Skip to content

Input variables for eos_cli_config_gen

This document describes the supported input variables for the role arista.avd.eos_cli_config_gen.

Since several data models have changed between AVD versions 4.x and 5.x, it is recommended to study the Porting Guide for AVD 5.x.x for existing deployments.

The input variables are documented below in tables and YAML.

All values are optional.

Note

All input variables are validated by a schema. If additional custom keys are desired, a key starting with an underscore _, will be ignored.

Warning

Available features and variables may vary by platforms, refer to documentation on arista.com for specifics.

Authentication

AAA accounting

Variable Type Required Default Value Restrictions Description
aaa_accounting Dictionary
  exec Dictionary
    console Dictionary
      type String Valid Values:
- none
- start-stop
- stop-only
      group String Group Name.
      logging Boolean
    default Dictionary
      type String Valid Values:
- none
- start-stop
- stop-only
      group String Group Name.
      logging Boolean
  system Dictionary
    default Dictionary
      type String Valid Values:
- none
- start-stop
- stop-only
      group String Group Name.
  dot1x Dictionary
    default Dictionary
      type String Valid Values:
- start-stop
- stop-only
      group String Group Name.
  commands Dictionary
    console List, items: Dictionary
      - commands String Privilege level ‘all’ or 0-15.
        type String Valid Values:
- none
- start-stop
- stop-only
        group String Group Name.
        logging Boolean
    default List, items: Dictionary
      - commands String Privilege level ‘all’ or 0-15.
        type String Valid Values:
- none
- start-stop
- stop-only
        group String Group Name.
        logging Boolean
aaa_accounting:
  exec:
    console:
      type: <str; "none" | "start-stop" | "stop-only">

      # Group Name.
      group: <str>
      logging: <bool>
    default:
      type: <str; "none" | "start-stop" | "stop-only">

      # Group Name.
      group: <str>
      logging: <bool>
  system:
    default:
      type: <str; "none" | "start-stop" | "stop-only">

      # Group Name.
      group: <str>
  dot1x:
    default:
      type: <str; "start-stop" | "stop-only">

      # Group Name.
      group: <str>
  commands:
    console:

        # Privilege level 'all' or 0-15.
      - commands: <str>
        type: <str; "none" | "start-stop" | "stop-only">

        # Group Name.
        group: <str>
        logging: <bool>
    default:

        # Privilege level 'all' or 0-15.
      - commands: <str>
        type: <str; "none" | "start-stop" | "stop-only">

        # Group Name.
        group: <str>
        logging: <bool>

AAA authentication

Variable Type Required Default Value Restrictions Description
aaa_authentication Dictionary
  login Dictionary
    default String Login authentication method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group radius group MYGROUP local”
    console String Console authentication method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group radius group MYGROUP local”
  enable Dictionary
    default String Enable authentication method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group radius group MYGROUP local”
  dot1x Dictionary
    default String 802.1x authentication method(s) as a string.
Examples:
- “group radius”
- “group MYGROUP group radius”
  policies Dictionary
    on_failure_log Boolean
    on_success_log Boolean
    local Dictionary
      allow_nopassword Boolean
    lockout Dictionary
      failure Integer Min: 1
Max: 255
      duration Integer Min: 1
Max: 4294967295
      window Integer Min: 1
Max: 4294967295
aaa_authentication:
  login:

    # Login authentication method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group radius group MYGROUP local"
    default: <str>

    # Console authentication method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group radius group MYGROUP local"
    console: <str>
  enable:

    # Enable authentication method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group radius group MYGROUP local"
    default: <str>
  dot1x:

    # 802.1x authentication method(s) as a string.
    # Examples:
    # - "group radius"
    # - "group MYGROUP group radius"
    default: <str>
  policies:
    on_failure_log: <bool>
    on_success_log: <bool>
    local:
      allow_nopassword: <bool>
    lockout:
      failure: <int; 1-255>
      duration: <int; 1-4294967295>
      window: <int; 1-4294967295>

AAA authorization

Variable Type Required Default Value Restrictions Description
aaa_authorization Dictionary
  policy Dictionary
    local_default_role String
  exec Dictionary
    default String Exec authorization method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group radius group MYGROUP local”
  config_commands Boolean
  serial_console Boolean
  dynamic Dictionary
    dot1x_additional_groups List, items: String Min Length: 1
      - <str> String
  commands Dictionary
    all_default String Command authorization method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group tacacs+ group MYGROUP local
    privilege List, items: Dictionary
      - level String Privilege level(s) 0-15.
        default String Command authorization method(s) as a string.
Examples:
- “group tacacs+ local”
- “group MYGROUP none”
- “group tacacs+ group MYGROUP local”
aaa_authorization:
  policy:
    local_default_role: <str>
  exec:

    # Exec authorization method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group radius group MYGROUP local"
    default: <str>
  config_commands: <bool>
  serial_console: <bool>
  dynamic:
    dot1x_additional_groups: # >=1 items
      - <str>
  commands:

    # Command authorization method(s) as a string.
    # Examples:
    # - "group tacacs+ local"
    # - "group MYGROUP none"
    # - "group tacacs+ group MYGROUP local
    all_default: <str>
    privilege:

        # Privilege level(s) 0-15.
      - level: <str>

        # Command authorization method(s) as a string.
        # Examples:
        # - "group tacacs+ local"
        # - "group MYGROUP none"
        # - "group tacacs+ group MYGROUP local"
        default: <str>

AAA root

Variable Type Required Default Value Restrictions Description
aaa_root Dictionary
  disabled Boolean Set to true to configure no aaa root which is the EOS default.
  secret Dictionary
    sha512_password String
aaa_root:

  # Set to `true` to configure `no aaa root` which is the EOS default.
  disabled: <bool>
  secret:
    sha512_password: <str>

AAA server groups

Variable Type Required Default Value Restrictions Description
aaa_server_groups List, items: Dictionary
  - name String Required, Unique Group name.
    type String Valid Values:
- tacacs+
- radius
- ldap
    servers List, items: Dictionary
      - server String Hostname or IP address.
        vrf String VRF name.
aaa_server_groups:

    # Group name.
  - name: <str; required; unique>
    type: <str; "tacacs+" | "radius" | "ldap">
    servers:

        # Hostname or IP address.
      - server: <str>

        # VRF name.
        vrf: <str>

Enable password

Variable Type Required Default Value Restrictions Description
enable_password Dictionary
  disabled Boolean Set to true to configure no enable password which is the EOS default.
  hash_algorithm String Valid Values:
- md5
- sha512
  key String Must be the hash of the password using the specified algorithm.
By default EOS salts the password, so the simplest is to generate the hash on an EOS device.
enable_password:

  # Set to `true` to configure `no enable password` which is the EOS default.
  disabled: <bool>
  hash_algorithm: <str; "md5" | "sha512">

  # Must be the hash of the password using the specified algorithm.
  # By default EOS salts the password, so the simplest is to generate the hash on an EOS device.
  key: <str>

IP radius source-interfaces

Variable Type Required Default Value Restrictions Description
ip_radius_source_interfaces List, items: Dictionary
  - name String Interface Name.
    vrf String VRF Name.
ip_radius_source_interfaces:

    # Interface Name.
  - name: <str>

    # VRF Name.
    vrf: <str>

IP tacacs source-interfaces

Variable Type Required Default Value Restrictions Description
ip_tacacs_source_interfaces List, items: Dictionary
  - name String Interface name.
    vrf String
ip_tacacs_source_interfaces:

    # Interface name.
  - name: <str>
    vrf: <str>

Local users

Variable Type Required Default Value Restrictions Description
local_users List, items: Dictionary
  - name String Required, Unique Username.
    disabled Boolean If true, the user will be removed and all other settings are ignored.
Useful for removing the default “admin” user.
    privilege Integer Min: 0
Max: 15
Initial privilege level with local EXEC authorization.
    role String EOS RBAC Role to be assigned to the user such as “network-admin” or “network-operator”.
    sha512_password String SHA512 Hash of Password.
Must be the hash of the password. By default EOS salts the password with the username, so the simplest is to generate the hash on an EOS device using the same username.
    no_password Boolean If set a password will not be configured for this user. “sha512_password” MUST not be defined for this user.
    ssh_key String
    secondary_ssh_key String
    shell String Valid Values:
- /bin/bash
- /bin/sh
- /sbin/nologin
Specify shell for the user.
local_users:

    # Username.
  - name: <str; required; unique>

    # If true, the user will be removed and all other settings are ignored.
    # Useful for removing the default "admin" user.
    disabled: <bool>

    # Initial privilege level with local EXEC authorization.
    privilege: <int; 0-15>

    # EOS RBAC Role to be assigned to the user such as "network-admin" or "network-operator".
    role: <str>

    # SHA512 Hash of Password.
    # Must be the hash of the password. By default EOS salts the password with the username, so the simplest is to generate the hash on an EOS device using the same username.
    sha512_password: <str>

    # If set a password will not be configured for this user. "sha512_password" MUST not be defined for this user.
    no_password: <bool>
    ssh_key: <str>
    secondary_ssh_key: <str>

    # Specify shell for the user.
    shell: <str; "/bin/bash" | "/bin/sh" | "/sbin/nologin">

Radius server

Variable Type Required Default Value Restrictions Description
radius_server Dictionary
  attribute_32_include_in_access_req Dictionary
    hostname Boolean
    format String Specify the format of the NAS-Identifier. If ‘hostname’ is set, this is ignored.
  deadtime Integer Min: 1
Max: 1000
Time to skip a non-responsive server in minutes.
  dynamic_authorization Dictionary
    port Integer Min: 0
Max: 65535
TCP Port.
    tls_ssl_profile String Name of TLS profile.
  hosts List, items: Dictionary
    - host String Required, Unique Host IP address or name.
      vrf String
      tls Dictionary When TLS is configured, key is ignored..
        enabled Boolean Enable TLS for radius-server.
        ssl_profile String Name of TLS profile.
        port Integer Min: 0
Max: 65535
TCP Port used for TLS. EOS default is 2083.
      timeout Integer Min: 1
Max: 1000
      retransmit Integer Min: 0
Max: 100
      key String Encrypted key - only type 7 supported.
When TLS is configured, key is ignored.
  tls_ssl_profile String Name of global TLS profile.
radius_servers removed List This key was removed. Support was removed in AVD version v5.0.0. Use radius_server.hosts instead.
radius_server:
  attribute_32_include_in_access_req:
    hostname: <bool>

    # Specify the format of the NAS-Identifier. If 'hostname' is set, this is ignored.
    format: <str>

  # Time to skip a non-responsive server in minutes.
  deadtime: <int; 1-1000>
  dynamic_authorization:

    # TCP Port.
    port: <int; 0-65535>

    # Name of TLS profile.
    tls_ssl_profile: <str>
  hosts:

      # Host IP address or name.
    - host: <str; required; unique>
      vrf: <str>

      # When TLS is configured, `key` is ignored..
      tls:

        # Enable TLS for radius-server.
        enabled: <bool>

        # Name of TLS profile.
        ssl_profile: <str>

        # TCP Port used for TLS. EOS default is 2083.
        port: <int; 0-65535>
      timeout: <int; 1-1000>
      retransmit: <int; 0-100>

      # Encrypted key - only type 7 supported.
      # When TLS is configured, `key` is ignored.
      key: <str>

  # Name of global TLS profile.
  tls_ssl_profile: <str>

Roles

Variable Type Required Default Value Restrictions Description
roles List, items: Dictionary
  - name String Required, Unique Role name.
    sequence_numbers List, items: Dictionary
      - sequence Integer Sequence number.
        action String Valid Values:
- permit
- deny
        mode String “config”, “config-all”, “exec” or mode key as string.
        command String Command as string.
roles:

    # Role name.
  - name: <str; required; unique>
    sequence_numbers:

        # Sequence number.
      - sequence: <int>
        action: <str; "permit" | "deny">

        # "config", "config-all", "exec" or mode key as string.
        mode: <str>

        # Command as string.
        command: <str>

Tacacs servers

Variable Type Required Default Value Restrictions Description
tacacs_servers Dictionary
  timeout Integer Min: 1
Max: 1000
Timeout in seconds.
  hosts List, items: Dictionary
    - host String Host IP address or name.
      vrf String
      key String Encrypted key.
      key_type String 7 Valid Values:
- 0
- 7
- 8a
      single_connection Boolean
      timeout Integer Min: 1
Max: 1000
Timeout in seconds.
  policy_unknown_mandatory_attribute_ignore Boolean
tacacs_servers:

  # Timeout in seconds.
  timeout: <int; 1-1000>
  hosts:

      # Host IP address or name.
    - host: <str>
      vrf: <str>

      # Encrypted key.
      key: <str>
      key_type: <str; "0" | "7" | "8a"; default="7">
      single_connection: <bool>

      # Timeout in seconds.
      timeout: <int; 1-1000>
  policy_unknown_mandatory_attribute_ignore: <bool>

ACLs

IP Extended access-lists

AVD currently supports two different data models for extended ACLs:

  • The legacy access_lists data model, for compatibility with existing deployments
  • The improved ip_access_lists data model, for access to more EOS features

Both data models can coexists without conflicts, as different keys are used: access_lists vs ip_access_lists. Access list names must be unique.

The legacy data model supports simplified ACL definition with sequence to action mapping:

Variable Type Required Default Value Restrictions Description
access_lists List, items: Dictionary
  - name String Required, Unique Access-list Name.
    counters_per_entry Boolean
    permit_response_traffic String Valid Values:
- nat
Permit response traffic automatically based on NAT translations.
Minimum EOS version requirement 4.32.2F.
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID.
        action String Required Action as string.
Example: “deny ip any any”
access_lists:

    # Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>

    # Permit response traffic automatically based on NAT translations.
    # Minimum EOS version requirement 4.32.2F.
    permit_response_traffic: <str; "nat">
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "deny ip any any"
        action: <str; required>

The improved data model has a more sophisticated design documented below:

Variable Type Required Default Value Restrictions Description
ip_access_lists List, items: Dictionary
  - name String Required, Unique Access-list Name.
    counters_per_entry Boolean
    entries List, items: Dictionary ACL Entries.
      - sequence Integer ACL entry sequence number.
        remark String Comment up to 100 characters.
If remark is defined, other keys in the ACL entry will be ignored.
        action String Valid Values:
- permit
- deny
ACL action.
Required except for remarks.
        protocol String “ip”, “tcp”, “udp”, “icmp” or other protocol name or number.
Required except for remarks.
        source String “any”, “/” or ““.
” without a mask means host.
Required except for remarks.
        source_ports_match String eq Valid Values:
- eq
- gt
- lt
- neq
- range
        source_ports List, items: String Min Length: 1
          - <str> String TCP/UDP source port name or number.
        destination String “any”, “/” or ““.
” without a mask means host.
Required except for remarks.
        destination_ports_match String eq Valid Values:
- eq
- gt
- lt
- neq
- range
        destination_ports List, items: String Min Length: 1
          - <str> String TCP/UDP destination port name or number.
        tcp_flags List, items: String
          - <str> String TCP Flag Name.
        fragments Boolean Match non-head fragment packets.
        log Boolean Log matches against this rule.
        ttl Integer Min: 0
Max: 255
TTL value.
        ttl_match String eq Valid Values:
- eq
- gt
- lt
- neq
        icmp_type String Message type name/number for ICMP packets.
        icmp_code String Message code for ICMP packets.
        nexthop_group String nexthop-group name.
        tracked Boolean Match packets in existing ICMP/UDP/TCP connections.
        dscp String DSCP value or name.
        vlan_number Integer
        vlan_inner Boolean False
        vlan_mask String 0x000-0xFFF VLAN mask.
    permit_response_traffic String Valid Values:
- nat
Permit response traffic automatically based on NAT translations.
Minimum EOS version requirement 4.32.2F.
ip_access_lists:

    # Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>

    # ACL Entries.
    entries:

        # ACL entry sequence number.
      - sequence: <int>

        # Comment up to 100 characters.
        # If remark is defined, other keys in the ACL entry will be ignored.
        remark: <str>

        # ACL action.
        # Required except for remarks.
        action: <str; "permit" | "deny">

        # "ip", "tcp", "udp", "icmp" or other protocol name or number.
        # Required except for remarks.
        protocol: <str>

        # "any", "<ip>/<mask>" or "<ip>".
        # "<ip>" without a mask means host.
        # Required except for remarks.
        source: <str>
        source_ports_match: <str; "eq" | "gt" | "lt" | "neq" | "range"; default="eq">
        source_ports: # >=1 items

            # TCP/UDP source port name or number.
          - <str>

        # "any", "<ip>/<mask>" or "<ip>".
        # "<ip>" without a mask means host.
        # Required except for remarks.
        destination: <str>
        destination_ports_match: <str; "eq" | "gt" | "lt" | "neq" | "range"; default="eq">
        destination_ports: # >=1 items

            # TCP/UDP destination port name or number.
          - <str>
        tcp_flags:

            # TCP Flag Name.
          - <str>

        # Match non-head fragment packets.
        fragments: <bool>

        # Log matches against this rule.
        log: <bool>

        # TTL value.
        ttl: <int; 0-255>
        ttl_match: <str; "eq" | "gt" | "lt" | "neq"; default="eq">

        # Message type name/number for ICMP packets.
        icmp_type: <str>

        # Message code for ICMP packets.
        icmp_code: <str>

        # nexthop-group name.
        nexthop_group: <str>

        # Match packets in existing ICMP/UDP/TCP connections.
        tracked: <bool>

        # DSCP value or name.
        dscp: <str>
        vlan_number: <int>
        vlan_inner: <bool; default=False>

        # 0x000-0xFFF VLAN mask.
        vlan_mask: <str>

    # Permit response traffic automatically based on NAT translations.
    # Minimum EOS version requirement 4.32.2F.
    permit_response_traffic: <str; "nat">

The improved data model allows to limit the number of ACL entries that AVD is allowed to generate by defining ip_access_lists_max_entries. Only normal entries under ip_access_lists will be counted, remarks will be ignored. If the number is above the limit, the playbook will fail. This provides a simplified control over hardware utilization. The numbers must be based on the hardware tests and AVD does not provide any guidance. Note that other EOS features may use the same hardware resources and affect the supported scale.

Variable Type Required Default Value Restrictions Description
ip_access_lists_max_entries Integer Limit ACL entries defined under the ip_access_lists.
# Limit ACL entries defined under the `ip_access_lists`.
ip_access_lists_max_entries: <int>

IPv6 access-lists

Variable Type Required Default Value Restrictions Description
ipv6_access_lists List, items: Dictionary
  - name String Required, Unique IPv6 Access-list Name.
    counters_per_entry Boolean
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID.
        action String Required Action as string.
Example: “deny ipv6 any any”
ipv6_access_lists:

    # IPv6 Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "deny ipv6 any any"
        action: <str; required>

IPv6 standard access-lists

Variable Type Required Default Value Restrictions Description
ipv6_standard_access_lists List, items: Dictionary
  - name String Required, Unique Access-list Name.
    counters_per_entry Boolean
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID.
        action String Required Action as string.
Example: “deny ipv6 any any”
ipv6_standard_access_lists:

    # Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "deny ipv6 any any"
        action: <str; required>

MAC access-lists

Variable Type Required Default Value Restrictions Description
mac_access_lists List, items: Dictionary
  - name String Required, Unique MAC Access-list Name.
    counters_per_entry Boolean
    entries List, items: Dictionary
      - sequence Integer
        action String
mac_access_lists:

    # MAC Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>
    entries:
      - sequence: <int>
        action: <str>

Standard access-lists

Variable Type Required Default Value Restrictions Description
standard_access_lists List, items: Dictionary
  - name String Required, Unique Access-list Name.
    counters_per_entry Boolean
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID.
        action String Required Action as string.
Example: “deny ip any any”
standard_access_lists:

    # Access-list Name.
  - name: <str; required; unique>
    counters_per_entry: <bool>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "deny ip any any"
        action: <str; required>

Endpoint Security

Address-locking

Variable Type Required Default Value Restrictions Description
address_locking Dictionary
  dhcp_servers_ipv4 List, items: String
    - <str> String DHCP server IPv4 address.
  disabled Boolean Disable IP locking on configured ports.
  leases List, items: Dictionary
    - ip String Required IP address.
      mac String Required MAC address (hhhh.hhhh.hhhh or hh:hh:hh:hh:hh:hh).
  local_interface String
  locked_address Dictionary
    expiration_mac_disabled Boolean Configure deauthorizing locked addresses upon MAC aging out.
    ipv4_enforcement_disabled Boolean Configure enforcement for locked IPv4 addresses.
    ipv6_enforcement_disabled Boolean Configure enforcement for locked IPv6 addresses.
address_locking:
  dhcp_servers_ipv4:

      # DHCP server IPv4 address.
    - <str>

  # Disable IP locking on configured ports.
  disabled: <bool>
  leases:

      # IP address.
    - ip: <str; required>

      # MAC address (hhhh.hhhh.hhhh or hh:hh:hh:hh:hh:hh).
      mac: <str; required>
  local_interface: <str>
  locked_address:

    # Configure deauthorizing locked addresses upon MAC aging out.
    expiration_mac_disabled: <bool>

    # Configure enforcement for locked IPv4 addresses.
    ipv4_enforcement_disabled: <bool>

    # Configure enforcement for locked IPv6 addresses.
    ipv6_enforcement_disabled: <bool>

Dot1x

Variable Type Required Default Value Restrictions Description
dot1x Dictionary
  system_auth_control Boolean
  protocol_lldp_bypass Boolean
  protocol_bpdu_bypass Boolean
  dynamic_authorization Boolean
  mac_based_authentication Dictionary
    delay Integer Min: 0
Max: 300
    hold_period Integer Min: 1
Max: 300
  radius_av_pair_username_format Dictionary RADIUS AV-pair username settings.
    delimiter String Required Valid Values:
- colon
- hyphen
- none
- period
Delimiter to use in MAC address string.
    mac_string_case String Required Valid Values:
- lowercase
- uppercase
MAC address string in lowercase/uppercase.
  radius_av_pair Dictionary
    service_type Boolean
    framed_mtu Integer Min: 68
Max: 9236
    lldp Dictionary
      system_name Dictionary LLDP system name (LLDP TLV 5) av-pair.
        enabled Boolean Required
        auth_only Boolean
      system_description Dictionary LLDP system description (LLDP TLV 6) av-pair.
        enabled Boolean Required
        auth_only Boolean
    dhcp Dictionary
      hostname Dictionary Hostname (DHCP Option 12).
        enabled Boolean Required
        auth_only Boolean
      parameter_request_list Dictionary Parameters requested by host (DHCP Option 55).
        enabled Boolean Required
        auth_only Boolean
      vendor_class_id Dictionary Vendor class identifier (DHCP Option 60).
        enabled Boolean Required
        auth_only Boolean
  aaa Dictionary Configure AAA parameters.
    unresponsive Dictionary Configure AAA timeout options.
      eap_response String Valid Values:
- success
- disabled
EAP response to send.
      action Dictionary Set action for supplicant when AAA times out.
        apply_cached_results Boolean Use results from a previous AAA response.
        cached_results_timeout Dictionary
          time_duration Integer Min: 1 Enable caching for a specific duration -
<1-10000> duration in days
<1-14400000> duration in minutes
<1-240000> duration in hours
<1-864000000> duration in seconds
          time_duration_unit String Required Valid Values:
- days
- hours
- minutes
- seconds
        apply_alternate Boolean Apply alternate action if primary action fails.
eg. aaa unresponsive action apply cached-results else traffic allow
        traffic_allow Boolean Set action for supplicant traffic when AAA times out.
        traffic_allow_vlan Integer Min: 1
Max: 4094
      phone_action Dictionary Set action for supplicant when AAA times out.
        apply_cached_results Boolean Use results from a previous AAA response.
        cached_results_timeout Dictionary
          time_duration Integer Min: 1 Enable caching for a specific duration -
<1-10000> duration in days
<1-14400000> duration in minutes
<1-240000> duration in hours
<1-864000000> duration in seconds
          time_duration_unit String Required Valid Values:
- days
- hours
- minutes
- seconds
        apply_alternate Boolean Apply alternate action if primary action fails.
eg. aaa unresponsive phone action apply cached-results else traffic allow
        traffic_allow Boolean Set action for supplicant traffic when AAA times out.
      recovery_action_reauthenticate Boolean
    accounting_update_interval Integer Min: 5
Max: 65535
Interval period in seconds.
  captive_portal Dictionary Web authentication feature authenticates a supplicant through a web page, referred to as a captive portal.
    enabled Boolean Required
    url String Supported URL type:
- http: http://[:]
- https: https://[:]
    ssl_profile String
    start_limit_infinite Boolean Set captive-portal start limit to infinite.
    access_list_ipv4 String Standard access-list name.
  supplicant Dictionary
    profiles List, items: Dictionary Dot1x supplicant profiles.
      - name String Required, Unique
        eap_method String Valid Values:
- fast
- tls
Extensible Authentication Protocol method:
- EAP Flexible Authentication via Secure Tunneling.
- EAP with Transport Layer Security.
        identity String User identity.
        passphrase_type String 7 Valid Values:
- 0
- 7
- 8a
        passphrase String Extensible Authentication Protocol password.
        ssl_profile String
    logging Boolean Enable supplicant logging.
    disconnect_cached_results_timeout Integer Min: 60
Max: 65535
Timeout in seconds for removing a disconnected supplicant.
dot1x:
  system_auth_control: <bool>
  protocol_lldp_bypass: <bool>
  protocol_bpdu_bypass: <bool>
  dynamic_authorization: <bool>
  mac_based_authentication:
    delay: <int; 0-300>
    hold_period: <int; 1-300>

  # RADIUS AV-pair username settings.
  radius_av_pair_username_format:

    # Delimiter to use in MAC address string.
    delimiter: <str; "colon" | "hyphen" | "none" | "period"; required>

    # MAC address string in lowercase/uppercase.
    mac_string_case: <str; "lowercase" | "uppercase"; required>
  radius_av_pair:
    service_type: <bool>
    framed_mtu: <int; 68-9236>
    lldp:

      # LLDP system name (LLDP TLV 5) av-pair.
      system_name:
        enabled: <bool; required>
        auth_only: <bool>

      # LLDP system description (LLDP TLV 6) av-pair.
      system_description:
        enabled: <bool; required>
        auth_only: <bool>
    dhcp:

      # Hostname (DHCP Option 12).
      hostname:
        enabled: <bool; required>
        auth_only: <bool>

      # Parameters requested by host (DHCP Option 55).
      parameter_request_list:
        enabled: <bool; required>
        auth_only: <bool>

      # Vendor class identifier (DHCP Option 60).
      vendor_class_id:
        enabled: <bool; required>
        auth_only: <bool>

  # Configure AAA parameters.
  aaa:

    # Configure AAA timeout options.
    unresponsive:

      # EAP response to send.
      eap_response: <str; "success" | "disabled">

      # Set action for supplicant when AAA times out.
      action:

        # Use results from a previous AAA response.
        apply_cached_results: <bool>
        cached_results_timeout:

          # Enable caching for a specific duration -
          # <1-10000>      duration in days
          # <1-14400000>   duration in minutes
          # <1-240000>     duration in hours
          # <1-864000000>  duration in seconds
          time_duration: <int; >=1>
          time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>

        # Apply alternate action if primary action fails.
        # eg. aaa unresponsive action apply cached-results else traffic allow
        apply_alternate: <bool>

        # Set action for supplicant traffic when AAA times out.
        traffic_allow: <bool>
        traffic_allow_vlan: <int; 1-4094>

      # Set action for supplicant when AAA times out.
      phone_action:

        # Use results from a previous AAA response.
        apply_cached_results: <bool>
        cached_results_timeout:

          # Enable caching for a specific duration -
          # <1-10000>      duration in days
          # <1-14400000>   duration in minutes
          # <1-240000>     duration in hours
          # <1-864000000>  duration in seconds
          time_duration: <int; >=1>
          time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>

        # Apply alternate action if primary action fails.
        # eg. aaa unresponsive phone action apply cached-results else traffic allow
        apply_alternate: <bool>

        # Set action for supplicant traffic when AAA times out.
        traffic_allow: <bool>
      recovery_action_reauthenticate: <bool>

    # Interval period in seconds.
    accounting_update_interval: <int; 5-65535>

  # Web authentication feature authenticates a supplicant through a web page, referred to as a captive portal.
  captive_portal:
    enabled: <bool; required>

    # Supported URL type:
    #   - http: http://<hostname>[:<port>]
    #   - https: https://<hostname>[:<port>]
    url: <str>
    ssl_profile: <str>

    # Set captive-portal start limit to infinite.
    start_limit_infinite: <bool>

    # Standard access-list name.
    access_list_ipv4: <str>
  supplicant:

    # Dot1x supplicant profiles.
    profiles:
      - name: <str; required; unique>

        # Extensible Authentication Protocol method:
        #   - EAP Flexible Authentication via Secure Tunneling.
        #   - EAP with Transport Layer Security.
        eap_method: <str; "fast" | "tls">

        # User identity.
        identity: <str>
        passphrase_type: <str; "0" | "7" | "8a"; default="7">

        # Extensible Authentication Protocol password.
        passphrase: <str>
        ssl_profile: <str>

    # Enable supplicant logging.
    logging: <bool>

    # Timeout in seconds for removing a disconnected supplicant.
    disconnect_cached_results_timeout: <int; 60-65535>

MAC security

Variable Type Required Default Value Restrictions Description
mac_security Dictionary
  license Dictionary
    license_name String Required
    license_key String Required
  fips_restrictions Boolean
  profiles List, items: Dictionary
    - name String Required, Unique Profile-Name.
      cipher String Valid Values:
- aes128-gcm
- aes128-gcm-xpn
- aes256-gcm
- aes256-gcm-xpn
      connection_keys List, items: Dictionary
        - id String Required, Unique
          encrypted_key String
          fallback Boolean
      mka Dictionary
        key_server_priority Integer Min: 0
Max: 255
        session Dictionary
          rekey_period Integer Min: 30
Max: 100000
Rekey period in seconds.
      sci Boolean
      l2_protocols Dictionary
        ethernet_flow_control Dictionary
          mode String Required Valid Values:
- encrypt
- bypass
        lldp Dictionary
          mode String Required Valid Values:
- bypass
- bypass unauthorized
      traffic_unprotected Dictionary
        action String Required Valid Values:
- allow
- drop
Allow/drop the transmit/receive of unprotected traffic.
        allow_active_sak Boolean Allow transmit/receive of encrypted traffic using operational SAK and block otherwise.
mac_security:
  license:
    license_name: <str; required>
    license_key: <str; required>
  fips_restrictions: <bool>
  profiles:

      # Profile-Name.
    - name: <str; required; unique>
      cipher: <str; "aes128-gcm" | "aes128-gcm-xpn" | "aes256-gcm" | "aes256-gcm-xpn">
      connection_keys:
        - id: <str; required; unique>
          encrypted_key: <str>
          fallback: <bool>
      mka:
        key_server_priority: <int; 0-255>
        session:

          # Rekey period in seconds.
          rekey_period: <int; 30-100000>
      sci: <bool>
      l2_protocols:
        ethernet_flow_control:
          mode: <str; "encrypt" | "bypass"; required>
        lldp:
          mode: <str; "bypass" | "bypass unauthorized"; required>
      traffic_unprotected:

        # Allow/drop the transmit/receive of unprotected traffic.
        action: <str; "allow" | "drop"; required>

        # Allow transmit/receive of encrypted traffic using operational SAK and block otherwise.
        allow_active_sak: <bool>

Filters and policies

AS path

Variable Type Required Default Value Restrictions Description
as_path Dictionary
  regex_mode String Valid Values:
- asn
- string
  access_lists List, items: Dictionary
    - name String Required, Unique Access List Name.
      entries List, items: Dictionary
        - type String Valid Values:
- permit
- deny
          match String Regex To Match.
          origin String any Valid Values:
- any
- egp
- igp
- incomplete
as_path:
  regex_mode: <str; "asn" | "string">
  access_lists:

      # Access List Name.
    - name: <str; required; unique>
      entries:
        - type: <str; "permit" | "deny">

          # Regex To Match.
          match: <str>
          origin: <str; "any" | "egp" | "igp" | "incomplete"; default="any">

Class-maps

Variable Type Required Default Value Restrictions Description
class_maps Dictionary
  pbr List, items: Dictionary
    - name String Required, Unique Class-Map Name.
      ip Dictionary
        access_group String Standard Access-List Name.
  qos List, items: Dictionary
    - name String Required, Unique Class-Map Name.
      vlan String VLAN value(s) or range(s) of VLAN values.
      cos String CoS value(s) or range(s) of CoS values.
      ip Dictionary
        access_group String IPv4 Access-List Name.
      ipv6 Dictionary
        access_group String IPv6 Access-List Name.
class_maps:
  pbr:

      # Class-Map Name.
    - name: <str; required; unique>
      ip:

        # Standard Access-List Name.
        access_group: <str>
  qos:

      # Class-Map Name.
    - name: <str; required; unique>

      # VLAN value(s) or range(s) of VLAN values.
      vlan: <str>

      # CoS value(s) or range(s) of CoS values.
      cos: <str>
      ip:

        # IPv4 Access-List Name.
        access_group: <str>
      ipv6:

        # IPv6 Access-List Name.
        access_group: <str>

Dynamic prefix lists

Variable Type Required Default Value Restrictions Description
dynamic_prefix_lists List, items: Dictionary
  - name String Dynamic prefix-list name.
    match_map String Route-map name.
    prefix_list Dictionary
      ipv4 String Prefix-list name.
      ipv6 String Prefix-list name.
dynamic_prefix_lists:

    # Dynamic prefix-list name.
  - name: <str>

    # Route-map name.
    match_map: <str>
    prefix_list:

      # Prefix-list name.
      ipv4: <str>

      # Prefix-list name.
      ipv6: <str>

IP community lists

AVD currently supports two different data models for community lists:

  • The legacy community_lists data model that can be used for compatibility with the existing deployments.
  • The improved ip_community_lists data model.

Both data models can coexist without conflicts, as different keys are used: community_lists vs ip_community_lists. Community list names must be unique.

