | String | Valid Values: - tagged - tagged phone - untagged - untagged phone |
Warning: This should not be combined with ethernet_interfaces[].phone.trunk . |
||
pvlan_mapping | String | Secondary VLAN IDs of the private VLAN mapping. Warning: This should not be combined with ethernet_interfaces[].pvlan_mapping . |
|||
dot1q | Dictionary | ||||
ethertype | Integer | Min: 1536 Max: 65535 |
Ethertype/TPID (Tag Protocol IDentifier) for VLAN tagged frames. | ||
vlan_tag | String | Valid Values: - disallowed - required |
Allow/disallow VLAN tagged frames. | ||
source_interface | String | Valid Values: - tx - tx multicast |
tx: Allow bridged traffic to go out of the source interface. tx multicast: Allow multicast traffic only to go out of the source interface. |
||
vlan_translations | Dictionary | VLAN Translation mappings. Warning: This should not be combined with ethernet_interfaces[].vlan_translations . |
|||
in_required | Boolean | Drop the ingress traffic that do not match any VLAN mapping. | |||
out_required | Boolean | Drop the egress traffic that do not match any VLAN mapping. | |||
direction_in | List, items: Dictionary | Map ingress traffic only. | |||
- from | String | Required | VLAN ID or range of VLAN IDs to map from. Range 1-4094. | ||
to | Integer | Required | Min: 1 Max: 4094 |
VLAN ID to map to. | |
dot1q_tunnel | Boolean | ||||
inner_vlan_from | Integer | Min: 1 Max: 4094 |
Inner VLAN ID to map from. | ||
direction_out | List, items: Dictionary | Map egress traffic only. | |||
- from | String | Required | VLAN ID or range of VLAN IDs to map from. Range 1-4094. | ||
to | Integer | Min: 1 Max: 4094 |
VLAN ID to map to. | ||
dot1q_tunnel_to | String | VLAN ID or range of VLAN IDs or “all”. Range 1-4094. This takes precedence over to and inner_vlan_to . |
|||
inner_vlan_to | Integer | Min: 1 Max: 4094 |
Inner VLAN ID to map to. | ||
direction_both | List, items: Dictionary | Map both egress and ingress traffic. | |||
- from | String | Required | VLAN ID or range of VLAN IDs to map from. Range 1-4094. | ||
to | Integer | Required | Min: 1 Max: 4094 |
VLAN ID to map to. | |
dot1q_tunnel | Boolean | ||||
inner_vlan_from | Integer | Min: 1 Max: 4094 |
Inner VLAN ID to map from. | ||
network | Boolean | Enable use of network-side VLAN ID. This setting can only be enabled when inner_vlan_from is defined. |
|||
vlan_forwarding_accept_all | Boolean | ||||
backup_link | Dictionary | ||||
interface | String | Backup interface. Example - Ethernet4, Vlan10 etc. | |||
prefer_vlan | String | VLANs to carry on the backup interface (1-4094). | |||
backup | Dictionary | The backup_link is required for this setting. |
|||
dest_macaddr | String | Format: mac | Destination MAC address for MAC move updates. The mac address should be multicast or broadcast. Example: 01:00:00:00:00:00 |
||
initial_mac_move_delay | Integer | Min: 0 Max: 65535 |
Initial MAC move delay in milliseconds. | ||
mac_move_burst | Integer | Min: 0 Max: 65535 |
Size of MAC move bursts. | ||
mac_move_burst_interval | Integer | Min: 0 Max: 65535 |
MAC move burst interval in milliseconds. | ||
preemption_delay | Integer | Min: 0 Max: 65535 |
Preemption delay in milliseconds. | ||
port_security | Dictionary | ||||
enabled | Boolean | ||||
mac_address_maximum | Dictionary | Maximum number of MAC addresses allowed on the interface. | |||
disabled | Boolean | Disable port level check for port security (only in violation ‘shutdown’ mode). | |||
limit | Integer | Min: 1 Max: 1000 |
MAC address limit. | ||
violation | Dictionary | Configure violation mode (shutdown or protect), EOS default is ‘shutdown’. | |||
mode | String | Valid Values: - shutdown - protect |
Configure port security mode. | ||
protect_log | Boolean | Log new addresses seen after limit is reached in protect mode. | |||
vlan_default_mac_address_maximum | Integer | Min: 0 Max: 1000 |
Default maximum MAC addresses for all VLANs on this interface. | ||
vlans | List, items: Dictionary | ||||
- range | String | Required, Unique | VLAN ID or range(s) of VLAN IDs, <1-4094>. Example: - 3 - 1,3 - 1-10 |
||
mac_address_maximum | Integer | Required | |||
eos_cli | String | Multiline EOS CLI rendered directly on the ethernet interface in the final EOS configuration. |
ethernet_interfaces:
- name: <str; required; unique>
description: <str>
shutdown: <bool>
# Interval in seconds for updating interface counters.
load_interval: <int; 0-600>
# Speed should be set in the format `<interface_speed>` or `forced <interface_speed>` or `auto <interface_speed>`.
speed: <str>
mtu: <int; 68-65535>
# "l2_mtu" should only be defined for platforms supporting the "l2 mtu" CLI.
l2_mtu: <int; 68-65535>
# "l2_mru" should only be defined for platforms supporting the "l2 mru" CLI.
l2_mru: <int; 68-65535>
# List of switchport vlans as string.
# For a trunk port this would be a range like "1-200,300".
# For an access port this would be a single vlan "123".
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.access_vlan or switchport.trunk.allowed_vlan</samp> instead.
vlans: <str>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.trunk.native_vlan</samp> instead.
native_vlan: <int>
# If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.trunk.native_vlan_tag</samp> instead.
native_vlan_tag: <bool>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.mode</samp> instead.
mode: <str; "access" | "dot1q-tunnel" | "trunk" | "trunk phone">
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.phone</samp> instead.
phone:
trunk: <str; "tagged" | "tagged phone" | "untagged" | "untagged phone">
vlan: <int; 1-4094>
l2_protocol:
# Vlan tag to configure on sub-interface.
encapsulation_dot1q_vlan: <int>
# L2 protocol forwarding profile.
forwarding_profile: <str>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.trunk.groups</samp> instead.
trunk_groups:
- <str>
# l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
# The `type = switched/routed` should not be combined with `switchport`.
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# See [here](https://avd.arista.com/stable/docs/release-notes/5.x.x.html#removal-of-type-key-dependency-for-rendering-ethernetport-channel-interfaces-configuration-and-documentation) for details.
type: <str; "routed" | "switched" | "l3dot1q" | "l2dot1q" | "port-channel-member">
snmp_trap_link_change: <bool>
address_locking:
# Enable address locking for IPv4.
ipv4: <bool>
# Enable address locking for IPv6.
ipv6: <bool>
flowcontrol:
received: <str; "desired" | "on" | "off">
# VRF name.
vrf: <str>
flow_tracker:
# Sampled flow tracker name.
sampled: <str>
# Hardware flow tracker name.
hardware: <str>
error_correction_encoding:
enabled: <bool; default=True>
fire_code: <bool>
reed_solomon: <bool>
link_tracking_groups:
# Group name.
- name: <str; required; unique>
direction: <str; "upstream" | "downstream">
evpn_ethernet_segment:
# EVPN Ethernet Segment Identifier (Type 1 format).
identifier: <str>
redundancy: <str; "all-active" | "single-active">
designated_forwarder_election:
algorithm: <str; "modulus" | "preference">
# Preference_value is only used when "algorithm" is "preference".
preference_value: <int; 0-65535>
# Dont_preempt is only used when "algorithm" is "preference".
dont_preempt: <bool>
hold_time: <int>
subsequent_hold_time: <int>
candidate_reachability_required: <bool>
mpls:
shared_index: <int; 1-1024>
tunnel_flood_filter_time: <int>
# EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
route_target: <str>
# VLAN tag to configure on sub-interface.
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>encapsulation_dot1q.vlan</samp> instead.
encapsulation_dot1q_vlan: <int>
# Warning: `encapsulation_dot1q` should not be combined with `ethernet_interfaces[].type: l3dot1q` or `ethernet_interfaces[].type: l2dot1q`.
encapsulation_dot1q:
# VLAD ID.
vlan: <int; 1-4094; required>
# Inner VLAN ID. This setting can only be applied to sub-interfaces on EOS.
inner_vlan: <int; 1-4094>
# This setting can only be applied to sub-interfaces on EOS.
# Warning: `encapsulation_vlan` should not be combined with `ethernet_interfaces[].type: l3dot1q` or `ethernet_interfaces[].type: l2dot1q`.
encapsulation_vlan:
client:
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
dot1q:
# Client VLAN ID.
vlan: <int; 1-4094>
# Client Outer VLAN ID.
outer: <int; 1-4094>
# Client Inner VLAN ID.
inner: <int>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
unmatched: <bool>
encapsulation: <str; "dot1q" | "dot1ad" | "unmatched" | "untagged">
# Client VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: unmatched`.
vlan: <int; 1-4094>
# Client Outer VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: unmatched`.
outer_vlan: <int; 1-4094>
# Client Inner VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: unmatched`.
inner_vlan: <int; 1-4094>
inner_encapsulation: <str; "dot1q" | "dot1ad">
# Network encapsulations are all optional and skipped if using client unmatched.
network:
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
dot1q:
# Network VLAN ID.
vlan: <int; 1-4094>
# Network outer VLAN ID.
outer: <int; 1-4094>
# Network inner VLAN ID.
inner: <int; 1-4094>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
client: <bool>
# `untagged` (no encapsulation) is applicable for `untagged` client only.
# `client` and `client inner` (retain client encapsulation) is not applicable for `untagged` client.
encapsulation: <str; "dot1q" | "dot1ad" | "client" | "client inner" | "untagged">
# Network VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: client`.
vlan: <int; 1-4094>
# Network outer VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: client`.
outer_vlan: <int; 1-4094>
# Network inner VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: client`.
inner_vlan: <int; 1-4094>
inner_encapsulation: <str; "dot1q" | "dot1ad">
# This setting can only be applied to sub-interfaces on EOS.
# Warning: `vlan_id` should not be combined with `ethernet_interfaces[].type == l2dot1q`.
vlan_id: <int; 1-4094>
# IPv4 address/mask or "dhcp".
ip_address: <str>
ip_address_secondaries:
- <str>
ip_verify_unicast_source_reachable_via: <str; "any" | "rx">
# Install default-route obtained via DHCP.
dhcp_client_accept_default_route: <bool>
# Enable IPv4 DHCP server.
dhcp_server_ipv4: <bool>
# Enable IPv6 DHCP server.
dhcp_server_ipv6: <bool>
ip_helpers:
- ip_helper: <str; required; unique>
# Source interface name.
source_interface: <str>
# VRF name.
vrf: <str>
ip_nat:
# NAT interface profile.
service_profile: <str>
destination:
dynamic:
- access_list: <str; required; unique>
comment: <str>
pool_name: <str; required>
priority: <int; 0-4294967295>
static:
# 'access_list' and 'group' are mutual exclusive.
- access_list: <str>
comment: <str>
# Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
# EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
direction: <str; "egress" | "ingress">
# 'access_list' and 'group' are mutual exclusive.
group: <int; 1-65535>
# IPv4 address. The combination of `original_ip` and `original_port` must be unique.
original_ip: <str>
# TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
original_port: <int; 1-65535>
priority: <int; 0-4294967295>
protocol: <str; "udp" | "tcp">
# IPv4 address.
translated_ip: <str; required>
# requires 'original_port'.
translated_port: <int; 1-65535>
source:
dynamic:
- access_list: <str; required; unique>
comment: <str>
nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>
# required if 'nat_type' is pool, pool-address-only or pool-full-cone.
# ignored if 'nat_type' is overload.
pool_name: <str>
priority: <int; 0-4294967295>
static:
# 'access_list' and 'group' are mutual exclusive.
- access_list: <str>
comment: <str>
# Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
# EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
direction: <str; "egress" | "ingress">
# 'access_list' and 'group' are mutual exclusive.
group: <int; 1-65535>
# IPv4 address. The combination of `original_ip` and `original_port` must be unique.
original_ip: <str>
# TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
original_port: <int; 1-65535>
priority: <int; 0-4294967295>
protocol: <str; "udp" | "tcp">
# IPv4 address.
translated_ip: <str; required>
# requires 'original_port'.
translated_port: <int; 1-65535>
ipv6_enable: <bool>
ipv6_address: <str>
# Link local IPv6 address/mask.
ipv6_address_link_local: <str>
ipv6_nd_ra_disabled: <bool>
ipv6_nd_managed_config_flag: <bool>
ipv6_nd_prefixes:
- ipv6_prefix: <str; required; unique>
# Infinite or lifetime in seconds.
valid_lifetime: <str>
# Infinite or lifetime in seconds.
preferred_lifetime: <str>
no_autoconfig_flag: <bool>
ipv6_dhcp_relay_destinations:
# DHCP server's IPv6 address.
- address: <str; required; unique>
vrf: <str>
# Local interface to communicate with DHCP server - mutually exclusive to source_address.
local_interface: <str>
# Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface.
source_address: <str>
# Override the default link address specified in the relayed DHCP packet.
link_address: <str>
# Access list name.
access_group_in: <str>
# Access list name.
access_group_out: <str>
# IPv6 access list name.
ipv6_access_group_in: <str>
# IPv6 access list name.
ipv6_access_group_out: <str>
# MAC access list name.
mac_access_group_in: <str>
# MAC access list name.
mac_access_group_out: <str>
# Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
multicast:
ipv4:
boundaries:
# ACL name or multicast IP subnet.
- boundary: <str>
out: <bool>
static: <bool>
ipv6:
boundaries:
# ACL name or multicast IP subnet.
- boundary: <str>
static: <bool>
ospf_network_point_to_point: <bool>
ospf_area: <str>
ospf_cost: <int>
ospf_authentication: <str; "none" | "simple" | "message-digest">
# Encrypted password - only type 7 supported.
ospf_authentication_key: <str>
ospf_message_digest_keys:
- id: <int; required; unique>
hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">
# Encrypted password - only type 7 supported.
key: <str>
pim:
ipv4:
# Configure PIM border router. EOS default is false.
border_router: <bool>
dr_priority: <int; 0-429467295>
sparse_mode: <bool>
# Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
bfd: <bool>
bidirectional: <bool>
hello:
# Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
count: <str>
# PIM hello interval in seconds.
interval: <int; 1-65535>
mac_security:
profile: <str>
# The TCP MSS clamping feature involves clamping the maximum segment size (MSS) in the TCP header
# of TCP SYN packets if it exceeds the configured MSS ceiling limit for the interface.
tcp_mss_ceiling:
ipv4_segment_size: <int; 64-65475>
ipv6_segment_size: <int; 64-65475>
direction: <str; "egress" | "ingress">
channel_group:
id: <int>
mode: <str; "on" | "active" | "passive">
# ISIS instance.
isis_enable: <str>
# Enable BFD for ISIS.
isis_bfd: <bool>
isis_passive: <bool>
isis_metric: <int>
isis_network_point_to_point: <bool>
isis_circuit_type: <str; "level-1-2" | "level-1" | "level-2">
isis_hello_padding: <bool>
isis_authentication_mode: <str; "text" | "md5">
# Type-7 encrypted password.
isis_authentication_key: <str>
poe:
# Disable PoE on a POE capable port. PoE is enabled on all ports that support it by default in EOS.
disabled: <bool; default=False>
# Prioritize a port's power in the event that one of the switch's power supplies loses power.
priority: <str; "critical" | "high" | "medium" | "low">
# Set the PoE power behavior for a PoE port when the system is rebooted.
reboot:
# PoE action for interface.
action: <str; "maintain" | "power-off">
# Set the PoE power behavior for a PoE port when the port goes down.
link_down:
# PoE action for interface.
action: <str; "maintain" | "power-off">
# Number of seconds to delay shutting the power off after a link down event occurs. Default value is 5 seconds in EOS.
power_off_delay: <int; 1-86400>
# Set the PoE power behavior for a PoE port when the port is admin down.
shutdown:
# PoE action for interface.
action: <str; "maintain" | "power-off">
# Override the hardware-negotiated power limit using either wattage or a power class. Note that if using a power class, AVD will automatically convert the class value to the wattage value corresponding to that power class.
limit:
class: <int; 0-8>
watts: <str>
# Set to ignore hardware classification.
fixed: <bool>
# Disable to prevent port from negotiating power with powered devices over LLDP. Enabled by default in EOS.
negotiation_lldp: <bool>
# Allow a subset of legacy devices to work with the PoE switch. Disabled by default in EOS because it can cause false positive detections.
legacy_detect: <bool>
ptp:
enable: <bool>
announce:
interval: <int>
timeout: <int>
delay_req: <int>
delay_mechanism: <str; "e2e" | "p2p">
profile:
g8275_1:
destination_mac_address: <str; "forwardable" | "non-forwardable">
sync_message:
interval: <int>
role: <str; "master" | "dynamic">
# VLAN can be 'all' or list of vlans as string.
vlan: <str>
transport: <str; "ipv4" | "ipv6" | "layer2">
# Interface profile.
profile: <str>
storm_control:
all:
# Configure maximum storm-control level.
level: <str>
# Optional field and is hardware dependent.
unit: <str; "percent" | "pps"; default="percent">
broadcast:
# Configure maximum storm-control level.
level: <str>
# Optional field and is hardware dependent.
unit: <str; "percent" | "pps"; default="percent">
multicast:
# Configure maximum storm-control level.
level: <str>
# Optional field and is hardware dependent.
unit: <str; "percent" | "pps"; default="percent">
unknown_unicast:
# Configure maximum storm-control level.
level: <str>
# Optional field and is hardware dependent.
unit: <str; "percent" | "pps"; default="percent">
logging:
event:
link_status: <bool>
congestion_drops: <bool>
spanning_tree: <bool>
# Discards due to storm-control.
storm_control_discards: <bool>
lldp:
transmit: <bool>
receive: <bool>
# ZTP vlan number.
ztp_vlan: <int>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.trunk.private_vlan_secondary</samp> instead.
trunk_private_vlan_secondary: <bool>
# List of vlans as string.
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.pvlan_mapping</samp> instead.
pvlan_mapping: <str>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.vlan_translations</samp> instead.
vlan_translations:
# List of vlans as string (only one vlan if direction is "both").
- from: <str>
# VLAN ID.
to: <int>
direction: <str; "in" | "out" | "both"; default="both">
dot1x:
port_control: <str; "auto" | "force-authorized" | "force-unauthorized">
port_control_force_authorized_phone: <bool>
reauthentication: <bool>
pae:
mode: <str; "authenticator">
authentication_failure:
action: <str; "allow" | "drop">
allow_vlan: <int; 1-4094>
host_mode:
mode: <str; "multi-host" | "single-host">
multi_host_authenticated: <bool>
mac_based_authentication:
enabled: <bool>
always: <bool>
host_mode_common: <bool>
# Operate interface in per-mac access-list mode.
mac_based_access_list: <bool>
timeout:
idle_host: <int; 10-65535>
quiet_period: <int; 1-65535>
# Value can be 60-4294967295 or 'server'.
reauth_period: <str>
reauth_timeout_ignore: <bool>
tx_period: <int; 1-65535>
reauthorization_request_limit: <int; 1-10>
unauthorized:
access_vlan_membership_egress: <bool>
native_vlan_membership_egress: <bool>
eapol:
disabled: <bool>
authentication_failure_fallback_mba:
enabled: <bool>
timeout: <int; 0-65535>
aaa:
# Configure AAA timeout options.
unresponsive:
# EAP response to send. EOS default is `success`.
eap_response: <str; "success" | "disabled">
# Set action for supplicant when AAA times out.
action:
# Name of standard access-list to apply when AAA times out.
traffic_allow_access_list: <str>
# Use results from a previous AAA response.
apply_cached_results: <bool>
cached_results_timeout:
# Enable caching for a specific duration -
# <1-10000> duration in days
# <1-14400000> duration in minutes
# <1-240000> duration in hours
# <1-864000000> duration in seconds
time_duration: <int; >=1>
time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>
# Apply alternate action if primary action fails.
# eg. aaa unresponsive action apply cached-results else traffic allow
apply_alternate: <bool>
# Set action for supplicant traffic when AAA times out.
traffic_allow: <bool>
traffic_allow_vlan: <int; 1-4094>
# Set action for supplicant when AAA times out.
phone_action:
# Use results from a previous AAA response.
apply_cached_results: <bool>
cached_results_timeout:
# Enable caching for a specific duration -
# <1-10000> duration in days
# <1-14400000> duration in minutes
# <1-240000> duration in hours
# <1-864000000> duration in seconds
time_duration: <int; >=1>
time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>
# Apply alternate action if primary action fails.
# eg. aaa unresponsive phone action apply cached-results else traffic allow
apply_alternate: <bool>
# Set action for supplicant traffic when AAA times out.
traffic_allow: <bool>
# QOS profile.
service_profile: <str>
shape:
# Rate in kbps, pps or percent.
# Supported options are platform dependent.
# Examples:
# - "5000 kbps"
# - "1000 pps"
# - "20 percent"
rate: <str>
qos:
trust: <str; "dscp" | "cos" | "disabled">
# DSCP value.
dscp: <int>
# COS value.
cos: <int>
spanning_tree_bpdufilter: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
spanning_tree_bpduguard: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
spanning_tree_guard: <str; "loop" | "root" | "disabled">
spanning_tree_portfast: <str; "edge" | "network">
vmtracer: <bool>
priority_flow_control:
enabled: <bool>
priorities:
- priority: <int; 0-7; required; unique>
no_drop: <bool>
bfd:
echo: <bool>
# Interval in milliseconds.
interval: <int>
# Rate in milliseconds.
min_rx: <int>
multiplier: <int; 3-50>
service_policy:
pbr:
# Policy Based Routing Policy-map name.
input: <str>
qos:
# Quality of Service Policy-map name.
input: <str; required>
mpls:
ip: <bool>
ldp:
interface: <bool>
igp_sync: <bool>
lacp_timer:
mode: <str; "fast" | "normal">
multiplier: <int; 3-3000>
lacp_port_priority: <int; 0-65535>
transceiver:
# Transceiver Laser Frequency in GHz (min 190000, max 200000).
frequency: <str>
# Unit of Transceiver Laser Frequency.
frequency_unit: <str; "ghz">
media:
# Transceiver type.
override: <str>
ip_proxy_arp: <bool>
traffic_policy:
# Ingress traffic policy.
input: <str>
# Egress traffic policy.
output: <str>
bgp:
# Name of session tracker.
session_tracker: <str>
ip_igmp_host_proxy:
enabled: <bool>
groups:
# Multicast Address.
- group: <str; required; unique>
# The same source must not be present both in `exclude` and `include` list.
exclude:
- source: <str; required; unique>
# The same source must not be present both in `exclude` and `include` list.
include:
- source: <str; required; unique>
# Time interval between unsolicited reports.
report_interval: <int; 1-31744>
# Non-standard Access List name.
access_lists:
- name: <str; required; unique>
# IGMP version on IGMP host-proxy interface.
version: <int; 1-3>
# Key only used for documentation or validation purposes.
peer: <str>
# Key only used for documentation or validation purposes.
peer_interface: <str>
# Key only used for documentation or validation purposes.
peer_type: <str>
sflow:
enable: <bool>
egress:
enable: <bool>
unmodified_enable: <bool>
sync_e:
enable: <bool>
# The priority is used to influence the reference clock selection. The EOS default priority is 127. The priority can be configured to any integer between 1-255, or set to `disabled`.
priority: <str>
# Key only used for documentation or validation purposes.
port_profile: <str>
uc_tx_queues:
# TX-Queue ID.
- id: <int; required; unique>
random_detect:
# Explicit Congestion Notification.
ecn:
# Enable counter for random-detect ECNs.
count: <bool>
threshold:
# Indicate the units to be used for the threshold values.
units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>
# Set the random-detect ECN minimum-threshold.
min: <int; 1-256000000; required>
# Set the random-detect ECN maximum-threshold.
max: <int; 1-256000000; required>
# Set the random-detect ECN max-mark-probability.
max_probability: <int; 1-100>
# Set the random-detect ECN weight.
weight: <int; 0-15>
tx_queues:
# TX-Queue ID.
- id: <int; required; unique>
random_detect:
# Explicit Congestion Notification.
ecn:
# Enable counter for random-detect ECNs.
count: <bool>
threshold:
# Indicate the units to be used for the threshold values.
units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>
# Set the random-detect ECN minimum-threshold.
min: <int; 1-256000000>
# Set the random-detect ECN maximum-threshold.
max: <int; 1-256000000; required>
# Set the random-detect ECN max-mark-probability.
max_probability: <int; 1-100; required>
# Set the random-detect ECN weight.
weight: <int; 0-15>
# VRRP model.
vrrp_ids:
# VRID.
- id: <int; required; unique>
# Instance priority.
priority_level: <int; 1-254>
advertisement:
# Interval in seconds.
interval: <int; 1-255>
preempt:
enabled: <bool; required>
delay:
# Minimum preempt delay in seconds.
minimum: <int; 0-3600>
# Reload preempt delay in seconds.
reload: <int; 0-3600>
timers:
delay:
# Delay after reload in seconds.
reload: <int; 0-3600>
tracked_object:
# Tracked object name.
- name: <str; required; unique>
# Decrement VRRP priority by 1-254.
decrement: <int; 1-254>
shutdown: <bool>
ipv4:
# Virtual IPv4 address.
address: <str; required>
version: <int; 2 | 3>
ipv6:
# Virtual IPv6 address.
address: <str; required>
# Set to false to disable interface validation by the `eos_validate_state` role.
validate_state: <bool>
# This should not be combined with `ethernet_interfaces[].type = switched/routed`.
switchport:
# Warning: This should not be combined with `ethernet_interfaces[].type = routed`.
enabled: <bool>
# Warning: This should not be combined with `ethernet_interfaces[].mode`.
mode: <str; "access" | "dot1q-tunnel" | "trunk" | "trunk phone">
# Set VLAN when interface is in access mode.
# Warning: This should not be combined with `ethernet_interfaces[].mode = access/dot1q-tunnel` and `ethernet_interface[].vlans`.
access_vlan: <int; 1-4094>
trunk:
# VLAN ID or range(s) of VLAN IDs.
# Warning: This should not be combined with `ethernet_interfaces[].mode = trunk` and `ethernet_interface[].vlans`.
allowed_vlan: <str>
# Set native VLAN when interface is in trunking mode.
# Warning: This should not be combined with `ethernet_interfaces[].native_vlan`.
native_vlan: <int; 1-4094>
# If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
# Warning: This should not be combined with `ethernet_interfaces[].native_vlan_tag`.
native_vlan_tag: <bool>
# Enable secondary VLAN mapping for a private vlan.
# Warning: This should not be combined with `ethernet_ineterfaces[].trunk_private_vlan_secondary`.
private_vlan_secondary: <bool>
# Warning: This should not be combined with `ethernet_ineterfaces[].trunk_groups`.
groups:
# Trunk group name.
- <str>
# Warning: This should not be combined with `ethernet_interfaces[].phone`.
phone:
# Warning: This should not be combined with `ethernet_interfaces[].phone.vlan`.
vlan: <int; 1-4094>
# Warning: This should not be combined with `ethernet_interfaces[].phone.trunk`.
trunk: <str; "tagged" | "tagged phone" | "untagged" | "untagged phone">
# Secondary VLAN IDs of the private VLAN mapping.
# Warning: This should not be combined with `ethernet_interfaces[].pvlan_mapping`.
pvlan_mapping: <str>
dot1q:
# Ethertype/TPID (Tag Protocol IDentifier) for VLAN tagged frames.
ethertype: <int; 1536-65535>
# Allow/disallow VLAN tagged frames.
vlan_tag: <str; "disallowed" | "required">
# tx: Allow bridged traffic to go out of the source interface.
# tx multicast: Allow multicast traffic only to go out of the source interface.
source_interface: <str; "tx" | "tx multicast">
# VLAN Translation mappings.
# Warning: This should not be combined with `ethernet_interfaces[].vlan_translations`.
vlan_translations:
# Drop the ingress traffic that do not match any VLAN mapping.
in_required: <bool>
# Drop the egress traffic that do not match any VLAN mapping.
out_required: <bool>
# Map ingress traffic only.
direction_in:
# VLAN ID or range of VLAN IDs to map from. Range 1-4094.
- from: <str; required>
# VLAN ID to map to.
to: <int; 1-4094; required>
dot1q_tunnel: <bool>
# Inner VLAN ID to map from.
inner_vlan_from: <int; 1-4094>
# Map egress traffic only.
direction_out:
# VLAN ID or range of VLAN IDs to map from. Range 1-4094.
- from: <str; required>
# VLAN ID to map to.
to: <int; 1-4094>
# VLAN ID or range of VLAN IDs or "all". Range 1-4094.
# This takes precedence over `to` and `inner_vlan_to`.
dot1q_tunnel_to: <str>
# Inner VLAN ID to map to.
inner_vlan_to: <int; 1-4094>
# Map both egress and ingress traffic.
direction_both:
# VLAN ID or range of VLAN IDs to map from. Range 1-4094.
- from: <str; required>
# VLAN ID to map to.
to: <int; 1-4094; required>
dot1q_tunnel: <bool>
# Inner VLAN ID to map from.
inner_vlan_from: <int; 1-4094>
# Enable use of network-side VLAN ID.
# This setting can only be enabled when `inner_vlan_from` is defined.
network: <bool>
vlan_forwarding_accept_all: <bool>
backup_link:
# Backup interface. Example - Ethernet4, Vlan10 etc.
interface: <str>
# VLANs to carry on the backup interface (1-4094).
prefer_vlan: <str>
# The `backup_link` is required for this setting.
backup:
# Destination MAC address for MAC move updates.
# The mac address should be multicast or broadcast.
# Example: 01:00:00:00:00:00
dest_macaddr: <str>
# Initial MAC move delay in milliseconds.
initial_mac_move_delay: <int; 0-65535>
# Size of MAC move bursts.
mac_move_burst: <int; 0-65535>
# MAC move burst interval in milliseconds.
mac_move_burst_interval: <int; 0-65535>
# Preemption delay in milliseconds.
preemption_delay: <int; 0-65535>
port_security:
enabled: <bool>
# Maximum number of MAC addresses allowed on the interface.
mac_address_maximum:
# Disable port level check for port security (only in violation 'shutdown' mode).
disabled: <bool>
# MAC address limit.
limit: <int; 1-1000>
# Configure violation mode (shutdown or protect), EOS default is 'shutdown'.
violation:
# Configure port security mode.
mode: <str; "shutdown" | "protect">
# Log new addresses seen after limit is reached in protect mode.
protect_log: <bool>
# Default maximum MAC addresses for all VLANs on this interface.
vlan_default_mac_address_maximum: <int; 0-1000>
vlans:
# VLAN ID or range(s) of VLAN IDs, <1-4094>.
# Example:
# - 3
# - 1,3
# - 1-10
- range: <str; required; unique>
mac_address_maximum: <int; required>
# Multiline EOS CLI rendered directly on the ethernet interface in the final EOS configuration.
eos_cli: <str>
Interface defaults¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
interface_defaults | Dictionary | ||||
ethernet | Dictionary | ||||
shutdown | Boolean | ||||
mtu | Integer |
Interface profiles¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
interface_profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | Interface-Profile Name. | ||
commands | List, items: String | Required | |||
- <str> | String | EOS CLI interface command. Example: “switchport mode access” |
LACP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
lacp | Dictionary | Set Link Aggregation Control Protocol (LACP) parameters. | |||
port_id | Dictionary | LACP port-ID range configuration. | |||
range | Dictionary | ||||
begin | Integer | Minimum LACP port-ID range. | |||
end | Integer | Maximum LACP port-ID range. | |||
rate_limit | Dictionary | Set LACPDU rate limit options. | |||
default | Boolean | Enable LACPDU rate limiting by default on all ports. | |||
system_priority | Integer | Min: 0 Max: 65535 |
Set local system LACP priority. |
# Set Link Aggregation Control Protocol (LACP) parameters.
lacp:
# LACP port-ID range configuration.
port_id:
range:
# Minimum LACP port-ID range.
begin: <int>
# Maximum LACP port-ID range.
end: <int>
# Set LACPDU rate limit options.
rate_limit:
# Enable LACPDU rate limiting by default on all ports.
default: <bool>
# Set local system LACP priority.
system_priority: <int; 0-65535>
Link tracking groups¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
link_tracking_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
links_minimum | Integer | Min: 1 Max: 100000 |
|||
recovery_delay | Integer | Min: 0 Max: 3600 |
LLDP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
lldp | Dictionary | ||||
timer | Integer | ||||
timer_reinitialization | String | ||||
holdtime | Integer | ||||
management_address | String | ||||
vrf | String | ||||
receive_packet_tagged_drop | String | ||||
tlvs | List, items: Dictionary | ||||
- name | String | Required, Unique | Valid Values: - link-aggregation - management-address - max-frame-size - med - port-description - port-vlan - power-via-mdi - system-capabilities - system-description - system-name - vlan-name |
||
transmit | Boolean | ||||
run | Boolean |
lldp:
timer: <int>
timer_reinitialization: <str>
holdtime: <int>
management_address: <str>
vrf: <str>
receive_packet_tagged_drop: <str>
tlvs:
- name: <str; "link-aggregation" | "management-address" | "max-frame-size" | "med" | "port-description" | "port-vlan" | "power-via-mdi" | "system-capabilities" | "system-description" | "system-name" | "vlan-name"; required; unique>
transmit: <bool>
run: <bool>
Loopback interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
loopback_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | Loopback interface name e.g. “Loopback0”. | ||
description | String | ||||
shutdown | Boolean | ||||
vrf | String | VRF name. | |||
ip_address | String | IPv4_address/Mask. | |||
ip_address_secondaries | List, items: String | ||||
- <str> | String | IPv4_address/Mask. | |||
ipv6_enable | Boolean | ||||
ipv6_address | String | IPv6_address/Mask. | |||
ip_proxy_arp | Boolean | ||||
ospf_area | String | ||||
mpls | Dictionary | ||||
ldp | Dictionary | ||||
interface | Boolean | ||||
isis_enable | String | ISIS instance name. | |||
isis_bfd | Boolean | Enable BFD for ISIS. | |||
isis_passive | Boolean | ||||
isis_metric | Integer | ||||
isis_network_point_to_point | Boolean | ||||
node_segment | Dictionary | ||||
ipv4_index | Integer | ||||
ipv6_index | Integer | ||||
eos_cli | String | EOS CLI rendered directly on the loopback interface in the final EOS configuration. |
loopback_interfaces:
# Loopback interface name e.g. "Loopback0".
- name: <str; required; unique>
description: <str>
shutdown: <bool>
# VRF name.
vrf: <str>
# IPv4_address/Mask.
ip_address: <str>
ip_address_secondaries:
# IPv4_address/Mask.
- <str>
ipv6_enable: <bool>
# IPv6_address/Mask.
ipv6_address: <str>
ip_proxy_arp: <bool>
ospf_area: <str>
mpls:
ldp:
interface: <bool>
# ISIS instance name.
isis_enable: <str>
# Enable BFD for ISIS.
isis_bfd: <bool>
isis_passive: <bool>
isis_metric: <int>
isis_network_point_to_point: <bool>
node_segment:
ipv4_index: <int>
ipv6_index: <int>
# EOS CLI rendered directly on the loopback interface in the final EOS configuration.
eos_cli: <str>
Management interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | Management Interface Name. | ||
description | String | ||||
shutdown | Boolean | ||||
speed | String | Speed should be set in the format <interface_speed> or forced <interface_speed> or auto <interface_speed> . |
|||
mtu | Integer | ||||
vrf | String | VRF Name. | |||
ip_address | String | IPv4_address/Mask. | |||
ipv6_enable | Boolean | ||||
ipv6_address | String | IPv6_address/Mask. | |||
type | String | oob |
Valid Values: - oob - inband |
For documentation purposes only. | |
gateway | String | IPv4 address of default gateway in management VRF. | |||
ipv6_gateway | String | IPv6 address of default gateway in management VRF. | |||
mac_address | String | MAC address. | |||
lldp | Dictionary | ||||
transmit | Boolean | ||||
receive | Boolean | ||||
ztp_vlan | Integer | ZTP vlan number. | |||
eos_cli | String | Multiline EOS CLI rendered directly on the management interface in the final EOS configuration. |
management_interfaces:
# Management Interface Name.
- name: <str; required; unique>
description: <str>
shutdown: <bool>
# Speed should be set in the format `<interface_speed>` or `forced <interface_speed>` or `auto <interface_speed>`.
speed: <str>
mtu: <int>
# VRF Name.
vrf: <str>
# IPv4_address/Mask.
ip_address: <str>
ipv6_enable: <bool>
# IPv6_address/Mask.
ipv6_address: <str>
# For documentation purposes only.
type: <str; "oob" | "inband"; default="oob">
# IPv4 address of default gateway in management VRF.
gateway: <str>
# IPv6 address of default gateway in management VRF.
ipv6_gateway: <str>
# MAC address.
mac_address: <str>
lldp:
transmit: <bool>
receive: <bool>
# ZTP vlan number.
ztp_vlan: <int>
# Multiline EOS CLI rendered directly on the management interface in the final EOS configuration.
eos_cli: <str>
Patch panel¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
patch_panel | Dictionary | ||||
connector | Dictionary | ||||
interface | Dictionary | ||||
patch | Dictionary | ||||
bgp_vpws_remote_failure_errdisable | Boolean | ||||
recovery | Dictionary | ||||
review_delay | Dictionary | ||||
min | Integer | Required | Min: 10 Max: 600 |
Minimum delay. | |
max | Integer | Required | Min: 15 Max: 900 |
Maximum delay. | |
patches | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
enabled | Boolean | ||||
connectors | List, items: Dictionary | Min Length: 2 Max Length: 2 |
Must have exactly two connectors to a patch of which at least one must be of type “interface”. | ||
- id | String | Required, Unique | |||
type | String | Required | Valid Values: - interface - pseudowire |
||
endpoint | String | Required | String with relevant endpoint depending on type. Examples: - “Ethernet1” - “Ethernet1 dot1q vlan 123” - “bgp vpws TENANT_A pseudowire VPWS_PW_1” - “ldp LDP_PW_1” |
patch_panel:
connector:
interface:
patch:
bgp_vpws_remote_failure_errdisable: <bool>
recovery:
review_delay:
# Minimum delay.
min: <int; 10-600; required>
# Maximum delay.
max: <int; 15-900; required>
patches:
- name: <str; required; unique>
enabled: <bool>
# Must have exactly two connectors to a patch of which at least one must be of type "interface".
connectors: # 2-2 items
- id: <str; required; unique>
type: <str; "interface" | "pseudowire"; required>
# String with relevant endpoint depending on type.
# Examples:
# - "Ethernet1"
# - "Ethernet1 dot1q vlan 123"
# - "bgp vpws TENANT_A pseudowire VPWS_PW_1"
# - "ldp LDP_PW_1"
endpoint: <str; required>
Port-channel interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
port_channel_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
description | String | ||||
logging | Dictionary | ||||
event | Dictionary | ||||
link_status | Boolean | ||||
storm_control_discards | Boolean | Discards due to storm-control. |
|||
shutdown | Boolean | ||||
l2_mtu | Integer | Min: 68 Max: 65535 |
“l2_mtu” should only be defined for platforms supporting the “l2 mtu” CLI. |
||
l2_mru | Integer | Min: 68 Max: 65535 |
“l2_mru” should only be defined for platforms supporting the “l2 mru” CLI. |
||
vlans deprecated | String | List of switchport vlans as string. For a trunk port this would be a range like “1-200,300”. For an access port this would be a single vlan “123”. This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.access_vlan or switchport.trunk.allowed_vlan instead. |
|||
snmp_trap_link_change | Boolean | ||||
type deprecated | String | Valid Values: - routed - switched - l3dot1q - l2dot1q |
l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed. Interface will not be listed in device documentation, unless “type” is set. This key is deprecated. Support will be removed in AVD version 6.0.0. See here for details. |
||
encapsulation_dot1q_vlan deprecated | Integer | VLAN tag to configure on sub-interface.This key is deprecated. Support will be removed in AVD version 6.0.0. Use encapsulation_dot1q.vlan instead. | |||
encapsulation_dot1q | Dictionary | Warning: encapsulation_dot1q should not be combined with ethernet_interfaces[].type: l3dot1q or ethernet_interfaces[].type: l2dot1q . |
|||
vlan | Integer | Required | Min: 1 Max: 4094 |
VLAD ID. | |
inner_vlan | Integer | Min: 1 Max: 4094 |
Inner VLAN ID. This setting can only be applied to sub-interfaces on EOS. | ||
vrf | String | VRF name. | |||
encapsulation_vlan | Dictionary | This setting can only be applied to sub-interfaces on EOS. Warning: encapsulation_vlan should not be combined with ethernet_interfaces[].type: l3dot1q or ethernet_interfaces[].type: l2dot1q . |
|||
client | Dictionary | ||||
dot1q deprecated | Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. | |||
vlan | Integer | Client VLAN ID. | |||
outer | Integer | Min: 1 Max: 4094 |
Client Outer VLAN ID. | ||
inner | Integer | Min: 1 Max: 4094 |
Client Inner VLAN ID. | ||
unmatched deprecated | Boolean | This key is deprecated. Support will be removed in AVD version 6.0.0. | |||
encapsulation | String | Valid Values: - dot1q - dot1ad - unmatched - untagged |
|||
vlan | Integer | Min: 1 Max: 4094 |
Client VLAN ID. Not applicable for encapsulation: untagged or encapsulation: unmatched . |
||
outer_vlan | Integer | Min: 1 Max: 4094 |
Client Outer VLAN ID. Not applicable for encapsulation: untagged or encapsulation: unmatched . |
||
inner_vlan | Integer | Min: 1 Max: 4094 |
Client Inner VLAN ID. Not applicable for encapsulation: untagged or encapsulation: unmatched . |
||
inner_encapsulation | String | Valid Values: - dot1q - dot1ad |
|||
network | Dictionary | Network encapsulation are all optional, and skipped if using client unmatched. | |||
dot1q deprecated | Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. | |||
vlan | Integer | Min: 1 Max: 4094 |
Network VLAN ID. | ||
outer | Integer | Min: 1 Max: 4094 |
Network Outer VLAN ID. | ||
inner | Integer | Min: 1 Max: 4094 |
Network Inner VLAN ID. | ||
client deprecated | Boolean | This key is deprecated. Support will be removed in AVD version 6.0.0. | |||
encapsulation | String | Valid Values: - dot1q - dot1ad - client - client inner - untagged |
untagged (no encapsulation) is applicable for untagged client only.client and client inner (retain client encapsulation) is not applicable for untagged client. |
||
vlan | Integer | Min: 1 Max: 4094 |
Network VLAN ID. Not applicable for encapsulation: untagged or encapsulation: client . |
||
outer_vlan | Integer | Min: 1 Max: 4094 |
Network outer VLAN ID. Not applicable for encapsulation: untagged or encapsulation: client . |
||
inner_vlan | Integer | Min: 1 Max: 4094 |
Network inner VLAN ID. Not applicable for encapsulation: untagged or encapsulation: client . |
||
inner_encapsulation | String | Valid Values: - dot1q - dot1ad |
|||
vlan_id | Integer | Min: 1 Max: 4094 |
This setting can only be applied to sub-interfaces on EOS. Warning: vlan_id should not be combined with ethernet_interfaces[].type == l2dot1q . |
||
mode deprecated | String | Valid Values: - access - dot1q-tunnel - trunk - trunk phone |
This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.mode instead. | ||
native_vlan deprecated | Integer | If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.trunk.native_vlan instead. | |||
native_vlan_tag deprecated | Boolean | False |
If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.trunk.native_vlan_tag instead. | ||
link_tracking_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Group name. | ||
direction | String | Valid Values: - upstream - downstream |
|||
phone deprecated | Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.phone instead. | |||
trunk | String | Valid Values: - tagged - untagged |
|||
vlan | Integer | Min: 1 Max: 4094 |
|||
l2_protocol | Dictionary | ||||
encapsulation_dot1q_vlan | Integer | Vlan tag to configure on sub-interface. | |||
forwarding_profile | String | L2 protocol forwarding profile. | |||
mtu | Integer | Min: 68 Max: 65535 |
|||
mlag | Integer | Min: 1 Max: 2000 |
MLAG ID. | ||
trunk_groups deprecated | List, items: String | This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.trunk.groups instead. | |||
- <str> | String | ||||
lacp_fallback_timeout | Integer | 90 |
Min: 0 Max: 300 |
Timeout in seconds. | |
lacp_fallback_mode | String | Valid Values: - individual - static |
|||
qos | Dictionary | ||||
trust | String | Valid Values: - dscp - cos - disabled |
|||
dscp | Integer | DSCP value. | |||
cos | Integer | COS value. | |||
bfd | Dictionary | ||||
echo | Boolean | ||||
interval | Integer | Interval in milliseconds. | |||
min_rx | Integer | Rate in milliseconds. | |||
multiplier | Integer | Min: 3 Max: 50 |
|||
neighbor | String | IPv4 or IPv6 address. When the Port-channel is a L2 interface, a local L3 BFD address (router_bfd.local_address) has to be defined globally on the switch. | |||
per_link | Dictionary | ||||
enabled | Boolean | ||||
rfc_7130 | Boolean | ||||
service_policy | Dictionary | ||||
pbr | Dictionary | ||||
input | String | Policy Based Routing Policy-map name. | |||
qos | Dictionary | ||||
input | String | Required | Quality of Service Policy-map name. | ||
mpls | Dictionary | ||||
ip | Boolean | ||||
ldp | Dictionary | ||||
interface | Boolean | ||||
igp_sync | Boolean | ||||
trunk_private_vlan_secondary deprecated | Boolean | This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.trunk.private_vlan_secondary instead. | |||
pvlan_mapping deprecated | String | List of vlans as string.This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.pvlan_mapping instead. | |||
vlan_translations deprecated | List, items: Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.vlan_translations instead. | |||
- from | String | List of vlans as string (only one vlan if direction is “both”). | |||
to | Integer | VLAN ID. | |||
direction | String | both |
Valid Values: - in - out - both |
||
shape | Dictionary | ||||
rate | String | Rate in kbps, pps or percent. Supported options are platform dependent. Examples: - “5000 kbps” - “1000 pps” - “20 percent” |
|||
storm_control | Dictionary | ||||
all | Dictionary | ||||
level | String | Configure maximum storm-control level. | |||
unit | String | percent |
Valid Values: - percent - pps |
Optional field and is hardware dependent. | |
broadcast | Dictionary | ||||
level | String | Configure maximum storm-control level. | |||
unit | String | percent |
Valid Values: - percent - pps |
Optional field and is hardware dependent. | |
multicast | Dictionary | ||||
level | String | Configure maximum storm-control level. | |||
unit | String | percent |
Valid Values: - percent - pps |
Optional field and is hardware dependent. | |
unknown_unicast | Dictionary | ||||
level | String | Configure maximum storm-control level. | |||
unit | String | percent |
Valid Values: - percent - pps |
Optional field and is hardware dependent. | |
ip_proxy_arp | Boolean | ||||
isis_enable | String | ISIS instance. | |||
isis_bfd | Boolean | Enable BFD for ISIS. | |||
isis_passive | Boolean | ||||
isis_metric | Integer | ||||
isis_network_point_to_point | Boolean | ||||
isis_circuit_type | String | Valid Values: - level-1-2 - level-1 - level-2 |
|||
isis_hello_padding | Boolean | ||||
isis_authentication_mode | String | Valid Values: - text - md5 |
|||
isis_authentication_key | String | Type-7 encrypted password. | |||
traffic_policy | Dictionary | ||||
input | String | Ingress traffic policy. | |||
output | String | Egress traffic policy. | |||
evpn_ethernet_segment | Dictionary | ||||
identifier | String | EVPN Ethernet Segment Identifier (Type 1 format). | |||
redundancy | String | Valid Values: - all-active - single-active |
|||
designated_forwarder_election | Dictionary | ||||
algorithm | String | Valid Values: - modulus - preference |
|||
preference_value | Integer | Min: 0 Max: 65535 |
Preference_value is only used when “algorithm” is “preference”. | ||
dont_preempt | Boolean | False |
Dont_preempt is only used when “algorithm” is “preference”. | ||
hold_time | Integer | ||||
subsequent_hold_time | Integer | ||||
candidate_reachability_required | Boolean | ||||
mpls | Dictionary | ||||
shared_index | Integer | Min: 1 Max: 1024 |
|||
tunnel_flood_filter_time | Integer | ||||
route_target | String | EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx. | |||
lacp_id | String | LACP ID with format xxxx.xxxx.xxxx. | |||
spanning_tree_bpdufilter | String | Valid Values: - enabled - disabled - True - False - true - false |
|||
spanning_tree_bpduguard | String | Valid Values: - enabled - disabled - True - False - true - false |
|||
spanning_tree_guard | String | Valid Values: - loop - root - disabled |
|||
spanning_tree_portfast | String | Valid Values: - edge - network |
|||
vmtracer | Boolean | ||||
ptp | Dictionary | ||||
enable | Boolean | ||||
announce | Dictionary | ||||
interval | Integer | ||||
timeout | Integer | ||||
delay_req | Integer | ||||
delay_mechanism | String | Valid Values: - e2e - p2p |
|||
profile | Dictionary | ||||
g8275_1 | Dictionary | ||||
destination_mac_address | String | Valid Values: - forwardable - non-forwardable |
|||
sync_message | Dictionary | ||||
interval | Integer | ||||
role | String | Valid Values: - master - dynamic |
|||
vlan | String | VLAN can be ‘all’ or list of vlans as string. | |||
transport | String | Valid Values: - ipv4 - ipv6 - layer2 |
|||
mpass | Boolean | When MPASS is enabled on an MLAG port-channel, MLAG peers coordinate to function as a single PTP logical device. Arista PTP enabled devices always place PTP messages on the same physical link within the port-channel. Hence, MPASS is needed only on MLAG port-channels connected to non-Arista devices. |
|||
ip_address | String | IPv4 address/mask. | |||
ip_verify_unicast_source_reachable_via | String | Valid Values: - any - rx |
|||
ip_nat | Dictionary | ||||
destination | Dictionary | ||||
dynamic | List, items: Dictionary | ||||
- access_list | String | Required, Unique | |||
comment | String | ||||
pool_name | String | Required | |||
priority | Integer | Min: 0 Max: 4294967295 |
|||
static | List, items: Dictionary | ||||
- access_list | String | ‘access_list’ and ‘group’ are mutual exclusive. | |||
comment | String | ||||
direction | String | Valid Values: - egress - ingress |
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW. |
||
group | Integer | Min: 1 Max: 65535 |
‘access_list’ and ‘group’ are mutual exclusive. | ||
original_ip | String | IPv4 address. The combination of original_ip and original_port must be unique. |
|||
original_port | Integer | Min: 1 Max: 65535 |
TCP/UDP port. The combination of original_ip and original_port must be unique. |
||
priority | Integer | Min: 0 Max: 4294967295 |
|||
protocol | String | Valid Values: - udp - tcp |
|||
translated_ip | String | Required | IPv4 address. | ||
translated_port | Integer | Min: 1 Max: 65535 |
requires ‘original_port’. | ||
source | Dictionary | ||||
dynamic | List, items: Dictionary | ||||
- access_list | String | Required, Unique | |||
comment | String | ||||
nat_type | String | Required | Valid Values: - overload - pool - pool-address-only - pool-full-cone |
||
pool_name | String | required if ‘nat_type’ is pool, pool-address-only or pool-full-cone. ignored if ‘nat_type’ is overload. |
|||
priority | Integer | Min: 0 Max: 4294967295 |
|||
static | List, items: Dictionary | ||||
- access_list | String | ‘access_list’ and ‘group’ are mutual exclusive. | |||
comment | String | ||||
direction | String | Valid Values: - egress - ingress |
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW. |
||
group | Integer | Min: 1 Max: 65535 |
‘access_list’ and ‘group’ are mutual exclusive. | ||
original_ip | String | IPv4 address. The combination of original_ip and original_port must be unique. |
|||
original_port | Integer | Min: 1 Max: 65535 |
TCP/UDP port. The combination of original_ip and original_port must be unique. |
||
priority | Integer | Min: 0 Max: 4294967295 |
|||
protocol | String | Valid Values: - udp - tcp |
|||
translated_ip | String | Required | IPv4 address. | ||
translated_port | Integer | Min: 1 Max: 65535 |
requires ‘original_port’. | ||
ipv6_enable | Boolean | ||||
ipv6_address | String | IPv6 address/mask. | |||
ipv6_address_link_local | String | Link local IPv6 address/mask. | |||
ipv6_nd_ra_disabled | Boolean | ||||
ipv6_nd_managed_config_flag | Boolean | ||||
ipv6_nd_prefixes | List, items: Dictionary | ||||
- ipv6_prefix | String | Required, Unique | |||
valid_lifetime | String | Infinite or lifetime in seconds. | |||
preferred_lifetime | String | Infinite or lifetime in seconds. | |||
no_autoconfig_flag | Boolean | ||||
access_group_in | String | Access list name. | |||
access_group_out | String | Access list name. | |||
ipv6_access_group_in | String | IPv6 access list name. | |||
ipv6_access_group_out | String | IPv6 access list name. | |||
mac_access_group_in | String | MAC access list name. | |||
mac_access_group_out | String | MAC access list name. | |||
pim | Dictionary | ||||
ipv4 | Dictionary | ||||
border_router | Boolean | Configure PIM border router. EOS default is false. | |||
dr_priority | Integer | Min: 0 Max: 429467295 |
|||
sparse_mode | Boolean | ||||
bfd | Boolean | Set the default for whether Bidirectional Forwarding Detection is enabled for PIM. | |||
bidirectional | Boolean | ||||
hello | Dictionary | ||||
count | String | Number of missed hellos after which the neighbor expires. Range <1.5-65535>. | |||
interval | Integer | Min: 1 Max: 65535 |
PIM hello interval in seconds. | ||
service_profile | String | QOS profile. | |||
ospf_network_point_to_point | Boolean | ||||
ospf_area | String | ||||
ospf_cost | Integer | ||||
ospf_authentication | String | Valid Values: - none - simple - message-digest |
|||
ospf_authentication_key | String | Encrypted password. | |||
ospf_message_digest_keys | List, items: Dictionary | ||||
- id | Integer | Required, Unique | |||
hash_algorithm | String | Valid Values: - md5 - sha1 - sha256 - sha384 - sha512 |
|||
key | String | Encrypted password. | |||
flow_tracker | Dictionary | ||||
sampled | String | Sampled flow tracker name. | |||
hardware | String | Hardware flow tracker name. | |||
bgp | Dictionary | ||||
session_tracker | String | Name of session tracker. | |||
ip_igmp_host_proxy | Dictionary | ||||
enabled | Boolean | ||||
groups | List, items: Dictionary | ||||
- group | String | Required, Unique | Multicast Address. | ||
exclude | List, items: Dictionary | The same source must not be present both in exclude and include list. |
|||
- source | String | Required, Unique | |||
include | List, items: Dictionary | The same source must not be present both in exclude and include list. |
|||
- source | String | Required, Unique | |||
report_interval | Integer | Min: 1 Max: 31744 |
Time interval between unsolicited reports. | ||
access_lists | List, items: Dictionary | Non-standard Access List name. | |||
- name | String | Required, Unique | |||
version | Integer | Min: 1 Max: 3 |
IGMP version on IGMP host-proxy interface. | ||
peer | String | Key only used for documentation or validation purposes. | |||
peer_interface | String | Key only used for documentation or validation purposes. | |||
peer_type | String | Key only used for documentation or validation purposes. | |||
sflow | Dictionary | ||||
enable | Boolean | ||||
egress | Dictionary | ||||
enable | Boolean | ||||
unmodified_enable | Boolean | ||||
switchport | Dictionary | ||||
enabled | Boolean | Warning: This should not be combined with port_channel_interfaces[].type = routed . |
|||
mode | String | Valid Values: - access - dot1q-tunnel - trunk - trunk phone |
Warning: This should not be combined with port_channel_interfaces[].mode |
||
access_vlan | Integer | Min: 1 Max: 4094 |
Set VLAN when interface is in access mode. Warning: This should not be combined with port_channel_interfaces[].mode = access/dot1q-tunnel and port_channel_interface.vlans . |
||
trunk | Dictionary | ||||
allowed_vlan | String | VLAN ID or range(s) of VLAN IDs (1-4094). Warning: This should not be combined with port_channel_interfaces[].mode = trunk and port_channel_interfaces[].vlans . |
|||
native_vlan | Integer | Min: 1 Max: 4094 |
Set native VLAN when interface is in trunking mode. Warning: This should not be combined with port_channel_interfaces[].native_vlan . |
||
native_vlan_tag | Boolean | If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence. Warning: This should not be combined with port_channel_interfaces[].native_vlan_tag . |
|||
private_vlan_secondary | Boolean | Enable secondary VLAN mapping for a private vlan. Warning: This should not be combined with port_channel_interfaces[].trunk_private_vlan_secondary . |
|||
groups | List, items: String | Warning: This should not be combined with port_channel_interfaces[].trunk_groups . |
|||
- <str> | String | Trunk group name. | |||
phone | Dictionary | ||||
vlan | Integer | Min: 1 Max: 4094 |
Warning: This should not be combined with port_channel_interfaces[].phone.vlan . |
||
trunk | String | Valid Values: - tagged - tagged phone - untagged - untagged phone |
Warning: This should not be combined with port_channel_interfaces[].phone.trunk |
||
pvlan_mapping | String | Secondary VLAN IDs of the private VLAN mapping. Warning: This should not be combined with port_channel_interfaces[].pvlan_mapping . |
|||
dot1q | Dictionary | ||||
ethertype | Integer | Min: 1536 Max: 65535 |
Ethertype/TPID (Tag Protocol IDentifier) for VLAN tagged frames. | ||
vlan_tag | String | Valid Values: - disallowed - required |
|||
source_interface | String | Valid Values: - tx - tx multicast |
tx: Allow bridged traffic to go out of the source interface. tx multicast: Allow multicast traffic only to go out of the source interface. |
||
vlan_translations | Dictionary | VLAN Translation mappings. Warning: This should not be combined with port_channel_interfaces[].vlan_translations . |
|||
in_required | Boolean | Drop the ingress traffic that do not match any VLAN mapping. | |||
out_required | Boolean | Drop the egress traffic that do not match any VLAN mapping. | |||
direction_in | List, items: Dictionary | Map ingress traffic only. | |||
- from | String | VLAN ID or range of VLAN IDs to map from. Range 1-4094. | |||
to | Integer | Min: 1 Max: 4094 |
VLAN ID to map to. | ||
dot1q_tunnel | Boolean | ||||
inner_vlan_from | Integer | Min: 1 Max: 4094 |
Inner VLAN ID to map from. | ||
direction_out | List, items: Dictionary | Map egress traffic only. | |||
- from | String | Required | VLAN ID or range of VLAN IDs to map from. Range 1-4094. | ||
to | Integer | Min: 1 Max: 4094 |
VLAN ID to map to. | ||
dot1q_tunnel_to | String | VLAN ID or range of VLAN IDs or “all”. Range 1-4094. This takes precedence over to and inner_vlan_to . |
|||
inner_vlan_to | Integer | Min: 1 Max: 4094 |
Inner VLAN ID to map to. | ||
direction_both | List, items: Dictionary | Map both egress and ingress traffic. | |||
- from | String | Required | VLAN ID or range of VLAN IDs to map from. Range 1-4094. | ||
to | Integer | Required | Min: 1 Max: 4094 |
VLAN ID to map to. | |
dot1q_tunnel | Boolean | ||||
inner_vlan_from | Integer | Min: 1 Max: 4094 |
Inner VLAN ID to map from. | ||
network | Boolean | Enable use of network-side VLAN ID. This setting can only be enabled when inner_vlan_from is defined. |
|||
vlan_forwarding_accept_all | Boolean | ||||
backup_link | Dictionary | ||||
interface | String | Required | Backup interface. Example - Ethernet4, Vlan10 etc. | ||
prefer_vlan | String | VLANs to carry on the backup interface (1-4094). | |||
backup | Dictionary | The backup_link is required for this setting. |
|||
dest_macaddr | String | Format: mac | Destination MAC address for MAC move updates. The mac address should be multicast or broadcast. Example: 01:00:00:00:00:00 |
||
initial_mac_move_delay | Integer | Min: 0 Max: 65535 |
Initial MAC move delay in milliseconds. | ||
mac_move_burst | Integer | Min: 0 Max: 65535 |
Size of MAC move bursts. | ||
mac_move_burst_interval | Integer | Min: 0 Max: 65535 |
MAC move burst interval in milliseconds. | ||
preemption_delay | Integer | Min: 0 Max: 65535 |
Preemption delay in milliseconds. | ||
port_security | Dictionary | ||||
enabled | Boolean | ||||
mac_address_maximum | Dictionary | Maximum number of MAC addresses allowed on the interface. | |||
disabled | Boolean | Disable port level check for port security (only in violation ‘shutdown’ mode). | |||
limit | Integer | Min: 1 Max: 1000 |
MAC address limit. | ||
violation | Dictionary | Configure violation mode (shutdown or protect), EOS default is ‘shutdown’. | |||
mode | String | Valid Values: - shutdown - protect |
Configure port security mode. | ||
protect_log | Boolean | Log new addresses seen after limit is reached in protect mode. | |||
vlan_default_mac_address_maximum | Integer | Min: 0 Max: 1000 |
Default maximum MAC addresses for all VLANs on this interface. | ||
vlans | List, items: Dictionary | ||||
- range | String | Required, Unique | VLAN ID or range(s) of VLAN IDs, <1-4094>. Example: - 3 - 1,3 - 1-10 |
||
mac_address_maximum | Integer | ||||
validate_state | Boolean | Set to false to disable interface validation by the eos_validate_state role. |
|||
eos_cli | String | Multiline EOS CLI rendered directly on the port-channel interface in the final EOS configuration. | |||
esi removed | String | EVPN Ethernet Segment Identifier (Type 1 format). This key was removed. Support was removed in AVD version 5.0.0. Use evpn_ethernet_segment.identifier instead. |
|||
rt removed | String | EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx. This key was removed. Support was removed in AVD version 5.0.0. Use evpn_ethernet_segment.route_target instead. |
port_channel_interfaces:
- name: <str; required; unique>
description: <str>
logging:
event:
link_status: <bool>
# Discards due to storm-control.
storm_control_discards: <bool>
shutdown: <bool>
# "l2_mtu" should only be defined for platforms supporting the "l2 mtu" CLI.
l2_mtu: <int; 68-65535>
# "l2_mru" should only be defined for platforms supporting the "l2 mru" CLI.
l2_mru: <int; 68-65535>
# List of switchport vlans as string.
# For a trunk port this would be a range like "1-200,300".
# For an access port this would be a single vlan "123".
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.access_vlan or switchport.trunk.allowed_vlan</samp> instead.
vlans: <str>
snmp_trap_link_change: <bool>
# l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
# Interface will not be listed in device documentation, unless "type" is set.
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# See [here](https://avd.arista.com/stable/docs/release-notes/5.x.x.html#removal-of-type-key-dependency-for-rendering-ethernetport-channel-interfaces-configuration-and-documentation) for details.
type: <str; "routed" | "switched" | "l3dot1q" | "l2dot1q">
# VLAN tag to configure on sub-interface.
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>encapsulation_dot1q.vlan</samp> instead.
encapsulation_dot1q_vlan: <int>
# Warning: `encapsulation_dot1q` should not be combined with `ethernet_interfaces[].type: l3dot1q` or `ethernet_interfaces[].type: l2dot1q`.
encapsulation_dot1q:
# VLAD ID.
vlan: <int; 1-4094; required>
# Inner VLAN ID. This setting can only be applied to sub-interfaces on EOS.
inner_vlan: <int; 1-4094>
# VRF name.
vrf: <str>
# This setting can only be applied to sub-interfaces on EOS.
# Warning: `encapsulation_vlan` should not be combined with `ethernet_interfaces[].type: l3dot1q` or `ethernet_interfaces[].type: l2dot1q`.
encapsulation_vlan:
client:
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
dot1q:
# Client VLAN ID.
vlan: <int>
# Client Outer VLAN ID.
outer: <int; 1-4094>
# Client Inner VLAN ID.
inner: <int; 1-4094>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
unmatched: <bool>
encapsulation: <str; "dot1q" | "dot1ad" | "unmatched" | "untagged">
# Client VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: unmatched`.
vlan: <int; 1-4094>
# Client Outer VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: unmatched`.
outer_vlan: <int; 1-4094>
# Client Inner VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: unmatched`.
inner_vlan: <int; 1-4094>
inner_encapsulation: <str; "dot1q" | "dot1ad">
# Network encapsulation are all optional, and skipped if using client unmatched.
network:
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
dot1q:
# Network VLAN ID.
vlan: <int; 1-4094>
# Network Outer VLAN ID.
outer: <int; 1-4094>
# Network Inner VLAN ID.
inner: <int; 1-4094>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
client: <bool>
# `untagged` (no encapsulation) is applicable for `untagged` client only.
# `client` and `client inner` (retain client encapsulation) is not applicable for `untagged` client.
encapsulation: <str; "dot1q" | "dot1ad" | "client" | "client inner" | "untagged">
# Network VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: client`.
vlan: <int; 1-4094>
# Network outer VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: client`.
outer_vlan: <int; 1-4094>
# Network inner VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: client`.
inner_vlan: <int; 1-4094>
inner_encapsulation: <str; "dot1q" | "dot1ad">
# This setting can only be applied to sub-interfaces on EOS.
# Warning: `vlan_id` should not be combined with `ethernet_interfaces[].type == l2dot1q`.
vlan_id: <int; 1-4094>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.mode</samp> instead.
mode: <str; "access" | "dot1q-tunnel" | "trunk" | "trunk phone">
# If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.trunk.native_vlan</samp> instead.
native_vlan: <int>
# If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.trunk.native_vlan_tag</samp> instead.
native_vlan_tag: <bool; default=False>
link_tracking_groups:
# Group name.
- name: <str; required; unique>
direction: <str; "upstream" | "downstream">
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.phone</samp> instead.
phone:
trunk: <str; "tagged" | "untagged">
vlan: <int; 1-4094>
l2_protocol:
# Vlan tag to configure on sub-interface.
encapsulation_dot1q_vlan: <int>
# L2 protocol forwarding profile.
forwarding_profile: <str>
mtu: <int; 68-65535>
# MLAG ID.
mlag: <int; 1-2000>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.trunk.groups</samp> instead.
trunk_groups:
- <str>
# Timeout in seconds.
lacp_fallback_timeout: <int; 0-300; default=90>
lacp_fallback_mode: <str; "individual" | "static">
qos:
trust: <str; "dscp" | "cos" | "disabled">
# DSCP value.
dscp: <int>
# COS value.
cos: <int>
bfd:
echo: <bool>
# Interval in milliseconds.
interval: <int>
# Rate in milliseconds.
min_rx: <int>
multiplier: <int; 3-50>
# IPv4 or IPv6 address. When the Port-channel is a L2 interface, a local L3 BFD address (router_bfd.local_address) has to be defined globally on the switch.
neighbor: <str>
per_link:
enabled: <bool>
rfc_7130: <bool>
service_policy:
pbr:
# Policy Based Routing Policy-map name.
input: <str>
qos:
# Quality of Service Policy-map name.
input: <str; required>
mpls:
ip: <bool>
ldp:
interface: <bool>
igp_sync: <bool>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.trunk.private_vlan_secondary</samp> instead.
trunk_private_vlan_secondary: <bool>
# List of vlans as string.
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.pvlan_mapping</samp> instead.
pvlan_mapping: <str>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>switchport.vlan_translations</samp> instead.
vlan_translations:
# List of vlans as string (only one vlan if direction is "both").
- from: <str>
# VLAN ID.
to: <int>
direction: <str; "in" | "out" | "both"; default="both">
shape:
# Rate in kbps, pps or percent.
# Supported options are platform dependent.
# Examples:
# - "5000 kbps"
# - "1000 pps"
# - "20 percent"
rate: <str>
storm_control:
all:
# Configure maximum storm-control level.
level: <str>
# Optional field and is hardware dependent.
unit: <str; "percent" | "pps"; default="percent">
broadcast:
# Configure maximum storm-control level.
level: <str>
# Optional field and is hardware dependent.
unit: <str; "percent" | "pps"; default="percent">
multicast:
# Configure maximum storm-control level.
level: <str>
# Optional field and is hardware dependent.
unit: <str; "percent" | "pps"; default="percent">
unknown_unicast:
# Configure maximum storm-control level.
level: <str>
# Optional field and is hardware dependent.
unit: <str; "percent" | "pps"; default="percent">
ip_proxy_arp: <bool>
# ISIS instance.
isis_enable: <str>
# Enable BFD for ISIS.
isis_bfd: <bool>
isis_passive: <bool>
isis_metric: <int>
isis_network_point_to_point: <bool>
isis_circuit_type: <str; "level-1-2" | "level-1" | "level-2">
isis_hello_padding: <bool>
isis_authentication_mode: <str; "text" | "md5">
# Type-7 encrypted password.
isis_authentication_key: <str>
traffic_policy:
# Ingress traffic policy.
input: <str>
# Egress traffic policy.
output: <str>
evpn_ethernet_segment:
# EVPN Ethernet Segment Identifier (Type 1 format).
identifier: <str>
redundancy: <str; "all-active" | "single-active">
designated_forwarder_election:
algorithm: <str; "modulus" | "preference">
# Preference_value is only used when "algorithm" is "preference".
preference_value: <int; 0-65535>
# Dont_preempt is only used when "algorithm" is "preference".
dont_preempt: <bool; default=False>
hold_time: <int>
subsequent_hold_time: <int>
candidate_reachability_required: <bool>
mpls:
shared_index: <int; 1-1024>
tunnel_flood_filter_time: <int>
# EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
route_target: <str>
# LACP ID with format xxxx.xxxx.xxxx.
lacp_id: <str>
spanning_tree_bpdufilter: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
spanning_tree_bpduguard: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
spanning_tree_guard: <str; "loop" | "root" | "disabled">
spanning_tree_portfast: <str; "edge" | "network">
vmtracer: <bool>
ptp:
enable: <bool>
announce:
interval: <int>
timeout: <int>
delay_req: <int>
delay_mechanism: <str; "e2e" | "p2p">
profile:
g8275_1:
destination_mac_address: <str; "forwardable" | "non-forwardable">
sync_message:
interval: <int>
role: <str; "master" | "dynamic">
# VLAN can be 'all' or list of vlans as string.
vlan: <str>
transport: <str; "ipv4" | "ipv6" | "layer2">
# When MPASS is enabled on an MLAG port-channel, MLAG peers coordinate to function as a single PTP logical device.
# Arista PTP enabled devices always place PTP messages on the same physical link within the port-channel.
# Hence, MPASS is needed only on MLAG port-channels connected to non-Arista devices.
mpass: <bool>
# IPv4 address/mask.
ip_address: <str>
ip_verify_unicast_source_reachable_via: <str; "any" | "rx">
ip_nat:
destination:
dynamic:
- access_list: <str; required; unique>
comment: <str>
pool_name: <str; required>
priority: <int; 0-4294967295>
static:
# 'access_list' and 'group' are mutual exclusive.
- access_list: <str>
comment: <str>
# Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
# EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
direction: <str; "egress" | "ingress">
# 'access_list' and 'group' are mutual exclusive.
group: <int; 1-65535>
# IPv4 address. The combination of `original_ip` and `original_port` must be unique.
original_ip: <str>
# TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
original_port: <int; 1-65535>
priority: <int; 0-4294967295>
protocol: <str; "udp" | "tcp">
# IPv4 address.
translated_ip: <str; required>
# requires 'original_port'.
translated_port: <int; 1-65535>
source:
dynamic:
- access_list: <str; required; unique>
comment: <str>
nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>
# required if 'nat_type' is pool, pool-address-only or pool-full-cone.
# ignored if 'nat_type' is overload.
pool_name: <str>
priority: <int; 0-4294967295>
static:
# 'access_list' and 'group' are mutual exclusive.
- access_list: <str>
comment: <str>
# Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
# EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
direction: <str; "egress" | "ingress">
# 'access_list' and 'group' are mutual exclusive.
group: <int; 1-65535>
# IPv4 address. The combination of `original_ip` and `original_port` must be unique.
original_ip: <str>
# TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
original_port: <int; 1-65535>
priority: <int; 0-4294967295>
protocol: <str; "udp" | "tcp">
# IPv4 address.
translated_ip: <str; required>
# requires 'original_port'.
translated_port: <int; 1-65535>
ipv6_enable: <bool>
# IPv6 address/mask.
ipv6_address: <str>
# Link local IPv6 address/mask.
ipv6_address_link_local: <str>
ipv6_nd_ra_disabled: <bool>
ipv6_nd_managed_config_flag: <bool>
ipv6_nd_prefixes:
- ipv6_prefix: <str; required; unique>
# Infinite or lifetime in seconds.
valid_lifetime: <str>
# Infinite or lifetime in seconds.
preferred_lifetime: <str>
no_autoconfig_flag: <bool>
# Access list name.
access_group_in: <str>
# Access list name.
access_group_out: <str>
# IPv6 access list name.
ipv6_access_group_in: <str>
# IPv6 access list name.
ipv6_access_group_out: <str>
# MAC access list name.
mac_access_group_in: <str>
# MAC access list name.
mac_access_group_out: <str>
pim:
ipv4:
# Configure PIM border router. EOS default is false.
border_router: <bool>
dr_priority: <int; 0-429467295>
sparse_mode: <bool>
# Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
bfd: <bool>
bidirectional: <bool>
hello:
# Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
count: <str>
# PIM hello interval in seconds.
interval: <int; 1-65535>
# QOS profile.
service_profile: <str>
ospf_network_point_to_point: <bool>
ospf_area: <str>
ospf_cost: <int>
ospf_authentication: <str; "none" | "simple" | "message-digest">
# Encrypted password.
ospf_authentication_key: <str>
ospf_message_digest_keys:
- id: <int; required; unique>
hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">
# Encrypted password.
key: <str>
flow_tracker:
# Sampled flow tracker name.
sampled: <str>
# Hardware flow tracker name.
hardware: <str>
bgp:
# Name of session tracker.
session_tracker: <str>
ip_igmp_host_proxy:
enabled: <bool>
groups:
# Multicast Address.
- group: <str; required; unique>
# The same source must not be present both in `exclude` and `include` list.
exclude:
- source: <str; required; unique>
# The same source must not be present both in `exclude` and `include` list.
include:
- source: <str; required; unique>
# Time interval between unsolicited reports.
report_interval: <int; 1-31744>
# Non-standard Access List name.
access_lists:
- name: <str; required; unique>
# IGMP version on IGMP host-proxy interface.
version: <int; 1-3>
# Key only used for documentation or validation purposes.
peer: <str>
# Key only used for documentation or validation purposes.
peer_interface: <str>
# Key only used for documentation or validation purposes.
peer_type: <str>
sflow:
enable: <bool>
egress:
enable: <bool>
unmodified_enable: <bool>
switchport:
# Warning: This should not be combined with `port_channel_interfaces[].type = routed`.
enabled: <bool>
# Warning: This should not be combined with `port_channel_interfaces[].mode`
mode: <str; "access" | "dot1q-tunnel" | "trunk" | "trunk phone">
# Set VLAN when interface is in access mode.
# Warning: This should not be combined with `port_channel_interfaces[].mode = access/dot1q-tunnel` and `port_channel_interface.vlans`.
access_vlan: <int; 1-4094>
trunk:
# VLAN ID or range(s) of VLAN IDs (1-4094).
# Warning: This should not be combined with `port_channel_interfaces[].mode = trunk` and `port_channel_interfaces[].vlans`.
allowed_vlan: <str>
# Set native VLAN when interface is in trunking mode.
# Warning: This should not be combined with `port_channel_interfaces[].native_vlan`.
native_vlan: <int; 1-4094>
# If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
# Warning: This should not be combined with `port_channel_interfaces[].native_vlan_tag`.
native_vlan_tag: <bool>
# Enable secondary VLAN mapping for a private vlan.
# Warning: This should not be combined with `port_channel_interfaces[].trunk_private_vlan_secondary`.
private_vlan_secondary: <bool>
# Warning: This should not be combined with `port_channel_interfaces[].trunk_groups`.
groups:
# Trunk group name.
- <str>
phone:
# Warning: This should not be combined with `port_channel_interfaces[].phone.vlan`.
vlan: <int; 1-4094>
# Warning: This should not be combined with `port_channel_interfaces[].phone.trunk`
trunk: <str; "tagged" | "tagged phone" | "untagged" | "untagged phone">
# Secondary VLAN IDs of the private VLAN mapping.
# Warning: This should not be combined with `port_channel_interfaces[].pvlan_mapping`.
pvlan_mapping: <str>
dot1q:
# Ethertype/TPID (Tag Protocol IDentifier) for VLAN tagged frames.
ethertype: <int; 1536-65535>
vlan_tag: <str; "disallowed" | "required">
# tx: Allow bridged traffic to go out of the source interface.
# tx multicast: Allow multicast traffic only to go out of the source interface.
source_interface: <str; "tx" | "tx multicast">
# VLAN Translation mappings.
# Warning: This should not be combined with `port_channel_interfaces[].vlan_translations`.
vlan_translations:
# Drop the ingress traffic that do not match any VLAN mapping.
in_required: <bool>
# Drop the egress traffic that do not match any VLAN mapping.
out_required: <bool>
# Map ingress traffic only.
direction_in:
# VLAN ID or range of VLAN IDs to map from. Range 1-4094.
- from: <str>
# VLAN ID to map to.
to: <int; 1-4094>
dot1q_tunnel: <bool>
# Inner VLAN ID to map from.
inner_vlan_from: <int; 1-4094>
# Map egress traffic only.
direction_out:
# VLAN ID or range of VLAN IDs to map from. Range 1-4094.
- from: <str; required>
# VLAN ID to map to.
to: <int; 1-4094>
# VLAN ID or range of VLAN IDs or "all". Range 1-4094.
# This takes precedence over `to` and `inner_vlan_to`.
dot1q_tunnel_to: <str>
# Inner VLAN ID to map to.
inner_vlan_to: <int; 1-4094>
# Map both egress and ingress traffic.
direction_both:
# VLAN ID or range of VLAN IDs to map from. Range 1-4094.
- from: <str; required>
# VLAN ID to map to.
to: <int; 1-4094; required>
dot1q_tunnel: <bool>
# Inner VLAN ID to map from.
inner_vlan_from: <int; 1-4094>
# Enable use of network-side VLAN ID.
# This setting can only be enabled when `inner_vlan_from` is defined.
network: <bool>
vlan_forwarding_accept_all: <bool>
backup_link:
# Backup interface. Example - Ethernet4, Vlan10 etc.
interface: <str; required>
# VLANs to carry on the backup interface (1-4094).
prefer_vlan: <str>
# The `backup_link` is required for this setting.
backup:
# Destination MAC address for MAC move updates.
# The mac address should be multicast or broadcast.
# Example: 01:00:00:00:00:00
dest_macaddr: <str>
# Initial MAC move delay in milliseconds.
initial_mac_move_delay: <int; 0-65535>
# Size of MAC move bursts.
mac_move_burst: <int; 0-65535>
# MAC move burst interval in milliseconds.
mac_move_burst_interval: <int; 0-65535>
# Preemption delay in milliseconds.
preemption_delay: <int; 0-65535>
port_security:
enabled: <bool>
# Maximum number of MAC addresses allowed on the interface.
mac_address_maximum:
# Disable port level check for port security (only in violation 'shutdown' mode).
disabled: <bool>
# MAC address limit.
limit: <int; 1-1000>
# Configure violation mode (shutdown or protect), EOS default is 'shutdown'.
violation:
# Configure port security mode.
mode: <str; "shutdown" | "protect">
# Log new addresses seen after limit is reached in protect mode.
protect_log: <bool>
# Default maximum MAC addresses for all VLANs on this interface.
vlan_default_mac_address_maximum: <int; 0-1000>
vlans:
# VLAN ID or range(s) of VLAN IDs, <1-4094>.
# Example:
# - 3
# - 1,3
# - 1-10
- range: <str; required; unique>
mac_address_maximum: <int>
# Set to false to disable interface validation by the `eos_validate_state` role.
validate_state: <bool>
# Multiline EOS CLI rendered directly on the port-channel interface in the final EOS configuration.
eos_cli: <str>
Switchport default¶
Switchport port security¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
switchport_port_security | Dictionary | ||||
mac_address | Dictionary | ||||
aging | Boolean | ||||
moveable | Boolean | ||||
persistence_disabled | Boolean | ||||
violation_protect_chip_based | Boolean |
Transceiver QSFP default mode 4x10¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
transceiver_qsfp_default_mode_4x10 | Boolean | True |
On all front panel ports which support this feature, the following global configuration command changes the QSFP mode from 40G to 4x10G (default). When set to false the command reverts the default QSFP mode back to 40G. |
Tunnel interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
tunnel_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | Tunnel Interface Name. | ||
description | String | ||||
shutdown | Boolean | ||||
mtu | Integer | Min: 68 Max: 65535 |
|||
vrf | String | VRF Name. | |||
underlay_vrf | String | Underlay VRF Name. | |||
ip_address | String | Format: ipv4_cidr | IPv4_address/Mask. | ||
ipv6_enable | Boolean | ||||
ipv6_address | String | Format: ipv6_cidr | IPv6_address/Mask. | ||
access_group_in | String | IPv4 ACL Name for ingress. | |||
access_group_out | String | IPv4 ACL Name for egress. | |||
ipv6_access_group_in | String | IPv6 ACL Name for ingress. | |||
ipv6_access_group_out | String | IPv6 ACL Name for egress. | |||
tcp_mss_ceiling | Dictionary | ||||
ipv4 | Integer | Min: 64 Max: 65495 |
Segment Size for IPv4. | ||
ipv6 | Integer | Min: 64 Max: 65475 |
Segment Size for IPv6. | ||
direction | String | Valid Values: - ingress - egress |
Optional direction (‘ingress’, ‘egress’) for tcp mss ceiling. |
||
tunnel_mode | String | Valid Values: - gre - ipsec |
Tunnel encapsulation method.gre : Generic route encapsulation protocol,ipsec : IPsec-over-IP encapsulation. |
||
source_interface | String | Tunnel Source Interface Name. | |||
destination | String | IPv4 or IPv6 Address Tunnel Destination. | |||
path_mtu_discovery | Boolean | Enable Path MTU Discovery On Tunnel. | |||
ipsec_profile | String | Used only when tunnel_mode is set to ipsec .It must target a defined IPsec profile. |
|||
nat_profile | String | NAT interface profile. | |||
eos_cli | String | Multiline String with EOS CLI rendered directly on the Tunnel interface in the final EOS configuration. |
tunnel_interfaces:
# Tunnel Interface Name.
- name: <str; required; unique>
description: <str>
shutdown: <bool>
mtu: <int; 68-65535>
# VRF Name.
vrf: <str>
# Underlay VRF Name.
underlay_vrf: <str>
# IPv4_address/Mask.
ip_address: <str>
ipv6_enable: <bool>
# IPv6_address/Mask.
ipv6_address: <str>
# IPv4 ACL Name for ingress.
access_group_in: <str>
# IPv4 ACL Name for egress.
access_group_out: <str>
# IPv6 ACL Name for ingress.
ipv6_access_group_in: <str>
# IPv6 ACL Name for egress.
ipv6_access_group_out: <str>
tcp_mss_ceiling:
# Segment Size for IPv4.
ipv4: <int; 64-65495>
# Segment Size for IPv6.
ipv6: <int; 64-65475>
# Optional direction ('ingress', 'egress') for tcp mss ceiling.
direction: <str; "ingress" | "egress">
# Tunnel encapsulation method.
# `gre`: Generic route encapsulation protocol,
# `ipsec`: IPsec-over-IP encapsulation.
tunnel_mode: <str; "gre" | "ipsec">
# Tunnel Source Interface Name.
source_interface: <str>
# IPv4 or IPv6 Address Tunnel Destination.
destination: <str>
# Enable Path MTU Discovery On Tunnel.
path_mtu_discovery: <bool>
# Used only when `tunnel_mode` is set to `ipsec`.
# It must target a defined IPsec profile.
ipsec_profile: <str>
# NAT interface profile.
nat_profile: <str>
# Multiline String with EOS CLI rendered directly on the Tunnel interface in the final EOS configuration.
eos_cli: <str>
VLAN interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
vlan_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | VLAN interface name like “Vlan123”. | ||
description | String | ||||
logging | Dictionary | ||||
event | Dictionary | ||||
link_status | Boolean | ||||
shutdown | Boolean | ||||
vrf | String | VRF name. | |||
arp_aging_timeout | Integer | Min: 1 Max: 65535 |
In seconds. | ||
arp_cache_dynamic_capacity | Integer | Min: 0 Max: 4294967295 |
|||
arp_gratuitous_accept | Boolean | ||||
arp_monitor_mac_address | Boolean | ||||
ip_proxy_arp | Boolean | ||||
ip_directed_broadcast | Boolean | ||||
ip_address | String | IPv4_address/Mask. | |||
ip_address_secondaries | List, items: String | ||||
- <str> | String | IPv4_address/Mask. | |||
ip_virtual_router_addresses | List, items: String | ||||
- <str> | String | IPv4 address or IPv4_address/Mask. | |||
ip_address_virtual | String | IPv4_address/Mask. | |||
ip_address_virtual_secondaries | List, items: String | ||||
- <str> | String | IPv4_address/Mask. | |||
ip_verify_unicast_source_reachable_via | String | Valid Values: - any - rx |
|||
ip_igmp | Boolean | ||||
ip_igmp_version | Integer | Min: 1 Max: 3 |
|||
ip_igmp_host_proxy | Dictionary | ||||
enabled | Boolean | ||||
groups | List, items: Dictionary | ||||
- group | String | Required, Unique | Multicast Address. | ||
exclude | List, items: Dictionary | The same source must not be present both in exclude and include list. |
|||
- source | String | Required, Unique | |||
include | List, items: Dictionary | The same source must not be present both in exclude and include list. |
|||
- source | String | Required, Unique | |||
report_interval | Integer | Min: 1 Max: 31744 |
Time interval between unsolicited reports. | ||
access_lists | List, items: Dictionary | Non-standard Access List name. | |||
- name | String | Required, Unique | |||
version | Integer | Min: 1 Max: 3 |
IGMP version on IGMP host-proxy interface. | ||
ip_helpers | List, items: Dictionary | List of DHCP servers. | |||
- ip_helper | String | Required, Unique | IP address or hostname of DHCP server. | ||
source_interface | String | Interface used as source for forwarded DHCP packets. | |||
vrf | String | VRF where DHCP server can be reached. | |||
ip_dhcp_relay_all_subnets | Boolean | Allow forwarding requests with secondary IP addresses in the gateway address “giaddr” field. | |||
ip_nat | Dictionary | ||||
destination | Dictionary | ||||
dynamic | List, items: Dictionary | ||||
- access_list | String | Required, Unique | |||
comment | String | ||||
pool_name | String | Required | |||
priority | Integer | Min: 0 Max: 4294967295 |
|||
static | List, items: Dictionary | ||||
- access_list | String | ‘access_list’ and ‘group’ are mutual exclusive. | |||
comment | String | ||||
direction | String | Valid Values: - egress - ingress |
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW. |
||
group | Integer | Min: 1 Max: 65535 |
‘access_list’ and ‘group’ are mutual exclusive. | ||
original_ip | String | IPv4 address. The combination of original_ip and original_port must be unique. |
|||
original_port | Integer | Min: 1 Max: 65535 |
TCP/UDP port. The combination of original_ip and original_port must be unique. |
||
priority | Integer | Min: 0 Max: 4294967295 |
|||
protocol | String | Valid Values: - udp - tcp |
|||
translated_ip | String | Required | IPv4 address. | ||
translated_port | Integer | Min: 1 Max: 65535 |
requires ‘original_port’. | ||
source | Dictionary | ||||
dynamic | List, items: Dictionary | ||||
- access_list | String | Required, Unique | |||
comment | String | ||||
nat_type | String | Required | Valid Values: - overload - pool - pool-address-only - pool-full-cone |
||
pool_name | String | required if ‘nat_type’ is pool, pool-address-only or pool-full-cone. ignored if ‘nat_type’ is overload. |
|||
priority | Integer | Min: 0 Max: 4294967295 |
|||
static | List, items: Dictionary | ||||
- access_list | String | ‘access_list’ and ‘group’ are mutual exclusive. | |||
comment | String | ||||
direction | String | Valid Values: - egress - ingress |
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW. |
||
group | Integer | Min: 1 Max: 65535 |
‘access_list’ and ‘group’ are mutual exclusive. | ||
original_ip | String | IPv4 address. The combination of original_ip and original_port must be unique. |
|||
original_port | Integer | Min: 1 Max: 65535 |
TCP/UDP port. The combination of original_ip and original_port must be unique. |
||
priority | Integer | Min: 0 Max: 4294967295 |
|||
protocol | String | Valid Values: - udp - tcp |
|||
translated_ip | String | Required | IPv4 address. | ||
translated_port | Integer | Min: 1 Max: 65535 |
requires ‘original_port’. | ||
ipv6_enable | Boolean | ||||
ipv6_address | String | IPv6_address/Mask. | |||
ipv6_address_virtuals | List, items: String | The new “ipv6_address_virtuals” key support multiple virtual ipv6 addresses. | |||
- <str> | String | IPv6_address/Mask. | |||
ipv6_address_link_local | String | IPv6_address/Mask. | |||
ipv6_virtual_router_addresses | List, items: String | Improved “VARPv6” data model to support multiple VARPv6 addresses. | |||
- <str> | String | IPv6 address or IPv6_address/Mask. | |||
ipv6_nd_ra_disabled | Boolean | ||||
ipv6_nd_managed_config_flag | Boolean | ||||
ipv6_nd_other_config_flag | Boolean | Set the “other stateful configuration” flag in IPv6 router advertisements. | |||
ipv6_nd_cache | Dictionary | IPv6 neighbor cache options. | |||
dynamic_capacity | Integer | Min: 0 Max: 4294967295 |
Capacity of dynamic cache entries. | ||
expire | Integer | Min: 1 Max: 65535 |
Cache entries expirery in seconds. | ||
refresh_always | Boolean | Force refresh on cache expiry. | |||
ipv6_nd_prefixes | List, items: Dictionary | ||||
- ipv6_prefix | String | Required, Unique | IPv6_address/Mask. | ||
valid_lifetime | String | In seconds <0-4294967295> or infinite. | |||
preferred_lifetime | String | In seconds <0-4294967295> or infinite. | |||
no_autoconfig_flag | Boolean | ||||
ipv6_dhcp_relay_destinations | List, items: Dictionary | ||||
- address | String | Required, Unique | DHCP server’s IPv6 address. | ||
vrf | String | ||||
local_interface | String | Local interface to communicate with DHCP server - mutually exclusive to source_address. | |||
source_address | String | Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface. | |||
link_address | String | Override the default link address specified in the relayed DHCP packet. | |||
ipv6_dhcp_relay_all_subnets | Boolean | Allow forwarding requests with additional IPv6 addresses in the gateway address “giaddr” field. | |||
access_group_in | String | IPv4 access-list name. | |||
access_group_out | String | IPv4 access-list name. | |||
ipv6_access_group_in | String | IPv6 access-list name. | |||
ipv6_access_group_out | String | IPv6 access-list name. | |||
multicast | Dictionary | ||||
ipv4 | Dictionary | ||||
boundaries | List, items: Dictionary | Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both. | |||
- boundary | String | Required, Unique | IPv4 access-list name or IPv4 multicast group prefix with mask. | ||
out | Boolean | ||||
source_route_export | Dictionary | ||||
enabled | Boolean | Required | |||
administrative_distance | Integer | Min: 1 Max: 255 |
|||
static | Boolean | ||||
ipv6 | Dictionary | ||||
boundaries | List, items: Dictionary | Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both. | |||
- boundary | String | Required, Unique | IPv6 access-list name or IPv6 multicast group prefix with mask. | ||
source_route_export | Dictionary | ||||
enabled | Boolean | Required | |||
administrative_distance | Integer | Min: 1 Max: 255 |
|||
static | Boolean | ||||
ospf_network_point_to_point | Boolean | ||||
ospf_area | String | ||||
ospf_cost | Integer | ||||
ospf_authentication | String | Valid Values: - none - simple - message-digest |
|||
ospf_authentication_key | String | Encrypted password used for simple authentication. | |||
ospf_message_digest_keys | List, items: Dictionary | Keys used for message-digest authentication. | |||
- id | Integer | Required, Unique | |||
hash_algorithm | String | Valid Values: - md5 - sha1 - sha256 - sha384 - sha512 |
|||
key | String | Encrypted password. | |||
pim | Dictionary | ||||
ipv4 | Dictionary | ||||
border_router | Boolean | Configure PIM border router. EOS default is false. | |||
dr_priority | Integer | Min: 0 Max: 429467295 |
|||
sparse_mode | Boolean | ||||
local_interface | String | ||||
bfd | Boolean | Set the default for whether Bidirectional Forwarding Detection is enabled for PIM. | |||
bidirectional | Boolean | ||||
hello | Dictionary | ||||
count | String | Number of missed hellos after which the neighbor expires. Range <1.5-65535>. | |||
interval | Integer | Min: 1 Max: 65535 |
PIM hello interval in seconds. | ||
isis_enable | String | ISIS instance name. | |||
isis_bfd | Boolean | Enable BFD for ISIS. | |||
isis_passive | Boolean | ||||
isis_metric | Integer | ||||
isis_network_point_to_point | Boolean | ||||
isis_authentication | Dictionary | ||||
both | Dictionary | Authentication settings for level-1 and level-2. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings. | |||
key_type | String | Valid Values: - 0 - 7 - 8a |
Configure authentication key type. | ||
key | String | Password string. key_type is required for this setting. |
|||
key_ids | List, items: Dictionary | ||||
- id | Integer | Required, Unique | Min: 1 Max: 65535 |
Configure authentication key-id. | |
algorithm | String | Required | Valid Values: - sha-1 - sha-224 - sha-256 - sha-384 - sha-512 |
||
key_type | String | Required | Valid Values: - 0 - 7 - 8a |
Configure authentication key type. | |
key | String | Required | Password string. | ||
rfc_5310 | Boolean | SHA digest computation according to rfc5310. | |||
mode | String | Valid Values: - md5 - sha - text - shared-secret |
Authentication mode. | ||
sha | Dictionary | Required settings for authentication mode ‘sha’. | |||
key_id | Integer | Required | Min: 1 Max: 65535 |
||
shared_secret | Dictionary | Required settings for authentication mode ‘shared_secret’. | |||
profile | String | Required | |||
algorithm | String | Required | Valid Values: - md5 - sha-1 - sha-224 - sha-256 - sha-384 - sha-512 |
||
rx_disabled | Boolean | Disable authentication check on the receive side. | |||
level_1 | Dictionary | Authentication settings for level-1. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings. | |||
key_type | String | Valid Values: - 0 - 7 - 8a |
Configure authentication key type. | ||
key | String | Password string. key_type is required for this setting. |
|||
key_ids | List, items: Dictionary | ||||
- id | Integer | Required, Unique | Min: 1 Max: 65535 |
Configure authentication key-id. | |
algorithm | String | Required | Valid Values: - sha-1 - sha-224 - sha-256 - sha-384 - sha-512 |
||
key_type | String | Required | Valid Values: - 0 - 7 - 8a |
Configure authentication key type. | |
key | String | Required | Password string. | ||
rfc_5310 | Boolean | SHA digest computation according to rfc5310. | |||
mode | String | Valid Values: - md5 - sha - text - shared-secret |
Authentication mode. | ||
sha | Dictionary | Required settings for authentication mode ‘sha’. | |||
key_id | Integer | Required | Min: 1 Max: 65535 |
||
shared_secret | Dictionary | Required settings for authentication mode ‘shared_secret’. | |||
profile | String | Required | |||
algorithm | String | Required | Valid Values: - md5 - sha-1 - sha-224 - sha-256 - sha-384 - sha-512 |
||
rx_disabled | Boolean | Disable authentication check on the receive side. | |||
level_2 | Dictionary | Authentication settings for level-2. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings. | |||
key_type | String | Valid Values: - 0 - 7 - 8a |
Configure authentication key type. | ||
key | String | Password string. key_type is required for this setting. |
|||
key_ids | List, items: Dictionary | ||||
- id | Integer | Required, Unique | Min: 1 Max: 65535 |
Configure authentication key-id. | |
algorithm | String | Required | Valid Values: - sha-1 - sha-224 - sha-256 - sha-384 - sha-512 |
||
key_type | String | Required | Valid Values: - 0 - 7 - 8a |
Configure authentication key type. | |
key | String | Required | Password string. | ||
rfc_5310 | Boolean | SHA digest computation according to rfc5310. | |||
mode | String | Valid Values: - md5 - sha - text - shared-secret |
Authentication mode. | ||
sha | Dictionary | Required settings for authentication mode ‘sha’. | |||
key_id | Integer | Required | Min: 1 Max: 65535 |
||
shared_secret | Dictionary | Required settings for authentication mode ‘shared_secret’. | |||
profile | String | Required | |||
algorithm | String | Required | Valid Values: - md5 - sha-1 - sha-224 - sha-256 - sha-384 - sha-512 |
||
rx_disabled | Boolean | Disable authentication check on the receive side. | |||
mtu | Integer | ||||
no_autostate | Boolean | ||||
vrrp_ids | List, items: Dictionary | Improved “vrrp” data model to support multiple VRRP IDs. | |||
- id | Integer | Required, Unique | VRID. | ||
priority_level | Integer | Min: 1 Max: 254 |
Instance priority. | ||
advertisement | Dictionary | ||||
interval | Integer | Min: 1 Max: 255 |
Interval in seconds. | ||
preempt | Dictionary | ||||
enabled | Boolean | Required | |||
delay | Dictionary | ||||
minimum | Integer | Min: 0 Max: 3600 |
Minimum preempt delay in seconds. | ||
reload | Integer | Min: 0 Max: 3600 |
Reload preempt delay in seconds. | ||
timers | Dictionary | ||||
delay | Dictionary | ||||
reload | Integer | Min: 0 Max: 3600 |
Delay after reload in seconds. | ||
tracked_object | List, items: Dictionary | ||||
- name | String | Required, Unique | Tracked object name. | ||
decrement | Integer | Min: 1 Max: 254 |
Decrement VRRP priority by 1-254. | ||
shutdown | Boolean | ||||
ipv4 | Dictionary | ||||
address | String | Required | Virtual IPv4 address. | ||
version | Integer | Valid Values: - 2 - 3 |
|||
ipv6 | Dictionary | ||||
address | String | Required | Virtual IPv6 address. | ||
ip_attached_host_route_export | Dictionary | ||||
enabled | Boolean | Required | |||
distance | Integer | Min: 1 Max: 255 |
|||
ipv6_attached_host_route_export | Dictionary | ||||
enabled | Boolean | Required | |||
distance | Integer | Min: 1 Max: 255 |
Administrative distance for generated routes. | ||
prefix_length | Integer | Min: 0 Max: 128 |
Prefix length for generated routes. | ||
bfd | Dictionary | ||||
echo | Boolean | ||||
interval | Integer | Rate in milliseconds. | |||
min_rx | Integer | Minimum RX hold time in milliseconds. | |||
multiplier | Integer | Min: 3 Max: 50 |
|||
service_policy | Dictionary | ||||
pbr | Dictionary | ||||
input | String | Name of policy-map used for policy based routing. | |||
pvlan_mapping | String | List of VLANs as string. | |||
tenant | String | Key only used for documentation or validation purposes. | |||
tags | List, items: String | Key only used for documentation or validation purposes. | |||
- <str> | String | ||||
type | String | Key only used for documentation or validation purposes. | |||
eos_cli | String | Multiline EOS CLI rendered directly on the VLAN interface in the final EOS configuration. | |||
ipv6_address_virtual removed | String | IPv6_address/Mask. This key was removed. Support was removed in AVD version 5.0.0. Use ipv6_address_virtuals instead. |
|||
ipv6_virtual_router_address removed | String | This key was removed. Support was removed in AVD version 5.0.0. Use ipv6_virtual_router_addresses instead. | |||
vrrp removed | Dictionary | This key was removed. Support was removed in AVD version 5.0.0. Use vrrp_ids instead. |
vlan_interfaces:
# VLAN interface name like "Vlan123".
- name: <str; required; unique>
description: <str>
logging:
event:
link_status: <bool>
shutdown: <bool>
# VRF name.
vrf: <str>
# In seconds.
arp_aging_timeout: <int; 1-65535>
arp_cache_dynamic_capacity: <int; 0-4294967295>
arp_gratuitous_accept: <bool>
arp_monitor_mac_address: <bool>
ip_proxy_arp: <bool>
ip_directed_broadcast: <bool>
# IPv4_address/Mask.
ip_address: <str>
ip_address_secondaries:
# IPv4_address/Mask.
- <str>
ip_virtual_router_addresses:
# IPv4 address or IPv4_address/Mask.
- <str>
# IPv4_address/Mask.
ip_address_virtual: <str>
ip_address_virtual_secondaries:
# IPv4_address/Mask.
- <str>
ip_verify_unicast_source_reachable_via: <str; "any" | "rx">
ip_igmp: <bool>
ip_igmp_version: <int; 1-3>
ip_igmp_host_proxy:
enabled: <bool>
groups:
# Multicast Address.
- group: <str; required; unique>
# The same source must not be present both in `exclude` and `include` list.
exclude:
- source: <str; required; unique>
# The same source must not be present both in `exclude` and `include` list.
include:
- source: <str; required; unique>
# Time interval between unsolicited reports.
report_interval: <int; 1-31744>
# Non-standard Access List name.
access_lists:
- name: <str; required; unique>
# IGMP version on IGMP host-proxy interface.
version: <int; 1-3>
# List of DHCP servers.
ip_helpers:
# IP address or hostname of DHCP server.
- ip_helper: <str; required; unique>
# Interface used as source for forwarded DHCP packets.
source_interface: <str>
# VRF where DHCP server can be reached.
vrf: <str>
# Allow forwarding requests with secondary IP addresses in the gateway address "giaddr" field.
ip_dhcp_relay_all_subnets: <bool>
ip_nat:
destination:
dynamic:
- access_list: <str; required; unique>
comment: <str>
pool_name: <str; required>
priority: <int; 0-4294967295>
static:
# 'access_list' and 'group' are mutual exclusive.
- access_list: <str>
comment: <str>
# Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
# EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
direction: <str; "egress" | "ingress">
# 'access_list' and 'group' are mutual exclusive.
group: <int; 1-65535>
# IPv4 address. The combination of `original_ip` and `original_port` must be unique.
original_ip: <str>
# TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
original_port: <int; 1-65535>
priority: <int; 0-4294967295>
protocol: <str; "udp" | "tcp">
# IPv4 address.
translated_ip: <str; required>
# requires 'original_port'.
translated_port: <int; 1-65535>
source:
dynamic:
- access_list: <str; required; unique>
comment: <str>
nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>
# required if 'nat_type' is pool, pool-address-only or pool-full-cone.
# ignored if 'nat_type' is overload.
pool_name: <str>
priority: <int; 0-4294967295>
static:
# 'access_list' and 'group' are mutual exclusive.
- access_list: <str>
comment: <str>
# Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
# EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
direction: <str; "egress" | "ingress">
# 'access_list' and 'group' are mutual exclusive.
group: <int; 1-65535>
# IPv4 address. The combination of `original_ip` and `original_port` must be unique.
original_ip: <str>
# TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
original_port: <int; 1-65535>
priority: <int; 0-4294967295>
protocol: <str; "udp" | "tcp">
# IPv4 address.
translated_ip: <str; required>
# requires 'original_port'.
translated_port: <int; 1-65535>
ipv6_enable: <bool>
# IPv6_address/Mask.
ipv6_address: <str>
# The new "ipv6_address_virtuals" key support multiple virtual ipv6 addresses.
ipv6_address_virtuals:
# IPv6_address/Mask.
- <str>
# IPv6_address/Mask.
ipv6_address_link_local: <str>
# Improved "VARPv6" data model to support multiple VARPv6 addresses.
ipv6_virtual_router_addresses:
# IPv6 address or IPv6_address/Mask.
- <str>
ipv6_nd_ra_disabled: <bool>
ipv6_nd_managed_config_flag: <bool>
# Set the "other stateful configuration" flag in IPv6 router advertisements.
ipv6_nd_other_config_flag: <bool>
# IPv6 neighbor cache options.
ipv6_nd_cache:
# Capacity of dynamic cache entries.
dynamic_capacity: <int; 0-4294967295>
# Cache entries expirery in seconds.
expire: <int; 1-65535>
# Force refresh on cache expiry.
refresh_always: <bool>
ipv6_nd_prefixes:
# IPv6_address/Mask.
- ipv6_prefix: <str; required; unique>
# In seconds <0-4294967295> or infinite.
valid_lifetime: <str>
# In seconds <0-4294967295> or infinite.
preferred_lifetime: <str>
no_autoconfig_flag: <bool>
ipv6_dhcp_relay_destinations:
# DHCP server's IPv6 address.
- address: <str; required; unique>
vrf: <str>
# Local interface to communicate with DHCP server - mutually exclusive to source_address.
local_interface: <str>
# Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface.
source_address: <str>
# Override the default link address specified in the relayed DHCP packet.
link_address: <str>
# Allow forwarding requests with additional IPv6 addresses in the gateway address "giaddr" field.
ipv6_dhcp_relay_all_subnets: <bool>
# IPv4 access-list name.
access_group_in: <str>
# IPv4 access-list name.
access_group_out: <str>
# IPv6 access-list name.
ipv6_access_group_in: <str>
# IPv6 access-list name.
ipv6_access_group_out: <str>
multicast:
ipv4:
# Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
boundaries:
# IPv4 access-list name or IPv4 multicast group prefix with mask.
- boundary: <str; required; unique>
out: <bool>
source_route_export:
enabled: <bool; required>
administrative_distance: <int; 1-255>
static: <bool>
ipv6:
# Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
boundaries:
# IPv6 access-list name or IPv6 multicast group prefix with mask.
- boundary: <str; required; unique>
source_route_export:
enabled: <bool; required>
administrative_distance: <int; 1-255>
static: <bool>
ospf_network_point_to_point: <bool>
ospf_area: <str>
ospf_cost: <int>
ospf_authentication: <str; "none" | "simple" | "message-digest">
# Encrypted password used for simple authentication.
ospf_authentication_key: <str>
# Keys used for message-digest authentication.
ospf_message_digest_keys:
- id: <int; required; unique>
hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">
# Encrypted password.
key: <str>
pim:
ipv4:
# Configure PIM border router. EOS default is false.
border_router: <bool>
dr_priority: <int; 0-429467295>
sparse_mode: <bool>
local_interface: <str>
# Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
bfd: <bool>
bidirectional: <bool>
hello:
# Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
count: <str>
# PIM hello interval in seconds.
interval: <int; 1-65535>
# ISIS instance name.
isis_enable: <str>
# Enable BFD for ISIS.
isis_bfd: <bool>
isis_passive: <bool>
isis_metric: <int>
isis_network_point_to_point: <bool>
isis_authentication:
# Authentication settings for level-1 and level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
both:
# Configure authentication key type.
key_type: <str; "0" | "7" | "8a">
# Password string. `key_type` is required for this setting.
key: <str>
key_ids:
# Configure authentication key-id.
- id: <int; 1-65535; required; unique>
algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
# Configure authentication key type.
key_type: <str; "0" | "7" | "8a"; required>
# Password string.
key: <str; required>
# SHA digest computation according to rfc5310.
rfc_5310: <bool>
# Authentication mode.
mode: <str; "md5" | "sha" | "text" | "shared-secret">
# Required settings for authentication mode 'sha'.
sha:
key_id: <int; 1-65535; required>
# Required settings for authentication mode 'shared_secret'.
shared_secret:
profile: <str; required>
algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
# Disable authentication check on the receive side.
rx_disabled: <bool>
# Authentication settings for level-1. 'both' takes precedence over 'level_1' and 'level_2' settings.
level_1:
# Configure authentication key type.
key_type: <str; "0" | "7" | "8a">
# Password string. `key_type` is required for this setting.
key: <str>
key_ids:
# Configure authentication key-id.
- id: <int; 1-65535; required; unique>
algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
# Configure authentication key type.
key_type: <str; "0" | "7" | "8a"; required>
# Password string.
key: <str; required>
# SHA digest computation according to rfc5310.
rfc_5310: <bool>
# Authentication mode.
mode: <str; "md5" | "sha" | "text" | "shared-secret">
# Required settings for authentication mode 'sha'.
sha:
key_id: <int; 1-65535; required>
# Required settings for authentication mode 'shared_secret'.
shared_secret:
profile: <str; required>
algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
# Disable authentication check on the receive side.
rx_disabled: <bool>
# Authentication settings for level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
level_2:
# Configure authentication key type.
key_type: <str; "0" | "7" | "8a">
# Password string. `key_type` is required for this setting.
key: <str>
key_ids:
# Configure authentication key-id.
- id: <int; 1-65535; required; unique>
algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
# Configure authentication key type.
key_type: <str; "0" | "7" | "8a"; required>
# Password string.
key: <str; required>
# SHA digest computation according to rfc5310.
rfc_5310: <bool>
# Authentication mode.
mode: <str; "md5" | "sha" | "text" | "shared-secret">
# Required settings for authentication mode 'sha'.
sha:
key_id: <int; 1-65535; required>
# Required settings for authentication mode 'shared_secret'.
shared_secret:
profile: <str; required>
algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
# Disable authentication check on the receive side.
rx_disabled: <bool>
mtu: <int>
no_autostate: <bool>
# Improved "vrrp" data model to support multiple VRRP IDs.
vrrp_ids:
# VRID.
- id: <int; required; unique>
# Instance priority.
priority_level: <int; 1-254>
advertisement:
# Interval in seconds.
interval: <int; 1-255>
preempt:
enabled: <bool; required>
delay:
# Minimum preempt delay in seconds.
minimum: <int; 0-3600>
# Reload preempt delay in seconds.
reload: <int; 0-3600>
timers:
delay:
# Delay after reload in seconds.
reload: <int; 0-3600>
tracked_object:
# Tracked object name.
- name: <str; required; unique>
# Decrement VRRP priority by 1-254.
decrement: <int; 1-254>
shutdown: <bool>
ipv4:
# Virtual IPv4 address.
address: <str; required>
version: <int; 2 | 3>
ipv6:
# Virtual IPv6 address.
address: <str; required>
ip_attached_host_route_export:
enabled: <bool; required>
distance: <int; 1-255>
ipv6_attached_host_route_export:
enabled: <bool; required>
# Administrative distance for generated routes.
distance: <int; 1-255>
# Prefix length for generated routes.
prefix_length: <int; 0-128>
bfd:
echo: <bool>
# Rate in milliseconds.
interval: <int>
# Minimum RX hold time in milliseconds.
min_rx: <int>
multiplier: <int; 3-50>
service_policy:
pbr:
# Name of policy-map used for policy based routing.
input: <str>
# List of VLANs as string.
pvlan_mapping: <str>
# Key only used for documentation or validation purposes.
tenant: <str>
# Key only used for documentation or validation purposes.
tags:
- <str>
# Key only used for documentation or validation purposes.
type: <str>
# Multiline EOS CLI rendered directly on the VLAN interface in the final EOS configuration.
eos_cli: <str>
VXLAN interface¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
vxlan_interface | Dictionary | ||||
vxlan1 | Dictionary | ||||
description | String | ||||
vxlan | Dictionary | ||||
source_interface | String | Source Interface Name. | |||
multicast | Dictionary | ||||
headend_replication | Boolean | ||||
controller_client | Dictionary | Client to CVX Controllers. | |||
enabled | Boolean | ||||
mlag_source_interface | String | ||||
udp_port | Integer | ||||
vtep_to_vtep_bridging | Boolean | Enable bridging between different VTEPs in vxlan overlay. | |||
virtual_router_encapsulation_mac_address | String | “mlag-system-id” or ethernet_address (H.H.H). |
|||
bfd_vtep_evpn | Dictionary | ||||
interval | Integer | ||||
min_rx | Integer | ||||
multiplier | Integer | Min: 3 Max: 50 |
|||
prefix_list | String | ||||
qos | Dictionary | For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in “DSCP Trust” mode. !!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping. |
|||
dscp_propagation_encapsulation | Boolean | ||||
ecn_propagation | Boolean | Enable copying the ECN marking to/from encapsulated packets. |
|||
map_dscp_to_traffic_class_decapsulation | Boolean | ||||
vlans | List, items: Dictionary | ||||
- id | Integer | Required, Unique | VLAN ID. | ||
vni | Integer | ||||
multicast_group | String | IP Multicast Group Address. | |||
flood_vteps | List, items: String | ||||
- <str> | String | Remote VTEP IP Address. | |||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF Name. | ||
vni | Integer | ||||
multicast_group | String | IP Multicast Group Address. | |||
flood_vteps | List, items: String | ||||
- <str> | String | Remote VTEP IP Address. | |||
flood_vtep_learned_data_plane | Boolean | ||||
eos_cli | String | Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration. |
|||
Vxlan1 deprecated | Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. Use vxlan1 instead. | |||
description | String | ||||
vxlan | Dictionary | ||||
source_interface | String | Source Interface Name. | |||
multicast | Dictionary | ||||
headend_replication | Boolean | ||||
controller_client | Dictionary | Client to CVX Controllers. | |||
enabled | Boolean | ||||
mlag_source_interface | String | ||||
udp_port | Integer | ||||
vtep_to_vtep_bridging | Boolean | Enable bridging between different VTEPs in vxlan overlay. | |||
virtual_router_encapsulation_mac_address | String | “mlag-system-id” or ethernet_address (H.H.H). |
|||
bfd_vtep_evpn | Dictionary | ||||
interval | Integer | ||||
min_rx | Integer | ||||
multiplier | Integer | Min: 3 Max: 50 |
|||
prefix_list | String | ||||
qos | Dictionary | For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in “DSCP Trust” mode. !!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping. |
|||
dscp_propagation_encapsulation | Boolean | ||||
ecn_propagation | Boolean | Enable copying the ECN marking to/from encapsulated packets. |
|||
map_dscp_to_traffic_class_decapsulation | Boolean | ||||
vlans | List, items: Dictionary | ||||
- id | Integer | Required, Unique | VLAN ID. | ||
vni | Integer | ||||
multicast_group | String | IP Multicast Group Address. | |||
flood_vteps | List, items: String | ||||
- <str> | String | Remote VTEP IP Address. | |||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF Name. | ||
vni | Integer | ||||
multicast_group | String | IP Multicast Group Address. | |||
flood_vteps | List, items: String | ||||
- <str> | String | Remote VTEP IP Address. | |||
flood_vtep_learned_data_plane | Boolean | ||||
eos_cli | String | Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration. |
vxlan_interface:
vxlan1:
description: <str>
vxlan:
# Source Interface Name.
source_interface: <str>
multicast:
headend_replication: <bool>
# Client to CVX Controllers.
controller_client:
enabled: <bool>
mlag_source_interface: <str>
udp_port: <int>
# Enable bridging between different VTEPs in vxlan overlay.
vtep_to_vtep_bridging: <bool>
# "mlag-system-id" or ethernet_address (H.H.H).
virtual_router_encapsulation_mac_address: <str>
bfd_vtep_evpn:
interval: <int>
min_rx: <int>
multiplier: <int; 3-50>
prefix_list: <str>
# For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in "DSCP Trust" mode.
# !!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping.
qos:
dscp_propagation_encapsulation: <bool>
# Enable copying the ECN marking to/from encapsulated packets.
ecn_propagation: <bool>
map_dscp_to_traffic_class_decapsulation: <bool>
vlans:
# VLAN ID.
- id: <int; required; unique>
vni: <int>
# IP Multicast Group Address.
multicast_group: <str>
flood_vteps:
# Remote VTEP IP Address.
- <str>
vrfs:
# VRF Name.
- name: <str; required; unique>
vni: <int>
# IP Multicast Group Address.
multicast_group: <str>
flood_vteps:
# Remote VTEP IP Address.
- <str>
flood_vtep_learned_data_plane: <bool>
# Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration.
eos_cli: <str>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>vxlan1</samp> instead.