The legacy data model supports simplified community list definition that only allows a single action to be defined as string:

Variable Type Required Default Value Restrictions Description
community_lists deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0. Use ip_community_lists instead.
  - name String Required, Unique Community-list Name.
    action String Required Action as string.
Example: “permit GSHUT 65123:123”
# This key is deprecated.
# Support will be removed in AVD version 6.0.0.
# Use <samp>ip_community_lists</samp> instead.
community_lists:

    # Community-list Name.
  - name: <str; required; unique>

    # Action as string.
    # Example: "permit GSHUT 65123:123"
    action: <str; required>

The improved data model has a better design documented below:

Variable Type Required Default Value Restrictions Description
ip_community_lists List, items: Dictionary Communities and regexp entries MUST not be configured in the same community-list.
  - name String Required, Unique IP Community-list Name.
    entries List, items: Dictionary Required
      - action String Required Valid Values:
- permit
- deny
        communities List, items: String If defined, a standard community-list will be configured.
Supported community strings (case insensitive):
- GSHUT
- internet
- local-as
- no-advertise
- no-export
- <1-4294967040>
- aa:nn
          - <str> String
        regexp String Regular Expression.
If defined, a regex community-list will be configured.
# Communities and regexp entries MUST not be configured in the same community-list.
ip_community_lists:

    # IP Community-list Name.
  - name: <str; required; unique>
    entries: # required
      - action: <str; "permit" | "deny"; required>

        # If defined, a standard community-list will be configured.
        # Supported community strings (case insensitive):
        # - GSHUT
        # - internet
        # - local-as
        # - no-advertise
        # - no-export
        # - <1-4294967040>
        # - aa:nn
        communities:
          - <str>

        # Regular Expression.
        # If defined, a regex community-list will be configured.
        regexp: <str>

IP extcommunity-lists

Variable Type Required Default Value Restrictions Description
ip_extcommunity_lists List, items: Dictionary
  - name String Required, Unique Community-list Name.
    entries List, items: Dictionary Required
      - type String Required Valid Values:
- permit
- deny
        extcommunities String Required Communities as string.
Example: “65000:65000”
ip_extcommunity_lists:

    # Community-list Name.
  - name: <str; required; unique>
    entries: # required
      - type: <str; "permit" | "deny"; required>

        # Communities as string.
        # Example: "65000:65000"
        extcommunities: <str; required>

IP extcommunity-lists-regexp

Variable Type Required Default Value Restrictions Description
ip_extcommunity_lists_regexp List, items: Dictionary
  - name String Required, Unique Community-list Name.
    entries List, items: Dictionary Required
      - type String Required Valid Values:
- permit
- deny
        regexp String Required Regular Expression.
ip_extcommunity_lists_regexp:

    # Community-list Name.
  - name: <str; required; unique>
    entries: # required
      - type: <str; "permit" | "deny"; required>

        # Regular Expression.
        regexp: <str; required>

IPv6 prefix-lists

Variable Type Required Default Value Restrictions Description
ipv6_prefix_lists List, items: Dictionary
  - name String Required, Unique Prefix-list Name.
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID.
        action String Required Action as string.
Example: “permit 1b11:3a00:22b0:0082::/64 eq 128”
ipv6_prefix_lists:

    # Prefix-list Name.
  - name: <str; required; unique>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "permit 1b11:3a00:22b0:0082::/64 eq 128"
        action: <str; required>

Match list input

Variable Type Required Default Value Restrictions Description
match_list_input Dictionary
  prefix_ipv4 List, items: Dictionary
    - name String Required, Unique Prefix-List Name.
      prefixes List, items: String Required Min Length: 1 List of IPv4 prefixes (with the subnet mask e.g. 192.0.2.0/24).
        - <str> String
  prefix_ipv6 List, items: Dictionary
    - name String Required, Unique Prefix-List Name.
      prefixes List, items: String Required Min Length: 1 List of IPv6 prefixes (with the subnet mask e.g. 2001:db8:abcd:0013::/64).
        - <str> String
  string List, items: Dictionary
    - name String Required, Unique Match-list Name.
      sequence_numbers List, items: Dictionary Required
        - sequence Integer Required, Unique Sequence ID.
          match_regex String Required Regular Expression.
match_list_input:
  prefix_ipv4:

      # Prefix-List Name.
    - name: <str; required; unique>

      # List of IPv4 prefixes (with the subnet mask e.g. 192.0.2.0/24).
      prefixes: # >=1 items; required
        - <str>
  prefix_ipv6:

      # Prefix-List Name.
    - name: <str; required; unique>

      # List of IPv6 prefixes (with the subnet mask e.g. 2001:db8:abcd:0013::/64).
      prefixes: # >=1 items; required
        - <str>
  string:

      # Match-list Name.
    - name: <str; required; unique>
      sequence_numbers: # required

          # Sequence ID.
        - sequence: <int; required; unique>

          # Regular Expression.
          match_regex: <str; required>

Peer-filters

Variable Type Required Default Value Restrictions Description
peer_filters List, items: Dictionary
  - name String Required, Unique Peer-filter Name.
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID.
        match String Required Match as string.
Example: “as-range 1-100 result accept”
peer_filters:

    # Peer-filter Name.
  - name: <str; required; unique>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>

        # Match as string.
        # Example: "as-range 1-100 result accept"
        match: <str; required>

Policy-maps

Variable Type Required Default Value Restrictions Description
policy_maps Dictionary
  pbr List, items: Dictionary PBR Policy-Maps.
    - name String Required, Unique Policy-Map Name.
      classes List, items: Dictionary
        - name String Required, Unique Class Name.
          index Integer
          drop Boolean ‘drop’ and ‘set’ are mutually exclusive.
          set Dictionary Set Nexthop
‘drop’ and ‘set’ are mutually exclusive.
            nexthop Dictionary
              ip_address String IPv4 or IPv6 Address.
              recursive Boolean
  qos List, items: Dictionary QOS Policy-Maps.
    - name String Required, Unique Policy-Map Name.
      classes List, items: Dictionary
        - name String Required, Unique Class Name.
          set Dictionary
            cos Integer
            dscp String
            traffic_class Integer
            drop_precedence Integer
          police Dictionary
            rate Integer Specify rate.
Range in kbps <8-200000000>.
            rate_unit String bps Valid Values:
- bps
- kbps
- mbps
- pps
            rate_burst_size Integer Range in bytes <256-128000000>.
            rate_burst_size_unit String bytes Valid Values:
- bytes
- kbytes
- mbytes
- packets
            action Dictionary
              type String Valid Values:
- dscp
- drop-precedence
Set action for policed traffic.
              dscp_value String Set when action.type is set to “dscp”.
            higher_rate Integer Specify higher rate.
Range in kbps .
            higher_rate_unit String bps Valid Values:
- bps
- kbps
- mbps
- pps
            higher_rate_burst_size Integer Range in bytes <256-128000000>.
            higher_rate_burst_size_unit String bytes Valid Values:
- bytes
- kbytes
- mbytes
- packets
  copp_system_policy Dictionary Control-plane policy configuration.
    classes List, items: Dictionary
      - name String Required, Unique
        shape Integer Min: 0
Max: 10000000
Maximum rate limit.
        bandwidth Integer Min: 0
Max: 10000000
Minimum bandwidth.
        rate_unit String Valid Values:
- pps
- kbps
The rate_unit must be defined for shape and bandwidth.
policy_maps:

  # PBR Policy-Maps.
  pbr:

      # Policy-Map Name.
    - name: <str; required; unique>
      classes:

          # Class Name.
        - name: <str; required; unique>
          index: <int>

          # 'drop' and 'set' are mutually exclusive.
          drop: <bool>

          # Set Nexthop
          # 'drop' and 'set' are mutually exclusive.
          set:
            nexthop:

              # IPv4 or IPv6 Address.
              ip_address: <str>
              recursive: <bool>

  # QOS Policy-Maps.
  qos:

      # Policy-Map Name.
    - name: <str; required; unique>
      classes:

          # Class Name.
        - name: <str; required; unique>
          set:
            cos: <int>
            dscp: <str>
            traffic_class: <int>
            drop_precedence: <int>
          police:

            # Specify rate.
            # Range in kbps <8-200000000>.
            rate: <int>
            rate_unit: <str; "bps" | "kbps" | "mbps" | "pps"; default="bps">

            # Range in bytes <256-128000000>.
            rate_burst_size: <int>
            rate_burst_size_unit: <str; "bytes" | "kbytes" | "mbytes" | "packets"; default="bytes">
            action:

              # Set action for policed traffic.
              type: <str; "dscp" | "drop-precedence">

              # Set when action.type is set to "dscp".
              dscp_value: <str>

            # Specify higher rate.
            # Range in kbps <lower_rate in kbps + 8 - lower_rate in kbps + 200000000>.
            higher_rate: <int>
            higher_rate_unit: <str; "bps" | "kbps" | "mbps" | "pps"; default="bps">

            # Range in bytes <256-128000000>.
            higher_rate_burst_size: <int>
            higher_rate_burst_size_unit: <str; "bytes" | "kbytes" | "mbytes" | "packets"; default="bytes">

  # Control-plane policy configuration.
  copp_system_policy:
    classes:
      - name: <str; required; unique>

        # Maximum rate limit.
        shape: <int; 0-10000000>

        # Minimum bandwidth.
        bandwidth: <int; 0-10000000>

        # The `rate_unit` must be defined for `shape` and `bandwidth`.
        rate_unit: <str; "pps" | "kbps">

Prefix-lists

Variable Type Required Default Value Restrictions Description
prefix_lists List, items: Dictionary
  - name String Required, Unique Prefix-list Name.
    sequence_numbers List, items: Dictionary
      - sequence Integer Required, Unique Sequence ID.
        action String Required Action as string.
Example: “permit 10.255.0.0/27 eq 32”
prefix_lists:

    # Prefix-list Name.
  - name: <str; required; unique>
    sequence_numbers:

        # Sequence ID.
      - sequence: <int; required; unique>

        # Action as string.
        # Example: "permit 10.255.0.0/27 eq 32"
        action: <str; required>

Route-maps

Variable Type Required Default Value Restrictions Description
route_maps List, items: Dictionary
  - name String Required, Unique Route-map Name.
    sequence_numbers List, items: Dictionary Required
      - sequence Integer Required, Unique Sequence ID.
        type String Required Valid Values:
- permit
- deny
        description String
        match List, items: String List of “match” statements.
          - <str> String Match as string.
Example: “ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY”
        set List, items: String List of “set” statements.
          - <str> String Set as string.
Example: “origin incomplete”
        sub_route_map String Name of Sub-Route-map.
        continue Dictionary
          enabled Boolean
          sequence_number Integer
route_maps:

    # Route-map Name.
  - name: <str; required; unique>
    sequence_numbers: # required

        # Sequence ID.
      - sequence: <int; required; unique>
        type: <str; "permit" | "deny"; required>
        description: <str>

        # List of "match" statements.
        match:

            # Match as string.
            # Example: "ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY"
          - <str>

        # List of "set" statements.
        set:

            # Set as string.
            # Example: "origin incomplete"
          - <str>

        # Name of Sub-Route-map.
        sub_route_map: <str>
        continue:
          enabled: <bool>
          sequence_number: <int>

Trackers

Variable Type Required Default Value Restrictions Description
trackers List, items: Dictionary
  - name String Required, Unique Name of tracker object.
    interface String Required Name of tracked interface.
    tracked_property String line-protocol Property to track.
trackers:

    # Name of tracker object.
  - name: <str; required; unique>

    # Name of tracked interface.
    interface: <str; required>

    # Property to track.
    tracked_property: <str; default="line-protocol">

Traffic policies

Variable Type Required Default Value Restrictions Description
traffic_policies Dictionary
  options Dictionary
    counter_per_interface Boolean
  field_sets Dictionary
    ipv4 List, items: Dictionary
      - name String Required, Unique IPv4 Prefix Field Set Name.
        prefixes List, items: String
          - <str> String IPv4 Prefix.
    ipv6 List, items: Dictionary
      - name String Required, Unique IPv6 Prefix Field Set Name.
        prefixes List, items: String
          - <str> String IPv6 Prefix.
    ports List, items: Dictionary
      - name String Required, Unique L4 Port Field Set Name.
        port_range String Example: ‘10,20,80,440-450’
  policies List, items: Dictionary
    - name String Required, Unique Traffic Policy Name.
      matches List, items: Dictionary
        - name String Required, Unique Traffic Policy Item.
          type String Required Valid Values:
- ipv4
- ipv6
          source Dictionary
            prefixes List, items: String
              - <str> String IP address or prefix.
            prefix_lists List, items: String Field-set prefix lists.
              - <str> String
          destination Dictionary
            prefixes List, items: String
              - <str> String IP address or prefix.
            prefix_lists List, items: String Field-set prefix lists.
              - <str> String
          ttl String TTL range.
          fragment Dictionary The ‘fragment’ command is not supported when ‘source port’
or ‘destination port’ command is configured.
            offset String Fragment offset range.
          protocols List, items: Dictionary
            - protocol String Required, Unique
              src_port String Port range.
              dst_port String Port range.
              src_field String L4 port range field set.
              dst_field String L4 port range field set.
              flags List, items: String
                - <str> String Valid Values:
- established
- initial
              icmp_type List, items: String
                - <str> String
              enforce_gtsm Boolean Enforce the GTSM for BGP speakers. Only supported when protocol is set to ‘neighbors’.
          actions Dictionary
            dscp Integer
            traffic_class Integer Traffic class ID.
            count String Counter name.
            drop Boolean
            log Boolean Only supported when action is set to drop.
      default_actions Dictionary
        ipv4 Dictionary
          dscp Integer
          traffic_class Integer Traffic class ID.
          count String Counter name.
          drop Boolean
          log Boolean Only supported when action is set to drop.
        ipv6 Dictionary
          dscp Integer
          traffic_class Integer Traffic class ID.
          count String Counter name.
          drop Boolean
          log Boolean Only supported when action is set to drop.
traffic_policies:
  options:
    counter_per_interface: <bool>
  field_sets:
    ipv4:

        # IPv4 Prefix Field Set Name.
      - name: <str; required; unique>
        prefixes:

            # IPv4 Prefix.
          - <str>
    ipv6:

        # IPv6 Prefix Field Set Name.
      - name: <str; required; unique>
        prefixes:

            # IPv6 Prefix.
          - <str>
    ports:

        # L4 Port Field Set Name.
      - name: <str; required; unique>

        # Example: '10,20,80,440-450'
        port_range: <str>
  policies:

      # Traffic Policy Name.
    - name: <str; required; unique>
      matches:

          # Traffic Policy Item.
        - name: <str; required; unique>
          type: <str; "ipv4" | "ipv6"; required>
          source:
            prefixes:

                # IP address or prefix.
              - <str>

            # Field-set prefix lists.
            prefix_lists:
              - <str>
          destination:
            prefixes:

                # IP address or prefix.
              - <str>

            # Field-set prefix lists.
            prefix_lists:
              - <str>

          # TTL range.
          ttl: <str>

          # The 'fragment' command is not supported when 'source port'
          # or 'destination port' command is configured.
          fragment:

            # Fragment offset range.
            offset: <str>
          protocols:
            - protocol: <str; required; unique>

              # Port range.
              src_port: <str>

              # Port range.
              dst_port: <str>

              # L4 port range field set.
              src_field: <str>

              # L4 port range field set.
              dst_field: <str>
              flags:
                - <str; "established" | "initial">
              icmp_type:
                - <str>

              # Enforce the GTSM for BGP speakers. Only supported when protocol is set to 'neighbors'.
              enforce_gtsm: <bool>
          actions:
            dscp: <int>

            # Traffic class ID.
            traffic_class: <int>

            # Counter name.
            count: <str>
            drop: <bool>

            # Only supported when action is set to drop.
            log: <bool>
      default_actions:
        ipv4:
          dscp: <int>

          # Traffic class ID.
          traffic_class: <int>

          # Counter name.
          count: <str>
          drop: <bool>

          # Only supported when action is set to drop.
          log: <bool>
        ipv6:
          dscp: <int>

          # Traffic class ID.
          traffic_class: <int>

          # Counter name.
          count: <str>
          drop: <bool>

          # Only supported when action is set to drop.
          log: <bool>

Interfaces

DPS interfaces

Variable Type Required Default Value Restrictions Description
dps_interfaces List, items: Dictionary Min Length: 1
Max Length: 1
  - name String Required, Unique Valid Values:
- Dps1
“Dps1” is currently the only supported interface.
    description String
    shutdown Boolean
    mtu Integer Min: 68
Max: 65535
Maximum Transmission Unit in bytes.
    ip_address String IPv4 address/mask.
    flow_tracker Dictionary
      sampled String Sampled flow tracker name.
      hardware String Hardware flow tracker name,
    tcp_mss_ceiling Dictionary
      ipv4 Integer Min: 64
Max: 65495
Segment Size for IPv4.
      ipv6 Integer Min: 64
Max: 65475
Segment Size for IPv6.
      direction String Valid Values:
- ingress
- egress
Optional direction (‘ingress’, ‘egress’) for tcp mss ceiling.
    eos_cli String Multiline String with EOS CLI rendered directly on the Dps interface in the final EOS configuration.
dps_interfaces: # 1-1 items

    # "Dps1" is currently the only supported interface.
  - name: <str; "Dps1"; required; unique>
    description: <str>
    shutdown: <bool>

    # Maximum Transmission Unit in bytes.
    mtu: <int; 68-65535>

    # IPv4 address/mask.
    ip_address: <str>
    flow_tracker:

      # Sampled flow tracker name.
      sampled: <str>

      # Hardware flow tracker name,
      hardware: <str>
    tcp_mss_ceiling:

      # Segment Size for IPv4.
      ipv4: <int; 64-65495>

      # Segment Size for IPv6.
      ipv6: <int; 64-65475>

      # Optional direction ('ingress', 'egress')  for tcp mss ceiling.
      direction: <str; "ingress" | "egress">

    # Multiline String with EOS CLI rendered directly on the Dps interface in the final EOS configuration.
    eos_cli: <str>

Errdisable

Variable Type Required Default Value Restrictions Description
errdisable Dictionary
  detect Dictionary
    causes List, items: String
      - <str> String Valid Values:
- acl
- arp-inspection
- dot1x
- link-change
- tapagg
- xcvr-misconfigured
- xcvr-overheat
- xcvr-power-unsupported
  recovery Dictionary
    causes List, items: String
      - <str> String Valid Values:
- arp-inspection
- bpduguard
- dot1x
- hitless-reload-down
- lacp-rate-limit
- link-flap
- no-internal-vlan
- portchannelguard
- portsec
- speed-misconfigured
- tap-port-init
- tapagg
- uplink-failure-detection
- xcvr-misconfigured
- xcvr-overheat
- xcvr-power-unsupported
- xcvr-unsupported
    interval Integer 300 Min: 30
Max: 86400
Interval in seconds.
errdisable:
  detect:
    causes:
      - <str; "acl" | "arp-inspection" | "dot1x" | "link-change" | "tapagg" | "xcvr-misconfigured" | "xcvr-overheat" | "xcvr-power-unsupported">
  recovery:
    causes:
      - <str; "arp-inspection" | "bpduguard" | "dot1x" | "hitless-reload-down" | "lacp-rate-limit" | "link-flap" | "no-internal-vlan" | "portchannelguard" | "portsec" | "speed-misconfigured" | "tap-port-init" | "tapagg" | "uplink-failure-detection" | "xcvr-misconfigured" | "xcvr-overheat" | "xcvr-power-unsupported" | "xcvr-unsupported">

    # Interval in seconds.
    interval: <int; 30-86400; default=300>

Ethernet interfaces

Variable Type Required Default Value Restrictions Description
ethernet_interfaces List, items: Dictionary
  - name String Required, Unique
    description String
    shutdown Boolean
    load_interval Integer Min: 0
Max: 600
Interval in seconds for updating interface counters.
    speed String Speed should be set in the format <interface_speed> or forced <interface_speed> or auto <interface_speed>.
    mtu Integer Min: 68
Max: 65535
    l2_mtu Integer Min: 68
Max: 65535
“l2_mtu” should only be defined for platforms supporting the “l2 mtu” CLI.
    l2_mru Integer Min: 68
Max: 65535
“l2_mru” should only be defined for platforms supporting the “l2 mru” CLI.
    vlans deprecated String List of switchport vlans as string.
For a trunk port this would be a range like “1-200,300”.
For an access port this would be a single vlan “123”.
This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.access_vlan or switchport.trunk.allowed_vlan instead.
    native_vlan deprecated Integer This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.trunk.native_vlan instead.
    native_vlan_tag deprecated Boolean If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.trunk.native_vlan_tag instead.
    mode deprecated String Valid Values:
- access
- dot1q-tunnel
- trunk
- trunk phone
This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.mode instead.
    phone deprecated Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.phone instead.
      trunk String Valid Values:
- tagged
- tagged phone
- untagged
- untagged phone
      vlan Integer Min: 1
Max: 4094
    l2_protocol Dictionary
      encapsulation_dot1q_vlan Integer Vlan tag to configure on sub-interface.
      forwarding_profile String L2 protocol forwarding profile.
    mac_timestamp String Valid Values:
- before-fcs
- replace-fcs
- header
header: Insert timestamp in ethernet header. Supported on platforms like 7500E/R and 7280E/R.
before-fcs: Insert timestamp before fcs field. Supported on platforms like 7150.
replace-fcs: Replace fcs field with timestamp.
    trunk_groups deprecated List, items: String This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.trunk.groups instead.
      - <str> String
    type deprecated String Valid Values:
- routed
- switched
- l3dot1q
- l2dot1q
- port-channel-member
l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
The type = switched/routed should not be combined with switchport.
This key is deprecated. Support will be removed in AVD version 6.0.0. See here for details.
    snmp_trap_link_change Boolean
    address_locking Dictionary
      ipv4 Boolean Enable address locking for IPv4.
      ipv6 Boolean Enable address locking for IPv6.
    flowcontrol Dictionary
      received String Valid Values:
- desired
- on
- off
    vrf String VRF name.
    flow_tracker Dictionary
      sampled String Sampled flow tracker name.
      hardware String Hardware flow tracker name.
    error_correction_encoding Dictionary
      enabled Boolean True
      fire_code Boolean
      reed_solomon Boolean
    link_tracking_groups List, items: Dictionary
      - name String Required, Unique Group name.
        direction String Valid Values:
- upstream
- downstream
    link_tracking Dictionary
      direction String Valid Values:
- upstream
- downstream
      groups List, items: String Link state group(s) an interface belongs to.
        - <str> String Group names.
    evpn_ethernet_segment Dictionary
      identifier String EVPN Ethernet Segment Identifier (Type 1 format).
      redundancy String Valid Values:
- all-active
- single-active
      designated_forwarder_election Dictionary
        algorithm String Valid Values:
- modulus
- preference
        preference_value Integer Min: 0
Max: 65535
Preference_value is only used when “algorithm” is “preference”.
        dont_preempt Boolean Dont_preempt is only used when “algorithm” is “preference”.
        hold_time Integer
        subsequent_hold_time Integer
        candidate_reachability_required Boolean
      mpls Dictionary
        shared_index Integer Min: 1
Max: 1024
        tunnel_flood_filter_time Integer
      route_target String EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
    encapsulation_dot1q_vlan deprecated Integer VLAN tag to configure on sub-interface.This key is deprecated. Support will be removed in AVD version 6.0.0. Use encapsulation_dot1q.vlan instead.
    encapsulation_dot1q Dictionary Warning: encapsulation_dot1q should not be combined with ethernet_interfaces[].type: l3dot1q or ethernet_interfaces[].type: l2dot1q.
      vlan Integer Required Min: 1
Max: 4094
VLAD ID.
      inner_vlan Integer Min: 1
Max: 4094
Inner VLAN ID. This setting can only be applied to sub-interfaces on EOS.
    encapsulation_vlan Dictionary This setting can only be applied to sub-interfaces on EOS.
Warning: encapsulation_vlan should not be combined with ethernet_interfaces[].type: l3dot1q or ethernet_interfaces[].type: l2dot1q.
      client Dictionary
        dot1q deprecated Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0.
          vlan Integer Min: 1
Max: 4094
Client VLAN ID.
          outer Integer Min: 1
Max: 4094
Client Outer VLAN ID.
          inner Integer Client Inner VLAN ID.
        unmatched deprecated Boolean This key is deprecated. Support will be removed in AVD version 6.0.0.
        encapsulation String Valid Values:
- dot1q
- dot1ad
- unmatched
- untagged
        vlan Integer Min: 1
Max: 4094
Client VLAN ID. Not applicable for encapsulation: untagged or encapsulation: unmatched.
        outer_vlan Integer Min: 1
Max: 4094
Client Outer VLAN ID. Not applicable for encapsulation: untagged or encapsulation: unmatched.
        inner_vlan Integer Min: 1
Max: 4094
Client Inner VLAN ID. Not applicable for encapsulation: untagged or encapsulation: unmatched.
        inner_encapsulation String Valid Values:
- dot1q
- dot1ad
      network Dictionary Network encapsulations are all optional and skipped if using client unmatched.
        dot1q deprecated Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0.
          vlan Integer Min: 1
Max: 4094
Network VLAN ID.
          outer Integer Min: 1
Max: 4094
Network outer VLAN ID.
          inner Integer Min: 1
Max: 4094
Network inner VLAN ID.
        client deprecated Boolean This key is deprecated. Support will be removed in AVD version 6.0.0.
        encapsulation String Valid Values:
- dot1q
- dot1ad
- client
- client inner
- untagged
untagged (no encapsulation) is applicable for untagged client only.
client and client inner (retain client encapsulation) is not applicable for untagged client.
        vlan Integer Min: 1
Max: 4094
Network VLAN ID. Not applicable for encapsulation: untagged or encapsulation: client.
        outer_vlan Integer Min: 1
Max: 4094
Network outer VLAN ID. Not applicable for encapsulation: untagged or encapsulation: client.
        inner_vlan Integer Min: 1
Max: 4094
Network inner VLAN ID. Not applicable for encapsulation: untagged or encapsulation: client.
        inner_encapsulation String Valid Values:
- dot1q
- dot1ad
    vlan_id Integer Min: 1
Max: 4094
This setting can only be applied to sub-interfaces on EOS.
Warning: vlan_id should not be combined with ethernet_interfaces[].type == l2dot1q.
    ip_address String IPv4 address/mask or “dhcp”.
    ip_address_secondaries List, items: String
      - <str> String
    ip_verify_unicast_source_reachable_via String Valid Values:
- any
- rx
    dhcp_client_accept_default_route Boolean Install default-route obtained via DHCP.
    dhcp_server_ipv4 Boolean Enable IPv4 DHCP server.
    dhcp_server_ipv6 Boolean Enable IPv6 DHCP server.
    ip_helpers List, items: Dictionary
      - ip_helper String Required, Unique
        source_interface String Source interface name.
        vrf String VRF name.
    ip_nat Dictionary
      service_profile String NAT interface profile.
      destination Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            pool_name String Required
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive.
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive.
            original_ip String IPv4 address. The combination of original_ip and original_port must be unique.
            original_port Integer Min: 1
Max: 65535
TCP/UDP port. The combination of original_ip and original_port must be unique.
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address.
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’.
      source Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            nat_type String Required Valid Values:
- overload
- pool
- pool-address-only
- pool-full-cone
            pool_name String required if ‘nat_type’ is pool, pool-address-only or pool-full-cone.
ignored if ‘nat_type’ is overload.
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive.
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive.
            original_ip String IPv4 address. The combination of original_ip and original_port must be unique.
            original_port Integer Min: 1
Max: 65535
TCP/UDP port. The combination of original_ip and original_port must be unique.
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address.
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’.
    ipv6_enable Boolean
    ipv6_address String
    ipv6_address_link_local String Link local IPv6 address/mask.
    ipv6_nd_ra_disabled Boolean
    ipv6_nd_managed_config_flag Boolean
    ipv6_nd_prefixes List, items: Dictionary
      - ipv6_prefix String Required, Unique
        valid_lifetime String Infinite or lifetime in seconds.
        preferred_lifetime String Infinite or lifetime in seconds.
        no_autoconfig_flag Boolean
    ipv6_dhcp_relay_destinations List, items: Dictionary
      - address String Required, Unique DHCP server’s IPv6 address.
        vrf String
        local_interface String Local interface to communicate with DHCP server - mutually exclusive to source_address.
        source_address String Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface.
        link_address String Override the default link address specified in the relayed DHCP packet.
    access_group_in String Access list name.
    access_group_out String Access list name.
    ipv6_access_group_in String IPv6 access list name.
    ipv6_access_group_out String IPv6 access list name.
    mac_access_group_in String MAC access list name.
    mac_access_group_out String MAC access list name.
    multicast Dictionary Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
      ipv4 Dictionary
        boundaries List, items: Dictionary
          - boundary String ACL name or multicast IP subnet.
            out Boolean
        static Boolean
      ipv6 Dictionary
        boundaries List, items: Dictionary
          - boundary String ACL name or multicast IP subnet.
        static Boolean
    ospf_network_point_to_point Boolean
    ospf_area String
    ospf_cost Integer
    ospf_authentication String Valid Values:
- none
- simple
- message-digest
    ospf_authentication_key String Encrypted password - only type 7 supported.
    ospf_message_digest_keys List, items: Dictionary
      - id Integer Required, Unique
        hash_algorithm String Valid Values:
- md5
- sha1
- sha256
- sha384
- sha512
        key String Encrypted password - only type 7 supported.
    pim Dictionary
      ipv4 Dictionary
        border_router Boolean Configure PIM border router. EOS default is false.
        dr_priority Integer Min: 0
Max: 429467295
        sparse_mode Boolean
        bfd Boolean Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
        bidirectional Boolean
        hello Dictionary
          count String Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
          interval Integer Min: 1
Max: 65535
PIM hello interval in seconds.
    mac_security Dictionary
      profile String
    tcp_mss_ceiling Dictionary The TCP MSS clamping feature involves clamping the maximum segment size (MSS) in the TCP header
of TCP SYN packets if it exceeds the configured MSS ceiling limit for the interface.
      ipv4_segment_size Integer Min: 64
Max: 65475
      ipv6_segment_size Integer Min: 64
Max: 65475
      direction String Valid Values:
- egress
- ingress
    channel_group Dictionary
      id Integer
      mode String Valid Values:
- on
- active
- passive
    isis_enable String ISIS instance.
    isis_bfd Boolean Enable BFD for ISIS.
    isis_passive Boolean
    isis_metric Integer
    isis_network_point_to_point Boolean
    isis_circuit_type String Valid Values:
- level-1-2
- level-1
- level-2
    isis_hello_padding Boolean
    isis_authentication_mode deprecated String Valid Values:
- text
- md5
This key is deprecated. Support will be removed in AVD version v6.0.0. Use isis_authentication.both.mode or isis_authentication.level_1.mode or isis_authentication.level_2.mode instead.
    isis_authentication_key deprecated String Type-7 encrypted password.This key is deprecated. Support will be removed in AVD version v6.0.0. Use isis_authentication.both.key or isis_authentication.level_1.key or isis_authentication.level_2.key instead.
    isis_authentication Dictionary This key should not be mixed with ethernet_interfaces[].isis_authentication_mode or ethernet_interfaces[].isis_authentication_key.
      both Dictionary Authentication settings for level-1 and level-2. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
        key_type String Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
        key String Password string. key_type is required for this setting.
        key_ids List, items: Dictionary
          - id Integer Required, Unique Min: 1
Max: 65535
Configure authentication key-id.
            algorithm String Required Valid Values:
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
            key_type String Required Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
            key String Required Password string.
            rfc_5310 Boolean SHA digest computation according to rfc5310.
        mode String Valid Values:
- md5
- sha
- text
- shared-secret
Authentication mode.
        sha Dictionary Required settings for authentication mode ‘sha’.
          key_id Integer Required Min: 1
Max: 65535
        shared_secret Dictionary Required settings for authentication mode ‘shared_secret’.
          profile String Required
          algorithm String Required Valid Values:
- md5
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
        rx_disabled Boolean Disable authentication check on the receive side.
      level_1 Dictionary Authentication settings for level-1. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
        key_type String Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
        key String Password string. key_type is required for this setting.
        key_ids List, items: Dictionary
          - id Integer Required, Unique Min: 1
Max: 65535
Configure authentication key-id.
            algorithm String Required Valid Values:
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
            key_type String Required Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
            key String Required Password string.
            rfc_5310 Boolean SHA digest computation according to rfc5310.
        mode String Valid Values:
- md5
- sha
- text
- shared-secret
Authentication mode.
        sha Dictionary Required settings for authentication mode ‘sha’.
          key_id Integer Required Min: 1
Max: 65535
        shared_secret Dictionary Required settings for authentication mode ‘shared_secret’.
          profile String Required
          algorithm String Required Valid Values:
- md5
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
        rx_disabled Boolean Disable authentication check on the receive side.
      level_2 Dictionary Authentication settings for level-2. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
        key_type String Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
        key String Password string. key_type is required for this setting.
        key_ids List, items: Dictionary
          - id Integer Required, Unique Min: 1
Max: 65535
Configure authentication key-id.
            algorithm String Required Valid Values:
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
            key_type String Required Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
            key String Required Password string.
            rfc_5310 Boolean SHA digest computation according to rfc5310.
        mode String Valid Values:
- md5
- sha
- text
- shared-secret
Authentication mode.
        sha Dictionary Required settings for authentication mode ‘sha’.
          key_id Integer Required Min: 1
Max: 65535
        shared_secret Dictionary Required settings for authentication mode ‘shared_secret’.
          profile String Required
          algorithm String Required Valid Values:
- md5
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
        rx_disabled Boolean Disable authentication check on the receive side.
    poe Dictionary
      disabled Boolean False Disable PoE on a POE capable port. PoE is enabled on all ports that support it by default in EOS.
      priority String Valid Values:
- critical
- high
- medium
- low
Prioritize a port’s power in the event that one of the switch’s power supplies loses power.
      reboot Dictionary Set the PoE power behavior for a PoE port when the system is rebooted.
        action String Valid Values:
- maintain
- power-off
PoE action for interface.
      link_down Dictionary Set the PoE power behavior for a PoE port when the port goes down.
        action String Valid Values:
- maintain
- power-off
PoE action for interface.
        power_off_delay Integer Min: 1
Max: 86400
Number of seconds to delay shutting the power off after a link down event occurs. Default value is 5 seconds in EOS.
      shutdown Dictionary Set the PoE power behavior for a PoE port when the port is admin down.
        action String Valid Values:
- maintain
- power-off
PoE action for interface.
      limit Dictionary Override the hardware-negotiated power limit using either wattage or a power class. Note that if using a power class, AVD will automatically convert the class value to the wattage value corresponding to that power class.
        class Integer Min: 0
Max: 8
        watts String
        fixed Boolean Set to ignore hardware classification.
      negotiation_lldp Boolean Disable to prevent port from negotiating power with powered devices over LLDP. Enabled by default in EOS.
      legacy_detect Boolean Allow a subset of legacy devices to work with the PoE switch. Disabled by default in EOS because it can cause false positive detections.
    ptp Dictionary
      enable Boolean
      announce Dictionary
        interval Integer
        timeout Integer
      delay_req Integer
      delay_mechanism String Valid Values:
- e2e
- p2p
      profile Dictionary
        g8275_1 Dictionary
          destination_mac_address String Valid Values:
- forwardable
- non-forwardable
      sync_message Dictionary
        interval Integer
      role String Valid Values:
- master
- dynamic
      vlan String VLAN can be ‘all’ or list of vlans as string.
      transport String Valid Values:
- ipv4
- ipv6
- layer2
    profile String Interface profile.
    storm_control Dictionary
      all Dictionary
        level String Configure maximum storm-control level.
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent.
      broadcast Dictionary
        level String Configure maximum storm-control level.
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent.
      multicast Dictionary
        level String Configure maximum storm-control level.
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent.
      unknown_unicast Dictionary
        level String Configure maximum storm-control level.
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent.
    logging Dictionary
      event Dictionary
        link_status Boolean
        congestion_drops Boolean
        spanning_tree Boolean
        storm_control_discards Boolean Discards due to storm-control.
    lldp Dictionary
      transmit Boolean
      receive Boolean
      ztp_vlan Integer ZTP vlan number.
    trunk_private_vlan_secondary deprecated Boolean This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.trunk.private_vlan_secondary instead.
    pvlan_mapping deprecated String List of vlans as string.This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.pvlan_mapping instead.
    vlan_translations deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.vlan_translations instead.
      - from String List of vlans as string (only one vlan if direction is “both”).
        to Integer VLAN ID.
        direction String both Valid Values:
- in
- out
- both
    dot1x Dictionary 802.1x
      port_control String Valid Values:
- auto
- force-authorized
- force-unauthorized
      port_control_force_authorized_phone Boolean
      reauthentication Boolean
      pae Dictionary
        mode String Valid Values:
- authenticator
      authentication_failure Dictionary
        action String Valid Values:
- allow
- drop
        allow_vlan Integer Min: 1
Max: 4094
      host_mode Dictionary
        mode String Valid Values:
- multi-host
- single-host
        multi_host_authenticated Boolean
      mac_based_authentication Dictionary
        enabled Boolean
        always Boolean
        host_mode_common Boolean
      mac_based_access_list Boolean Operate interface in per-mac access-list mode.
      timeout Dictionary
        idle_host Integer Min: 10
Max: 65535
        quiet_period Integer Min: 1
Max: 65535
        reauth_period String Value can be 60-4294967295 or ‘server’.
        reauth_timeout_ignore Boolean
        tx_period Integer Min: 1
Max: 65535
      reauthorization_request_limit Integer Min: 1
Max: 10
      unauthorized Dictionary
        access_vlan_membership_egress Boolean
        native_vlan_membership_egress Boolean
      eapol Dictionary
        disabled Boolean
        authentication_failure_fallback_mba Dictionary
          enabled Boolean
          timeout Integer Min: 0
Max: 65535
      aaa Dictionary
        unresponsive Dictionary Configure AAA timeout options.
          eap_response String Valid Values:
- success
- disabled
EAP response to send. EOS default is success.
          action Dictionary Set action for supplicant when AAA times out.
            traffic_allow_access_list String Name of standard access-list to apply when AAA times out.
            apply_cached_results Boolean Use results from a previous AAA response.
            cached_results_timeout Dictionary
              time_duration Integer Min: 1 Enable caching for a specific duration -
<1-10000> duration in days
<1-14400000> duration in minutes
<1-240000> duration in hours
<1-864000000> duration in seconds
              time_duration_unit String Required Valid Values:
- days
- hours
- minutes
- seconds
            apply_alternate Boolean Apply alternate action if primary action fails.
eg. aaa unresponsive action apply cached-results else traffic allow
            traffic_allow Boolean Set action for supplicant traffic when AAA times out.
            traffic_allow_vlan Integer Min: 1
Max: 4094
          phone_action Dictionary Set action for supplicant when AAA times out.
            apply_cached_results Boolean Use results from a previous AAA response.
            cached_results_timeout Dictionary
              time_duration Integer Min: 1 Enable caching for a specific duration -
<1-10000> duration in days
<1-14400000> duration in minutes
<1-240000> duration in hours
<1-864000000> duration in seconds
              time_duration_unit String Required Valid Values:
- days
- hours
- minutes
- seconds
            apply_alternate Boolean Apply alternate action if primary action fails.
eg. aaa unresponsive phone action apply cached-results else traffic allow
            traffic_allow Boolean Set action for supplicant traffic when AAA times out.
    service_profile String QOS profile.
    shape Dictionary
      rate String Rate in kbps, pps or percent.
Supported options are platform dependent.
Examples:
- “5000 kbps”
- “1000 pps”
- “20 percent”
    qos Dictionary
      trust String Valid Values:
- dscp
- cos
- disabled
      dscp Integer DSCP value.
      cos Integer COS value.
    spanning_tree_bpdufilter String Valid Values:
- enabled
- disabled
- True
- False
- true
- false
    spanning_tree_bpduguard String Valid Values:
- enabled
- disabled
- True
- False
- true
- false
    spanning_tree_guard String Valid Values:
- loop
- root
- disabled
    spanning_tree_portfast String Valid Values:
- edge
- network
    vmtracer Boolean
    priority_flow_control Dictionary
      enabled Boolean
      priorities List, items: Dictionary
        - priority Integer Required, Unique Min: 0
Max: 7
          no_drop Boolean
    bfd Dictionary
      echo Boolean
      interval Integer Interval in milliseconds.
      min_rx Integer Rate in milliseconds.
      multiplier Integer Min: 3
Max: 50
    service_policy Dictionary
      pbr Dictionary
        input String Policy Based Routing Policy-map name.
      qos Dictionary
        input String Required Quality of Service Policy-map name.
    mpls Dictionary
      ip Boolean
      ldp Dictionary
        interface Boolean
        igp_sync Boolean
    lacp_timer Dictionary
      mode String Valid Values:
- fast
- normal
      multiplier Integer Min: 3
Max: 3000
    lacp_port_priority Integer Min: 0
Max: 65535
    transceiver Dictionary
      frequency String Transceiver Laser Frequency in GHz (min 190000, max 200000).
      frequency_unit String Valid Values:
- ghz
Unit of Transceiver Laser Frequency.
      media Dictionary
        override String Transceiver type.
    ip_proxy_arp Boolean
    traffic_policy Dictionary
      input String Ingress traffic policy.
      output String Egress traffic policy.
    bgp Dictionary
      session_tracker String Name of session tracker.
    ip_igmp_host_proxy Dictionary
      enabled Boolean
      groups List, items: Dictionary
        - group String Required, Unique Multicast Address.
          exclude List, items: Dictionary The same source must not be present both in exclude and include list.
            - source String Required, Unique
          include List, items: Dictionary The same source must not be present both in exclude and include list.
            - source String Required, Unique
      report_interval Integer Min: 1
Max: 31744
Time interval between unsolicited reports.
      access_lists List, items: Dictionary Non-standard Access List name.
        - name String Required, Unique
      version Integer Min: 1
Max: 3
IGMP version on IGMP host-proxy interface.
    peer String Key only used for documentation or validation purposes.
    peer_interface String Key only used for documentation or validation purposes.
    peer_type String Key only used for documentation or validation purposes.
    sflow Dictionary
      enable Boolean
      egress Dictionary
        enable Boolean
        unmodified_enable Boolean
    sync_e Dictionary
      enable Boolean
      priority String The priority is used to influence the reference clock selection. The EOS default priority is 127. The priority can be configured to any integer between 1-255, or set to disabled.
    port_profile String Key only used for documentation or validation purposes.
    uc_tx_queues List, items: Dictionary
      - id Integer Required, Unique TX-Queue ID.
        random_detect Dictionary
          ecn Dictionary Explicit Congestion Notification.
            count Boolean Enable counter for random-detect ECNs.
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- milliseconds
Indicate the units to be used for the threshold values.
              min Integer Required Min: 1
Max: 256000000
Set the random-detect ECN minimum-threshold.
              max Integer Required Min: 1
Max: 256000000
Set the random-detect ECN maximum-threshold.
              max_probability Integer Min: 1
Max: 100
Set the random-detect ECN max-mark-probability.
              weight Integer Min: 0
Max: 15
Set the random-detect ECN weight.
    tx_queues List, items: Dictionary
      - id Integer Required, Unique TX-Queue ID.
        random_detect Dictionary
          ecn Dictionary Explicit Congestion Notification.
            count Boolean Enable counter for random-detect ECNs.
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- milliseconds
Indicate the units to be used for the threshold values.
              min Integer Min: 1
Max: 256000000
Set the random-detect ECN minimum-threshold.
              max Integer Required Min: 1
Max: 256000000
Set the random-detect ECN maximum-threshold.
              max_probability Integer Required Min: 1
Max: 100
Set the random-detect ECN max-mark-probability.
              weight Integer Min: 0
Max: 15
Set the random-detect ECN weight.
    vrrp_ids List, items: Dictionary VRRP model.
      - id Integer Required, Unique VRID.
        priority_level Integer Min: 1
Max: 254
Instance priority.
        advertisement Dictionary
          interval Integer Min: 1
Max: 255
Interval in seconds.
        preempt Dictionary
          enabled Boolean Required
          delay Dictionary
            minimum Integer Min: 0
Max: 3600
Minimum preempt delay in seconds.
            reload Integer Min: 0
Max: 3600
Reload preempt delay in seconds.
        timers Dictionary
          delay Dictionary
            reload Integer Min: 0
Max: 3600
Delay after reload in seconds.
        tracked_object List, items: Dictionary
          - name String Required, Unique Tracked object name.
            decrement Integer Min: 1
Max: 254
Decrement VRRP priority by 1-254.
            shutdown Boolean
        ipv4 Dictionary
          address String Required Virtual IPv4 address.
          version Integer Valid Values:
- 2
- 3
        ipv6 Dictionary
          address String Required Virtual IPv6 address.
    validate_state Boolean Set to false to disable interface state and LLDP topology validation performed by the eos_validate_state role.
    validate_lldp Boolean Set to false to disable the LLDP topology validation performed by the eos_validate_state role.
    switchport Dictionary This should not be combined with ethernet_interfaces[].type = switched/routed.
      enabled Boolean Warning: This should not be combined with ethernet_interfaces[].type = routed.
      mode String Valid Values:
- access
- dot1q-tunnel
- trunk
- trunk phone
Warning: This should not be combined with ethernet_interfaces[].mode.
      access_vlan Integer Min: 1
Max: 4094
Set VLAN when interface is in access mode.
Warning: This should not be combined with ethernet_interfaces[].mode = access/dot1q-tunnel and ethernet_interface[].vlans.
      trunk Dictionary
        allowed_vlan String VLAN ID or range(s) of VLAN IDs.
Warning: This should not be combined with ethernet_interfaces[].mode = trunk and ethernet_interface[].vlans.
        native_vlan Integer Min: 1
Max: 4094
Set native VLAN when interface is in trunking mode.
Warning: This should not be combined with ethernet_interfaces[].native_vlan.
        native_vlan_tag Boolean If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
Warning: This should not be combined with ethernet_interfaces[].native_vlan_tag.
        private_vlan_secondary Boolean Enable secondary VLAN mapping for a private vlan.
Warning: This should not be combined with ethernet_ineterfaces[].trunk_private_vlan_secondary.
        groups List, items: String Warning: This should not be combined with ethernet_ineterfaces[].trunk_groups.
          - <str> String Trunk group name.
      phone Dictionary Warning: This should not be combined with ethernet_interfaces[].phone.
        vlan Integer Min: 1
Max: 4094
Warning: This should not be combined with ethernet_interfaces[].phone.vlan.
        trunk String Valid Values:
- tagged
- tagged phone
- untagged
- untagged phone
Warning: This should not be combined with ethernet_interfaces[].phone.trunk.
      pvlan_mapping String Secondary VLAN IDs of the private VLAN mapping.
Warning: This should not be combined with ethernet_interfaces[].pvlan_mapping.
      dot1q Dictionary
        ethertype Integer Min: 1536
Max: 65535
Ethertype/TPID (Tag Protocol IDentifier) for VLAN tagged frames.
        vlan_tag String Valid Values:
- disallowed
- required
Allow/disallow VLAN tagged frames.
      source_interface String Valid Values:
- tx
- tx multicast
tx: Allow bridged traffic to go out of the source interface.
tx multicast: Allow multicast traffic only to go out of the source interface.
      vlan_translations Dictionary VLAN Translation mappings.
Warning: This should not be combined with ethernet_interfaces[].vlan_translations.
        in_required Boolean Drop the ingress traffic that do not match any VLAN mapping.
        out_required Boolean Drop the egress traffic that do not match any VLAN mapping.
        direction_in List, items: Dictionary Map ingress traffic only.
          - from String Required VLAN ID or range of VLAN IDs to map from. Range 1-4094.
            to Integer Required Min: 1
Max: 4094
VLAN ID to map to.
            dot1q_tunnel Boolean
            inner_vlan_from Integer Min: 1
Max: 4094
Inner VLAN ID to map from.
        direction_out List, items: Dictionary Map egress traffic only.
          - from String Required VLAN ID or range of VLAN IDs to map from. Range 1-4094.
            to Integer Min: 1
Max: 4094
VLAN ID to map to.
            dot1q_tunnel_to String VLAN ID or range of VLAN IDs or “all”. Range 1-4094.
This takes precedence over to and inner_vlan_to.
            inner_vlan_to Integer Min: 1
Max: 4094
Inner VLAN ID to map to.
        direction_both List, items: Dictionary Map both egress and ingress traffic.
          - from String Required VLAN ID or range of VLAN IDs to map from. Range 1-4094.
            to Integer Required Min: 1
Max: 4094
VLAN ID to map to.
            dot1q_tunnel Boolean
            inner_vlan_from Integer Min: 1
Max: 4094
Inner VLAN ID to map from.
            network Boolean Enable use of network-side VLAN ID.
This setting can only be enabled when inner_vlan_from is defined.
      vlan_forwarding_accept_all Boolean
      backup_link Dictionary
        interface String Backup interface. Example - Ethernet4, Vlan10 etc.
        prefer_vlan String VLANs to carry on the backup interface (1-4094).
      backup Dictionary The backup_link is required for this setting.
        dest_macaddr String Format: mac Destination MAC address for MAC move updates.
The mac address should be multicast or broadcast.
Example: 01:00:00:00:00:00
        initial_mac_move_delay Integer Min: 0
Max: 65535
Initial MAC move delay in milliseconds.
        mac_move_burst Integer Min: 0
Max: 65535
Size of MAC move bursts.
        mac_move_burst_interval Integer Min: 0
Max: 65535
MAC move burst interval in milliseconds.
        preemption_delay Integer Min: 0
Max: 65535
Preemption delay in milliseconds.
      port_security Dictionary
        enabled Boolean
        mac_address_maximum Dictionary Maximum number of MAC addresses allowed on the interface.
          disabled Boolean Disable port level check for port security (only in violation ‘shutdown’ mode).
          limit Integer Min: 1
Max: 1000
MAC address limit.
        violation Dictionary Configure violation mode (shutdown or protect), EOS default is ‘shutdown’.
          mode String Valid Values:
- shutdown
- protect
Configure port security mode.
          protect_log Boolean Log new addresses seen after limit is reached in protect mode.
        vlan_default_mac_address_maximum Integer Min: 0
Max: 1000
Default maximum MAC addresses for all VLANs on this interface.
        vlans List, items: Dictionary
          - range String Required, Unique VLAN ID or range(s) of VLAN IDs, <1-4094>.
Example:
- 3
- 1,3
- 1-10
            mac_address_maximum Integer Required
    eos_cli String Multiline EOS CLI rendered directly on the ethernet interface in the final EOS configuration.
ethernet_interfaces:
  - name: <str; required; unique>
    description: <str>
    shutdown: <bool>