Vxlan1:
description: <str>
vxlan:
# Source Interface Name.
source_interface: <str>
multicast:
headend_replication: <bool>
# Client to CVX Controllers.
controller_client:
enabled: <bool>
mlag_source_interface: <str>
udp_port: <int>
# Enable bridging between different VTEPs in vxlan overlay.
vtep_to_vtep_bridging: <bool>
# "mlag-system-id" or ethernet_address (H.H.H).
virtual_router_encapsulation_mac_address: <str>
bfd_vtep_evpn:
interval: <int>
min_rx: <int>
multiplier: <int; 3-50>
prefix_list: <str>
# For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in "DSCP Trust" mode.
# !!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping.
qos:
dscp_propagation_encapsulation: <bool>
# Enable copying the ECN marking to/from encapsulated packets.
ecn_propagation: <bool>
map_dscp_to_traffic_class_decapsulation: <bool>
vlans:
# VLAN ID.
- id: <int; required; unique>
vni: <int>
# IP Multicast Group Address.
multicast_group: <str>
flood_vteps:
# Remote VTEP IP Address.
- <str>
vrfs:
# VRF Name.
- name: <str; required; unique>
vni: <int>
# IP Multicast Group Address.
multicast_group: <str>
flood_vteps:
# Remote VTEP IP Address.
- <str>
flood_vtep_learned_data_plane: <bool>
# Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration.
eos_cli: <str>
Maintenance Mode¶
BGP groups¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
bgp_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Group Name. | ||
vrf | String | ||||
neighbors | List, items: String | ||||
- <str> | String | ||||
bgp_maintenance_profiles | List, items: String | ||||
- <str> | String | Profile Name. |
Interface groups¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
interface_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Interface-Group name. | ||
interfaces | List, items: String | ||||
- <str> | String | Interface Name. | |||
bgp_maintenance_profiles | List, items: String | ||||
- <str> | String | Name of BGP Maintenance Profile. | |||
interface_maintenance_profiles | List, items: String | ||||
- <str> | String | Name of Interface Maintenance Profile. |
Maintenance¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
maintenance | Dictionary | ||||
default_interface_profile | String | Name of default Interface Profile. |
|||
default_bgp_profile | String | Name of default BGP Profile. |
|||
default_unit_profile | String | Name of default Unit Profile. |
|||
interface_profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
rate_monitoring | Dictionary | ||||
load_interval | Integer | Load Interval in Seconds. |
|||
threshold | Integer | Threshold in kbps. |
|||
shutdown | Dictionary | ||||
max_delay | Integer | Max delay in seconds. |
|||
bgp_profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | BGP Profile Name. | ||
initiator | Dictionary | ||||
route_map_inout | String | Route Map. | |||
unit_profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | Unit Profile Name. | ||
on_boot | Dictionary | ||||
duration | Integer | Min: 300 Max: 3600 |
On-boot in seconds. |
||
units | List, items: Dictionary | ||||
- name | String | Required, Unique | Unit Name. | ||
quiesce | Boolean | ||||
profile | String | Name of Unit Profile. |
|||
groups | Dictionary | ||||
bgp_groups | List, items: String | ||||
- <str> | String | Name of BGP Group. |
|||
interface_groups | List, items: String | ||||
- <str> | String | Name of Interface Group. |
maintenance:
# Name of default Interface Profile.
default_interface_profile: <str>
# Name of default BGP Profile.
default_bgp_profile: <str>
# Name of default Unit Profile.
default_unit_profile: <str>
interface_profiles:
- name: <str; required; unique>
rate_monitoring:
# Load Interval in Seconds.
load_interval: <int>
# Threshold in kbps.
threshold: <int>
shutdown:
# Max delay in seconds.
max_delay: <int>
bgp_profiles:
# BGP Profile Name.
- name: <str; required; unique>
initiator:
# Route Map.
route_map_inout: <str>
unit_profiles:
# Unit Profile Name.
- name: <str; required; unique>
on_boot:
# On-boot in seconds.
duration: <int; 300-3600>
units:
# Unit Name.
- name: <str; required; unique>
quiesce: <bool>
# Name of Unit Profile.
profile: <str>
groups:
bgp_groups:
# Name of BGP Group.
- <str>
interface_groups:
# Name of Interface Group.
- <str>
Management¶
Aliases¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
aliases | String | Multi-line string with one or more alias commands. Example: yaml<br>aliases: |<br> alias wr copy running-config startup-config<br> alias siib show ip interface brief<br> |
Banners¶
Boot¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
boot | Dictionary | Set the Aboot password. |
|||
secret | Dictionary | ||||
hash_algorithm | String | sha512 |
Valid Values: - md5 - sha512 |
||
key | String | Hashed Password. |
Clock¶
DNS domain¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
dns_domain | String | Domain Name. |
Domain-list¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
domain_list | List, items: String | Search list of DNS domains. | |||
- <str> | String | Domain name. |
Hostname¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
hostname | String |
IP domain lookup¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_domain_lookup | Dictionary | ||||
source_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | Source Interface. |
||
vrf | String |
IP HTTP client source-interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_http_client_source_interfaces | List, items: Dictionary | ||||
- name | String | Interface Name. | |||
vrf | String |
IP name servers¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_name_servers | List, items: Dictionary | ||||
- ip_address | String | Required | IPv4 or IPv6 address for DNS server. | ||
vrf | String | VRF Name. | |||
priority | Integer | Min: 0 Max: 4 |
Priority value (lower is first). | ||
name_server removed | Dictionary | This key was removed. Support was removed in AVD version v5.0.0. Use ip_name_servers instead. |
IP SSH client source-interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_ssh_client_source_interfaces | List, items: Dictionary | ||||
- name | String | Interface Name. | |||
vrf | String | default |
Management accounts¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_accounts | Dictionary | ||||
password | Dictionary | ||||
policy | String |
Management API HTTP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_api_http | Dictionary | ||||
enable_http | Boolean | ||||
enable_https | Boolean | ||||
https_ssl_profile | String | SSL Profile Name. | |||
default_services | Boolean | Enable default services: capi-doc and tapagg. | |||
enable_vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF Name. | ||
access_group | String | Standard IPv4 ACL name. | |||
ipv6_access_group | String | Standard IPv6 ACL name. | |||
protocol_https_certificate | Dictionary | ||||
certificate | String | Name of certificate; private key must also be specified. | |||
private_key | String | Name of private key; certificate must also be specified. |
management_api_http:
enable_http: <bool>
enable_https: <bool>
# SSL Profile Name.
https_ssl_profile: <str>
# Enable default services: capi-doc and tapagg.
default_services: <bool>
enable_vrfs:
# VRF Name.
- name: <str; required; unique>
# Standard IPv4 ACL name.
access_group: <str>
# Standard IPv6 ACL name.
ipv6_access_group: <str>
protocol_https_certificate:
# Name of certificate; private key must also be specified.
certificate: <str>
# Name of private key; certificate must also be specified.
private_key: <str>
Management API models¶
Management console¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_console | Dictionary | ||||
idle_timeout | Integer | Min: 0 Max: 86400 |
Management defaults¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_defaults | Dictionary | ||||
secret | Dictionary | ||||
hash | String | Valid Values: - md5 - sha512 |
Management security¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_security | Dictionary | ||||
entropy_sources | Dictionary | Source of entropy. | |||
hardware | Boolean | Use a hardware based source. | |||
haveged | Boolean | Use the HAVEGE algorithm. | |||
cpu_jitter | Boolean | Use the Jitter RNG algorithm of a CPU based source. | |||
hardware_exclusive | Boolean | Only use entropy from the hardware source. | |||
password | Dictionary | ||||
minimum_length | Integer | Min: 1 Max: 32 |
|||
encryption_key_common | Boolean | ||||
encryption_reversible | String | ||||
policies | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
minimum | Dictionary | ||||
digits | Integer | Min: 1 Max: 65535 |
|||
length | Integer | Min: 1 Max: 65535 |
|||
lower | Integer | Min: 1 Max: 65535 |
|||
special | Integer | Min: 1 Max: 65535 |
|||
upper | Integer | Min: 1 Max: 65535 |
|||
maximum | Dictionary | ||||
repetitive | Integer | Min: 1 Max: 65535 |
|||
sequential | Integer | Min: 1 Max: 65535 |
|||
ssl_profiles | List, items: Dictionary | ||||
- name | String | ||||
tls_versions | String | List of allowed TLS versions as string. Examples: - “1.0” - “1.0 1.1” |
|||
cipher_list | String | cipher_list syntax follows the openssl cipher strings format. Colon (:) separated list of allowed ciphers as a string. |
|||
trust_certificate | Dictionary | ||||
certificates | List, items: String | List of trust certificate names. Examples: - test1.crt - test2.crt |
|||
- <str> | String | ||||
requirement | Dictionary | ||||
basic_constraint_ca | Boolean | ||||
hostname_fqdn | Boolean | Enforce hostname to be FQDN without wildcard. |
|||
policy_expiry_date_ignore | Boolean | ||||
system | Boolean | Use system-supplied trust certificates. |
|||
chain_certificate | Dictionary | ||||
certificates | List, items: String | List of chain certificate names. Examples: - chain1.crt - chain2.crt |
|||
- <str> | String | ||||
requirement | Dictionary | ||||
basic_constraint_ca | Boolean | ||||
include_root_ca | Boolean | ||||
certificate | Dictionary | ||||
file | String | ||||
key | String | ||||
certificate_revocation_lists | List, items: String | List of CRLs (Certificate Revocation List). If specified, one CRL needs to be provided for every certificate in the chain, even if the revocation list in the CRL is empty. |
|||
- <str> | String | ||||
shared_secret_profiles | List, items: Dictionary | ||||
- profile | String | Required, Unique | |||
secrets | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
secret | String | Required | |||
secret_type | String | 7 |
Valid Values: - 0 - 7 - 8a |
||
receive_lifetime | Dictionary | Required | |||
infinite | Boolean | ||||
start_date_time | String | Start date and time of lifetime of the secret. End date should be greater than start date. Formats supported: 1. mm/dd/yyyy hh:mm:ss 2. yyyy-mm-dd hh:mm:ss e.g 2024-12-20 10:00:00 |
|||
end_date_time | String | End date and time of lifetime of the secret. End date should be greater than start date. Formats supported: 1. mm/dd/yyyy hh:mm:ss 2. yyyy-mm-dd hh:mm:ss e.g 2024-12-20 10:00:00 |
|||
transmit_lifetime | Dictionary | Required | |||
infinite | Boolean | ||||
start_date_time | String | Start date and time of lifetime of the secret. End date should be greater than start date. Formats supported: 1. mm/dd/yyyy hh:mm:ss 2. yyyy-mm-dd hh:mm:ss e.g 2024-12-20 10:00:00 |
|||
end_date_time | String | End date and time of lifetime of the secret. End date should be greater than start date. Formats supported: 1. mm/dd/yyyy hh:mm:ss 2. yyyy-mm-dd hh:mm:ss e.g 2024-12-20 10:00:00 |
|||
local_time | Boolean | Configuring secret using the local timezone from system clock. Default is UTC. | |||
entropy_source removed | String | This key was removed. Support was removed in AVD version v5.0.0. Use entropy_sources instead. |
management_security:
# Source of entropy.
entropy_sources:
# Use a hardware based source.
hardware: <bool>
# Use the HAVEGE algorithm.
haveged: <bool>
# Use the Jitter RNG algorithm of a CPU based source.
cpu_jitter: <bool>
# Only use entropy from the hardware source.
hardware_exclusive: <bool>
password:
minimum_length: <int; 1-32>
encryption_key_common: <bool>
encryption_reversible: <str>
policies:
- name: <str; required; unique>
minimum:
digits: <int; 1-65535>
length: <int; 1-65535>
lower: <int; 1-65535>
special: <int; 1-65535>
upper: <int; 1-65535>
maximum:
repetitive: <int; 1-65535>
sequential: <int; 1-65535>
ssl_profiles:
- name: <str>
# List of allowed TLS versions as string.
# Examples:
# - "1.0"
# - "1.0 1.1"
tls_versions: <str>
# cipher_list syntax follows the openssl cipher strings format.
# Colon (:) separated list of allowed ciphers as a string.
cipher_list: <str>
trust_certificate:
# List of trust certificate names.
# Examples:
# - test1.crt
# - test2.crt
certificates:
- <str>
requirement:
basic_constraint_ca: <bool>
# Enforce hostname to be FQDN without wildcard.
hostname_fqdn: <bool>
policy_expiry_date_ignore: <bool>
# Use system-supplied trust certificates.
system: <bool>
chain_certificate:
# List of chain certificate names.
# Examples:
# - chain1.crt
# - chain2.crt
certificates:
- <str>
requirement:
basic_constraint_ca: <bool>
include_root_ca: <bool>
certificate:
file: <str>
key: <str>
# List of CRLs (Certificate Revocation List).
# If specified, one CRL needs to be provided for every certificate in the chain, even if the revocation list in the CRL is empty.
certificate_revocation_lists:
- <str>
shared_secret_profiles:
- profile: <str; required; unique>
secrets:
- name: <str; required; unique>
secret: <str; required>
secret_type: <str; "0" | "7" | "8a"; default="7">
receive_lifetime: # required
infinite: <bool>
# Start date and time of lifetime of the secret. End date should be greater than start date.
# Formats supported:
# 1. mm/dd/yyyy hh:mm:ss
# 2. yyyy-mm-dd hh:mm:ss
# e.g 2024-12-20 10:00:00
start_date_time: <str>
# End date and time of lifetime of the secret. End date should be greater than start date.
# Formats supported:
# 1. mm/dd/yyyy hh:mm:ss
# 2. yyyy-mm-dd hh:mm:ss
# e.g 2024-12-20 10:00:00
end_date_time: <str>
transmit_lifetime: # required
infinite: <bool>
# Start date and time of lifetime of the secret. End date should be greater than start date.
# Formats supported:
# 1. mm/dd/yyyy hh:mm:ss
# 2. yyyy-mm-dd hh:mm:ss
# e.g 2024-12-20 10:00:00
start_date_time: <str>
# End date and time of lifetime of the secret. End date should be greater than start date.
# Formats supported:
# 1. mm/dd/yyyy hh:mm:ss
# 2. yyyy-mm-dd hh:mm:ss
# e.g 2024-12-20 10:00:00
end_date_time: <str>
# Configuring secret using the local timezone from system clock. Default is UTC.
local_time: <bool>
Management SSH¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_ssh | Dictionary | ||||
authentication | Dictionary | ||||
empty_passwords | String | Valid Values: - auto - deny - permit |
Permit or deny empty passwords for SSH authentication. | ||
protocols | List, items: String | Allowed SSH authentication methods. | |||
- <str> | String | Valid Values: - keyboard-interactive - password - public-key |
|||
access_groups | List, items: Dictionary | ||||
- name | String | Standard ACL Name. | |||
vrf | String | VRF Name. | |||
ipv6_access_groups | List, items: Dictionary | ||||
- name | String | Standard ACL Name. | |||
vrf | String | VRF Name. | |||
idle_timeout | Integer | Min: 0 Max: 86400 |
Idle timeout in minutes. | ||
cipher | List, items: String | Cryptographic ciphers for SSH to use. | |||
- <str> | String | ||||
key_exchange | List, items: String | Cryptographic key exchange methods for SSH to use. | |||
- <str> | String | ||||
mac | List, items: String | Cryptographic MAC algorithms for SSH to use. | |||
- <str> | String | ||||
fips_restrictions | Boolean | Use FIPS compliant algorithms. | |||
hostkey | Dictionary | ||||
server | List, items: String | SSH host key settings. | |||
- <str> | String | ||||
server_cert | String | Configure switch’s hostkey cert file. | |||
client_strict_checking | Boolean | Enforce strict host key checking. | |||
enable | Boolean | Enable SSH daemon. | |||
connection | Dictionary | ||||
limit | Integer | Min: 1 Max: 100 |
Maximum total number of SSH sessions to device. | ||
per_host | Integer | Min: 1 Max: 20 |
Maximum number of SSH sessions to device from a single host. | ||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF Name. | ||
enable | Boolean | Enable SSH in VRF. | |||
log_level | String | SSH daemon log level. | |||
client_alive | Dictionary | ||||
count_max | Integer | Min: 1 Max: 1000 |
Number of keep-alive packets that can be sent without a response before the connection is assumed dead. | ||
interval | Integer | Min: 1 Max: 1000 |
Time period (in seconds) to send SSH keep-alive packets. |
management_ssh:
authentication:
# Permit or deny empty passwords for SSH authentication.
empty_passwords: <str; "auto" | "deny" | "permit">
# Allowed SSH authentication methods.
protocols:
- <str; "keyboard-interactive" | "password" | "public-key">
access_groups:
# Standard ACL Name.
- name: <str>
# VRF Name.
vrf: <str>
ipv6_access_groups:
# Standard ACL Name.
- name: <str>
# VRF Name.
vrf: <str>
# Idle timeout in minutes.
idle_timeout: <int; 0-86400>
# Cryptographic ciphers for SSH to use.
cipher:
- <str>
# Cryptographic key exchange methods for SSH to use.
key_exchange:
- <str>
# Cryptographic MAC algorithms for SSH to use.
mac:
- <str>
# Use FIPS compliant algorithms.
fips_restrictions: <bool>
hostkey:
# SSH host key settings.
server:
- <str>
# Configure switch's hostkey cert file.
server_cert: <str>
# Enforce strict host key checking.
client_strict_checking: <bool>
# Enable SSH daemon.
enable: <bool>
connection:
# Maximum total number of SSH sessions to device.
limit: <int; 1-100>
# Maximum number of SSH sessions to device from a single host.
per_host: <int; 1-20>
vrfs:
# VRF Name.
- name: <str; required; unique>
# Enable SSH in VRF.
enable: <bool>
# SSH daemon log level.
log_level: <str>
client_alive:
# Number of keep-alive packets that can be sent without a response before the connection is assumed dead.
count_max: <int; 1-1000>
# Time period (in seconds) to send SSH keep-alive packets.
interval: <int; 1-1000>
Management tech-support¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_tech_support | Dictionary | ||||
policy_show_tech_support | Dictionary | ||||
exclude_commands | List, items: Dictionary | ||||
- command | String | Command to exclude from tech-support. | |||
type | String | text |
Valid Values: - text - json |
The supported values for type are platform dependent. | |
include_commands | List, items: Dictionary | ||||
- command | String | Command to include in tech-support. |
NTP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ntp | Dictionary | ||||
local_interface | Dictionary | ||||
name | String | Source interface. | |||
vrf | String | VRF name. | |||
servers | List, items: Dictionary | ||||
- name | String | IP or hostname e.g., 2.2.2.55, 2001:db8::55, ie.pool.ntp.org. | |||
burst | Boolean | ||||
iburst | Boolean | ||||
key | Integer | Min: 1 Max: 65535 |
|||
local_interface | String | Source interface. | |||
maxpoll | Integer | Min: 3 Max: 17 |
Value of maxpoll between 3 - 17 (Logarithmic). | ||
minpoll | Integer | Min: 3 Max: 17 |
Value of minpoll between 3 - 17 (Logarithmic). | ||
preferred | Boolean | ||||
version | Integer | Min: 1 Max: 4 |
|||
vrf | String | VRF name. | |||
authenticate | Boolean | ||||
authenticate_servers_only | Boolean | ||||
authentication_keys | List, items: Dictionary | ||||
- id | Integer | Required, Unique | Min: 1 Max: 65534 |
Key identifier. | |
hash_algorithm | String | Valid Values: - md5 - sha1 |
|||
key | String | Obfuscated key. | |||
key_type | String | Valid Values: - 0 - 7 - 8a |
|||
trusted_keys | String | List of trusted-keys as string ex. 10-12,15. |
ntp:
local_interface:
# Source interface.
name: <str>
# VRF name.
vrf: <str>
servers:
# IP or hostname e.g., 2.2.2.55, 2001:db8::55, ie.pool.ntp.org.
- name: <str>
burst: <bool>
iburst: <bool>
key: <int; 1-65535>
# Source interface.
local_interface: <str>
# Value of maxpoll between 3 - 17 (Logarithmic).
maxpoll: <int; 3-17>
# Value of minpoll between 3 - 17 (Logarithmic).
minpoll: <int; 3-17>
preferred: <bool>
version: <int; 1-4>
# VRF name.
vrf: <str>
authenticate: <bool>
authenticate_servers_only: <bool>
authentication_keys:
# Key identifier.
- id: <int; 1-65534; required; unique>
hash_algorithm: <str; "md5" | "sha1">
# Obfuscated key.
key: <str>
key_type: <str; "0" | "7" | "8a">
# List of trusted-keys as string ex. 10-12,15.
trusted_keys: <str>
Prompt¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
prompt | String |
Terminal¶
Virtual source NAT VRFs¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
virtual_source_nat_vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF Name. | ||
ip_address | String | IPv4 Address. |
Miscellaneous¶
Config comment¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
config_comment | String | Add a comment to provide information about the configuration. This comment will be rendered at the top of the generated configuration. |
Config end¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
config_end | Boolean | False |
Render end at the end of the configuration. |
CVX¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
cvx | Dictionary | CVX server features are not supported on physical switches. See management_cvx for client configurations. |
|||
shutdown | Boolean | ||||
peer_hosts | List, items: String | ||||
- <str> | String | IP address or hostname. | |||
services | Dictionary | ||||
mcs | Dictionary | ||||
redis | Dictionary | ||||
password | String | Hashed password using the password_type. | |||
password_type | String | 7 |
Valid Values: - 0 - 7 - 8a |
||
shutdown | Boolean | ||||
vxlan | Dictionary | VXLAN Controller service. | |||
shutdown | Boolean | ||||
vtep_mac_learning | String | Valid Values: - control-plane - data-plane |
# CVX server features are not supported on physical switches. See `management_cvx` for client configurations.
cvx:
shutdown: <bool>
peer_hosts:
# IP address or hostname.
- <str>
services:
mcs:
redis:
# Hashed password using the password_type.
password: <str>
password_type: <str; "0" | "7" | "8a"; default="7">
shutdown: <bool>
# VXLAN Controller service.
vxlan:
shutdown: <bool>
vtep_mac_learning: <str; "control-plane" | "data-plane">
EOS cli¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
eos_cli | String | Multiline string with EOS CLI rendered directly on the root level of the final EOS configuration. |
Is deployed¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
is_deployed | Boolean | True |
Key only used for documentation or validation purposes. |
Management CVX¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_cvx | Dictionary | ||||
shutdown | Boolean | ||||
server_hosts | List, items: String | ||||
- <str> | String | IP or hostname. | |||
source_interface | String | Interface name. | |||
vrf | String | VRF Name. |
MCS client¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
mcs_client | Dictionary | ||||
shutdown | Boolean | ||||
cvx_secondary | Dictionary | ||||
name | String | ||||
shutdown | Boolean | ||||
server_hosts | List, items: String | ||||
- <str> | String | IP or hostname. |
Monitoring¶
Daemons¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
daemons | List, items: Dictionary | This will add a daemon to the eos configuration that is most useful when trying to run OpenConfig clients like ocprometheus. | |||
- name | String | Required, Unique | Daemon Name. | ||
exec | String | Required | command to run as a daemon. |
||
enabled | Boolean | True |
Daemon terminattr¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
daemon_terminattr | Dictionary | You can either provide a list of IPs/FQDNs to target on-premise Cloudvision cluster or use DNS name for your Cloudvision as a Service instance. Streaming to multiple clusters both on-prem and cloud service is supported. !!! note For TerminAttr version recommendation and EOS compatibility matrix, please refer to the latest TerminAttr Release Notes which always contain the latest recommended versions and minimum required versions per EOS release. |
|||
cvaddrs | List, items: String | Streaming address(es) for CloudVision single cluster. - TCP 9910 is used for CV on-prem - TCP 443 is used for CV as a Service |
|||
- <str> | String | Server address in the format <ip/fqdn>:<port> . |
|||
clusters | List, items: Dictionary | Multiple CloudVision clusters. |
|||
- name | String | Required, Unique | Cluster Name. | ||
cvaddrs | List, items: String | Streaming address(es) for CloudVision cluster. - TCP 9910 is used for CV on-prem - TCP 443 is used for CV as a Service |
|||
- <str> | String | Server address in the format <ip/fqdn>:<port> . |
|||
cvauth | Dictionary | Authentication scheme used to connect to CloudVision. |
|||
method | String | Valid Values: - token - token-secure - key - certs |
|||
key | String | ||||
token_file | String | Token file path. e.g. “/tmp/token” |
|||
cert_file | String | Client certificate file path. e.g. “/persist/secure/ssl/terminattr/primary/certs/client.crt” |
|||
ca_file | String | CA certificate file path (on-prem only). e.g. “/persist/secure/ssl/terminattr/primary/certs/ca.crt” |
|||
key_file | String | Client certificate key file path. e.g. “/persist/secure/ssl/terminattr/primary/keys/client.key” |
|||
cvobscurekeyfile | Boolean | Encrypt the private key used for authentication to CloudVision. |
|||
cvproxy | String | Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud. The expected form is http://[user:password@]ip:port, e.g.: http://arista:arista@10.83.12.78:3128 . Available as of TerminAttr v1.13.0. |
|||
cvsourceip | String | Set source IP address in case of in-band management. |
|||
cvsourceintf | String | Set source interface in case of in-band management. Available as of TerminAttr v1.23.0. The interface name is case sensitive and has to match the interface name in the running-config, e.g.:Vlan100. |
|||
cvvrf | String | The VRF to use to connect to CloudVision. |
|||
cvauth | Dictionary | Authentication scheme used to connect to CloudVision. |
|||
method | String | Valid Values: - token - token-secure - key - certs |
|||
key | String | ||||
token_file | String | Token file path. e.g. “/tmp/token” |
|||
cert_file | String | Client certificate file path. e.g. “/persist/secure/ssl/terminattr/primary/certs/client.crt” |
|||
ca_file | String | CA certificate file path (on-prem only). e.g. “/persist/secure/ssl/terminattr/primary/certs/ca.crt” |
|||
key_file | String | Client certificate key file path. e.g. “/persist/secure/ssl/terminattr/primary/keys/client.key” |
|||
cvobscurekeyfile | Boolean | Encrypt the private key used for authentication to CloudVision. |
|||
cvproxy | String | Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud. The expected form is http://[user:password@]ip:port, e.g.: http://arista:arista@10.83.12.78:3128 . Available as of TerminAttr v1.13.0. |
|||
cvsourceip | String | Set source IP address in case of in-band management. |
|||
cvsourceintf | String | Set source interface in case of in-band management. The interface name is case sensitive and has to match the interface name in the running-config, e.g.:Vlan100. |
|||
cvvrf | String | The VRF to use to connect to CloudVision. |
|||
cvgnmi | Boolean | Stream states from EOS gNMI servers (Openconfig) to CloudVision. Available as of TerminAttr v1.13.1. |
|||
disable_aaa | Boolean | Disable AAA authorization and accounting. When setting this flag, all commands pushed from CloudVision are applied directly to the CLI without authorization. |
|||
grpcaddr | String | Set the gRPC server address, the default is 127.0.0.1:6042. e.g. “MGMT/0.0.0.0:6042” |
|||
grpcreadonly | Boolean | gNMI read-only mode - Disable gnmi.Set(). |
|||
ingestexclude | String | Exclude paths from Sysdb on the ingest side. e.g. “/Sysdb/cell/1/agent,/Sysdb/cell/2/agent” |
|||
smashexcludes | String | Exclude paths from the shared memory table. e.g. “ale,flexCounter,hardware,kni,pulse,strata” |
|||
taillogs | String | Enable log file collection; /var/log/messages is streamed by default if no path is set. e.g. “/var/log/messages” |
|||
ecodhcpaddr | String | ECO DHCP Collector address or ECO DHCP Fingerprint listening address in standalone mode (default “127.0.0.1:67”). |
|||
ipfix | Boolean | Enable IPFIX provider (TerminAttr default is true). This flag is enabled by default and does not have to be added to the daemon configuration. |
|||
ipfixaddr | String | ECO IPFIX Collector address to listen on to receive IPFIX packets (TerminAttr default “127.0.0.1:4739”). |
|||
sflow | Boolean | Enable sFlow provider (TerminAttr default is true). |
|||
sflowaddr | String | ECO sFlow Collector address to listen on to receive sFlow packets (TerminAttr default “127.0.0.1:6343”). |
|||
cvconfig | Boolean | Subscribe to dynamic device configuration from CloudVision (TerminAttr default is false). |
|||
cvcompression removed | String | The default compression scheme when streaming to CloudVision is gzip since TerminAttr 1.6.1 and CVP 2019.1.0. There is no need to change the compression scheme. This key was removed. Support was removed in AVD version v5.0.0. |
# You can either provide a list of IPs/FQDNs to target on-premise Cloudvision cluster or use DNS name for your Cloudvision as a Service instance.
# Streaming to multiple clusters both on-prem and cloud service is supported.
#
# !!! note
# For TerminAttr version recommendation and EOS compatibility matrix, please refer to the latest TerminAttr Release Notes
# which always contain the latest recommended versions and minimum required versions per EOS release.
daemon_terminattr:
# Streaming address(es) for CloudVision single cluster.
# - TCP 9910 is used for CV on-prem
# - TCP 443 is used for CV as a Service
cvaddrs:
# Server address in the format `<ip/fqdn>:<port>`.
- <str>
# Multiple CloudVision clusters.
clusters:
# Cluster Name.
- name: <str; required; unique>
# Streaming address(es) for CloudVision cluster.
# - TCP 9910 is used for CV on-prem
# - TCP 443 is used for CV as a Service
cvaddrs:
# Server address in the format `<ip/fqdn>:<port>`.
- <str>
# Authentication scheme used to connect to CloudVision.
cvauth:
method: <str; "token" | "token-secure" | "key" | "certs">
key: <str>
# Token file path.
# e.g. "/tmp/token"
token_file: <str>
# Client certificate file path.
# e.g. "/persist/secure/ssl/terminattr/primary/certs/client.crt"
cert_file: <str>
# CA certificate file path (on-prem only).
# e.g. "/persist/secure/ssl/terminattr/primary/certs/ca.crt"
ca_file: <str>
# Client certificate key file path.
# e.g. "/persist/secure/ssl/terminattr/primary/keys/client.key"
key_file: <str>
# Encrypt the private key used for authentication to CloudVision.
cvobscurekeyfile: <bool>
# Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
# The expected form is http://[user:password@]ip:port, e.g.: `http://arista:arista@10.83.12.78:3128`. Available as of TerminAttr v1.13.0.
cvproxy: <str>
# Set source IP address in case of in-band management.
cvsourceip: <str>
# Set source interface in case of in-band management. Available as of TerminAttr v1.23.0.
# The interface name is case sensitive and has to match the interface name in the running-config, e.g.:Vlan100.
cvsourceintf: <str>
# The VRF to use to connect to CloudVision.
cvvrf: <str>
# Authentication scheme used to connect to CloudVision.
cvauth:
method: <str; "token" | "token-secure" | "key" | "certs">
key: <str>
# Token file path.
# e.g. "/tmp/token"
token_file: <str>
# Client certificate file path.
# e.g. "/persist/secure/ssl/terminattr/primary/certs/client.crt"
cert_file: <str>
# CA certificate file path (on-prem only).
# e.g. "/persist/secure/ssl/terminattr/primary/certs/ca.crt"
ca_file: <str>
# Client certificate key file path.
# e.g. "/persist/secure/ssl/terminattr/primary/keys/client.key"
key_file: <str>
# Encrypt the private key used for authentication to CloudVision.
cvobscurekeyfile: <bool>
# Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
# The expected form is http://[user:password@]ip:port, e.g.: `http://arista:arista@10.83.12.78:3128`. Available as of TerminAttr v1.13.0.
cvproxy: <str>
# Set source IP address in case of in-band management.
cvsourceip: <str>
# Set source interface in case of in-band management.
# The interface name is case sensitive and has to match the interface name in the running-config, e.g.:Vlan100.
cvsourceintf: <str>
# The VRF to use to connect to CloudVision.
cvvrf: <str>
# Stream states from EOS gNMI servers (Openconfig) to CloudVision. Available as of TerminAttr v1.13.1.
cvgnmi: <bool>
# Disable AAA authorization and accounting.
# When setting this flag, all commands pushed from CloudVision are applied directly to the CLI without authorization.
disable_aaa: <bool>
# Set the gRPC server address, the default is 127.0.0.1:6042.
# e.g. "MGMT/0.0.0.0:6042"
grpcaddr: <str>
# gNMI read-only mode - Disable gnmi.Set().
grpcreadonly: <bool>
# Exclude paths from Sysdb on the ingest side.
# e.g. "/Sysdb/cell/1/agent,/Sysdb/cell/2/agent"
ingestexclude: <str>
# Exclude paths from the shared memory table.
# e.g. "ale,flexCounter,hardware,kni,pulse,strata"
smashexcludes: <str>
# Enable log file collection; /var/log/messages is streamed by default if no path is set.
# e.g. "/var/log/messages"
taillogs: <str>
# ECO DHCP Collector address or ECO DHCP Fingerprint listening address in standalone mode (default "127.0.0.1:67").
ecodhcpaddr: <str>
# Enable IPFIX provider (TerminAttr default is true).
# This flag is enabled by default and does not have to be added to the daemon configuration.
ipfix: <bool>
# ECO IPFIX Collector address to listen on to receive IPFIX packets (TerminAttr default "127.0.0.1:4739").
ipfixaddr: <str>
# Enable sFlow provider (TerminAttr default is true).
sflow: <bool>
# ECO sFlow Collector address to listen on to receive sFlow packets (TerminAttr default "127.0.0.1:6343").
sflowaddr: <str>
# Subscribe to dynamic device configuration from CloudVision (TerminAttr default is false).
cvconfig: <bool>
Event handlers¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
event_handlers | List, items: Dictionary | Gives the ability to monitor and react to Syslog messages. Event Handlers provide a powerful and flexible tool that can be used to apply self-healing actions, customize the system behavior, and implement workarounds to problems discovered in the field. |
|||
- name | String | Required, Unique | Event Handler Name. | ||
actions | Dictionary | Note: bash_command and log are mutually exclusive. bash_command takes precedence over log . |
|||
bash_command | String | Define BASH command action. Command could be multiline also. | |||
log | Boolean | Log a message when the event is triggered. | |||
increment_device_health_metric | String | Name of device-health metric. | |||
delay | Integer | Event-handler delay in seconds. |
|||
trigger | String | Valid Values: - on-boot - on-counters - on-intf - on-logging - on-maintenance - on-startup-config - vm-tracer vm |
Configure event trigger condition. |
||
trigger_on_counters | Dictionary | ||||
condition | String | Set the logical expression to evaluate. | |||
granularity_per_source | Boolean | Set the granularity of event counting for a wildcarded condition. Example - condition ( Arad*.IptCrcErrCnt.delta > 100 ) and ( Arad*.UcFifoFullDrop.delta > 100 ) [* wildcard is used here] |
|||
poll_interval | Integer | Min: 1 Max: 1000000 |
Set the polling interval in seconds. | ||
trigger_on_logging | Dictionary | ||||
poll_interval | Integer | Min: 1 Max: 1000000 |
Set the polling interval in seconds. | ||
regex | String | Regular expression to use for searching log messages. | |||
trigger_on_intf | Dictionary | Trigger condition occurs on specified interface changes. Note: Any one of the ip , ipv6 and operstatus key needs to be defined along with the interface . |
|||
interface | String | Required | Interface name. Example - Ethernet4 Loopback4-6 Port-channel4,7 |
||
ip | Boolean | Action is triggered upon changes to interface IP address assignment. | |||
ipv6 | Boolean | Action is triggered upon changes to interface ipv6 address assignment. | |||
operstatus | Boolean | Action is triggered upon changes to interface operStatus. | |||
trigger_on_maintenance | Dictionary | Settings required for trigger ‘on-maintenance’. | |||
operation | String | Required | Valid Values: - enter - exit |
||
bgp_peer | String | Ipv4/Ipv6 address or peer group name. Trigger condition occurs on maintenance operation of specified BGP peer. |
|||
action | String | Required | Valid Values: - after - before - all - begin - end |
Action for maintenance operation. | |
stage | String | Valid Values: - bgp - linkdown - mlag - ratemon |
Action is triggered after/before specified stage. | ||
vrf | String | VRF name. VRF can be defined for “bgp_peer” only. | |||
interface | String | Trigger condition occurs on maintenance operation of specified interface. | |||
unit | String | Name of unit. Trigger condition occurs on maintenance operation of specified unit | |||
asynchronous | Boolean | False |
Set the action to be non-blocking. |
||
action_type removed | String | Valid Values: - bash - increment - log |
This key was removed. Support was removed in AVD version 5.0.0. Use event_handlers.actions instead. | ||
action removed | String | Command to execute. This key was removed. Support was removed in AVD version 5.0.0. Use event_handlers.actions.bash_command instead. |
|||
regex removed | String | Regular expression to use for searching log messages. Required for on-logging trigger. This key was removed. Support was removed in AVD version 5.0.0. Use event_handlers.trigger_on_logging.regex instead. |
# Gives the ability to monitor and react to Syslog messages.
# Event Handlers provide a powerful and flexible tool that can be used to apply self-healing actions,
# customize the system behavior, and implement workarounds to problems discovered in the field.
event_handlers:
# Event Handler Name.
- name: <str; required; unique>
# Note: `bash_command` and `log` are mutually exclusive. `bash_command` takes precedence over `log`.
actions:
# Define BASH command action. Command could be multiline also.
bash_command: <str>
# Log a message when the event is triggered.
log: <bool>
# Name of device-health metric.
increment_device_health_metric: <str>
# Event-handler delay in seconds.
delay: <int>
# Configure event trigger condition.
trigger: <str; "on-boot" | "on-counters" | "on-intf" | "on-logging" | "on-maintenance" | "on-startup-config" | "vm-tracer vm">
trigger_on_counters:
# Set the logical expression to evaluate.
condition: <str>
# Set the granularity of event counting for a wildcarded condition.
# Example -
# condition ( Arad*.IptCrcErrCnt.delta > 100 ) and ( Arad*.UcFifoFullDrop.delta > 100 )
# [* wildcard is used here]
granularity_per_source: <bool>
# Set the polling interval in seconds.
poll_interval: <int; 1-1000000>
trigger_on_logging:
# Set the polling interval in seconds.
poll_interval: <int; 1-1000000>
# Regular expression to use for searching log messages.
regex: <str>
# Trigger condition occurs on specified interface changes.
# Note: Any one of the `ip`, `ipv6` and `operstatus` key needs to be defined along with the `interface`.
trigger_on_intf:
# Interface name.
# Example - Ethernet4
# Loopback4-6
# Port-channel4,7
interface: <str; required>
# Action is triggered upon changes to interface IP address assignment.
ip: <bool>
# Action is triggered upon changes to interface ipv6 address assignment.
ipv6: <bool>
# Action is triggered upon changes to interface operStatus.
operstatus: <bool>
# Settings required for trigger 'on-maintenance'.
trigger_on_maintenance:
operation: <str; "enter" | "exit"; required>
# Ipv4/Ipv6 address or peer group name.
# Trigger condition occurs on maintenance operation of specified BGP peer.
bgp_peer: <str>
# Action for maintenance operation.
action: <str; "after" | "before" | "all" | "begin" | "end"; required>
# Action is triggered after/before specified stage.
stage: <str; "bgp" | "linkdown" | "mlag" | "ratemon">
# VRF name. VRF can be defined for "bgp_peer" only.
vrf: <str>
# Trigger condition occurs on maintenance operation of specified interface.
interface: <str>
# Name of unit. Trigger condition occurs on maintenance operation of specified unit
unit: <str>
# Set the action to be non-blocking.
asynchronous: <bool; default=False>
Event monitor¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
event_monitor | Dictionary | ||||
enabled | Boolean |
Flow tracking¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
flow_tracking | Dictionary | ||||
sampled | Dictionary | ||||
encapsulation | Dictionary | ||||
ipv4_ipv6 | Boolean | ||||
mpls | Boolean | ||||
sample | Integer | Min: 1 Max: 4294967295 |
|||
hardware_offload | Dictionary | ||||
ipv4 | Boolean | Configure hardware offload for IPv4 traffic. | |||
ipv6 | Boolean | Configure hardware offload for IPv6 traffic. | |||
threshold_minimum | Integer | Min: 1 Max: 4294967295 |
Minimum number of samples. | ||
trackers | List, items: Dictionary | ||||
- table_size | Integer | Min: 1 Max: 614400 |
Maximum number of entries in flow table. |
||
record_export | Dictionary | ||||
mpls | Boolean | Export MPLS forwarding information. | |||
on_inactive_timeout | Integer | Min: 3000 Max: 900000 |
Flow record inactive export timeout in milliseconds. | ||
on_interval | Integer | Min: 1000 Max: 36000000 |
Flow record export interval in milliseconds. | ||
name | String | Required, Unique | Tracker Name. | ||
exporters | List, items: Dictionary | ||||
- name | String | Required, Unique | Exporter Name. | ||
collector | Dictionary | ||||
host | String | Collector IPv4 address or IPv6 address or fully qualified domain name. | |||
port | Integer | Min: 1 Max: 65535 |
Collector Port Number. | ||
format | Dictionary | ||||
ipfix_version | Integer | ||||
local_interface | String | Local Source Interface. | |||
template_interval | Integer | Min: 5000 Max: 3600000 |
Template interval in milliseconds. | ||
shutdown | Boolean | False |
|||
hardware | Dictionary | ||||
record | Dictionary | ||||
format_ipfix_standard_timestamps_counters | Boolean | Enable software export of IPFIX data records. | |||
trackers | List, items: Dictionary | ||||
- name | String | Required, Unique | Tracker Name. | ||
record_export | Dictionary | ||||
on_inactive_timeout | Integer | Min: 3000 Max: 900000 |
Flow record inactive export timeout in milliseconds. | ||
on_interval | Integer | Min: 1000 Max: 36000000 |
Flow record export interval in milliseconds. | ||
exporters | List, items: Dictionary | ||||
- name | String | Required, Unique | Exporter Name. | ||
collector | Dictionary | ||||
host | String | Collector IPv4 address or IPv6 address or fully qualified domain name. | |||
port | Integer | Min: 1 Max: 65535 |
Collector Port Number. | ||
format | Dictionary | ||||
ipfix_version | Integer | ||||
local_interface | String | Local Source Interface. | |||
template_interval | Integer | Min: 5000 Max: 3600000 |
Template interval in milliseconds. | ||
shutdown | Boolean | False |
|||
flow_trackings removed | List, items: Dictionary | This key was removed. Support was removed in AVD version v5.0.0. Use flow_tracking instead. | |||
- type | String | Required, Unique | Valid Values: - sampled |
Flow Tracking Type - only ‘sampled’ supported for now. | |
sample | Integer | Min: 1 Max: 4294967295 |
|||
trackers | List, items: Dictionary | ||||
- name | String | Required, Unique | Tracker Name. | ||
record_export | Dictionary | ||||
on_inactive_timeout | Integer | Min: 3000 Max: 900000 |
Flow record inactive export timeout in milliseconds. | ||
on_interval | Integer | Min: 1000 Max: 36000000 |
Flow record export interval in milliseconds. | ||
mpls | Boolean | Export MPLS forwarding information. | |||
exporters | List, items: Dictionary | ||||
- name | String | Required, Unique | Exporter Name. | ||
collector | Dictionary | ||||
host | String | Collector IPv4 address or IPv6 address or fully qualified domain name. | |||
port | Integer | Min: 1 Max: 65535 |
Collector Port Number. | ||
format | Dictionary | ||||
ipfix_version | Integer | ||||
local_interface | String | Local Source Interface. | |||
template_interval | Integer | Min: 5000 Max: 3600000 |
Template interval in milliseconds. | ||
table_size | Integer | Min: 1 Max: 614400 |
Maximum number of entries in flow table. |
||
shutdown | Boolean | False |
flow_tracking:
sampled:
encapsulation:
ipv4_ipv6: <bool>
mpls: <bool>
sample: <int; 1-4294967295>
hardware_offload:
# Configure hardware offload for IPv4 traffic.
ipv4: <bool>
# Configure hardware offload for IPv6 traffic.
ipv6: <bool>
# Minimum number of samples.
threshold_minimum: <int; 1-4294967295>
trackers:
# Maximum number of entries in flow table.
- table_size: <int; 1-614400>
record_export:
# Export MPLS forwarding information.
mpls: <bool>
# Flow record inactive export timeout in milliseconds.
on_inactive_timeout: <int; 3000-900000>
# Flow record export interval in milliseconds.
on_interval: <int; 1000-36000000>
# Tracker Name.
name: <str; required; unique>
exporters:
# Exporter Name.
- name: <str; required; unique>
collector:
# Collector IPv4 address or IPv6 address or fully qualified domain name.
host: <str>
# Collector Port Number.
port: <int; 1-65535>
format:
ipfix_version: <int>
# Local Source Interface.
local_interface: <str>
# Template interval in milliseconds.
template_interval: <int; 5000-3600000>
shutdown: <bool; default=False>
hardware:
record:
# Enable software export of IPFIX data records.
format_ipfix_standard_timestamps_counters: <bool>
trackers:
# Tracker Name.
- name: <str; required; unique>
record_export:
# Flow record inactive export timeout in milliseconds.
on_inactive_timeout: <int; 3000-900000>
# Flow record export interval in milliseconds.
on_interval: <int; 1000-36000000>
exporters:
# Exporter Name.
- name: <str; required; unique>
collector:
# Collector IPv4 address or IPv6 address or fully qualified domain name.
host: <str>
# Collector Port Number.
port: <int; 1-65535>
format:
ipfix_version: <int>
# Local Source Interface.
local_interface: <str>
# Template interval in milliseconds.
template_interval: <int; 5000-3600000>
shutdown: <bool; default=False>
Load interval¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
load_interval | Dictionary | ||||
default | Integer | Default load interval in seconds. |
Logging¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
logging | Dictionary | ||||
console | String | Valid Values: - debugging - informational - notifications - warnings - errors - critical - alerts - emergencies - disabled |
Console logging severity level. | ||
monitor | String | Valid Values: - debugging - informational - notifications - warnings - errors - critical - alerts - emergencies - disabled |
Monitor logging severity level. | ||
buffered | Dictionary | ||||
size | Integer | Min: 10 Max: 2147483647 |
|||
level | String | Valid Values: - alerts - critical - debugging - emergencies - errors - informational - notifications - warnings - disabled |
Buffer logging severity level. | ||
repeat_messages | Boolean | Summarize concurrent repeat messages. | |||
trap | String | Valid Values: - alerts - critical - debugging - emergencies - errors - informational - notifications - system - warnings - disabled |
Trap logging severity level. | ||
synchronous | Dictionary | ||||
level | String | critical |
Valid Values: - alerts - all - critical - debugging - emergencies - errors - informational - notifications - warnings - disabled |
Synchronous logging severity level. | |
format | Dictionary | ||||
timestamp | String | Valid Values: - high-resolution - traditional - traditional timezone - traditional year - traditional timezone year - traditional year timezone |
Timestamp format. | ||
hostname | String | Valid Values: - fqdn - ipv4 |
Hostname format in syslogs. For hostname only, remove the line. (default EOS CLI behaviour). | ||
sequence_numbers | Boolean | Add sequence numbers to log messages. | |||
rfc5424 | Boolean | Forward logs in RFC5424 format. | |||
facility | String | Valid Values: - auth - cron - daemon - kern - local0 - local1 - local2 - local3 - local4 - local5 - local6 - local7 - lpr - mail - news - sys9 - sys10 - sys11 - sys12 - sys13 - sys14 - syslog - user - uucp |
|||
source_interface | String | Source Interface Name. | |||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF name. | ||
source_interface | String | Source interface name. | |||
hosts | List, items: Dictionary | ||||
- name | String | Required, Unique | Syslog server name. | ||
protocol | String | udp |
Valid Values: - tcp - udp |
||
ports | List, items: Integer | ||||
- <int> | Integer | ||||
policy | Dictionary | ||||
match | Dictionary | ||||
match_lists | List, items: Dictionary | ||||
- name | String | Required, Unique | Match list. | ||
action | String | Valid Values: - discard |
|||
event | Dictionary | ||||
congestion_drops_interval | Integer | Min: 1 Max: 65535 |
Logging interval in seconds. | ||
global_link_status | Boolean | ||||
storm_control | Dictionary | ||||
discards | Dictionary | ||||
global | Boolean | ||||
interval | Integer | Min: 10 Max: 65535 |
Logging interval in seconds. | ||
level | List, items: Dictionary | Configure logging severity. | |||
- facility | String | Required, Unique | |||
severity | String | Valid Values: - alerts - critical - debugging - emergencies - errors - informational - notifications - warnings - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 |
Severity of facility. Below are the supported severites. emergencies System is unusable (severity=0) alerts Immediate action needed (severity=1) critical Critical conditions (severity=2) errors Error conditions (severity=3) warnings Warning conditions (severity=4) notifications Normal but significant conditions (severity=5) informational Informational messages (severity=6) debugging Debugging messages (severity=7) <0-7> Severity level value |
logging:
# Console logging severity level.
console: <str; "debugging" | "informational" | "notifications" | "warnings" | "errors" | "critical" | "alerts" | "emergencies" | "disabled">
# Monitor logging severity level.
monitor: <str; "debugging" | "informational" | "notifications" | "warnings" | "errors" | "critical" | "alerts" | "emergencies" | "disabled">
buffered:
size: <int; 10-2147483647>
# Buffer logging severity level.
level: <str; "alerts" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "warnings" | "disabled">
# Summarize concurrent repeat messages.
repeat_messages: <bool>
# Trap logging severity level.
trap: <str; "alerts" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "system" | "warnings" | "disabled">
synchronous:
# Synchronous logging severity level.
level: <str; "alerts" | "all" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "warnings" | "disabled"; default="critical">
format:
# Timestamp format.
timestamp: <str; "high-resolution" | "traditional" | "traditional timezone" | "traditional year" | "traditional timezone year" | "traditional year timezone">
# Hostname format in syslogs. For hostname _only_, remove the line. (default EOS CLI behaviour).
hostname: <str; "fqdn" | "ipv4">
# Add sequence numbers to log messages.
sequence_numbers: <bool>
# Forward logs in RFC5424 format.
rfc5424: <bool>
facility: <str; "auth" | "cron" | "daemon" | "kern" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7" | "lpr" | "mail" | "news" | "sys9" | "sys10" | "sys11" | "sys12" | "sys13" | "sys14" | "syslog" | "user" | "uucp">
# Source Interface Name.
source_interface: <str>
vrfs:
# VRF name.
- name: <str; required; unique>
# Source interface name.
source_interface: <str>
hosts:
# Syslog server name.
- name: <str; required; unique>
protocol: <str; "tcp" | "udp"; default="udp">
ports:
- <int>
policy:
match:
match_lists:
# Match list.
- name: <str; required; unique>
action: <str; "discard">
event:
# Logging interval in seconds.
congestion_drops_interval: <int; 1-65535>
global_link_status: <bool>
storm_control:
discards:
global: <bool>
# Logging interval in seconds.
interval: <int; 10-65535>
# Configure logging severity.
level:
- facility: <str; required; unique>
# Severity of facility. Below are the supported severites.
# emergencies System is unusable (severity=0)
# alerts Immediate action needed (severity=1)
# critical Critical conditions (severity=2)
# errors Error conditions (severity=3)
# warnings Warning conditions (severity=4)
# notifications Normal but significant conditions (severity=5)
# informational Informational messages (severity=6)
# debugging Debugging messages (severity=7)
# <0-7> Severity level value
severity: <str; "alerts" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "warnings" | "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7">
Management API gNMI¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
management_api_gnmi | Dictionary | ||||
provider | String | eos-native |
|||
transport | Dictionary | ||||
grpc | List, items: Dictionary | ||||
- name | String | Required, Unique | Transport name. | ||
ssl_profile | String | SSL profile name. | |||
vrf | String | VRF name is optional. | |||
notification_timestamp | String | Valid Values: - send-time - last-change-time |
Per the gNMI specification, the default timestamp field of a notification message is set to be the time at which the value of the underlying data source changes or when the reported event takes place. In order to facilitate integration in legacy environments oriented around polling style operations, an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F. |
||
ip_access_group | String | ACL name. | |||
port | Integer | GNMI port. Make sure to update the control-plane ACL accordingly in order for the service to be reachable by external applications. |
|||
grpc_tunnels | List, items: Dictionary | ||||
- name | String | Required, Unique | Transport name. | ||
shutdown | Boolean | Operational status of the gRPC tunnel. | |||
tunnel_ssl_profile | String | Tunnel SSL profile name. | |||
gnmi_ssl_profile | String | gNMI SSL profile name. | |||
vrf | String | VRF name. | |||
destination | Dictionary | ||||
address | String | Required | IP address or hostname. | ||
port | Integer | Required | Min: 1 Max: 65535 |
TCP Port. | |
local_interface | Dictionary | ||||
name | String | Required | Interface name. | ||
port | Integer | Required | Min: 1 Max: 65535 |
TCP Port. | |
target | Dictionary | ||||
use_serial_number | Boolean | Use serial number as the Target ID. | |||
target_ids | List, items: String | Target IDs as a list. |
|||
- <str> | String | ||||
enable_vrfs removed | List | This key was removed. Support was removed in AVD version 5.0.0. Use transport.grpc instead. | |||
octa removed | Dictionary | This key was removed. Support was removed in AVD version 5.0.0. Use provider instead. |
management_api_gnmi:
provider: <str; default="eos-native">
transport:
grpc:
# Transport name.
- name: <str; required; unique>
# SSL profile name.
ssl_profile: <str>
# VRF name is optional.
vrf: <str>
# Per the gNMI specification, the default timestamp field of a notification message is set to be
# the time at which the value of the underlying data source changes or when the reported event takes place.
# In order to facilitate integration in legacy environments oriented around polling style operations,
# an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F.
notification_timestamp: <str; "send-time" | "last-change-time">
# ACL name.
ip_access_group: <str>
# GNMI port.
# Make sure to update the control-plane ACL accordingly in order for the service to be reachable by external applications.