    # Interval in seconds for updating interface counters.
    load_interval: <int; 0-600>

    # Speed should be set in the format `<interface_speed>` or `forced <interface_speed>` or `auto <interface_speed>`.
    speed: <str>
    mtu: <int; 68-65535>

    # "l2_mtu" should only be defined for platforms supporting the "l2 mtu" CLI.
    l2_mtu: <int; 68-65535>

    # "l2_mru" should only be defined for platforms supporting the "l2 mru" CLI.
    l2_mru: <int; 68-65535>

    # List of switchport vlans as string.
    # For a trunk port this would be a range like "1-200,300".
    # For an access port this would be a single vlan "123".
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.access_vlan or switchport.trunk.allowed_vlan</samp> instead.
    vlans: <str>
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.trunk.native_vlan</samp> instead.
    native_vlan: <int>

    # If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.trunk.native_vlan_tag</samp> instead.
    native_vlan_tag: <bool>
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.mode</samp> instead.
    mode: <str; "access" | "dot1q-tunnel" | "trunk" | "trunk phone">
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.phone</samp> instead.
    phone:
      trunk: <str; "tagged" | "tagged phone" | "untagged" | "untagged phone">
      vlan: <int; 1-4094>
    l2_protocol:

      # Vlan tag to configure on sub-interface.
      encapsulation_dot1q_vlan: <int>

      # L2 protocol forwarding profile.
      forwarding_profile: <str>

    # header: Insert timestamp in ethernet header. Supported on platforms like 7500E/R and 7280E/R.
    # before-fcs: Insert timestamp before fcs field. Supported on platforms like 7150.
    # replace-fcs: Replace fcs field with timestamp.
    mac_timestamp: <str; "before-fcs" | "replace-fcs" | "header">
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.trunk.groups</samp> instead.
    trunk_groups:
      - <str>

    # l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
    # The `type = switched/routed` should not be combined with `switchport`.
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # See [here](https://avd.arista.com/5.x/docs/porting-guides/5.x.x.html#removal-of-type-key-dependency-for-rendering-ethernetport-channel-interfaces-configuration-and-documentation) for details.
    type: <str; "routed" | "switched" | "l3dot1q" | "l2dot1q" | "port-channel-member">
    snmp_trap_link_change: <bool>
    address_locking:

      # Enable address locking for IPv4.
      ipv4: <bool>

      # Enable address locking for IPv6.
      ipv6: <bool>
    flowcontrol:
      received: <str; "desired" | "on" | "off">

    # VRF name.
    vrf: <str>
    flow_tracker:

      # Sampled flow tracker name.
      sampled: <str>

      # Hardware flow tracker name.
      hardware: <str>
    error_correction_encoding:
      enabled: <bool; default=True>
      fire_code: <bool>
      reed_solomon: <bool>
    link_tracking_groups:

        # Group name.
      - name: <str; required; unique>
        direction: <str; "upstream" | "downstream">
    link_tracking:
      direction: <str; "upstream" | "downstream">

      # Link state group(s) an interface belongs to.
      groups:

          # Group names.
        - <str>
    evpn_ethernet_segment:

      # EVPN Ethernet Segment Identifier (Type 1 format).
      identifier: <str>
      redundancy: <str; "all-active" | "single-active">
      designated_forwarder_election:
        algorithm: <str; "modulus" | "preference">

        # Preference_value is only used when "algorithm" is "preference".
        preference_value: <int; 0-65535>

        # Dont_preempt is only used when "algorithm" is "preference".
        dont_preempt: <bool>
        hold_time: <int>
        subsequent_hold_time: <int>
        candidate_reachability_required: <bool>
      mpls:
        shared_index: <int; 1-1024>
        tunnel_flood_filter_time: <int>

      # EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
      route_target: <str>

    # VLAN tag to configure on sub-interface.
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>encapsulation_dot1q.vlan</samp> instead.
    encapsulation_dot1q_vlan: <int>

    # Warning: `encapsulation_dot1q` should not be combined with `ethernet_interfaces[].type: l3dot1q` or `ethernet_interfaces[].type: l2dot1q`.
    encapsulation_dot1q:

      # VLAD ID.
      vlan: <int; 1-4094; required>

      # Inner VLAN ID. This setting can only be applied to sub-interfaces on EOS.
      inner_vlan: <int; 1-4094>

    # This setting can only be applied to sub-interfaces on EOS.
    # Warning: `encapsulation_vlan` should not be combined with `ethernet_interfaces[].type: l3dot1q` or `ethernet_interfaces[].type: l2dot1q`.
    encapsulation_vlan:
      client:
        # This key is deprecated.
        # Support will be removed in AVD version 6.0.0.
        dot1q:

          # Client VLAN ID.
          vlan: <int; 1-4094>

          # Client Outer VLAN ID.
          outer: <int; 1-4094>

          # Client Inner VLAN ID.
          inner: <int>
        # This key is deprecated.
        # Support will be removed in AVD version 6.0.0.
        unmatched: <bool>
        encapsulation: <str; "dot1q" | "dot1ad" | "unmatched" | "untagged">

        # Client VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: unmatched`.
        vlan: <int; 1-4094>

        # Client Outer VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: unmatched`.
        outer_vlan: <int; 1-4094>

        # Client Inner VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: unmatched`.
        inner_vlan: <int; 1-4094>
        inner_encapsulation: <str; "dot1q" | "dot1ad">

      # Network encapsulations are all optional and skipped if using client unmatched.
      network:
        # This key is deprecated.
        # Support will be removed in AVD version 6.0.0.
        dot1q:

          # Network VLAN ID.
          vlan: <int; 1-4094>

          # Network outer VLAN ID.
          outer: <int; 1-4094>

          # Network inner VLAN ID.
          inner: <int; 1-4094>
        # This key is deprecated.
        # Support will be removed in AVD version 6.0.0.
        client: <bool>

        # `untagged` (no encapsulation) is applicable for `untagged` client only.
        # `client` and `client inner` (retain client encapsulation) is not applicable for `untagged` client.
        encapsulation: <str; "dot1q" | "dot1ad" | "client" | "client inner" | "untagged">

        # Network VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: client`.
        vlan: <int; 1-4094>

        # Network outer VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: client`.
        outer_vlan: <int; 1-4094>

        # Network inner VLAN ID.  Not applicable for `encapsulation: untagged` or `encapsulation: client`.
        inner_vlan: <int; 1-4094>
        inner_encapsulation: <str; "dot1q" | "dot1ad">

    # This setting can only be applied to sub-interfaces on EOS.
    # Warning: `vlan_id` should not be combined with `ethernet_interfaces[].type == l2dot1q`.
    vlan_id: <int; 1-4094>

    # IPv4 address/mask or "dhcp".
    ip_address: <str>
    ip_address_secondaries:
      - <str>
    ip_verify_unicast_source_reachable_via: <str; "any" | "rx">

    # Install default-route obtained via DHCP.
    dhcp_client_accept_default_route: <bool>

    # Enable IPv4 DHCP server.
    dhcp_server_ipv4: <bool>

    # Enable IPv6 DHCP server.
    dhcp_server_ipv6: <bool>
    ip_helpers:
      - ip_helper: <str; required; unique>

        # Source interface name.
        source_interface: <str>

        # VRF name.
        vrf: <str>
    ip_nat:

      # NAT interface profile.
      service_profile: <str>
      destination:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            pool_name: <str; required>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
      source:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>

            # required if 'nat_type' is pool, pool-address-only or pool-full-cone.
            # ignored if 'nat_type' is overload.
            pool_name: <str>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
    ipv6_enable: <bool>
    ipv6_address: <str>

    # Link local IPv6 address/mask.
    ipv6_address_link_local: <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>
    ipv6_nd_prefixes:
      - ipv6_prefix: <str; required; unique>

        # Infinite or lifetime in seconds.
        valid_lifetime: <str>

        # Infinite or lifetime in seconds.
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>
    ipv6_dhcp_relay_destinations:

        # DHCP server's IPv6 address.
      - address: <str; required; unique>
        vrf: <str>

        # Local interface to communicate with DHCP server - mutually exclusive to source_address.
        local_interface: <str>

        # Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface.
        source_address: <str>

        # Override the default link address specified in the relayed DHCP packet.
        link_address: <str>

    # Access list name.
    access_group_in: <str>

    # Access list name.
    access_group_out: <str>

    # IPv6 access list name.
    ipv6_access_group_in: <str>

    # IPv6 access list name.
    ipv6_access_group_out: <str>

    # MAC access list name.
    mac_access_group_in: <str>

    # MAC access list name.
    mac_access_group_out: <str>

    # Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
    multicast:
      ipv4:
        boundaries:

            # ACL name or multicast IP subnet.
          - boundary: <str>
            out: <bool>
        static: <bool>
      ipv6:
        boundaries:

            # ACL name or multicast IP subnet.
          - boundary: <str>
        static: <bool>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str; "none" | "simple" | "message-digest">

    # Encrypted password - only type 7 supported.
    ospf_authentication_key: <str>
    ospf_message_digest_keys:
      - id: <int; required; unique>
        hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">

        # Encrypted password - only type 7 supported.
        key: <str>
    pim:
      ipv4:

        # Configure PIM border router. EOS default is false.
        border_router: <bool>
        dr_priority: <int; 0-429467295>
        sparse_mode: <bool>

        # Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
        bfd: <bool>
        bidirectional: <bool>
        hello:

          # Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
          count: <str>

          # PIM hello interval in seconds.
          interval: <int; 1-65535>
    mac_security:
      profile: <str>

    # The TCP MSS clamping feature involves clamping the maximum segment size (MSS) in the TCP header
    # of TCP SYN packets if it exceeds the configured MSS ceiling limit for the interface.
    tcp_mss_ceiling:
      ipv4_segment_size: <int; 64-65475>
      ipv6_segment_size: <int; 64-65475>
      direction: <str; "egress" | "ingress">
    channel_group:
      id: <int>
      mode: <str; "on" | "active" | "passive">

    # ISIS instance.
    isis_enable: <str>

    # Enable BFD for ISIS.
    isis_bfd: <bool>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    isis_circuit_type: <str; "level-1-2" | "level-1" | "level-2">
    isis_hello_padding: <bool>
    # This key is deprecated.
    # Support will be removed in AVD version v6.0.0.
    # Use <samp>isis_authentication.both.mode or isis_authentication.level_1.mode or isis_authentication.level_2.mode</samp> instead.
    isis_authentication_mode: <str; "text" | "md5">

    # Type-7 encrypted password.
    # This key is deprecated.
    # Support will be removed in AVD version v6.0.0.
    # Use <samp>isis_authentication.both.key or isis_authentication.level_1.key or isis_authentication.level_2.key</samp> instead.
    isis_authentication_key: <str>

    # This key should not be mixed with ethernet_interfaces[].isis_authentication_mode or ethernet_interfaces[].isis_authentication_key.
    isis_authentication:

      # Authentication settings for level-1 and level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
      both:

        # Configure authentication key type.
        key_type: <str; "0" | "7" | "8a">

        # Password string. `key_type` is required for this setting.
        key: <str>
        key_ids:

            # Configure authentication key-id.
          - id: <int; 1-65535; required; unique>
            algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

            # Configure authentication key type.
            key_type: <str; "0" | "7" | "8a"; required>

            # Password string.
            key: <str; required>

            # SHA digest computation according to rfc5310.
            rfc_5310: <bool>

        # Authentication mode.
        mode: <str; "md5" | "sha" | "text" | "shared-secret">

        # Required settings for authentication mode 'sha'.
        sha:
          key_id: <int; 1-65535; required>

        # Required settings for authentication mode 'shared_secret'.
        shared_secret:
          profile: <str; required>
          algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

        # Disable authentication check on the receive side.
        rx_disabled: <bool>

      # Authentication settings for level-1. 'both' takes precedence over 'level_1' and 'level_2' settings.
      level_1:

        # Configure authentication key type.
        key_type: <str; "0" | "7" | "8a">

        # Password string. `key_type` is required for this setting.
        key: <str>
        key_ids:

            # Configure authentication key-id.
          - id: <int; 1-65535; required; unique>
            algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

            # Configure authentication key type.
            key_type: <str; "0" | "7" | "8a"; required>

            # Password string.
            key: <str; required>

            # SHA digest computation according to rfc5310.
            rfc_5310: <bool>

        # Authentication mode.
        mode: <str; "md5" | "sha" | "text" | "shared-secret">

        # Required settings for authentication mode 'sha'.
        sha:
          key_id: <int; 1-65535; required>

        # Required settings for authentication mode 'shared_secret'.
        shared_secret:
          profile: <str; required>
          algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

        # Disable authentication check on the receive side.
        rx_disabled: <bool>

      # Authentication settings for level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
      level_2:

        # Configure authentication key type.
        key_type: <str; "0" | "7" | "8a">

        # Password string. `key_type` is required for this setting.
        key: <str>
        key_ids:

            # Configure authentication key-id.
          - id: <int; 1-65535; required; unique>
            algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

            # Configure authentication key type.
            key_type: <str; "0" | "7" | "8a"; required>

            # Password string.
            key: <str; required>

            # SHA digest computation according to rfc5310.
            rfc_5310: <bool>

        # Authentication mode.
        mode: <str; "md5" | "sha" | "text" | "shared-secret">

        # Required settings for authentication mode 'sha'.
        sha:
          key_id: <int; 1-65535; required>

        # Required settings for authentication mode 'shared_secret'.
        shared_secret:
          profile: <str; required>
          algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

        # Disable authentication check on the receive side.
        rx_disabled: <bool>
    poe:

      # Disable PoE on a POE capable port. PoE is enabled on all ports that support it by default in EOS.
      disabled: <bool; default=False>

      # Prioritize a port's power in the event that one of the switch's power supplies loses power.
      priority: <str; "critical" | "high" | "medium" | "low">

      # Set the PoE power behavior for a PoE port when the system is rebooted.
      reboot:

        # PoE action for interface.
        action: <str; "maintain" | "power-off">

      # Set the PoE power behavior for a PoE port when the port goes down.
      link_down:

        # PoE action for interface.
        action: <str; "maintain" | "power-off">

        # Number of seconds to delay shutting the power off after a link down event occurs. Default value is 5 seconds in EOS.
        power_off_delay: <int; 1-86400>

      # Set the PoE power behavior for a PoE port when the port is admin down.
      shutdown:

        # PoE action for interface.
        action: <str; "maintain" | "power-off">

      # Override the hardware-negotiated power limit using either wattage or a power class. Note that if using a power class, AVD will automatically convert the class value to the wattage value corresponding to that power class.
      limit:
        class: <int; 0-8>
        watts: <str>

        # Set to ignore hardware classification.
        fixed: <bool>

      # Disable to prevent port from negotiating power with powered devices over LLDP. Enabled by default in EOS.
      negotiation_lldp: <bool>

      # Allow a subset of legacy devices to work with the PoE switch. Disabled by default in EOS because it can cause false positive detections.
      legacy_detect: <bool>
    ptp:
      enable: <bool>
      announce:
        interval: <int>
        timeout: <int>
      delay_req: <int>
      delay_mechanism: <str; "e2e" | "p2p">
      profile:
        g8275_1:
          destination_mac_address: <str; "forwardable" | "non-forwardable">
      sync_message:
        interval: <int>
      role: <str; "master" | "dynamic">

      # VLAN can be 'all' or list of vlans as string.
      vlan: <str>
      transport: <str; "ipv4" | "ipv6" | "layer2">

    # Interface profile.
    profile: <str>
    storm_control:
      all:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      broadcast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      multicast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      unknown_unicast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
    logging:
      event:
        link_status: <bool>
        congestion_drops: <bool>
        spanning_tree: <bool>

        # Discards due to storm-control.
        storm_control_discards: <bool>
    lldp:
      transmit: <bool>
      receive: <bool>

      # ZTP vlan number.
      ztp_vlan: <int>
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.trunk.private_vlan_secondary</samp> instead.
    trunk_private_vlan_secondary: <bool>

    # List of vlans as string.
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.pvlan_mapping</samp> instead.
    pvlan_mapping: <str>
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.vlan_translations</samp> instead.
    vlan_translations:

        # List of vlans as string (only one vlan if direction is "both").
      - from: <str>

        # VLAN ID.
        to: <int>
        direction: <str; "in" | "out" | "both"; default="both">

    # 802.1x
    dot1x:
      port_control: <str; "auto" | "force-authorized" | "force-unauthorized">
      port_control_force_authorized_phone: <bool>
      reauthentication: <bool>
      pae:
        mode: <str; "authenticator">
      authentication_failure:
        action: <str; "allow" | "drop">
        allow_vlan: <int; 1-4094>
      host_mode:
        mode: <str; "multi-host" | "single-host">
        multi_host_authenticated: <bool>
      mac_based_authentication:
        enabled: <bool>
        always: <bool>
        host_mode_common: <bool>

      # Operate interface in per-mac access-list mode.
      mac_based_access_list: <bool>
      timeout:
        idle_host: <int; 10-65535>
        quiet_period: <int; 1-65535>

        # Value can be 60-4294967295 or 'server'.
        reauth_period: <str>
        reauth_timeout_ignore: <bool>
        tx_period: <int; 1-65535>
      reauthorization_request_limit: <int; 1-10>
      unauthorized:
        access_vlan_membership_egress: <bool>
        native_vlan_membership_egress: <bool>
      eapol:
        disabled: <bool>
        authentication_failure_fallback_mba:
          enabled: <bool>
          timeout: <int; 0-65535>
      aaa:

        # Configure AAA timeout options.
        unresponsive:

          # EAP response to send. EOS default is `success`.
          eap_response: <str; "success" | "disabled">

          # Set action for supplicant when AAA times out.
          action:

            # Name of standard access-list to apply when AAA times out.
            traffic_allow_access_list: <str>

            # Use results from a previous AAA response.
            apply_cached_results: <bool>
            cached_results_timeout:

              # Enable caching for a specific duration -
              # <1-10000>      duration in days
              # <1-14400000>   duration in minutes
              # <1-240000>     duration in hours
              # <1-864000000>  duration in seconds
              time_duration: <int; >=1>
              time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>

            # Apply alternate action if primary action fails.
            # eg. aaa unresponsive action apply cached-results else traffic allow
            apply_alternate: <bool>

            # Set action for supplicant traffic when AAA times out.
            traffic_allow: <bool>
            traffic_allow_vlan: <int; 1-4094>

          # Set action for supplicant when AAA times out.
          phone_action:

            # Use results from a previous AAA response.
            apply_cached_results: <bool>
            cached_results_timeout:

              # Enable caching for a specific duration -
              # <1-10000>      duration in days
              # <1-14400000>   duration in minutes
              # <1-240000>     duration in hours
              # <1-864000000>  duration in seconds
              time_duration: <int; >=1>
              time_duration_unit: <str; "days" | "hours" | "minutes" | "seconds"; required>

            # Apply alternate action if primary action fails.
            # eg. aaa unresponsive phone action apply cached-results else traffic allow
            apply_alternate: <bool>

            # Set action for supplicant traffic when AAA times out.
            traffic_allow: <bool>

    # QOS profile.
    service_profile: <str>
    shape:

      # Rate in kbps, pps or percent.
      # Supported options are platform dependent.
      # Examples:
      # - "5000 kbps"
      # - "1000 pps"
      # - "20 percent"
      rate: <str>
    qos:
      trust: <str; "dscp" | "cos" | "disabled">

      # DSCP value.
      dscp: <int>

      # COS value.
      cos: <int>
    spanning_tree_bpdufilter: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
    spanning_tree_bpduguard: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
    spanning_tree_guard: <str; "loop" | "root" | "disabled">
    spanning_tree_portfast: <str; "edge" | "network">
    vmtracer: <bool>
    priority_flow_control:
      enabled: <bool>
      priorities:
        - priority: <int; 0-7; required; unique>
          no_drop: <bool>
    bfd:
      echo: <bool>

      # Interval in milliseconds.
      interval: <int>

      # Rate in milliseconds.
      min_rx: <int>
      multiplier: <int; 3-50>
    service_policy:
      pbr:

        # Policy Based Routing Policy-map name.
        input: <str>
      qos:

        # Quality of Service Policy-map name.
        input: <str; required>
    mpls:
      ip: <bool>
      ldp:
        interface: <bool>
        igp_sync: <bool>
    lacp_timer:
      mode: <str; "fast" | "normal">
      multiplier: <int; 3-3000>
    lacp_port_priority: <int; 0-65535>
    transceiver:

      # Transceiver Laser Frequency in GHz (min 190000, max 200000).
      frequency: <str>

      # Unit of Transceiver Laser Frequency.
      frequency_unit: <str; "ghz">
      media:

        # Transceiver type.
        override: <str>
    ip_proxy_arp: <bool>
    traffic_policy:

      # Ingress traffic policy.
      input: <str>

      # Egress traffic policy.
      output: <str>
    bgp:

      # Name of session tracker.
      session_tracker: <str>
    ip_igmp_host_proxy:
      enabled: <bool>
      groups:

          # Multicast Address.
        - group: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          exclude:
            - source: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          include:
            - source: <str; required; unique>

      # Time interval between unsolicited reports.
      report_interval: <int; 1-31744>

      # Non-standard Access List name.
      access_lists:
        - name: <str; required; unique>

      # IGMP version on IGMP host-proxy interface.
      version: <int; 1-3>

    # Key only used for documentation or validation purposes.
    peer: <str>

    # Key only used for documentation or validation purposes.
    peer_interface: <str>

    # Key only used for documentation or validation purposes.
    peer_type: <str>
    sflow:
      enable: <bool>
      egress:
        enable: <bool>
        unmodified_enable: <bool>
    sync_e:
      enable: <bool>

      # The priority is used to influence the reference clock selection. The EOS default priority is 127. The priority can be configured to any integer between 1-255, or set to `disabled`.
      priority: <str>

    # Key only used for documentation or validation purposes.
    port_profile: <str>
    uc_tx_queues:

        # TX-Queue ID.
      - id: <int; required; unique>
        random_detect:

          # Explicit Congestion Notification.
          ecn:

            # Enable counter for random-detect ECNs.
            count: <bool>
            threshold:

              # Indicate the units to be used for the threshold values.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>

              # Set the random-detect ECN minimum-threshold.
              min: <int; 1-256000000; required>

              # Set the random-detect ECN maximum-threshold.
              max: <int; 1-256000000; required>

              # Set the random-detect ECN max-mark-probability.
              max_probability: <int; 1-100>

              # Set the random-detect ECN weight.
              weight: <int; 0-15>
    tx_queues:

        # TX-Queue ID.
      - id: <int; required; unique>
        random_detect:

          # Explicit Congestion Notification.
          ecn:

            # Enable counter for random-detect ECNs.
            count: <bool>
            threshold:

              # Indicate the units to be used for the threshold values.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>

              # Set the random-detect ECN minimum-threshold.
              min: <int; 1-256000000>

              # Set the random-detect ECN maximum-threshold.
              max: <int; 1-256000000; required>

              # Set the random-detect ECN max-mark-probability.
              max_probability: <int; 1-100; required>

              # Set the random-detect ECN weight.
              weight: <int; 0-15>

    # VRRP model.
    vrrp_ids:

        # VRID.
      - id: <int; required; unique>

        # Instance priority.
        priority_level: <int; 1-254>
        advertisement:

          # Interval in seconds.
          interval: <int; 1-255>
        preempt:
          enabled: <bool; required>
          delay:

            # Minimum preempt delay in seconds.
            minimum: <int; 0-3600>

            # Reload preempt delay in seconds.
            reload: <int; 0-3600>
        timers:
          delay:

            # Delay after reload in seconds.
            reload: <int; 0-3600>
        tracked_object:

            # Tracked object name.
          - name: <str; required; unique>

            # Decrement VRRP priority by 1-254.
            decrement: <int; 1-254>
            shutdown: <bool>
        ipv4:

          # Virtual IPv4 address.
          address: <str; required>
          version: <int; 2 | 3>
        ipv6:

          # Virtual IPv6 address.
          address: <str; required>

    # Set to false to disable interface state and LLDP topology validation performed by the `eos_validate_state` role.
    validate_state: <bool>

    # Set to false to disable the LLDP topology validation performed by the `eos_validate_state` role.
    validate_lldp: <bool>

    # This should not be combined with `ethernet_interfaces[].type = switched/routed`.
    switchport:

      # Warning: This should not be combined with `ethernet_interfaces[].type = routed`.
      enabled: <bool>

      # Warning: This should not be combined with `ethernet_interfaces[].mode`.
      mode: <str; "access" | "dot1q-tunnel" | "trunk" | "trunk phone">