port: <int>
grpc_tunnels:
# Transport name.
- name: <str; required; unique>
# Operational status of the gRPC tunnel.
shutdown: <bool>
# Tunnel SSL profile name.
tunnel_ssl_profile: <str>
# gNMI SSL profile name.
gnmi_ssl_profile: <str>
# VRF name.
vrf: <str>
destination:
# IP address or hostname.
address: <str; required>
# TCP Port.
port: <int; 1-65535; required>
local_interface:
# Interface name.
name: <str; required>
# TCP Port.
port: <int; 1-65535; required>
target:
# Use serial number as the Target ID.
use_serial_number: <bool>
# Target IDs as a list.
target_ids:
- <str>
Monitor connectivity¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
monitor_connectivity | Dictionary | ||||
shutdown | Boolean | ||||
interval | Integer | ||||
interface_sets | List, items: Dictionary | ||||
- name | String | ||||
interfaces | String | Interface range(s) should be of same type, Ethernet, Loopback, Management etc. Multiple interface ranges can be specified separated by “,”. |
|||
local_interfaces | String | ||||
address_only | Boolean | True |
When address-only is configured, the source IP of the packet is set to the interface IP but the packet may exit the device via a different interface. When set to false , the probe uses the interface to exit the device. |
||
hosts | List, items: Dictionary | ||||
- name | String | Required, Unique | Host Name. | ||
description | String | ||||
ip | String | ||||
local_interfaces | String | ||||
address_only | Boolean | True |
When address-only is configured, the source IP of the packet is set to the interface IP but the packet may exit the device via a different interface. When set to false , the probe uses the interface to exit the device. |
||
url | String | ||||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF Name. | ||
description | String | ||||
interface_sets | List, items: Dictionary | ||||
- name | String | ||||
interfaces | String | ||||
local_interfaces | String | ||||
address_only | Boolean | True |
When address-only is configured, the source IP of the packet is set to the interface IP but the packet may exit the device via a different interface. When set to false , the probe uses the interface to exit the device. |
||
hosts | List, items: Dictionary | ||||
- name | String | Required, Unique | Host name. | ||
description | String | ||||
ip | String | ||||
local_interfaces | String | ||||
address_only | Boolean | True |
When address-only is configured, the source IP of the packet is set to the interface IP but the packet may exit the device via a different interface. When set to false , the probe uses the interface to exit the device. |
||
url | String |
monitor_connectivity:
shutdown: <bool>
interval: <int>
interface_sets:
- name: <str>
# Interface range(s) should be of same type, Ethernet, Loopback, Management etc.
# Multiple interface ranges can be specified separated by ",".
interfaces: <str>
local_interfaces: <str>
# When address-only is configured, the source IP of the packet is set to the interface
# IP but the packet may exit the device via a different interface.
# When set to `false`, the probe uses the interface to exit the device.
address_only: <bool; default=True>
hosts:
# Host Name.
- name: <str; required; unique>
description: <str>
ip: <str>
local_interfaces: <str>
# When address-only is configured, the source IP of the packet is set to the interface
# IP but the packet may exit the device via a different interface.
# When set to `false`, the probe uses the interface to exit the device.
address_only: <bool; default=True>
url: <str>
vrfs:
# VRF Name.
- name: <str; required; unique>
description: <str>
interface_sets:
- name: <str>
interfaces: <str>
local_interfaces: <str>
# When address-only is configured, the source IP of the packet is set to the interface
# IP but the packet may exit the device via a different interface.
# When set to `false`, the probe uses the interface to exit the device.
address_only: <bool; default=True>
hosts:
# Host name.
- name: <str; required; unique>
description: <str>
ip: <str>
local_interfaces: <str>
# When address-only is configured, the source IP of the packet is set to the interface
# IP but the packet may exit the device via a different interface.
# When set to `false`, the probe uses the interface to exit the device.
address_only: <bool; default=True>
url: <str>
Monitor sessions¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
monitor_session_default_encapsulation_gre | Dictionary | ||||
payload | String | Valid Values: - full-packet - inner-packet |
Mirroring GRE payload type configuration commands. | ||
monitor_sessions | List, items: Dictionary | ||||
- name | String | Required | Session Name. | ||
sources | List, items: Dictionary | ||||
- name | String | Interface name, range or comma separated list. | |||
direction | String | Valid Values: - rx - tx - both |
|||
access_group | Dictionary | ||||
type | String | Valid Values: - ip - ipv6 - mac |
|||
name | String | ACL Name. | |||
priority | Integer | ||||
destinations | List, items: String | ||||
- <str> | String | ‘cpu’ or interface name, range or comma separated list. | |||
encapsulation_gre_metadata_tx | Boolean | ||||
header_remove_size | Integer | Number of bytes to remove from header. | |||
access_group | Dictionary | ||||
type | String | Valid Values: - ip - ipv6 - mac |
|||
name | String | ACL Name. | |||
rate_limit_per_ingress_chip | String | Ratelimit and unit as string. Examples: “100000 bps” “100 kbps” “10 mbps” |
|||
rate_limit_per_egress_chip | String | Ratelimit and unit as string. Examples: “100000 bps” “100 kbps” “10 mbps” |
|||
sample | Integer | ||||
truncate | Dictionary | ||||
enabled | Boolean | ||||
size | Integer | Size in bytes. |
monitor_session_default_encapsulation_gre:
# Mirroring GRE payload type configuration commands.
payload: <str; "full-packet" | "inner-packet">
monitor_sessions:
# Session Name.
- name: <str; required>
sources:
# Interface name, range or comma separated list.
- name: <str>
direction: <str; "rx" | "tx" | "both">
access_group:
type: <str; "ip" | "ipv6" | "mac">
# ACL Name.
name: <str>
priority: <int>
destinations:
# 'cpu' or interface name, range or comma separated list.
- <str>
encapsulation_gre_metadata_tx: <bool>
# Number of bytes to remove from header.
header_remove_size: <int>
access_group:
type: <str; "ip" | "ipv6" | "mac">
# ACL Name.
name: <str>
# Ratelimit and unit as string.
# Examples:
# "100000 bps"
# "100 kbps"
# "10 mbps"
rate_limit_per_ingress_chip: <str>
# Ratelimit and unit as string.
# Examples:
# "100000 bps"
# "100 kbps"
# "10 mbps"
rate_limit_per_egress_chip: <str>
sample: <int>
truncate:
enabled: <bool>
# Size in bytes.
size: <int>
Monitor layer 1¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
monitor_layer1 | Dictionary | Enable SYSLOG messages on transceiver SMBus communication failures. | |||
enabled | Boolean | Required | Enable monitor layer1. | ||
logging_mac_fault | Boolean | Enable MAC fault logging. | |||
logging_transceiver | Dictionary | Configure transceiver monitoring logging. | |||
dom | Boolean | Enable transceiver Digital Optical Monitoring (DOM) logging. | |||
communication | Boolean | Enable transceiver SMBus fail and reset logging. | |||
enabled | Boolean | Some platforms support only the logging transceiver command. enabled key configures this command. |
# Enable SYSLOG messages on transceiver SMBus communication failures.
monitor_layer1:
# Enable monitor layer1.
enabled: <bool; required>
# Enable MAC fault logging.
logging_mac_fault: <bool>
# Configure transceiver monitoring logging.
logging_transceiver:
# Enable transceiver Digital Optical Monitoring (DOM) logging.
dom: <bool>
# Enable transceiver SMBus fail and reset logging.
communication: <bool>
# Some platforms support only the `logging transceiver` command. `enabled` key configures this command.
enabled: <bool>
Monitor telemetry¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
monitor_telemetry_influx | Dictionary | ||||
vrf | String | ||||
destinations | List, items: Dictionary | Configure telemetry output destinations. | |||
- name | String | Required, Unique | InfluxDB connection name. | ||
database | String | Set name of the database. | |||
data_retention_policy | String | ||||
url | String | Pattern: (http(s)?|udp|unix)://.+ |
It only accepts http(s), udp and unix domain destination URL. | ||
username | String | ||||
password | String | ||||
password_type | String | 7 |
Valid Values: - 0 - 7 - 8a |
||
source_group_standard_disabled | Boolean | Disable standard set of telemetry. | |||
source_sockets | List, items: Dictionary | ||||
- name | String | Required, Unique | Label of the socket connection. | ||
connection_limit | Integer | Min: 0 Max: 4294967295 |
|||
url | String | Pattern: (http(s)?|udp|unix)://.+ |
It only accepts http(s), udp and unix domain socket URL. | ||
tags | List, items: Dictionary | Extra tags added to the telemetry output. | |||
- name | String | Required, Unique | Key of the global tag pair. | ||
value | String | Required | Value of the global tag pair. | ||
monitor_telemetry_postcard_policy | Dictionary | ||||
disabled | Boolean | True |
Enable or disable the postcard telemetry feature. | ||
ingress | Dictionary | ||||
collection | Dictionary | Collector configuration. | |||
source | String | Source IP address of GRE tunnel. | |||
destination | String | Destination IP address of GRE tunnel. | |||
version | Integer | Valid Values: - 1 - 2 |
Postcard version. | ||
sample | Dictionary | Sampling parameters. | |||
rate | Integer | Valid Values: - 16384 - 32768 - 65536 |
Sampling rate. rate is preferred when both rate and tcp_udp_checksum are defined. |
||
tcp_udp_checksum | Dictionary | TCP/UDP parameters. | |||
value | Integer | Min: 0 Max: 65535 |
TCP/UDP checksum or IP ID value. | ||
mask | String | 16 bit hexadecimal mask for TCP/UDP or IP ID with atmost 2 unset bits. | |||
marker_vxlan | Dictionary | ||||
enabled | Boolean | Enable vxlan marking using default bit 0. | |||
header_word_zero_bit | Integer | Min: 1 Max: 31 |
|||
profiles | List, items: Dictionary | Postcard telemetry profiles. | |||
- name | String | Required, Unique | Profile name. | ||
ingress_sample_policy | String | ||||
sample_policies | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
match_rules | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
type | String | Required | Valid Values: - ipv4 - ipv6 |
IP address version. | |
destination_prefix | String | IPv4 Network/Mask or IPv6 Network/Mask. Host part of prefix must be zero. eg. 10.3.3.0/24 |
|||
source_prefix | String | IPv4 Network/Mask or IPv6 Network/Mask. Host part of prefix must be zero. eg. 10.3.3.0/24 |
|||
protocols | List, items: Dictionary | ||||
- protocol | String | Required, Unique | Valid Values: - tcp - udp |
||
source_ports | List, items: String | A list of port numbers or port range or port name. Combination of port numbers or range and port name is not supported on EOS. The port numbers should be in range of 0-65535. e.g. [ “12”, “14-20” ] [ “www” ] |
|||
- <str> | String | ||||
destination_ports | List, items: String | A list of port numbers or port range or port name. Combination of port numbers or range and port name is not supported on EOS. The port numbers should be in range of 0-65535. e.g. [ “12”, “14-20”, “80” ] [ “https” ] |
|||
- <str> | String |
monitor_telemetry_influx:
vrf: <str>
# Configure telemetry output destinations.
destinations:
# InfluxDB connection name.
- name: <str; required; unique>
# Set name of the database.
database: <str>
data_retention_policy: <str>
# It only accepts http(s), udp and unix domain destination URL.
url: <str>
username: <str>
password: <str>
password_type: <str; "0" | "7" | "8a"; default="7">
# Disable standard set of telemetry.
source_group_standard_disabled: <bool>
source_sockets:
# Label of the socket connection.
- name: <str; required; unique>
connection_limit: <int; 0-4294967295>
# It only accepts http(s), udp and unix domain socket URL.
url: <str>
# Extra tags added to the telemetry output.
tags:
# Key of the global tag pair.
- name: <str; required; unique>
# Value of the global tag pair.
value: <str; required>
monitor_telemetry_postcard_policy:
# Enable or disable the postcard telemetry feature.
disabled: <bool; default=True>
ingress:
# Collector configuration.
collection:
# Source IP address of GRE tunnel.
source: <str>
# Destination IP address of GRE tunnel.
destination: <str>
# Postcard version.
version: <int; 1 | 2>
# Sampling parameters.
sample:
# Sampling rate. `rate` is preferred when both `rate` and `tcp_udp_checksum` are defined.
rate: <int; 16384 | 32768 | 65536>
# TCP/UDP parameters.
tcp_udp_checksum:
# TCP/UDP checksum or IP ID value.
value: <int; 0-65535>
# 16 bit hexadecimal mask for TCP/UDP or IP ID with atmost 2 unset bits.
mask: <str>
marker_vxlan:
# Enable vxlan marking using default bit 0.
enabled: <bool>
header_word_zero_bit: <int; 1-31>
# Postcard telemetry profiles.
profiles:
# Profile name.
- name: <str; required; unique>
ingress_sample_policy: <str>
sample_policies:
- name: <str; required; unique>
match_rules:
- name: <str; required; unique>
# IP address version.
type: <str; "ipv4" | "ipv6"; required>
# IPv4 Network/Mask or IPv6 Network/Mask. Host part of prefix must be zero.
# eg. 10.3.3.0/24
destination_prefix: <str>
# IPv4 Network/Mask or IPv6 Network/Mask. Host part of prefix must be zero.
# eg. 10.3.3.0/24
source_prefix: <str>
protocols:
- protocol: <str; "tcp" | "udp"; required; unique>
# A list of port numbers or port range or port name. Combination of port numbers or range and port name is not supported on EOS. The port numbers should be in range of 0-65535.
# e.g.
# [ "12", "14-20" ]
# [ "www" ]
source_ports:
- <str>
# A list of port numbers or port range or port name. Combination of port numbers or range and port name is not supported on EOS. The port numbers should be in range of 0-65535.
# e.g.
# [ "12", "14-20", "80" ]
# [ "https" ]
destination_ports:
- <str>
SFLOW¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
sflow | Dictionary | ||||
sample | Integer | ||||
sample_input_subinterface | Boolean | ||||
sample_output_subinterface | Boolean | ||||
dangerous | Boolean | ||||
polling_interval | Integer | Polling interval in seconds. | |||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
destinations | List, items: Dictionary | ||||
- destination | String | Required, Unique | Sflow Destination IP Address. | ||
port | Integer | Port Number | |||
source | String | Source IP Address. “source” and “source_interface” are mutually exclusive. If both are defined, “source_interface” takes precedence. |
|||
source_interface | String | Source Interface. | |||
destinations | List, items: Dictionary | ||||
- destination | String | Required, Unique | Sflow Destination IP Address. | ||
port | Integer | Port Number. | |||
source | String | Source IP Address. “source” and “source_interface” are mutually exclusive. If both are defined, “source_interface” takes precedence. |
|||
source_interface | String | Source Interface. | |||
extensions | List, items: Dictionary | ||||
- name | String | Required, Unique | Extension Name. | ||
enabled | Boolean | Required | Enable or Disable Extension. | ||
interface | Dictionary | ||||
disable | Dictionary | ||||
default | Boolean | ||||
egress | Dictionary | ||||
enable_default | Boolean | Enable egress sFlow by default. |
|||
unmodified | Boolean | Enable egress sFlow unmodified. Platform dependent feature. |
|||
run | Boolean | ||||
hardware_acceleration | Dictionary | ||||
enabled | Boolean | ||||
sample | Integer | ||||
modules | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
enabled | Boolean | True |
sflow:
sample: <int>
sample_input_subinterface: <bool>
sample_output_subinterface: <bool>
dangerous: <bool>
# Polling interval in seconds.
polling_interval: <int>
vrfs:
- name: <str; required; unique>
destinations:
# Sflow Destination IP Address.
- destination: <str; required; unique>
# Port Number
port: <int>
# Source IP Address.
# "source" and "source_interface" are mutually exclusive. If both are defined, "source_interface" takes precedence.
source: <str>
# Source Interface.
source_interface: <str>
destinations:
# Sflow Destination IP Address.
- destination: <str; required; unique>
# Port Number.
port: <int>
# Source IP Address.
# "source" and "source_interface" are mutually exclusive. If both are defined, "source_interface" takes precedence.
source: <str>
# Source Interface.
source_interface: <str>
extensions:
# Extension Name.
- name: <str; required; unique>
# Enable or Disable Extension.
enabled: <bool; required>
interface:
disable:
default: <bool>
egress:
# Enable egress sFlow by default.
enable_default: <bool>
# Enable egress sFlow unmodified.
# Platform dependent feature.
unmodified: <bool>
run: <bool>
hardware_acceleration:
enabled: <bool>
sample: <int>
modules:
- name: <str; required; unique>
enabled: <bool; default=True>
SNMP server¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
snmp_server | Dictionary | SNMP settings. | |||
engine_ids | Dictionary | ||||
local | String | Engine ID in hexadecimal. |
|||
remotes | List, items: Dictionary | ||||
- id | String | Remote engine ID in hexadecimal. |
|||
address | String | Hostname or IP of remote engine. |
|||
udp_port | Integer | ||||
contact | String | SNMP contact. | |||
location | String | SNMP location. | |||
communities | List, items: Dictionary | ||||
- name | String | Required, Unique | Community name. | ||
access | String | Valid Values: - ro - rw |
|||
access_list_ipv4 | Dictionary | ||||
name | String | IPv4 access list name. | |||
access_list_ipv6 | Dictionary | ||||
name | String | IPv6 access list name. | |||
view | String | ||||
ipv4_acls | List, items: Dictionary | ||||
- name | String | IPv4 access list name. | |||
vrf | String | ||||
ipv6_acls | List, items: Dictionary | ||||
- name | String | IPv6 access list name. | |||
vrf | String | ||||
local_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | Interface name. | ||
vrf | String | ||||
views | List, items: Dictionary | ||||
- name | String | SNMP view name. | |||
mib_family_name | String | ||||
included | Boolean | ||||
MIB_family_name removed | String | This key was removed. Support was removed in AVD version 5.0.0. Use mib_family_name instead. | |||
groups | List, items: Dictionary | ||||
- name | String | Group name. | |||
version | String | Valid Values: - v1 - v2c - v3 |
|||
authentication | String | Valid Values: - auth - noauth - priv |
|||
read | String | Read view. | |||
write | String | Write view. | |||
notify | String | Notify view. | |||
users | List, items: Dictionary | ||||
- name | String | Username. | |||
group | String | Group name. | |||
remote_address | String | Hostname or ip of remote engine. The remote_address and udp_port are used for remote users. |
|||
udp_port | Integer | udp_port will not be used if no remote_address is configured. |
|||
version | String | Valid Values: - v1 - v2c - v3 |
|||
localized | String | Engine ID in hexadecimal for localizing auth and/or priv. |
|||
auth | String | Hash algorithm. |
|||
auth_passphrase | String | Hashed authentication passphrase if localized is used else cleartext authentication passphrase. |
|||
priv | String | Encryption algorithm. |
|||
priv_passphrase | String | Hashed privacy passphrase if localized is used else cleartext privacy passphrase. |
|||
hosts | List, items: Dictionary | ||||
- host | String | Host IP address or name. | |||
vrf | String | ||||
version | String | Valid Values: - 1 - 2c - 3 |
|||
community | String | Community name. | |||
users | List, items: Dictionary | ||||
- username | String | ||||
authentication_level | String | Valid Values: - auth - noauth - priv |
|||
traps | Dictionary | ||||
enable | Boolean | False |
Enable or disable all snmp-traps. |
||
snmp_traps | List, items: Dictionary | ||||
- name | String | Enable or disable specific snmp-traps and their sub_traps. Examples: - “bgp” - “bgp established” |
|||
enabled | Boolean | True |
|||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF name. | ||
enable | Boolean | ||||
ifmib_ifspeed_shape_rate | Boolean | SNMP ifspeed reflecting shaping rate. |
# SNMP settings.
snmp_server:
engine_ids:
# Engine ID in hexadecimal.
local: <str>
remotes:
# Remote engine ID in hexadecimal.
- id: <str>
# Hostname or IP of remote engine.
address: <str>
udp_port: <int>
# SNMP contact.
contact: <str>
# SNMP location.
location: <str>
communities:
# Community name.
- name: <str; required; unique>
access: <str; "ro" | "rw">
access_list_ipv4:
# IPv4 access list name.
name: <str>
access_list_ipv6:
# IPv6 access list name.
name: <str>
view: <str>
ipv4_acls:
# IPv4 access list name.
- name: <str>
vrf: <str>
ipv6_acls:
# IPv6 access list name.
- name: <str>
vrf: <str>
local_interfaces:
# Interface name.
- name: <str; required; unique>
vrf: <str>
views:
# SNMP view name.
- name: <str>
mib_family_name: <str>
included: <bool>
groups:
# Group name.
- name: <str>
version: <str; "v1" | "v2c" | "v3">
authentication: <str; "auth" | "noauth" | "priv">
# Read view.
read: <str>
# Write view.
write: <str>
# Notify view.
notify: <str>
users:
# Username.
- name: <str>
# Group name.
group: <str>
# Hostname or ip of remote engine.
# The remote_address and udp_port are used for remote users.
remote_address: <str>
# udp_port will not be used if no remote_address is configured.
udp_port: <int>
version: <str; "v1" | "v2c" | "v3">
# Engine ID in hexadecimal for localizing auth and/or priv.
localized: <str>
# Hash algorithm.
auth: <str>
# Hashed authentication passphrase if localized is used else cleartext authentication passphrase.
auth_passphrase: <str>
# Encryption algorithm.
priv: <str>
# Hashed privacy passphrase if localized is used else cleartext privacy passphrase.
priv_passphrase: <str>
hosts:
# Host IP address or name.
- host: <str>
vrf: <str>
version: <str; "1" | "2c" | "3">
# Community name.
community: <str>
users:
- username: <str>
authentication_level: <str; "auth" | "noauth" | "priv">
traps:
# Enable or disable all snmp-traps.
enable: <bool; default=False>
snmp_traps:
# Enable or disable specific snmp-traps and their sub_traps.
# Examples:
# - "bgp"
# - "bgp established"
- name: <str>
enabled: <bool; default=True>
vrfs:
# VRF name.
- name: <str; required; unique>
enable: <bool>
# SNMP ifspeed reflecting shaping rate.
ifmib_ifspeed_shape_rate: <bool>
Tap aggregation¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
tap_aggregation | Dictionary | ||||
mode | Dictionary | ||||
exclusive | Dictionary | ||||
enabled | Boolean | ||||
profile | String | Profile Name. | |||
no_errdisable | List, items: String | ||||
- <str> | String | Interface name e.g Ethernet1, Port-Channel1. | |||
encapsulation_dot1br_strip | Boolean | ||||
encapsulation_vn_tag_strip | Boolean | ||||
protocol_lldp_trap | Boolean | ||||
truncation_size | Integer | Allowed truncation_size values vary depending on the platform. |
|||
mac | Dictionary | ||||
timestamp | Dictionary | mac.timestamp.replace_source_mac and mac.timestamp.header.format are mutually exclsuive. If both are defined, replace_source_mac takes precedence. |
|||
replace_source_mac | Boolean | ||||
header | Dictionary | ||||
format | String | Valid Values: - 48-bit - 64-bit |
|||
eth_type | Integer | EtherType. | |||
fcs_append | Boolean | mac.fcs_append and mac.fcs_error are mutually exclusive. If both are defined, mac.fcs_append takes precedence. |
|||
fcs_error | String | Valid Values: - correct - discard - pass-through |
tap_aggregation:
mode:
exclusive:
enabled: <bool>
# Profile Name.
profile: <str>
no_errdisable:
# Interface name e.g Ethernet1, Port-Channel1.
- <str>
encapsulation_dot1br_strip: <bool>
encapsulation_vn_tag_strip: <bool>
protocol_lldp_trap: <bool>
# Allowed truncation_size values vary depending on the platform.
truncation_size: <int>
mac:
# mac.timestamp.replace_source_mac and mac.timestamp.header.format are mutually exclsuive. If both are defined, replace_source_mac takes precedence.
timestamp:
replace_source_mac: <bool>
header:
format: <str; "48-bit" | "64-bit">
# EtherType.
eth_type: <int>
# mac.fcs_append and mac.fcs_error are mutually exclusive. If both are defined, mac.fcs_append takes precedence.
fcs_append: <bool>
fcs_error: <str; "correct" | "discard" | "pass-through">
VM tracer-sessions¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
vmtracer_sessions | List, items: Dictionary | ||||
- name | String | Required, Unique | Vmtracer Session Name. | ||
url | String | ||||
username | String | ||||
password | String | Type 7 Password Hash. | |||
autovlan_disable | Boolean | ||||
source_interface | String |
Multicast¶
IP IGMP snooping¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_igmp_snooping | Dictionary | ||||
globally_enabled | Boolean | True |
Activate or deactivate IGMP snooping for all vlans where vlans allows user to activate / deactivate IGMP snooping per vlan. |
||
robustness_variable | Integer | ||||
restart_query_interval | Integer | ||||
interface_restart_query | Integer | ||||
fast_leave | Boolean | ||||
querier | Dictionary | ||||
enabled | Boolean | ||||
address | String | IP Address. | |||
query_interval | Integer | ||||
max_response_time | Integer | ||||
last_member_query_interval | Integer | ||||
last_member_query_count | Integer | ||||
startup_query_interval | Integer | ||||
startup_query_count | Integer | ||||
version | Integer | ||||
proxy | Boolean | ||||
vlans | List, items: Dictionary | ||||
- id | Integer | Required, Unique | VLAN ID. | ||
enabled | Boolean | ||||
querier | Dictionary | ||||
enabled | Boolean | ||||
address | String | IP Address. | |||
query_interval | Integer | ||||
max_response_time | Integer | ||||
last_member_query_interval | Integer | ||||
last_member_query_count | Integer | ||||
startup_query_interval | Integer | ||||
startup_query_count | Integer | ||||
version | Integer | ||||
max_groups | Integer | ||||
fast_leave | Boolean | ||||
proxy | Boolean | Global proxy settings should be enabled before enabling per-vlan. |
ip_igmp_snooping:
# Activate or deactivate IGMP snooping for all vlans where `vlans` allows user to activate / deactivate IGMP snooping per vlan.
globally_enabled: <bool; default=True>
robustness_variable: <int>
restart_query_interval: <int>
interface_restart_query: <int>
fast_leave: <bool>
querier:
enabled: <bool>
# IP Address.
address: <str>
query_interval: <int>
max_response_time: <int>
last_member_query_interval: <int>
last_member_query_count: <int>
startup_query_interval: <int>
startup_query_count: <int>
version: <int>
proxy: <bool>
vlans:
# VLAN ID.
- id: <int; required; unique>
enabled: <bool>
querier:
enabled: <bool>
# IP Address.
address: <str>
query_interval: <int>
max_response_time: <int>
last_member_query_interval: <int>
last_member_query_count: <int>
startup_query_interval: <int>
startup_query_count: <int>
version: <int>
max_groups: <int>
fast_leave: <bool>
# Global proxy settings should be enabled before enabling per-vlan.
proxy: <bool>
Router IGMP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_igmp | Dictionary | ||||
host_proxy_match_mroute | String | Valid Values: - all - iif |
Specify conditions for sending IGMP joins for host-proxy. ‘iif’ will enable igmp host-proxy to work in iif aware. ‘all’ will enable igmp host-proxy to work in iif unaware mode (EOS default). |
||
ssm_aware | Boolean | ||||
vrfs | List, items: Dictionary | Configure IGMP in a VRF. VRF ‘default’ is not supported in EOS, please see keys directly under ‘router_igmp’. |
|||
- name | String | Required, Unique | VRF name. | ||
host_proxy_match_mroute | String | Valid Values: - all - iif |
Specify conditions for sending IGMP joins for host-proxy. ‘iif’ will enable igmp host-proxy to work in iif aware. ‘all’ will enable igmp host-proxy to work in iif unaware mode (EOS default). |
router_igmp:
# Specify conditions for sending IGMP joins for host-proxy.
# 'iif' will enable igmp host-proxy to work in iif aware.
# 'all' will enable igmp host-proxy to work in iif unaware mode (EOS default).
host_proxy_match_mroute: <str; "all" | "iif">
ssm_aware: <bool>
# Configure IGMP in a VRF.
# VRF 'default' is not supported in EOS, please see keys directly under 'router_igmp'.
vrfs:
# VRF name.
- name: <str; required; unique>
# Specify conditions for sending IGMP joins for host-proxy.
# 'iif' will enable igmp host-proxy to work in iif aware.
# 'all' will enable igmp host-proxy to work in iif unaware mode (EOS default).
host_proxy_match_mroute: <str; "all" | "iif">
Router MSDP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_msdp | Dictionary | ||||
originator_id_local_interface | String | Interface to use for originator ID. | |||
rejected_limit | Integer | Min: 0 Max: 40000 |
Maximum number of rejected SA messages allowed in cache. | ||
forward_register_packets | Boolean | ||||
connection_retry_interval | Integer | Min: 1 Max: 65535 |
|||
group_limits | List, items: Dictionary | ||||
- source_prefix | String | Required, Unique | Source address prefix. | ||
limit | Integer | Required | Min: 0 Max: 40000 |
Limit for SAs matching the source address prefix. | |
peers | List, items: Dictionary | ||||
- ipv4_address | String | Required, Unique | Peer IP Address. | ||
default_peer | Dictionary | ||||
enabled | Boolean | ||||
prefix_list | String | Prefix list to filter source of SA messages. | |||
local_interface | String | ||||
description | String | ||||
disabled | Boolean | Disable the MSDP peer. | |||
sa_limit | Integer | Min: 0 Max: 40000 |
Maximum number of SA messages allowed in cache. | ||
mesh_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Mesh group name. | ||
keepalive | Dictionary | ||||
keepalive_timer | Integer | Required | Min: 1 Max: 65535 |
||
hold_timer | Integer | Required | Min: 1 Max: 65535 |
Must be greater than keepalive timer. | |
sa_filter | Dictionary | ||||
in_list | String | ACL to filter inbound SA messages. | |||
out_list | String | ACL to filter outbound SA messages. | |||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF name. | ||
originator_id_local_interface | String | Interface to use for originator ID. | |||
rejected_limit | Integer | Min: 0 Max: 40000 |
Maximum number of rejected SA messages allowed in cache. | ||
forward_register_packets | Boolean | ||||
connection_retry_interval | Integer | Min: 1 Max: 65535 |
|||
group_limits | List, items: Dictionary | ||||
- source_prefix | String | Required, Unique | Source address prefix. | ||
limit | Integer | Required | Min: 0 Max: 40000 |
Limit for SAs matching the source address prefix. | |
peers | List, items: Dictionary | ||||
- ipv4_address | String | Required, Unique | Peer IP Address. | ||
default_peer | Dictionary | ||||
enabled | Boolean | ||||
prefix_list | String | Prefix list to filter source of SA messages. | |||
local_interface | String | ||||
description | String | ||||
disabled | Boolean | Disable the MSDP peer. | |||
sa_limit | Integer | Min: 0 Max: 40000 |
Maximum number of SA messages allowed in cache. | ||
mesh_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Mesh group name. | ||
keepalive | Dictionary | ||||
keepalive_timer | Integer | Required | Min: 1 Max: 65535 |
||
hold_timer | Integer | Required | Min: 1 Max: 65535 |
Must be greater than keepalive timer. | |
sa_filter | Dictionary | ||||
in_list | String | ACL to filter inbound SA messages. | |||
out_list | String | ACL to filter outbound SA messages. |
router_msdp:
# Interface to use for originator ID.
originator_id_local_interface: <str>
# Maximum number of rejected SA messages allowed in cache.
rejected_limit: <int; 0-40000>
forward_register_packets: <bool>
connection_retry_interval: <int; 1-65535>
group_limits:
# Source address prefix.
- source_prefix: <str; required; unique>
# Limit for SAs matching the source address prefix.
limit: <int; 0-40000; required>
peers:
# Peer IP Address.
- ipv4_address: <str; required; unique>
default_peer:
enabled: <bool>
# Prefix list to filter source of SA messages.
prefix_list: <str>
local_interface: <str>
description: <str>
# Disable the MSDP peer.
disabled: <bool>
# Maximum number of SA messages allowed in cache.
sa_limit: <int; 0-40000>
mesh_groups:
# Mesh group name.
- name: <str; required; unique>
keepalive:
keepalive_timer: <int; 1-65535; required>
# Must be greater than keepalive timer.
hold_timer: <int; 1-65535; required>
sa_filter:
# ACL to filter inbound SA messages.
in_list: <str>
# ACL to filter outbound SA messages.
out_list: <str>
vrfs:
# VRF name.
- name: <str; required; unique>
# Interface to use for originator ID.
originator_id_local_interface: <str>
# Maximum number of rejected SA messages allowed in cache.
rejected_limit: <int; 0-40000>
forward_register_packets: <bool>
connection_retry_interval: <int; 1-65535>
group_limits:
# Source address prefix.
- source_prefix: <str; required; unique>
# Limit for SAs matching the source address prefix.
limit: <int; 0-40000; required>
peers:
# Peer IP Address.
- ipv4_address: <str; required; unique>
default_peer:
enabled: <bool>
# Prefix list to filter source of SA messages.
prefix_list: <str>
local_interface: <str>
description: <str>
# Disable the MSDP peer.
disabled: <bool>
# Maximum number of SA messages allowed in cache.
sa_limit: <int; 0-40000>
mesh_groups:
# Mesh group name.
- name: <str; required; unique>
keepalive:
keepalive_timer: <int; 1-65535; required>
# Must be greater than keepalive timer.
hold_timer: <int; 1-65535; required>
sa_filter:
# ACL to filter inbound SA messages.
in_list: <str>
# ACL to filter outbound SA messages.
out_list: <str>
Router multicast¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_multicast | Dictionary | ||||
ipv4 | Dictionary | ||||
activity_polling_interval | Integer | Min: 1 Max: 60 |
MFIB entry activity polling interval. | ||
counters | Dictionary | ||||
rate_period_decay | Integer | Min: 0 Max: 600 |
Rate in seconds. | ||
routing | Boolean | ||||
multipath | String | Valid Values: - none - deterministic - deterministic color - deterministic router-id |
|||
software_forwarding | String | Valid Values: - kernel - sfe |
|||
rpf | Dictionary | ||||
routes | List, items: Dictionary | ||||
- source_prefix | String | Required | Source address A.B.C.D or Source prefix A.B.C.D/E. | ||
destinations | List, items: Dictionary | Required | |||
- nexthop | String | Required | Next-hop IP address or interface name. | ||
distance | Integer | Min: 1 Max: 255 |
Administrative distance for this route. | ||
ipv6 | Dictionary | ||||
activity_polling_interval | Integer | Min: 1 Max: 60 |
MFIB entry activity polling interval. | ||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
ipv4 | Dictionary | ||||
routing | Boolean |
router_multicast:
ipv4:
# MFIB entry activity polling interval.
activity_polling_interval: <int; 1-60>
counters:
# Rate in seconds.
rate_period_decay: <int; 0-600>
routing: <bool>
multipath: <str; "none" | "deterministic" | "deterministic color" | "deterministic router-id">
software_forwarding: <str; "kernel" | "sfe">
rpf:
routes:
# Source address A.B.C.D or Source prefix A.B.C.D/E.
- source_prefix: <str; required>
destinations: # required
# Next-hop IP address or interface name.
- nexthop: <str; required>
# Administrative distance for this route.
distance: <int; 1-255>
ipv6:
# MFIB entry activity polling interval.
activity_polling_interval: <int; 1-60>
vrfs:
- name: <str; required; unique>
ipv4:
routing: <bool>
Router PIM sparse-mode¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_pim_sparse_mode | Dictionary | ||||
ipv4 | Dictionary | ||||
bfd | Boolean | Enable/Disable BFD. | |||
ssm_range | String | IPv4 Prefix associated with SSM. | |||
rp_addresses | List, items: Dictionary | ||||
- address | String | Required | RP Address. | ||
groups | List, items: String | ||||
- <str> | String | ||||
access_lists | List, items: String | ||||
- <str> | String | ||||
priority | Integer | Min: 0 Max: 255 |
|||
hashmask | Integer | Min: 0 Max: 32 |
|||
override | Boolean | ||||
anycast_rps | List, items: Dictionary | ||||
- address | String | Required, Unique | Anycast RP Address. | ||
other_anycast_rp_addresses | List, items: Dictionary | ||||
- address | String | Required, Unique | Other Anycast RP Address. | ||
register_count | Integer | ||||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF Name. | ||
ipv4 | Dictionary | ||||
bfd | Boolean | Enable/Disable BFD. | |||
rp_addresses | List, items: Dictionary | ||||
- address | String | Required | RP Address. | ||
groups | List, items: String | ||||
- <str> | String | ||||
access_lists | List, items: String | ||||
- <str> | String | ||||
priority | Integer | Min: 0 Max: 255 |
|||
hashmask | Integer | Min: 0 Max: 32 |
|||
override | Boolean |
router_pim_sparse_mode:
ipv4:
# Enable/Disable BFD.
bfd: <bool>
# IPv4 Prefix associated with SSM.
ssm_range: <str>
rp_addresses:
# RP Address.
- address: <str; required>
groups:
- <str>
access_lists:
- <str>
priority: <int; 0-255>
hashmask: <int; 0-32>
override: <bool>
anycast_rps:
# Anycast RP Address.
- address: <str; required; unique>
other_anycast_rp_addresses:
# Other Anycast RP Address.
- address: <str; required; unique>
register_count: <int>
vrfs:
# VRF Name.
- name: <str; required; unique>
ipv4:
# Enable/Disable BFD.
bfd: <bool>
rp_addresses:
# RP Address.
- address: <str; required>
groups:
- <str>
access_lists:
- <str>
priority: <int; 0-255>
hashmask: <int; 0-32>
override: <bool>
Quality of Service¶
Priority flow control¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
priority_flow_control | Dictionary | Global Priority Flow Control settings. |
|||
all_off | Boolean | Disable PFC on all interfaces. |
|||
watchdog | Dictionary | ||||
action | String | Valid Values: - drop - no-drop |
Action on stuck queue. |
||
timeout | String | Pattern: ^\d+(\.\d{1,2})?$ |
Timeout in seconds after which port should be errdisabled or should start dropping on congested priorities. This should be decimal with up to 2 decimal point. Example: 0.01 or 60 |
||
polling_interval | String | Pattern: ^\d+(\.\d{1,3})?$ |
Time interval in seconds at which the watchdog should poll the queues. This should be decimal with up to 3 decimal point. Example: 0.005 or 60 |
||
recovery_time | String | Pattern: ^\d+(\.\d{1,2})?$ |
Recovery-time in seconds after which stuck queue should recover and start forwarding again. This should be decimal with up to 2 decimal point. Example: 0.01 or 60 |
||
override_action_drop | Boolean | Override configured action on stuck queue to drop. |
# Global Priority Flow Control settings.
priority_flow_control:
# Disable PFC on all interfaces.
all_off: <bool>
watchdog:
# Action on stuck queue.
action: <str; "drop" | "no-drop">
# Timeout in seconds after which port should be errdisabled or
# should start dropping on congested priorities.
# This should be decimal with up to 2 decimal point.
# Example: 0.01 or 60
timeout: <str>
# Time interval in seconds at which the watchdog should poll the queues.
# This should be decimal with up to 3 decimal point.
# Example: 0.005 or 60
polling_interval: <str>
# Recovery-time in seconds after which stuck queue should
# recover and start forwarding again.
# This should be decimal with up to 2 decimal point.
# Example: 0.01 or 60
recovery_time: <str>
# Override configured action on stuck queue to drop.
override_action_drop: <bool>
QoS¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
qos | Dictionary | ||||
map | Dictionary | ||||
cos | List, items: String | ||||
- <str> | String | Example: “0 1 to traffic-class 1” |
|||
dscp | List, items: String | ||||
- <str> | String | Example: “8 9 10 to traffic-class 1” |
|||
exp | List, items: String | ||||
- <str> | String | Example “0 to traffic-class 0” |
|||
traffic_class | List, items: String | ||||
- <str> | String | Example: “1 to dscp 32” |
|||
rewrite_dscp | Boolean | ||||
random_detect | Dictionary | Global random-detect settings. | |||
ecn | Dictionary | Global ECN Configuration. | |||
allow_non_ect | Dictionary | ||||
enabled | Boolean | Allow non-ect and set drop-precedence 1 in a policy map simultaneously. Check which command is required for your platform. |
|||
chip_based | Boolean | Allow non-ect chip-based. |
qos:
map:
cos:
# Example: "0 1 to traffic-class 1"
- <str>
dscp:
# Example: "8 9 10 to traffic-class 1"
- <str>
exp:
# Example "0 to traffic-class 0"
- <str>
traffic_class:
# Example: "1 to dscp 32"
- <str>
rewrite_dscp: <bool>
# Global random-detect settings.
random_detect:
# Global ECN Configuration.
ecn:
allow_non_ect:
# Allow non-ect and set drop-precedence 1 in a policy map simultaneously.
# Check which command is required for your platform.
enabled: <bool>
# Allow non-ect chip-based.
chip_based: <bool>
QoS profiles¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
qos_profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | Profile-Name. | ||
trust | String | Valid Values: - cos - dscp - disabled |
|||
cos | Integer | ||||
dscp | Integer | ||||
shape | Dictionary | ||||
rate | String | Supported options are platform dependent. Example: “< rate > kbps”, “1-100 percent”, “< rate > pps” |
|||
service_policy | Dictionary | ||||
type | Dictionary | ||||
qos_input | String | Policy-map name. | |||
tx_queues | List, items: Dictionary | ||||
- id | Integer | Required, Unique | TX-Queue ID. | ||
bandwidth_percent | Integer | ||||
bandwidth_guaranteed_percent | Integer | ||||
priority | String | Valid Values: - priority strict - no priority |
|||
shape | Dictionary | ||||
rate | String | Supported options are platform dependent. Example: “< rate > kbps”, “1-100 percent”, “< rate > pps” |
|||
comment | String | Text comment added to queue. | |||
random_detect | Dictionary | ||||
ecn | Dictionary | Explicit Congestion Notification. | |||
count | Boolean | Enable counter for random-detect ECNs. | |||
threshold | Dictionary | ||||
units | String | Required | Valid Values: - segments - bytes - kbytes - mbytes - milliseconds |
Units to be used for the threshold values. This should be one of segments, byte, kbytes, mbytes. |
|
min | Integer | Required | Min: 1 | Random-detect ECN minimum-threshold. | |
max | Integer | Required | Min: 1 | Random-detect ECN maximum-threshold. | |
max_probability | Integer | Min: 1 Max: 100 |
Random-detect ECN maximum mark probability. | ||
weight | Integer | Min: 0 Max: 15 |
Random-detect ECN weight. | ||
drop | Dictionary | Set WRED parameters. | |||
threshold | Dictionary | ||||
units | String | Required | Valid Values: - segments - bytes - kbytes - mbytes - microseconds - milliseconds |
Units to be used for the threshold values. | |
drop_precedence | Integer | Min: 0 Max: 2 |
Specify Drop Precedence value. | ||
min | Integer | Required | Min: 1 | WRED minimum-threshold. | |
max | Integer | Required | Min: 1 | WRED maximum-threshold. | |
drop_probability | Integer | Required | Min: 1 Max: 100 |
WRED drop probability. | |
weight | Integer | Min: 0 Max: 15 |
WRED weight. | ||
uc_tx_queues | List, items: Dictionary | ||||
- id | Integer | Required, Unique | UC TX queue ID. | ||
bandwidth_percent | Integer | ||||
bandwidth_guaranteed_percent | Integer | ||||
priority | String | Valid Values: - priority strict - no priority |
|||
shape | Dictionary | ||||
rate | String | Supported options are platform dependent. Example: “< rate > kbps”, “1-100 percent”, “< rate > pps” |
|||
comment | String | Text comment added to queue. | |||
random_detect | Dictionary | ||||
ecn | Dictionary | Explicit Congestion Notification. | |||
count | Boolean | Enable counter for random-detect ECNs. | |||
threshold | Dictionary | ||||
units | String | Required | Valid Values: - segments - bytes - kbytes - mbytes - milliseconds |
Unit to be used for the threshold values. | |
min | Integer | Required | Min: 1 | Random-detect ECN minimum-threshold. | |
max | Integer | Required | Min: 1 | Random-detect ECN maximum-threshold. | |
max_probability | Integer | Min: 1 Max: 100 |
Random-detect ECN maximum mark probability. | ||
weight | Integer | Min: 0 Max: 15 |
Random-detect ECN weight. | ||
drop | Dictionary | Set WRED parameters. | |||
threshold | Dictionary | ||||
units | String | Required | Valid Values: - segments - bytes - kbytes - mbytes - microseconds - milliseconds |
Units to be used for the threshold values. | |
drop_precedence | Integer | Min: 0 Max: 2 |
Specify Drop Precedence value. | ||
min | Integer | Required | Min: 1 | WRED minimum-threshold. | |
max | Integer | Required | Min: 1 | WRED maximum-threshold. | |
drop_probability | Integer | Required | Min: 1 Max: 100 |
WRED drop probability. | |
weight | Integer | Min: 0 Max: 15 |
WRED weight. | ||
mc_tx_queues | List, items: Dictionary | ||||
- id | Integer | Required, Unique | MC TX queue ID. | ||
bandwidth_percent | Integer | ||||
bandwidth_guaranteed_percent | Integer | ||||
priority | String | Valid Values: - priority strict - no priority |
|||
shape | Dictionary | ||||
rate | String | Supported options are platform dependent. Example: “< rate > kbps”, “1-100 percent”, “< rate > pps” |
|||
comment | String | Text comment added to queue. |
|||
priority_flow_control | Dictionary | Priority Flow Control settings. |
|||
enabled | Boolean | Enable Priority Flow control. |
|||
watchdog | Dictionary | Watchdog can detect stuck transmit queues. |
|||
enabled | Boolean | Required | Enable the watchdog on stuck transmit queues. |
||
action | String | Valid Values: - drop - notify-only |
Override the default error-disable action to either drop traffic on the stuck queue or notify-only without making any actions on the stuck queue. |
||
timer | Dictionary | Timer thresholds whilst monitoring queues. |
|||
timeout | String | Required | Pattern: ^\d+(\.\d{1,2})?$ |
Timeout in seconds after which port should be errdisabled or should start dropping on congested priorities. This should be decimal with up to 2 decimal point. Example: 0.01 or 60 |
|
polling_interval | String | Required | Pattern: ^auto|\d+(\.\d{1,3})?$ |
Time interval in seconds at which the watchdog should poll the queues. This should be decimal with up to 3 decimal point or set to ‘auto’ based on recovery_time and timeout values. Example: 0.005 or 60 |
|
recovery_time | String | Required | Pattern: ^\d+(\.\d{1,2})?$ |
Recovery-time in seconds after which stuck queue should recover and start forwarding again. This should be decimal with up to 2 decimal point. Example: 0.01 or 60 |
|
forced | Boolean | Force recover any stuck queue(s) after the duration, irrespective of whether PFC frames are being received or not. |
|||
priorities | List, items: Dictionary | Set the drop/no_drop on each queue. |
|||
- priority | Integer | Required, Unique | Min: 0 Max: 7 |
Priority queue number (COS value). |
|
no_drop | Boolean | Required | Enable Priority Flow Control frames on this queue. |
qos_profiles:
# Profile-Name.
- name: <str; required; unique>
trust: <str; "cos" | "dscp" | "disabled">
cos: <int>
dscp: <int>
shape:
# Supported options are platform dependent.
# Example: "< rate > kbps", "1-100 percent", "< rate > pps"
rate: <str>
service_policy:
type:
# Policy-map name.
qos_input: <str>
tx_queues:
# TX-Queue ID.
- id: <int; required; unique>
bandwidth_percent: <int>
bandwidth_guaranteed_percent: <int>
priority: <str; "priority strict" | "no priority">
shape:
# Supported options are platform dependent.
# Example: "< rate > kbps", "1-100 percent", "< rate > pps"
rate: <str>
# Text comment added to queue.
comment: <str>
random_detect:
# Explicit Congestion Notification.
ecn:
# Enable counter for random-detect ECNs.
count: <bool>
threshold:
# Units to be used for the threshold values.
# This should be one of segments, byte, kbytes, mbytes.
units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>
# Random-detect ECN minimum-threshold.
min: <int; >=1; required>
# Random-detect ECN maximum-threshold.
max: <int; >=1; required>
# Random-detect ECN maximum mark probability.
max_probability: <int; 1-100>
# Random-detect ECN weight.
weight: <int; 0-15>
# Set WRED parameters.
drop:
threshold:
# Units to be used for the threshold values.
units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "microseconds" | "milliseconds"; required>
# Specify Drop Precedence value.
drop_precedence: <int; 0-2>
# WRED minimum-threshold.
min: <int; >=1; required>
# WRED maximum-threshold.
max: <int; >=1; required>
# WRED drop probability.
drop_probability: <int; 1-100; required>
# WRED weight.
weight: <int; 0-15>
uc_tx_queues:
# UC TX queue ID.
- id: <int; required; unique>
bandwidth_percent: <int>
bandwidth_guaranteed_percent: <int>
priority: <str; "priority strict" | "no priority">
shape:
# Supported options are platform dependent.
# Example: "< rate > kbps", "1-100 percent", "< rate > pps"
rate: <str>
# Text comment added to queue.
comment: <str>
random_detect:
# Explicit Congestion Notification.
ecn:
# Enable counter for random-detect ECNs.
count: <bool>
threshold:
# Unit to be used for the threshold values.
units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>
# Random-detect ECN minimum-threshold.
min: <int; >=1; required>
# Random-detect ECN maximum-threshold.
max: <int; >=1; required>
# Random-detect ECN maximum mark probability.
max_probability: <int; 1-100>
# Random-detect ECN weight.
weight: <int; 0-15>
# Set WRED parameters.
drop:
threshold:
# Units to be used for the threshold values.
units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "microseconds" | "milliseconds"; required>
# Specify Drop Precedence value.
drop_precedence: <int; 0-2>
# WRED minimum-threshold.
min: <int; >=1; required>
# WRED maximum-threshold.
max: <int; >=1; required>
# WRED drop probability.
drop_probability: <int; 1-100; required>
# WRED weight.
weight: <int; 0-15>
mc_tx_queues:
# MC TX queue ID.
- id: <int; required; unique>
bandwidth_percent: <int>
bandwidth_guaranteed_percent: <int>
priority: <str; "priority strict" | "no priority">
shape:
# Supported options are platform dependent.
# Example: "< rate > kbps", "1-100 percent", "< rate > pps"
rate: <str>
# Text comment added to queue.
comment: <str>
# Priority Flow Control settings.
priority_flow_control:
# Enable Priority Flow control.
enabled: <bool>
# Watchdog can detect stuck transmit queues.
watchdog:
# Enable the watchdog on stuck transmit queues.
enabled: <bool; required>
# Override the default error-disable action to either drop
# traffic on the stuck queue or notify-only
# without making any actions on the stuck queue.
action: <str; "drop" | "notify-only">
# Timer thresholds whilst monitoring queues.
timer:
# Timeout in seconds after which port should be errdisabled or
# should start dropping on congested priorities.
# This should be decimal with up to 2 decimal point.
# Example: 0.01 or 60
timeout: <str; required>
# Time interval in seconds at which the watchdog should poll the queues.
# This should be decimal with up to 3 decimal point or set
# to 'auto' based on recovery_time and timeout values.
# Example: 0.005 or 60
polling_interval: <str; required>
# Recovery-time in seconds after which stuck queue should
# recover and start forwarding again.
# This should be decimal with up to 2 decimal point.
# Example: 0.01 or 60
recovery_time: <str; required>
# Force recover any stuck queue(s) after the duration,
# irrespective of whether PFC frames are being
# received or not.
forced: <bool>
# Set the drop/no_drop on each queue.
priorities:
# Priority queue number (COS value).
- priority: <int; 0-7; required; unique>
# Enable Priority Flow Control frames on this queue.
no_drop: <bool; required>
Queue monitor-length¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
queue_monitor_length | Dictionary | ||||
enabled | Boolean | Required | |||
default_thresholds | Dictionary | ||||
high | Integer | Required | Default high threshold for Ethernet Interfaces. |
||
low | Integer | Default low threshold for Ethernet Interfaces. Low threshold support is platform dependent. |
|||
log | Integer | Logging interval in seconds. | |||
notifying | Boolean | Should only be used for platforms supporting the “queue-monitor length notifying” CLI. | |||
cpu | Dictionary | ||||
thresholds | Dictionary | ||||
high | Integer | Required | |||
low | Integer | ||||
tx_latency | Boolean | Enable tx-latency mode. |
queue_monitor_length:
enabled: <bool; required>
default_thresholds:
# Default high threshold for Ethernet Interfaces.
high: <int; required>
# Default low threshold for Ethernet Interfaces.
# Low threshold support is platform dependent.
low: <int>
# Logging interval in seconds.
log: <int>
# Should only be used for platforms supporting the "queue-monitor length notifying" CLI.
notifying: <bool>
cpu:
thresholds:
high: <int; required>
low: <int>
# Enable tx-latency mode.
tx_latency: <bool>
Queue monitor-streaming¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
queue_monitor_streaming | Dictionary | ||||
enable | Boolean | ||||
ip_access_group | String | Name of IP ACL. | |||
ipv6_access_group | String | Name of IPv6 ACL. | |||
max_connections | Integer | Min: 1 Max: 100 |
|||
vrf | String |
Application traffic recognition¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
application_traffic_recognition | Dictionary | Application traffic recognition configuration. | |||
categories | List, items: Dictionary | List of categories. | |||
- name | String | Required, Unique | Category name. | ||
applications | List, items: Dictionary | List of applications. | |||
- name | String | Application name. | |||
service | String | Valid Values: - audio-video - chat - default - file-transfer - networking-protocols - peer-to-peer - software-update |
Service Name. Specific service to target for this application. If no service is specified, all supported services of the application are matched. Not all valid values are valid for all applications, check on EOS CLI. |
||
field_sets | Dictionary | ||||
l4_ports | List, items: Dictionary | L4 port field-set. | |||
- name | String | Required, Unique | L4 port field-set name. | ||
port_values | List, items: String | ||||
- <str> | String | Port values or range of port values. Port values are between 0 and 65535. |
|||
ipv4_prefixes | List, items: Dictionary | IPv4 prefix field set. | |||
- name | String | Required, Unique | IPv4 prefix field-set name. | ||
prefix_values | List, items: String | ||||
- <str> | String | IP prefix (ex 1.2.3.0/24). | |||
applications | Dictionary | ||||
ipv4_applications | List, items: Dictionary | List of user defined IPv4 applications. The name should be unique over all defined applications (ipv4 and l4). | |||
- name | String | Required, Unique | Application name. | ||
src_prefix_set_name | String | Source prefix set name. | |||
dest_prefix_set_name | String | Destination prefix set name. | |||
dscp_ranges | List, items: String | Accept DSCP value(s) or range(s). DSCP values can be between 0 and 63. Other valid values are cs0 to cs7, af11-13, af21-23, af31-33, af41-af43 and ef. Note: The values are not sorted so the list items need to be supplied in the right order to match the CLI if required. |
|||
- <str> | String | Pattern: ^(?:cs[1-7]|af[1-4][1-3]|ef|(?:(?:,|,\s|^)(?:\d|[1-5]\d|6[0-3])(?:-(?:\d|[1-5]\d|6[0-3]))?)+)$ |
DSCP value or range syntax. | ||
protocols | List, items: String | List of protocols to consider for this application. To use port field-sets (source, destination or both), the list must contain only one or two protocols, either tcp or udp .When using both protocols, one line is rendered for each in the configuration, hence the field-sets must have the same value for tcp_src_port_set_name andudp_src_port_set_name and for tcp_dest_port_set_name and udp_dest_port_set_name if set in order to generate valid configuration in EOS. |
|||
- <str> | String | Valid Values: - ahp - esp - icmp - igmp - ospf - pim - rsvp - tcp - udp - vrrp |
|||
protocol_ranges | List, items: String | Accept protocol value(s) or range(s). Protocol values can be between 1 and 255. |
|||
- <str> | String | ||||
udp_src_port_set_name | String | Name of field set for UDP source ports. When the protocols list contain both tcp and udp , this key valuemust be the same as tcp_src_port_set_name . |
|||
tcp_src_port_set_name | String | Name of field set for TCP source ports. When the protocols list contain both tcp and udp , this key valuemust be the same as udp_src_port_set_name . |
|||
udp_dest_port_set_name | String | Name of field set for UDP destination ports. When the protocols list contain both tcp and udp , this key valuemust be the same as tcp_dest_port_set_name . |
|||
tcp_dest_port_set_name | String | Name of field set for TCP destination ports. When the protocols list contain both tcp and udp , this key valuemust be the same as udp_dest_port_set_name . |
|||
l4_applications | List, items: Dictionary | List of user defined L4 applications. The name should be unique over all defined applications (ipv4 and l4). | |||
- name | String | Required, Unique | Application name. | ||
protocols | List, items: String | List of protocols to consider for this application. To use port field-sets (source, destination or both), the list must contain only one or two protocols, either tcp or udp .When using both protocols, one line is rendered for each in the configuration, hence the field-sets must have the same value for tcp_src_port_set_name andudp_src_port_set_name and for tcp_dest_port_set_name and udp_dest_port_set_name if set in order to generate valid configuration in EOS. |
|||
- <str> | String | Valid Values: - ahp - esp - icmp - igmp - ospf - pim - rsvp - tcp - udp - vrrp |
|||
protocol_ranges | List, items: String | Accept protocol value(s) or range(s). Protocol values can be between 1 and 255. |
|||
- <str> | String | ||||
udp_src_port_set_name | String | Name of field set for UDP source ports. When the protocols list contain both tcp and udp , this key valuemust be the same as tcp_src_port_set_name . |
|||
tcp_src_port_set_name | String | Name of field set for TCP source ports. When the protocols list contain both tcp and udp , this key valuemust be the same as udp_src_port_set_name . |
|||
udp_dest_port_set_name | String | Name of field set for UDP destination ports. When the protocols list contain both tcp and udp , this key valuemust be the same as tcp_dest_port_set_name . |
|||
tcp_dest_port_set_name | String | Name of field set for TCP destination ports. When the protocols list contain both tcp and udp , this key valuemust be the same as udp_dest_port_set_name . |
|||
application_profiles | List, items: Dictionary | Group of applications. | |||
- name | String | Application Profile name. | |||
applications | List, items: Dictionary | List of applications part of the application profile. | |||
- name | String | Application Name. | |||
service | String | Valid Values: - audio-video - chat - default - file-transfer - networking-protocols - peer-to-peer - software-update |
Service Name. Specific service to target for this application. If no service is specified, all supported services of the application are matched. Not all valid values are valid for all applications, check on EOS CLI. |
||
application_transports | List, items: String | List of transport protocols. | |||
- <str> | String | Valid Values: - http - https - udp - tcp - ip - ip6 - ssl - rtp - sctp - quic |
Transport name. | ||
categories | List, items: Dictionary | Categories under this application profile. | |||
- name | String | Name of a category. | |||
service | String | Valid Values: - audio-video - chat - default - file-transfer - networking-protocols - peer-to-peer - software-update |
Service Name. Specific service to target for this application. If no service is specified, all supported services of the application are matched. Not all valid values are valid for all applications, check on EOS CLI. |
# Application traffic recognition configuration.
application_traffic_recognition:
# List of categories.
categories:
# Category name.
- name: <str; required; unique>
# List of applications.
applications:
# Application name.
- name: <str>
# Service Name.
# Specific service to target for this application.
# If no service is specified, all supported services of the application are matched.
# Not all valid values are valid for all applications, check on EOS CLI.
service: <str; "audio-video" | "chat" | "default" | "file-transfer" | "networking-protocols" | "peer-to-peer" | "software-update">
field_sets:
# L4 port field-set.
l4_ports:
# L4 port field-set name.
- name: <str; required; unique>
port_values:
# Port values or range of port values.
# Port values are between 0 and 65535.
- <str>
# IPv4 prefix field set.
ipv4_prefixes:
# IPv4 prefix field-set name.
- name: <str; required; unique>
prefix_values:
# IP prefix (ex 1.2.3.0/24).
- <str>
applications:
# List of user defined IPv4 applications. The name should be unique over all defined applications (ipv4 and l4).
ipv4_applications:
# Application name.
- name: <str; required; unique>
# Source prefix set name.
src_prefix_set_name: <str>
# Destination prefix set name.
dest_prefix_set_name: <str>
# Accept DSCP value(s) or range(s).
# DSCP values can be between 0 and 63.
# Other valid values are cs0 to cs7, af11-13, af21-23, af31-33, af41-af43 and ef.
# Note: The values are not sorted so the list items need to be supplied in the right order to match the CLI if required.
dscp_ranges:
# DSCP value or range syntax.
- <str>
# List of protocols to consider for this application.
# To use port field-sets (source, destination or both), the list
# must contain only one or two protocols, either `tcp` or `udp`.
# When using both protocols, one line is rendered for each in the configuration,
# hence the field-sets must have the same value for `tcp_src_port_set_name` and
# `udp_src_port_set_name` and for `tcp_dest_port_set_name` and `udp_dest_port_set_name`
# if set in order to generate valid configuration in EOS.
protocols:
- <str; "ahp" | "esp" | "icmp" | "igmp" | "ospf" | "pim" | "rsvp" | "tcp" | "udp" | "vrrp">
# Accept protocol value(s) or range(s).
# Protocol values can be between 1 and 255.
protocol_ranges:
- <str>
# Name of field set for UDP source ports.
# When the `protocols` list contain both `tcp` and `udp`, this key value
# must be the same as `tcp_src_port_set_name`.
udp_src_port_set_name: <str>
# Name of field set for TCP source ports.
# When the `protocols` list contain both `tcp` and `udp`, this key value
# must be the same as `udp_src_port_set_name`.
tcp_src_port_set_name: <str>
# Name of field set for UDP destination ports.
# When the `protocols` list contain both `tcp` and `udp`, this key value
# must be the same as `tcp_dest_port_set_name`.
udp_dest_port_set_name: <str>
# Name of field set for TCP destination ports.
# When the `protocols` list contain both `tcp` and `udp`, this key value
# must be the same as `udp_dest_port_set_name`.
tcp_dest_port_set_name: <str>
# List of user defined L4 applications. The name should be unique over all defined applications (ipv4 and l4).
l4_applications:
# Application name.
- name: <str; required; unique>
# List of protocols to consider for this application.
# To use port field-sets (source, destination or both), the list
# must contain only one or two protocols, either `tcp` or `udp`.
# When using both protocols, one line is rendered for each in the configuration,
# hence the field-sets must have the same value for `tcp_src_port_set_name` and
# `udp_src_port_set_name` and for `tcp_dest_port_set_name` and `udp_dest_port_set_name`
# if set in order to generate valid configuration in EOS.
protocols:
- <str; "ahp" | "esp" | "icmp" | "igmp" | "ospf" | "pim" | "rsvp" | "tcp" | "udp" | "vrrp">
# Accept protocol value(s) or range(s).
# Protocol values can be between 1 and 255.
protocol_ranges:
- <str>
# Name of field set for UDP source ports.
# When the `protocols` list contain both `tcp` and `udp`, this key value
# must be the same as `tcp_src_port_set_name`.
udp_src_port_set_name: <str>
# Name of field set for TCP source ports.
# When the `protocols` list contain both `tcp` and `udp`, this key value
# must be the same as `udp_src_port_set_name`.
tcp_src_port_set_name: <str>
# Name of field set for UDP destination ports.
# When the `protocols` list contain both `tcp` and `udp`, this key value
# must be the same as `tcp_dest_port_set_name`.
udp_dest_port_set_name: <str>
# Name of field set for TCP destination ports.
# When the `protocols` list contain both `tcp` and `udp`, this key value
# must be the same as `udp_dest_port_set_name`.
tcp_dest_port_set_name: <str>
# Group of applications.
application_profiles:
# Application Profile name.
- name: <str>
# List of applications part of the application profile.
applications:
# Application Name.
- name: <str>
# Service Name.
# Specific service to target for this application.
# If no service is specified, all supported services of the application are matched.
# Not all valid values are valid for all applications, check on EOS CLI.
service: <str; "audio-video" | "chat" | "default" | "file-transfer" | "networking-protocols" | "peer-to-peer" | "software-update">
# List of transport protocols.
application_transports:
# Transport name.
- <str; "http" | "https" | "udp" | "tcp" | "ip" | "ip6" | "ssl" | "rtp" | "sctp" | "quic">
# Categories under this application profile.
categories:
# Name of a category.
- name: <str>
# Service Name.
# Specific service to target for this application.
# If no service is specified, all supported services of the application are matched.
# Not all valid values are valid for all applications, check on EOS CLI.
service: <str; "audio-video" | "chat" | "default" | "file-transfer" | "networking-protocols" | "peer-to-peer" | "software-update">
Routing¶
ARP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
arp | Dictionary | ||||
persistent | Dictionary | ||||
enabled | Boolean | Required | Restore the ARP cache after reboot. | ||
refresh_delay | Integer | Min: 600 Max: 3600 |
Time to wait in seconds before refreshing the ARP cache after reboot (EOS default 600). | ||
aging | Dictionary | ||||
timeout_default | Integer | Min: 60 Max: 65535 |
Timeout in seconds. | ||
static_entries | List, items: Dictionary | Static ARP entries. | |||
- ipv4_address | String | Required | ARP entry IPv4 address. | ||
vrf | String | ARP entry VRF. | |||
mac_address | String | Required | Pattern: ^[0-9A-Fa-f]{4}\.[0-9A-Fa-f]{4}\.[0-9A-Fa-f]{4}$ |
ARP entry MAC address. |
arp:
persistent:
# Restore the ARP cache after reboot.
enabled: <bool; required>
# Time to wait in seconds before refreshing the ARP cache after reboot (EOS default 600).
refresh_delay: <int; 600-3600>
aging:
# Timeout in seconds.
timeout_default: <int; 60-65535>
# Static ARP entries.
static_entries:
# ARP entry IPv4 address.
- ipv4_address: <str; required>
# ARP entry VRF.
vrf: <str>
# ARP entry MAC address.
mac_address: <str; required>
DHCP relay¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
dhcp_relay | Dictionary | ||||
servers | List, items: String | ||||
- <str> | String | Server IP or Hostname. | |||
tunnel_requests_disabled | Boolean | ||||
mlag_peerlink_requests_disabled | Boolean |
IP DHCP relay¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_dhcp_relay | Dictionary | ||||
always_on | Boolean | DhcpRelay Agent will be in always-on mode. | |||
all_subnets | Boolean | Allow forwarding requests with secondary IP addresses in the gateway address “giaddr” field. | |||
information_option | Boolean | Insert Option-82 information. |
IP DHCP Snooping¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_dhcp_snooping | Dictionary | ||||
enabled | Boolean | ||||
bridging | Boolean | ||||
information_option | Dictionary | ||||
enabled | Boolean | Enable insertion of option-82 in DHCP request packets. | |||
circuit_id_type | String | “none” or <0 - 255>. | |||
circuit_id_format | String | Valid Values: - %h:%p - %p:%v |
Required if circuit_id_type is set.- “%h:%p” Hostname and interface name - “%p:%v” Interface name and VLAN ID |
||
vlan | String | VLAN range as string. “< vlan_id >, < vlan_id >-< vlan_id >” Example: 15,16,17,18 |
ip_dhcp_snooping:
enabled: <bool>
bridging: <bool>
information_option:
# Enable insertion of option-82 in DHCP request packets.
enabled: <bool>
# "none" or <0 - 255>.
circuit_id_type: <str>
# Required if `circuit_id_type` is set.
# - "%h:%p" Hostname and interface name
# - "%p:%v" Interface name and VLAN ID
circuit_id_format: <str; "%h:%p" | "%p:%v">
# VLAN range as string.
# "< vlan_id >, < vlan_id >-< vlan_id >"
# Example: 15,16,17,18
vlan: <str>
DHCP Servers¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
dhcp_servers | List, items: Dictionary | ||||
- disabled | Boolean | ||||
vrf | String | Required, Unique | VRF in which to configure the DHCP server, use default to indicate default VRF. |
||
lease_time_ipv4 | Dictionary | ||||
days | Integer | Required | Min: 0 Max: 2000 |
||
hours | Integer | Required | Min: 0 Max: 23 |
||
minutes | Integer | Required | Min: 0 Max: 59 |
||
lease_time_ipv6 | Dictionary | ||||
days | Integer | Required | Min: 0 Max: 2000 |
||
hours | Integer | Required | Min: 0 Max: 23 |
||
minutes | Integer | Required | Min: 0 Max: 59 |
||
dns_domain_name_ipv4 | String | ||||
dns_domain_name_ipv6 | String | ||||
dns_servers_ipv4 | List, items: String | Min Length: 1 | List of DNS servers for IPv4 clients. | ||
- <str> | String | Required | IPv4 address of DNS server. | ||
dns_servers_ipv6 | List, items: String | Min Length: 1 | List of DNS servers for IPv6 clients. | ||
- <str> | String | Required | IPv6 address of DNS server. | ||
tftp_server | Dictionary | ||||
file_ipv4 | String | Min Length: 1 Max Length: 255 |
Name of TFTP file for IPv4 clients. | ||
file_ipv6 | String | Min Length: 1 Max Length: 255 |
Name of TFTP file for IPv6 clients. | ||
ipv4_vendor_options | List, items: Dictionary | ||||
- vendor_id | String | Required, Unique | |||
sub_options | List, items: Dictionary | ||||
- code | Integer | Required, Unique | Min: 1 Max: 254 |
||
string | String | String value for suboption data. Only one of string , ipv4_address and array_ipv4_address variables should be used for any one suboption.The order of precedence if multiple of these variables are defined is string -> ipv4_address -> array_ipv4_address . |
|||
ipv4_address | String | IPv4 address value for suboption data. Only one of string , ipv4_address and array_ipv4_address variables should be used for any one suboption.The order of precedence if multiple of these variables are defined is string -> ipv4_address -> array_ipv4_address . |
|||
array_ipv4_address | List, items: String | Array of IPv4 addresses for suboption data. Only one of string , ipv4_address and array_ipv4_address variables should be used for any one suboption.The order of precedence if multiple of these variables are defined is string -> ipv4_address -> array_ipv4_address . |
|||
- <str> | String | ||||
subnets | List, items: Dictionary | ||||
- subnet | String | Required, Unique | IPv4/IPv6 subnet. | ||
name | String | ||||
default_gateway | String | ||||
dns_servers | List, items: String | ||||
- <str> | String | ||||
ranges | List, items: Dictionary | ||||
- start | String | Required | |||
end | String | Required | |||
lease_time | Dictionary | ||||
days | Integer | Required | Min: 0 Max: 2000 |
||
hours | Integer | Required | Min: 0 Max: 23 |
||
minutes | Integer | Required | Min: 0 Max: 59 |
||
reservations | List, items: Dictionary | DHCP client reservations. | |||
- mac_address | String | Required, Unique | Ethernet address in format - HHHH.HHHH.HHHH | ||
hostname | String | ||||
ipv4_address | String | Valid IPv4 address from the given subnet. This should only be used within an IPv4 subnet. |
|||
ipv6_address | String | Valid IPv6 address from the given subnet. This should only be used within an IPv6 subnet. |
|||
eos_cli | String | Multiline EOS CLI rendered directly on the dhcp server in the final EOS configuration. |
dhcp_servers:
- disabled: <bool>
# VRF in which to configure the DHCP server, use `default` to indicate default VRF.
vrf: <str; required; unique>
lease_time_ipv4:
days: <int; 0-2000; required>
hours: <int; 0-23; required>
minutes: <int; 0-59; required>
lease_time_ipv6:
days: <int; 0-2000; required>
hours: <int; 0-23; required>
minutes: <int; 0-59; required>
dns_domain_name_ipv4: <str>
dns_domain_name_ipv6: <str>
# List of DNS servers for IPv4 clients.
dns_servers_ipv4: # >=1 items
# IPv4 address of DNS server.
- <str; required>
# List of DNS servers for IPv6 clients.
dns_servers_ipv6: # >=1 items
# IPv6 address of DNS server.
- <str; required>
tftp_server:
# Name of TFTP file for IPv4 clients.
file_ipv4: <str; length 1-255>
# Name of TFTP file for IPv6 clients.
file_ipv6: <str; length 1-255>
ipv4_vendor_options:
- vendor_id: <str; required; unique>
sub_options:
- code: <int; 1-254; required; unique>
# String value for suboption data.
# Only one of `string`, `ipv4_address` and `array_ipv4_address` variables should be used for any one suboption.
# The order of precedence if multiple of these variables are defined is `string` -> `ipv4_address` -> `array_ipv4_address`.
string: <str>
# IPv4 address value for suboption data.
# Only one of `string`, `ipv4_address` and `array_ipv4_address` variables should be used for any one suboption.
# The order of precedence if multiple of these variables are defined is `string` -> `ipv4_address` -> `array_ipv4_address`.
ipv4_address: <str>
# Array of IPv4 addresses for suboption data.
# Only one of `string`, `ipv4_address` and `array_ipv4_address` variables should be used for any one suboption.
# The order of precedence if multiple of these variables are defined is `string` -> `ipv4_address` -> `array_ipv4_address`.
array_ipv4_address:
- <str>
subnets:
# IPv4/IPv6 subnet.
- subnet: <str; required; unique>
name: <str>
default_gateway: <str>
dns_servers:
- <str>
ranges:
- start: <str; required>
end: <str; required>
lease_time:
days: <int; 0-2000; required>
hours: <int; 0-23; required>
minutes: <int; 0-59; required>
# DHCP client reservations.
reservations:
# Ethernet address in format - HHHH.HHHH.HHHH
- mac_address: <str; required; unique>
hostname: <str>
# Valid IPv4 address from the given subnet.
# This should only be used within an IPv4 subnet.
ipv4_address: <str>
# Valid IPv6 address from the given subnet.
# This should only be used within an IPv6 subnet.
ipv6_address: <str>
# Multiline EOS CLI rendered directly on the dhcp server in the final EOS configuration.
eos_cli: <str>
IP ICMP redirect¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_icmp_redirect | Boolean |
IP NAT¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_nat | Dictionary | ||||
kernel_buffer_size | Integer | Min: 1 Max: 64 |
Buffer size in MB. | ||
profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
vrf | String | Specify VRF for NAT profile. | |||
destination | Dictionary | ||||
dynamic | List, items: Dictionary | ||||
- access_list | String | Required, Unique | |||
comment | String | ||||
pool_name | String | Required | |||
priority | Integer | Min: 0 Max: 4294967295 |
|||
static | List, items: Dictionary | ||||
- access_list | String | ‘access_list’ and ‘group’ are mutual exclusive. | |||
comment | String | ||||
direction | String | Valid Values: - egress - ingress |
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW. |
||
group | Integer | Min: 1 Max: 65535 |
‘access_list’ and ‘group’ are mutual exclusive. | ||
original_ip | String | IPv4 address. The combination of original_ip and original_port must be unique. |
|||
original_port | Integer | Min: 1 Max: 65535 |
TCP/UDP port. The combination of original_ip and original_port must be unique. |
||
priority | Integer | Min: 0 Max: 4294967295 |
|||
protocol | String | Valid Values: - udp - tcp |
|||
translated_ip | String | Required | IPv4 address. | ||
translated_port | Integer | Min: 1 Max: 65535 |
requires ‘original_port’. | ||
source | Dictionary | ||||
dynamic | List, items: Dictionary | ||||
- access_list | String | Required, Unique | |||
comment | String | ||||
nat_type | String | Required | Valid Values: - overload - pool - pool-address-only - pool-full-cone |
||
pool_name | String | required if ‘nat_type’ is pool, pool-address-only or pool-full-cone. ignored if ‘nat_type’ is overload. |
|||
priority | Integer | Min: 0 Max: 4294967295 |
|||
static | List, items: Dictionary | ||||
- access_list | String | ‘access_list’ and ‘group’ are mutual exclusive. | |||
comment | String | ||||
direction | String | Valid Values: - egress - ingress |
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW. |
||
group | Integer | Min: 1 Max: 65535 |
‘access_list’ and ‘group’ are mutual exclusive. | ||
original_ip | String | IPv4 address. The combination of original_ip and original_port must be unique. |
|||
original_port | Integer | Min: 1 Max: 65535 |
TCP/UDP port. The combination of original_ip and original_port must be unique. |
||
priority | Integer | Min: 0 Max: 4294967295 |
|||
protocol | String | Valid Values: - udp - tcp |
|||
translated_ip | String | Required | IPv4 address. | ||
translated_port | Integer | Min: 1 Max: 65535 |
requires ‘original_port’. | ||
pools | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
type | String | ip-port |
Valid Values: - ip-port - port-only |
||
prefix_length | Integer | Min: 16 Max: 32 |
It is only used and required when type is ip-port . |
||
ranges | List, items: Dictionary | ||||
- first_ip | String | IPv4 address. Required when type is ip-port and ignored otherwise. |
|||
last_ip | String | IPv4 address. Required when type is ip-port and ignored otherwise.first_ip and last_ip ip addresses should lie in same subnet. |
|||
first_port | Integer | Min: 1 Max: 65535 |
|||
last_port | Integer | Min: 1 Max: 65535 |
Required when first_port is set.last_port must be greater than or equal to first_port . |
||
utilization_log_threshold | Integer | Min: 1 Max: 100 |
|||
synchronization | Dictionary | ||||
description | String | ||||
expiry_interval | Integer | Min: 60 Max: 3600 |
In seconds. | ||
local_interface | String | EOS interface name. | |||
peer_address | String | IPv4 address. | |||
port_range | Dictionary | ||||
first_port | Integer | Min: 1024 Max: 65535 |
|||
last_port | Integer | Min: 1024 Max: 65535 |
>= first_port. | ||
split_disabled | Boolean | ||||
shutdown | Boolean | ||||
translation | Dictionary | ||||
address_selection | Dictionary | ||||
any | Boolean | ||||
hash_field_source_ip | Boolean | ||||
counters | Boolean | ||||
low_mark | Dictionary | ||||
percentage | Integer | Min: 1 Max: 99 |
Used to render ‘ip nat translation low-mark |
||
host_percentage | Integer | Min: 1 Max: 99 |
Used to render ‘ip nat translation low-mark |
||
max_entries | Dictionary | ||||
limit | Integer | Min: 0 Max: 4294967295 |
|||
host_limit | Integer | Min: 0 Max: 4294967295 |
|||
ip_limits | List, items: Dictionary | ||||
- ip | String | Required, Unique | IPv4 address. | ||
limit | Integer | Required | Min: 0 Max: 4294967295 |
||
timeouts | List, items: Dictionary | ||||
- protocol | String | Required, Unique | Valid Values: - tcp - udp |
||
timeout | Integer | Required | Min: 0 Max: 4294967295 |
In seconds. |
ip_nat:
# Buffer size in MB.
kernel_buffer_size: <int; 1-64>
profiles:
- name: <str; required; unique>
# Specify VRF for NAT profile.
vrf: <str>
destination:
dynamic:
- access_list: <str; required; unique>
comment: <str>
pool_name: <str; required>
priority: <int; 0-4294967295>
static:
# 'access_list' and 'group' are mutual exclusive.
- access_list: <str>
comment: <str>
# Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
# EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
direction: <str; "egress" | "ingress">
# 'access_list' and 'group' are mutual exclusive.
group: <int; 1-65535>
# IPv4 address. The combination of `original_ip` and `original_port` must be unique.
original_ip: <str>
# TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
original_port: <int; 1-65535>
priority: <int; 0-4294967295>
protocol: <str; "udp" | "tcp">
# IPv4 address.
translated_ip: <str; required>
# requires 'original_port'.
translated_port: <int; 1-65535>
source:
dynamic:
- access_list: <str; required; unique>
comment: <str>
nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>
# required if 'nat_type' is pool, pool-address-only or pool-full-cone.
# ignored if 'nat_type' is overload.
pool_name: <str>
priority: <int; 0-4294967295>
static:
# 'access_list' and 'group' are mutual exclusive.
- access_list: <str>
comment: <str>
# Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
# EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
direction: <str; "egress" | "ingress">
# 'access_list' and 'group' are mutual exclusive.
group: <int; 1-65535>
# IPv4 address. The combination of `original_ip` and `original_port` must be unique.
original_ip: <str>
# TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
original_port: <int; 1-65535>
priority: <int; 0-4294967295>
protocol: <str; "udp" | "tcp">
# IPv4 address.
translated_ip: <str; required>
# requires 'original_port'.
translated_port: <int; 1-65535>
pools:
- name: <str; required; unique>
type: <str; "ip-port" | "port-only"; default="ip-port">
# It is only used and required when `type` is `ip-port`.
prefix_length: <int; 16-32>
ranges:
# IPv4 address.
# Required when `type` is `ip-port` and ignored otherwise.
- first_ip: <str>
# IPv4 address.
# Required when `type` is `ip-port` and ignored otherwise.
# `first_ip` and `last_ip` ip addresses should lie in same subnet.
last_ip: <str>
first_port: <int; 1-65535>
# Required when `first_port` is set.
# `last_port` must be greater than or equal to `first_port`.
last_port: <int; 1-65535>
utilization_log_threshold: <int; 1-100>
synchronization:
description: <str>
# In seconds.
expiry_interval: <int; 60-3600>
# EOS interface name.
local_interface: <str>
# IPv4 address.
peer_address: <str>
port_range:
first_port: <int; 1024-65535>
# >= first_port.
last_port: <int; 1024-65535>
split_disabled: <bool>
shutdown: <bool>
translation:
address_selection:
any: <bool>
hash_field_source_ip: <bool>
counters: <bool>
low_mark:
# Used to render 'ip nat translation low-mark <percentage>'.
percentage: <int; 1-99>
# Used to render 'ip nat translation low-mark <host_percentage> host'.
host_percentage: <int; 1-99>
max_entries:
limit: <int; 0-4294967295>
host_limit: <int; 0-4294967295>
ip_limits:
# IPv4 address.
- ip: <str; required; unique>
limit: <int; 0-4294967295; required>
timeouts:
- protocol: <str; "tcp" | "udp"; required; unique>
# In seconds.
timeout: <int; 0-4294967295; required>
IP routing IPv6 interfaces¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_routing_ipv6_interfaces | Boolean |
IP routing¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_routing | Boolean |
IP virtual router MAC address¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_virtual_router_mac_address | String | MAC address (hh:hh:hh:hh:hh:hh). |
IPv6 DHCP relay¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ipv6_dhcp_relay | Dictionary | ||||
always_on | Boolean | DhcpRelay Agent will be in always-on mode, off by default. | |||
all_subnets | Boolean | Allow forwarding requests with additional IPv6 addresses in the gateway address “giaddr” field. | |||
option | Dictionary | Insert DHCP Option. | |||
link_layer_address | Boolean | Add Option 79 (Link Layer Address Option). | |||
remote_id_format | String | Valid Values: - %m:%i - %m:%p |
Add RemoteID option 37 in format MAC address and interface ID (%m:%i ) or MAC address and interface name (%m:%p ). |
ipv6_dhcp_relay:
# DhcpRelay Agent will be in always-on mode, off by default.
always_on: <bool>
# Allow forwarding requests with additional IPv6 addresses in the gateway address "giaddr" field.
all_subnets: <bool>
# Insert DHCP Option.
option:
# Add Option 79 (Link Layer Address Option).
link_layer_address: <bool>
# Add RemoteID option 37 in format MAC address and interface ID (`%m:%i`) or MAC address and interface name (`%m:%p`).
remote_id_format: <str; "%m:%i" | "%m:%p">
IPv6 ICMP redirects¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ipv6_icmp_redirect | Boolean |
IPv6 static routes¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ipv6_static_routes | List, items: Dictionary | ||||
- vrf | String | ||||
destination_address_prefix | String | IPv6 Network/Mask. | |||
interface | String | ||||
gateway | String | IPv6 Address. | |||
track_bfd | Boolean | Track next-hop using BFD. | |||
distance | Integer | Min: 1 Max: 255 |
|||
tag | Integer | Min: 0 Max: 4294967295 |
|||
name | String | Description. | |||
metric | Integer | Min: 0 Max: 4294967295 |
IPv6 unicast routing¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ipv6_unicast_routing | Boolean |
MPLS¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
mpls | Dictionary | ||||
ip | Boolean | ||||
ldp | Dictionary | ||||
interface_disabled_default | Boolean | ||||
router_id | String | ||||
shutdown | Boolean | ||||
transport_address_interface | String | Interface Name. | |||
icmp | Dictionary | Enables the LSRs to generate ICMP reply messages and deliver them to the originating host. | |||
fragmentation_needed_tunneling | Boolean | Enables the MPLS tunneling of MTU exceeded ICMP replies (fragmentation needed, packet too big). | |||
ttl_exceeded_tunneling | Boolean | Enables the MPLS tunneling of TTL exceeded ICMP replies. |
mpls:
ip: <bool>
ldp:
interface_disabled_default: <bool>
router_id: <str>
shutdown: <bool>
# Interface Name.
transport_address_interface: <str>
# Enables the LSRs to generate ICMP reply messages and deliver them to the originating host.
icmp:
# Enables the MPLS tunneling of MTU exceeded ICMP replies (fragmentation needed, packet too big).
fragmentation_needed_tunneling: <bool>
# Enables the MPLS tunneling of TTL exceeded ICMP replies.
ttl_exceeded_tunneling: <bool>
Router adaptive virtual topology¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_adaptive_virtual_topology | Dictionary | ||||
topology_role | String | Valid Values: - edge - pathfinder - transit region - transit zone |
Role name. | ||
gateway_vxlan | Boolean | Enables VXLAN gateway router profile. Only applicable for topology_role: edge , topology_role: transit region or topology_role: transit zone . |
|||
region | Dictionary | Region name and ID. | |||
name | String | Required | Pattern: ^[A-Za-z0-9_.:{}\[\]-]+$ |
||
id | Integer | Required | Min: 1 Max: 255 |
||
zone | Dictionary | Zone name and ID. | |||
name | String | Required | Pattern: ^[A-Za-z0-9_.:{}\[\]-]+$ |
||
id | Integer | Required | Min: 1 Max: 10000 |
||
site | Dictionary | Site name and ID. | |||
name | String | Required | Pattern: ^[A-Za-z0-9_.:{}\[\]-]+$ |
||
id | Integer | Required | Min: 1 Max: 10000 |
||
profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | AVT Name. | ||
load_balance_policy | String | Name of the load-balance policy. | |||
internet_exit_policy | String | Name of the internet exit policy. | |||
policies | List, items: Dictionary | A sequence of application profiles mapped to some virtual topologies. | |||
- name | String | Required, Unique | Policy name. | ||
matches | List, items: Dictionary | ||||
- application_profile | String | Application profile name. | |||
avt_profile | String | AVT Profile name. | |||
dscp | Integer | Min: 0 Max: 63 |
Set DSCP for matched traffic. | ||
traffic_class | Integer | Min: 0 Max: 7 |
Set traffic-class for matched traffic. | ||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF name. | ||
policy | String | AVT Policy name. | |||
profiles | List, items: Dictionary | AVT profiles in this VRF. | |||
- name | String | AVT profile name. | |||
id | Integer | Required, Unique | Min: 1 Max: 254 |
Unique ID for this AVT (per VRF). |
router_adaptive_virtual_topology:
# Role name.
topology_role: <str; "edge" | "pathfinder" | "transit region" | "transit zone">
# Enables VXLAN gateway router profile.
# Only applicable for `topology_role: edge`, `topology_role: transit region` or `topology_role: transit zone`.
gateway_vxlan: <bool>
# Region name and ID.
region:
name: <str; required>
id: <int; 1-255; required>
# Zone name and ID.
zone:
name: <str; required>
id: <int; 1-10000; required>
# Site name and ID.
site:
name: <str; required>
id: <int; 1-10000; required>
profiles:
# AVT Name.
- name: <str; required; unique>
# Name of the load-balance policy.
load_balance_policy: <str>
# Name of the internet exit policy.
internet_exit_policy: <str>
# A sequence of application profiles mapped to some virtual topologies.
policies:
# Policy name.
- name: <str; required; unique>
matches:
# Application profile name.
- application_profile: <str>
# AVT Profile name.
avt_profile: <str>
# Set DSCP for matched traffic.
dscp: <int; 0-63>
# Set traffic-class for matched traffic.
traffic_class: <int; 0-7>
vrfs:
# VRF name.
- name: <str; required; unique>
# AVT Policy name.
policy: <str>
# AVT profiles in this VRF.
profiles:
# AVT profile name.
- name: <str>
# Unique ID for this AVT (per VRF).
id: <int; 1-254; required; unique>
Router BFD¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_bfd | Dictionary | ||||
interval | Integer | Rate in milliseconds. | |||
local_address | String | Configure BFD local IP/IPv6 address. | |||
min_rx | Integer | Rate in milliseconds. | |||
multiplier | Integer | Min: 3 Max: 50 |
|||
multihop | Dictionary | ||||
interval | Integer | Rate in milliseconds. | |||
min_rx | Integer | Rate in milliseconds. | |||
multiplier | Integer | Min: 3 Max: 50 |
|||
session_snapshot_interval | Integer | Min: 1 Max: 3600 |
Interval in seconds. Intervals below 10 are considered “dangerous” on EOS and must have session_snapshot_interval_dangerous set to true . |
||
session_snapshot_interval_dangerous | Boolean | ||||
sbfd | Dictionary | ||||
local_interface | Dictionary | ||||
name | String | Interface Name. | |||
protocols | Dictionary | ||||
ipv4 | Boolean | ||||
ipv6 | Boolean | ||||
initiator_interval | Integer | Rate in milliseconds. | |||
initiator_multiplier | Integer | Min: 3 Max: 50 |
|||
initiator_measurement_round_trip | Boolean | Enable round-trip delay measurement. | |||
reflector | Dictionary | ||||
min_rx | Integer | Rate in milliseconds. | |||
local_discriminator | String | IPv4 address or 32 bit integer. |
router_bfd:
# Rate in milliseconds.
interval: <int>
# Configure BFD local IP/IPv6 address.
local_address: <str>
# Rate in milliseconds.
min_rx: <int>
multiplier: <int; 3-50>
multihop:
# Rate in milliseconds.
interval: <int>
# Rate in milliseconds.
min_rx: <int>
multiplier: <int; 3-50>
# Interval in seconds.
# Intervals below 10 are considered "dangerous" on EOS and must have `session_snapshot_interval_dangerous` set to `true`.
session_snapshot_interval: <int; 1-3600>
session_snapshot_interval_dangerous: <bool>
sbfd:
local_interface:
# Interface Name.
name: <str>
protocols:
ipv4: <bool>
ipv6: <bool>
# Rate in milliseconds.
initiator_interval: <int>
initiator_multiplier: <int; 3-50>
# Enable round-trip delay measurement.
initiator_measurement_round_trip: <bool>
reflector:
# Rate in milliseconds.
min_rx: <int>
# IPv4 address or 32 bit integer.
local_discriminator: <str>
Router BGP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_bgp | Dictionary | ||||
as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. |
|||
as_notation | String | Valid Values: - asdot - asplain |
BGP AS can be deplayed in the asplain <1-4294967295> or asdot notation “<1-65535>.<0-65535>”. This flag indicates which mode is preferred - asplain is the default. | ||
router_id | String | In IP address format A.B.C.D. | |||
distance | Dictionary | ||||
external_routes | Integer | Required | Min: 1 Max: 255 |
||
internal_routes | Integer | Required | Min: 1 Max: 255 |
||
local_routes | Integer | Required | Min: 1 Max: 255 |
||
graceful_restart | Dictionary | ||||
enabled | Boolean | ||||
restart_time | Integer | Min: 1 Max: 3600 |
Number of seconds. | ||
stalepath_time | Integer | Min: 1 Max: 3600 |
Number of seconds. | ||
graceful_restart_helper | Dictionary | ||||
enabled | Boolean | ||||
restart_time | Integer | Min: 1 Max: 100000000 |
Number of seconds graceful-restart-help long-lived and restart-time are mutually exclusive in CLI. restart-time will take precedence if both are configured. |
||
long_lived | Boolean | graceful-restart-help long-lived and restart-time are mutually exclusive in CLI. restart-time will take precedence if both are configured. |
|||
maximum_paths | Dictionary | ||||
paths | Integer | Required | Min: 1 Max: 600 |
||
ecmp | Integer | Min: 1 Max: 600 |
|||
updates | Dictionary | ||||
wait_for_convergence | Boolean | Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached. |
|||
wait_install | Boolean | Do not advertise reachability to a prefix until that prefix has been installed in hardware. This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane. |
|||
bgp_cluster_id | String | IP Address A.B.C.D. | |||
bgp_defaults | List, items: String | BGP command as string. | |||
- <str> | String | ||||
bgp | Dictionary | ||||
default | Dictionary | ||||
ipv4_unicast | Boolean | Default activation of IPv4 unicast address-family on all IPv4 neighbors (EOS default = True). | |||
ipv4_unicast_transport_ipv6 | Boolean | Default activation of IPv4 unicast address-family on all IPv6 neighbors (EOS default == False). | |||
route_reflector_preserve_attributes | Dictionary | ||||
enabled | Boolean | ||||
always | Boolean | ||||
bestpath | Dictionary | ||||
d_path | Boolean | ||||
additional_paths | Dictionary | ||||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
redistribute_internal | Boolean | Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true. | |||
listen_ranges | List, items: Dictionary | Improved “listen_ranges” data model to support multiple listen ranges and additional filter capabilities. |
|||
- prefix | String | IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”. | |||
peer_id_include_router_id | Boolean | Include router ID as part of peer filter. | |||
peer_group | String | Peer group name. | |||
peer_filter | String | Peer-filter name. note: peer_filter or remote_as is required but mutually exclusive.If both are defined, peer_filter takes precedence |
|||
remote_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. |
|||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name. | ||
type | String | Key only used for documentation or validation purposes. | |||
remote_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. |
|||
local_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. |
|||
description | String | ||||
shutdown | Boolean | ||||
as_path | Dictionary | BGP AS-PATH options. | |||
remote_as_replace_out | Boolean | Replace AS number with local AS number. | |||
prepend_own_disabled | Boolean | Disable prepending own AS number to AS path. | |||
remove_private_as | Dictionary | Remove private AS numbers in outbound AS path. | |||
enabled | Boolean | ||||
all | Boolean | ||||
replace_as | Boolean | ||||
remove_private_as_ingress | Dictionary | ||||
enabled | Boolean | ||||
replace_as | Boolean | ||||
next_hop_unchanged | Boolean | ||||
update_source | String | IP address or interface name. | |||
route_reflector_client | Boolean | ||||
bfd | Boolean | Enable BFD. | |||
bfd_timers | Dictionary | Override default BFD timers. BFD must be enabled with bfd: true . |
|||
interval | Integer | Required | Min: 50 Max: 60000 |
Interval in milliseconds. | |
min_rx | Integer | Required | Min: 50 Max: 60000 |
Rate in milliseconds. | |
multiplier | Integer | Required | Min: 3 Max: 50 |
||
ebgp_multihop | Integer | Min: 1 Max: 255 |
Time-to-live in range of hops. | ||
next_hop_self | Boolean | ||||
password | String | ||||
passive | Boolean | ||||
default_originate | Dictionary | ||||
enabled | Boolean | ||||
always | Boolean | ||||
route_map | String | Route-map name. | |||
send_community | String | ‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’. | |||
maximum_routes | Integer | Min: 0 Max: 4294967294 |
Maximum number of routes (0 means unlimited). | ||
maximum_routes_warning_limit | String | Maximum number of routes after which a warning is issued (0 means never warn) or Percentage of maximum number of routes at which to warn (“<1-100> percent”). |
|||
maximum_routes_warning_only | Boolean | ||||
missing_policy | Dictionary | Missing policy configuration for all address-families. | |||
direction_in | Dictionary | Missing policy inbound direction. | |||
action | String | Required | Valid Values: - deny - permit - deny-in-out |
Missing policy action. | |
include_community_list | Boolean | Include community-list references in missing policy decision. | |||
include_prefix_list | Boolean | Include prefix-list references in missing policy decision. | |||
include_sub_route_map | Boolean | Include sub-route-map references in missing policy decision. | |||
direction_out | Dictionary | Missing policy outbound direction. | |||
action | String | Required | Valid Values: - deny - permit - deny-in-out |
Missing policy action. | |
include_community_list | Boolean | Include community-list references in missing policy decision. | |||
include_prefix_list | Boolean | Include prefix-list references in missing policy decision. | |||
include_sub_route_map | Boolean | Include sub-route-map references in missing policy decision. | |||
link_bandwidth | Dictionary | ||||
enabled | Boolean | ||||
default | String | nn.nn(K | |||
allowas_in | Dictionary | ||||
enabled | Boolean | ||||
times | Integer | Min: 1 Max: 10 |
Number of local ASNs allowed in a BGP update. | ||
weight | Integer | Min: 0 Max: 65535 |
|||
timers | String | BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”. | |||
rib_in_pre_policy_retain | Dictionary | ||||
enabled | Boolean | ||||
all | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
session_tracker | String | ||||
shared_secret | Dictionary | ||||
profile | String | Required | Name of profile defined under management_security . |
||
hash_algorithm | String | Required | Valid Values: - aes-128-cmac-96 - hmac-sha-256 - hmac-sha1-96 |
Note: Algorithm hmac-sha-256 requires EOS version 4.31.1F and above. | |
ttl_maximum_hops | Integer | Min: 0 Max: 254 |
Maximum number of hops. | ||
peer_filter removed | String | This key was removed. Support was removed in AVD version 5.0.0. Use router_bgp.listen_ranges[].peer_filter instead. | |||
bgp_listen_range_prefix removed | String | This key was removed. Support was removed in AVD version 5.0.0. Use router_bgp.listen_ranges[].bgp_listen_range_prefix instead. | |||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
peer_group | String | ||||
remote_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. |
|||
local_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. |
|||
as_path | Dictionary | BGP AS-PATH options. | |||
remote_as_replace_out | Boolean | Replace AS number with local AS number. | |||
prepend_own_disabled | Boolean | Disable prepending own AS number to AS path. | |||
peer | String | Key only used for documentation or validation purposes. | |||
description | String | ||||
route_reflector_client | Boolean | ||||
password | String | ||||
passive | Boolean | ||||
shutdown | Boolean | ||||
update_source | String | Source Interface. | |||
bfd | Boolean | Enable BFD. | |||
bfd_timers | Dictionary | Override default BFD timers. BFD must be enabled with bfd: true . |
|||
interval | Integer | Required | Min: 50 Max: 60000 |
Interval in milliseconds. | |
min_rx | Integer | Required | Min: 50 Max: 60000 |
Rate in milliseconds. | |
multiplier | Integer | Required | Min: 3 Max: 50 |
||
weight | Integer | Min: 0 Max: 65535 |
|||
timers | String | BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”. | |||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
default_originate | Dictionary | ||||
enabled | Boolean | ||||
always | Boolean | ||||
route_map | String | ||||
send_community | String | ‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’. | |||
maximum_routes | Integer | Min: 0 Max: 4294967294 |
Maximum number of routes (0 means unlimited). | ||
maximum_routes_warning_limit | String | Maximum number of routes after which a warning is issued (0 means never warn) or Percentage of maximum number of routes at which to warn (“<1-100> percent”). |
|||
maximum_routes_warning_only | Boolean | ||||
missing_policy | Dictionary | Missing policy configuration for all address-families. | |||
direction_in | Dictionary | Missing policy inbound direction. | |||
action | String | Required | Valid Values: - deny - permit - deny-in-out |
Missing policy action. | |
include_community_list | Boolean | Include community-list references in missing policy decision. | |||
include_prefix_list | Boolean | Include prefix-list references in missing policy decision. | |||
include_sub_route_map | Boolean | Include sub-route-map references in missing policy decision. | |||
direction_out | Dictionary | Missing policy outbound direction. | |||
action | String | Required | Valid Values: - deny - permit - deny-in-out |
Missing policy action. | |
include_community_list | Boolean | Include community-list references in missing policy decision. | |||
include_prefix_list | Boolean | Include prefix-list references in missing policy decision. | |||
include_sub_route_map | Boolean | Include sub-route-map references in missing policy decision. | |||
allowas_in | Dictionary | ||||
enabled | Boolean | ||||
times | Integer | Min: 1 Max: 10 |
Number of local ASNs allowed in a BGP update. | ||
ebgp_multihop | Integer | Min: 1 Max: 255 |
Time-to-live in range of hops. | ||
next_hop_self | Boolean | ||||
link_bandwidth | Dictionary | ||||
enabled | Boolean | ||||
default | String | nn.nn(K | |||
rib_in_pre_policy_retain | Dictionary | ||||
enabled | Boolean | ||||
all | Boolean | ||||
remove_private_as | Dictionary | Remove private AS numbers in outbound AS path. | |||
enabled | Boolean | ||||
all | Boolean | ||||
replace_as | Boolean | ||||
remove_private_as_ingress | Dictionary | ||||
enabled | Boolean | ||||
replace_as | Boolean | ||||
session_tracker | String | ||||
shared_secret | Dictionary | ||||
profile | String | Required | Name of profile defined under management_security . |
||
hash_algorithm | String | Required | Valid Values: - aes-128-cmac-96 - hmac-sha-256 - hmac-sha1-96 |
Note: Algorithm hmac-sha-256 requires EOS version 4.31.1F and above. | |
ttl_maximum_hops | Integer | Min: 0 Max: 254 |
Maximum number of hops. | ||
neighbor_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | Interface name. | ||
remote_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. |
|||
peer | String | Key only used for documentation or validation purposes. | |||
peer_group | String | Peer-group name |
|||
description | String | ||||
peer_filter | String | Peer-filter name. | |||
aggregate_addresses | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”. | ||
advertise_only | Boolean | ||||
as_set | Boolean | ||||
summary_only | Boolean | ||||
attribute_map | String | Route-map name. | |||
match_map | String | Route-map name. | |||
redistribute | Dictionary | Redistribute routes in to BGP. | |||
attached_host | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
bgp | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
connected | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
dynamic | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
isis | Dictionary | ||||
enabled | Boolean | Required | |||
isis_level | String | Valid Values: - level-1 - level-2 - level-1-2 |
Redistribute IS-IS route level. | ||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
ospf | Dictionary | ||||
enabled | Boolean | Redistribute OSPF routes. | |||
match_external | Dictionary | Redistribute OSPF routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_internal | Dictionary | Redistribute OSPF routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_nssa_external | Dictionary | Redistribute OSPF routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
ospfv3 | Dictionary | ||||
enabled | Boolean | Redistribute OSPFv3 routes. | |||
match_external | Dictionary | Redistribute OSPFv3 routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_internal | Dictionary | Redistribute OSPFv3 routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_nssa_external | Dictionary | Redistribute OSPFv3 routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
rip | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
static | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
user | Dictionary | ||||
enabled | Boolean | Required | |||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
redistribute_routes deprecated | List, items: Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead. | |||
- source_protocol | String | Required | Valid Values: - attached-host - bgp - connected - dynamic - isis - ospf - ospfv3 - rip - static - user |
||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence.Only applicable if source_protocol is one of connected , static , isis , user , dynamic . |
|||
include_leaked | Boolean | ||||
ospf_route_type | String | Valid Values: - external - internal - nssa-external - nssa-external 1 - nssa-external 2 |
Routes learned by the OSPF protocol. The ospf_route_type is valid for source_protocols ‘ospf’ and ‘ospfv3’. |
||
vlan_aware_bundles | List, items: Dictionary | ||||
- name | String | Required, Unique | VLAN aware bundle name. | ||
tenant | String | Key only used for documentation or validation purposes. | |||
description | String | Key only used for documentation or validation purposes. | |||
rd | String | Route distinguisher. | |||
rd_evpn_domain | Dictionary | ||||
domain | String | Valid Values: - remote - all |
|||
rd | String | Route distinguisher. | |||
route_targets | Dictionary | ||||
both | List, items: String | ||||
- <str> | String | ||||
import | List, items: String | ||||
- <str> | String | ||||
export | List, items: String | ||||
- <str> | String | ||||
import_evpn_domains | List, items: Dictionary | ||||
- domain | String | Valid Values: - remote - all |
|||
route_target | String | ||||
export_evpn_domains | List, items: Dictionary | ||||
- domain | String | Valid Values: - remote - all |
|||
route_target | String | ||||
import_export_evpn_domains | List, items: Dictionary | ||||
- domain | String | Valid Values: - remote - all |
|||
route_target | String | ||||
redistribute_routes | List, items: String | ||||
- <str> | String | ||||
no_redistribute_routes | List, items: String | ||||
- <str> | String | ||||
vlan | String | VLAN range as string. Example “100-200,300”. | |||
eos_cli | String | Multiline EOS CLI rendered directly on the Router BGP, VLAN-aware-bundle definition in the final EOS configuration. | |||
vlans | List, items: Dictionary | ||||
- id | Integer | Required, Unique | |||
tenant | String | Key only used for documentation or validation purposes. | |||
rd | String | Route distinguisher. | |||
rd_evpn_domain | Dictionary | ||||
domain | String | Valid Values: - remote - all |
|||
rd | String | Route distinguisher. | |||
route_targets | Dictionary | ||||
both | List, items: String | ||||
- <str> | String | ||||
import | List, items: String | ||||
- <str> | String | ||||
export | List, items: String | ||||
- <str> | String | ||||
import_evpn_domains | List, items: Dictionary | ||||
- domain | String | Valid Values: - remote - all |
|||
route_target | String | ||||
export_evpn_domains | List, items: Dictionary | ||||
- domain | String | Valid Values: - remote - all |
|||
route_target | String | ||||
import_export_evpn_domains | List, items: Dictionary | ||||
- domain | String | Valid Values: - remote - all |
|||
route_target | String | ||||
redistribute_routes | List, items: String | ||||
- <str> | String | ||||
no_redistribute_routes | List, items: String | ||||
- <str> | String | ||||
eos_cli | String | Multiline EOS CLI rendered directly on the Router BGP, VLAN definition in the final EOS configuration. | |||
vpws | List, items: Dictionary | ||||
- name | String | Required, Unique | VPWS instance name. | ||
rd | String | Route distinguisher. | |||
route_targets | Dictionary | ||||
import_export | String | Route Target. | |||
mpls_control_word | Boolean | ||||
label_flow | Boolean | ||||
mtu | Integer | ||||
pseudowires | List, items: Dictionary | ||||
- name | String | Required, Unique | Pseudowire name. | ||
id_local | Integer | Must match id_remote on other pe. | |||
id_remote | Integer | Must match id_local on other pe. | |||
address_family_evpn | Dictionary | ||||
domain_identifier | String | ||||
neighbor_default | Dictionary | ||||
encapsulation | String | Valid Values: - vxlan - mpls - path-selection |
Transport encapsulation for neighbor. | ||
next_hop_self_source_interface | String | Source interface name. | |||
next_hop_self_received_evpn_routes | Dictionary | ||||
enable | Boolean | ||||
inter_domain | Boolean | ||||
next_hop_mpls_resolution_ribs | List, items: Dictionary | Min Length: 1 Max Length: 3 |
Specify the RIBs used to resolve MPLS next-hops. The order of this list determines the order of RIB lookups. | ||
- rib_type | String | Required | Valid Values: - system-connected - tunnel-rib-colored - tunnel-rib |
Type of RIB. For ‘tunnel-rib’, use ‘rib_name’ to specify the name of the Tunnel-RIB to use. | |
rib_name | String | The name of the tunnel-rib to use when using ‘tunnel-rib’ type. | |||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
rcf_in | String | Inbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
rcf_out | String | Outbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
default_route | Dictionary | ||||
enabled | Boolean | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
route_map | String | ||||
additional_paths | Dictionary | ||||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
encapsulation | String | Valid Values: - vxlan - mpls - path-selection |
Transport encapsulation for the neighbor. | ||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name. | ||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
rcf_in | String | Inbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
rcf_out | String | Outbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
default_route | Dictionary | ||||
enabled | Boolean | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
route_map | String | ||||
domain_remote | Boolean | ||||
encapsulation | String | Valid Values: - vxlan - mpls - path-selection |
Transport encapsulation for the peer-group. | ||
additional_paths | Dictionary | ||||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
evpn_hostflap_detection | Dictionary | ||||
enabled | Boolean | ||||
window | Integer | Min: 0 Max: 4294967295 |
Time (in seconds) to detect a MAC duplication issue. | ||
threshold | Integer | Min: 0 Max: 4294967295 |
Minimum number of MAC moves that indicate a MAC Duplication issue. | ||
expiry_timeout | Integer | Min: 0 Max: 4294967295 |
Time (in seconds) to purge a MAC duplication issue. | ||
next_hop | Dictionary | ||||
resolution_disabled | Boolean | ||||
route | Dictionary | ||||
import_match_failure_action | String | Valid Values: - discard |
|||
import_ethernet_segment_ip_mass_withdraw | Boolean | ||||
import_overlay_index_gateway | Boolean | ||||
export_ethernet_segment_ip_mass_withdraw | Boolean | ||||
next_hop_unchanged | Boolean | ||||
bgp | Dictionary | ||||
additional_paths | Dictionary | ||||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
layer_2_fec_in_place_update | Dictionary | BGP layer-2 in-place FEC operation. | |||
enabled | Boolean | Required | |||
timeout | Integer | Min: 0 Max: 300 |
In-place FEC update tracking timeout in seconds. | ||
bgp_additional_paths deprecated | Dictionary | BGP additional-paths commands.This key is deprecated. Support will be removed in AVD version 6.0.0. Use bgp.additional_paths instead. | |||
receive | Boolean | Receive multiple paths. | |||
send | Dictionary | Send multiple paths. | |||
any | Boolean | Any eligible path. | |||
backup | Boolean | Best path and installed backup path. | |||
ecmp | Boolean | All paths in best path ECMP group. | |||
ecmp_limit | Integer | Min: 2 Max: 64 |
Amount of ECMP paths to send. | ||
limit | Integer | Min: 2 Max: 64 |
Amount of paths to send. | ||
address_family_rtc | Dictionary | ||||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name. | ||
activate | Boolean | ||||
default_route_target | Dictionary | ||||
only | Boolean | ||||
encoding_origin_as_omit | String | ||||
address_family_ipv4 | Dictionary | ||||
networks | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”. | ||
route_map | String | Route-map name. | |||
bgp | Dictionary | ||||
additional_paths | Dictionary | ||||
install | Boolean | Install BGP backup path. | |||
install_ecmp_primary | Boolean | Allow additional path with ECMP primary path. | |||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
redistribute_internal | Boolean | Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true. | |||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name. | ||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
rcf_in | String | Inbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
rcf_out | String | Outbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
default_originate | Dictionary | ||||
always | Boolean | ||||
route_map | String | Route-map name. | |||
prefix_list_in | String | Inbound prefix-list name. | |||
prefix_list_out | String | Outbound prefix-list name. | |||
additional_paths | Dictionary | ||||
prefix_list | String | Apply the configurations only to the routes matching the prefix list. | |||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
next_hop | Dictionary | ||||
address_family_ipv6 | Dictionary | ||||
enabled | Boolean | Required | |||
originate | Boolean | ||||
address_family_ipv6_originate removed | Boolean | This key was removed. Support was removed in AVD version 5.0.0. Use address_family_ipv6 instead. | |||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
rcf_in | String | Inbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
rcf_out | String | Outbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
prefix_list_in | String | Inbound prefix-list name. | |||
prefix_list_out | String | Prefix-list name. | |||
default_originate | Dictionary | ||||
always | Boolean | ||||
route_map | String | ||||
additional_paths | Dictionary | ||||
prefix_list | String | Apply the configurations only to the routes matching the prefix list. | |||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
redistribute | Dictionary | Redistribute routes in to BGP. | |||
attached_host | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
bgp | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
connected | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
dynamic | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
isis | Dictionary | ||||
enabled | Boolean | Required | |||
isis_level | String | Valid Values: - level-1 - level-2 - level-1-2 |
Redistribute IS-IS route level. | ||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
ospf | Dictionary | ||||
enabled | Boolean | Redistribute OSPF routes. | |||
match_external | Dictionary | Redistribute OSPF routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_internal | Dictionary | Redistribute OSPF routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_nssa_external | Dictionary | Redistribute OSPF routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
ospfv3 | Dictionary | ||||
enabled | Boolean | Redistribute OSPFv3 routes. | |||
match_external | Dictionary | Redistribute OSPFv3 routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_internal | Dictionary | Redistribute OSPFv3 routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_nssa_external | Dictionary | Redistribute OSPFv3 routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
rip | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
static | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
user | Dictionary | ||||
enabled | Boolean | Required | |||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
redistribute_routes deprecated | List, items: Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead. | |||
- source_protocol | String | Required | Valid Values: - attached-host - bgp - connected - dynamic - isis - ospf - ospfv3 - rip - static - user |
||
route_map | String | ||||
include_leaked | Boolean | Only applicable if source_protocol is one of connected , static , isis , ospf , ospfv3 . |
|||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence.Only applicable if source_protocol is one of connected , static , isis , user , dynamic . |
|||
ospf_route_type | String | Valid Values: - external - internal - nssa-external - nssa-external 1 - nssa-external 2 |
Routes learned by the OSPF protocol. The ospf_route_type is valid for source_protocols ‘ospf’ and ‘ospfv3’. |
||
address_family_ipv4_labeled_unicast | Dictionary | ||||
aigp_session | Dictionary | ||||
confederation | Boolean | ||||
ebgp | Boolean | ||||
ibgp | Boolean | ||||
bgp | Dictionary | ||||
additional_paths | Dictionary | ||||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
missing_policy | Dictionary | Missing policy configuration for all address-families. | |||
direction_in | Dictionary | Missing policy inbound direction. | |||
action | String | Required | Valid Values: - deny - permit - deny-in-out |
Missing policy action. | |
include_community_list | Boolean | Include community-list references in missing policy decision. | |||
include_prefix_list | Boolean | Include prefix-list references in missing policy decision. | |||
include_sub_route_map | Boolean | Include sub-route-map references in missing policy decision. | |||
direction_out | Dictionary | Missing policy outbound direction. | |||
action | String | Required | Valid Values: - deny - permit - deny-in-out |
Missing policy action. | |
include_community_list | Boolean | Include community-list references in missing policy decision. | |||
include_prefix_list | Boolean | Include prefix-list references in missing policy decision. | |||
include_sub_route_map | Boolean | Include sub-route-map references in missing policy decision. | |||
next_hop_unchanged | Boolean | ||||
graceful_restart | Boolean | ||||
label_local_termination | String | Valid Values: - explicit-null - implicit-null |
|||
lfib_entry_installation_skipped | Boolean | Skip LFIB entry installation and next hop self route advertisements. | |||
neighbor_default | Dictionary | ||||
next_hop_self | Boolean | ||||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name. | ||
activate | Boolean | ||||
additional_paths | Dictionary | ||||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
aigp_session | Boolean | ||||
graceful_restart | Boolean | ||||
graceful_restart_helper | Dictionary | ||||
stale_route_map | String | ||||
maximum_advertised_routes | Integer | Min: 0 Max: 4294967294 |
Maximum number of routes (0 means unlimited). | ||
maximum_advertised_routes_warning_limit | String | Maximum number of routes after which a warning is issued (0 means never warn) or Percentage of maximum number of routes at which to warn (“<1-100> percent”). |
|||
missing_policy | Dictionary | Missing policy configuration for BGP Labeled-Unicast neighbor. | |||
direction_in | Dictionary | Missing policy inbound direction. | |||
action | String | Required | Valid Values: - deny - permit - deny-in-out |
Missing policy action. | |
include_community_list | Boolean | Include community-list references in missing policy decision. | |||
include_prefix_list | Boolean | Include prefix-list references in missing policy decision. | |||
include_sub_route_map | Boolean | Include sub-route-map references in missing policy decision. | |||
direction_out | Dictionary | Missing policy outbound direction. | |||
action | String | Required | Valid Values: - deny - permit - deny-in-out |
Missing policy action. | |
include_community_list | Boolean | Include community-list references in missing policy decision. | |||
include_prefix_list | Boolean | Include prefix-list references in missing policy decision. | |||
include_sub_route_map | Boolean | Include sub-route-map references in missing policy decision. | |||
multi_path | Boolean | ||||
next_hop_resolution removed | Dictionary | This key was removed. Support was removed in AVD version 5.0.0. | |||
next_hop_self | Boolean | ||||
next_hop_self_source_interface | String | Source interface name. | |||
next_hop_self_v4_mapped_v6_source_interface | String | v4-mapped-v6 source interface name. Takes precedence over the next_hop_self_source_interface. | |||
next_hop_unchanged | Boolean | ||||
rcf_in | String | Inbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
rcf_out | String | Outbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
additional_paths | Dictionary | ||||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
aigp_session | Boolean | ||||
graceful_restart | Boolean | ||||
graceful_restart_helper | Dictionary | ||||
stale_route_map | String | ||||
maximum_advertised_routes | Integer | Min: 0 Max: 4294967294 |
Maximum number of routes (0 means unlimited). | ||
maximum_advertised_routes_warning_limit | String | Maximum number of routes after which a warning is issued (0 means never warn) or Percentage of maximum number of routes at which to warn (“<1-100> percent”). |
|||
missing_policy | Dictionary | Missing policy configuration for BGP Labeled-Unicast neighbor. | |||
direction_in | Dictionary | Missing policy inbound direction. | |||
action | String | Required | Valid Values: - deny - permit - deny-in-out |
Missing policy action. | |
include_community_list | Boolean | Include community-list references in missing policy decision. | |||
include_prefix_list | Boolean | Include prefix-list references in missing policy decision. | |||
include_sub_route_map | Boolean | Include sub-route-map references in missing policy decision. | |||
direction_out | Dictionary | Missing policy outbound direction. | |||
action | String | Required | Valid Values: - deny - permit - deny-in-out |
Missing policy action. | |
include_community_list | Boolean | Include community-list references in missing policy decision. | |||
include_prefix_list | Boolean | Include prefix-list references in missing policy decision. | |||
include_sub_route_map | Boolean | Include sub-route-map references in missing policy decision. | |||
multi_path | Boolean | ||||
next_hop_resolution removed | Dictionary | This key was removed. Support was removed in AVD version 5.0.0. | |||
next_hop_self | Boolean | ||||
next_hop_self_source_interface | String | Source interface name. | |||
next_hop_self_v4_mapped_v6_source_interface | String | v4-mapped-v6 source interface name. Takes precedence over the next_hop_self_source_interface. | |||
next_hop_unchanged | Boolean | ||||
rcf_in | String | Inbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
rcf_out | String | Outbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
networks | List, items: Dictionary | Min Length: 1 | |||
- prefix | String | Required, Unique | IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”. | ||
route_map | String | Route-map name. | |||
next_hops | List, items: Dictionary | Min Length: 1 | |||
- ip_address | String | Required, Unique | |||
lfib_backup_ip_forwarding | Boolean | ||||
next_hop_resolution_ribs | List, items: Dictionary | Min Length: 1 Max Length: 3 |
Specify the RIBs used to resolve next-hops. The order of this list determines the order of RIB lookups. | ||
- rib_type | String | Required | Valid Values: - system-connected - tunnel-rib-colored - tunnel-rib |
Type of RIB. For ‘tunnel-rib’, use ‘rib_name’ to specify the name of the Tunnel-RIB to use. | |
rib_name | String | The name of the tunnel-rib to use when using ‘tunnel-rib’ type. | |||
tunnel_source_protocols | List, items: Dictionary | Min Length: 1 Max Length: 2 |
|||
- protocol | String | Required, Unique | Valid Values: - isis segment-routing - ldp |
||
rcf | String | Optional RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
update_wait_for_convergence | Boolean | Wait for BGP to converge before sending out any route updates. | |||
address_family_ipv4_multicast | Dictionary | ||||
bgp | Dictionary | ||||
additional_paths | Dictionary | ||||
receive | Boolean | ||||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name. | ||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
additional_paths | Dictionary | ||||
receive | Boolean | ||||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
additional_paths | Dictionary | ||||
receive | Boolean | ||||
redistribute | Dictionary | Redistribute routes in to BGP. | |||
attached_host | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
connected | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
isis | Dictionary | ||||
enabled | Boolean | Required | |||
isis_level | String | Valid Values: - level-1 - level-2 - level-1-2 |
Redistribute IS-IS route level. | ||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
ospf | Dictionary | ||||
enabled | Boolean | Redistribute OSPF routes. | |||
match_external | Dictionary | Redistribute OSPF routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
match_internal | Dictionary | Redistribute OSPF routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
match_nssa_external | Dictionary | Redistribute OSPF routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
route_map | String | ||||
ospfv3 | Dictionary | ||||
enabled | Boolean | Redistribute OSPFv3 routes. | |||
match_external | Dictionary | Redistribute OSPFv3 routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
match_internal | Dictionary | Redistribute OSPFv3 routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
match_nssa_external | Dictionary | Redistribute OSPFv3 routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
route_map | String | ||||
static | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
redistribute_routes deprecated | List, items: Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead. | |||
- source_protocol | String | Required | |||
route_map | String | ||||
include_leaked | Boolean | Only applicable if source_protocol is isis . |
|||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence.Only applicable if source_protocol is isis . |
|||
ospf_route_type | String | Valid Values: - external - internal - nssa-external - nssa-external 1 - nssa-external 2 |
Routes learned by the OSPF protocol. The ospf_route_type is valid for source_protocols ‘ospf’ and ‘ospfv3’. |
||
address_family_ipv4_sr_te | Dictionary | ||||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name. | ||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
address_family_ipv6 | Dictionary | ||||
networks | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”. | ||
route_map | String | Route-map name. | |||
bgp | Dictionary | ||||
redistribute_internal | Boolean | Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true. | |||
additional_paths | Dictionary | ||||
install | Boolean | Install BGP backup path. | |||
install_ecmp_primary | Boolean | Allow additional path with ECMP primary path. | |||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name. | ||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
rcf_in | String | Inbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
rcf_out | String | Outbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
prefix_list_in | String | Inbound prefix-list name. | |||
prefix_list_out | String | Outbound prefix-list name. | |||
additional_paths | Dictionary | ||||
prefix_list | String | Apply the configurations only to the routes matching the prefix list. | |||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
rcf_in | String | Inbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
rcf_out | String | Outbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
prefix_list_in | String | Inbound prefix-list name. | |||
prefix_list_out | String | Outbound prefix-list name. | |||
additional_paths | Dictionary | ||||
prefix_list | String | Apply the configurations only to the routes matching the prefix list. | |||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
redistribute | Dictionary | Redistribute routes in to BGP. | |||
attached_host | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
bgp | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
connected | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
dhcp | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
dynamic | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
isis | Dictionary | ||||
enabled | Boolean | Required | |||
isis_level | String | Valid Values: - level-1 - level-2 - level-1-2 |
Redistribute IS-IS route level. | ||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
ospfv3 | Dictionary | ||||
enabled | Boolean | Redistribute OSPFv3 routes. | |||
match_external | Dictionary | Redistribute OSPFv3 routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_internal | Dictionary | Redistribute OSPFv3 routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_nssa_external | Dictionary | Redistribute OSPFv3 routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
static | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
user | Dictionary | ||||
enabled | Boolean | Required | |||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
redistribute_routes deprecated | List, items: Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead. | |||
- source_protocol | String | Required | |||
route_map | String | ||||
include_leaked | Boolean | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence.Only used if source_protocol is one of connected , static , isis , user , dynamic . |
|||
ospf_route_type | String | Valid Values: - external - internal - nssa-external - nssa-external 1 - nssa-external 2 |
Routes learned by the OSPF protocol. The ospf_route_type is valid for source_protocols ‘ospfv3’. |
||
address_family_ipv6_multicast | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
additional_paths | Dictionary | ||||
receive | Boolean | ||||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
additional_paths | Dictionary | ||||
receive | Boolean | ||||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name. | ||
activate | Boolean | ||||
additional_paths | Dictionary | ||||
receive | Boolean | ||||
networks | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv6 prefix “A:B:C:D:E:F:G:H/I”. | ||
route_map | String | ||||
redistribute | Dictionary | Redistribute routes in to BGP. | |||
connected | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
isis | Dictionary | ||||
enabled | Boolean | Required | |||
isis_level | String | Valid Values: - level-1 - level-2 - level-1-2 |
Redistribute IS-IS route level. | ||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
ospf | Dictionary | ||||
enabled | Boolean | Redistribute OSPF routes. | |||
match_external | Dictionary | Redistribute OSPF routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
match_internal | Dictionary | Redistribute OSPF routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
match_nssa_external | Dictionary | Redistribute OSPF routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
route_map | String | ||||
ospfv3 | Dictionary | ||||
enabled | Boolean | Redistribute OSPFv3 routes. | |||
match_external | Dictionary | Redistribute OSPFv3 routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
match_internal | Dictionary | Redistribute OSPFv3 routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
match_nssa_external | Dictionary | Redistribute OSPFv3 routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
route_map | String | ||||
static | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
redistribute_routes deprecated | List, items: Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead. | |||
- source_protocol | String | Required | Valid Values: - connected - isis - ospf - ospfv3 - static |
||
include_leaked | Boolean | Only applicable if source_protocol is isis . |
|||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence.Only applicable if source_protocol is isis . |
|||
ospf_route_type | String | Valid Values: - external - internal - nssa-external - nssa-external 1 - nssa-external 2 |
Routes learned by the OSPF protocol. The ospf_route_type is valid for source_protocols ‘ospf’ and ‘ospfv3’. |
||
address_family_ipv6_sr_te | Dictionary | ||||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name. | ||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
address_family_link_state | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name. | ||
activate | Boolean | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
path_selection | Dictionary | ||||
roles | Dictionary | ||||
producer | Boolean | ||||
consumer | Boolean | ||||
propagator | Boolean | ||||
address_family_flow_spec_ipv4 | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name. | ||
activate | Boolean | ||||
address_family_flow_spec_ipv6 | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name. | ||
activate | Boolean | ||||
address_family_path_selection | Dictionary | ||||
bgp | Dictionary | ||||
additional_paths | Dictionary | ||||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
additional_paths | Dictionary | ||||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name. | ||
activate | Boolean | ||||
additional_paths | Dictionary | ||||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
address_family_vpn_ipv4 | Dictionary | ||||
domain_identifier | String | ||||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name. | ||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
rcf_in | String | Inbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
rcf_out | String | Outbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
default_route | Dictionary | ||||
enabled | Boolean | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
route_map | String | ||||
route | Dictionary | ||||
import_match_failure_action | String | Valid Values: - discard |
|||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
rcf_in | String | Inbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
rcf_out | String | Outbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
default_route | Dictionary | ||||
enabled | Boolean | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
route_map | String | ||||
neighbor_default_encapsulation_mpls_next_hop_self | Dictionary | ||||
source_interface | String | ||||
address_family_vpn_ipv6 | Dictionary | ||||
domain_identifier | String | ||||
peer_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Peer-group name. | ||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
rcf_in | String | Inbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
rcf_out | String | Outbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
default_route | Dictionary | ||||
enabled | Boolean | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
route_map | String | ||||
route | Dictionary | ||||
import_match_failure_action | String | Valid Values: - discard |
|||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
rcf_in | String | Inbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
rcf_out | String | Outbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
default_route | Dictionary | ||||
enabled | Boolean | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
route_map | String | ||||
neighbor_default_encapsulation_mpls_next_hop_self | Dictionary | ||||
source_interface | String | ||||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF name. | ||
bgp | Dictionary | ||||
redistribute_internal | Boolean | Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true. | |||
additional_paths | Dictionary | ||||
install | Boolean | Install BGP backup path. | |||
install_ecmp_primary | Boolean | Allow additional path with ECMP primary path. | |||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
rd | String | Route distinguisher. | |||
evpn_multicast | Boolean | ||||
evpn_multicast_address_family | Dictionary | Enable per-AF EVPN multicast settings. | |||
ipv4 | Dictionary | ||||
transit | Boolean | Enable EVPN multicast transit mode. | |||
evpn_multicast_gateway_dr_election | Dictionary | ||||
algorithm | String | Required | Valid Values: - hrw - modulus - preference |
DR election algorithms: hrw: Default selection based on highest random weight. modulus: Selection based on VLAN ID modulo number of candidates. preference: Selection based on a configured preference value. |
|
preference_value | Integer | Min: 0 Max: 65535 |
Required when algorithm is preference . |
||
default_route_exports | List, items: Dictionary | Enable default-originate per VRF/address-family. | |||
- address_family | String | Required, Unique | Valid Values: - evpn - vpn-ipv4 - vpn-ipv6 |
||
always | Boolean | ||||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
route_targets | Dictionary | ||||
import | List, items: Dictionary | ||||
- address_family | String | Required, Unique | |||
route_targets | List, items: String | ||||
- <str> | String | ||||
route_map | String | Only applicable if address_family is one of evpn , vpn-ipv4 or vpn-ipv6 . |
|||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). Only applicable if address_family is one of evpn , vpn-ipv4 or vpn-ipv6 . |
|||
vpn_route_filter_rcf | String | RCF function name with parenthesis for filtering VPN routes. Also requires rcf to be set.Example: MyFunction(myarg). Only applicable if address_family is one of vpn-ipv4 or vpn-ipv6 . |
|||
export | List, items: Dictionary | ||||
- address_family | String | Required, Unique | |||
route_targets | List, items: String | ||||
- <str> | String | ||||
route_map | String | Only applicable if address_family is one of evpn , vpn-ipv4 or vpn-ipv6 . |
|||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). Only applicable if address_family is one of evpn , vpn-ipv4 or vpn-ipv6 . |
|||
vpn_route_filter_rcf | String | RCF function name with parenthesis for filtering VPN routes. Also requires rcf to be set.Example: MyFunction(myarg). Only applicable if address_family is one of vpn-ipv4 or vpn-ipv6 . |
|||
router_id | String | in IP address format A.B.C.D. | |||
timers | String | BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”. | |||
networks | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”. | ||
route_map | String | ||||
updates | Dictionary | ||||
wait_for_convergence | Boolean | Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached. |
|||
wait_install | Boolean | Do not advertise reachability to a prefix until that prefix has been installed in hardware. This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane. |
|||
listen_ranges | List, items: Dictionary | Improved “listen_ranges” data model to support multiple listen ranges and additional filter capabilities. |
|||
- prefix | String | IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”. | |||
peer_id_include_router_id | Boolean | Include router ID as part of peer filter. | |||
peer_group | String | Peer-group name. | |||
peer_filter | String | Peer-filter name. note: peer_filter`` or remote_as` is required but mutually exclusive.If both are defined, peer_filter takes precedence. |
|||
remote_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. |
|||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
peer_group | String | Peer-group name. | |||
remote_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. |
|||
password | String | ||||
passive | Boolean | ||||
remove_private_as | Dictionary | Remove private AS numbers in outbound AS path. | |||
enabled | Boolean | ||||
all | Boolean | ||||
replace_as | Boolean | ||||
remove_private_as_ingress | Dictionary | ||||
enabled | Boolean | ||||
replace_as | Boolean | ||||
weight | Integer | Min: 0 Max: 65535 |
|||
local_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. |
|||
as_path | Dictionary | BGP AS-PATH options. | |||
remote_as_replace_out | Boolean | Replace AS number with local AS number. | |||
prepend_own_disabled | Boolean | Disable prepending own AS number to AS path. | |||
description | String | ||||
route_reflector_client | Boolean | ||||
ebgp_multihop | Integer | Min: 1 Max: 255 |
Time-to-live in range of hops. | ||
next_hop_self | Boolean | ||||
shutdown | Boolean | ||||
bfd | Boolean | Enable BFD. | |||
bfd_timers | Dictionary | Override default BFD timers. BFD must be enabled with bfd: true . |
|||
interval | Integer | Required | Min: 50 Max: 60000 |
Interval in milliseconds. | |
min_rx | Integer | Required | Min: 50 Max: 60000 |
Rate in milliseconds. | |
multiplier | Integer | Required | Min: 3 Max: 50 |
||
timers | String | BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”. | |||
rib_in_pre_policy_retain | Dictionary | ||||
enabled | Boolean | ||||
all | Boolean | ||||
send_community | String | ‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’. | |||
maximum_routes | Integer | ||||
maximum_routes_warning_limit | String | Maximum number of routes after which a warning is issued (0 means never warn) or Percentage of maximum number of routes at which to warn (“<1-100> percent”). |
|||
maximum_routes_warning_only | Boolean | ||||
allowas_in | Dictionary | ||||
enabled | Boolean | ||||
times | Integer | Min: 1 Max: 10 |
Number of local ASNs allowed in a BGP update. | ||
default_originate | Dictionary | ||||
enabled | Boolean | ||||
always | Boolean | ||||
route_map | String | ||||
update_source | String | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
additional_paths | Dictionary | ||||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
prefix_list_in removed | String | Inbound prefix-list name.This key was removed. Support was removed in AVD version 5.0.0. Use router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_in or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_in instead. | |||
prefix_list_out removed | String | Outbound prefix-list name.This key was removed. Support was removed in AVD version 5.0.0. Use router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_out or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_out instead. | |||
neighbor_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | Interface name. | ||
remote_as | String | BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”. For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number. |
|||
peer_group | String | Peer-group name. | |||
peer_filter | String | Peer-filter name. | |||
description | String | ||||
redistribute | Dictionary | Redistribute routes in to BGP. | |||
attached_host | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
bgp | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
connected | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
dynamic | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
isis | Dictionary | ||||
enabled | Boolean | Required | |||
isis_level | String | Valid Values: - level-1 - level-2 - level-1-2 |
Redistribute IS-IS route level. | ||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
ospf | Dictionary | ||||
enabled | Boolean | Redistribute OSPF routes. | |||
match_external | Dictionary | Redistribute OSPF routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_internal | Dictionary | Redistribute OSPF routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_nssa_external | Dictionary | Redistribute OSPF routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
ospfv3 | Dictionary | ||||
enabled | Boolean | Redistribute OSPFv3 routes. | |||
match_external | Dictionary | Redistribute OSPFv3 routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_internal | Dictionary | Redistribute OSPFv3 routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_nssa_external | Dictionary | Redistribute OSPFv3 routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
rip | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
static | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
user | Dictionary | ||||
enabled | Boolean | Required | |||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
redistribute_routes deprecated | List, items: Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead. | |||
- source_protocol | String | Required | |||
route_map | String | ||||
include_leaked | Boolean | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence.Only applicable if source_protocol is one of connected , dynamic , isis , static and user . |
|||
ospf_route_type | String | Valid Values: - external - internal - nssa-external - nssa-external 1 - nssa-external 2 |
Routes learned by the OSPF protocol. The ospf_route_type is valid for source_protocols ‘ospf’ and ‘ospfv3’. |
||
aggregate_addresses | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”. | ||
advertise_only | Boolean | ||||
as_set | Boolean | ||||
summary_only | Boolean | ||||
attribute_map | String | ||||
match_map | String | ||||
address_family_ipv4 | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
additional_paths | Dictionary | ||||
install | Boolean | Install BGP backup path. | |||
install_ecmp_primary | Boolean | Allow additional path with ECMP primary path. | |||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
redistribute_internal | Boolean | Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true. | |||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
rcf_in | String | Inbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
rcf_out | String | Outbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
prefix_list_in | String | Inbound prefix-list name. | |||
prefix_list_out | String | Outbound prefix-list name. | |||
next_hop | Dictionary | ||||
address_family_ipv6 | Dictionary | ||||
enabled | Boolean | Required | |||
originate | Boolean | ||||
additional_paths | Dictionary | ||||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
networks | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv4 prefix “A.B.C.D/E”. | ||
route_map | String | ||||
redistribute | Dictionary | Redistribute routes in to BGP. | |||
attached_host | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
bgp | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
connected | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
dynamic | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
isis | Dictionary | ||||
enabled | Boolean | Required | |||
isis_level | String | Valid Values: - level-1 - level-2 - level-1-2 |
Redistribute IS-IS route level. | ||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
ospf | Dictionary | ||||
enabled | Boolean | Redistribute OSPF routes. | |||
match_external | Dictionary | Redistribute OSPF routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_internal | Dictionary | Redistribute OSPF routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_nssa_external | Dictionary | Redistribute OSPF routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
ospfv3 | Dictionary | ||||
enabled | Boolean | Redistribute OSPFv3 routes. | |||
match_external | Dictionary | Redistribute OSPFv3 routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_internal | Dictionary | Redistribute OSPFv3 routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_nssa_external | Dictionary | Redistribute OSPFv3 routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
rip | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
static | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
user | Dictionary | ||||
enabled | Boolean | Required | |||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
redistribute_routes deprecated | List, items: Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead. | |||
- source_protocol | String | Required | Valid Values: - attached-host - bgp - connected - dynamic - isis - ospf - ospfv3 - rip - static - user |
||
route_map | String | ||||
include_leaked | Boolean | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence.Only applicable if source_protocol is one of connected , dynamic , isis , static and user . |
|||
ospf_route_type | String | Valid Values: - external - internal - nssa-external - nssa-external 1 - nssa-external 2 |
Routes learned by the OSPF protocol. The ospf_route_type is valid for source_protocols ‘ospf’ and ‘ospfv3’. |
||
address_family_ipv6 | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
additional_paths | Dictionary | ||||
install | Boolean | Install BGP backup path. | |||
install_ecmp_primary | Boolean | Allow additional path with ECMP primary path. | |||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
redistribute_internal | Boolean | Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true. | |||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
rcf_in | String | Inbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
rcf_out | String | Outbound RCF function name with parenthesis. Example: MyFunction(myarg). |
|||
prefix_list_in | String | Inbound prefix-list name. | |||
prefix_list_out | String | Outbound prefix-list name. | |||
additional_paths | Dictionary | ||||
receive | Boolean | Enable or disable reception of additional-paths. | |||
send | String | Valid Values: - any - backup - ecmp - limit - disabled |
Select an option to send multiple paths for same prefix through bgp updates. any: Send any eligible path. backup: Best path and installed backup path. ecmp: All paths in best path ECMP group. limit: Limit to n eligible paths. disabled: Disable sending any paths. |
||
send_limit | Integer | Min: 2 Max: 64 |
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp . |
||
networks | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv6 prefix “A:B:C:D:E:F:G:H/I”. | ||
route_map | String | ||||
redistribute | Dictionary | Redistribute routes in to BGP. | |||
attached_host | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
bgp | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
connected | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
dhcp | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
dynamic | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
isis | Dictionary | ||||
enabled | Boolean | Required | |||
isis_level | String | Valid Values: - level-1 - level-2 - level-1-2 |
Redistribute IS-IS route level. | ||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
ospfv3 | Dictionary | ||||
enabled | Boolean | Redistribute OSPFv3 routes. | |||
match_external | Dictionary | Redistribute OSPFv3 routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_internal | Dictionary | Redistribute OSPFv3 routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_nssa_external | Dictionary | Redistribute OSPFv3 routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
static | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
user | Dictionary | ||||
enabled | Boolean | Required | |||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
redistribute_routes deprecated | List, items: Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead. | |||
- source_protocol | String | Required | Valid Values: - attached-host - bgp - connected - dhcp - dynamic - isis - ospfv3 - static - user |
||
route_map | String | ||||
include_leaked | Boolean | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence.Only applicable if source_protocol is one of connected , dynamic , isis , static and user . |
|||
ospf_route_type | String | Valid Values: - external - internal - nssa-external - nssa-external 1 - nssa-external 2 |
Routes learned by the OSPF protocol. The ospf_route_type is valid for source_protocols ‘ospfv3’. |
||
address_family_ipv4_multicast | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
additional_paths | Dictionary | ||||
receive | Boolean | ||||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
additional_paths | Dictionary | ||||
receive | Boolean | ||||
networks | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv6 prefix “A.B.C.D/E”. | ||
route_map | String | ||||
redistribute | Dictionary | Redistribute routes in to BGP. | |||
attached_host | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
connected | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
isis | Dictionary | ||||
enabled | Boolean | Required | |||
isis_level | String | Valid Values: - level-1 - level-2 - level-1-2 |
Redistribute IS-IS route level. | ||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
ospf | Dictionary | ||||
enabled | Boolean | Redistribute OSPF routes. | |||
match_external | Dictionary | Redistribute OSPF routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
match_internal | Dictionary | Redistribute OSPF routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
match_nssa_external | Dictionary | Redistribute OSPF routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
route_map | String | ||||
ospfv3 | Dictionary | ||||
enabled | Boolean | Redistribute OSPFv3 routes. | |||
match_external | Dictionary | Redistribute OSPFv3 routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_internal | Dictionary | Redistribute OSPFv3 routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
match_nssa_external | Dictionary | Redistribute OSPFv3 routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
route_map | String | ||||
include_leaked | Boolean | Include following routes while redistributing. | |||
static | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
redistribute_routes deprecated | List, items: Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead. | |||
- source_protocol | String | Required | Valid Values: - attached-host - connected - isis - ospf - ospfv3 - static |
||
route_map | String | ||||
include_leaked | Boolean | Only applicable if source_protocol is isis . |
|||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence.Only applicable if source_protocol is isis . |
|||
ospf_route_type | String | Valid Values: - external - internal - nssa-external - nssa-external 1 - nssa-external 2 |
Routes learned by the OSPF protocol. The ospf_route_type is valid for source_protocols ‘ospf’ and ‘ospfv3’. |
||
address_family_ipv6_multicast | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
additional_paths | Dictionary | ||||
receive | Boolean | ||||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
route_map_in | String | Inbound route-map name. | |||
route_map_out | String | Outbound route-map name. | |||
additional_paths | Dictionary | ||||
receive | Boolean | ||||
networks | List, items: Dictionary | ||||
- prefix | String | Required, Unique | IPv6 prefix “A:B:C:D:E:F:G:H/I”. | ||
route_map | String | ||||
redistribute | Dictionary | Redistribute routes in to BGP. | |||
connected | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
isis | Dictionary | ||||
enabled | Boolean | Required | |||
isis_level | String | Valid Values: - level-1 - level-2 - level-1-2 |
Redistribute IS-IS route level. | ||
route_map | String | ||||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence. |
|||
include_leaked | Boolean | Include following routes while redistributing. | |||
ospf | Dictionary | ||||
enabled | Boolean | Redistribute OSPF routes. | |||
match_external | Dictionary | Redistribute OSPF routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
match_internal | Dictionary | Redistribute OSPF routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
match_nssa_external | Dictionary | Redistribute OSPF routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
route_map | String | ||||
ospfv3 | Dictionary | ||||
enabled | Boolean | Redistribute OSPFv3 routes. | |||
match_external | Dictionary | Redistribute OSPFv3 routes learned from external sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
match_internal | Dictionary | Redistribute OSPFv3 routes learned from internal sources. | |||
enabled | Boolean | Required | |||
route_map | String | ||||
match_nssa_external | Dictionary | Redistribute OSPFv3 routes learned from external NSSA sources. | |||
enabled | Boolean | Required | |||
nssa_type | Integer | Valid Values: - 1 - 2 |
NSSA External Type Number. | ||
route_map | String | ||||
route_map | String | ||||
static | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | ||||
redistribute_routes deprecated | List, items: Dictionary | This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead. | |||
- source_protocol | String | Required | Valid Values: - connected - isis - ospf - ospfv3 - static |
||
route_map | String | ||||
include_leaked | Boolean | Only applicable if source_protocol is isis . |
|||
rcf | String | RCF function name with parenthesis. Example: MyFunction(myarg). route_map and rcf are mutually exclusive. route_map takes precedence.Only applicable if source_protocol is isis . |
|||
ospf_route_type | String | Valid Values: - external - internal - nssa-external - nssa-external 1 - nssa-external 2 |
Routes learned by the OSPF protocol. The ospf_route_type is valid for source_protocols ‘ospf’ and ‘ospfv3’. |
||
address_family_flow_spec_ipv4 | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
address_family_flow_spec_ipv6 | Dictionary | ||||
bgp | Dictionary | ||||
missing_policy | Dictionary | ||||
direction_in_action | String | Valid Values: - deny - deny-in-out - permit |
|||
direction_out_action | String | Valid Values: - deny - deny-in-out - permit |
|||
neighbors | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
activate | Boolean | ||||
eos_cli | String | Multiline EOS CLI rendered directly on the Router BGP, VRF definition in the final EOS configuration. |
|||
address_families removed | List | This key was removed. Support was removed in AVD version 5.0.0. Use address_family_* instead. | |||
session_trackers | List, items: Dictionary | ||||
- name | String | Required, Unique | Name of session tracker. | ||
recovery_delay | Integer | Min: 1 Max: 3600 |
Recovery delay in seconds. | ||
eos_cli | String | Multiline EOS CLI rendered directly on the Router BGP in the final EOS configuration. |
router_bgp:
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
# For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
as: <str>
# BGP AS can be deplayed in the asplain <1-4294967295> or asdot notation "<1-65535>.<0-65535>". This flag indicates which mode is preferred - asplain is the default.
as_notation: <str; "asdot" | "asplain">
# In IP address format A.B.C.D.
router_id: <str>
distance:
external_routes: <int; 1-255; required>
internal_routes: <int; 1-255; required>
local_routes: <int; 1-255; required>
graceful_restart:
enabled: <bool>
# Number of seconds.
restart_time: <int; 1-3600>
# Number of seconds.
stalepath_time: <int; 1-3600>
graceful_restart_helper:
enabled: <bool>
# Number of seconds
# graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
# restart-time will take precedence if both are configured.
restart_time: <int; 1-100000000>
# graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
# restart-time will take precedence if both are configured.
long_lived: <bool>
maximum_paths:
paths: <int; 1-600; required>
ecmp: <int; 1-600>
updates:
# Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
wait_for_convergence: <bool>
# Do not advertise reachability to a prefix until that prefix has been installed in hardware.
# This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
wait_install: <bool>
# IP Address A.B.C.D.
bgp_cluster_id: <str>
# BGP command as string.
bgp_defaults:
- <str>
bgp:
default:
# Default activation of IPv4 unicast address-family on all IPv4 neighbors (EOS default = True).
ipv4_unicast: <bool>
# Default activation of IPv4 unicast address-family on all IPv6 neighbors (EOS default == False).
ipv4_unicast_transport_ipv6: <bool>
route_reflector_preserve_attributes:
enabled: <bool>
always: <bool>
bestpath:
d_path: <bool>
additional_paths:
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
# Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
redistribute_internal: <bool>
# Improved "listen_ranges" data model to support multiple listen ranges and additional filter capabilities.
listen_ranges:
# IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
- prefix: <str>
# Include router ID as part of peer filter.
peer_id_include_router_id: <bool>
# Peer group name.
peer_group: <str>
# Peer-filter name.
# note: `peer_filter` or `remote_as` is required but mutually exclusive.
# If both are defined, `peer_filter` takes precedence
peer_filter: <str>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
# For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
remote_as: <str>
peer_groups:
# Peer-group name.
- name: <str; required; unique>
# Key only used for documentation or validation purposes.
type: <str>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
# For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
remote_as: <str>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
# For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
local_as: <str>
description: <str>
shutdown: <bool>
# BGP AS-PATH options.
as_path:
# Replace AS number with local AS number.
remote_as_replace_out: <bool>
# Disable prepending own AS number to AS path.
prepend_own_disabled: <bool>
# Remove private AS numbers in outbound AS path.
remove_private_as:
enabled: <bool>
all: <bool>
replace_as: <bool>
remove_private_as_ingress:
enabled: <bool>
replace_as: <bool>
next_hop_unchanged: <bool>
# IP address or interface name.
update_source: <str>
route_reflector_client: <bool>
# Enable BFD.
bfd: <bool>
# Override default BFD timers. BFD must be enabled with `bfd: true`.
bfd_timers:
# Interval in milliseconds.
interval: <int; 50-60000; required>
# Rate in milliseconds.
min_rx: <int; 50-60000; required>
multiplier: <int; 3-50; required>
# Time-to-live in range of hops.
ebgp_multihop: <int; 1-255>
next_hop_self: <bool>
password: <str>
passive: <bool>
default_originate:
enabled: <bool>
always: <bool>
# Route-map name.
route_map: <str>
# 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'.
send_community: <str>
# Maximum number of routes (0 means unlimited).
maximum_routes: <int; 0-4294967294>
# Maximum number of routes after which a warning is issued (0 means never warn) or
# Percentage of maximum number of routes at which to warn ("<1-100> percent").
maximum_routes_warning_limit: <str>
maximum_routes_warning_only: <bool>
# Missing policy configuration for all address-families.
missing_policy:
# Missing policy inbound direction.
direction_in:
# Missing policy action.
action: <str; "deny" | "permit" | "deny-in-out"; required>
# Include community-list references in missing policy decision.
include_community_list: <bool>
# Include prefix-list references in missing policy decision.
include_prefix_list: <bool>
# Include sub-route-map references in missing policy decision.
include_sub_route_map: <bool>
# Missing policy outbound direction.
direction_out:
# Missing policy action.
action: <str; "deny" | "permit" | "deny-in-out"; required>
# Include community-list references in missing policy decision.
include_community_list: <bool>
# Include prefix-list references in missing policy decision.
include_prefix_list: <bool>
# Include sub-route-map references in missing policy decision.
include_sub_route_map: <bool>
link_bandwidth:
enabled: <bool>
# nn.nn(K|M|G) link speed in bits/second.
default: <str>
allowas_in:
enabled: <bool>
# Number of local ASNs allowed in a BGP update.
times: <int; 1-10>
weight: <int; 0-65535>
# BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>".
timers: <str>
rib_in_pre_policy_retain:
enabled: <bool>
all: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
session_tracker: <str>
shared_secret:
# Name of profile defined under `management_security`.
profile: <str; required>
# Note: Algorithm hmac-sha-256 requires EOS version 4.31.1F and above.
hash_algorithm: <str; "aes-128-cmac-96" | "hmac-sha-256" | "hmac-sha1-96"; required>
# Maximum number of hops.
ttl_maximum_hops: <int; 0-254>
neighbors:
- ip_address: <str; required; unique>
peer_group: <str>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
# For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
remote_as: <str>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
# For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
local_as: <str>
# BGP AS-PATH options.
as_path:
# Replace AS number with local AS number.
remote_as_replace_out: <bool>
# Disable prepending own AS number to AS path.
prepend_own_disabled: <bool>
# Key only used for documentation or validation purposes.
peer: <str>
description: <str>
route_reflector_client: <bool>
password: <str>
passive: <bool>
shutdown: <bool>
# Source Interface.
update_source: <str>
# Enable BFD.
bfd: <bool>
# Override default BFD timers. BFD must be enabled with `bfd: true`.
bfd_timers:
# Interval in milliseconds.
interval: <int; 50-60000; required>
# Rate in milliseconds.
min_rx: <int; 50-60000; required>
multiplier: <int; 3-50; required>
weight: <int; 0-65535>
# BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>".
timers: <str>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
default_originate:
enabled: <bool>
always: <bool>
route_map: <str>
# 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'.
send_community: <str>
# Maximum number of routes (0 means unlimited).
maximum_routes: <int; 0-4294967294>
# Maximum number of routes after which a warning is issued (0 means never warn) or
# Percentage of maximum number of routes at which to warn ("<1-100> percent").
maximum_routes_warning_limit: <str>
maximum_routes_warning_only: <bool>
# Missing policy configuration for all address-families.
missing_policy:
# Missing policy inbound direction.
direction_in:
# Missing policy action.
action: <str; "deny" | "permit" | "deny-in-out"; required>
# Include community-list references in missing policy decision.
include_community_list: <bool>
# Include prefix-list references in missing policy decision.
include_prefix_list: <bool>
# Include sub-route-map references in missing policy decision.
include_sub_route_map: <bool>
# Missing policy outbound direction.
direction_out:
# Missing policy action.
action: <str; "deny" | "permit" | "deny-in-out"; required>
# Include community-list references in missing policy decision.
include_community_list: <bool>
# Include prefix-list references in missing policy decision.
include_prefix_list: <bool>
# Include sub-route-map references in missing policy decision.
include_sub_route_map: <bool>
allowas_in:
enabled: <bool>
# Number of local ASNs allowed in a BGP update.
times: <int; 1-10>
# Time-to-live in range of hops.
ebgp_multihop: <int; 1-255>
next_hop_self: <bool>
link_bandwidth:
enabled: <bool>
# nn.nn(K|M|G) link speed in bits/second.
default: <str>
rib_in_pre_policy_retain:
enabled: <bool>
all: <bool>
# Remove private AS numbers in outbound AS path.
remove_private_as:
enabled: <bool>
all: <bool>
replace_as: <bool>
remove_private_as_ingress:
enabled: <bool>
replace_as: <bool>
session_tracker: <str>
shared_secret:
# Name of profile defined under `management_security`.
profile: <str; required>
# Note: Algorithm hmac-sha-256 requires EOS version 4.31.1F and above.
hash_algorithm: <str; "aes-128-cmac-96" | "hmac-sha-256" | "hmac-sha1-96"; required>
# Maximum number of hops.
ttl_maximum_hops: <int; 0-254>
neighbor_interfaces:
# Interface name.
- name: <str; required; unique>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
# For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
remote_as: <str>
# Key only used for documentation or validation purposes.
peer: <str>
peer_group: <str; default="Peer-group name">
description: <str>
# Peer-filter name.
peer_filter: <str>
aggregate_addresses:
# IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
- prefix: <str; required; unique>
advertise_only: <bool>
as_set: <bool>
summary_only: <bool>
# Route-map name.
attribute_map: <str>
# Route-map name.
match_map: <str>
# Redistribute routes in to BGP.
redistribute:
attached_host:
enabled: <bool; required>
route_map: <str>
bgp:
enabled: <bool; required>
route_map: <str>
connected:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
dynamic:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
isis:
enabled: <bool; required>
# Redistribute IS-IS route level.
isis_level: <str; "level-1" | "level-2" | "level-1-2">
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
ospf:
# Redistribute OSPF routes.
enabled: <bool>
# Redistribute OSPF routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPF routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPF routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
ospfv3:
# Redistribute OSPFv3 routes.
enabled: <bool>
# Redistribute OSPFv3 routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPFv3 routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPFv3 routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
rip:
enabled: <bool; required>
route_map: <str>
static:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
user:
enabled: <bool; required>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>redistribute</samp> instead.
redistribute_routes:
- source_protocol: <str; "attached-host" | "bgp" | "connected" | "dynamic" | "isis" | "ospf" | "ospfv3" | "rip" | "static" | "user"; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
# Only applicable if `source_protocol` is one of `connected`, `static`, `isis`, `user`, `dynamic`.
rcf: <str>
include_leaked: <bool>
# Routes learned by the OSPF protocol.
# The `ospf_route_type` is valid for source_protocols 'ospf' and 'ospfv3'.
ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
vlan_aware_bundles:
# VLAN aware bundle name.
- name: <str; required; unique>
# Key only used for documentation or validation purposes.
tenant: <str>
# Key only used for documentation or validation purposes.
description: <str>
# Route distinguisher.
rd: <str>
rd_evpn_domain:
domain: <str; "remote" | "all">
# Route distinguisher.
rd: <str>
route_targets:
both:
- <str>
import:
- <str>
export:
- <str>
import_evpn_domains:
- domain: <str; "remote" | "all">
route_target: <str>
export_evpn_domains:
- domain: <str; "remote" | "all">
route_target: <str>
import_export_evpn_domains:
- domain: <str; "remote" | "all">
route_target: <str>
redistribute_routes:
- <str>
no_redistribute_routes:
- <str>
# VLAN range as string. Example "100-200,300".
vlan: <str>
# Multiline EOS CLI rendered directly on the Router BGP, VLAN-aware-bundle definition in the final EOS configuration.
eos_cli: <str>
vlans:
- id: <int; required; unique>
# Key only used for documentation or validation purposes.
tenant: <str>
# Route distinguisher.
rd: <str>
rd_evpn_domain:
domain: <str; "remote" | "all">
# Route distinguisher.
rd: <str>
route_targets:
both:
- <str>
import:
- <str>
export:
- <str>
import_evpn_domains:
- domain: <str; "remote" | "all">
route_target: <str>
export_evpn_domains:
- domain: <str; "remote" | "all">
route_target: <str>
import_export_evpn_domains:
- domain: <str; "remote" | "all">
route_target: <str>
redistribute_routes:
- <str>
no_redistribute_routes:
- <str>
# Multiline EOS CLI rendered directly on the Router BGP, VLAN definition in the final EOS configuration.
eos_cli: <str>
vpws:
# VPWS instance name.
- name: <str; required; unique>
# Route distinguisher.
rd: <str>
route_targets:
# Route Target.
import_export: <str>
mpls_control_word: <bool>
label_flow: <bool>
mtu: <int>
pseudowires:
# Pseudowire name.
- name: <str; required; unique>
# Must match id_remote on other pe.
id_local: <int>
# Must match id_local on other pe.
id_remote: <int>
address_family_evpn:
domain_identifier: <str>
neighbor_default:
# Transport encapsulation for neighbor.
encapsulation: <str; "vxlan" | "mpls" | "path-selection">
# Source interface name.
next_hop_self_source_interface: <str>
next_hop_self_received_evpn_routes:
enable: <bool>
inter_domain: <bool>
# Specify the RIBs used to resolve MPLS next-hops. The order of this list determines the order of RIB lookups.
next_hop_mpls_resolution_ribs: # 1-3 items
# Type of RIB. For 'tunnel-rib', use 'rib_name' to specify the name of the Tunnel-RIB to use.
- rib_type: <str; "system-connected" | "tunnel-rib-colored" | "tunnel-rib"; required>
# The name of the tunnel-rib to use when using 'tunnel-rib' type.
rib_name: <str>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_in: <str>
# Outbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_out: <str>
default_route:
enabled: <bool>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf: <str>
route_map: <str>
additional_paths:
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
# Transport encapsulation for the neighbor.
encapsulation: <str; "vxlan" | "mpls" | "path-selection">
peer_groups:
# Peer-group name.
- name: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
# Inbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_in: <str>
# Outbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_out: <str>
default_route:
enabled: <bool>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf: <str>
route_map: <str>
domain_remote: <bool>
# Transport encapsulation for the peer-group.
encapsulation: <str; "vxlan" | "mpls" | "path-selection">
additional_paths:
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
evpn_hostflap_detection:
enabled: <bool>
# Time (in seconds) to detect a MAC duplication issue.
window: <int; 0-4294967295>
# Minimum number of MAC moves that indicate a MAC Duplication issue.
threshold: <int; 0-4294967295>
# Time (in seconds) to purge a MAC duplication issue.
expiry_timeout: <int; 0-4294967295>
next_hop:
resolution_disabled: <bool>
route:
import_match_failure_action: <str; "discard">
import_ethernet_segment_ip_mass_withdraw: <bool>
import_overlay_index_gateway: <bool>
export_ethernet_segment_ip_mass_withdraw: <bool>
next_hop_unchanged: <bool>
bgp:
additional_paths:
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
# BGP layer-2 in-place FEC operation.
layer_2_fec_in_place_update:
enabled: <bool; required>
# In-place FEC update tracking timeout in seconds.
timeout: <int; 0-300>
# BGP additional-paths commands.
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>bgp.additional_paths</samp> instead.