      # Set VLAN when interface is in access mode.
      # Warning: This should not be combined with `ethernet_interfaces[].mode = access/dot1q-tunnel` and `ethernet_interface[].vlans`.
      access_vlan: <int; 1-4094>
      trunk:

        # VLAN ID or range(s) of VLAN IDs.
        # Warning: This should not be combined with `ethernet_interfaces[].mode = trunk` and `ethernet_interface[].vlans`.
        allowed_vlan: <str>

        # Set native VLAN when interface is in trunking mode.
        # Warning: This should not be combined with `ethernet_interfaces[].native_vlan`.
        native_vlan: <int; 1-4094>

        # If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
        # Warning: This should not be combined with `ethernet_interfaces[].native_vlan_tag`.
        native_vlan_tag: <bool>

        # Enable secondary VLAN mapping for a private vlan.
        # Warning: This should not be combined with `ethernet_ineterfaces[].trunk_private_vlan_secondary`.
        private_vlan_secondary: <bool>

        # Warning: This should not be combined with `ethernet_ineterfaces[].trunk_groups`.
        groups:

            # Trunk group name.
          - <str>

      # Warning: This should not be combined with `ethernet_interfaces[].phone`.
      phone:

        # Warning: This should not be combined with `ethernet_interfaces[].phone.vlan`.
        vlan: <int; 1-4094>

        # Warning: This should not be combined with `ethernet_interfaces[].phone.trunk`.
        trunk: <str; "tagged" | "tagged phone" | "untagged" | "untagged phone">

      # Secondary VLAN IDs of the private VLAN mapping.
      # Warning: This should not be combined with `ethernet_interfaces[].pvlan_mapping`.
      pvlan_mapping: <str>
      dot1q:

        # Ethertype/TPID (Tag Protocol IDentifier) for VLAN tagged frames.
        ethertype: <int; 1536-65535>

        # Allow/disallow VLAN tagged frames.
        vlan_tag: <str; "disallowed" | "required">

      # tx: Allow bridged traffic to go out of the source interface.
      # tx multicast: Allow multicast traffic only to go out of the source interface.
      source_interface: <str; "tx" | "tx multicast">

      # VLAN Translation mappings.
      # Warning: This should not be combined with `ethernet_interfaces[].vlan_translations`.
      vlan_translations:

        # Drop the ingress traffic that do not match any VLAN mapping.
        in_required: <bool>

        # Drop the egress traffic that do not match any VLAN mapping.
        out_required: <bool>

        # Map ingress traffic only.
        direction_in:

            # VLAN ID or range of VLAN IDs to map from. Range 1-4094.
          - from: <str; required>

            # VLAN ID to map to.
            to: <int; 1-4094; required>
            dot1q_tunnel: <bool>

            # Inner VLAN ID to map from.
            inner_vlan_from: <int; 1-4094>

        # Map egress traffic only.
        direction_out:

            # VLAN ID or range of VLAN IDs to map from. Range 1-4094.
          - from: <str; required>

            # VLAN ID to map to.
            to: <int; 1-4094>

            # VLAN ID or range of VLAN IDs or "all". Range 1-4094.
            # This takes precedence over `to` and `inner_vlan_to`.
            dot1q_tunnel_to: <str>

            # Inner VLAN ID to map to.
            inner_vlan_to: <int; 1-4094>

        # Map both egress and ingress traffic.
        direction_both:

            # VLAN ID or range of VLAN IDs to map from. Range 1-4094.
          - from: <str; required>

            # VLAN ID to map to.
            to: <int; 1-4094; required>
            dot1q_tunnel: <bool>

            # Inner VLAN ID to map from.
            inner_vlan_from: <int; 1-4094>

            # Enable use of network-side VLAN ID.
            # This setting can only be enabled when `inner_vlan_from` is defined.
            network: <bool>
      vlan_forwarding_accept_all: <bool>
      backup_link:

        # Backup interface. Example - Ethernet4, Vlan10 etc.
        interface: <str>

        # VLANs to carry on the backup interface (1-4094).
        prefer_vlan: <str>

      # The `backup_link` is required for this setting.
      backup:

        # Destination MAC address for MAC move updates.
        # The mac address should be multicast or broadcast.
        # Example: 01:00:00:00:00:00
        dest_macaddr: <str>

        # Initial MAC move delay in milliseconds.
        initial_mac_move_delay: <int; 0-65535>

        # Size of MAC move bursts.
        mac_move_burst: <int; 0-65535>

        # MAC move burst interval in milliseconds.
        mac_move_burst_interval: <int; 0-65535>

        # Preemption delay in milliseconds.
        preemption_delay: <int; 0-65535>
      port_security:
        enabled: <bool>

        # Maximum number of MAC addresses allowed on the interface.
        mac_address_maximum:

          # Disable port level check for port security (only in violation 'shutdown' mode).
          disabled: <bool>

          # MAC address limit.
          limit: <int; 1-1000>

        # Configure violation mode (shutdown or protect), EOS default is 'shutdown'.
        violation:

          # Configure port security mode.
          mode: <str; "shutdown" | "protect">

          # Log new addresses seen after limit is reached in protect mode.
          protect_log: <bool>

        # Default maximum MAC addresses for all VLANs on this interface.
        vlan_default_mac_address_maximum: <int; 0-1000>
        vlans:

            # VLAN ID or range(s) of VLAN IDs, <1-4094>.
            # Example:
            #   - 3
            #   - 1,3
            #   - 1-10
          - range: <str; required; unique>
            mac_address_maximum: <int; required>

    # Multiline EOS CLI rendered directly on the ethernet interface in the final EOS configuration.
    eos_cli: <str>

Interface defaults

Variable Type Required Default Value Restrictions Description
interface_defaults Dictionary
  ethernet Dictionary
    shutdown Boolean
  mtu Integer
interface_defaults:
  ethernet:
    shutdown: <bool>
  mtu: <int>

Interface profiles

Variable Type Required Default Value Restrictions Description
interface_profiles List, items: Dictionary
  - name String Required, Unique Interface-Profile Name.
    commands List, items: String Required
      - <str> String EOS CLI interface command.
Example: “switchport mode access”
interface_profiles:

    # Interface-Profile Name.
  - name: <str; required; unique>
    commands: # required

        # EOS CLI interface command.
        # Example: "switchport mode access"
      - <str>

LACP

Variable Type Required Default Value Restrictions Description
lacp Dictionary Set Link Aggregation Control Protocol (LACP) parameters.
  port_id Dictionary LACP port-ID range configuration.
    range Dictionary
      begin Integer Minimum LACP port-ID range.
      end Integer Maximum LACP port-ID range.
  rate_limit Dictionary Set LACPDU rate limit options.
    default Boolean Enable LACPDU rate limiting by default on all ports.
  system_priority Integer Min: 0
Max: 65535
Set local system LACP priority.
# Set Link Aggregation Control Protocol (LACP) parameters.
lacp:

  # LACP port-ID range configuration.
  port_id:
    range:

      # Minimum LACP port-ID range.
      begin: <int>

      # Maximum LACP port-ID range.
      end: <int>

  # Set LACPDU rate limit options.
  rate_limit:

    # Enable LACPDU rate limiting by default on all ports.
    default: <bool>

  # Set local system LACP priority.
  system_priority: <int; 0-65535>
Variable Type Required Default Value Restrictions Description
link_tracking_groups List, items: Dictionary
  - name String Required, Unique
    links_minimum Integer Min: 1
Max: 100000
    recovery_delay Integer Min: 0
Max: 3600
link_tracking_groups:
  - name: <str; required; unique>
    links_minimum: <int; 1-100000>
    recovery_delay: <int; 0-3600>

LLDP

Variable Type Required Default Value Restrictions Description
lldp Dictionary
  timer Integer
  timer_reinitialization String
  holdtime Integer
  management_address String
  vrf String
  receive_packet_tagged_drop String
  tlvs List, items: Dictionary
    - name String Required, Unique Valid Values:
- link-aggregation
- management-address
- max-frame-size
- med
- port-description
- port-vlan
- power-via-mdi
- system-capabilities
- system-description
- system-name
- vlan-name
      transmit Boolean
  run Boolean
lldp:
  timer: <int>
  timer_reinitialization: <str>
  holdtime: <int>
  management_address: <str>
  vrf: <str>
  receive_packet_tagged_drop: <str>
  tlvs:
    - name: <str; "link-aggregation" | "management-address" | "max-frame-size" | "med" | "port-description" | "port-vlan" | "power-via-mdi" | "system-capabilities" | "system-description" | "system-name" | "vlan-name"; required; unique>
      transmit: <bool>
  run: <bool>

Loopback interfaces

Variable Type Required Default Value Restrictions Description
loopback_interfaces List, items: Dictionary
  - name String Required, Unique Loopback interface name e.g. “Loopback0”.
    description String
    shutdown Boolean
    vrf String VRF name.
    ip_address String IPv4_address/Mask.
    ip_address_secondaries List, items: String
      - <str> String IPv4_address/Mask.
    ipv6_enable Boolean
    ipv6_address String IPv6_address/Mask.
    ip_proxy_arp Boolean
    ospf_area String
    mpls Dictionary
      ldp Dictionary
        interface Boolean
    isis_enable String ISIS instance name.
    isis_bfd Boolean Enable BFD for ISIS.
    isis_passive Boolean
    isis_metric Integer
    isis_network_point_to_point Boolean
    node_segment Dictionary
      ipv4_index Integer
      ipv6_index Integer
    eos_cli String EOS CLI rendered directly on the loopback interface in the final EOS configuration.
loopback_interfaces:

    # Loopback interface name e.g. "Loopback0".
  - name: <str; required; unique>
    description: <str>
    shutdown: <bool>

    # VRF name.
    vrf: <str>

    # IPv4_address/Mask.
    ip_address: <str>
    ip_address_secondaries:

        # IPv4_address/Mask.
      - <str>
    ipv6_enable: <bool>

    # IPv6_address/Mask.
    ipv6_address: <str>
    ip_proxy_arp: <bool>
    ospf_area: <str>
    mpls:
      ldp:
        interface: <bool>

    # ISIS instance name.
    isis_enable: <str>

    # Enable BFD for ISIS.
    isis_bfd: <bool>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    node_segment:
      ipv4_index: <int>
      ipv6_index: <int>

    # EOS CLI rendered directly on the loopback interface in the final EOS configuration.
    eos_cli: <str>

Management interfaces

Variable Type Required Default Value Restrictions Description
management_interfaces List, items: Dictionary
  - name String Required, Unique Management Interface Name.
    description String
    shutdown Boolean
    speed String Speed should be set in the format <interface_speed> or forced <interface_speed> or auto <interface_speed>.
    mtu Integer
    vrf String VRF Name.
    ip_address String IPv4_address/Mask.
    ipv6_enable Boolean
    ipv6_address String IPv6_address/Mask.
    type String oob Valid Values:
- oob
- inband
For documentation purposes only.
    gateway String IPv4 address of default gateway in management VRF.
    ipv6_gateway String IPv6 address of default gateway in management VRF.
    mac_address String MAC address.
    lldp Dictionary
      transmit Boolean
      receive Boolean
      ztp_vlan Integer ZTP vlan number.
    eos_cli String Multiline EOS CLI rendered directly on the management interface in the final EOS configuration.
management_interfaces:

    # Management Interface Name.
  - name: <str; required; unique>
    description: <str>
    shutdown: <bool>

    # Speed should be set in the format `<interface_speed>` or `forced <interface_speed>` or `auto <interface_speed>`.
    speed: <str>
    mtu: <int>

    # VRF Name.
    vrf: <str>

    # IPv4_address/Mask.
    ip_address: <str>
    ipv6_enable: <bool>

    # IPv6_address/Mask.
    ipv6_address: <str>

    # For documentation purposes only.
    type: <str; "oob" | "inband"; default="oob">

    # IPv4 address of default gateway in management VRF.
    gateway: <str>

    # IPv6 address of default gateway in management VRF.
    ipv6_gateway: <str>

    # MAC address.
    mac_address: <str>
    lldp:
      transmit: <bool>
      receive: <bool>

      # ZTP vlan number.
      ztp_vlan: <int>

    # Multiline EOS CLI rendered directly on the management interface in the final EOS configuration.
    eos_cli: <str>

Patch panel

Variable Type Required Default Value Restrictions Description
patch_panel Dictionary
  connector Dictionary
    interface Dictionary
      patch Dictionary
        bgp_vpws_remote_failure_errdisable Boolean
      recovery Dictionary
        review_delay Dictionary
          min Integer Required Min: 10
Max: 600
Minimum delay.
          max Integer Required Min: 15
Max: 900
Maximum delay.
  patches List, items: Dictionary
    - name String Required, Unique
      enabled Boolean
      connectors List, items: Dictionary Min Length: 2
Max Length: 2
Must have exactly two connectors to a patch of which at least one must be of type “interface”.
        - id String Required, Unique
          type String Required Valid Values:
- interface
- pseudowire
          endpoint String Required String with relevant endpoint depending on type.
Examples:
- “Ethernet1”
- “Ethernet1 dot1q vlan 123”
- “bgp vpws TENANT_A pseudowire VPWS_PW_1”
- “ldp LDP_PW_1”
patch_panel:
  connector:
    interface:
      patch:
        bgp_vpws_remote_failure_errdisable: <bool>
      recovery:
        review_delay:

          # Minimum delay.
          min: <int; 10-600; required>

          # Maximum delay.
          max: <int; 15-900; required>
  patches:
    - name: <str; required; unique>
      enabled: <bool>

      # Must have exactly two connectors to a patch of which at least one must be of type "interface".
      connectors: # 2-2 items
        - id: <str; required; unique>
          type: <str; "interface" | "pseudowire"; required>

          # String with relevant endpoint depending on type.
          # Examples:
          # - "Ethernet1"
          # - "Ethernet1 dot1q vlan 123"
          # - "bgp vpws TENANT_A pseudowire VPWS_PW_1"
          # - "ldp LDP_PW_1"
          endpoint: <str; required>

Port-channel interfaces

Variable Type Required Default Value Restrictions Description
port_channel_interfaces List, items: Dictionary
  - name String Required, Unique
    description String
    profile String Interface profile.
    logging Dictionary
      event Dictionary
        link_status Boolean
        storm_control_discards Boolean Discards due to storm-control.
    shutdown Boolean
    l2_mtu Integer Min: 68
Max: 65535
“l2_mtu” should only be defined for platforms supporting the “l2 mtu” CLI.
    l2_mru Integer Min: 68
Max: 65535
“l2_mru” should only be defined for platforms supporting the “l2 mru” CLI.
    vlans deprecated String List of switchport vlans as string.
For a trunk port this would be a range like “1-200,300”.
For an access port this would be a single vlan “123”.
This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.access_vlan or switchport.trunk.allowed_vlan instead.
    snmp_trap_link_change Boolean
    type deprecated String Valid Values:
- routed
- switched
- l3dot1q
- l2dot1q
l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
Interface will not be listed in device documentation, unless “type” is set.
This key is deprecated. Support will be removed in AVD version 6.0.0. See here for details.
    encapsulation_dot1q_vlan deprecated Integer VLAN tag to configure on sub-interface.This key is deprecated. Support will be removed in AVD version 6.0.0. Use encapsulation_dot1q.vlan instead.
    encapsulation_dot1q Dictionary Warning: encapsulation_dot1q should not be combined with ethernet_interfaces[].type: l3dot1q or ethernet_interfaces[].type: l2dot1q.
      vlan Integer Required Min: 1
Max: 4094
VLAD ID.
      inner_vlan Integer Min: 1
Max: 4094
Inner VLAN ID. This setting can only be applied to sub-interfaces on EOS.
    vrf String VRF name.
    encapsulation_vlan Dictionary This setting can only be applied to sub-interfaces on EOS.
Warning: encapsulation_vlan should not be combined with ethernet_interfaces[].type: l3dot1q or ethernet_interfaces[].type: l2dot1q.
      client Dictionary
        dot1q deprecated Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0.
          vlan Integer Client VLAN ID.
          outer Integer Min: 1
Max: 4094
Client Outer VLAN ID.
          inner Integer Min: 1
Max: 4094
Client Inner VLAN ID.
        unmatched deprecated Boolean This key is deprecated. Support will be removed in AVD version 6.0.0.
        encapsulation String Valid Values:
- dot1q
- dot1ad
- unmatched
- untagged
        vlan Integer Min: 1
Max: 4094
Client VLAN ID. Not applicable for encapsulation: untagged or encapsulation: unmatched.
        outer_vlan Integer Min: 1
Max: 4094
Client Outer VLAN ID. Not applicable for encapsulation: untagged or encapsulation: unmatched.
        inner_vlan Integer Min: 1
Max: 4094
Client Inner VLAN ID. Not applicable for encapsulation: untagged or encapsulation: unmatched.
        inner_encapsulation String Valid Values:
- dot1q
- dot1ad
      network Dictionary Network encapsulation are all optional, and skipped if using client unmatched.
        dot1q deprecated Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0.
          vlan Integer Min: 1
Max: 4094
Network VLAN ID.
          outer Integer Min: 1
Max: 4094
Network Outer VLAN ID.
          inner Integer Min: 1
Max: 4094
Network Inner VLAN ID.
        client deprecated Boolean This key is deprecated. Support will be removed in AVD version 6.0.0.
        encapsulation String Valid Values:
- dot1q
- dot1ad
- client
- client inner
- untagged
untagged (no encapsulation) is applicable for untagged client only.
client and client inner (retain client encapsulation) is not applicable for untagged client.
        vlan Integer Min: 1
Max: 4094
Network VLAN ID. Not applicable for encapsulation: untagged or encapsulation: client.
        outer_vlan Integer Min: 1
Max: 4094
Network outer VLAN ID. Not applicable for encapsulation: untagged or encapsulation: client.
        inner_vlan Integer Min: 1
Max: 4094
Network inner VLAN ID. Not applicable for encapsulation: untagged or encapsulation: client.
        inner_encapsulation String Valid Values:
- dot1q
- dot1ad
    vlan_id Integer Min: 1
Max: 4094
This setting can only be applied to sub-interfaces on EOS.
Warning: vlan_id should not be combined with ethernet_interfaces[].type == l2dot1q.
    mode deprecated String Valid Values:
- access
- dot1q-tunnel
- trunk
- trunk phone
This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.mode instead.
    native_vlan deprecated Integer If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.trunk.native_vlan instead.
    native_vlan_tag deprecated Boolean If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.trunk.native_vlan_tag instead.
    link_tracking_groups List, items: Dictionary
      - name String Required, Unique Group name.
        direction String Valid Values:
- upstream
- downstream
    link_tracking Dictionary
      direction String Valid Values:
- upstream
- downstream
      groups List, items: String Link state group(s) an interface belongs to.
        - <str> String Group names.
    phone deprecated Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.phone instead.
      trunk String Valid Values:
- tagged
- untagged
      vlan Integer Min: 1
Max: 4094
    l2_protocol Dictionary
      encapsulation_dot1q_vlan Integer Vlan tag to configure on sub-interface.
      forwarding_profile String L2 protocol forwarding profile.
    mtu Integer Min: 68
Max: 65535
    mlag Integer Min: 1
Max: 2000
MLAG ID.
    trunk_groups deprecated List, items: String This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.trunk.groups instead.
      - <str> String
    lacp_fallback_timeout Integer Min: 0
Max: 300
Timeout in seconds. EOS default is 90 seconds.
    lacp_fallback_mode String Valid Values:
- individual
- static
    qos Dictionary
      trust String Valid Values:
- dscp
- cos
- disabled
      dscp Integer DSCP value.
      cos Integer COS value.
    bfd Dictionary
      echo Boolean
      interval Integer Interval in milliseconds.
      min_rx Integer Rate in milliseconds.
      multiplier Integer Min: 3
Max: 50
      neighbor String IPv4 or IPv6 address. When the Port-channel is a L2 interface, a local L3 BFD address (router_bfd.local_address) has to be defined globally on the switch.
      per_link Dictionary
        enabled Boolean
        rfc_7130 Boolean
    service_policy Dictionary
      pbr Dictionary
        input String Policy Based Routing Policy-map name.
      qos Dictionary
        input String Required Quality of Service Policy-map name.
    mpls Dictionary
      ip Boolean
      ldp Dictionary
        interface Boolean
        igp_sync Boolean
    trunk_private_vlan_secondary deprecated Boolean This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.trunk.private_vlan_secondary instead.
    pvlan_mapping deprecated String List of vlans as string.This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.pvlan_mapping instead.
    vlan_translations deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0. Use switchport.vlan_translations instead.
      - from String List of vlans as string (only one vlan if direction is “both”).
        to Integer VLAN ID.
        direction String both Valid Values:
- in
- out
- both
    shape Dictionary
      rate String Rate in kbps, pps or percent.
Supported options are platform dependent.
Examples:
- “5000 kbps”
- “1000 pps”
- “20 percent”
    storm_control Dictionary
      all Dictionary
        level String Configure maximum storm-control level.
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent.
      broadcast Dictionary
        level String Configure maximum storm-control level.
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent.
      multicast Dictionary
        level String Configure maximum storm-control level.
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent.
      unknown_unicast Dictionary
        level String Configure maximum storm-control level.
        unit String percent Valid Values:
- percent
- pps
Optional field and is hardware dependent.
    ip_proxy_arp Boolean
    isis_enable String ISIS instance.
    isis_bfd Boolean Enable BFD for ISIS.
    isis_passive Boolean
    isis_metric Integer
    isis_network_point_to_point Boolean
    isis_circuit_type String Valid Values:
- level-1-2
- level-1
- level-2
    isis_hello_padding Boolean
    isis_authentication_mode deprecated String Valid Values:
- text
- md5
This key is deprecated. Support will be removed in AVD version v6.0.0. Use port_channel_interfaces[].isis_authentication.both.mode or port_channel_interfaces[].isis_authentication.level_1.mode or port_channel_interfaces[].isis_authentication.level_2.mode instead.
    isis_authentication_key deprecated String Type-7 encrypted password.This key is deprecated. Support will be removed in AVD version v6.0.0. Use port_channel_interfaces[].isis_authentication.both.key or port_channel_interfaces[].isis_authentication.level_1.key or port_channel_interfaces[].isis_authentication.level_2.key instead.
    isis_authentication Dictionary This key should not be mixed with port_channel_interfaces[].isis_authentication_mode or ethernet_interfaces[].isis_authentication_key.
      both Dictionary Authentication settings for level-1 and level-2. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
        key_type String Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
        key String Password string. key_type is required for this setting.
        key_ids List, items: Dictionary
          - id Integer Required, Unique Min: 1
Max: 65535
Configure authentication key-id.
            algorithm String Required Valid Values:
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
            key_type String Required Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
            key String Required Password string.
            rfc_5310 Boolean SHA digest computation according to rfc5310.
        mode String Valid Values:
- md5
- sha
- text
- shared-secret
Authentication mode.
        sha Dictionary Required settings for authentication mode ‘sha’.
          key_id Integer Required Min: 1
Max: 65535
        shared_secret Dictionary Required settings for authentication mode ‘shared_secret’.
          profile String Required
          algorithm String Required Valid Values:
- md5
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
        rx_disabled Boolean Disable authentication check on the receive side.
      level_1 Dictionary Authentication settings for level-1. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
        key_type String Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
        key String Password string. key_type is required for this setting.
        key_ids List, items: Dictionary
          - id Integer Required, Unique Min: 1
Max: 65535
Configure authentication key-id.
            algorithm String Required Valid Values:
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
            key_type String Required Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
            key String Required Password string.
            rfc_5310 Boolean SHA digest computation according to rfc5310.
        mode String Valid Values:
- md5
- sha
- text
- shared-secret
Authentication mode.
        sha Dictionary Required settings for authentication mode ‘sha’.
          key_id Integer Required Min: 1
Max: 65535
        shared_secret Dictionary Required settings for authentication mode ‘shared_secret’.
          profile String Required
          algorithm String Required Valid Values:
- md5
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
        rx_disabled Boolean Disable authentication check on the receive side.
      level_2 Dictionary Authentication settings for level-2. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
        key_type String Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
        key String Password string. key_type is required for this setting.
        key_ids List, items: Dictionary
          - id Integer Required, Unique Min: 1
Max: 65535
Configure authentication key-id.
            algorithm String Required Valid Values:
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
            key_type String Required Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
            key String Required Password string.
            rfc_5310 Boolean SHA digest computation according to rfc5310.
        mode String Valid Values:
- md5
- sha
- text
- shared-secret
Authentication mode.
        sha Dictionary Required settings for authentication mode ‘sha’.
          key_id Integer Required Min: 1
Max: 65535
        shared_secret Dictionary Required settings for authentication mode ‘shared_secret’.
          profile String Required
          algorithm String Required Valid Values:
- md5
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
        rx_disabled Boolean Disable authentication check on the receive side.
    traffic_policy Dictionary
      input String Ingress traffic policy.
      output String Egress traffic policy.
    evpn_ethernet_segment Dictionary
      identifier String EVPN Ethernet Segment Identifier (Type 1 format).
      redundancy String Valid Values:
- all-active
- single-active
      designated_forwarder_election Dictionary
        algorithm String Valid Values:
- modulus
- preference
        preference_value Integer Min: 0
Max: 65535
Preference_value is only used when “algorithm” is “preference”.
        dont_preempt Boolean False Dont_preempt is only used when “algorithm” is “preference”.
        hold_time Integer
        subsequent_hold_time Integer
        candidate_reachability_required Boolean
      mpls Dictionary
        shared_index Integer Min: 1
Max: 1024
        tunnel_flood_filter_time Integer
      route_target String EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
    lacp_id String LACP ID with format xxxx.xxxx.xxxx.
    spanning_tree_bpdufilter String Valid Values:
- enabled
- disabled
- True
- False
- true
- false
    spanning_tree_bpduguard String Valid Values:
- enabled
- disabled
- True
- False
- true
- false
    spanning_tree_guard String Valid Values:
- loop
- root
- disabled
    spanning_tree_portfast String Valid Values:
- edge
- network
    vmtracer Boolean
    ptp Dictionary
      enable Boolean
      announce Dictionary
        interval Integer
        timeout Integer
      delay_req Integer
      delay_mechanism String Valid Values:
- e2e
- p2p
      profile Dictionary
        g8275_1 Dictionary
          destination_mac_address String Valid Values:
- forwardable
- non-forwardable
      sync_message Dictionary
        interval Integer
      role String Valid Values:
- master
- dynamic
      vlan String VLAN can be ‘all’ or list of vlans as string.
      transport String Valid Values:
- ipv4
- ipv6
- layer2
      mpass Boolean When MPASS is enabled on an MLAG port-channel, MLAG peers coordinate to function as a single PTP logical device.
Arista PTP enabled devices always place PTP messages on the same physical link within the port-channel.
Hence, MPASS is needed only on MLAG port-channels connected to non-Arista devices.
    ip_address String IPv4 address/mask.
    ip_verify_unicast_source_reachable_via String Valid Values:
- any
- rx
    ip_nat Dictionary
      destination Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            pool_name String Required
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive.
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive.
            original_ip String IPv4 address. The combination of original_ip and original_port must be unique.
            original_port Integer Min: 1
Max: 65535
TCP/UDP port. The combination of original_ip and original_port must be unique.
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address.
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’.
      source Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            nat_type String Required Valid Values:
- overload
- pool
- pool-address-only
- pool-full-cone
            pool_name String required if ‘nat_type’ is pool, pool-address-only or pool-full-cone.
ignored if ‘nat_type’ is overload.
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive.
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive.
            original_ip String IPv4 address. The combination of original_ip and original_port must be unique.
            original_port Integer Min: 1
Max: 65535
TCP/UDP port. The combination of original_ip and original_port must be unique.
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address.
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’.
    ipv6_enable Boolean
    ipv6_address String IPv6 address/mask.
    ipv6_address_link_local String Link local IPv6 address/mask.
    ipv6_nd_ra_disabled Boolean
    ipv6_nd_managed_config_flag Boolean
    ipv6_nd_prefixes List, items: Dictionary
      - ipv6_prefix String Required, Unique
        valid_lifetime String Infinite or lifetime in seconds.
        preferred_lifetime String Infinite or lifetime in seconds.
        no_autoconfig_flag Boolean
    access_group_in String Access list name.
    access_group_out String Access list name.
    ipv6_access_group_in String IPv6 access list name.
    ipv6_access_group_out String IPv6 access list name.
    mac_access_group_in String MAC access list name.
    mac_access_group_out String MAC access list name.
    pim Dictionary
      ipv4 Dictionary
        border_router Boolean Configure PIM border router. EOS default is false.
        dr_priority Integer Min: 0
Max: 429467295
        sparse_mode Boolean
        bfd Boolean Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
        bidirectional Boolean
        hello Dictionary
          count String Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
          interval Integer Min: 1
Max: 65535
PIM hello interval in seconds.
    service_profile String QOS profile.
    ospf_network_point_to_point Boolean
    ospf_area String
    ospf_cost Integer
    ospf_authentication String Valid Values:
- none
- simple
- message-digest
    ospf_authentication_key String Encrypted password.
    ospf_message_digest_keys List, items: Dictionary
      - id Integer Required, Unique
        hash_algorithm String Valid Values:
- md5
- sha1
- sha256
- sha384
- sha512
        key String Encrypted password.
    flow_tracker Dictionary
      sampled String Sampled flow tracker name.
      hardware String Hardware flow tracker name.
    bgp Dictionary
      session_tracker String Name of session tracker.
    ip_igmp_host_proxy Dictionary
      enabled Boolean
      groups List, items: Dictionary
        - group String Required, Unique Multicast Address.
          exclude List, items: Dictionary The same source must not be present both in exclude and include list.
            - source String Required, Unique
          include List, items: Dictionary The same source must not be present both in exclude and include list.
            - source String Required, Unique
      report_interval Integer Min: 1
Max: 31744
Time interval between unsolicited reports.
      access_lists List, items: Dictionary Non-standard Access List name.
        - name String Required, Unique
      version Integer Min: 1
Max: 3
IGMP version on IGMP host-proxy interface.
    peer String Key only used for documentation or validation purposes.
    peer_interface String Key only used for documentation or validation purposes.
    peer_type String Key only used for documentation or validation purposes.
    sflow Dictionary
      enable Boolean
      egress Dictionary
        enable Boolean
        unmodified_enable Boolean
    switchport Dictionary
      enabled Boolean Warning: This should not be combined with port_channel_interfaces[].type = routed.
      mode String Valid Values:
- access
- dot1q-tunnel
- trunk
- trunk phone
Warning: This should not be combined with port_channel_interfaces[].mode
      access_vlan Integer Min: 1
Max: 4094
Set VLAN when interface is in access mode.
Warning: This should not be combined with port_channel_interfaces[].mode = access/dot1q-tunnel and port_channel_interface.vlans.
      trunk Dictionary
        allowed_vlan String VLAN ID or range(s) of VLAN IDs (1-4094).
Warning: This should not be combined with port_channel_interfaces[].mode = trunk and port_channel_interfaces[].vlans.
        native_vlan Integer Min: 1
Max: 4094
Set native VLAN when interface is in trunking mode.
Warning: This should not be combined with port_channel_interfaces[].native_vlan.
        native_vlan_tag Boolean If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
Warning: This should not be combined with port_channel_interfaces[].native_vlan_tag.
        private_vlan_secondary Boolean Enable secondary VLAN mapping for a private vlan.
Warning: This should not be combined with port_channel_interfaces[].trunk_private_vlan_secondary.
        groups List, items: String Warning: This should not be combined with port_channel_interfaces[].trunk_groups.
          - <str> String Trunk group name.
      phone Dictionary
        vlan Integer Min: 1
Max: 4094
Warning: This should not be combined with port_channel_interfaces[].phone.vlan.
        trunk String Valid Values:
- tagged
- tagged phone
- untagged
- untagged phone
Warning: This should not be combined with port_channel_interfaces[].phone.trunk
      pvlan_mapping String Secondary VLAN IDs of the private VLAN mapping.
Warning: This should not be combined with port_channel_interfaces[].pvlan_mapping.
      dot1q Dictionary
        ethertype Integer Min: 1536
Max: 65535
Ethertype/TPID (Tag Protocol IDentifier) for VLAN tagged frames.
        vlan_tag String Valid Values:
- disallowed
- required
      source_interface String Valid Values:
- tx
- tx multicast
tx: Allow bridged traffic to go out of the source interface.
tx multicast: Allow multicast traffic only to go out of the source interface.
      vlan_translations Dictionary VLAN Translation mappings.
Warning: This should not be combined with port_channel_interfaces[].vlan_translations.
        in_required Boolean Drop the ingress traffic that do not match any VLAN mapping.
        out_required Boolean Drop the egress traffic that do not match any VLAN mapping.
        direction_in List, items: Dictionary Map ingress traffic only.
          - from String VLAN ID or range of VLAN IDs to map from. Range 1-4094.
            to Integer Min: 1
Max: 4094
VLAN ID to map to.
            dot1q_tunnel Boolean
            inner_vlan_from Integer Min: 1
Max: 4094
Inner VLAN ID to map from.
        direction_out List, items: Dictionary Map egress traffic only.
          - from String Required VLAN ID or range of VLAN IDs to map from. Range 1-4094.
            to Integer Min: 1
Max: 4094
VLAN ID to map to.
            dot1q_tunnel_to String VLAN ID or range of VLAN IDs or “all”. Range 1-4094.
This takes precedence over to and inner_vlan_to.
            inner_vlan_to Integer Min: 1
Max: 4094
Inner VLAN ID to map to.
        direction_both List, items: Dictionary Map both egress and ingress traffic.
          - from String Required VLAN ID or range of VLAN IDs to map from. Range 1-4094.
            to Integer Required Min: 1
Max: 4094
VLAN ID to map to.
            dot1q_tunnel Boolean
            inner_vlan_from Integer Min: 1
Max: 4094
Inner VLAN ID to map from.
            network Boolean Enable use of network-side VLAN ID.
This setting can only be enabled when inner_vlan_from is defined.
      vlan_forwarding_accept_all Boolean
      backup_link Dictionary
        interface String Required Backup interface. Example - Ethernet4, Vlan10 etc.
        prefer_vlan String VLANs to carry on the backup interface (1-4094).
      backup Dictionary The backup_link is required for this setting.
        dest_macaddr String Format: mac Destination MAC address for MAC move updates.
The mac address should be multicast or broadcast.
Example: 01:00:00:00:00:00
        initial_mac_move_delay Integer Min: 0
Max: 65535
Initial MAC move delay in milliseconds.
        mac_move_burst Integer Min: 0
Max: 65535
Size of MAC move bursts.
        mac_move_burst_interval Integer Min: 0
Max: 65535
MAC move burst interval in milliseconds.
        preemption_delay Integer Min: 0
Max: 65535
Preemption delay in milliseconds.
      port_security Dictionary
        enabled Boolean
        mac_address_maximum Dictionary Maximum number of MAC addresses allowed on the interface.
          disabled Boolean Disable port level check for port security (only in violation ‘shutdown’ mode).
          limit Integer Min: 1
Max: 1000
MAC address limit.
        violation Dictionary Configure violation mode (shutdown or protect), EOS default is ‘shutdown’.
          mode String Valid Values:
- shutdown
- protect
Configure port security mode.
          protect_log Boolean Log new addresses seen after limit is reached in protect mode.
        vlan_default_mac_address_maximum Integer Min: 0
Max: 1000
Default maximum MAC addresses for all VLANs on this interface.
        vlans List, items: Dictionary
          - range String Required, Unique VLAN ID or range(s) of VLAN IDs, <1-4094>.
Example:
- 3
- 1,3
- 1-10
            mac_address_maximum Integer
    validate_state Boolean Set to false to disable interface state and LLDP topology validation performed by the eos_validate_state role.
    validate_lldp Boolean Set to false to disable the LLDP topology validation performed by the eos_validate_state role.
    eos_cli String Multiline EOS CLI rendered directly on the port-channel interface in the final EOS configuration.
    esi removed String EVPN Ethernet Segment Identifier (Type 1 format).
This key was removed. Support was removed in AVD version 5.0.0. Use evpn_ethernet_segment.identifier instead.
    rt removed String EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
This key was removed. Support was removed in AVD version 5.0.0. Use evpn_ethernet_segment.route_target instead.
port_channel_interfaces:
  - name: <str; required; unique>
    description: <str>

    # Interface profile.
    profile: <str>
    logging:
      event:
        link_status: <bool>

        # Discards due to storm-control.
        storm_control_discards: <bool>
    shutdown: <bool>

    # "l2_mtu" should only be defined for platforms supporting the "l2 mtu" CLI.
    l2_mtu: <int; 68-65535>

    # "l2_mru" should only be defined for platforms supporting the "l2 mru" CLI.
    l2_mru: <int; 68-65535>

    # List of switchport vlans as string.
    # For a trunk port this would be a range like "1-200,300".
    # For an access port this would be a single vlan "123".
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.access_vlan or switchport.trunk.allowed_vlan</samp> instead.
    vlans: <str>
    snmp_trap_link_change: <bool>

    # l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed.
    # Interface will not be listed in device documentation, unless "type" is set.
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # See [here](https://avd.arista.com/5.x/docs/porting-guides/5.x.x.html#removal-of-type-key-dependency-for-rendering-ethernetport-channel-interfaces-configuration-and-documentation) for details.
    type: <str; "routed" | "switched" | "l3dot1q" | "l2dot1q">

    # VLAN tag to configure on sub-interface.
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>encapsulation_dot1q.vlan</samp> instead.
    encapsulation_dot1q_vlan: <int>

    # Warning: `encapsulation_dot1q` should not be combined with `ethernet_interfaces[].type: l3dot1q` or `ethernet_interfaces[].type: l2dot1q`.
    encapsulation_dot1q:

      # VLAD ID.
      vlan: <int; 1-4094; required>

      # Inner VLAN ID. This setting can only be applied to sub-interfaces on EOS.
      inner_vlan: <int; 1-4094>

    # VRF name.
    vrf: <str>

    # This setting can only be applied to sub-interfaces on EOS.
    # Warning: `encapsulation_vlan` should not be combined with `ethernet_interfaces[].type: l3dot1q` or `ethernet_interfaces[].type: l2dot1q`.
    encapsulation_vlan:
      client:
        # This key is deprecated.
        # Support will be removed in AVD version 6.0.0.
        dot1q:

          # Client VLAN ID.
          vlan: <int>

          # Client Outer VLAN ID.
          outer: <int; 1-4094>

          # Client Inner VLAN ID.
          inner: <int; 1-4094>
        # This key is deprecated.
        # Support will be removed in AVD version 6.0.0.
        unmatched: <bool>
        encapsulation: <str; "dot1q" | "dot1ad" | "unmatched" | "untagged">

        # Client VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: unmatched`.
        vlan: <int; 1-4094>

        # Client Outer VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: unmatched`.
        outer_vlan: <int; 1-4094>

        # Client Inner VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: unmatched`.
        inner_vlan: <int; 1-4094>
        inner_encapsulation: <str; "dot1q" | "dot1ad">

      # Network encapsulation are all optional, and skipped if using client unmatched.
      network:
        # This key is deprecated.
        # Support will be removed in AVD version 6.0.0.
        dot1q:

          # Network VLAN ID.
          vlan: <int; 1-4094>

          # Network Outer VLAN ID.
          outer: <int; 1-4094>

          # Network Inner VLAN ID.
          inner: <int; 1-4094>
        # This key is deprecated.
        # Support will be removed in AVD version 6.0.0.
        client: <bool>

        # `untagged` (no encapsulation) is applicable for `untagged` client only.
        # `client` and `client inner` (retain client encapsulation) is not applicable for `untagged` client.
        encapsulation: <str; "dot1q" | "dot1ad" | "client" | "client inner" | "untagged">

        # Network VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: client`.
        vlan: <int; 1-4094>

        # Network outer VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: client`.
        outer_vlan: <int; 1-4094>

        # Network inner VLAN ID. Not applicable for `encapsulation: untagged` or `encapsulation: client`.
        inner_vlan: <int; 1-4094>
        inner_encapsulation: <str; "dot1q" | "dot1ad">

    # This setting can only be applied to sub-interfaces on EOS.
    # Warning: `vlan_id` should not be combined with `ethernet_interfaces[].type == l2dot1q`.
    vlan_id: <int; 1-4094>
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.mode</samp> instead.
    mode: <str; "access" | "dot1q-tunnel" | "trunk" | "trunk phone">

    # If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.trunk.native_vlan</samp> instead.
    native_vlan: <int>

    # If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.trunk.native_vlan_tag</samp> instead.
    native_vlan_tag: <bool>
    link_tracking_groups:

        # Group name.
      - name: <str; required; unique>
        direction: <str; "upstream" | "downstream">
    link_tracking:
      direction: <str; "upstream" | "downstream">

      # Link state group(s) an interface belongs to.
      groups:

          # Group names.
        - <str>
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.phone</samp> instead.
    phone:
      trunk: <str; "tagged" | "untagged">
      vlan: <int; 1-4094>
    l2_protocol:

      # Vlan tag to configure on sub-interface.
      encapsulation_dot1q_vlan: <int>

      # L2 protocol forwarding profile.
      forwarding_profile: <str>
    mtu: <int; 68-65535>

    # MLAG ID.
    mlag: <int; 1-2000>
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.trunk.groups</samp> instead.
    trunk_groups:
      - <str>

    # Timeout in seconds. EOS default is 90 seconds.
    lacp_fallback_timeout: <int; 0-300>
    lacp_fallback_mode: <str; "individual" | "static">
    qos:
      trust: <str; "dscp" | "cos" | "disabled">

      # DSCP value.
      dscp: <int>

      # COS value.
      cos: <int>
    bfd:
      echo: <bool>

      # Interval in milliseconds.
      interval: <int>

      # Rate in milliseconds.
      min_rx: <int>
      multiplier: <int; 3-50>

      # IPv4 or IPv6 address. When the Port-channel is a L2 interface, a local L3 BFD address (router_bfd.local_address) has to be defined globally on the switch.
      neighbor: <str>
      per_link:
        enabled: <bool>
        rfc_7130: <bool>
    service_policy:
      pbr:

        # Policy Based Routing Policy-map name.
        input: <str>
      qos:

        # Quality of Service Policy-map name.
        input: <str; required>
    mpls:
      ip: <bool>
      ldp:
        interface: <bool>
        igp_sync: <bool>
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.trunk.private_vlan_secondary</samp> instead.
    trunk_private_vlan_secondary: <bool>

    # List of vlans as string.
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.pvlan_mapping</samp> instead.
    pvlan_mapping: <str>
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>switchport.vlan_translations</samp> instead.
    vlan_translations:

        # List of vlans as string (only one vlan if direction is "both").
      - from: <str>

        # VLAN ID.
        to: <int>
        direction: <str; "in" | "out" | "both"; default="both">
    shape:

      # Rate in kbps, pps or percent.
      # Supported options are platform dependent.
      # Examples:
      # - "5000 kbps"
      # - "1000 pps"
      # - "20 percent"
      rate: <str>
    storm_control:
      all:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      broadcast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      multicast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
      unknown_unicast:

        # Configure maximum storm-control level.
        level: <str>

        # Optional field and is hardware dependent.
        unit: <str; "percent" | "pps"; default="percent">
    ip_proxy_arp: <bool>

    # ISIS instance.
    isis_enable: <str>

    # Enable BFD for ISIS.
    isis_bfd: <bool>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    isis_circuit_type: <str; "level-1-2" | "level-1" | "level-2">
    isis_hello_padding: <bool>
    # This key is deprecated.
    # Support will be removed in AVD version v6.0.0.
    # Use <samp>port_channel_interfaces[].isis_authentication.both.mode or port_channel_interfaces[].isis_authentication.level_1.mode or port_channel_interfaces[].isis_authentication.level_2.mode</samp> instead.
    isis_authentication_mode: <str; "text" | "md5">

    # Type-7 encrypted password.
    # This key is deprecated.
    # Support will be removed in AVD version v6.0.0.
    # Use <samp>port_channel_interfaces[].isis_authentication.both.key or port_channel_interfaces[].isis_authentication.level_1.key or port_channel_interfaces[].isis_authentication.level_2.key</samp> instead.
    isis_authentication_key: <str>

    # This key should not be mixed with port_channel_interfaces[].isis_authentication_mode or ethernet_interfaces[].isis_authentication_key.
    isis_authentication:

      # Authentication settings for level-1 and level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
      both:

        # Configure authentication key type.
        key_type: <str; "0" | "7" | "8a">

        # Password string. `key_type` is required for this setting.
        key: <str>
        key_ids:

            # Configure authentication key-id.
          - id: <int; 1-65535; required; unique>
            algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

            # Configure authentication key type.
            key_type: <str; "0" | "7" | "8a"; required>

            # Password string.
            key: <str; required>

            # SHA digest computation according to rfc5310.
            rfc_5310: <bool>

        # Authentication mode.
        mode: <str; "md5" | "sha" | "text" | "shared-secret">

        # Required settings for authentication mode 'sha'.
        sha:
          key_id: <int; 1-65535; required>

        # Required settings for authentication mode 'shared_secret'.
        shared_secret:
          profile: <str; required>
          algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

        # Disable authentication check on the receive side.
        rx_disabled: <bool>

      # Authentication settings for level-1. 'both' takes precedence over 'level_1' and 'level_2' settings.
      level_1:

        # Configure authentication key type.
        key_type: <str; "0" | "7" | "8a">

        # Password string. `key_type` is required for this setting.
        key: <str>
        key_ids:

            # Configure authentication key-id.
          - id: <int; 1-65535; required; unique>
            algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

            # Configure authentication key type.
            key_type: <str; "0" | "7" | "8a"; required>

            # Password string.
            key: <str; required>

            # SHA digest computation according to rfc5310.
            rfc_5310: <bool>

        # Authentication mode.
        mode: <str; "md5" | "sha" | "text" | "shared-secret">

        # Required settings for authentication mode 'sha'.
        sha:
          key_id: <int; 1-65535; required>

        # Required settings for authentication mode 'shared_secret'.
        shared_secret:
          profile: <str; required>
          algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

        # Disable authentication check on the receive side.
        rx_disabled: <bool>

      # Authentication settings for level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
      level_2:

        # Configure authentication key type.
        key_type: <str; "0" | "7" | "8a">

        # Password string. `key_type` is required for this setting.
        key: <str>
        key_ids:

            # Configure authentication key-id.
          - id: <int; 1-65535; required; unique>
            algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

            # Configure authentication key type.
            key_type: <str; "0" | "7" | "8a"; required>

            # Password string.
            key: <str; required>

            # SHA digest computation according to rfc5310.
            rfc_5310: <bool>

        # Authentication mode.
        mode: <str; "md5" | "sha" | "text" | "shared-secret">

        # Required settings for authentication mode 'sha'.
        sha:
          key_id: <int; 1-65535; required>

        # Required settings for authentication mode 'shared_secret'.
        shared_secret:
          profile: <str; required>
          algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

        # Disable authentication check on the receive side.
        rx_disabled: <bool>
    traffic_policy:

      # Ingress traffic policy.
      input: <str>

      # Egress traffic policy.
      output: <str>
    evpn_ethernet_segment:

      # EVPN Ethernet Segment Identifier (Type 1 format).
      identifier: <str>
      redundancy: <str; "all-active" | "single-active">
      designated_forwarder_election:
        algorithm: <str; "modulus" | "preference">

        # Preference_value is only used when "algorithm" is "preference".
        preference_value: <int; 0-65535>

        # Dont_preempt is only used when "algorithm" is "preference".
        dont_preempt: <bool; default=False>
        hold_time: <int>
        subsequent_hold_time: <int>
        candidate_reachability_required: <bool>
      mpls:
        shared_index: <int; 1-1024>
        tunnel_flood_filter_time: <int>

      # EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx.
      route_target: <str>

    # LACP ID with format xxxx.xxxx.xxxx.
    lacp_id: <str>
    spanning_tree_bpdufilter: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
    spanning_tree_bpduguard: <str; "enabled" | "disabled" | "True" | "False" | "true" | "false">
    spanning_tree_guard: <str; "loop" | "root" | "disabled">
    spanning_tree_portfast: <str; "edge" | "network">
    vmtracer: <bool>
    ptp:
      enable: <bool>
      announce:
        interval: <int>
        timeout: <int>
      delay_req: <int>
      delay_mechanism: <str; "e2e" | "p2p">
      profile:
        g8275_1:
          destination_mac_address: <str; "forwardable" | "non-forwardable">
      sync_message:
        interval: <int>
      role: <str; "master" | "dynamic">

      # VLAN can be 'all' or list of vlans as string.
      vlan: <str>
      transport: <str; "ipv4" | "ipv6" | "layer2">

      # When MPASS is enabled on an MLAG port-channel, MLAG peers coordinate to function as a single PTP logical device.
      # Arista PTP enabled devices always place PTP messages on the same physical link within the port-channel.
      # Hence, MPASS is needed only on MLAG port-channels connected to non-Arista devices.
      mpass: <bool>

    # IPv4 address/mask.
    ip_address: <str>
    ip_verify_unicast_source_reachable_via: <str; "any" | "rx">
    ip_nat:
      destination:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            pool_name: <str; required>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
      source:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>

            # required if 'nat_type' is pool, pool-address-only or pool-full-cone.
            # ignored if 'nat_type' is overload.
            pool_name: <str>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
    ipv6_enable: <bool>

    # IPv6 address/mask.
    ipv6_address: <str>

    # Link local IPv6 address/mask.
    ipv6_address_link_local: <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>
    ipv6_nd_prefixes:
      - ipv6_prefix: <str; required; unique>

        # Infinite or lifetime in seconds.
        valid_lifetime: <str>

        # Infinite or lifetime in seconds.
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>

    # Access list name.
    access_group_in: <str>

    # Access list name.
    access_group_out: <str>

    # IPv6 access list name.
    ipv6_access_group_in: <str>

    # IPv6 access list name.
    ipv6_access_group_out: <str>

    # MAC access list name.
    mac_access_group_in: <str>

    # MAC access list name.
    mac_access_group_out: <str>
    pim:
      ipv4:

        # Configure PIM border router. EOS default is false.
        border_router: <bool>
        dr_priority: <int; 0-429467295>
        sparse_mode: <bool>

        # Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
        bfd: <bool>
        bidirectional: <bool>
        hello:

          # Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
          count: <str>

          # PIM hello interval in seconds.
          interval: <int; 1-65535>

    # QOS profile.
    service_profile: <str>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str; "none" | "simple" | "message-digest">

    # Encrypted password.
    ospf_authentication_key: <str>
    ospf_message_digest_keys:
      - id: <int; required; unique>
        hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">

        # Encrypted password.
        key: <str>
    flow_tracker:

      # Sampled flow tracker name.
      sampled: <str>

      # Hardware flow tracker name.
      hardware: <str>
    bgp:

      # Name of session tracker.
      session_tracker: <str>
    ip_igmp_host_proxy:
      enabled: <bool>
      groups:

          # Multicast Address.
        - group: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          exclude:
            - source: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          include:
            - source: <str; required; unique>

      # Time interval between unsolicited reports.
      report_interval: <int; 1-31744>

      # Non-standard Access List name.
      access_lists:
        - name: <str; required; unique>

      # IGMP version on IGMP host-proxy interface.
      version: <int; 1-3>

    # Key only used for documentation or validation purposes.
    peer: <str>

    # Key only used for documentation or validation purposes.
    peer_interface: <str>

    # Key only used for documentation or validation purposes.
    peer_type: <str>
    sflow:
      enable: <bool>
      egress:
        enable: <bool>
        unmodified_enable: <bool>
    switchport:

      # Warning: This should not be combined with `port_channel_interfaces[].type = routed`.
      enabled: <bool>

      # Warning: This should not be combined with `port_channel_interfaces[].mode`
      mode: <str; "access" | "dot1q-tunnel" | "trunk" | "trunk phone">

      # Set VLAN when interface is in access mode.
      # Warning: This should not be combined with `port_channel_interfaces[].mode = access/dot1q-tunnel` and `port_channel_interface.vlans`.
      access_vlan: <int; 1-4094>
      trunk:

        # VLAN ID or range(s) of VLAN IDs (1-4094).
        # Warning: This should not be combined with `port_channel_interfaces[].mode = trunk` and `port_channel_interfaces[].vlans`.
        allowed_vlan: <str>

        # Set native VLAN when interface is in trunking mode.
        # Warning: This should not be combined with `port_channel_interfaces[].native_vlan`.
        native_vlan: <int; 1-4094>

        # If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence.
        # Warning: This should not be combined with `port_channel_interfaces[].native_vlan_tag`.
        native_vlan_tag: <bool>

        # Enable secondary VLAN mapping for a private vlan.
        # Warning: This should not be combined with `port_channel_interfaces[].trunk_private_vlan_secondary`.
        private_vlan_secondary: <bool>

        # Warning: This should not be combined with `port_channel_interfaces[].trunk_groups`.
        groups:

            # Trunk group name.
          - <str>
      phone:

        # Warning: This should not be combined with `port_channel_interfaces[].phone.vlan`.
        vlan: <int; 1-4094>

        # Warning: This should not be combined with `port_channel_interfaces[].phone.trunk`
        trunk: <str; "tagged" | "tagged phone" | "untagged" | "untagged phone">

      # Secondary VLAN IDs of the private VLAN mapping.
      # Warning: This should not be combined with `port_channel_interfaces[].pvlan_mapping`.
      pvlan_mapping: <str>
      dot1q:

        # Ethertype/TPID (Tag Protocol IDentifier) for VLAN tagged frames.
        ethertype: <int; 1536-65535>
        vlan_tag: <str; "disallowed" | "required">

      # tx: Allow bridged traffic to go out of the source interface.
      # tx multicast: Allow multicast traffic only to go out of the source interface.
      source_interface: <str; "tx" | "tx multicast">

      # VLAN Translation mappings.
      # Warning: This should not be combined with `port_channel_interfaces[].vlan_translations`.
      vlan_translations:

        # Drop the ingress traffic that do not match any VLAN mapping.
        in_required: <bool>

        # Drop the egress traffic that do not match any VLAN mapping.
        out_required: <bool>

        # Map ingress traffic only.
        direction_in:

            # VLAN ID or range of VLAN IDs to map from. Range 1-4094.
          - from: <str>

            # VLAN ID to map to.
            to: <int; 1-4094>
            dot1q_tunnel: <bool>

            # Inner VLAN ID to map from.
            inner_vlan_from: <int; 1-4094>

        # Map egress traffic only.
        direction_out:

            # VLAN ID or range of VLAN IDs to map from. Range 1-4094.
          - from: <str; required>

            # VLAN ID to map to.
            to: <int; 1-4094>

            # VLAN ID or range of VLAN IDs or "all". Range 1-4094.
            # This takes precedence over `to` and `inner_vlan_to`.
            dot1q_tunnel_to: <str>

            # Inner VLAN ID to map to.
            inner_vlan_to: <int; 1-4094>

        # Map both egress and ingress traffic.
        direction_both:

            # VLAN ID or range of VLAN IDs to map from. Range 1-4094.
          - from: <str; required>

            # VLAN ID to map to.
            to: <int; 1-4094; required>
            dot1q_tunnel: <bool>

            # Inner VLAN ID to map from.
            inner_vlan_from: <int; 1-4094>

            # Enable use of network-side VLAN ID.
            # This setting can only be enabled when `inner_vlan_from` is defined.
            network: <bool>
      vlan_forwarding_accept_all: <bool>
      backup_link:

        # Backup interface. Example - Ethernet4, Vlan10 etc.
        interface: <str; required>

        # VLANs to carry on the backup interface (1-4094).
        prefer_vlan: <str>

      # The `backup_link` is required for this setting.
      backup:

        # Destination MAC address for MAC move updates.
        # The mac address should be multicast or broadcast.
        # Example: 01:00:00:00:00:00
        dest_macaddr: <str>

        # Initial MAC move delay in milliseconds.
        initial_mac_move_delay: <int; 0-65535>

        # Size of MAC move bursts.
        mac_move_burst: <int; 0-65535>

        # MAC move burst interval in milliseconds.
        mac_move_burst_interval: <int; 0-65535>

        # Preemption delay in milliseconds.
        preemption_delay: <int; 0-65535>
      port_security:
        enabled: <bool>

        # Maximum number of MAC addresses allowed on the interface.
        mac_address_maximum:

          # Disable port level check for port security (only in violation 'shutdown' mode).
          disabled: <bool>

          # MAC address limit.
          limit: <int; 1-1000>

        # Configure violation mode (shutdown or protect), EOS default is 'shutdown'.
        violation:

          # Configure port security mode.
          mode: <str; "shutdown" | "protect">

          # Log new addresses seen after limit is reached in protect mode.
          protect_log: <bool>

        # Default maximum MAC addresses for all VLANs on this interface.
        vlan_default_mac_address_maximum: <int; 0-1000>
        vlans:

            # VLAN ID or range(s) of VLAN IDs, <1-4094>.
            # Example:
            #   - 3
            #   - 1,3
            #   - 1-10
          - range: <str; required; unique>
            mac_address_maximum: <int>

    # Set to false to disable interface state and LLDP topology validation performed by the `eos_validate_state` role.
    validate_state: <bool>

    # Set to false to disable the LLDP topology validation performed by the `eos_validate_state` role.
    validate_lldp: <bool>

    # Multiline EOS CLI rendered directly on the port-channel interface in the final EOS configuration.
    eos_cli: <str>

Switchport default

Variable Type Required Default Value Restrictions Description
switchport_default Dictionary
  mode String Valid Values:
- routed
- access
  phone Dictionary
    cos Integer Min: 0
Max: 7
    trunk String Valid Values:
- tagged
- untagged
    vlan Integer Min: 1
Max: 4094
VLAN ID.
switchport_default:
  mode: <str; "routed" | "access">
  phone:
    cos: <int; 0-7>
    trunk: <str; "tagged" | "untagged">

    # VLAN ID.
    vlan: <int; 1-4094>

Switchport port security

Variable Type Required Default Value Restrictions Description
switchport_port_security Dictionary
  mac_address Dictionary
    aging Boolean
    moveable Boolean
  persistence_disabled Boolean
  violation_protect_chip_based Boolean
switchport_port_security:
  mac_address:
    aging: <bool>
    moveable: <bool>
  persistence_disabled: <bool>
  violation_protect_chip_based: <bool>

Transceiver QSFP default mode 4x10

Variable Type Required Default Value Restrictions Description
transceiver_qsfp_default_mode_4x10 Boolean True On all front panel ports which support this feature, the following global configuration command changes the QSFP mode from 40G to 4x10G (default). When set to false the command reverts the default QSFP mode back to 40G.
# On all front panel ports which support this feature, the following global configuration command changes the QSFP mode from 40G to 4x10G (default). When set to false the command reverts the default QSFP mode back to 40G.
transceiver_qsfp_default_mode_4x10: <bool; default=True>

Tunnel interfaces

Variable Type Required Default Value Restrictions Description
tunnel_interfaces List, items: Dictionary
  - name String Required, Unique Tunnel Interface Name.
    description String
    shutdown Boolean
    mtu Integer Min: 68
Max: 65535
    vrf String VRF Name.
    underlay_vrf String Underlay VRF Name.
    ip_address String Format: ipv4_cidr IPv4_address/Mask.
    ipv6_enable Boolean
    ipv6_address String Format: ipv6_cidr IPv6_address/Mask.
    access_group_in String IPv4 ACL Name for ingress.
    access_group_out String IPv4 ACL Name for egress.
    ipv6_access_group_in String IPv6 ACL Name for ingress.
    ipv6_access_group_out String IPv6 ACL Name for egress.
    tcp_mss_ceiling Dictionary
      ipv4 Integer Min: 64
Max: 65495
Segment Size for IPv4.
      ipv6 Integer Min: 64
Max: 65475
Segment Size for IPv6.
      direction String Valid Values:
- ingress
- egress
Optional direction (‘ingress’, ‘egress’) for tcp mss ceiling.
    tunnel_mode String Valid Values:
- gre
- ipsec
Tunnel encapsulation method.
gre: Generic route encapsulation protocol,
ipsec: IPsec-over-IP encapsulation.
    source_interface String Tunnel Source Interface Name.
    destination String IPv4 or IPv6 Address Tunnel Destination.
    path_mtu_discovery Boolean Enable Path MTU Discovery On Tunnel.
    ipsec_profile String Used only when tunnel_mode is set to ipsec.
It must target a defined IPsec profile.
    nat_profile String NAT interface profile.
    eos_cli String Multiline String with EOS CLI rendered directly on the Tunnel interface in the final EOS configuration.
tunnel_interfaces:

    # Tunnel Interface Name.
  - name: <str; required; unique>
    description: <str>
    shutdown: <bool>
    mtu: <int; 68-65535>

    # VRF Name.
    vrf: <str>

    # Underlay VRF Name.
    underlay_vrf: <str>

    # IPv4_address/Mask.
    ip_address: <str>
    ipv6_enable: <bool>

    # IPv6_address/Mask.
    ipv6_address: <str>

    # IPv4 ACL Name for ingress.
    access_group_in: <str>

    # IPv4 ACL Name for egress.
    access_group_out: <str>

    # IPv6 ACL Name for ingress.
    ipv6_access_group_in: <str>

    # IPv6 ACL Name for egress.
    ipv6_access_group_out: <str>
    tcp_mss_ceiling:

      # Segment Size for IPv4.
      ipv4: <int; 64-65495>

      # Segment Size for IPv6.
      ipv6: <int; 64-65475>

      # Optional direction ('ingress', 'egress')  for tcp mss ceiling.
      direction: <str; "ingress" | "egress">

    # Tunnel encapsulation method.
    # `gre`: Generic route encapsulation protocol,
    # `ipsec`: IPsec-over-IP encapsulation.
    tunnel_mode: <str; "gre" | "ipsec">

    # Tunnel Source Interface Name.
    source_interface: <str>

    # IPv4 or IPv6 Address Tunnel Destination.
    destination: <str>

    # Enable Path MTU Discovery On Tunnel.
    path_mtu_discovery: <bool>

    # Used only when `tunnel_mode` is set to `ipsec`.
    # It must target a defined IPsec profile.
    ipsec_profile: <str>

    # NAT interface profile.
    nat_profile: <str>

    # Multiline String with EOS CLI rendered directly on the Tunnel interface in the final EOS configuration.
    eos_cli: <str>

VLAN interfaces

Variable Type Required Default Value Restrictions Description
vlan_interfaces List, items: Dictionary
  - name String Required, Unique VLAN interface name like “Vlan123”.
    description String
    logging Dictionary
      event Dictionary
        link_status Boolean
    shutdown Boolean
    vrf String VRF name.
    arp_aging_timeout Integer Min: 1
Max: 65535
In seconds.
    arp_cache_dynamic_capacity Integer Min: 0
Max: 4294967295
    arp_gratuitous_accept Boolean
    arp_monitor_mac_address Boolean
    ip_proxy_arp Boolean
    ip_directed_broadcast Boolean
    ip_address String IPv4_address/Mask.
    ip_address_secondaries List, items: String
      - <str> String IPv4_address/Mask.
    ip_virtual_router_addresses List, items: String
      - <str> String IPv4 address or IPv4_address/Mask.
    ip_address_virtual String IPv4_address/Mask.
    ip_address_virtual_secondaries List, items: String
      - <str> String IPv4_address/Mask.
    ip_verify_unicast_source_reachable_via String Valid Values:
- any
- rx
    ip_igmp Boolean
    ip_igmp_version Integer Min: 1
Max: 3
    ip_igmp_host_proxy Dictionary
      enabled Boolean
      groups List, items: Dictionary
        - group String Required, Unique Multicast Address.
          exclude List, items: Dictionary The same source must not be present both in exclude and include list.
            - source String Required, Unique
          include List, items: Dictionary The same source must not be present both in exclude and include list.
            - source String Required, Unique
      report_interval Integer Min: 1
Max: 31744
Time interval between unsolicited reports.
      access_lists List, items: Dictionary Non-standard Access List name.
        - name String Required, Unique
      version Integer Min: 1
Max: 3
IGMP version on IGMP host-proxy interface.
    ip_helpers List, items: Dictionary List of DHCP servers.
      - ip_helper String Required, Unique IP address or hostname of DHCP server.
        source_interface String Interface used as source for forwarded DHCP packets.
        vrf String VRF where DHCP server can be reached.
    ip_dhcp_relay_all_subnets Boolean Allow forwarding requests with secondary IP addresses in the gateway address “giaddr” field.
    ip_nat Dictionary
      destination Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            pool_name String Required
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive.
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive.
            original_ip String IPv4 address. The combination of original_ip and original_port must be unique.
            original_port Integer Min: 1
Max: 65535
TCP/UDP port. The combination of original_ip and original_port must be unique.
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address.
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’.
      source Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            nat_type String Required Valid Values:
- overload
- pool
- pool-address-only
- pool-full-cone
            pool_name String required if ‘nat_type’ is pool, pool-address-only or pool-full-cone.
ignored if ‘nat_type’ is overload.
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive.
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive.
            original_ip String IPv4 address. The combination of original_ip and original_port must be unique.
            original_port Integer Min: 1
Max: 65535
TCP/UDP port. The combination of original_ip and original_port must be unique.
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address.
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’.
    ipv6_enable Boolean
    ipv6_address String IPv6_address/Mask.
    ipv6_address_virtuals List, items: String The new “ipv6_address_virtuals” key support multiple virtual ipv6 addresses.
      - <str> String IPv6_address/Mask.
    ipv6_address_link_local String IPv6_address/Mask.
    ipv6_virtual_router_addresses List, items: String Improved “VARPv6” data model to support multiple VARPv6 addresses.
      - <str> String IPv6 address or IPv6_address/Mask.
    ipv6_nd_ra_disabled Boolean
    ipv6_nd_managed_config_flag Boolean
    ipv6_nd_other_config_flag Boolean Set the “other stateful configuration” flag in IPv6 router advertisements.
    ipv6_nd_cache Dictionary IPv6 neighbor cache options.
      dynamic_capacity Integer Min: 0
Max: 4294967295
Capacity of dynamic cache entries.
      expire Integer Min: 1
Max: 65535
Cache entries expirery in seconds.
      refresh_always Boolean Force refresh on cache expiry.
    ipv6_nd_prefixes List, items: Dictionary
      - ipv6_prefix String Required, Unique IPv6_address/Mask.
        valid_lifetime String In seconds <0-4294967295> or infinite.
        preferred_lifetime String In seconds <0-4294967295> or infinite.
        no_autoconfig_flag Boolean
    ipv6_dhcp_relay_destinations List, items: Dictionary
      - address String Required, Unique DHCP server’s IPv6 address.
        vrf String
        local_interface String Local interface to communicate with DHCP server - mutually exclusive to source_address.
        source_address String Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface.
        link_address String Override the default link address specified in the relayed DHCP packet.
    ipv6_dhcp_relay_all_subnets Boolean Allow forwarding requests with additional IPv6 addresses in the gateway address “giaddr” field.
    access_group_in String IPv4 access-list name.
    access_group_out String IPv4 access-list name.
    ipv6_access_group_in String IPv6 access-list name.
    ipv6_access_group_out String IPv6 access-list name.
    multicast Dictionary
      ipv4 Dictionary
        boundaries List, items: Dictionary Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
          - boundary String Required, Unique IPv4 access-list name or IPv4 multicast group prefix with mask.
            out Boolean
        source_route_export Dictionary
          enabled Boolean Required
          administrative_distance Integer Min: 1
Max: 255
        static Boolean
      ipv6 Dictionary
        boundaries List, items: Dictionary Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
          - boundary String Required, Unique IPv6 access-list name or IPv6 multicast group prefix with mask.
        source_route_export Dictionary
          enabled Boolean Required
          administrative_distance Integer Min: 1
Max: 255
        static Boolean
    ospf_network_point_to_point Boolean
    ospf_area String
    ospf_cost Integer
    ospf_authentication String Valid Values:
- none
- simple
- message-digest
    ospf_authentication_key String Encrypted password used for simple authentication.
    ospf_message_digest_keys List, items: Dictionary Keys used for message-digest authentication.
      - id Integer Required, Unique
        hash_algorithm String Valid Values:
- md5
- sha1
- sha256
- sha384
- sha512
        key String Encrypted password.
    pim Dictionary
      ipv4 Dictionary
        border_router Boolean Configure PIM border router. EOS default is false.
        dr_priority Integer Min: 0
Max: 429467295
        sparse_mode Boolean
        local_interface String
        bfd Boolean Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
        bidirectional Boolean
        hello Dictionary
          count String Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
          interval Integer Min: 1
Max: 65535
PIM hello interval in seconds.
    isis_enable String ISIS instance name.
    isis_bfd Boolean Enable BFD for ISIS.
    isis_passive Boolean
    isis_metric Integer
    isis_network_point_to_point Boolean
    isis_authentication Dictionary
      both Dictionary Authentication settings for level-1 and level-2. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
        key_type String Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
        key String Password string. key_type is required for this setting.
        key_ids List, items: Dictionary
          - id Integer Required, Unique Min: 1
Max: 65535
Configure authentication key-id.
            algorithm String Required Valid Values:
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
            key_type String Required Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
            key String Required Password string.
            rfc_5310 Boolean SHA digest computation according to rfc5310.
        mode String Valid Values:
- md5
- sha
- text
- shared-secret
Authentication mode.
        sha Dictionary Required settings for authentication mode ‘sha’.
          key_id Integer Required Min: 1
Max: 65535
        shared_secret Dictionary Required settings for authentication mode ‘shared_secret’.
          profile String Required
          algorithm String Required Valid Values:
- md5
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
        rx_disabled Boolean Disable authentication check on the receive side.
      level_1 Dictionary Authentication settings for level-1. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
        key_type String Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
        key String Password string. key_type is required for this setting.
        key_ids List, items: Dictionary
          - id Integer Required, Unique Min: 1
Max: 65535
Configure authentication key-id.
            algorithm String Required Valid Values:
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
            key_type String Required Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
            key String Required Password string.
            rfc_5310 Boolean SHA digest computation according to rfc5310.
        mode String Valid Values:
- md5
- sha
- text
- shared-secret
Authentication mode.
        sha Dictionary Required settings for authentication mode ‘sha’.
          key_id Integer Required Min: 1
Max: 65535
        shared_secret Dictionary Required settings for authentication mode ‘shared_secret’.
          profile String Required
          algorithm String Required Valid Values:
- md5
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
        rx_disabled Boolean Disable authentication check on the receive side.
      level_2 Dictionary Authentication settings for level-2. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
        key_type String Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
        key String Password string. key_type is required for this setting.
        key_ids List, items: Dictionary
          - id Integer Required, Unique Min: 1
Max: 65535
Configure authentication key-id.
            algorithm String Required Valid Values:
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
            key_type String Required Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
            key String Required Password string.
            rfc_5310 Boolean SHA digest computation according to rfc5310.
        mode String Valid Values:
- md5
- sha
- text
- shared-secret
Authentication mode.
        sha Dictionary Required settings for authentication mode ‘sha’.
          key_id Integer Required Min: 1
Max: 65535
        shared_secret Dictionary Required settings for authentication mode ‘shared_secret’.
          profile String Required
          algorithm String Required Valid Values:
- md5
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
        rx_disabled Boolean Disable authentication check on the receive side.
    mtu Integer
    no_autostate Boolean
    vrrp_ids List, items: Dictionary Improved “vrrp” data model to support multiple VRRP IDs.
      - id Integer Required, Unique VRID.
        priority_level Integer Min: 1
Max: 254
Instance priority.
        advertisement Dictionary
          interval Integer Min: 1
Max: 255
Interval in seconds.
        preempt Dictionary
          enabled Boolean Required
          delay Dictionary
            minimum Integer Min: 0
Max: 3600
Minimum preempt delay in seconds.
            reload Integer Min: 0
Max: 3600
Reload preempt delay in seconds.
        timers Dictionary
          delay Dictionary
            reload Integer Min: 0
Max: 3600
Delay after reload in seconds.
        tracked_object List, items: Dictionary
          - name String Required, Unique Tracked object name.
            decrement Integer Min: 1
Max: 254
Decrement VRRP priority by 1-254.
            shutdown Boolean
        ipv4 Dictionary
          address String Required Virtual IPv4 address.
          version Integer Valid Values:
- 2
- 3
        ipv6 Dictionary
          address String Required Virtual IPv6 address.
    ip_attached_host_route_export Dictionary
      enabled Boolean Required
      distance Integer Min: 1
Max: 255
    ipv6_attached_host_route_export Dictionary
      enabled Boolean Required
      distance Integer Min: 1
Max: 255
Administrative distance for generated routes.
      prefix_length Integer Min: 0
Max: 128
Prefix length for generated routes.
    bfd Dictionary
      echo Boolean
      interval Integer Rate in milliseconds.
      min_rx Integer Minimum RX hold time in milliseconds.
      multiplier Integer Min: 3
Max: 50
    service_policy Dictionary
      pbr Dictionary
        input String Name of policy-map used for policy based routing.
    pvlan_mapping String List of VLANs as string.
    tenant String Key only used for documentation or validation purposes.
    tags List, items: String Key only used for documentation or validation purposes.
      - <str> String
    type String Key only used for documentation or validation purposes.
    eos_cli String Multiline EOS CLI rendered directly on the VLAN interface in the final EOS configuration.
    ipv6_address_virtual removed String IPv6_address/Mask.
This key was removed. Support was removed in AVD version 5.0.0. Use ipv6_address_virtuals instead.
    ipv6_virtual_router_address removed String This key was removed. Support was removed in AVD version 5.0.0. Use ipv6_virtual_router_addresses instead.
    vrrp removed Dictionary This key was removed. Support was removed in AVD version 5.0.0. Use vrrp_ids instead.
vlan_interfaces:

    # VLAN interface name like "Vlan123".
  - name: <str; required; unique>
    description: <str>
    logging:
      event:
        link_status: <bool>
    shutdown: <bool>

    # VRF name.
    vrf: <str>

    # In seconds.
    arp_aging_timeout: <int; 1-65535>
    arp_cache_dynamic_capacity: <int; 0-4294967295>
    arp_gratuitous_accept: <bool>
    arp_monitor_mac_address: <bool>
    ip_proxy_arp: <bool>
    ip_directed_broadcast: <bool>

    # IPv4_address/Mask.
    ip_address: <str>
    ip_address_secondaries:

        # IPv4_address/Mask.
      - <str>
    ip_virtual_router_addresses:

        # IPv4 address or IPv4_address/Mask.
      - <str>

    # IPv4_address/Mask.
    ip_address_virtual: <str>
    ip_address_virtual_secondaries:

        # IPv4_address/Mask.
      - <str>
    ip_verify_unicast_source_reachable_via: <str; "any" | "rx">
    ip_igmp: <bool>
    ip_igmp_version: <int; 1-3>
    ip_igmp_host_proxy:
      enabled: <bool>
      groups:

          # Multicast Address.
        - group: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          exclude:
            - source: <str; required; unique>

          # The same source must not be present both in `exclude` and `include` list.
          include:
            - source: <str; required; unique>

      # Time interval between unsolicited reports.
      report_interval: <int; 1-31744>

      # Non-standard Access List name.
      access_lists:
        - name: <str; required; unique>

      # IGMP version on IGMP host-proxy interface.
      version: <int; 1-3>

    # List of DHCP servers.
    ip_helpers:

        # IP address or hostname of DHCP server.
      - ip_helper: <str; required; unique>

        # Interface used as source for forwarded DHCP packets.
        source_interface: <str>

        # VRF where DHCP server can be reached.
        vrf: <str>

    # Allow forwarding requests with secondary IP addresses in the gateway address "giaddr" field.
    ip_dhcp_relay_all_subnets: <bool>
    ip_nat:
      destination:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            pool_name: <str; required>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
      source:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>

            # required if 'nat_type' is pool, pool-address-only or pool-full-cone.
            # ignored if 'nat_type' is overload.
            pool_name: <str>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
    ipv6_enable: <bool>

    # IPv6_address/Mask.
    ipv6_address: <str>

    # The new "ipv6_address_virtuals" key support multiple virtual ipv6 addresses.
    ipv6_address_virtuals:

        # IPv6_address/Mask.
      - <str>

    # IPv6_address/Mask.
    ipv6_address_link_local: <str>

    # Improved "VARPv6" data model to support multiple VARPv6 addresses.
    ipv6_virtual_router_addresses:

        # IPv6 address or IPv6_address/Mask.
      - <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>

    # Set the "other stateful configuration" flag in IPv6 router advertisements.
    ipv6_nd_other_config_flag: <bool>

    # IPv6 neighbor cache options.
    ipv6_nd_cache:

      # Capacity of dynamic cache entries.
      dynamic_capacity: <int; 0-4294967295>

      # Cache entries expirery in seconds.
      expire: <int; 1-65535>

      # Force refresh on cache expiry.
      refresh_always: <bool>
    ipv6_nd_prefixes:

        # IPv6_address/Mask.
      - ipv6_prefix: <str; required; unique>

        # In seconds <0-4294967295> or infinite.
        valid_lifetime: <str>

        # In seconds <0-4294967295> or infinite.
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>
    ipv6_dhcp_relay_destinations:

        # DHCP server's IPv6 address.
      - address: <str; required; unique>
        vrf: <str>

        # Local interface to communicate with DHCP server - mutually exclusive to source_address.
        local_interface: <str>

        # Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface.
        source_address: <str>

        # Override the default link address specified in the relayed DHCP packet.
        link_address: <str>

    # Allow forwarding requests with additional IPv6 addresses in the gateway address "giaddr" field.
    ipv6_dhcp_relay_all_subnets: <bool>

    # IPv4 access-list name.
    access_group_in: <str>

    # IPv4 access-list name.
    access_group_out: <str>

    # IPv6 access-list name.
    ipv6_access_group_in: <str>

    # IPv6 access-list name.
    ipv6_access_group_out: <str>
    multicast:
      ipv4:

        # Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
        boundaries:

            # IPv4 access-list name or IPv4 multicast group prefix with mask.
          - boundary: <str; required; unique>
            out: <bool>
        source_route_export:
          enabled: <bool; required>
          administrative_distance: <int; 1-255>
        static: <bool>
      ipv6:

        # Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both.
        boundaries:

            # IPv6 access-list name or IPv6 multicast group prefix with mask.
          - boundary: <str; required; unique>
        source_route_export:
          enabled: <bool; required>
          administrative_distance: <int; 1-255>
        static: <bool>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str; "none" | "simple" | "message-digest">

    # Encrypted password used for simple authentication.
    ospf_authentication_key: <str>

    # Keys used for message-digest authentication.
    ospf_message_digest_keys:
      - id: <int; required; unique>
        hash_algorithm: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">

        # Encrypted password.
        key: <str>
    pim:
      ipv4:

        # Configure PIM border router. EOS default is false.
        border_router: <bool>
        dr_priority: <int; 0-429467295>
        sparse_mode: <bool>
        local_interface: <str>

        # Set the default for whether Bidirectional Forwarding Detection is enabled for PIM.
        bfd: <bool>
        bidirectional: <bool>
        hello:

          # Number of missed hellos after which the neighbor expires. Range <1.5-65535>.
          count: <str>

          # PIM hello interval in seconds.
          interval: <int; 1-65535>

    # ISIS instance name.
    isis_enable: <str>

    # Enable BFD for ISIS.
    isis_bfd: <bool>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    isis_authentication:

      # Authentication settings for level-1 and level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
      both:

        # Configure authentication key type.
        key_type: <str; "0" | "7" | "8a">

        # Password string. `key_type` is required for this setting.
        key: <str>
        key_ids:

            # Configure authentication key-id.
          - id: <int; 1-65535; required; unique>
            algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

            # Configure authentication key type.
            key_type: <str; "0" | "7" | "8a"; required>

            # Password string.
            key: <str; required>

            # SHA digest computation according to rfc5310.
            rfc_5310: <bool>

        # Authentication mode.
        mode: <str; "md5" | "sha" | "text" | "shared-secret">

        # Required settings for authentication mode 'sha'.
        sha:
          key_id: <int; 1-65535; required>

        # Required settings for authentication mode 'shared_secret'.
        shared_secret:
          profile: <str; required>
          algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

        # Disable authentication check on the receive side.
        rx_disabled: <bool>

      # Authentication settings for level-1. 'both' takes precedence over 'level_1' and 'level_2' settings.
      level_1:

        # Configure authentication key type.
        key_type: <str; "0" | "7" | "8a">

        # Password string. `key_type` is required for this setting.
        key: <str>
        key_ids:

            # Configure authentication key-id.
          - id: <int; 1-65535; required; unique>
            algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

            # Configure authentication key type.
            key_type: <str; "0" | "7" | "8a"; required>

            # Password string.
            key: <str; required>

            # SHA digest computation according to rfc5310.
            rfc_5310: <bool>

        # Authentication mode.
        mode: <str; "md5" | "sha" | "text" | "shared-secret">

        # Required settings for authentication mode 'sha'.
        sha:
          key_id: <int; 1-65535; required>

        # Required settings for authentication mode 'shared_secret'.
        shared_secret:
          profile: <str; required>
          algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

        # Disable authentication check on the receive side.
        rx_disabled: <bool>

      # Authentication settings for level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
      level_2:

        # Configure authentication key type.
        key_type: <str; "0" | "7" | "8a">

        # Password string. `key_type` is required for this setting.
        key: <str>
        key_ids:

            # Configure authentication key-id.
          - id: <int; 1-65535; required; unique>
            algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

            # Configure authentication key type.
            key_type: <str; "0" | "7" | "8a"; required>

            # Password string.
            key: <str; required>

            # SHA digest computation according to rfc5310.
            rfc_5310: <bool>

        # Authentication mode.
        mode: <str; "md5" | "sha" | "text" | "shared-secret">

        # Required settings for authentication mode 'sha'.
        sha:
          key_id: <int; 1-65535; required>

        # Required settings for authentication mode 'shared_secret'.
        shared_secret:
          profile: <str; required>
          algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

        # Disable authentication check on the receive side.
        rx_disabled: <bool>
    mtu: <int>
    no_autostate: <bool>

    # Improved "vrrp" data model to support multiple VRRP IDs.
    vrrp_ids:

        # VRID.
      - id: <int; required; unique>

        # Instance priority.
        priority_level: <int; 1-254>
        advertisement:

          # Interval in seconds.
          interval: <int; 1-255>
        preempt:
          enabled: <bool; required>
          delay:

            # Minimum preempt delay in seconds.
            minimum: <int; 0-3600>

            # Reload preempt delay in seconds.
            reload: <int; 0-3600>
        timers:
          delay:

            # Delay after reload in seconds.
            reload: <int; 0-3600>
        tracked_object:

            # Tracked object name.
          - name: <str; required; unique>

            # Decrement VRRP priority by 1-254.
            decrement: <int; 1-254>
            shutdown: <bool>
        ipv4:

          # Virtual IPv4 address.
          address: <str; required>
          version: <int; 2 | 3>
        ipv6:

          # Virtual IPv6 address.
          address: <str; required>
    ip_attached_host_route_export:
      enabled: <bool; required>
      distance: <int; 1-255>
    ipv6_attached_host_route_export:
      enabled: <bool; required>

      # Administrative distance for generated routes.
      distance: <int; 1-255>

      # Prefix length for generated routes.
      prefix_length: <int; 0-128>
    bfd:
      echo: <bool>

      # Rate in milliseconds.
      interval: <int>

      # Minimum RX hold time in milliseconds.
      min_rx: <int>
      multiplier: <int; 3-50>
    service_policy:
      pbr:

        # Name of policy-map used for policy based routing.
        input: <str>

    # List of VLANs as string.
    pvlan_mapping: <str>

    # Key only used for documentation or validation purposes.
    tenant: <str>

    # Key only used for documentation or validation purposes.
    tags:
      - <str>

    # Key only used for documentation or validation purposes.
    type: <str>

    # Multiline EOS CLI rendered directly on the VLAN interface in the final EOS configuration.
    eos_cli: <str>

VXLAN interface

Variable Type Required Default Value Restrictions Description
vxlan_interface Dictionary
  vxlan1 Dictionary
    description String
    vxlan Dictionary
      source_interface String Source Interface Name.
      multicast Dictionary
        headend_replication Boolean
      controller_client Dictionary Client to CVX Controllers.
        enabled Boolean
      mlag_source_interface String
      udp_port Integer
      vtep_to_vtep_bridging Boolean Enable bridging between different VTEPs in vxlan overlay.
      virtual_router_encapsulation_mac_address String “mlag-system-id” or ethernet_address (H.H.H).
      bfd_vtep_evpn Dictionary
        interval Integer
        min_rx Integer
        multiplier Integer Min: 3
Max: 50
        prefix_list String
      qos Dictionary For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in “DSCP Trust” mode.
!!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping.
        dscp_propagation_encapsulation Boolean
        ecn_propagation Boolean Enable copying the ECN marking to/from encapsulated packets.
        map_dscp_to_traffic_class_decapsulation Boolean
      vlans List, items: Dictionary
        - id Integer Required, Unique VLAN ID.
          vni Integer
          multicast_group String IP Multicast Group Address.
          flood_vteps List, items: String
            - <str> String Remote VTEP IP Address.
      vrfs List, items: Dictionary
        - name String Required, Unique VRF Name.
          vni Integer
          multicast_group String IP Multicast Group Address.
      flood_vteps List, items: String
        - <str> String Remote VTEP IP Address.
      flood_vtep_learned_data_plane Boolean
    eos_cli String Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration.
  Vxlan1 deprecated Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0. Use vxlan1 instead.
    description String
    vxlan Dictionary
      source_interface String Source Interface Name.
      multicast Dictionary
        headend_replication Boolean
      controller_client Dictionary Client to CVX Controllers.
        enabled Boolean
      mlag_source_interface String
      udp_port Integer
      vtep_to_vtep_bridging Boolean Enable bridging between different VTEPs in vxlan overlay.
      virtual_router_encapsulation_mac_address String “mlag-system-id” or ethernet_address (H.H.H).
      bfd_vtep_evpn Dictionary
        interval Integer
        min_rx Integer
        multiplier Integer Min: 3
Max: 50
        prefix_list String
      qos Dictionary For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in “DSCP Trust” mode.
!!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping.
        dscp_propagation_encapsulation Boolean
        ecn_propagation Boolean Enable copying the ECN marking to/from encapsulated packets.
        map_dscp_to_traffic_class_decapsulation Boolean
      vlans List, items: Dictionary
        - id Integer Required, Unique VLAN ID.
          vni Integer
          multicast_group String IP Multicast Group Address.
          flood_vteps List, items: String
            - <str> String Remote VTEP IP Address.
      vrfs List, items: Dictionary
        - name String Required, Unique VRF Name.
          vni Integer
          multicast_group String IP Multicast Group Address.
      flood_vteps List, items: String
        - <str> String Remote VTEP IP Address.
      flood_vtep_learned_data_plane Boolean
    eos_cli String Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration.
vxlan_interface:
  vxlan1:
    description: <str>
    vxlan:

      # Source Interface Name.
      source_interface: <str>
      multicast:
        headend_replication: <bool>

      # Client to CVX Controllers.
      controller_client:
        enabled: <bool>
      mlag_source_interface: <str>
      udp_port: <int>

      # Enable bridging between different VTEPs in vxlan overlay.
      vtep_to_vtep_bridging: <bool>

      # "mlag-system-id" or ethernet_address (H.H.H).
      virtual_router_encapsulation_mac_address: <str>
      bfd_vtep_evpn:
        interval: <int>
        min_rx: <int>
        multiplier: <int; 3-50>
        prefix_list: <str>

      # For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in "DSCP Trust" mode.
      # !!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping.
      qos:
        dscp_propagation_encapsulation: <bool>

        # Enable copying the ECN marking to/from encapsulated packets.
        ecn_propagation: <bool>
        map_dscp_to_traffic_class_decapsulation: <bool>
      vlans:

          # VLAN ID.
        - id: <int; required; unique>
          vni: <int>

          # IP Multicast Group Address.
          multicast_group: <str>
          flood_vteps:

              # Remote VTEP IP Address.
            - <str>
      vrfs:

          # VRF Name.
        - name: <str; required; unique>
          vni: <int>

          # IP Multicast Group Address.
          multicast_group: <str>
      flood_vteps:

          # Remote VTEP IP Address.
        - <str>
      flood_vtep_learned_data_plane: <bool>

    # Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration.
    eos_cli: <str>
  # This key is deprecated.
  # Support will be removed in AVD version 6.0.0.
  # Use <samp>vxlan1</samp> instead.
  Vxlan1:
    description: <str>
    vxlan:

      # Source Interface Name.
      source_interface: <str>
      multicast:
        headend_replication: <bool>

      # Client to CVX Controllers.
      controller_client:
        enabled: <bool>
      mlag_source_interface: <str>
      udp_port: <int>

      # Enable bridging between different VTEPs in vxlan overlay.
      vtep_to_vtep_bridging: <bool>

      # "mlag-system-id" or ethernet_address (H.H.H).
      virtual_router_encapsulation_mac_address: <str>
      bfd_vtep_evpn:
        interval: <int>
        min_rx: <int>
        multiplier: <int; 3-50>
        prefix_list: <str>

      # For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in "DSCP Trust" mode.
      # !!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping.
      qos:
        dscp_propagation_encapsulation: <bool>

        # Enable copying the ECN marking to/from encapsulated packets.
        ecn_propagation: <bool>
        map_dscp_to_traffic_class_decapsulation: <bool>
      vlans:

          # VLAN ID.
        - id: <int; required; unique>
          vni: <int>

          # IP Multicast Group Address.
          multicast_group: <str>
          flood_vteps:

              # Remote VTEP IP Address.
            - <str>
      vrfs:

          # VRF Name.
        - name: <str; required; unique>
          vni: <int>

          # IP Multicast Group Address.
          multicast_group: <str>
      flood_vteps:

          # Remote VTEP IP Address.
        - <str>
      flood_vtep_learned_data_plane: <bool>

    # Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration.
    eos_cli: <str>

Maintenance Mode

BGP groups

Variable Type Required Default Value Restrictions Description
bgp_groups List, items: Dictionary
  - name String Required, Unique Group Name.
    vrf String
    neighbors List, items: String
      - <str> String
    bgp_maintenance_profiles List, items: String
      - <str> String Profile Name.
bgp_groups:

    # Group Name.
  - name: <str; required; unique>
    vrf: <str>
    neighbors:
      - <str>
    bgp_maintenance_profiles:

        # Profile Name.
      - <str>

Interface groups

Variable Type Required Default Value Restrictions Description
interface_groups List, items: Dictionary
  - name String Required, Unique Interface-Group name.
    interfaces List, items: String
      - <str> String Interface Name.
    bgp_maintenance_profiles List, items: String
      - <str> String Name of BGP Maintenance Profile.
    interface_maintenance_profiles List, items: String
      - <str> String Name of Interface Maintenance Profile.
interface_groups:

    # Interface-Group name.
  - name: <str; required; unique>
    interfaces:

        # Interface Name.
      - <str>
    bgp_maintenance_profiles:

        # Name of BGP Maintenance Profile.
      - <str>
    interface_maintenance_profiles:

        # Name of Interface Maintenance Profile.
      - <str>

Maintenance

Variable Type Required Default Value Restrictions Description
maintenance Dictionary
  default_interface_profile String Name of default Interface Profile.
  default_bgp_profile String Name of default BGP Profile.
  default_unit_profile String Name of default Unit Profile.
  interface_profiles List, items: Dictionary
    - name String Required, Unique
      rate_monitoring Dictionary
        load_interval Integer Load Interval in Seconds.
        threshold Integer Threshold in kbps.
      shutdown Dictionary
        max_delay Integer Max delay in seconds.
  bgp_profiles List, items: Dictionary
    - name String Required, Unique BGP Profile Name.
      initiator Dictionary
        route_map_inout String Route Map.
  unit_profiles List, items: Dictionary
    - name String Required, Unique Unit Profile Name.
      on_boot Dictionary
        duration Integer Min: 300
Max: 3600
On-boot in seconds.
  units List, items: Dictionary
    - name String Required, Unique Unit Name.
      quiesce Boolean
      profile String Name of Unit Profile.
      groups Dictionary
        bgp_groups List, items: String
          - <str> String Name of BGP Group.
        interface_groups List, items: String
          - <str> String Name of Interface Group.
maintenance:

  # Name of default Interface Profile.
  default_interface_profile: <str>

  # Name of default BGP Profile.
  default_bgp_profile: <str>

  # Name of default Unit Profile.
  default_unit_profile: <str>
  interface_profiles:
    - name: <str; required; unique>
      rate_monitoring:

        # Load Interval in Seconds.
        load_interval: <int>

        # Threshold in kbps.
        threshold: <int>
      shutdown:

        # Max delay in seconds.
        max_delay: <int>
  bgp_profiles:

      # BGP Profile Name.
    - name: <str; required; unique>
      initiator:

        # Route Map.
        route_map_inout: <str>
  unit_profiles:

      # Unit Profile Name.
    - name: <str; required; unique>
      on_boot:

        # On-boot in seconds.
        duration: <int; 300-3600>
  units:

      # Unit Name.
    - name: <str; required; unique>
      quiesce: <bool>

      # Name of Unit Profile.
      profile: <str>
      groups:
        bgp_groups:

            # Name of BGP Group.
          - <str>
        interface_groups:

            # Name of Interface Group.
          - <str>

Management

Aliases

Variable Type Required Default Value Restrictions Description
aliases String Multi-line string with one or more alias commands.

Example:

yaml<br>aliases: |<br> alias wr copy running-config startup-config<br> alias siib show ip interface brief<br>
# Multi-line string with one or more alias commands.
#
# Example:
#
# ```yaml
# aliases: |
#   alias wr copy running-config startup-config
#   alias siib show ip interface brief
# ```
aliases: <str>

Banners

Variable Type Required Default Value Restrictions Description
banners Dictionary
  login String Multiline string ending with EOF on the last line.
  motd String Multiline string ending with EOF on the last line.
banners:

  # Multiline string ending with EOF on the last line.
  login: <str>

  # Multiline string ending with EOF on the last line.
  motd: <str>

Boot

Variable Type Required Default Value Restrictions Description
boot Dictionary Set the Aboot password.
  secret Dictionary
    hash_algorithm String sha512 Valid Values:
- md5
- sha512
    key String Hashed Password.
# Set the Aboot password.
boot:
  secret:
    hash_algorithm: <str; "md5" | "sha512"; default="sha512">

    # Hashed Password.
    key: <str>

Clock

Variable Type Required Default Value Restrictions Description
clock Dictionary
  timezone String
clock:
  timezone: <str>

DNS domain

Variable Type Required Default Value Restrictions Description
dns_domain String Domain Name.
# Domain Name.
dns_domain: <str>

Domain-list

Variable Type Required Default Value Restrictions Description
domain_list List, items: String Search list of DNS domains.
  - <str> String Domain name.
# Search list of DNS domains.
domain_list:

    # Domain name.
  - <str>

Hostname

Variable Type Required Default Value Restrictions Description
hostname String
hostname: <str>

IP domain lookup

Variable Type Required Default Value Restrictions Description
ip_domain_lookup Dictionary
  source_interfaces List, items: Dictionary
    - name String Required, Unique Source Interface.
      vrf String
ip_domain_lookup:
  source_interfaces:

      # Source Interface.
    - name: <str; required; unique>
      vrf: <str>

IP HTTP client source-interfaces

Variable Type Required Default Value Restrictions Description
ip_http_client_source_interfaces List, items: Dictionary
  - name String Interface Name.
    vrf String
ip_http_client_source_interfaces:

    # Interface Name.
  - name: <str>
    vrf: <str>

IP name servers

Variable Type Required Default Value Restrictions Description
ip_name_servers List, items: Dictionary
  - ip_address String Required IPv4 or IPv6 address for DNS server.
    vrf String VRF Name.
    priority Integer Min: 0
Max: 4
Priority value (lower is first).
name_server removed Dictionary This key was removed. Support was removed in AVD version v5.0.0. Use ip_name_servers instead.
ip_name_servers:

    # IPv4 or IPv6 address for DNS server.
  - ip_address: <str; required>

    # VRF Name.
    vrf: <str>

    # Priority value (lower is first).
    priority: <int; 0-4>

IP SSH client source-interfaces

Variable Type Required Default Value Restrictions Description
ip_ssh_client_source_interfaces List, items: Dictionary
  - name String Interface Name.
    vrf String default
ip_ssh_client_source_interfaces:

    # Interface Name.
  - name: <str>
    vrf: <str; default="default">

Management accounts

Variable Type Required Default Value Restrictions Description
management_accounts Dictionary
  password Dictionary
    policy String
management_accounts:
  password:
    policy: <str>

Management API HTTP

Variable Type Required Default Value Restrictions Description
management_api_http Dictionary
  enable_http Boolean
  enable_https Boolean
  https_ssl_profile String SSL Profile Name.
  default_services Boolean Enable default services: capi-doc and tapagg.
  enable_vrfs List, items: Dictionary
    - name String Required, Unique VRF Name.
      access_group String Standard IPv4 ACL name.
      ipv6_access_group String Standard IPv6 ACL name.
  protocol_https_certificate Dictionary
    certificate String Name of certificate; private key must also be specified.
    private_key String Name of private key; certificate must also be specified.
management_api_http:
  enable_http: <bool>
  enable_https: <bool>

  # SSL Profile Name.
  https_ssl_profile: <str>

  # Enable default services: capi-doc and tapagg.
  default_services: <bool>
  enable_vrfs:

      # VRF Name.
    - name: <str; required; unique>

      # Standard IPv4 ACL name.
      access_group: <str>

      # Standard IPv6 ACL name.
      ipv6_access_group: <str>
  protocol_https_certificate:

    # Name of certificate; private key must also be specified.
    certificate: <str>

    # Name of private key; certificate must also be specified.
    private_key: <str>

Management API models

Variable Type Required Default Value Restrictions Description
management_api_models Dictionary
  providers List, items: Dictionary
    - name String Valid Values:
- sysdb
- smash
      paths List, items: Dictionary
        - path String
          disabled Boolean False
management_api_models:
  providers:
    - name: <str; "sysdb" | "smash">
      paths:
        - path: <str>
          disabled: <bool; default=False>

Management console

Variable Type Required Default Value Restrictions Description
management_console Dictionary
  idle_timeout Integer Min: 0
Max: 86400
management_console:
  idle_timeout: <int; 0-86400>

Management defaults

Variable Type Required Default Value Restrictions Description
management_defaults Dictionary
  secret Dictionary
    hash String Valid Values:
- md5
- sha512
management_defaults:
  secret:
    hash: <str; "md5" | "sha512">

Management security

Variable Type Required Default Value Restrictions Description
management_security Dictionary
  entropy_sources Dictionary Source of entropy.
    hardware Boolean Use a hardware based source.
    haveged Boolean Use the HAVEGE algorithm.
    cpu_jitter Boolean Use the Jitter RNG algorithm of a CPU based source.
    hardware_exclusive Boolean Only use entropy from the hardware source.
  password Dictionary
    minimum_length Integer Min: 1
Max: 32
    encryption_key_common Boolean
    encryption_reversible String
    policies List, items: Dictionary
      - name String Required, Unique
        minimum Dictionary
          digits Integer Min: 1
Max: 65535
          length Integer Min: 1
Max: 65535
          lower Integer Min: 1
Max: 65535
          special Integer Min: 1
Max: 65535
          upper Integer Min: 1
Max: 65535
        maximum Dictionary
          repetitive Integer Min: 1
Max: 65535
          sequential Integer Min: 1
Max: 65535
  ssl_profiles List, items: Dictionary
    - name String
      tls_versions String List of allowed TLS versions as string.
Examples:
- “1.0”
- “1.0 1.1”
      cipher_list String cipher_list syntax follows the openssl cipher strings format.
Colon (:) separated list of allowed ciphers as a string.
      trust_certificate Dictionary
        certificates List, items: String List of trust certificate names.
Examples:
- test1.crt
- test2.crt
          - <str> String
        requirement Dictionary
          basic_constraint_ca Boolean
          hostname_fqdn Boolean Enforce hostname to be FQDN without wildcard.
        policy_expiry_date_ignore Boolean
        system Boolean Use system-supplied trust certificates.
      chain_certificate Dictionary
        certificates List, items: String List of chain certificate names.
Examples:
- chain1.crt
- chain2.crt
          - <str> String
        requirement Dictionary
          basic_constraint_ca Boolean
          include_root_ca Boolean
      certificate Dictionary
        file String
        key String
      certificate_revocation_lists List, items: String List of CRLs (Certificate Revocation List).
If specified, one CRL needs to be provided for every certificate in the chain, even if the revocation list in the CRL is empty.
        - <str> String
  shared_secret_profiles List, items: Dictionary
    - profile String Required, Unique
      secrets List, items: Dictionary
        - name String Required, Unique
          secret String Required
          secret_type String 7 Valid Values:
- 0
- 7
- 8a
          receive_lifetime Dictionary Required
            infinite Boolean
            start_date_time String Start date and time of lifetime of the secret. End date should be greater than start date.
Formats supported:
1. mm/dd/yyyy hh:mm:ss
2. yyyy-mm-dd hh:mm:ss
e.g 2024-12-20 10:00:00
            end_date_time String End date and time of lifetime of the secret. End date should be greater than start date.
Formats supported:
1. mm/dd/yyyy hh:mm:ss
2. yyyy-mm-dd hh:mm:ss
e.g 2024-12-20 10:00:00
          transmit_lifetime Dictionary Required
            infinite Boolean
            start_date_time String Start date and time of lifetime of the secret. End date should be greater than start date.
Formats supported:
1. mm/dd/yyyy hh:mm:ss
2. yyyy-mm-dd hh:mm:ss
e.g 2024-12-20 10:00:00
            end_date_time String End date and time of lifetime of the secret. End date should be greater than start date.
Formats supported:
1. mm/dd/yyyy hh:mm:ss
2. yyyy-mm-dd hh:mm:ss
e.g 2024-12-20 10:00:00
          local_time Boolean Configuring secret using the local timezone from system clock. Default is UTC.
  entropy_source removed String This key was removed. Support was removed in AVD version v5.0.0. Use entropy_sources instead.
management_security:

  # Source of entropy.
  entropy_sources:

    # Use a hardware based source.
    hardware: <bool>

    # Use the HAVEGE algorithm.
    haveged: <bool>

    # Use the Jitter RNG algorithm of a CPU based source.
    cpu_jitter: <bool>

    # Only use entropy from the hardware source.
    hardware_exclusive: <bool>
  password:
    minimum_length: <int; 1-32>
    encryption_key_common: <bool>
    encryption_reversible: <str>
    policies:
      - name: <str; required; unique>
        minimum:
          digits: <int; 1-65535>
          length: <int; 1-65535>
          lower: <int; 1-65535>
          special: <int; 1-65535>
          upper: <int; 1-65535>
        maximum:
          repetitive: <int; 1-65535>
          sequential: <int; 1-65535>
  ssl_profiles:
    - name: <str>

      # List of allowed TLS versions as string.
      # Examples:
      #   - "1.0"
      #   - "1.0 1.1"
      tls_versions: <str>

      # cipher_list syntax follows the openssl cipher strings format.
      # Colon (:) separated list of allowed ciphers as a string.
      cipher_list: <str>
      trust_certificate:

        # List of trust certificate names.
        # Examples:
        #   - test1.crt
        #   - test2.crt
        certificates:
          - <str>
        requirement:
          basic_constraint_ca: <bool>

          # Enforce hostname to be FQDN without wildcard.
          hostname_fqdn: <bool>
        policy_expiry_date_ignore: <bool>

        # Use system-supplied trust certificates.
        system: <bool>
      chain_certificate:

        # List of chain certificate names.
        # Examples:
        #   - chain1.crt
        #   - chain2.crt
        certificates:
          - <str>
        requirement:
          basic_constraint_ca: <bool>
          include_root_ca: <bool>
      certificate:
        file: <str>
        key: <str>

      # List of CRLs (Certificate Revocation List).
      # If specified, one CRL needs to be provided for every certificate in the chain, even if the revocation list in the CRL is empty.
      certificate_revocation_lists:
        - <str>
  shared_secret_profiles:
    - profile: <str; required; unique>
      secrets:
        - name: <str; required; unique>
          secret: <str; required>
          secret_type: <str; "0" | "7" | "8a"; default="7">
          receive_lifetime: # required
            infinite: <bool>

            # Start date and time of lifetime of the secret. End date should be greater than start date.
            # Formats supported:
            # 1. mm/dd/yyyy hh:mm:ss
            # 2. yyyy-mm-dd hh:mm:ss
            # e.g 2024-12-20 10:00:00
            start_date_time: <str>

            # End date and time of lifetime of the secret. End date should be greater than start date.
            # Formats supported:
            # 1. mm/dd/yyyy hh:mm:ss
            # 2. yyyy-mm-dd hh:mm:ss
            # e.g 2024-12-20 10:00:00
            end_date_time: <str>
          transmit_lifetime: # required
            infinite: <bool>

            # Start date and time of lifetime of the secret. End date should be greater than start date.
            # Formats supported:
            # 1. mm/dd/yyyy hh:mm:ss
            # 2. yyyy-mm-dd hh:mm:ss
            # e.g 2024-12-20 10:00:00
            start_date_time: <str>

            # End date and time of lifetime of the secret. End date should be greater than start date.
            # Formats supported:
            # 1. mm/dd/yyyy hh:mm:ss
            # 2. yyyy-mm-dd hh:mm:ss
            # e.g 2024-12-20 10:00:00
            end_date_time: <str>

          # Configuring secret using the local timezone from system clock. Default is UTC.
          local_time: <bool>

Management SSH

Variable Type Required Default Value Restrictions Description
management_ssh Dictionary
  authentication Dictionary
    empty_passwords String Valid Values:
- auto
- deny
- permit
Permit or deny empty passwords for SSH authentication.
    protocols List, items: String Allowed SSH authentication methods.
      - <str> String Valid Values:
- keyboard-interactive
- password
- public-key
  access_groups List, items: Dictionary
    - name String Standard ACL Name.
      vrf String VRF Name.
  ipv6_access_groups List, items: Dictionary
    - name String Standard ACL Name.
      vrf String VRF Name.
  idle_timeout Integer Min: 0
Max: 86400
Idle timeout in minutes.
  cipher List, items: String Cryptographic ciphers for SSH to use.
    - <str> String
  key_exchange List, items: String Cryptographic key exchange methods for SSH to use.
    - <str> String
  mac List, items: String Cryptographic MAC algorithms for SSH to use.
    - <str> String
  fips_restrictions Boolean Use FIPS compliant algorithms.
  hostkey Dictionary
    server List, items: String SSH host key settings.
      - <str> String
    server_cert String Configure switch’s hostkey cert file.
    client_strict_checking Boolean Enforce strict host key checking.
  enable Boolean Enable SSH daemon.
  connection Dictionary
    limit Integer Min: 1
Max: 100
Maximum total number of SSH sessions to device.
    per_host Integer Min: 1
Max: 20
Maximum number of SSH sessions to device from a single host.
  vrfs List, items: Dictionary
    - name String Required, Unique VRF Name.
      enable Boolean Enable SSH in VRF.
  log_level String SSH daemon log level.
  client_alive Dictionary
    count_max Integer Min: 1
Max: 1000
Number of keep-alive packets that can be sent without a response before the connection is assumed dead.
    interval Integer Min: 1
Max: 1000
Time period (in seconds) to send SSH keep-alive packets.
management_ssh:
  authentication:

    # Permit or deny empty passwords for SSH authentication.
    empty_passwords: <str; "auto" | "deny" | "permit">

    # Allowed SSH authentication methods.
    protocols:
      - <str; "keyboard-interactive" | "password" | "public-key">
  access_groups:

      # Standard ACL Name.
    - name: <str>

      # VRF Name.
      vrf: <str>
  ipv6_access_groups:

      # Standard ACL Name.
    - name: <str>

      # VRF Name.
      vrf: <str>

  # Idle timeout in minutes.
  idle_timeout: <int; 0-86400>

  # Cryptographic ciphers for SSH to use.
  cipher:
    - <str>

  # Cryptographic key exchange methods for SSH to use.
  key_exchange:
    - <str>

  # Cryptographic MAC algorithms for SSH to use.
  mac:
    - <str>

  # Use FIPS compliant algorithms.
  fips_restrictions: <bool>
  hostkey:

    # SSH host key settings.
    server:
      - <str>

    # Configure switch's hostkey cert file.
    server_cert: <str>

    # Enforce strict host key checking.
    client_strict_checking: <bool>

  # Enable SSH daemon.
  enable: <bool>
  connection:

    # Maximum total number of SSH sessions to device.
    limit: <int; 1-100>

    # Maximum number of SSH sessions to device from a single host.
    per_host: <int; 1-20>
  vrfs:

      # VRF Name.
    - name: <str; required; unique>

      # Enable SSH in VRF.
      enable: <bool>

  # SSH daemon log level.
  log_level: <str>
  client_alive:

    # Number of keep-alive packets that can be sent without a response before the connection is assumed dead.
    count_max: <int; 1-1000>