bgp_additional_paths:
# Receive multiple paths.
receive: <bool>
# Send multiple paths.
send:
# Any eligible path.
any: <bool>
# Best path and installed backup path.
backup: <bool>
# All paths in best path ECMP group.
ecmp: <bool>
# Amount of ECMP paths to send.
ecmp_limit: <int; 2-64>
# Amount of paths to send.
limit: <int; 2-64>
address_family_rtc:
peer_groups:
# Peer-group name.
- name: <str; required; unique>
activate: <bool>
default_route_target:
only: <bool>
encoding_origin_as_omit: <str>
address_family_ipv4:
networks:
# IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
- prefix: <str; required; unique>
# Route-map name.
route_map: <str>
bgp:
additional_paths:
# Install BGP backup path.
install: <bool>
# Allow additional path with ECMP primary path.
install_ecmp_primary: <bool>
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
# Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
redistribute_internal: <bool>
peer_groups:
# Peer-group name.
- name: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
# Inbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_in: <str>
# Outbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_out: <str>
default_originate:
always: <bool>
# Route-map name.
route_map: <str>
# Inbound prefix-list name.
prefix_list_in: <str>
# Outbound prefix-list name.
prefix_list_out: <str>
additional_paths:
# Apply the configurations only to the routes matching the prefix list.
prefix_list: <str>
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
next_hop:
address_family_ipv6:
enabled: <bool; required>
originate: <bool>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
# Inbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_in: <str>
# Outbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_out: <str>
# Inbound prefix-list name.
prefix_list_in: <str>
# Prefix-list name.
prefix_list_out: <str>
default_originate:
always: <bool>
route_map: <str>
additional_paths:
# Apply the configurations only to the routes matching the prefix list.
prefix_list: <str>
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
# Redistribute routes in to BGP.
redistribute:
attached_host:
enabled: <bool; required>
route_map: <str>
bgp:
enabled: <bool; required>
route_map: <str>
connected:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
dynamic:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
isis:
enabled: <bool; required>
# Redistribute IS-IS route level.
isis_level: <str; "level-1" | "level-2" | "level-1-2">
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
ospf:
# Redistribute OSPF routes.
enabled: <bool>
# Redistribute OSPF routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPF routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPF routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
ospfv3:
# Redistribute OSPFv3 routes.
enabled: <bool>
# Redistribute OSPFv3 routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPFv3 routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPFv3 routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
rip:
enabled: <bool; required>
route_map: <str>
static:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
user:
enabled: <bool; required>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>redistribute</samp> instead.
redistribute_routes:
- source_protocol: <str; "attached-host" | "bgp" | "connected" | "dynamic" | "isis" | "ospf" | "ospfv3" | "rip" | "static" | "user"; required>
route_map: <str>
# Only applicable if `source_protocol` is one of `connected`, `static`, `isis`, `ospf`, `ospfv3`.
include_leaked: <bool>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
# Only applicable if `source_protocol` is one of `connected`, `static`, `isis`, `user`, `dynamic`.
rcf: <str>
# Routes learned by the OSPF protocol.
# The `ospf_route_type` is valid for source_protocols 'ospf' and 'ospfv3'.
ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
address_family_ipv4_labeled_unicast:
aigp_session:
confederation: <bool>
ebgp: <bool>
ibgp: <bool>
bgp:
additional_paths:
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
# Missing policy configuration for all address-families.
missing_policy:
# Missing policy inbound direction.
direction_in:
# Missing policy action.
action: <str; "deny" | "permit" | "deny-in-out"; required>
# Include community-list references in missing policy decision.
include_community_list: <bool>
# Include prefix-list references in missing policy decision.
include_prefix_list: <bool>
# Include sub-route-map references in missing policy decision.
include_sub_route_map: <bool>
# Missing policy outbound direction.
direction_out:
# Missing policy action.
action: <str; "deny" | "permit" | "deny-in-out"; required>
# Include community-list references in missing policy decision.
include_community_list: <bool>
# Include prefix-list references in missing policy decision.
include_prefix_list: <bool>
# Include sub-route-map references in missing policy decision.
include_sub_route_map: <bool>
next_hop_unchanged: <bool>
graceful_restart: <bool>
label_local_termination: <str; "explicit-null" | "implicit-null">
# Skip LFIB entry installation and next hop self route advertisements.
lfib_entry_installation_skipped: <bool>
neighbor_default:
next_hop_self: <bool>
peer_groups:
# Peer-group name.
- name: <str; required; unique>
activate: <bool>
additional_paths:
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
aigp_session: <bool>
graceful_restart: <bool>
graceful_restart_helper:
stale_route_map: <str>
# Maximum number of routes (0 means unlimited).
maximum_advertised_routes: <int; 0-4294967294>
# Maximum number of routes after which a warning is issued (0 means never warn) or
# Percentage of maximum number of routes at which to warn ("<1-100> percent").
maximum_advertised_routes_warning_limit: <str>
# Missing policy configuration for BGP Labeled-Unicast neighbor.
missing_policy:
# Missing policy inbound direction.
direction_in:
# Missing policy action.
action: <str; "deny" | "permit" | "deny-in-out"; required>
# Include community-list references in missing policy decision.
include_community_list: <bool>
# Include prefix-list references in missing policy decision.
include_prefix_list: <bool>
# Include sub-route-map references in missing policy decision.
include_sub_route_map: <bool>
# Missing policy outbound direction.
direction_out:
# Missing policy action.
action: <str; "deny" | "permit" | "deny-in-out"; required>
# Include community-list references in missing policy decision.
include_community_list: <bool>
# Include prefix-list references in missing policy decision.
include_prefix_list: <bool>
# Include sub-route-map references in missing policy decision.
include_sub_route_map: <bool>
multi_path: <bool>
next_hop_self: <bool>
# Source interface name.
next_hop_self_source_interface: <str>
# v4-mapped-v6 source interface name. Takes precedence over the next_hop_self_source_interface.
next_hop_self_v4_mapped_v6_source_interface: <str>
next_hop_unchanged: <bool>
# Inbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_in: <str>
# Outbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_out: <str>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
additional_paths:
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
aigp_session: <bool>
graceful_restart: <bool>
graceful_restart_helper:
stale_route_map: <str>
# Maximum number of routes (0 means unlimited).
maximum_advertised_routes: <int; 0-4294967294>
# Maximum number of routes after which a warning is issued (0 means never warn) or
# Percentage of maximum number of routes at which to warn ("<1-100> percent").
maximum_advertised_routes_warning_limit: <str>
# Missing policy configuration for BGP Labeled-Unicast neighbor.
missing_policy:
# Missing policy inbound direction.
direction_in:
# Missing policy action.
action: <str; "deny" | "permit" | "deny-in-out"; required>
# Include community-list references in missing policy decision.
include_community_list: <bool>
# Include prefix-list references in missing policy decision.
include_prefix_list: <bool>
# Include sub-route-map references in missing policy decision.
include_sub_route_map: <bool>
# Missing policy outbound direction.
direction_out:
# Missing policy action.
action: <str; "deny" | "permit" | "deny-in-out"; required>
# Include community-list references in missing policy decision.
include_community_list: <bool>
# Include prefix-list references in missing policy decision.
include_prefix_list: <bool>
# Include sub-route-map references in missing policy decision.
include_sub_route_map: <bool>
multi_path: <bool>
next_hop_self: <bool>
# Source interface name.
next_hop_self_source_interface: <str>
# v4-mapped-v6 source interface name. Takes precedence over the next_hop_self_source_interface.
next_hop_self_v4_mapped_v6_source_interface: <str>
next_hop_unchanged: <bool>
# Inbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_in: <str>
# Outbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_out: <str>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
networks: # >=1 items
# IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
- prefix: <str; required; unique>
# Route-map name.
route_map: <str>
next_hops: # >=1 items
- ip_address: <str; required; unique>
lfib_backup_ip_forwarding: <bool>
# Specify the RIBs used to resolve next-hops. The order of this list determines the order of RIB lookups.
next_hop_resolution_ribs: # 1-3 items
# Type of RIB. For 'tunnel-rib', use 'rib_name' to specify the name of the Tunnel-RIB to use.
- rib_type: <str; "system-connected" | "tunnel-rib-colored" | "tunnel-rib"; required>
# The name of the tunnel-rib to use when using 'tunnel-rib' type.
rib_name: <str>
tunnel_source_protocols: # 1-2 items
- protocol: <str; "isis segment-routing" | "ldp"; required; unique>
# Optional RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf: <str>
# Wait for BGP to converge before sending out any route updates.
update_wait_for_convergence: <bool>
address_family_ipv4_multicast:
bgp:
additional_paths:
receive: <bool>
peer_groups:
# Peer-group name.
- name: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
additional_paths:
receive: <bool>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
additional_paths:
receive: <bool>
# Redistribute routes in to BGP.
redistribute:
attached_host:
enabled: <bool; required>
route_map: <str>
connected:
enabled: <bool; required>
route_map: <str>
isis:
enabled: <bool; required>
# Redistribute IS-IS route level.
isis_level: <str; "level-1" | "level-2" | "level-1-2">
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
ospf:
# Redistribute OSPF routes.
enabled: <bool>
# Redistribute OSPF routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Redistribute OSPF routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Redistribute OSPF routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
route_map: <str>
ospfv3:
# Redistribute OSPFv3 routes.
enabled: <bool>
# Redistribute OSPFv3 routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Redistribute OSPFv3 routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Redistribute OSPFv3 routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
route_map: <str>
static:
enabled: <bool; required>
route_map: <str>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>redistribute</samp> instead.
redistribute_routes:
- source_protocol: <str; required>
route_map: <str>
# Only applicable if `source_protocol` is `isis`.
include_leaked: <bool>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
# Only applicable if `source_protocol` is `isis`.
rcf: <str>
# Routes learned by the OSPF protocol.
# The `ospf_route_type` is valid for source_protocols 'ospf' and 'ospfv3'.
ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
address_family_ipv4_sr_te:
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
peer_groups:
# Peer-group name.
- name: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
address_family_ipv6:
networks:
# IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
- prefix: <str; required; unique>
# Route-map name.
route_map: <str>
bgp:
# Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
redistribute_internal: <bool>
additional_paths:
# Install BGP backup path.
install: <bool>
# Allow additional path with ECMP primary path.
install_ecmp_primary: <bool>
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
peer_groups:
# Peer-group name.
- name: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
# Inbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_in: <str>
# Outbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_out: <str>
# Inbound prefix-list name.
prefix_list_in: <str>
# Outbound prefix-list name.
prefix_list_out: <str>
additional_paths:
# Apply the configurations only to the routes matching the prefix list.
prefix_list: <str>
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
# Inbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_in: <str>
# Outbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_out: <str>
# Inbound prefix-list name.
prefix_list_in: <str>
# Outbound prefix-list name.
prefix_list_out: <str>
additional_paths:
# Apply the configurations only to the routes matching the prefix list.
prefix_list: <str>
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
# Redistribute routes in to BGP.
redistribute:
attached_host:
enabled: <bool; required>
route_map: <str>
bgp:
enabled: <bool; required>
route_map: <str>
connected:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
dhcp:
enabled: <bool; required>
route_map: <str>
dynamic:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
isis:
enabled: <bool; required>
# Redistribute IS-IS route level.
isis_level: <str; "level-1" | "level-2" | "level-1-2">
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
ospfv3:
# Redistribute OSPFv3 routes.
enabled: <bool>
# Redistribute OSPFv3 routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPFv3 routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPFv3 routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
static:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
user:
enabled: <bool; required>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>redistribute</samp> instead.
redistribute_routes:
- source_protocol: <str; required>
route_map: <str>
include_leaked: <bool>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
# Only used if `source_protocol` is one of `connected`, `static`, `isis`, `user`, `dynamic`.
rcf: <str>
# Routes learned by the OSPF protocol.
# The `ospf_route_type` is valid for source_protocols 'ospfv3'.
ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
address_family_ipv6_multicast:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
additional_paths:
receive: <bool>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
additional_paths:
receive: <bool>
peer_groups:
# Peer-group name.
- name: <str; required; unique>
activate: <bool>
additional_paths:
receive: <bool>
networks:
# IPv6 prefix "A:B:C:D:E:F:G:H/I".
- prefix: <str; required; unique>
route_map: <str>
# Redistribute routes in to BGP.
redistribute:
connected:
enabled: <bool; required>
route_map: <str>
isis:
enabled: <bool; required>
# Redistribute IS-IS route level.
isis_level: <str; "level-1" | "level-2" | "level-1-2">
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
ospf:
# Redistribute OSPF routes.
enabled: <bool>
# Redistribute OSPF routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Redistribute OSPF routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Redistribute OSPF routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
route_map: <str>
ospfv3:
# Redistribute OSPFv3 routes.
enabled: <bool>
# Redistribute OSPFv3 routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Redistribute OSPFv3 routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Redistribute OSPFv3 routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
route_map: <str>
static:
enabled: <bool; required>
route_map: <str>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>redistribute</samp> instead.
redistribute_routes:
- source_protocol: <str; "connected" | "isis" | "ospf" | "ospfv3" | "static"; required>
# Only applicable if `source_protocol` is `isis`.
include_leaked: <bool>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
# Only applicable if `source_protocol` is `isis`.
rcf: <str>
# Routes learned by the OSPF protocol.
# The `ospf_route_type` is valid for source_protocols 'ospf' and 'ospfv3'.
ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
address_family_ipv6_sr_te:
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
peer_groups:
# Peer-group name.
- name: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
address_family_link_state:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
peer_groups:
# Peer-group name.
- name: <str; required; unique>
activate: <bool>
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
path_selection:
roles:
producer: <bool>
consumer: <bool>
propagator: <bool>
address_family_flow_spec_ipv4:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
peer_groups:
# Peer-group name.
- name: <str; required; unique>
activate: <bool>
address_family_flow_spec_ipv6:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
peer_groups:
# Peer-group name.
- name: <str; required; unique>
activate: <bool>
address_family_path_selection:
bgp:
additional_paths:
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
additional_paths:
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
peer_groups:
# Peer-group name.
- name: <str; required; unique>
activate: <bool>
additional_paths:
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
address_family_vpn_ipv4:
domain_identifier: <str>
peer_groups:
# Peer-group name.
- name: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
# Inbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_in: <str>
# Outbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_out: <str>
default_route:
enabled: <bool>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf: <str>
route_map: <str>
route:
import_match_failure_action: <str; "discard">
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
# Inbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_in: <str>
# Outbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_out: <str>
default_route:
enabled: <bool>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf: <str>
route_map: <str>
neighbor_default_encapsulation_mpls_next_hop_self:
source_interface: <str>
address_family_vpn_ipv6:
domain_identifier: <str>
peer_groups:
# Peer-group name.
- name: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
# Inbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_in: <str>
# Outbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_out: <str>
default_route:
enabled: <bool>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf: <str>
route_map: <str>
route:
import_match_failure_action: <str; "discard">
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
# Inbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_in: <str>
# Outbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_out: <str>
default_route:
enabled: <bool>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf: <str>
route_map: <str>
neighbor_default_encapsulation_mpls_next_hop_self:
source_interface: <str>
vrfs:
# VRF name.
- name: <str; required; unique>
bgp:
# Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
redistribute_internal: <bool>
additional_paths:
# Install BGP backup path.
install: <bool>
# Allow additional path with ECMP primary path.
install_ecmp_primary: <bool>
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
# Route distinguisher.
rd: <str>
evpn_multicast: <bool>
# Enable per-AF EVPN multicast settings.
evpn_multicast_address_family:
ipv4:
# Enable EVPN multicast transit mode.
transit: <bool>
evpn_multicast_gateway_dr_election:
# DR election algorithms:
# hrw: Default selection based on highest random weight.
# modulus: Selection based on VLAN ID modulo number of candidates.
# preference: Selection based on a configured preference value.
algorithm: <str; "hrw" | "modulus" | "preference"; required>
# Required when `algorithm` is `preference`.
preference_value: <int; 0-65535>
# Enable default-originate per VRF/address-family.
default_route_exports:
- address_family: <str; "evpn" | "vpn-ipv4" | "vpn-ipv6"; required; unique>
always: <bool>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf: <str>
route_targets:
import:
- address_family: <str; required; unique>
route_targets:
- <str>
# Only applicable if `address_family` is one of `evpn`, `vpn-ipv4` or `vpn-ipv6`.
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# Only applicable if `address_family` is one of `evpn`, `vpn-ipv4` or `vpn-ipv6`.
rcf: <str>
# RCF function name with parenthesis for filtering VPN routes. Also requires `rcf` to be set.
# Example: MyFunction(myarg).
# Only applicable if `address_family` is one of `vpn-ipv4` or `vpn-ipv6`.
vpn_route_filter_rcf: <str>
export:
- address_family: <str; required; unique>
route_targets:
- <str>
# Only applicable if `address_family` is one of `evpn`, `vpn-ipv4` or `vpn-ipv6`.
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# Only applicable if `address_family` is one of `evpn`, `vpn-ipv4` or `vpn-ipv6`.
rcf: <str>
# RCF function name with parenthesis for filtering VPN routes. Also requires `rcf` to be set.
# Example: MyFunction(myarg).
# Only applicable if `address_family` is one of `vpn-ipv4` or `vpn-ipv6`.
vpn_route_filter_rcf: <str>
# in IP address format A.B.C.D.
router_id: <str>
# BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>".
timers: <str>
networks:
# IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
- prefix: <str; required; unique>
route_map: <str>
updates:
# Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
wait_for_convergence: <bool>
# Do not advertise reachability to a prefix until that prefix has been installed in hardware.
# This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
wait_install: <bool>
# Improved "listen_ranges" data model to support multiple listen ranges and additional filter capabilities.
listen_ranges:
# IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
- prefix: <str>
# Include router ID as part of peer filter.
peer_id_include_router_id: <bool>
# Peer-group name.
peer_group: <str>
# Peer-filter name.
# note: `peer_filter`` or `remote_as` is required but mutually exclusive.
# If both are defined, peer_filter takes precedence.
peer_filter: <str>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
# For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
remote_as: <str>
neighbors:
- ip_address: <str; required; unique>
# Peer-group name.
peer_group: <str>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
# For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
remote_as: <str>
password: <str>
passive: <bool>
# Remove private AS numbers in outbound AS path.
remove_private_as:
enabled: <bool>
all: <bool>
replace_as: <bool>
remove_private_as_ingress:
enabled: <bool>
replace_as: <bool>
weight: <int; 0-65535>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
# For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
local_as: <str>
# BGP AS-PATH options.
as_path:
# Replace AS number with local AS number.
remote_as_replace_out: <bool>
# Disable prepending own AS number to AS path.
prepend_own_disabled: <bool>
description: <str>
route_reflector_client: <bool>
# Time-to-live in range of hops.
ebgp_multihop: <int; 1-255>
next_hop_self: <bool>
shutdown: <bool>
# Enable BFD.
bfd: <bool>
# Override default BFD timers. BFD must be enabled with `bfd: true`.
bfd_timers:
# Interval in milliseconds.
interval: <int; 50-60000; required>
# Rate in milliseconds.
min_rx: <int; 50-60000; required>
multiplier: <int; 3-50; required>
# BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>".
timers: <str>
rib_in_pre_policy_retain:
enabled: <bool>
all: <bool>
# 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'.
send_community: <str>
maximum_routes: <int>
# Maximum number of routes after which a warning is issued (0 means never warn) or
# Percentage of maximum number of routes at which to warn ("<1-100> percent").
maximum_routes_warning_limit: <str>
maximum_routes_warning_only: <bool>
allowas_in:
enabled: <bool>
# Number of local ASNs allowed in a BGP update.
times: <int; 1-10>
default_originate:
enabled: <bool>
always: <bool>
route_map: <str>
update_source: <str>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
additional_paths:
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
neighbor_interfaces:
# Interface name.
- name: <str; required; unique>
# BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
# For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
remote_as: <str>
# Peer-group name.
peer_group: <str>
# Peer-filter name.
peer_filter: <str>
description: <str>
# Redistribute routes in to BGP.
redistribute:
attached_host:
enabled: <bool; required>
route_map: <str>
bgp:
enabled: <bool; required>
route_map: <str>
connected:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
dynamic:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
isis:
enabled: <bool; required>
# Redistribute IS-IS route level.
isis_level: <str; "level-1" | "level-2" | "level-1-2">
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
ospf:
# Redistribute OSPF routes.
enabled: <bool>
# Redistribute OSPF routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPF routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPF routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
ospfv3:
# Redistribute OSPFv3 routes.
enabled: <bool>
# Redistribute OSPFv3 routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPFv3 routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPFv3 routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
rip:
enabled: <bool; required>
route_map: <str>
static:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
user:
enabled: <bool; required>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>redistribute</samp> instead.
redistribute_routes:
- source_protocol: <str; required>
route_map: <str>
include_leaked: <bool>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
# Only applicable if `source_protocol` is one of `connected`, `dynamic`, `isis`, `static` and `user`.
rcf: <str>
# Routes learned by the OSPF protocol.
# The `ospf_route_type` is valid for source_protocols 'ospf' and 'ospfv3'.
ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
aggregate_addresses:
# IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
- prefix: <str; required; unique>
advertise_only: <bool>
as_set: <bool>
summary_only: <bool>
attribute_map: <str>
match_map: <str>
address_family_ipv4:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
additional_paths:
# Install BGP backup path.
install: <bool>
# Allow additional path with ECMP primary path.
install_ecmp_primary: <bool>
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
# Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
redistribute_internal: <bool>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
# Inbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_in: <str>
# Outbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_out: <str>
# Inbound prefix-list name.
prefix_list_in: <str>
# Outbound prefix-list name.
prefix_list_out: <str>
next_hop:
address_family_ipv6:
enabled: <bool; required>
originate: <bool>
additional_paths:
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
networks:
# IPv4 prefix "A.B.C.D/E".
- prefix: <str; required; unique>
route_map: <str>
# Redistribute routes in to BGP.
redistribute:
attached_host:
enabled: <bool; required>
route_map: <str>
bgp:
enabled: <bool; required>
route_map: <str>
connected:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
dynamic:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
isis:
enabled: <bool; required>
# Redistribute IS-IS route level.
isis_level: <str; "level-1" | "level-2" | "level-1-2">
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
ospf:
# Redistribute OSPF routes.
enabled: <bool>
# Redistribute OSPF routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPF routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPF routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
ospfv3:
# Redistribute OSPFv3 routes.
enabled: <bool>
# Redistribute OSPFv3 routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPFv3 routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPFv3 routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
rip:
enabled: <bool; required>
route_map: <str>
static:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
user:
enabled: <bool; required>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>redistribute</samp> instead.
redistribute_routes:
- source_protocol: <str; "attached-host" | "bgp" | "connected" | "dynamic" | "isis" | "ospf" | "ospfv3" | "rip" | "static" | "user"; required>
route_map: <str>
include_leaked: <bool>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
# Only applicable if `source_protocol` is one of `connected`, `dynamic`, `isis`, `static` and `user`.
rcf: <str>
# Routes learned by the OSPF protocol.
# The `ospf_route_type` is valid for source_protocols 'ospf' and 'ospfv3'.
ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
address_family_ipv6:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
additional_paths:
# Install BGP backup path.
install: <bool>
# Allow additional path with ECMP primary path.
install_ecmp_primary: <bool>
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
# Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
redistribute_internal: <bool>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
# Inbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_in: <str>
# Outbound RCF function name with parenthesis.
# Example: MyFunction(myarg).
rcf_out: <str>
# Inbound prefix-list name.
prefix_list_in: <str>
# Outbound prefix-list name.
prefix_list_out: <str>
additional_paths:
# Enable or disable reception of additional-paths.
receive: <bool>
# Select an option to send multiple paths for same prefix through bgp updates.
# any: Send any eligible path.
# backup: Best path and installed backup path.
# ecmp: All paths in best path ECMP group.
# limit: Limit to n eligible paths.
# disabled: Disable sending any paths.
send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">
# Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
send_limit: <int; 2-64>
networks:
# IPv6 prefix "A:B:C:D:E:F:G:H/I".
- prefix: <str; required; unique>
route_map: <str>
# Redistribute routes in to BGP.
redistribute:
attached_host:
enabled: <bool; required>
route_map: <str>
bgp:
enabled: <bool; required>
route_map: <str>
connected:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
dhcp:
enabled: <bool; required>
route_map: <str>
dynamic:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
isis:
enabled: <bool; required>
# Redistribute IS-IS route level.
isis_level: <str; "level-1" | "level-2" | "level-1-2">
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
ospfv3:
# Redistribute OSPFv3 routes.
enabled: <bool>
# Redistribute OSPFv3 routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPFv3 routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPFv3 routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
static:
enabled: <bool; required>
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
user:
enabled: <bool; required>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>redistribute</samp> instead.
redistribute_routes:
- source_protocol: <str; "attached-host" | "bgp" | "connected" | "dhcp" | "dynamic" | "isis" | "ospfv3" | "static" | "user"; required>
route_map: <str>
include_leaked: <bool>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
# Only applicable if `source_protocol` is one of `connected`, `dynamic`, `isis`, `static` and `user`.
rcf: <str>
# Routes learned by the OSPF protocol.
# The `ospf_route_type` is valid for source_protocols 'ospfv3'.
ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
address_family_ipv4_multicast:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
additional_paths:
receive: <bool>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
additional_paths:
receive: <bool>
networks:
# IPv6 prefix "A.B.C.D/E".
- prefix: <str; required; unique>
route_map: <str>
# Redistribute routes in to BGP.
redistribute:
attached_host:
enabled: <bool; required>
route_map: <str>
connected:
enabled: <bool; required>
route_map: <str>
isis:
enabled: <bool; required>
# Redistribute IS-IS route level.
isis_level: <str; "level-1" | "level-2" | "level-1-2">
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
ospf:
# Redistribute OSPF routes.
enabled: <bool>
# Redistribute OSPF routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Redistribute OSPF routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Redistribute OSPF routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
route_map: <str>
ospfv3:
# Redistribute OSPFv3 routes.
enabled: <bool>
# Redistribute OSPFv3 routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPFv3 routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
# Redistribute OSPFv3 routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
route_map: <str>
# Include following routes while redistributing.
include_leaked: <bool>
static:
enabled: <bool; required>
route_map: <str>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>redistribute</samp> instead.
redistribute_routes:
- source_protocol: <str; "attached-host" | "connected" | "isis" | "ospf" | "ospfv3" | "static"; required>
route_map: <str>
# Only applicable if `source_protocol` is `isis`.
include_leaked: <bool>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
# Only applicable if `source_protocol` is `isis`.
rcf: <str>
# Routes learned by the OSPF protocol.
# The `ospf_route_type` is valid for source_protocols 'ospf' and 'ospfv3'.
ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
address_family_ipv6_multicast:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
additional_paths:
receive: <bool>
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Inbound route-map name.
route_map_in: <str>
# Outbound route-map name.
route_map_out: <str>
additional_paths:
receive: <bool>
networks:
# IPv6 prefix "A:B:C:D:E:F:G:H/I".
- prefix: <str; required; unique>
route_map: <str>
# Redistribute routes in to BGP.
redistribute:
connected:
enabled: <bool; required>
route_map: <str>
isis:
enabled: <bool; required>
# Redistribute IS-IS route level.
isis_level: <str; "level-1" | "level-2" | "level-1-2">
route_map: <str>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
rcf: <str>
# Include following routes while redistributing.
include_leaked: <bool>
ospf:
# Redistribute OSPF routes.
enabled: <bool>
# Redistribute OSPF routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Redistribute OSPF routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Redistribute OSPF routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
route_map: <str>
ospfv3:
# Redistribute OSPFv3 routes.
enabled: <bool>
# Redistribute OSPFv3 routes learned from external sources.
match_external:
enabled: <bool; required>
route_map: <str>
# Redistribute OSPFv3 routes learned from internal sources.
match_internal:
enabled: <bool; required>
route_map: <str>
# Redistribute OSPFv3 routes learned from external NSSA sources.
match_nssa_external:
enabled: <bool; required>
# NSSA External Type Number.
nssa_type: <int; 1 | 2>
route_map: <str>
route_map: <str>
static:
enabled: <bool; required>
route_map: <str>
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>redistribute</samp> instead.
redistribute_routes:
- source_protocol: <str; "connected" | "isis" | "ospf" | "ospfv3" | "static"; required>
route_map: <str>
# Only applicable if `source_protocol` is `isis`.
include_leaked: <bool>
# RCF function name with parenthesis.
# Example: MyFunction(myarg).
# `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
# Only applicable if `source_protocol` is `isis`.
rcf: <str>
# Routes learned by the OSPF protocol.
# The `ospf_route_type` is valid for source_protocols 'ospf' and 'ospfv3'.
ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
address_family_flow_spec_ipv4:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
address_family_flow_spec_ipv6:
bgp:
missing_policy:
direction_in_action: <str; "deny" | "deny-in-out" | "permit">
direction_out_action: <str; "deny" | "deny-in-out" | "permit">
neighbors:
- ip_address: <str; required; unique>
activate: <bool>
# Multiline EOS CLI rendered directly on the Router BGP, VRF definition in the final EOS configuration.
eos_cli: <str>
session_trackers:
# Name of session tracker.
- name: <str; required; unique>
# Recovery delay in seconds.
recovery_delay: <int; 1-3600>
# Multiline EOS CLI rendered directly on the Router BGP in the final EOS configuration.
eos_cli: <str>
Router general¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_general | Dictionary | ||||
router_id | Dictionary | ||||
ipv4 | String | IPv4 Address. | |||
ipv6 | String | IPv6 Address. | |||
nexthop_fast_failover | Boolean | False |
|||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | Destination-VRF. | ||
leak_routes | List, items: Dictionary | ||||
- source_vrf | String | ||||
subscribe_policy | String | Route-Map Policy. | |||
routes | Dictionary | ||||
dynamic_prefix_lists | List, items: Dictionary | ||||
- name | String | Dynamic Prefix List Name. | |||
control_functions | Dictionary | Routing control functions (RCF) used to filter and update routes from a peer or during redistributions. Warning: This configuration cannot be pushed with eos_config_deploy_eapi , because of limitations in arista.eos and ansible.netcommon plugins.The configuration can be pushed via CloudVision with eos_config_deploy_cvp or cv_deploy . |
|||
code_units | List, items: Dictionary | ||||
- name | String | Required, Unique | Name of the code unit. | ||
content | String | Required | Content of route control function. e.g. function ACCEPT_ALL() { return true; } EOF |
router_general:
router_id:
# IPv4 Address.
ipv4: <str>
# IPv6 Address.
ipv6: <str>
nexthop_fast_failover: <bool; default=False>
vrfs:
# Destination-VRF.
- name: <str; required; unique>
leak_routes:
- source_vrf: <str>
# Route-Map Policy.
subscribe_policy: <str>
routes:
dynamic_prefix_lists:
# Dynamic Prefix List Name.
- name: <str>
# Routing control functions (RCF) used to filter and update routes from a peer or during redistributions.
# Warning:
# This configuration cannot be pushed with `eos_config_deploy_eapi`, because of limitations in `arista.eos` and `ansible.netcommon` plugins.
# The configuration can be pushed via CloudVision with `eos_config_deploy_cvp` or `cv_deploy`.
control_functions:
code_units:
# Name of the code unit.
- name: <str; required; unique>
# Content of route control function.
# e.g.
# function ACCEPT_ALL() {
# return true;
# }
# EOF
content: <str; required>
Router internet-exit¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_internet_exit | Dictionary | Internet-exit feature to configure internet bound service for virtual topologies. | |||
policies | List, items: Dictionary | Internet-exit policy represent a policy which can be attached to a virtual topology profile. | |||
- name | String | Required, Unique | |||
exit_groups | List, items: Dictionary | The exit groups that are configured under a policy are strictly ordered, meaning an exit group appearing first has more priority than the exit group that follows it. | |||
- name | String | ||||
exit_groups | List, items: Dictionary | Exit groups represent a group of exit options (connections). Traffic flows are load balanced in a round robin fashion across all the members (exits) of the exit-group. |
|||
- name | String | Required, Unique | |||
fib_default | Boolean | Fib default exit indicates that the flows that select this exit will follow the default route available in the VRF of the flow. | |||
local_connections | List, items: Dictionary | Local connections refer to connections configured under the router_service_insertion .The service-insertion module reports the health of the connection and the exit will qualify for use only when it is healthy. |
|||
- name | String |
# Internet-exit feature to configure internet bound service for virtual topologies.
router_internet_exit:
# Internet-exit policy represent a policy which can be attached to a virtual topology profile.
policies:
- name: <str; required; unique>
# The exit groups that are configured under a policy are strictly ordered, meaning an exit group appearing first has more priority than the exit group that follows it.
exit_groups:
- name: <str>
# Exit groups represent a group of exit options (connections).
# Traffic flows are load balanced in a round robin fashion across all the members (exits) of the exit-group.
exit_groups:
- name: <str; required; unique>
# Fib default exit indicates that the flows that select this exit will follow the default route available in the VRF of the flow.
fib_default: <bool>
# Local connections refer to connections configured under the `router_service_insertion`.
# The service-insertion module reports the health of the connection and the exit will qualify for use only when it is healthy.
local_connections:
- name: <str>
Router ISIS¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_isis | Dictionary | ||||
instance | String | Required | ISIS Instance Name. | ||
net | String | CLNS Address like “49.0001.0001.0000.0001.00”. | |||
router_id | String | IPv4 Address. | |||
is_type | String | Valid Values: - level-1 - level-1-2 - level-2 |
|||
log_adjacency_changes | Boolean | ||||
mpls_ldp_sync_default | Boolean | ||||
timers | Dictionary | ||||
local_convergence | Dictionary | ||||
protected_prefixes | Boolean | ||||
delay | Integer | 10000 |
Delay in milliseconds. | ||
set_overload_bit | Dictionary | ||||
enabled | Boolean | ||||
on_startup | Dictionary | ||||
delay | Integer | Number of seconds. | |||
wait_for_bgp | Dictionary | ||||
enabled | Boolean | ||||
timeout | Integer | Number of seconds. | |||
authentication | Dictionary | ||||
both | Dictionary | Authentication settings for level-1 and level-2. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings. | |||
key_type | String | Valid Values: - 0 - 7 - 8a |
Configure authentication key type. | ||
key | String | Password string. key_type is required for this setting. |
|||
key_ids | List, items: Dictionary | ||||
- id | Integer | Required, Unique | Min: 1 Max: 65535 |
Configure authentication key-id. | |
algorithm | String | Required | Valid Values: - sha-1 - sha-224 - sha-256 - sha-384 - sha-512 |
||
key_type | String | Required | Valid Values: - 0 - 7 - 8a |
Configure authentication key type. | |
key | String | Required | Password string. | ||
rfc_5310 | Boolean | SHA digest computation according to rfc5310. | |||
mode | String | Valid Values: - md5 - sha - text - shared-secret |
Authentication mode. | ||
sha | Dictionary | Required settings for authentication mode ‘sha’. | |||
key_id | Integer | Required | Min: 1 Max: 65535 |
||
shared_secret | Dictionary | Required settings for authentication mode ‘shared_secret’. | |||
profile | String | Required | |||
algorithm | String | Required | Valid Values: - md5 - sha-1 - sha-224 - sha-256 - sha-384 - sha-512 |
||
rx_disabled | Boolean | Disable authentication check on the receive side. | |||
level_1 | Dictionary | Authentication settings for level-1. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings. | |||
key_type | String | Valid Values: - 0 - 7 - 8a |
Configure authentication key type. | ||
key | String | Password string. key_type is required for this setting. |
|||
key_ids | List, items: Dictionary | ||||
- id | Integer | Required, Unique | Min: 1 Max: 65535 |
Configure authentication key-id. | |
algorithm | String | Required | Valid Values: - sha-1 - sha-224 - sha-256 - sha-384 - sha-512 |
||
key_type | String | Required | Valid Values: - 0 - 7 - 8a |
Configure authentication key type. | |
key | String | Required | Password string. | ||
rfc_5310 | Boolean | SHA digest computation according to rfc5310. | |||
mode | String | Valid Values: - md5 - sha - text - shared-secret |
Authentication mode. | ||
sha | Dictionary | Required settings for authentication mode ‘sha’. | |||
key_id | Integer | Required | Min: 1 Max: 65535 |
||
shared_secret | Dictionary | Required settings for authentication mode ‘shared_secret’. | |||
profile | String | Required | |||
algorithm | String | Required | Valid Values: - md5 - sha-1 - sha-224 - sha-256 - sha-384 - sha-512 |
||
rx_disabled | Boolean | Disable authentication check on the receive side. | |||
level_2 | Dictionary | Authentication settings for level-2. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings. | |||
key_type | String | Valid Values: - 0 - 7 - 8a |
Configure authentication key type. | ||
key | String | Password string. key_type is required for this setting. |
|||
key_ids | List, items: Dictionary | ||||
- id | Integer | Required, Unique | Min: 1 Max: 65535 |
Configure authentication key-id. | |
algorithm | String | Required | Valid Values: - sha-1 - sha-224 - sha-256 - sha-384 - sha-512 |
||
key_type | String | Required | Valid Values: - 0 - 7 - 8a |
Configure authentication key type. | |
key | String | Required | Password string. | ||
rfc_5310 | Boolean | SHA digest computation according to rfc5310. | |||
mode | String | Valid Values: - md5 - sha - text - shared-secret |
Authentication mode. | ||
sha | Dictionary | Required settings for authentication mode ‘sha’. | |||
key_id | Integer | Required | Min: 1 Max: 65535 |
||
shared_secret | Dictionary | Required settings for authentication mode ‘shared_secret’. | |||
profile | String | Required | |||
algorithm | String | Required | Valid Values: - md5 - sha-1 - sha-224 - sha-256 - sha-384 - sha-512 |
||
rx_disabled | Boolean | Disable authentication check on the receive side. | |||
advertise | Dictionary | ||||
passive_only | Boolean | ||||
redistribute_routes | List, items: Dictionary | ||||
- source_protocol | String | Required | Valid Values: - bgp - connected - isis - ospf - ospfv3 - static |
||
route_map | String | Route-map name. | |||
include_leaked | Boolean | ||||
ospf_route_type | String | Valid Values: - external - internal - nssa-external |
ospf_route_type is required with source_protocols ‘ospf’ and ‘ospfv3’. | ||
address_family_ipv4 | Dictionary | ||||
enabled | Boolean | Required | |||
maximum_paths | Integer | Min: 1 Max: 128 |
|||
bfd_all_interfaces | Boolean | Enable BFD on all interfaces. | |||
fast_reroute_ti_lfa | Dictionary | ||||
mode | String | Valid Values: - link-protection - node-protection |
|||
level | String | Valid Values: - level-1 - level-2 |
|||
srlg | Dictionary | Shared Risk Link Group. | |||
enable | Boolean | ||||
strict | Boolean | ||||
tunnel_source_labeled_unicast | Dictionary | ||||
enabled | Boolean | ||||
rcf | String | Route Control Function. | |||
address_family_ipv6 | Dictionary | ||||
enabled | Boolean | Required | |||
maximum_paths | Integer | Min: 1 Max: 128 |
|||
bfd_all_interfaces | Boolean | Enable BFD on all interfaces. | |||
fast_reroute_ti_lfa | Dictionary | ||||
mode | String | Valid Values: - link-protection - node-protection |
|||
level | String | Valid Values: - level-1 - level-2 |
Optional, default is to protect all levels. | ||
srlg | Dictionary | Shared Risk Link Group. | |||
enable | Boolean | ||||
strict | Boolean | ||||
segment_routing_mpls | Dictionary | ||||
enabled | Boolean | ||||
router_id | String | ||||
prefix_segments | List, items: Dictionary | ||||
- prefix | String | ||||
index | Integer | ||||
spf_interval | Dictionary | ||||
interval | Integer | Maximum interval between two SPFs in seconds or milliseconds. Range in seconds: <1-300> Range in milliseconds: <1-300000> |
|||
interval_unit | String | Valid Values: - seconds - milliseconds |
If interval unit is not defined EOS takes seconds by default. |
||
wait_interval | Integer | Min: 1 Max: 300000 |
Initial wait interval for SPF in milliseconds. | ||
hold_interval | Integer | Min: 1 Max: 300000 |
Hold interval between the first and second SPF runs in milliseconds. | ||
graceful_restart | Dictionary | ||||
enabled | Boolean | ||||
restart_hold_time | Integer | Min: 5 Max: 300 |
Number of seconds. | ||
t2 | Dictionary | ||||
level_1_wait_time | Integer | Min: 5 Max: 300 |
Level-1 LSP database sync wait time in seconds. | ||
level_2_wait_time | Integer | Min: 5 Max: 300 |
Level-2 LSP database sync wait time in seconds. | ||
eos_cli | String | Multiline EOS CLI rendered directly on the router isis in the final EOS configuration. | |||
address_family removed | List | This key was removed. Support was removed in AVD version 5.0.0. Use address_family_ipv4.enabled or address_family_ipv6.enabled instead. | |||
isis_af_defaults removed | List | This key was removed. Support was removed in AVD version 5.0.0. Use address_family_ipv4/address_family_ipv6 instead. |
router_isis:
# ISIS Instance Name.
instance: <str; required>
# CLNS Address like "49.0001.0001.0000.0001.00".
net: <str>
# IPv4 Address.
router_id: <str>
is_type: <str; "level-1" | "level-1-2" | "level-2">
log_adjacency_changes: <bool>
mpls_ldp_sync_default: <bool>
timers:
local_convergence:
protected_prefixes: <bool>
# Delay in milliseconds.
delay: <int; default=10000>
set_overload_bit:
enabled: <bool>
on_startup:
# Number of seconds.
delay: <int>
wait_for_bgp:
enabled: <bool>
# Number of seconds.
timeout: <int>
authentication:
# Authentication settings for level-1 and level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
both:
# Configure authentication key type.
key_type: <str; "0" | "7" | "8a">
# Password string. `key_type` is required for this setting.
key: <str>
key_ids:
# Configure authentication key-id.
- id: <int; 1-65535; required; unique>
algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
# Configure authentication key type.
key_type: <str; "0" | "7" | "8a"; required>
# Password string.
key: <str; required>
# SHA digest computation according to rfc5310.
rfc_5310: <bool>
# Authentication mode.
mode: <str; "md5" | "sha" | "text" | "shared-secret">
# Required settings for authentication mode 'sha'.
sha:
key_id: <int; 1-65535; required>
# Required settings for authentication mode 'shared_secret'.
shared_secret:
profile: <str; required>
algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
# Disable authentication check on the receive side.
rx_disabled: <bool>
# Authentication settings for level-1. 'both' takes precedence over 'level_1' and 'level_2' settings.
level_1:
# Configure authentication key type.
key_type: <str; "0" | "7" | "8a">
# Password string. `key_type` is required for this setting.
key: <str>
key_ids:
# Configure authentication key-id.
- id: <int; 1-65535; required; unique>
algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
# Configure authentication key type.
key_type: <str; "0" | "7" | "8a"; required>
# Password string.
key: <str; required>
# SHA digest computation according to rfc5310.
rfc_5310: <bool>
# Authentication mode.
mode: <str; "md5" | "sha" | "text" | "shared-secret">
# Required settings for authentication mode 'sha'.
sha:
key_id: <int; 1-65535; required>
# Required settings for authentication mode 'shared_secret'.
shared_secret:
profile: <str; required>
algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
# Disable authentication check on the receive side.
rx_disabled: <bool>
# Authentication settings for level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
level_2:
# Configure authentication key type.
key_type: <str; "0" | "7" | "8a">
# Password string. `key_type` is required for this setting.
key: <str>
key_ids:
# Configure authentication key-id.
- id: <int; 1-65535; required; unique>
algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
# Configure authentication key type.
key_type: <str; "0" | "7" | "8a"; required>
# Password string.
key: <str; required>
# SHA digest computation according to rfc5310.
rfc_5310: <bool>
# Authentication mode.
mode: <str; "md5" | "sha" | "text" | "shared-secret">
# Required settings for authentication mode 'sha'.
sha:
key_id: <int; 1-65535; required>
# Required settings for authentication mode 'shared_secret'.
shared_secret:
profile: <str; required>
algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>
# Disable authentication check on the receive side.
rx_disabled: <bool>
advertise:
passive_only: <bool>
redistribute_routes:
- source_protocol: <str; "bgp" | "connected" | "isis" | "ospf" | "ospfv3" | "static"; required>
# Route-map name.
route_map: <str>
include_leaked: <bool>
# ospf_route_type is required with source_protocols 'ospf' and 'ospfv3'.
ospf_route_type: <str; "external" | "internal" | "nssa-external">
address_family_ipv4:
enabled: <bool; required>
maximum_paths: <int; 1-128>
# Enable BFD on all interfaces.
bfd_all_interfaces: <bool>
fast_reroute_ti_lfa:
mode: <str; "link-protection" | "node-protection">
level: <str; "level-1" | "level-2">
# Shared Risk Link Group.
srlg:
enable: <bool>
strict: <bool>
tunnel_source_labeled_unicast:
enabled: <bool>
# Route Control Function.
rcf: <str>
address_family_ipv6:
enabled: <bool; required>
maximum_paths: <int; 1-128>
# Enable BFD on all interfaces.
bfd_all_interfaces: <bool>
fast_reroute_ti_lfa:
mode: <str; "link-protection" | "node-protection">
# Optional, default is to protect all levels.
level: <str; "level-1" | "level-2">
# Shared Risk Link Group.
srlg:
enable: <bool>
strict: <bool>
segment_routing_mpls:
enabled: <bool>
router_id: <str>
prefix_segments:
- prefix: <str>
index: <int>
spf_interval:
# Maximum interval between two SPFs in seconds or milliseconds.
# Range in seconds: <1-300>
# Range in milliseconds: <1-300000>
interval: <int>
# If interval unit is not defined EOS takes `seconds` by default.
interval_unit: <str; "seconds" | "milliseconds">
# Initial wait interval for SPF in milliseconds.
wait_interval: <int; 1-300000>
# Hold interval between the first and second SPF runs in milliseconds.
hold_interval: <int; 1-300000>
graceful_restart:
enabled: <bool>
# Number of seconds.
restart_hold_time: <int; 5-300>
t2:
# Level-1 LSP database sync wait time in seconds.
level_1_wait_time: <int; 5-300>
# Level-2 LSP database sync wait time in seconds.
level_2_wait_time: <int; 5-300>
# Multiline EOS CLI rendered directly on the router isis in the final EOS configuration.
eos_cli: <str>
Router L2 VPN¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_l2_vpn | Dictionary | ||||
arp_learning_bridged | Boolean | ||||
arp_proxy | Dictionary | ||||
prefix_list | String | Prefix-list name. ARP Proxying is disabled for IPv4 addresses defined in the prefix-list. | |||
arp_selective_install | Boolean | ||||
nd_learning_bridged | Boolean | ||||
nd_proxy | Dictionary | ||||
prefix_list | String | Prefix-list name. Neighbor Discovery Proxying is disabled for IPv6 addresses defined in the prefix-list. | |||
nd_rs_flooding_disabled | Boolean | ||||
virtual_router_nd_ra_flooding_disabled | Boolean |
router_l2_vpn:
arp_learning_bridged: <bool>
arp_proxy:
# Prefix-list name. ARP Proxying is disabled for IPv4 addresses defined in the prefix-list.
prefix_list: <str>
arp_selective_install: <bool>
nd_learning_bridged: <bool>
nd_proxy:
# Prefix-list name. Neighbor Discovery Proxying is disabled for IPv6 addresses defined in the prefix-list.
prefix_list: <str>
nd_rs_flooding_disabled: <bool>
virtual_router_nd_ra_flooding_disabled: <bool>
Router OSPF¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_ospf | Dictionary | ||||
process_ids | List, items: Dictionary | ||||
- id | Integer | Required, Unique | OSPF Process ID. | ||
vrf | String | VRF Name for OSPF Process. | |||
passive_interface_default | Boolean | ||||
router_id | String | IPv4 Address. | |||
distance | Dictionary | ||||
external | Integer | Min: 1 Max: 255 |
|||
inter_area | Integer | Min: 1 Max: 255 |
|||
intra_area | Integer | Min: 1 Max: 255 |
|||
log_adjacency_changes_detail | Boolean | ||||
network_prefixes | List, items: Dictionary | ||||
- ipv4_prefix | String | Required, Unique | |||
area | String | ||||
bfd_enable | Boolean | ||||
bfd_adjacency_state_any | Boolean | ||||
no_passive_interfaces | List, items: String | ||||
- <str> | String | Interface Name. | |||
distribute_list_in | Dictionary | ||||
route_map | String | ||||
max_lsa | Integer | ||||
timers | Dictionary | ||||
lsa | Dictionary | ||||
rx_min_interval | Integer | Min: 0 Max: 600000 |
Min interval in msecs between accepting the same LSA. | ||
tx_delay | Dictionary | ||||
initial | Integer | Min: 0 Max: 600000 |
Delay to generate first occurrence of LSA in msecs. | ||
min | Integer | Min: 1 Max: 600000 |
Min delay between originating the same LSA in msecs. | ||
max | Integer | Min: 1 Max: 600000 |
1-600000 Maximum delay between originating the same LSA in msec. | ||
spf_delay | Dictionary | ||||
initial | Integer | Min: 0 Max: 600000 |
Initial SPF schedule delay in msecs. | ||
min | Integer | Min: 0 Max: 65535000 |
Min Hold time between two SPFs in msecs. | ||
max | Integer | Min: 0 Max: 65535000 |
Max wait time between two SPFs in msecs. | ||
default_information_originate | Dictionary | ||||
always | Boolean | ||||
metric | Integer | Min: 1 Max: 65535 |
Metric for default route. | ||
metric_type | Integer | Valid Values: - 1 - 2 |
OSPF metric type for default route. | ||
summary_addresses | List, items: Dictionary | ||||
- prefix | String | Required, Unique | Summary Prefix Address. | ||
tag | Integer | ||||
attribute_map | String | ||||
not_advertise | Boolean | ||||
redistribute | Dictionary | ||||
static | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | Route Map Name. | |||
include_leaked | Boolean | ||||
connected | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | Route Map Name. | |||
include_leaked | Boolean | ||||
bgp | Dictionary | ||||
enabled | Boolean | Required | |||
route_map | String | Route Map Name. | |||
include_leaked | Boolean | ||||
auto_cost_reference_bandwidth | Integer | Bandwidth in mbps. | |||
areas | List, items: Dictionary | ||||
- id | String | Required, Unique | |||
filter | Dictionary | ||||
networks | List, items: String | ||||
- <str> | String | IPv4 Prefix. | |||
prefix_list | String | Prefix-List Name. | |||
type | String | normal |
Valid Values: - normal - stub - nssa |
||
no_summary | Boolean | ||||
nssa_only | Boolean | ||||
default_information_originate | Dictionary | ||||
metric | Integer | Min: 1 Max: 65535 |
Metric for default route. | ||
metric_type | Integer | Valid Values: - 1 - 2 |
OSPF metric type for default route. | ||
maximum_paths | Integer | Min: 1 Max: 128 |
|||
max_metric | Dictionary | ||||
router_lsa | Dictionary | ||||
external_lsa | Dictionary | ||||
override_metric | Integer | Min: 1 Max: 16777215 |
|||
include_stub | Boolean | ||||
on_startup | String | “wait-for-bgp” or Integer 5-86400. Example: “wait-for-bgp” Or “222” |
|||
summary_lsa | Dictionary | ||||
override_metric | Integer | Min: 1 Max: 16777215 |
|||
mpls_ldp_sync_default | Boolean | ||||
eos_cli | String | Multiline EOS CLI rendered directly on the Router OSPF process ID in the final EOS configuration. |
router_ospf:
process_ids:
# OSPF Process ID.
- id: <int; required; unique>
# VRF Name for OSPF Process.
vrf: <str>
passive_interface_default: <bool>
# IPv4 Address.
router_id: <str>
distance:
external: <int; 1-255>
inter_area: <int; 1-255>
intra_area: <int; 1-255>
log_adjacency_changes_detail: <bool>
network_prefixes:
- ipv4_prefix: <str; required; unique>
area: <str>
bfd_enable: <bool>
bfd_adjacency_state_any: <bool>
no_passive_interfaces:
# Interface Name.
- <str>
distribute_list_in:
route_map: <str>
max_lsa: <int>
timers:
lsa:
# Min interval in msecs between accepting the same LSA.
rx_min_interval: <int; 0-600000>
tx_delay:
# Delay to generate first occurrence of LSA in msecs.
initial: <int; 0-600000>
# Min delay between originating the same LSA in msecs.
min: <int; 1-600000>
# 1-600000 Maximum delay between originating the same LSA in msec.
max: <int; 1-600000>
spf_delay:
# Initial SPF schedule delay in msecs.
initial: <int; 0-600000>
# Min Hold time between two SPFs in msecs.
min: <int; 0-65535000>
# Max wait time between two SPFs in msecs.
max: <int; 0-65535000>
default_information_originate:
always: <bool>
# Metric for default route.
metric: <int; 1-65535>
# OSPF metric type for default route.
metric_type: <int; 1 | 2>
summary_addresses:
# Summary Prefix Address.
- prefix: <str; required; unique>
tag: <int>
attribute_map: <str>
not_advertise: <bool>
redistribute:
static:
enabled: <bool; required>
# Route Map Name.
route_map: <str>
include_leaked: <bool>
connected:
enabled: <bool; required>
# Route Map Name.
route_map: <str>
include_leaked: <bool>
bgp:
enabled: <bool; required>
# Route Map Name.
route_map: <str>
include_leaked: <bool>
# Bandwidth in mbps.
auto_cost_reference_bandwidth: <int>
areas:
- id: <str; required; unique>
filter:
networks:
# IPv4 Prefix.
- <str>
# Prefix-List Name.
prefix_list: <str>
type: <str; "normal" | "stub" | "nssa"; default="normal">
no_summary: <bool>
nssa_only: <bool>
default_information_originate:
# Metric for default route.
metric: <int; 1-65535>
# OSPF metric type for default route.
metric_type: <int; 1 | 2>
maximum_paths: <int; 1-128>
max_metric:
router_lsa:
external_lsa:
override_metric: <int; 1-16777215>
include_stub: <bool>
# "wait-for-bgp" or Integer 5-86400.
# Example: "wait-for-bgp" Or "222"
on_startup: <str>
summary_lsa:
override_metric: <int; 1-16777215>
mpls_ldp_sync_default: <bool>
# Multiline EOS CLI rendered directly on the Router OSPF process ID in the final EOS configuration.
eos_cli: <str>
Router path selection¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_path_selection | Dictionary | Dynamic path selection configuration. | |||
peer_dynamic_source | String | Valid Values: - stun |
Source of dynamic peer discovery. | ||
path_groups | List, items: Dictionary | ||||
- name | String | Required, Unique | Path group name. | ||
id | Integer | Min: 1 Max: 65535 |
Path group ID. | ||
ipsec_profile | String | IPSec profile for the path group. | |||
flow_assignment | String | Valid Values: - lan |
Flow assignment lan can not be configured in a path group with dynamic peers. |
||
local_interfaces | List, items: Dictionary | ||||
- name | String | Required, Unique | Pattern: ^(Port-Channel|Ethernet(\d+/)*)\d+(\.\d+)?$ |
Local interface name. | |
public_address | String | Public IP assigned by NAT. | |||
stun | Dictionary | ||||
server_profiles | List, items: String | Required | Min Length: 1 Max Length: 12 |
STUN server-profile names. | |
- <str> | String | ||||
local_ips | List, items: Dictionary | ||||
- ip_address | String | Required, Unique | |||
public_address | String | Public IP assigned by NAT. | |||
stun | Dictionary | ||||
server_profiles | List, items: String | Required | Min Length: 1 Max Length: 12 |
STUN server-profile names. | |
- <str> | String | ||||
dynamic_peers | Dictionary | Flow assignment lan can not be configured in a path group with dynamic peers. |
|||
enabled | Boolean | Enable peer dynamic . |
|||
ip_local | Boolean | Prefer local IP address. | |||
ipsec | Boolean | IPsec configuration for dynamic peers. | |||
static_peers | List, items: Dictionary | ||||
- router_ip | String | Required, Unique | Peer router IP. | ||
name | String | Name of the site. | |||
ipv4_addresses | List, items: String | Static IPv4 addresses. | |||
- <str> | String | ||||
keepalive | Dictionary | ||||
auto | Boolean | False |
Enable adaptive keepalive and feedback interval. | ||
interval | Integer | Min: 50 Max: 60000 |
Interval in milliseconds. | ||
failure_threshold | Integer | Min: 2 Max: 100 |
Failure threshold in number of intervals. Required when interval is set. |
||
load_balance_policies | List, items: Dictionary | ||||
- name | String | Required, Unique | Load-balance policy name. | ||
lowest_hop_count | Boolean | Prefer paths with lowest hop-count. | |||
jitter | Integer | Min: 0 Max: 10000 |
Jitter requirement for this load balance policy in milliseconds. | ||
latency | Integer | Min: 0 Max: 10000 |
One way delay requirement for this load balance policy in milliseconds. | ||
loss_rate | String | Pattern: ^\d+(\.\d{1,2})?$ |
Loss Rate requirement in percentage for this load balance policy. Value between 0.00 and 100.00. |
||
path_groups | List, items: Dictionary | List of path-groups to use for this load balance policy. | |||
- name | String | Required, Unique | Path-group name. | ||
priority | Integer | Min: 1 Max: 65535 |
Priority for this path-group. The EOS default value is 1. |
||
policies | List, items: Dictionary | ||||
- name | String | Required, Unique | DPS policy name. | ||
default_match | Dictionary | ||||
load_balance | String | Name of the load-balance policy. | |||
rules | List, items: Dictionary | ||||
- id | Integer | Required, Unique | Min: 1 Max: 255 |
Rule ID. | |
application_profile | String | Required | |||
load_balance | String | Name of the load-balance policy. | |||
vrfs | List, items: Dictionary | ||||
- name | String | Required, Unique | VRF name. | ||
path_selection_policy | String | DPS policy name to use for this VRF. | |||
tcp_mss_ceiling | Dictionary | ||||
ipv4_segment_size | String | Segment Size for IPv4. Can be an integer in the range 64-65515 or “auto”. “auto” will enable auto-discovery which clamps the TCP MSS value to the minimum of all the direct paths and multi-hop path MTU towards a remote VTEP (minus 40bytes to account for IP + TCP header). |
|||
direction | String | ingress |
Valid Values: - ingress |
Enforce on packets through DPS tunnel for a specific direction. Only ‘ingress’ direction is supported. |
# Dynamic path selection configuration.
router_path_selection:
# Source of dynamic peer discovery.
peer_dynamic_source: <str; "stun">
path_groups:
# Path group name.
- name: <str; required; unique>
# Path group ID.
id: <int; 1-65535>
# IPSec profile for the path group.
ipsec_profile: <str>
# Flow assignment `lan` can not be configured in a path group with dynamic peers.
flow_assignment: <str; "lan">
local_interfaces:
# Local interface name.
- name: <str; required; unique>
# Public IP assigned by NAT.
public_address: <str>
stun:
# STUN server-profile names.
server_profiles: # 1-12 items; required
- <str>
local_ips:
- ip_address: <str; required; unique>
# Public IP assigned by NAT.
public_address: <str>
stun:
# STUN server-profile names.
server_profiles: # 1-12 items; required
- <str>
# Flow assignment `lan` can not be configured in a path group with dynamic peers.
dynamic_peers:
# Enable `peer dynamic`.
enabled: <bool>
# Prefer local IP address.
ip_local: <bool>
# IPsec configuration for dynamic peers.
ipsec: <bool>
static_peers:
# Peer router IP.
- router_ip: <str; required; unique>
# Name of the site.
name: <str>
# Static IPv4 addresses.
ipv4_addresses:
- <str>
keepalive:
# Enable adaptive keepalive and feedback interval.
auto: <bool; default=False>
# Interval in milliseconds.
interval: <int; 50-60000>
# Failure threshold in number of intervals. Required when `interval` is set.
failure_threshold: <int; 2-100>
load_balance_policies:
# Load-balance policy name.
- name: <str; required; unique>
# Prefer paths with lowest hop-count.
lowest_hop_count: <bool>
# Jitter requirement for this load balance policy in milliseconds.
jitter: <int; 0-10000>
# One way delay requirement for this load balance policy in milliseconds.
latency: <int; 0-10000>
# Loss Rate requirement in percentage for this load balance policy.
# Value between 0.00 and 100.00.
loss_rate: <str>
# List of path-groups to use for this load balance policy.
path_groups:
# Path-group name.
- name: <str; required; unique>
# Priority for this path-group.
# The EOS default value is 1.
priority: <int; 1-65535>
policies:
# DPS policy name.
- name: <str; required; unique>
default_match:
# Name of the load-balance policy.
load_balance: <str>
rules:
# Rule ID.
- id: <int; 1-255; required; unique>
application_profile: <str; required>
# Name of the load-balance policy.
load_balance: <str>
vrfs:
# VRF name.
- name: <str; required; unique>
# DPS policy name to use for this VRF.
path_selection_policy: <str>
tcp_mss_ceiling:
# Segment Size for IPv4.
# Can be an integer in the range 64-65515 or "auto".
# "auto" will enable auto-discovery which clamps the TCP MSS value to the minimum of all the direct paths
# and multi-hop path MTU towards a remote VTEP (minus 40bytes to account for IP + TCP header).
ipv4_segment_size: <str>
# Enforce on packets through DPS tunnel for a specific direction.
# Only 'ingress' direction is supported.
direction: <str; "ingress"; default="ingress">
Router service-insertion¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_service_insertion | Dictionary | Configure network services inserted to data forwarding. | |||
enabled | Boolean | ||||
connections | List, items: Dictionary | ||||
- name | String | Required, Unique | Connection name. | ||
ethernet_interface | Dictionary | Outgoing physical interface or subinterface to use for the connection. If both ethernet_interface and tunnel_interface are configured, ethernet_interface will be used. |
|||
name | String | Required | e.g. Ethernet2 or Ethernet2/2.2 | ||
next_hop | String | Required | Next-hop IPv4 address (without mask). | ||
tunnel_interface | Dictionary | Outgoing tunnel interface(s) to use for this connection. If both ethernet_interface and tunnel_interface are configured, ethernet_interface will be used. |
|||
primary | String | e.g. Tunnel2 | |||
secondary | String | e.g. Tunnel3 | |||
monitor_connectivity_host | String | Name of the host defined under monitor_connectivity.hosts used to derive the health of the connection. |
# Configure network services inserted to data forwarding.
router_service_insertion:
enabled: <bool>
connections:
# Connection name.
- name: <str; required; unique>
# Outgoing physical interface or subinterface to use for the connection.
# If both `ethernet_interface` and `tunnel_interface` are configured, `ethernet_interface` will be used.
ethernet_interface:
# e.g. Ethernet2 or Ethernet2/2.2
name: <str; required>
# Next-hop IPv4 address (without mask).
next_hop: <str; required>
# Outgoing tunnel interface(s) to use for this connection.
# If both `ethernet_interface` and `tunnel_interface` are configured, `ethernet_interface` will be used.
tunnel_interface:
# e.g. Tunnel2
primary: <str>
# e.g. Tunnel3
secondary: <str>
# Name of the host defined under `monitor_connectivity.hosts` used to derive the health of the connection.
monitor_connectivity_host: <str>
Router traffic engineering¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_traffic_engineering | Dictionary | ||||
enabled | Boolean | Required | |||
router_id | Dictionary | ||||
ipv4 | String | ||||
ipv6 | String | ||||
segment_routing | Dictionary | ||||
colored_tunnel_rib | Boolean | ||||
policy_endpoints | List, items: Dictionary | ||||
- address | String | IPv4 or IPv6 address. | |||
colors | List, items: Dictionary | ||||
- value | Integer | Required, Unique | |||
binding_sid | Integer | ||||
description | String | ||||
name | String | ||||
sbfd_remote_discriminator | String | IPv4 address or 32 bit integer. | |||
path_group | List, items: Dictionary | ||||
- preference | Integer | ||||
explicit_null | String | Valid Values: - ipv4 - ipv6 - ipv4 ipv6 - none |
|||
segment_list | List, items: Dictionary | ||||
- label_stack | String | Label Stack as string. Example: “100 2000 30” |
|||
weight | Integer | ||||
index | Integer |
router_traffic_engineering:
enabled: <bool; required>
router_id:
ipv4: <str>
ipv6: <str>
segment_routing:
colored_tunnel_rib: <bool>
policy_endpoints:
# IPv4 or IPv6 address.
- address: <str>
colors:
- value: <int; required; unique>
binding_sid: <int>
description: <str>
name: <str>
# IPv4 address or 32 bit integer.
sbfd_remote_discriminator: <str>
path_group:
- preference: <int>
explicit_null: <str; "ipv4" | "ipv6" | "ipv4 ipv6" | "none">
segment_list:
# Label Stack as string.
# Example: "100 2000 30"
- label_stack: <str>
weight: <int>
index: <int>
Service routing configuration bgp¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
service_routing_configuration_bgp | Dictionary | ||||
no_equals_default | Boolean |
Service routing protocols model¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
service_routing_protocols_model | String | Valid Values: - multi-agent - ribd |
Static routes¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
static_routes | List, items: Dictionary | ||||
- vrf | String | VRF Name. | |||
destination_address_prefix | String | IPv4_network/Mask. | |||
interface | String | ||||
gateway | String | IPv4 Address. | |||
track_bfd | Boolean | Track next-hop using BFD. | |||
distance | Integer | Min: 1 Max: 255 |
|||
tag | Integer | Min: 0 Max: 4294967295 |
|||
name | String | Description. | |||
metric | Integer | Min: 0 Max: 4294967295 |
STUN¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
stun | Dictionary | STUN configuration. | |||
client | Dictionary | STUN client settings. | |||
server_profiles | List, items: Dictionary | List of server profiles for the client. | |||
- name | String | Required, Unique | |||
ip_address | String | ||||
ssl_profile | String | SSL profile name. | |||
port | Integer | Min: 1 Max: 65535 |
Destination port for the request STUN server (default - 3478). | ||
server | Dictionary | STUN server settings. | |||
local_interfaces | List, items: String | Min Length: 1 | |||
- <str> | String | ||||
bindings_timeout | Integer | Min: 10 Max: 7200 |
Timeout for bindings stored on STUN server in seconds. | ||
ssl_profile | String | SSL profile name. | |||
ssl_connection_lifetime | Dictionary | SSL connection lifetime in minutes or hours. If both are specified, minutes is given higher precedence. |
|||
minutes | Integer | Min: 1 Max: 1440 |
SSL connection lifetime in minutes (default - 120). | ||
hours | Integer | Min: 1 Max: 24 |
SSL connection lifetime in hours (default - 2). | ||
port | Integer | Min: 1 Max: 65535 |
Listening port for STUN server (default - 3478). | ||
local_interface removed | String | This key was removed. Support was removed in AVD version v5.0.0. Use local_interfaces instead. |
# STUN configuration.
stun:
# STUN client settings.
client:
# List of server profiles for the client.
server_profiles:
- name: <str; required; unique>
ip_address: <str>
# SSL profile name.
ssl_profile: <str>
# Destination port for the request STUN server (default - 3478).
port: <int; 1-65535>
# STUN server settings.
server:
local_interfaces: # >=1 items
- <str>
# Timeout for bindings stored on STUN server in seconds.
bindings_timeout: <int; 10-7200>
# SSL profile name.
ssl_profile: <str>
# SSL connection lifetime in minutes or hours.
# If both are specified, minutes is given higher precedence.
ssl_connection_lifetime:
# SSL connection lifetime in minutes (default - 120).
minutes: <int; 1-1440>
# SSL connection lifetime in hours (default - 2).
hours: <int; 1-24>
# Listening port for STUN server (default - 3478).
port: <int; 1-65535>
VRFs¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
vrfs | List, items: Dictionary | These keys are ignored if the name of the vrf is ‘default’. |
|||
- name | String | Required, Unique | VRF Name. | ||
description | String | ||||
ip_routing | Boolean | ||||
ipv6_routing | Boolean | ||||
ip_routing_ipv6_interfaces | Boolean | ||||
tenant | String | Key only used for documentation or validation purposes. |
Security¶
IP Security¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_security | Dictionary | ||||
ike_policies | List, items: Dictionary | Internet Security Association and Key Mgmt Protocol. | |||
- name | String | Required, Unique | Policy name. | ||
local_id | String | Local IKE identification. Can be an IPv4 or an IPv6 address. If both local_id and local_id_fqdn are set, local_id_fqdn takes precedence. |
|||
local_id_fqdn | String | Local FQDN or UFQDN IKE identification. If both local_id and local_id_fqdn are set, local_id_fqdn takes precedence. |
|||
ike_lifetime | Integer | Min: 1 Max: 24 |
IKE lifetime in hours. | ||
encryption | String | Valid Values: - 3des - aes128 - aes256 |
IKE encryption algorithm. | ||
dh_group | Integer | Valid Values: - 1 - 2 - 5 - 14 - 15 - 16 - 17 - 20 - 21 - 24 |
Diffie-Hellman group for the key exchange. | ||
sa_policies | List, items: Dictionary | Security Association policies. | |||
- name | String | Required, Unique | Name of the SA policy. | ||
sa_lifetime | Dictionary | ||||
value | Integer | Lifetime value for this SA. Valid range depends on the unit. <1-24> Lifetime in hours ( default ) <1-4000000> Packet limit in thousands <1-6000> Byte limit in GB ( 1024 MB ) <1-6144000> Byte limit in MB ( 1024 KB ) |
|||
unit | String | hours |
Valid Values: - gigabytes - hours - megabytes - thousand-packets |
||
esp | Dictionary | ||||
integrity | String | Valid Values: - disabled - sha1 - sha256 - sha384 - sha512 - md5 |
|||
encryption | String | Valid Values: - disabled - aes128 - aes128gcm128 - aes128gcm64 - aes256 - aes256gcm128 - 3des |
|||
pfs_dh_group | Integer | Valid Values: - 1 - 2 - 5 - 14 - 15 - 16 - 17 - 20 - 21 - 24 |
|||
profiles | List, items: Dictionary | IPSec profiles. | |||
- name | String | Required, Unique | Name of the IPsec profile. | ||
ike_policy | String | Name of the IKE policy to use in this profile. | |||
sa_policy | String | Name of the Security Association to use in this profile. | |||
connection | String | Valid Values: - add - start - route |
IPsec connection (Initiator/Responder/Dynamic). | ||
shared_key | String | Encrypted password - only type 7 supported. | |||
dpd | Dictionary | Dead Peer Detection. | |||
interval | Integer | Required | Min: 2 Max: 3600 |
Interval (in seconds) between keep-alive messages. | |
time | Integer | Required | Min: 10 Max: 3600 |
Time (in seconds) after which the action is applied. | |
action | String | Required | Valid Values: - clear - hold - restart |
Action to apply. * ‘clear’: Delete all connections * ‘hold’: Re-negotiate connection on demand * ‘restart’: Restart connection immediately |
|
mode | String | Valid Values: - transport - tunnel |
Ipsec mode type. | ||
flow_parallelization_encapsulation_udp | Boolean | Enable flow parallelization. When enabled, multiple cores are used to parallelize the IPsec encryption and decryption processing. |
|||
key_controller | Dictionary | ||||
profile | String | IPsec profile name to use. | |||
hardware_encryption_disabled | Boolean | False |
Disable hardware encryption. An SFE restart is needed for this change to take effect. |
ip_security:
# Internet Security Association and Key Mgmt Protocol.
ike_policies:
# Policy name.
- name: <str; required; unique>
# Local IKE identification.
# Can be an IPv4 or an IPv6 address.
# If both `local_id` and `local_id_fqdn` are set, `local_id_fqdn` takes precedence.
local_id: <str>
# Local FQDN or UFQDN IKE identification.
# If both `local_id` and `local_id_fqdn` are set, `local_id_fqdn` takes precedence.
local_id_fqdn: <str>
# IKE lifetime in hours.
ike_lifetime: <int; 1-24>
# IKE encryption algorithm.
encryption: <str; "3des" | "aes128" | "aes256">
# Diffie-Hellman group for the key exchange.
dh_group: <int; 1 | 2 | 5 | 14 | 15 | 16 | 17 | 20 | 21 | 24>
# Security Association policies.
sa_policies:
# Name of the SA policy.
- name: <str; required; unique>
sa_lifetime:
# Lifetime value for this SA.
# Valid range depends on the unit.
# <1-24> Lifetime in hours ( default )
# <1-4000000> Packet limit in thousands
# <1-6000> Byte limit in GB ( 1024 MB )
# <1-6144000> Byte limit in MB ( 1024 KB )
value: <int>
unit: <str; "gigabytes" | "hours" | "megabytes" | "thousand-packets"; default="hours">
esp:
integrity: <str; "disabled" | "sha1" | "sha256" | "sha384" | "sha512" | "md5">
encryption: <str; "disabled" | "aes128" | "aes128gcm128" | "aes128gcm64" | "aes256" | "aes256gcm128" | "3des">
pfs_dh_group: <int; 1 | 2 | 5 | 14 | 15 | 16 | 17 | 20 | 21 | 24>
# IPSec profiles.
profiles:
# Name of the IPsec profile.
- name: <str; required; unique>
# Name of the IKE policy to use in this profile.
ike_policy: <str>
# Name of the Security Association to use in this profile.
sa_policy: <str>
# IPsec connection (Initiator/Responder/Dynamic).
connection: <str; "add" | "start" | "route">
# Encrypted password - only type 7 supported.
shared_key: <str>
# Dead Peer Detection.
dpd:
# Interval (in seconds) between keep-alive messages.
interval: <int; 2-3600; required>
# Time (in seconds) after which the action is applied.
time: <int; 10-3600; required>
# Action to apply.
#
# * 'clear': Delete all connections
# * 'hold': Re-negotiate connection on demand
# * 'restart': Restart connection immediately
action: <str; "clear" | "hold" | "restart"; required>
# Ipsec mode type.
mode: <str; "transport" | "tunnel">
# Enable flow parallelization.
# When enabled, multiple cores are used to parallelize the IPsec encryption and decryption processing.
flow_parallelization_encapsulation_udp: <bool>
key_controller:
# IPsec profile name to use.
profile: <str>
# Disable hardware encryption.
# An SFE restart is needed for this change to take effect.
hardware_encryption_disabled: <bool; default=False>
Router segment-security¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
router_segment_security | Dictionary | ||||
enabled | Boolean | ||||
policies | List, items: Dictionary | Customised application policies. Using the Application Traffic Recognition L4 profiles, custom policies can be defined. The built-in application ‘app-match-all’ can be used to match any packets. Note that this is stateless, so both the source and destination flows need to be considered. |
|||
- name | String | Required, Unique | Policy name. | ||
sequence_numbers | List, items: Dictionary | Required | |||
- sequence | Integer | Required, Unique | Min: 1 Max: 1023 |
Sequence ID. | |
application | String | Required | The name of the application. | ||
action | String | Required | Valid Values: - forward - drop - redirect |
The action to take - note that platform support for the redirect action is limited. The “redirect” action also requires the ‘next_hop’ to be configured. | |
log | Boolean | Enable logging - note that platform support is limited. | |||
stateless | Boolean | True |
Take action, regardless of state. Should be set to ‘true’ for MSS-G. | ||
next_hop | String | When the action is ‘redirect’, this indicates the IPv4 next hop to redirect to. | |||
vrfs | List, items: Dictionary | The name of the VRF that the segments and policies are defined in. | |||
- name | String | Required, Unique | |||
segments | List, items: Dictionary | Required | |||
- name | String | Required, Unique | Segment name. | ||
definition | Dictionary | ||||
interfaces | List, items: String | Min Length: 1 | The names of the source interface e.g. Port-Channel1 - note that platform support is limited. | ||
- <str> | String | ||||
match_lists | List, items: Dictionary | Min Length: 1 Max Length: 2 |
The set of lists that define the segment. These can be a mix of IPv4 and IPv6 prefix or match lists. | ||
- address_family | String | Required, Unique | Valid Values: - ipv4 - ipv6 |
Indicate which address-family the match list belongs to e.g. ipv4 or ipv6. | |
covered_prefix_list | String | The name of the prefix-list. You can have a maximum of one per address-family. Mutually exclusive to the use of match_list. If both are configured prefix takes precedence. | |||
prefix | String | The name of the match-list. You can have a maximum of one per address-family. Mutually exclusive to the use of covered_prefix_list. If both are configured prefix takes precedence. | |||
policies | List, items: Dictionary | The policies controlling traffic into the segment. | |||
- from | String | Required, Unique | The name of the source segment or ‘forwarding-segments’ for all segments. | ||
policy | String | The name of the policy to apply. The built-in policies are ‘policy-forward-all’ and ‘policy-drop-all’. | |||
fallback_policy | String | Only supported on the R3 series platforms, this allows a per-segment default policy to be specified by name. |
router_segment_security:
enabled: <bool>
# Customised application policies.
# Using the Application Traffic Recognition L4 profiles, custom policies can be defined. The built-in application 'app-match-all' can be used to match any packets.
# Note that this is stateless, so both the source and destination flows need to be considered.
policies:
# Policy name.
- name: <str; required; unique>
sequence_numbers: # required
# Sequence ID.
- sequence: <int; 1-1023; required; unique>
# The name of the application.
application: <str; required>
# The action to take - note that platform support for the redirect action is limited. The "redirect" action also requires the 'next_hop' to be configured.
action: <str; "forward" | "drop" | "redirect"; required>
# Enable logging - note that platform support is limited.
log: <bool>
# Take action, regardless of state. Should be set to 'true' for MSS-G.
stateless: <bool; default=True>
# When the action is 'redirect', this indicates the IPv4 next hop to redirect to.
next_hop: <str>
# The name of the VRF that the segments and policies are defined in.
vrfs:
- name: <str; required; unique>
segments: # required
# Segment name.
- name: <str; required; unique>
definition:
# The names of the source interface e.g. Port-Channel1 - note that platform support is limited.
interfaces: # >=1 items
- <str>
# The set of lists that define the segment. These can be a mix of IPv4 and IPv6 prefix or match lists.
match_lists: # 1-2 items
# Indicate which address-family the match list belongs to e.g. ipv4 or ipv6.
- address_family: <str; "ipv4" | "ipv6"; required; unique>
# The name of the prefix-list. You can have a maximum of one per address-family. Mutually exclusive to the use of match_list. If both are configured prefix takes precedence.
covered_prefix_list: <str>
# The name of the match-list. You can have a maximum of one per address-family. Mutually exclusive to the use of covered_prefix_list. If both are configured prefix takes precedence.
prefix: <str>
# The policies controlling traffic into the segment.
policies:
# The name of the source segment or 'forwarding-segments' for all segments.
- from: <str; required; unique>
# The name of the policy to apply. The built-in policies are 'policy-forward-all' and 'policy-drop-all'.
policy: <str>
# Only supported on the R3 series platforms, this allows a per-segment default policy to be specified by name.
fallback_policy: <str>
Switching¶
MLAG configuration¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
mlag_configuration | Dictionary | ||||
domain_id | String | ||||
heartbeat_interval | Integer | Heartbeat interval in milliseconds. | |||
local_interface | String | Local Interface Name. | |||
peer_address | String | IPv4 or IPv6 Address. | |||
peer_address_heartbeat | Dictionary | ||||
peer_ip | String | IPv4 or IPv6 Address. | |||
vrf | String | VRF Name. | |||
dual_primary_detection_delay | Integer | Min: 0 Max: 86400 |
Delay in seconds. | ||
dual_primary_recovery_delay_mlag | Integer | Min: 0 Max: 86400 |
Delay in seconds. | ||
dual_primary_recovery_delay_non_mlag | Integer | Min: 0 Max: 86400 |
Delay in seconds. | ||
peer_link | String | Port-Channel interface name. | |||
reload_delay_mlag | String | Delay in seconds <0-86400> or ‘infinity’. | |||
reload_delay_non_mlag | String | Delay in seconds <0-86400> or ‘infinity’. |
mlag_configuration:
domain_id: <str>
# Heartbeat interval in milliseconds.
heartbeat_interval: <int>
# Local Interface Name.
local_interface: <str>
# IPv4 or IPv6 Address.
peer_address: <str>
peer_address_heartbeat:
# IPv4 or IPv6 Address.
peer_ip: <str>
# VRF Name.
vrf: <str>
# Delay in seconds.
dual_primary_detection_delay: <int; 0-86400>
# Delay in seconds.
dual_primary_recovery_delay_mlag: <int; 0-86400>
# Delay in seconds.
dual_primary_recovery_delay_non_mlag: <int; 0-86400>
# Port-Channel interface name.
peer_link: <str>
# Delay in seconds <0-86400> or 'infinity'.
reload_delay_mlag: <str>
# Delay in seconds <0-86400> or 'infinity'.
reload_delay_non_mlag: <str>
Spanning-tree¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
spanning_tree | Dictionary | ||||
root_super | Boolean | ||||
edge_port | Dictionary | ||||
bpdufilter_default | Boolean | ||||
bpduguard_default | Boolean | ||||
mode | String | Valid Values: - mstp - rstp - rapid-pvst - none |
|||
bpduguard_rate_limit | Dictionary | ||||
default | Boolean | ||||
count | Integer | Maximum number of BPDUs per timer interval. | |||
rstp_priority | Integer | ||||
mst | Dictionary | ||||
pvst_border | Boolean | ||||
configuration | Dictionary | ||||
name | String | ||||
revision | Integer | 0-65535. | |||
instances | List, items: Dictionary | ||||
- id | Integer | Required, Unique | Instance ID. | ||
vlans | String | ”< vlan_id >, < vlan_id >-< vlan_id >” Example: 15,16,17,18 |
|||
mst_instances | List, items: Dictionary | ||||
- id | String | Required, Unique | Instance ID. | ||
priority | Integer | ||||
no_spanning_tree_vlan | String | ”< vlan_id >, < vlan_id >-< vlan_id >” Example: 105,202,505-506 |
|||
rapid_pvst_instances | List, items: Dictionary | ||||
- id | String | Required, Unique | ”< vlan_id >, < vlan_id >-< vlan_id >” Example: 105,202,505-506 |
||
priority | Integer |
spanning_tree:
root_super: <bool>
edge_port:
bpdufilter_default: <bool>
bpduguard_default: <bool>
mode: <str; "mstp" | "rstp" | "rapid-pvst" | "none">
bpduguard_rate_limit:
default: <bool>
# Maximum number of BPDUs per timer interval.
count: <int>
rstp_priority: <int>
mst:
pvst_border: <bool>
configuration:
name: <str>
# 0-65535.
revision: <int>
instances:
# Instance ID.
- id: <int; required; unique>
# "< vlan_id >, < vlan_id >-< vlan_id >"
# Example: 15,16,17,18
vlans: <str>
mst_instances:
# Instance ID.
- id: <str; required; unique>
priority: <int>
# "< vlan_id >, < vlan_id >-< vlan_id >"
# Example: 105,202,505-506
no_spanning_tree_vlan: <str>
rapid_pvst_instances:
# "< vlan_id >, < vlan_id >-< vlan_id >"
# Example: 105,202,505-506
- id: <str; required; unique>
priority: <int>
VLAN internal order¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
vlan_internal_order | Dictionary | ||||
allocation | String | Required | Valid Values: - ascending - descending |
||
range | Dictionary | Required | |||
beginning | Integer | Required | Min: 2 Max: 4094 |
First VLAN ID. | |
ending | Integer | Required | Min: 2 Max: 4094 |
Last VLAN ID. |
VLANs¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
vlans | List, items: Dictionary | ||||
- id | Integer | Required, Unique | VLAN ID. | ||
name | String | VLAN Name. | |||
state | String | Valid Values: - active - suspend |
|||
trunk_groups | List, items: String | ||||
- <str> | String | Trunk Group Name. | |||
private_vlan | Dictionary | ||||
type | String | Valid Values: - community - isolated |
|||
primary_vlan | Integer | Primary VLAN ID. | |||
tenant | String | Key only used for documentation or validation purposes. |
vlans:
# VLAN ID.
- id: <int; required; unique>
# VLAN Name.
name: <str>
state: <str; "active" | "suspend">
trunk_groups:
# Trunk Group Name.
- <str>
private_vlan:
type: <str; "community" | "isolated">
# Primary VLAN ID.
primary_vlan: <int>
# Key only used for documentation or validation purposes.
tenant: <str>
System settings¶
Agents¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
agents | List, items: Dictionary | ||||
- name | String | Required, Unique | Agent name. | ||
environment_variables | List, items: Dictionary | Min Length: 1 | |||
- name | String | Required, Unique | Environment variable name. | ||
value | String | Required | Environment variable value. |
Hardware counters¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
hardware_counters | Dictionary | ||||
features | List, items: Dictionary | This data model allows to configure the list of hardware counters feature available on Arista platforms. The name key accepts a list of valid_values which MUST be updated to supportnew feature as they are released in EOS. The available values of the different keys like ‘direction’ or ‘address_type’ are feature and hardware dependent and this model DOES NOT validate that the combinations are valid. It is the responsibility of the user of this data model to make sure that the rendered CLI is accepted by the targeted device. Examples: * Use: yaml<br> hardware_counters:<br> features:<br> - name: ip<br> direction: out<br> layer3: true<br> units_packets: true<br> to render: eos<br> hardware counter feature ip out layer3 units packets<br> * Use: yaml<br> hardware_counters:<br> features:<br> - name: route<br> address_type: ipv4<br> vrf: test<br> prefix: 192.168.0.0/24<br> to render: eos<br> hardware counter feature route ipv4 vrf test 192.168.0.0/24<br> |
|||
- name | String | Required | Valid Values: - acl - decap-group - directflow - ecn - flow-spec - gre tunnel interface - ip - mpls interface - mpls lfib - mpls tunnel - multicast - nexthop - pbr - pdp - policing interface - qos - qos dual-rate-policer - route - routed-port - segment-security - subinterface - tapagg - traffic-class - traffic-policy - vlan - vlan-interface - vni decap - vni encap - vtep decap - vtep encap |
||
direction | String | Valid Values: - in - out - cpu |
Most features support only ‘in’ and ‘out’. Some like traffic-policy support ‘cpu’. Some features DO NOT have any direction. This validation IS NOT made by the schemas. |
||
address_type | String | Valid Values: - ipv4 - ipv6 - mac |
Supported only for the following features: - acl: [ipv4, ipv6, mac] if direction is ‘out’ - multicast: [ipv4, ipv6] - route: [ipv4, ipv6] This validation IS NOT made by the schemas. |
||
layer3 | Boolean | Supported only for the ‘ip’ feature. |
|||
vrf | String | Supported only for the ‘route’ feature. This validation IS NOT made by the schemas. |
|||
prefix | String | Supported only for the ‘route’ feature. Mandatory for the ‘route’ feature. This validation IS NOT made by the schemas. |
|||
units_packets | Boolean |
hardware_counters:
# This data model allows to configure the list of hardware counters feature
# available on Arista platforms.
#
# The `name` key accepts a list of valid_values which MUST be updated to support
# new feature as they are released in EOS.
#
# The available values of the different keys like 'direction' or 'address_type'
# are feature and hardware dependent and this model DOES NOT validate that the
# combinations are valid. It is the responsibility of the user of this data model
# to make sure that the rendered CLI is accepted by the targeted device.
#
# Examples:
#
# * Use:
# ```yaml
# hardware_counters:
# features:
# - name: ip
# direction: out
# layer3: true
# units_packets: true
# ```
#
# to render:
# ```eos
# hardware counter feature ip out layer3 units packets
# ```
# * Use:
# ```yaml
# hardware_counters:
# features:
# - name: route
# address_type: ipv4
# vrf: test
# prefix: 192.168.0.0/24
# ```
#
# to render:
# ```eos
# hardware counter feature route ipv4 vrf test 192.168.0.0/24
# ```
features:
- name: <str; "acl" | "decap-group" | "directflow" | "ecn" | "flow-spec" | "gre tunnel interface" | "ip" | "mpls interface" | "mpls lfib" | "mpls tunnel" | "multicast" | "nexthop" | "pbr" | "pdp" | "policing interface" | "qos" | "qos dual-rate-policer" | "route" | "routed-port" | "segment-security" | "subinterface" | "tapagg" | "traffic-class" | "traffic-policy" | "vlan" | "vlan-interface" | "vni decap" | "vni encap" | "vtep decap" | "vtep encap"; required>
# Most features support only 'in' and 'out'. Some like traffic-policy support 'cpu'.
# Some features DO NOT have any direction.
# This validation IS NOT made by the schemas.
direction: <str; "in" | "out" | "cpu">
# Supported only for the following features:
# - acl: [ipv4, ipv6, mac] if direction is 'out'
# - multicast: [ipv4, ipv6]
# - route: [ipv4, ipv6]
# This validation IS NOT made by the schemas.
address_type: <str; "ipv4" | "ipv6" | "mac">
# Supported only for the 'ip' feature.
layer3: <bool>
# Supported only for the 'route' feature.
# This validation IS NOT made by the schemas.
vrf: <str>
# Supported only for the 'route' feature.
# Mandatory for the 'route' feature.
# This validation IS NOT made by the schemas.
prefix: <str>
units_packets: <bool>
Hardware¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
hardware | Dictionary | ||||
access_list | Dictionary | ||||
mechanism | String | Valid Values: - algomatch - none - tcam |
|||
speed_groups | List, items: Dictionary | ||||
- speed_group | String | Required, Unique | |||
serdes | String | Serdes speed like “10g” or “25g”. | |||
port_groups | List, items: Dictionary | ||||
- port_group | String | Required, Unique | |||
select | String | Select Ports to activate |
IP hardware¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ip_hardware | Dictionary | ||||
fib | Dictionary | ||||
optimize | Dictionary | ||||
prefixes | Dictionary | ||||
profile | String | Valid Values: - internet - urpf-internet |
IPv6 hardware¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ipv6_hardware | Dictionary | ||||
fib | Dictionary | ||||
optimize | Dictionary | ||||
prefixes | Dictionary | ||||
profile | String | Pre-defined profile ‘internet’ or user-defined profile name. |
L2 protocol¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
l2_protocol | Dictionary | ||||
forwarding_profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
protocols | List, items: Dictionary | ||||
- name | String | Required, Unique | Valid Values: - bfd per-link rfc-7130 - e-lmi - isis - lacp - lldp - macsec - pause - stp |
||
forward | Boolean | ||||
tagged_forward | Boolean | ||||
untagged_forward | Boolean |
MAC address-table¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
mac_address_table | Dictionary | ||||
aging_time | Integer | Aging time in seconds. | |||
notification_host_flap | Dictionary | ||||
logging | Boolean | ||||
detection | Dictionary | ||||
window | Integer | Min: 2 Max: 300 |
|||
moves | Integer | Min: 2 Max: 10 |
Platform¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
platform | Dictionary | Every key below this point is platform dependent. | |||
trident | Dictionary | ||||
forwarding_table_partition | String | ||||
l3 | Dictionary | ||||
routing_mac_address_per_vlan | Boolean | Enable bridging of packets with destination MAC being a Router MAC in VLANs without routing. | |||
mmu | Dictionary | Memory Management Unit settings. |
|||
active_profile | String | The queue profile to be applied to the platform. |
|||
queue_profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | |||
multicast_queues | List, items: Dictionary | ||||
- id | Integer | Required, Unique | Min: 0 Max: 7 |
||
unit | String | Valid Values: - bytes - cells |
Unit to be used for the reservation value. If not specified, default is bytes. |
||
reserved | Integer | Amount of memory that should be reserved for this queue. |
|||
threshold | String | Dynamic Shared Memory threshold. |
|||
drop | Dictionary | ||||
precedence | Integer | Required | Valid Values: - 1 - 2 |
||
threshold | String | Required | Drop Threshold. This value may also be fractions. Example: 7/8 or 3/4 or 1/2 |
||
unicast_queues | List, items: Dictionary | ||||
- id | Integer | Required, Unique | Min: 0 Max: 7 |
||
unit | String | Valid Values: - bytes - cells |
Unit to be used for the reservation value. If not specified, default is bytes. |
||
reserved | Integer | Amount of memory that should be reserved for this queue. |
|||
threshold | String | Dynamic Shared Memory threshold. |
|||
drop | Dictionary | ||||
precedence | Integer | Required | Valid Values: - 1 - 2 |
||
threshold | String | Required | Drop Threshold. This value may also be fractions. Example: 7/8 or 3/4 or 1/2 |
||
sand | Dictionary | Most of the platform sand options are hardware dependent and optional. | |||
qos_maps | List, items: Dictionary | ||||
- traffic_class | Integer | Min: 0 Max: 7 |
|||
to_network_qos | Integer | Min: 0 Max: 63 |
|||
lag | Dictionary | ||||
hardware_only | Boolean | ||||
mode | String | ||||
forwarding_mode | String | ||||
multicast_replication | Dictionary | ||||
default | String | Valid Values: - ingress - egress |
|||
mdb_profile | String | Valid Values: - balanced - balanced-xl - l3 - l3-xl - l3-xxl - l3-xxxl |
Sand platforms MDB Profile configuration. Note: l3-xxxl does not support MLAG. | ||
sfe | Dictionary | Sfe (Software Forwarding Engine) settings. | |||
data_plane_cpu_allocation_max | Integer | Min: 1 Max: 128 |
Maximum number of CPUs used for data plane traffic forwarding. |
# Every key below this point is platform dependent.
platform:
trident:
forwarding_table_partition: <str>
l3:
# Enable bridging of packets with destination MAC being a Router MAC in VLANs without routing.
routing_mac_address_per_vlan: <bool>
# Memory Management Unit settings.
mmu:
# The queue profile to be applied to the platform.
active_profile: <str>
queue_profiles:
- name: <str; required; unique>
multicast_queues:
- id: <int; 0-7; required; unique>
# Unit to be used for the reservation value. If not specified, default is bytes.
unit: <str; "bytes" | "cells">
# Amount of memory that should be reserved for this
# queue.
reserved: <int>
# Dynamic Shared Memory threshold.
threshold: <str>
drop:
precedence: <int; 1 | 2; required>
# Drop Threshold. This value may also be fractions.
# Example: 7/8 or 3/4 or 1/2
threshold: <str; required>
unicast_queues:
- id: <int; 0-7; required; unique>
# Unit to be used for the reservation value. If not specified, default is bytes.
unit: <str; "bytes" | "cells">
# Amount of memory that should be reserved for this
# queue.
reserved: <int>
# Dynamic Shared Memory threshold.
threshold: <str>
drop:
precedence: <int; 1 | 2; required>
# Drop Threshold. This value may also be fractions.
# Example: 7/8 or 3/4 or 1/2
threshold: <str; required>
# Most of the platform sand options are hardware dependent and optional.
sand:
qos_maps:
- traffic_class: <int; 0-7>
to_network_qos: <int; 0-63>
lag:
hardware_only: <bool>
mode: <str>
forwarding_mode: <str>
multicast_replication:
default: <str; "ingress" | "egress">
# Sand platforms MDB Profile configuration. Note: l3-xxxl does not support MLAG.
mdb_profile: <str; "balanced" | "balanced-xl" | "l3" | "l3-xl" | "l3-xxl" | "l3-xxxl">
# Sfe (Software Forwarding Engine) settings.
sfe:
# Maximum number of CPUs used for data plane traffic forwarding.
data_plane_cpu_allocation_max: <int; 1-128>
PoE¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
poe | Dictionary | ||||
reboot | Dictionary | Set the global PoE power behavior for PoE ports when the system is rebooted. | |||
action | String | Valid Values: - power-off - maintain |
PoE action for interface. By default in EOS, reboot action is set to power-off. | ||
interface_shutdown | Dictionary | Set the global PoE power behavior for PoE ports when ports are admin down. | |||
action | String | Valid Values: - power-off - maintain |
PoE action for interface. By default in EOS, interface shutdown action is set to maintain. |
poe:
# Set the global PoE power behavior for PoE ports when the system is rebooted.
reboot:
# PoE action for interface. By default in EOS, reboot action is set to power-off.
action: <str; "power-off" | "maintain">
# Set the global PoE power behavior for PoE ports when ports are admin down.
interface_shutdown:
# PoE action for interface. By default in EOS, interface shutdown action is set to maintain.
action: <str; "power-off" | "maintain">
PTP¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
ptp | Dictionary | ||||
mode | String | Valid Values: - boundary - disabled - e2etransparent - gptp - ordinarymaster - p2ptransparent |
|||
profile | String | Valid Values: - g8275.1 - g8275.2 |
|||
mode_one_step | Boolean | ||||
forward_unicast | Boolean | ||||
clock_identity | String | The clock-id in xx:xx:xx:xx:xx:xx format. | |||
source | Dictionary | ||||
ip | String | Source IP. | |||
priority1 | Integer | Min: 0 Max: 255 |
|||
priority2 | Integer | Min: 0 Max: 255 |
|||
ttl | Integer | Min: 1 Max: 255 |
|||
domain | Integer | Min: 0 Max: 255 |
|||
message_type | Dictionary | ||||
general | Dictionary | ||||
dscp | Integer | ||||
event | Dictionary | ||||
dscp | Integer | ||||
monitor | Dictionary | ||||
enabled | Boolean | True |
|||
threshold | Dictionary | ||||
offset_from_master | Integer | Min: 0 Max: 1000000000 |
|||
mean_path_delay | Integer | Min: 0 Max: 1000000000 |
|||
drop | Dictionary | ||||
offset_from_master | Integer | Min: 0 Max: 1000000000 |
|||
mean_path_delay | Integer | Min: 0 Max: 1000000000 |
|||
missing_message | Dictionary | ||||
intervals | Dictionary | ||||
announce | Integer | Min: 2 Max: 255 |
|||
follow_up | Integer | Min: 2 Max: 255 |
|||
sync | Integer | Min: 2 Max: 255 |
|||
sequence_ids | Dictionary | ||||
enabled | Boolean | ||||
announce | Integer | Min: 2 Max: 255 |
|||
delay_resp | Integer | Min: 2 Max: 255 |
|||
follow_up | Integer | Min: 2 Max: 255 |
|||
sync | Integer | Min: 2 Max: 255 |
ptp:
mode: <str; "boundary" | "disabled" | "e2etransparent" | "gptp" | "ordinarymaster" | "p2ptransparent">
profile: <str; "g8275.1" | "g8275.2">
mode_one_step: <bool>
forward_unicast: <bool>
# The clock-id in xx:xx:xx:xx:xx:xx format.
clock_identity: <str>
source:
# Source IP.
ip: <str>
priority1: <int; 0-255>
priority2: <int; 0-255>
ttl: <int; 1-255>
domain: <int; 0-255>
message_type:
general:
dscp: <int>
event:
dscp: <int>
monitor:
enabled: <bool; default=True>
threshold:
offset_from_master: <int; 0-1000000000>
mean_path_delay: <int; 0-1000000000>
drop:
offset_from_master: <int; 0-1000000000>
mean_path_delay: <int; 0-1000000000>
missing_message:
intervals:
announce: <int; 2-255>
follow_up: <int; 2-255>
sync: <int; 2-255>
sequence_ids:
enabled: <bool>
announce: <int; 2-255>
delay_resp: <int; 2-255>
follow_up: <int; 2-255>
sync: <int; 2-255>
Redundancy¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
redundancy | Dictionary | ||||
protocol | String | Redundancy Protocol. |
System¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
system | Dictionary | ||||
control_plane | Dictionary | ||||
tcp_mss | Dictionary | ||||
ipv4 | Integer | Segment size. | |||
ipv6 | Integer | Segment size. | |||
ipv4_access_groups | List, items: Dictionary | ||||
- acl_name | String | Required | |||
vrf | String | ||||
ipv6_access_groups | List, items: Dictionary | ||||
- acl_name | String | Required | |||
vrf | String | ||||
l1 | Dictionary | ||||
unsupported_speed_action | String | Valid Values: - error - warn |
|||
unsupported_error_correction_action | String | Valid Values: - error - warn |
system:
control_plane:
tcp_mss:
# Segment size.
ipv4: <int>
# Segment size.
ipv6: <int>
ipv4_access_groups:
- acl_name: <str; required>
vrf: <str>
ipv6_access_groups:
- acl_name: <str; required>
vrf: <str>
l1:
unsupported_speed_action: <str; "error" | "warn">
unsupported_error_correction_action: <str; "error" | "warn">
TCAM profile¶
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
tcam_profile | Dictionary | ||||
system | String | TCAM profile name to activate. |
|||
profiles | List, items: Dictionary | ||||
- name | String | Required, Unique | Tcam-Profile Name. | ||
config | String | TCAM Profile Config. Since these can be very long, it is often a good idea to import the config from a file. Example: “{{ lookup(‘file’, ‘TCAM_TRAFFIC_POLICY.conf’) }}” |
|||
source | String | TCAM profile local source path. Used to read the TCAM profile from a local path existing on the device. |
tcam_profile:
# TCAM profile name to activate.
system: <str>
profiles:
# Tcam-Profile Name.
- name: <str; required; unique>
# TCAM Profile Config. Since these can be very long, it is often a good idea to import the config from a file.
# Example: "{{ lookup('file', 'TCAM_TRAFFIC_POLICY.conf') }}"
config: <str>
# TCAM profile local source path. Used to read the TCAM profile from a local path existing on the device.
source: <str>
Metadata¶
These fields are not generating any configuration. They are meant to be used by tools that parse structured configuration.
Variable | Type | Required | Default | Value Restrictions | Description |
---|---|---|---|---|---|
metadata | Dictionary | The data under metadata is used for documentation, validation or integration purposes.It will not affect the generated EOS configuration. |
|||
platform | String | ||||
system_mac_address | String | ||||
cv_tags | Dictionary | ||||
device_tags | List, items: Dictionary | ||||
- name | String | Required | |||
value | String | Required | |||
interface_tags | List, items: Dictionary | ||||
- interface | String | Required | |||
tags | List, items: Dictionary | ||||
- name | String | Required | |||
value | String | Required | |||
cv_pathfinder | Dictionary | Metadata used for CV Pathfinder visualization on CloudVision. | |||
role | String | ||||
region | String | ||||
zone | String | ||||
site | String | ||||
vtep_ip | String | ||||
ssl_profile | String | ||||
address | String | ||||
pathfinders | List, items: Dictionary | ||||
- vtep_ip | String | Required | |||
interfaces | List, items: Dictionary | ||||
- name | String | ||||
carrier | String | ||||
circuit_id | String | ||||
pathgroup | String | ||||
public_ip | String | ||||
pathgroups | List, items: Dictionary | ||||
- name | String | Required | |||
carriers | List, items: Dictionary | ||||
- name | String | ||||
imported_carriers | List, items: Dictionary | ||||
- name | String | ||||
regions | List, items: Dictionary | ||||
- id | Integer | ||||
name | String | ||||
zones | List, items: Dictionary | ||||
- id | Integer | ||||
name | String | ||||
sites | List, items: Dictionary | ||||
- id | Integer | ||||
name | String | ||||
location | Dictionary | ||||
address | String | ||||
vrfs | List, items: Dictionary | ||||
- name | String | ||||
vni | Integer | ||||
avts | List, items: Dictionary | ||||
- constraints | Dictionary | ||||
jitter | Integer | ||||
latency | Integer | ||||
lossrate | String | ||||
hop_count | String | ||||
description | String | ||||
id | Integer | ||||
name | String | ||||
pathgroups | List, items: Dictionary | ||||
- name | String | ||||
preference | String | ||||
application_profiles | List, items: String | ||||
- <str> | String | ||||
internet_exit_policies | List, items: Dictionary | ||||
- name | String | Required | |||
type | String | Required | |||
city | String | Required | |||
country | String | Required | |||
upload_bandwidth | Integer | ||||
download_bandwidth | Integer | ||||
firewall | Boolean | Required | |||
ips_control | Boolean | Required | |||
acceptable_use_policy | Boolean | Required | |||
vpn_credentials | List, items: Dictionary | Required | |||
- fqdn | String | Required | |||
vpn_type | String | Required | |||
pre_shared_key | String | Required | |||
tunnels | List, items: Dictionary | Required | |||
- name | String | Required | |||
preference | String | Required | |||
applications | Dictionary | ||||
profiles | List, items: Dictionary | ||||
- name | String | ||||
builtin_applications | List, items: Dictionary | ||||
- name | String | ||||
services | List, items: String | ||||
- <str> | String | ||||
user_defined_applications | List, items: Dictionary | ||||
- name | String | ||||
categories | List, items: Dictionary | ||||
- category | String | ||||
services | List, items: String | ||||
- <str> | String | ||||
transport_protocols | List, items: String | ||||
- <str> | String | ||||
categories | Dictionary | ||||
builtin_applications | List, items: Dictionary | ||||
- name | String | ||||
category | String | ||||
services | List, items: String | ||||
- <str> | String | ||||
user_defined_applications | List, items: Dictionary | ||||
- name | String | ||||
category | String |
# The data under `metadata` is used for documentation, validation or integration purposes.
# It will not affect the generated EOS configuration.
metadata:
platform: <str>
system_mac_address: <str>
cv_tags:
device_tags:
- name: <str; required>
value: <str; required>
interface_tags:
- interface: <str; required>
tags:
- name: <str; required>
value: <str; required>
# Metadata used for CV Pathfinder visualization on CloudVision.
cv_pathfinder:
role: <str>
region: <str>
zone: <str>
site: <str>
vtep_ip: <str>
ssl_profile: <str>
address: <str>
pathfinders:
- vtep_ip: <str; required>
interfaces:
- name: <str>
carrier: <str>
circuit_id: <str>
pathgroup: <str>
public_ip: <str>
pathgroups:
- name: <str; required>
carriers:
- name: <str>
imported_carriers:
- name: <str>
regions:
- id: <int>
name: <str>
zones:
- id: <int>
name: <str>
sites:
- id: <int>
name: <str>
location:
address: <str>
vrfs:
- name: <str>
vni: <int>
avts:
- constraints:
jitter: <int>
latency: <int>
lossrate: <str>
hop_count: <str>
description: <str>
id: <int>
name: <str>
pathgroups:
- name: <str>
preference: <str>
application_profiles:
- <str>
internet_exit_policies:
- name: <str; required>
type: <str; required>
city: <str; required>
country: <str; required>
upload_bandwidth: <int>
download_bandwidth: <int>
firewall: <bool; required>
ips_control: <bool; required>
acceptable_use_policy: <bool; required>
vpn_credentials: # required
- fqdn: <str; required>
vpn_type: <str; required>
pre_shared_key: <str; required>
tunnels: # required
- name: <str; required>
preference: <str; required>
applications:
profiles:
- name: <str>
builtin_applications:
- name: <str>
services:
- <str>
user_defined_applications:
- name: <str>
categories:
- category: <str>
services:
- <str>
transport_protocols:
- <str>
categories:
builtin_applications:
- name: <str>
category: <str>
services:
- <str>
user_defined_applications:
- name: <str>
category: <str>