    # Time period (in seconds) to send SSH keep-alive packets.
    interval: <int; 1-1000>

Management tech-support

Variable Type Required Default Value Restrictions Description
management_tech_support Dictionary
  policy_show_tech_support Dictionary
    exclude_commands List, items: Dictionary
      - command String Command to exclude from tech-support.
        type String text Valid Values:
- text
- json
The supported values for type are platform dependent.
    include_commands List, items: Dictionary
      - command String Command to include in tech-support.
management_tech_support:
  policy_show_tech_support:
    exclude_commands:

        # Command to exclude from tech-support.
      - command: <str>

        # The supported values for type are platform dependent.
        type: <str; "text" | "json"; default="text">
    include_commands:

        # Command to include in tech-support.
      - command: <str>

NTP

Variable Type Required Default Value Restrictions Description
ntp Dictionary
  local_interface Dictionary
    name String Source interface.
    vrf String VRF name.
  servers List, items: Dictionary
    - name String IP or hostname e.g., 2.2.2.55, 2001:db8::55, ie.pool.ntp.org.
      burst Boolean
      iburst Boolean
      key Integer Min: 1
Max: 65535
      local_interface String Source interface.
      maxpoll Integer Min: 3
Max: 17
Value of maxpoll between 3 - 17 (Logarithmic).
      minpoll Integer Min: 3
Max: 17
Value of minpoll between 3 - 17 (Logarithmic).
      preferred Boolean
      version Integer Min: 1
Max: 4
      vrf String VRF name.
  authenticate Boolean
  authenticate_servers_only Boolean
  authentication_keys List, items: Dictionary
    - id Integer Required, Unique Min: 1
Max: 65534
Key identifier.
      hash_algorithm String Valid Values:
- md5
- sha1
      key String Obfuscated key.
      key_type String Valid Values:
- 0
- 7
- 8a
  trusted_keys String List of trusted-keys as string ex. 10-12,15.
ntp:
  local_interface:

    # Source interface.
    name: <str>

    # VRF name.
    vrf: <str>
  servers:

      # IP or hostname e.g., 2.2.2.55, 2001:db8::55, ie.pool.ntp.org.
    - name: <str>
      burst: <bool>
      iburst: <bool>
      key: <int; 1-65535>

      # Source interface.
      local_interface: <str>

      # Value of maxpoll between 3 - 17 (Logarithmic).
      maxpoll: <int; 3-17>

      # Value of minpoll between 3 - 17 (Logarithmic).
      minpoll: <int; 3-17>
      preferred: <bool>
      version: <int; 1-4>

      # VRF name.
      vrf: <str>
  authenticate: <bool>
  authenticate_servers_only: <bool>
  authentication_keys:

      # Key identifier.
    - id: <int; 1-65534; required; unique>
      hash_algorithm: <str; "md5" | "sha1">

      # Obfuscated key.
      key: <str>
      key_type: <str; "0" | "7" | "8a">

  # List of trusted-keys as string ex. 10-12,15.
  trusted_keys: <str>

Prompt

Variable Type Required Default Value Restrictions Description
prompt String
prompt: <str>

Terminal

Variable Type Required Default Value Restrictions Description
terminal Dictionary
  length Integer Min: 0
Max: 32767
  width Integer Min: 10
Max: 32767
terminal:
  length: <int; 0-32767>
  width: <int; 10-32767>

Virtual source NAT VRFs

Variable Type Required Default Value Restrictions Description
virtual_source_nat_vrfs List, items: Dictionary
  - name String Required, Unique VRF Name.
    ip_address String IPv4 Address.
    ipv6_address String IPv6 Address.
virtual_source_nat_vrfs:

    # VRF Name.
  - name: <str; required; unique>

    # IPv4 Address.
    ip_address: <str>

    # IPv6 Address.
    ipv6_address: <str>

Miscellaneous

Config comment

Variable Type Required Default Value Restrictions Description
config_comment String Add a comment to provide information about the configuration.
This comment will be rendered at the top of the generated configuration.
# Add a comment to provide information about the configuration.
# This comment will be rendered at the top of the generated configuration.
config_comment: <str>

Config end

Variable Type Required Default Value Restrictions Description
config_end Boolean False Render end at the end of the configuration.
# Render `end` at the end of the configuration.
config_end: <bool; default=False>

CVX

Variable Type Required Default Value Restrictions Description
cvx Dictionary CVX server features are not supported on physical switches. See management_cvx for client configurations.
  shutdown Boolean
  peer_hosts List, items: String
    - <str> String IP address or hostname.
  services Dictionary
    mcs Dictionary
      redis Dictionary
        password String Hashed password using the password_type.
        password_type String 7 Valid Values:
- 0
- 7
- 8a
      shutdown Boolean
    vxlan Dictionary VXLAN Controller service.
      shutdown Boolean
      vtep_mac_learning String Valid Values:
- control-plane
- data-plane
# CVX server features are not supported on physical switches. See `management_cvx` for client configurations.
cvx:
  shutdown: <bool>
  peer_hosts:

      # IP address or hostname.
    - <str>
  services:
    mcs:
      redis:

        # Hashed password using the password_type.
        password: <str>
        password_type: <str; "0" | "7" | "8a"; default="7">
      shutdown: <bool>

    # VXLAN Controller service.
    vxlan:
      shutdown: <bool>
      vtep_mac_learning: <str; "control-plane" | "data-plane">

EOS cli

Variable Type Required Default Value Restrictions Description
eos_cli String Multiline string with EOS CLI rendered directly on the root level of the final EOS configuration.
# Multiline string with EOS CLI rendered directly on the root level of the final EOS configuration.
eos_cli: <str>

Is deployed

Variable Type Required Default Value Restrictions Description
is_deployed Boolean True Key only used for documentation or validation purposes.
# Key only used for documentation or validation purposes.
is_deployed: <bool; default=True>

Management CVX

Variable Type Required Default Value Restrictions Description
management_cvx Dictionary
  shutdown Boolean
  server_hosts List, items: String
    - <str> String IP or hostname.
  source_interface String Interface name.
  vrf String VRF Name.
management_cvx:
  shutdown: <bool>
  server_hosts:

      # IP or hostname.
    - <str>

  # Interface name.
  source_interface: <str>

  # VRF Name.
  vrf: <str>

MCS client

Variable Type Required Default Value Restrictions Description
mcs_client Dictionary
  shutdown Boolean
  cvx_secondary Dictionary
    name String
    shutdown Boolean
    server_hosts List, items: String
      - <str> String IP or hostname.
mcs_client:
  shutdown: <bool>
  cvx_secondary:
    name: <str>
    shutdown: <bool>
    server_hosts:

        # IP or hostname.
      - <str>

Monitoring

Daemons

Variable Type Required Default Value Restrictions Description
daemons List, items: Dictionary This will add a daemon to the eos configuration that is most useful when trying to run OpenConfig clients like ocprometheus.
  - name String Required, Unique Daemon Name.
    exec String Required command to run as a daemon.
    enabled Boolean True
# This will add a daemon to the eos configuration that is most useful when trying to run OpenConfig clients like ocprometheus.
daemons:

    # Daemon Name.
  - name: <str; required; unique>

    # command to run as a daemon.
    exec: <str; required>
    enabled: <bool; default=True>

Daemon terminattr

Variable Type Required Default Value Restrictions Description
daemon_terminattr Dictionary You can either provide a list of IPs/FQDNs to target on-premise Cloudvision cluster or use DNS name for your Cloudvision as a Service instance.
Streaming to multiple clusters both on-prem and cloud service is supported.

!!! note
For TerminAttr version recommendation and EOS compatibility matrix, please refer to the latest TerminAttr Release Notes
which always contain the latest recommended versions and minimum required versions per EOS release.
  cvaddrs List, items: String Streaming address(es) for CloudVision single cluster.
- TCP 9910 is used for CV on-prem
- TCP 443 is used for CV as a Service
    - <str> String Server address in the format <ip/fqdn>:<port>.
  clusters List, items: Dictionary Multiple CloudVision clusters.
    - name String Required, Unique Cluster Name.
      cvaddrs List, items: String Streaming address(es) for CloudVision cluster.
- TCP 9910 is used for CV on-prem
- TCP 443 is used for CV as a Service
        - <str> String Server address in the format <ip/fqdn>:<port>.
      cvauth Dictionary Authentication scheme used to connect to CloudVision.
        method String Valid Values:
- token
- token-secure
- key
- certs
        key String
        token_file String Token file path.
e.g. “/tmp/token”
        cert_file String Client certificate file path.
e.g. “/persist/secure/ssl/terminattr/primary/certs/client.crt”
        ca_file String CA certificate file path (on-prem only).
e.g. “/persist/secure/ssl/terminattr/primary/certs/ca.crt”
        key_file String Client certificate key file path.
e.g. “/persist/secure/ssl/terminattr/primary/keys/client.key”
      cvobscurekeyfile Boolean Encrypt the private key used for authentication to CloudVision.
      cvproxy String Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
The expected form is http://[user:password@]ip:port, e.g.: http://arista:arista@10.83.12.78:3128. Available as of TerminAttr v1.13.0.
      cvsourceip String Set source IP address in case of in-band management.
      cvsourceintf String Set source interface in case of in-band management. Available as of TerminAttr v1.23.0.
The interface name is case sensitive and has to match the interface name in the running-config, e.g.:Vlan100.
      cvvrf String The VRF to use to connect to CloudVision.
  cvauth Dictionary Authentication scheme used to connect to CloudVision.
    method String Valid Values:
- token
- token-secure
- key
- certs
    key String
    token_file String Token file path.
e.g. “/tmp/token”
    cert_file String Client certificate file path.
e.g. “/persist/secure/ssl/terminattr/primary/certs/client.crt”
    ca_file String CA certificate file path (on-prem only).
e.g. “/persist/secure/ssl/terminattr/primary/certs/ca.crt”
    key_file String Client certificate key file path.
e.g. “/persist/secure/ssl/terminattr/primary/keys/client.key”
  cvobscurekeyfile Boolean Encrypt the private key used for authentication to CloudVision.
  cvproxy String Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
The expected form is http://[user:password@]ip:port, e.g.: http://arista:arista@10.83.12.78:3128. Available as of TerminAttr v1.13.0.
  cvsourceip String Set source IP address in case of in-band management.
  cvsourceintf String Set source interface in case of in-band management.
The interface name is case sensitive and has to match the interface name in the running-config, e.g.:Vlan100.
  cvvrf String The VRF to use to connect to CloudVision.
  cvgnmi Boolean Stream states from EOS gNMI servers (Openconfig) to CloudVision. Available as of TerminAttr v1.13.1.
  disable_aaa Boolean Disable AAA authorization and accounting.
When setting this flag, all commands pushed from CloudVision are applied directly to the CLI without authorization.
  grpcaddr String Set the gRPC server address, the default is 127.0.0.1:6042.
e.g. “MGMT/0.0.0.0:6042”
  grpcreadonly Boolean gNMI read-only mode - Disable gnmi.Set().
  ingestexclude String Exclude paths from Sysdb on the ingest side.
e.g. “/Sysdb/cell/1/agent,/Sysdb/cell/2/agent”
  smashexcludes String Exclude paths from the shared memory table.
e.g. “ale,flexCounter,hardware,kni,pulse,strata”
  taillogs String Enable log file collection; /var/log/messages is streamed by default if no path is set.
e.g. “/var/log/messages”
  ecodhcpaddr String ECO DHCP Collector address or ECO DHCP Fingerprint listening address in standalone mode (default “127.0.0.1:67”).
  ipfix Boolean Enable IPFIX provider (TerminAttr default is true).
This flag is enabled by default and does not have to be added to the daemon configuration.
  ipfixaddr String ECO IPFIX Collector address to listen on to receive IPFIX packets (TerminAttr default “127.0.0.1:4739”).
  sflow Boolean Enable sFlow provider (TerminAttr default is true).
  sflowaddr String ECO sFlow Collector address to listen on to receive sFlow packets (TerminAttr default “127.0.0.1:6343”).
  cvconfig Boolean Subscribe to dynamic device configuration from CloudVision (TerminAttr default is false).
  cvcompression removed String The default compression scheme when streaming to CloudVision is gzip since TerminAttr 1.6.1 and CVP 2019.1.0.
There is no need to change the compression scheme.
This key was removed. Support was removed in AVD version v5.0.0.
# You can either provide a list of IPs/FQDNs to target on-premise Cloudvision cluster or use DNS name for your Cloudvision as a Service instance.
# Streaming to multiple clusters both on-prem and cloud service is supported.
#
# !!! note
#     For TerminAttr version recommendation and EOS compatibility matrix, please refer to the latest TerminAttr Release Notes
#     which always contain the latest recommended versions and minimum required versions per EOS release.
daemon_terminattr:

  # Streaming address(es) for CloudVision single cluster.
  # - TCP 9910 is used for CV on-prem
  # - TCP 443 is used for CV as a Service
  cvaddrs:

      # Server address in the format `<ip/fqdn>:<port>`.
    - <str>

  # Multiple CloudVision clusters.
  clusters:

      # Cluster Name.
    - name: <str; required; unique>

      # Streaming address(es) for CloudVision cluster.
      # - TCP 9910 is used for CV on-prem
      # - TCP 443 is used for CV as a Service
      cvaddrs:

          # Server address in the format `<ip/fqdn>:<port>`.
        - <str>

      # Authentication scheme used to connect to CloudVision.
      cvauth:
        method: <str; "token" | "token-secure" | "key" | "certs">
        key: <str>

        # Token file path.
        # e.g. "/tmp/token"
        token_file: <str>

        # Client certificate file path.
        # e.g. "/persist/secure/ssl/terminattr/primary/certs/client.crt"
        cert_file: <str>

        # CA certificate file path (on-prem only).
        # e.g. "/persist/secure/ssl/terminattr/primary/certs/ca.crt"
        ca_file: <str>

        # Client certificate key file path.
        # e.g. "/persist/secure/ssl/terminattr/primary/keys/client.key"
        key_file: <str>

      # Encrypt the private key used for authentication to CloudVision.
      cvobscurekeyfile: <bool>

      # Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
      # The expected form is http://[user:password@]ip:port, e.g.: `http://arista:arista@10.83.12.78:3128`. Available as of TerminAttr v1.13.0.
      cvproxy: <str>

      # Set source IP address in case of in-band management.
      cvsourceip: <str>

      # Set source interface in case of in-band management. Available as of TerminAttr v1.23.0.
      # The interface name is case sensitive and has to match the interface name in the running-config, e.g.:Vlan100.
      cvsourceintf: <str>

      # The VRF to use to connect to CloudVision.
      cvvrf: <str>

  # Authentication scheme used to connect to CloudVision.
  cvauth:
    method: <str; "token" | "token-secure" | "key" | "certs">
    key: <str>

    # Token file path.
    # e.g. "/tmp/token"
    token_file: <str>

    # Client certificate file path.
    # e.g. "/persist/secure/ssl/terminattr/primary/certs/client.crt"
    cert_file: <str>

    # CA certificate file path (on-prem only).
    # e.g. "/persist/secure/ssl/terminattr/primary/certs/ca.crt"
    ca_file: <str>

    # Client certificate key file path.
    # e.g. "/persist/secure/ssl/terminattr/primary/keys/client.key"
    key_file: <str>

  # Encrypt the private key used for authentication to CloudVision.
  cvobscurekeyfile: <bool>

  # Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud.
  # The expected form is http://[user:password@]ip:port, e.g.: `http://arista:arista@10.83.12.78:3128`. Available as of TerminAttr v1.13.0.
  cvproxy: <str>

  # Set source IP address in case of in-band management.
  cvsourceip: <str>

  # Set source interface in case of in-band management.
  # The interface name is case sensitive and has to match the interface name in the running-config, e.g.:Vlan100.
  cvsourceintf: <str>

  # The VRF to use to connect to CloudVision.
  cvvrf: <str>

  # Stream states from EOS gNMI servers (Openconfig) to CloudVision. Available as of TerminAttr v1.13.1.
  cvgnmi: <bool>

  # Disable AAA authorization and accounting.
  # When setting this flag, all commands pushed from CloudVision are applied directly to the CLI without authorization.
  disable_aaa: <bool>

  # Set the gRPC server address, the default is 127.0.0.1:6042.
  # e.g. "MGMT/0.0.0.0:6042"
  grpcaddr: <str>

  # gNMI read-only mode - Disable gnmi.Set().
  grpcreadonly: <bool>

  # Exclude paths from Sysdb on the ingest side.
  # e.g. "/Sysdb/cell/1/agent,/Sysdb/cell/2/agent"
  ingestexclude: <str>

  # Exclude paths from the shared memory table.
  # e.g. "ale,flexCounter,hardware,kni,pulse,strata"
  smashexcludes: <str>

  # Enable log file collection; /var/log/messages is streamed by default if no path is set.
  # e.g. "/var/log/messages"
  taillogs: <str>

  # ECO DHCP Collector address or ECO DHCP Fingerprint listening address in standalone mode (default "127.0.0.1:67").
  ecodhcpaddr: <str>

  # Enable IPFIX provider (TerminAttr default is true).
  # This flag is enabled by default and does not have to be added to the daemon configuration.
  ipfix: <bool>

  # ECO IPFIX Collector address to listen on to receive IPFIX packets (TerminAttr default "127.0.0.1:4739").
  ipfixaddr: <str>

  # Enable sFlow provider (TerminAttr default is true).
  sflow: <bool>

  # ECO sFlow Collector address to listen on to receive sFlow packets (TerminAttr default "127.0.0.1:6343").
  sflowaddr: <str>

  # Subscribe to dynamic device configuration from CloudVision (TerminAttr default is false).
  cvconfig: <bool>

Event handlers

Variable Type Required Default Value Restrictions Description
event_handlers List, items: Dictionary Gives the ability to monitor and react to Syslog messages.
Event Handlers provide a powerful and flexible tool that can be used to apply self-healing actions,
customize the system behavior, and implement workarounds to problems discovered in the field.
  - name String Required, Unique Event Handler Name.
    actions Dictionary Note: bash_command and log are mutually exclusive. bash_command takes precedence over log.
      bash_command String Define BASH command action. Command could be multiline also.
      log Boolean Log a message when the event is triggered.
      increment_device_health_metric String Name of device-health metric.
    delay Integer Event-handler delay in seconds.
    trigger String Valid Values:
- on-boot
- on-counters
- on-intf
- on-logging
- on-maintenance
- on-startup-config
- vm-tracer vm
Configure event trigger condition.
    trigger_on_counters Dictionary
      condition String Set the logical expression to evaluate.
      granularity_per_source Boolean Set the granularity of event counting for a wildcarded condition.
Example -
condition ( Arad*.IptCrcErrCnt.delta > 100 ) and ( Arad*.UcFifoFullDrop.delta > 100 )
[* wildcard is used here]
      poll_interval Integer Min: 1
Max: 1000000
Set the polling interval in seconds.
    trigger_on_logging Dictionary
      poll_interval Integer Min: 1
Max: 1000000
Set the polling interval in seconds.
      regex String Regular expression to use for searching log messages.
    trigger_on_intf Dictionary Trigger condition occurs on specified interface changes.
Note: Any one of the ip, ipv6 and operstatus key needs to be defined along with the interface.
      interface String Required Interface name.
Example - Ethernet4
Loopback4-6
Port-channel4,7
      ip Boolean Action is triggered upon changes to interface IP address assignment.
      ipv6 Boolean Action is triggered upon changes to interface ipv6 address assignment.
      operstatus Boolean Action is triggered upon changes to interface operStatus.
    trigger_on_maintenance Dictionary Settings required for trigger ‘on-maintenance’.
      operation String Required Valid Values:
- enter
- exit
      bgp_peer String Ipv4/Ipv6 address or peer group name.
Trigger condition occurs on maintenance operation of specified BGP peer.
      action String Required Valid Values:
- after
- before
- all
- begin
- end
Action for maintenance operation.
      stage String Valid Values:
- bgp
- linkdown
- mlag
- ratemon
Action is triggered after/before specified stage.
      vrf String VRF name. VRF can be defined for “bgp_peer” only.
      interface String Trigger condition occurs on maintenance operation of specified interface.
      unit String Name of unit. Trigger condition occurs on maintenance operation of specified unit
    asynchronous Boolean False Set the action to be non-blocking.
    action_type removed String Valid Values:
- bash
- increment
- log
This key was removed. Support was removed in AVD version 5.0.0. Use event_handlers.actions instead.
    action removed String Command to execute.
This key was removed. Support was removed in AVD version 5.0.0. Use event_handlers.actions.bash_command instead.
    regex removed String Regular expression to use for searching log messages. Required for on-logging trigger.
This key was removed. Support was removed in AVD version 5.0.0. Use event_handlers.trigger_on_logging.regex instead.
# Gives the ability to monitor and react to Syslog messages.
# Event Handlers provide a powerful and flexible tool that can be used to apply self-healing actions,
# customize the system behavior, and implement workarounds to problems discovered in the field.
event_handlers:

    # Event Handler Name.
  - name: <str; required; unique>

    # Note: `bash_command` and `log` are mutually exclusive. `bash_command` takes precedence over `log`.
    actions:

      # Define BASH command action. Command could be multiline also.
      bash_command: <str>

      # Log a message when the event is triggered.
      log: <bool>

      # Name of device-health metric.
      increment_device_health_metric: <str>

    # Event-handler delay in seconds.
    delay: <int>

    # Configure event trigger condition.
    trigger: <str; "on-boot" | "on-counters" | "on-intf" | "on-logging" | "on-maintenance" | "on-startup-config" | "vm-tracer vm">
    trigger_on_counters:

      # Set the logical expression to evaluate.
      condition: <str>

      # Set the granularity of event counting for a wildcarded condition.
      # Example -
      #   condition ( Arad*.IptCrcErrCnt.delta > 100 ) and ( Arad*.UcFifoFullDrop.delta > 100 )
      #   [* wildcard is used here]
      granularity_per_source: <bool>

      # Set the polling interval in seconds.
      poll_interval: <int; 1-1000000>
    trigger_on_logging:

      # Set the polling interval in seconds.
      poll_interval: <int; 1-1000000>

      # Regular expression to use for searching log messages.
      regex: <str>

    # Trigger condition occurs on specified interface changes.
    # Note: Any one of the `ip`, `ipv6` and `operstatus` key needs to be defined along with the `interface`.
    trigger_on_intf:

      # Interface name.
      # Example - Ethernet4
      #           Loopback4-6
      #           Port-channel4,7
      interface: <str; required>

      # Action is triggered upon changes to interface IP address assignment.
      ip: <bool>

      # Action is triggered upon changes to interface ipv6 address assignment.
      ipv6: <bool>

      # Action is triggered upon changes to interface operStatus.
      operstatus: <bool>

    # Settings required for trigger 'on-maintenance'.
    trigger_on_maintenance:
      operation: <str; "enter" | "exit"; required>

      # Ipv4/Ipv6 address or peer group name.
      # Trigger condition occurs on maintenance operation of specified BGP peer.
      bgp_peer: <str>

      # Action for maintenance operation.
      action: <str; "after" | "before" | "all" | "begin" | "end"; required>

      # Action is triggered after/before specified stage.
      stage: <str; "bgp" | "linkdown" | "mlag" | "ratemon">

      # VRF name. VRF can be defined for "bgp_peer" only.
      vrf: <str>

      # Trigger condition occurs on maintenance operation of specified interface.
      interface: <str>

      # Name of unit. Trigger condition occurs on maintenance operation of specified unit
      unit: <str>

    # Set the action to be non-blocking.
    asynchronous: <bool; default=False>

Event monitor

Variable Type Required Default Value Restrictions Description
event_monitor Dictionary
  enabled Boolean
event_monitor:
  enabled: <bool>

Flow tracking

Variable Type Required Default Value Restrictions Description
flow_tracking Dictionary
  sampled Dictionary
    encapsulation Dictionary
      ipv4_ipv6 Boolean
      mpls Boolean
    sample Integer Min: 1
Max: 4294967295
    hardware_offload Dictionary
      ipv4 Boolean Configure hardware offload for IPv4 traffic.
      ipv6 Boolean Configure hardware offload for IPv6 traffic.
      threshold_minimum Integer Min: 1
Max: 4294967295
Minimum number of samples.
    trackers List, items: Dictionary
      - table_size Integer Min: 1
Max: 614400
Maximum number of entries in flow table.
        record_export Dictionary
          mpls Boolean Export MPLS forwarding information.
          on_inactive_timeout Integer Min: 3000
Max: 900000
Flow record inactive export timeout in milliseconds.
          on_interval Integer Min: 1000
Max: 36000000
Flow record export interval in milliseconds.
        name String Required, Unique Tracker Name.
        exporters List, items: Dictionary
          - name String Required, Unique Exporter Name.
            collector Dictionary
              host String Collector IPv4 address or IPv6 address or fully qualified domain name.
              port Integer Min: 1
Max: 65535
Collector Port Number.
            format Dictionary
              ipfix_version Integer
            local_interface String Local Source Interface.
            template_interval Integer Min: 5000
Max: 3600000
Template interval in milliseconds.
    shutdown Boolean False
  hardware Dictionary
    record Dictionary
      format_ipfix_standard_timestamps_counters Boolean Enable software export of IPFIX data records.
    trackers List, items: Dictionary
      - name String Required, Unique Tracker Name.
        record_export Dictionary
          on_inactive_timeout Integer Min: 3000
Max: 900000
Flow record inactive export timeout in milliseconds.
          on_interval Integer Min: 1000
Max: 36000000
Flow record export interval in milliseconds.
        exporters List, items: Dictionary
          - name String Required, Unique Exporter Name.
            collector Dictionary
              host String Collector IPv4 address or IPv6 address or fully qualified domain name.
              port Integer Min: 1
Max: 65535
Collector Port Number.
            format Dictionary
              ipfix_version Integer
            local_interface String Local Source Interface.
            template_interval Integer Min: 5000
Max: 3600000
Template interval in milliseconds.
    shutdown Boolean False
flow_trackings removed List, items: Dictionary This key was removed. Support was removed in AVD version v5.0.0. Use flow_tracking instead.
  - type String Required, Unique Valid Values:
- sampled
Flow Tracking Type - only ‘sampled’ supported for now.
    sample Integer Min: 1
Max: 4294967295
    trackers List, items: Dictionary
      - name String Required, Unique Tracker Name.
        record_export Dictionary
          on_inactive_timeout Integer Min: 3000
Max: 900000
Flow record inactive export timeout in milliseconds.
          on_interval Integer Min: 1000
Max: 36000000
Flow record export interval in milliseconds.
          mpls Boolean Export MPLS forwarding information.
        exporters List, items: Dictionary
          - name String Required, Unique Exporter Name.
            collector Dictionary
              host String Collector IPv4 address or IPv6 address or fully qualified domain name.
              port Integer Min: 1
Max: 65535
Collector Port Number.
            format Dictionary
              ipfix_version Integer
            local_interface String Local Source Interface.
            template_interval Integer Min: 5000
Max: 3600000
Template interval in milliseconds.
        table_size Integer Min: 1
Max: 614400
Maximum number of entries in flow table.
    shutdown Boolean False
flow_tracking:
  sampled:
    encapsulation:
      ipv4_ipv6: <bool>
      mpls: <bool>
    sample: <int; 1-4294967295>
    hardware_offload:

      # Configure hardware offload for IPv4 traffic.
      ipv4: <bool>

      # Configure hardware offload for IPv6 traffic.
      ipv6: <bool>

      # Minimum number of samples.
      threshold_minimum: <int; 1-4294967295>
    trackers:

        # Maximum number of entries in flow table.
      - table_size: <int; 1-614400>
        record_export:

          # Export MPLS forwarding information.
          mpls: <bool>

          # Flow record inactive export timeout in milliseconds.
          on_inactive_timeout: <int; 3000-900000>

          # Flow record export interval in milliseconds.
          on_interval: <int; 1000-36000000>

        # Tracker Name.
        name: <str; required; unique>
        exporters:

            # Exporter Name.
          - name: <str; required; unique>
            collector:

              # Collector IPv4 address or IPv6 address or fully qualified domain name.
              host: <str>

              # Collector Port Number.
              port: <int; 1-65535>
            format:
              ipfix_version: <int>

            # Local Source Interface.
            local_interface: <str>

            # Template interval in milliseconds.
            template_interval: <int; 5000-3600000>
    shutdown: <bool; default=False>
  hardware:
    record:

      # Enable software export of IPFIX data records.
      format_ipfix_standard_timestamps_counters: <bool>
    trackers:

        # Tracker Name.
      - name: <str; required; unique>
        record_export:

          # Flow record inactive export timeout in milliseconds.
          on_inactive_timeout: <int; 3000-900000>

          # Flow record export interval in milliseconds.
          on_interval: <int; 1000-36000000>
        exporters:

            # Exporter Name.
          - name: <str; required; unique>
            collector:

              # Collector IPv4 address or IPv6 address or fully qualified domain name.
              host: <str>

              # Collector Port Number.
              port: <int; 1-65535>
            format:
              ipfix_version: <int>

            # Local Source Interface.
            local_interface: <str>

            # Template interval in milliseconds.
            template_interval: <int; 5000-3600000>
    shutdown: <bool; default=False>

Load interval

Variable Type Required Default Value Restrictions Description
load_interval Dictionary
  default Integer Default load interval in seconds.
load_interval:

  # Default load interval in seconds.
  default: <int>

Logging

Variable Type Required Default Value Restrictions Description
logging Dictionary
  console String Valid Values:
- debugging
- informational
- notifications
- warnings
- errors
- critical
- alerts
- emergencies
- disabled
Console logging severity level.
  monitor String Valid Values:
- debugging
- informational
- notifications
- warnings
- errors
- critical
- alerts
- emergencies
- disabled
Monitor logging severity level.
  buffered Dictionary
    size Integer Min: 10
Max: 2147483647
    level String Valid Values:
- alerts
- critical
- debugging
- emergencies
- errors
- informational
- notifications
- warnings
- disabled
Buffer logging severity level.
  repeat_messages Boolean Summarize concurrent repeat messages.
  trap String Valid Values:
- alerts
- critical
- debugging
- emergencies
- errors
- informational
- notifications
- system
- warnings
- disabled
Trap logging severity level.
  synchronous Dictionary
    level String critical Valid Values:
- alerts
- all
- critical
- debugging
- emergencies
- errors
- informational
- notifications
- warnings
- disabled
Synchronous logging severity level.
  format Dictionary
    timestamp String Valid Values:
- high-resolution
- traditional
- traditional timezone
- traditional year
- traditional timezone year
- traditional year timezone
Timestamp format.
    hostname String Valid Values:
- fqdn
- ipv4
Hostname format in syslogs. For hostname only, remove the line. (default EOS CLI behaviour).
    sequence_numbers Boolean Add sequence numbers to log messages.
    rfc5424 Boolean Forward logs in RFC5424 format.
  facility String Valid Values:
- auth
- cron
- daemon
- kern
- local0
- local1
- local2
- local3
- local4
- local5
- local6
- local7
- lpr
- mail
- news
- sys9
- sys10
- sys11
- sys12
- sys13
- sys14
- syslog
- user
- uucp
  source_interface String Source Interface Name.
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name.
      source_interface String Source interface name.
      hosts List, items: Dictionary
        - name String Required, Unique Syslog server name.
          protocol String udp Valid Values:
- tcp
- udp
          ports List, items: Integer
            - <int> Integer
  policy Dictionary
    match Dictionary
      match_lists List, items: Dictionary
        - name String Required, Unique Match list.
          action String Valid Values:
- discard
  event Dictionary
    congestion_drops_interval Integer Min: 1
Max: 65535
Logging interval in seconds.
    global_link_status Boolean
    storm_control Dictionary
      discards Dictionary
        global Boolean
        interval Integer Min: 10
Max: 65535
Logging interval in seconds.
  level List, items: Dictionary Configure logging severity.
    - facility String Required, Unique
      severity String Valid Values:
- alerts
- critical
- debugging
- emergencies
- errors
- informational
- notifications
- warnings
- 0
- 1
- 2
- 3
- 4
- 5
- 6
- 7
Severity of facility. Below are the supported severities.
emergencies System is unusable (severity=0)
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
errors Error conditions (severity=3)
warnings Warning conditions (severity=4)
notifications Normal but significant conditions (severity=5)
informational Informational messages (severity=6)
debugging Debugging messages (severity=7)
<0-7> Severity level value
logging:

  # Console logging severity level.
  console: <str; "debugging" | "informational" | "notifications" | "warnings" | "errors" | "critical" | "alerts" | "emergencies" | "disabled">

  # Monitor logging severity level.
  monitor: <str; "debugging" | "informational" | "notifications" | "warnings" | "errors" | "critical" | "alerts" | "emergencies" | "disabled">
  buffered:
    size: <int; 10-2147483647>

    # Buffer logging severity level.
    level: <str; "alerts" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "warnings" | "disabled">

  # Summarize concurrent repeat messages.
  repeat_messages: <bool>

  # Trap logging severity level.
  trap: <str; "alerts" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "system" | "warnings" | "disabled">
  synchronous:

    # Synchronous logging severity level.
    level: <str; "alerts" | "all" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "warnings" | "disabled"; default="critical">
  format:

    # Timestamp format.
    timestamp: <str; "high-resolution" | "traditional" | "traditional timezone" | "traditional year" | "traditional timezone year" | "traditional year timezone">

    # Hostname format in syslogs. For hostname _only_, remove the line. (default EOS CLI behaviour).
    hostname: <str; "fqdn" | "ipv4">

    # Add sequence numbers to log messages.
    sequence_numbers: <bool>

    # Forward logs in RFC5424 format.
    rfc5424: <bool>
  facility: <str; "auth" | "cron" | "daemon" | "kern" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7" | "lpr" | "mail" | "news" | "sys9" | "sys10" | "sys11" | "sys12" | "sys13" | "sys14" | "syslog" | "user" | "uucp">

  # Source Interface Name.
  source_interface: <str>
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # Source interface name.
      source_interface: <str>
      hosts:

          # Syslog server name.
        - name: <str; required; unique>
          protocol: <str; "tcp" | "udp"; default="udp">
          ports:
            - <int>
  policy:
    match:
      match_lists:

          # Match list.
        - name: <str; required; unique>
          action: <str; "discard">
  event:

    # Logging interval in seconds.
    congestion_drops_interval: <int; 1-65535>
    global_link_status: <bool>
    storm_control:
      discards:
        global: <bool>

        # Logging interval in seconds.
        interval: <int; 10-65535>

  # Configure logging severity.
  level:
    - facility: <str; required; unique>

      # Severity of facility. Below are the supported severities.
      # emergencies    System is unusable                (severity=0)
      # alerts         Immediate action needed           (severity=1)
      # critical       Critical conditions               (severity=2)
      # errors         Error conditions                  (severity=3)
      # warnings       Warning conditions                (severity=4)
      # notifications  Normal but significant conditions (severity=5)
      # informational  Informational messages            (severity=6)
      # debugging      Debugging messages                (severity=7)
      # <0-7>          Severity level value
      severity: <str; "alerts" | "critical" | "debugging" | "emergencies" | "errors" | "informational" | "notifications" | "warnings" | "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7">

Management API gNMI

Variable Type Required Default Value Restrictions Description
management_api_gnmi Dictionary
  provider String eos-native
  transport Dictionary
    grpc List, items: Dictionary
      - name String Required, Unique Transport name.
        ssl_profile String SSL profile name.
        vrf String VRF name is optional.
        notification_timestamp String Valid Values:
- send-time
- last-change-time
Per the gNMI specification, the default timestamp field of a notification message is set to be
the time at which the value of the underlying data source changes or when the reported event takes place.
In order to facilitate integration in legacy environments oriented around polling style operations,
an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F.
        ip_access_group String ACL name.
        port Integer GNMI port.
Make sure to update the control-plane ACL accordingly in order for the service to be reachable by external applications.
    grpc_tunnels List, items: Dictionary
      - name String Required, Unique Transport name.
        shutdown Boolean Operational status of the gRPC tunnel.
        tunnel_ssl_profile String Tunnel SSL profile name.
        gnmi_ssl_profile String gNMI SSL profile name.
        vrf String VRF name.
        destination Dictionary
          address String Required IP address or hostname.
          port Integer Required Min: 1
Max: 65535
TCP Port.
        local_interface Dictionary
          name String Required Interface name.
          port Integer Required Min: 1
Max: 65535
TCP Port.
        target Dictionary
          use_serial_number Boolean Use serial number as the Target ID.
          target_ids List, items: String Target IDs as a list.
            - <str> String
  enable_vrfs removed List This key was removed. Support was removed in AVD version 5.0.0. Use transport.grpc instead.
  octa removed Dictionary This key was removed. Support was removed in AVD version 5.0.0. Use provider instead.
management_api_gnmi:
  provider: <str; default="eos-native">
  transport:
    grpc:

        # Transport name.
      - name: <str; required; unique>

        # SSL profile name.
        ssl_profile: <str>

        # VRF name is optional.
        vrf: <str>

        # Per the gNMI specification, the default timestamp field of a notification message is set to be
        # the time at which the value of the underlying data source changes or when the reported event takes place.
        # In order to facilitate integration in legacy environments oriented around polling style operations,
        # an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F.
        notification_timestamp: <str; "send-time" | "last-change-time">

        # ACL name.
        ip_access_group: <str>

        # GNMI port.
        # Make sure to update the control-plane ACL accordingly in order for the service to be reachable by external applications.
        port: <int>
    grpc_tunnels:

        # Transport name.
      - name: <str; required; unique>

        # Operational status of the gRPC tunnel.
        shutdown: <bool>

        # Tunnel SSL profile name.
        tunnel_ssl_profile: <str>

        # gNMI SSL profile name.
        gnmi_ssl_profile: <str>

        # VRF name.
        vrf: <str>
        destination:

          # IP address or hostname.
          address: <str; required>

          # TCP Port.
          port: <int; 1-65535; required>
        local_interface:

          # Interface name.
          name: <str; required>

          # TCP Port.
          port: <int; 1-65535; required>
        target:

          # Use serial number as the Target ID.
          use_serial_number: <bool>

          # Target IDs as a list.
          target_ids:
            - <str>

Monitor connectivity

Variable Type Required Default Value Restrictions Description
monitor_connectivity Dictionary
  shutdown Boolean
  interval Integer
  interface_sets List, items: Dictionary
    - name String
      interfaces String Interface range(s) should be of same type, Ethernet, Loopback, Management etc.
Multiple interface ranges can be specified separated by “,”.
  local_interfaces String
  address_only Boolean True When address-only is configured, the source IP of the packet is set to the interface
IP but the packet may exit the device via a different interface.
When set to false, the probe uses the interface to exit the device.
  hosts List, items: Dictionary
    - name String Required, Unique Host Name.
      description String
      ip String
      local_interfaces String
      address_only Boolean True When address-only is configured, the source IP of the packet is set to the interface
IP but the packet may exit the device via a different interface.
When set to false, the probe uses the interface to exit the device.
      url String
  vrfs List, items: Dictionary
    - name String Required, Unique VRF Name.
      description String
      interface_sets List, items: Dictionary
        - name String
          interfaces String
      local_interfaces String
      address_only Boolean True When address-only is configured, the source IP of the packet is set to the interface
IP but the packet may exit the device via a different interface.
When set to false, the probe uses the interface to exit the device.
      hosts List, items: Dictionary
        - name String Required, Unique Host name.
          description String
          ip String
          local_interfaces String
          address_only Boolean True When address-only is configured, the source IP of the packet is set to the interface
IP but the packet may exit the device via a different interface.
When set to false, the probe uses the interface to exit the device.
          url String
monitor_connectivity:
  shutdown: <bool>
  interval: <int>
  interface_sets:
    - name: <str>

      # Interface range(s) should be of same type, Ethernet, Loopback, Management etc.
      # Multiple interface ranges can be specified separated by ",".
      interfaces: <str>
  local_interfaces: <str>

  # When address-only is configured, the source IP of the packet is set to the interface
  # IP but the packet may exit the device via a different interface.
  # When set to `false`, the probe uses the interface to exit the device.
  address_only: <bool; default=True>
  hosts:

      # Host Name.
    - name: <str; required; unique>
      description: <str>
      ip: <str>
      local_interfaces: <str>

      # When address-only is configured, the source IP of the packet is set to the interface
      # IP but the packet may exit the device via a different interface.
      # When set to `false`, the probe uses the interface to exit the device.
      address_only: <bool; default=True>
      url: <str>
  vrfs:

      # VRF Name.
    - name: <str; required; unique>
      description: <str>
      interface_sets:
        - name: <str>
          interfaces: <str>
      local_interfaces: <str>

      # When address-only is configured, the source IP of the packet is set to the interface
      # IP but the packet may exit the device via a different interface.
      # When set to `false`, the probe uses the interface to exit the device.
      address_only: <bool; default=True>
      hosts:

          # Host name.
        - name: <str; required; unique>
          description: <str>
          ip: <str>
          local_interfaces: <str>

          # When address-only is configured, the source IP of the packet is set to the interface
          # IP but the packet may exit the device via a different interface.
          # When set to `false`, the probe uses the interface to exit the device.
          address_only: <bool; default=True>
          url: <str>

Monitor server Radius

Variable Type Required Default Value Restrictions Description
monitor_server_radius Dictionary Settings to monitor radius servers.
  service_dot1x Boolean Monitor servers used for 802.1X authentication.
  probe Dictionary Settings for probe sent to the server.
    interval Integer Min: 1
Max: 1000
Server probe interval in seconds.
    threshold_failure Integer Min: 1
Max: 255
Number of consecutive failed probes before a server is marked as dead.
    method String Valid Values:
- status-server
- access-request
Method used to probe the server. status-server is the EOS default method.
    access_request Dictionary This can only be set when method is access_request.
      username String
      password String Encrypted password using the password_type.
      password_type String 7 Valid Values:
- 0
- 7
- 8a
# Settings to monitor radius servers.
monitor_server_radius:

  # Monitor servers used for 802.1X authentication.
  service_dot1x: <bool>

  # Settings for probe sent to the server.
  probe:

    # Server probe interval in seconds.
    interval: <int; 1-1000>

    # Number of consecutive failed probes before a server is marked as dead.
    threshold_failure: <int; 1-255>

    # Method used to probe the server. `status-server` is the EOS default method.
    method: <str; "status-server" | "access-request">

    # This can only be set when `method` is `access_request`.
    access_request:
      username: <str>

      # Encrypted password using the `password_type`.
      password: <str>
      password_type: <str; "0" | "7" | "8a"; default="7">

Monitor sessions

Variable Type Required Default Value Restrictions Description
monitor_session_default_encapsulation_gre Dictionary
  payload String Valid Values:
- full-packet
- inner-packet
Mirroring GRE payload type configuration commands.
monitor_sessions List, items: Dictionary
  - name String Required Session Name.
    sources List, items: Dictionary
      - name String Interface name, range or comma separated list.
        direction String Valid Values:
- rx
- tx
- both
        access_group Dictionary
          type String Valid Values:
- ip
- ipv6
- mac
          name String ACL Name.
          priority Integer
    destinations List, items: String
      - <str> String ‘cpu’ or interface name, range or comma separated list.
    encapsulation_gre_metadata_tx Boolean
    header_remove_size Integer Number of bytes to remove from header.
    access_group Dictionary
      type String Valid Values:
- ip
- ipv6
- mac
      name String ACL Name.
    rate_limit_per_ingress_chip String Ratelimit and unit as string.
Examples:
“100000 bps”
“100 kbps”
“10 mbps”
    rate_limit_per_egress_chip String Ratelimit and unit as string.
Examples:
“100000 bps”
“100 kbps”
“10 mbps”
    sample Integer
    truncate Dictionary
      enabled Boolean
      size Integer Size in bytes.
monitor_session_default_encapsulation_gre:

  # Mirroring GRE payload type configuration commands.
  payload: <str; "full-packet" | "inner-packet">
monitor_sessions:

    # Session Name.
  - name: <str; required>
    sources:

        # Interface name, range or comma separated list.
      - name: <str>
        direction: <str; "rx" | "tx" | "both">
        access_group:
          type: <str; "ip" | "ipv6" | "mac">

          # ACL Name.
          name: <str>
          priority: <int>
    destinations:

        # 'cpu' or interface name, range or comma separated list.
      - <str>
    encapsulation_gre_metadata_tx: <bool>

    # Number of bytes to remove from header.
    header_remove_size: <int>
    access_group:
      type: <str; "ip" | "ipv6" | "mac">

      # ACL Name.
      name: <str>

    # Ratelimit and unit as string.
    # Examples:
    #   "100000 bps"
    #   "100 kbps"
    #   "10 mbps"
    rate_limit_per_ingress_chip: <str>

    # Ratelimit and unit as string.
    # Examples:
    #   "100000 bps"
    #   "100 kbps"
    #   "10 mbps"
    rate_limit_per_egress_chip: <str>
    sample: <int>
    truncate:
      enabled: <bool>

      # Size in bytes.
      size: <int>

Monitor layer 1

Variable Type Required Default Value Restrictions Description
monitor_layer1 Dictionary Enable SYSLOG messages on transceiver SMBus communication failures.
  enabled Boolean Required Enable monitor layer1.
  logging_mac_fault Boolean Enable MAC fault logging.
  logging_transceiver Dictionary Configure transceiver monitoring logging.
    dom Boolean Enable transceiver Digital Optical Monitoring (DOM) logging.
    communication Boolean Enable transceiver SMBus fail and reset logging.
    enabled Boolean Some platforms support only the logging transceiver command. enabled key configures this command.
# Enable SYSLOG messages on transceiver SMBus communication failures.
monitor_layer1:

  # Enable monitor layer1.
  enabled: <bool; required>

  # Enable MAC fault logging.
  logging_mac_fault: <bool>

  # Configure transceiver monitoring logging.
  logging_transceiver:

    # Enable transceiver Digital Optical Monitoring (DOM) logging.
    dom: <bool>

    # Enable transceiver SMBus fail and reset logging.
    communication: <bool>

    # Some platforms support only the `logging transceiver` command. `enabled` key configures this command.
    enabled: <bool>

Monitor telemetry

Variable Type Required Default Value Restrictions Description
monitor_telemetry_influx Dictionary
  vrf String
  destinations List, items: Dictionary Configure telemetry output destinations.
    - name String Required, Unique InfluxDB connection name.
      database String Set name of the database.
      data_retention_policy String
      url String Pattern: (http(s)?|udp|unix)://.+ It only accepts http(s), udp and unix domain destination URL.
      username String
      password String
      password_type String 7 Valid Values:
- 0
- 7
- 8a
  source_group_standard_disabled Boolean Disable standard set of telemetry.
  source_sockets List, items: Dictionary
    - name String Required, Unique Label of the socket connection.
      connection_limit Integer Min: 0
Max: 4294967295
      url String Pattern: (http(s)?|udp|unix)://.+ It only accepts http(s), udp and unix domain socket URL.
  tags List, items: Dictionary Extra tags added to the telemetry output.
    - name String Required, Unique Key of the global tag pair.
      value String Required Value of the global tag pair.
monitor_telemetry_postcard_policy Dictionary
  disabled Boolean True Enable or disable the postcard telemetry feature.
  ingress Dictionary
    collection Dictionary Collector configuration.
      source String Source IP address of GRE tunnel.
      destination String Destination IP address of GRE tunnel.
      version Integer Valid Values:
- 1
- 2
Postcard version.
    sample Dictionary Sampling parameters.
      rate Integer Valid Values:
- 16384
- 32768
- 65536
Sampling rate. rate is preferred when both rate and tcp_udp_checksum are defined.
      tcp_udp_checksum Dictionary TCP/UDP parameters.
        value Integer Min: 0
Max: 65535
TCP/UDP checksum or IP ID value.
        mask String 16 bit hexadecimal mask for TCP/UDP or IP ID with at most 2 unset bits.
  marker_vxlan Dictionary
    enabled Boolean Enable vxlan marking using default bit 0.
    header_word_zero_bit Integer Min: 1
Max: 31
  profiles List, items: Dictionary Postcard telemetry profiles.
    - name String Required, Unique Profile name.
      ingress_sample_policy String
  sample_policies List, items: Dictionary
    - name String Required, Unique
      match_rules List, items: Dictionary
        - name String Required, Unique
          type String Required Valid Values:
- ipv4
- ipv6
IP address version.
          destination_prefix String IPv4 Network/Mask or IPv6 Network/Mask. Host part of prefix must be zero.
eg. 10.3.3.0/24
          source_prefix String IPv4 Network/Mask or IPv6 Network/Mask. Host part of prefix must be zero.
eg. 10.3.3.0/24
          protocols List, items: Dictionary
            - protocol String Required, Unique Valid Values:
- tcp
- udp
              source_ports List, items: String Min Length: 1 A list of port numbers or port range or port name. Combination of port numbers or range and port name is not supported on EOS. The port numbers should be in range of 0-65535.
e.g.
[“12”, “14-20”]
[“www”]
                - <str> String
              destination_ports List, items: String Min Length: 1 A list of port numbers or port range or port name. Combination of port numbers or range and port name is not supported on EOS. The port numbers should be in range of 0-65535.
e.g.
[“12”, “14-20”, “80”]
[“https”]
                - <str> String
monitor_telemetry_influx:
  vrf: <str>

  # Configure telemetry output destinations.
  destinations:

      # InfluxDB connection name.
    - name: <str; required; unique>

      # Set name of the database.
      database: <str>
      data_retention_policy: <str>

      # It only accepts http(s), udp and unix domain destination URL.
      url: <str>
      username: <str>
      password: <str>
      password_type: <str; "0" | "7" | "8a"; default="7">

  # Disable standard set of telemetry.
  source_group_standard_disabled: <bool>
  source_sockets:

      # Label of the socket connection.
    - name: <str; required; unique>
      connection_limit: <int; 0-4294967295>

      # It only accepts http(s), udp and unix domain socket URL.
      url: <str>

  # Extra tags added to the telemetry output.
  tags:

      # Key of the global tag pair.
    - name: <str; required; unique>

      # Value of the global tag pair.
      value: <str; required>
monitor_telemetry_postcard_policy:

  # Enable or disable the postcard telemetry feature.
  disabled: <bool; default=True>
  ingress:

    # Collector configuration.
    collection:

      # Source IP address of GRE tunnel.
      source: <str>

      # Destination IP address of GRE tunnel.
      destination: <str>

      # Postcard version.
      version: <int; 1 | 2>

    # Sampling parameters.
    sample:

      # Sampling rate. `rate` is preferred when both `rate` and `tcp_udp_checksum` are defined.
      rate: <int; 16384 | 32768 | 65536>

      # TCP/UDP parameters.
      tcp_udp_checksum:

        # TCP/UDP checksum or IP ID value.
        value: <int; 0-65535>

        # 16 bit hexadecimal mask for TCP/UDP or IP ID with at most 2 unset bits.
        mask: <str>
  marker_vxlan:

    # Enable vxlan marking using default bit 0.
    enabled: <bool>
    header_word_zero_bit: <int; 1-31>

  # Postcard telemetry profiles.
  profiles:

      # Profile name.
    - name: <str; required; unique>
      ingress_sample_policy: <str>
  sample_policies:
    - name: <str; required; unique>
      match_rules:
        - name: <str; required; unique>

          # IP address version.
          type: <str; "ipv4" | "ipv6"; required>

          # IPv4 Network/Mask or IPv6 Network/Mask. Host part of prefix must be zero.
          # eg. 10.3.3.0/24
          destination_prefix: <str>

          # IPv4 Network/Mask or IPv6 Network/Mask. Host part of prefix must be zero.
          # eg. 10.3.3.0/24
          source_prefix: <str>
          protocols:
            - protocol: <str; "tcp" | "udp"; required; unique>

              # A list of port numbers or port range or port name. Combination of port numbers or range and port name is not supported on EOS. The port numbers should be in range of 0-65535.
              # e.g.
              #   ["12", "14-20"]
              #   ["www"]
              source_ports: # >=1 items
                - <str>

              # A list of port numbers or port range or port name. Combination of port numbers or range and port name is not supported on EOS. The port numbers should be in range of 0-65535.
              # e.g.
              #   ["12", "14-20", "80"]
              #   ["https"]
              destination_ports: # >=1 items
                - <str>

SFLOW

Variable Type Required Default Value Restrictions Description
sflow Dictionary
  sample Integer
  sample_input_subinterface Boolean
  sample_output_subinterface Boolean
  dangerous Boolean
  polling_interval Integer Polling interval in seconds.
  vrfs List, items: Dictionary
    - name String Required, Unique
      destinations List, items: Dictionary
        - destination String Required, Unique Sflow Destination IP Address.
          port Integer Port Number
      source String Source IP Address.
“source” and “source_interface” are mutually exclusive. If both are defined, “source_interface” takes precedence.
      source_interface String Source Interface.
  destinations List, items: Dictionary
    - destination String Required, Unique Sflow Destination IP Address.
      port Integer Port Number.
  source String Source IP Address.
“source” and “source_interface” are mutually exclusive. If both are defined, “source_interface” takes precedence.
  source_interface String Source Interface.
  extensions List, items: Dictionary
    - name String Required, Unique Extension Name.
      enabled Boolean Required Enable or Disable Extension.
  interface Dictionary
    disable Dictionary
      default Boolean
    egress Dictionary
      enable_default Boolean Enable egress sFlow by default.
      unmodified Boolean Enable egress sFlow unmodified.
Platform dependent feature.
  run Boolean
  hardware_acceleration Dictionary
    enabled Boolean
    sample Integer
    modules List, items: Dictionary
      - name String Required, Unique
        enabled Boolean True
sflow:
  sample: <int>
  sample_input_subinterface: <bool>
  sample_output_subinterface: <bool>
  dangerous: <bool>

  # Polling interval in seconds.
  polling_interval: <int>
  vrfs:
    - name: <str; required; unique>
      destinations:

          # Sflow Destination IP Address.
        - destination: <str; required; unique>

          # Port Number
          port: <int>

      # Source IP Address.
      # "source" and "source_interface" are mutually exclusive. If both are defined, "source_interface" takes precedence.
      source: <str>

      # Source Interface.
      source_interface: <str>
  destinations:

      # Sflow Destination IP Address.
    - destination: <str; required; unique>

      # Port Number.
      port: <int>

  # Source IP Address.
  # "source" and "source_interface" are mutually exclusive. If both are defined, "source_interface" takes precedence.
  source: <str>

  # Source Interface.
  source_interface: <str>
  extensions:

      # Extension Name.
    - name: <str; required; unique>

      # Enable or Disable Extension.
      enabled: <bool; required>
  interface:
    disable:
      default: <bool>
    egress:

      # Enable egress sFlow by default.
      enable_default: <bool>

      # Enable egress sFlow unmodified.
      # Platform dependent feature.
      unmodified: <bool>
  run: <bool>
  hardware_acceleration:
    enabled: <bool>
    sample: <int>
    modules:
      - name: <str; required; unique>
        enabled: <bool; default=True>

SNMP server

Variable Type Required Default Value Restrictions Description
snmp_server Dictionary SNMP settings.
  engine_ids Dictionary
    local String Engine ID in hexadecimal.
    remotes List, items: Dictionary
      - id String Remote engine ID in hexadecimal.
        address String Hostname or IP of remote engine.
        udp_port Integer
  contact String SNMP contact.
  location String SNMP location.
  communities List, items: Dictionary
    - name String Required, Unique Community name.
      access String Valid Values:
- ro
- rw
      access_list_ipv4 Dictionary
        name String IPv4 access list name.
      access_list_ipv6 Dictionary
        name String IPv6 access list name.
      view String
  ipv4_acls List, items: Dictionary
    - name String IPv4 access list name.
      vrf String
  ipv6_acls List, items: Dictionary
    - name String IPv6 access list name.
      vrf String
  local_interfaces List, items: Dictionary
    - name String Required, Unique Interface name.
      vrf String
  views List, items: Dictionary
    - name String SNMP view name.
      mib_family_name String
      included Boolean
      MIB_family_name removed String This key was removed. Support was removed in AVD version 5.0.0. Use mib_family_name instead.
  groups List, items: Dictionary
    - name String Group name.
      version String Valid Values:
- v1
- v2c
- v3
      authentication String Valid Values:
- auth
- noauth
- priv
      read String Read view.
      write String Write view.
      notify String Notify view.
  users List, items: Dictionary
    - name String Username.
      group String Group name.
      remote_address String Hostname or ip of remote engine.
The remote_address and udp_port are used for remote users.
      udp_port Integer udp_port will not be used if no remote_address is configured.
      version String Valid Values:
- v1
- v2c
- v3
      localized String Engine ID in hexadecimal for localizing auth and/or priv.
      auth String Hash algorithm.
      auth_passphrase String Hashed authentication passphrase if localized is used else cleartext authentication passphrase.
      priv String Encryption algorithm.
      priv_passphrase String Hashed privacy passphrase if localized is used else cleartext privacy passphrase.
  hosts List, items: Dictionary
    - host String Host IP address or name.
      vrf String
      version String Valid Values:
- 1
- 2c
- 3
      community String Community name.
      users List, items: Dictionary
        - username String
          authentication_level String Valid Values:
- auth
- noauth
- priv
  traps Dictionary
    enable Boolean False Enable or disable all snmp-traps.
    snmp_traps List, items: Dictionary
      - name String Enable or disable specific snmp-traps and their sub_traps.
Examples:
- “bgp”
- “bgp established”
        enabled Boolean True
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name.
      enable Boolean
  ifmib_ifspeed_shape_rate Boolean SNMP ifspeed reflecting shaping rate.
# SNMP settings.
snmp_server:
  engine_ids:

    # Engine ID in hexadecimal.
    local: <str>
    remotes:

        # Remote engine ID in hexadecimal.
      - id: <str>

        # Hostname or IP of remote engine.
        address: <str>
        udp_port: <int>

  # SNMP contact.
  contact: <str>

  # SNMP location.
  location: <str>
  communities:

      # Community name.
    - name: <str; required; unique>
      access: <str; "ro" | "rw">
      access_list_ipv4:

        # IPv4 access list name.
        name: <str>
      access_list_ipv6:

        # IPv6 access list name.
        name: <str>
      view: <str>
  ipv4_acls:

      # IPv4 access list name.
    - name: <str>
      vrf: <str>
  ipv6_acls:

      # IPv6 access list name.
    - name: <str>
      vrf: <str>
  local_interfaces:

      # Interface name.
    - name: <str; required; unique>
      vrf: <str>
  views:

      # SNMP view name.
    - name: <str>
      mib_family_name: <str>
      included: <bool>
  groups:

      # Group name.
    - name: <str>
      version: <str; "v1" | "v2c" | "v3">
      authentication: <str; "auth" | "noauth" | "priv">

      # Read view.
      read: <str>

      # Write view.
      write: <str>

      # Notify view.
      notify: <str>
  users:

      # Username.
    - name: <str>

      # Group name.
      group: <str>

      # Hostname or ip of remote engine.
      # The remote_address and udp_port are used for remote users.
      remote_address: <str>

      # udp_port will not be used if no remote_address is configured.
      udp_port: <int>
      version: <str; "v1" | "v2c" | "v3">

      # Engine ID in hexadecimal for localizing auth and/or priv.
      localized: <str>

      # Hash algorithm.
      auth: <str>

      # Hashed authentication passphrase if localized is used else cleartext authentication passphrase.
      auth_passphrase: <str>

      # Encryption algorithm.
      priv: <str>

      # Hashed privacy passphrase if localized is used else cleartext privacy passphrase.
      priv_passphrase: <str>
  hosts:

      # Host IP address or name.
    - host: <str>
      vrf: <str>
      version: <str; "1" | "2c" | "3">

      # Community name.
      community: <str>
      users:
        - username: <str>
          authentication_level: <str; "auth" | "noauth" | "priv">
  traps:

    # Enable or disable all snmp-traps.
    enable: <bool; default=False>
    snmp_traps:

        # Enable or disable specific snmp-traps and their sub_traps.
        # Examples:
        # - "bgp"
        # - "bgp established"
      - name: <str>
        enabled: <bool; default=True>
  vrfs:

      # VRF name.
    - name: <str; required; unique>
      enable: <bool>

  # SNMP ifspeed reflecting shaping rate.
  ifmib_ifspeed_shape_rate: <bool>

Tap aggregation

Variable Type Required Default Value Restrictions Description
tap_aggregation Dictionary
  mode Dictionary
    exclusive Dictionary
      enabled Boolean
      profile String Profile Name.
      no_errdisable List, items: String
        - <str> String Interface name e.g Ethernet1, Port-Channel1.
  encapsulation_dot1br_strip Boolean
  encapsulation_vn_tag_strip Boolean
  protocol_lldp_trap Boolean
  truncation_size Integer Allowed truncation_size values vary depending on the platform.
  mac Dictionary
    timestamp Dictionary mac.timestamp.replace_source_mac and mac.timestamp.header.format are mutually exclsuive. If both are defined, replace_source_mac takes precedence.
      replace_source_mac Boolean
      header Dictionary
        format String Valid Values:
- 48-bit
- 64-bit
        eth_type Integer EtherType.
    fcs_append Boolean mac.fcs_append and mac.fcs_error are mutually exclusive. If both are defined, mac.fcs_append takes precedence.
    fcs_error String Valid Values:
- correct
- discard
- pass-through
tap_aggregation:
  mode:
    exclusive:
      enabled: <bool>

      # Profile Name.
      profile: <str>
      no_errdisable:

          # Interface name e.g Ethernet1, Port-Channel1.
        - <str>
  encapsulation_dot1br_strip: <bool>
  encapsulation_vn_tag_strip: <bool>
  protocol_lldp_trap: <bool>

  # Allowed truncation_size values vary depending on the platform.
  truncation_size: <int>
  mac:

    # mac.timestamp.replace_source_mac and mac.timestamp.header.format are mutually exclsuive. If both are defined, replace_source_mac takes precedence.
    timestamp:
      replace_source_mac: <bool>
      header:
        format: <str; "48-bit" | "64-bit">

        # EtherType.
        eth_type: <int>

    # mac.fcs_append and mac.fcs_error are mutually exclusive. If both are defined, mac.fcs_append takes precedence.
    fcs_append: <bool>
    fcs_error: <str; "correct" | "discard" | "pass-through">

VM tracer-sessions

Variable Type Required Default Value Restrictions Description
vmtracer_sessions List, items: Dictionary
  - name String Required, Unique Vmtracer Session Name.
    url String
    username String
    password String Type 7 Password Hash.
    autovlan_disable Boolean
    vrf String
    source_interface String
vmtracer_sessions:

    # Vmtracer Session Name.
  - name: <str; required; unique>
    url: <str>
    username: <str>

    # Type 7 Password Hash.
    password: <str>
    autovlan_disable: <bool>
    vrf: <str>
    source_interface: <str>

Multicast

IP IGMP snooping

Variable Type Required Default Value Restrictions Description
ip_igmp_snooping Dictionary
  globally_enabled Boolean True Activate or deactivate IGMP snooping for all vlans where vlans allows user to activate / deactivate IGMP snooping per vlan.
  robustness_variable Integer
  restart_query_interval Integer
  interface_restart_query Integer
  fast_leave Boolean
  querier Dictionary
    enabled Boolean
    address String IP Address.
    query_interval Integer
    max_response_time Integer
    last_member_query_interval Integer
    last_member_query_count Integer
    startup_query_interval Integer
    startup_query_count Integer
    version Integer
  proxy Boolean
  vlans List, items: Dictionary
    - id Integer Required, Unique VLAN ID.
      enabled Boolean
      querier Dictionary
        enabled Boolean
        address String IP Address.
        query_interval Integer
        max_response_time Integer
        last_member_query_interval Integer
        last_member_query_count Integer
        startup_query_interval Integer
        startup_query_count Integer
        version Integer
      max_groups Integer
      fast_leave Boolean
      proxy Boolean Global proxy settings should be enabled before enabling per-vlan.
ip_igmp_snooping:

  # Activate or deactivate IGMP snooping for all vlans where `vlans` allows user to activate / deactivate IGMP snooping per vlan.
  globally_enabled: <bool; default=True>
  robustness_variable: <int>
  restart_query_interval: <int>
  interface_restart_query: <int>
  fast_leave: <bool>
  querier:
    enabled: <bool>

    # IP Address.
    address: <str>
    query_interval: <int>
    max_response_time: <int>
    last_member_query_interval: <int>
    last_member_query_count: <int>
    startup_query_interval: <int>
    startup_query_count: <int>
    version: <int>
  proxy: <bool>
  vlans:

      # VLAN ID.
    - id: <int; required; unique>
      enabled: <bool>
      querier:
        enabled: <bool>

        # IP Address.
        address: <str>
        query_interval: <int>
        max_response_time: <int>
        last_member_query_interval: <int>
        last_member_query_count: <int>
        startup_query_interval: <int>
        startup_query_count: <int>
        version: <int>
      max_groups: <int>
      fast_leave: <bool>

      # Global proxy settings should be enabled before enabling per-vlan.
      proxy: <bool>

Router IGMP

Variable Type Required Default Value Restrictions Description
router_igmp Dictionary
  host_proxy_match_mroute String Valid Values:
- all
- iif
Specify conditions for sending IGMP joins for host-proxy.
‘iif’ will enable igmp host-proxy to work in iif aware.
‘all’ will enable igmp host-proxy to work in iif unaware mode (EOS default).
  ssm_aware Boolean
  vrfs List, items: Dictionary Configure IGMP in a VRF.
VRF ‘default’ is not supported in EOS, please see keys directly under ‘router_igmp’.
    - name String Required, Unique VRF name.
      host_proxy_match_mroute String Valid Values:
- all
- iif
Specify conditions for sending IGMP joins for host-proxy.
‘iif’ will enable igmp host-proxy to work in iif aware.
‘all’ will enable igmp host-proxy to work in iif unaware mode (EOS default).
router_igmp:

  # Specify conditions for sending IGMP joins for host-proxy.
  # 'iif' will enable igmp host-proxy to work in iif aware.
  # 'all' will enable igmp host-proxy to work in iif unaware mode (EOS default).
  host_proxy_match_mroute: <str; "all" | "iif">
  ssm_aware: <bool>

  # Configure IGMP in a VRF.
  # VRF 'default' is not supported in EOS, please see keys directly under 'router_igmp'.
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # Specify conditions for sending IGMP joins for host-proxy.
      # 'iif' will enable igmp host-proxy to work in iif aware.
      # 'all' will enable igmp host-proxy to work in iif unaware mode (EOS default).
      host_proxy_match_mroute: <str; "all" | "iif">

Router MSDP

Variable Type Required Default Value Restrictions Description
router_msdp Dictionary
  originator_id_local_interface String Interface to use for originator ID.
  rejected_limit Integer Min: 0
Max: 40000
Maximum number of rejected SA messages allowed in cache.
  forward_register_packets Boolean
  connection_retry_interval Integer Min: 1
Max: 65535
  group_limits List, items: Dictionary
    - source_prefix String Required, Unique Source address prefix.
      limit Integer Required Min: 0
Max: 40000
Limit for SAs matching the source address prefix.
  peers List, items: Dictionary
    - ipv4_address String Required, Unique Peer IP Address.
      default_peer Dictionary
        enabled Boolean
        prefix_list String Prefix list to filter source of SA messages.
      local_interface String
      description String
      disabled Boolean Disable the MSDP peer.
      sa_limit Integer Min: 0
Max: 40000
Maximum number of SA messages allowed in cache.
      mesh_groups List, items: Dictionary
        - name String Required, Unique Mesh group name.
      keepalive Dictionary
        keepalive_timer Integer Required Min: 1
Max: 65535
        hold_timer Integer Required Min: 1
Max: 65535
Must be greater than keepalive timer.
      sa_filter Dictionary
        in_list String ACL to filter inbound SA messages.
        out_list String ACL to filter outbound SA messages.
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name.
      originator_id_local_interface String Interface to use for originator ID.
      rejected_limit Integer Min: 0
Max: 40000
Maximum number of rejected SA messages allowed in cache.
      forward_register_packets Boolean
      connection_retry_interval Integer Min: 1
Max: 65535
      group_limits List, items: Dictionary
        - source_prefix String Required, Unique Source address prefix.
          limit Integer Required Min: 0
Max: 40000
Limit for SAs matching the source address prefix.
      peers List, items: Dictionary
        - ipv4_address String Required, Unique Peer IP Address.
          default_peer Dictionary
            enabled Boolean
            prefix_list String Prefix list to filter source of SA messages.
          local_interface String
          description String
          disabled Boolean Disable the MSDP peer.
          sa_limit Integer Min: 0
Max: 40000
Maximum number of SA messages allowed in cache.
          mesh_groups List, items: Dictionary
            - name String Required, Unique Mesh group name.
          keepalive Dictionary
            keepalive_timer Integer Required Min: 1
Max: 65535
            hold_timer Integer Required Min: 1
Max: 65535
Must be greater than keepalive timer.
          sa_filter Dictionary
            in_list String ACL to filter inbound SA messages.
            out_list String ACL to filter outbound SA messages.
router_msdp:

  # Interface to use for originator ID.
  originator_id_local_interface: <str>

  # Maximum number of rejected SA messages allowed in cache.
  rejected_limit: <int; 0-40000>
  forward_register_packets: <bool>
  connection_retry_interval: <int; 1-65535>
  group_limits:

      # Source address prefix.
    - source_prefix: <str; required; unique>

      # Limit for SAs matching the source address prefix.
      limit: <int; 0-40000; required>
  peers:

      # Peer IP Address.
    - ipv4_address: <str; required; unique>
      default_peer:
        enabled: <bool>

        # Prefix list to filter source of SA messages.
        prefix_list: <str>
      local_interface: <str>
      description: <str>

      # Disable the MSDP peer.
      disabled: <bool>

      # Maximum number of SA messages allowed in cache.
      sa_limit: <int; 0-40000>
      mesh_groups:

          # Mesh group name.
        - name: <str; required; unique>
      keepalive:
        keepalive_timer: <int; 1-65535; required>

        # Must be greater than keepalive timer.
        hold_timer: <int; 1-65535; required>
      sa_filter:

        # ACL to filter inbound SA messages.
        in_list: <str>

        # ACL to filter outbound SA messages.
        out_list: <str>
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # Interface to use for originator ID.
      originator_id_local_interface: <str>

      # Maximum number of rejected SA messages allowed in cache.
      rejected_limit: <int; 0-40000>
      forward_register_packets: <bool>
      connection_retry_interval: <int; 1-65535>
      group_limits:

          # Source address prefix.
        - source_prefix: <str; required; unique>

          # Limit for SAs matching the source address prefix.
          limit: <int; 0-40000; required>
      peers:

          # Peer IP Address.
        - ipv4_address: <str; required; unique>
          default_peer:
            enabled: <bool>

            # Prefix list to filter source of SA messages.
            prefix_list: <str>
          local_interface: <str>
          description: <str>

          # Disable the MSDP peer.
          disabled: <bool>

          # Maximum number of SA messages allowed in cache.
          sa_limit: <int; 0-40000>
          mesh_groups:

              # Mesh group name.
            - name: <str; required; unique>
          keepalive:
            keepalive_timer: <int; 1-65535; required>

            # Must be greater than keepalive timer.
            hold_timer: <int; 1-65535; required>
          sa_filter:

            # ACL to filter inbound SA messages.
            in_list: <str>

            # ACL to filter outbound SA messages.
            out_list: <str>

Router multicast

Variable Type Required Default Value Restrictions Description
router_multicast Dictionary
  ipv4 Dictionary
    activity_polling_interval Integer Min: 1
Max: 60
MFIB entry activity polling interval.
    counters Dictionary
      rate_period_decay Integer Min: 0
Max: 600
Rate in seconds.
    routing Boolean
    multipath String Valid Values:
- none
- deterministic
- deterministic color
- deterministic router-id
    software_forwarding String Valid Values:
- kernel
- sfe
    rpf Dictionary
      routes List, items: Dictionary
        - source_prefix String Required Source address A.B.C.D or Source prefix A.B.C.D/E.
          destinations List, items: Dictionary Required
            - nexthop String Required Next-hop IP address or interface name.
              distance Integer Min: 1
Max: 255
Administrative distance for this route.
  ipv6 Dictionary
    activity_polling_interval Integer Min: 1
Max: 60
MFIB entry activity polling interval.
  vrfs List, items: Dictionary
    - name String Required, Unique
      ipv4 Dictionary
        routing Boolean
router_multicast:
  ipv4:

    # MFIB entry activity polling interval.
    activity_polling_interval: <int; 1-60>
    counters:

      # Rate in seconds.
      rate_period_decay: <int; 0-600>
    routing: <bool>
    multipath: <str; "none" | "deterministic" | "deterministic color" | "deterministic router-id">
    software_forwarding: <str; "kernel" | "sfe">
    rpf:
      routes:

          # Source address A.B.C.D or Source prefix A.B.C.D/E.
        - source_prefix: <str; required>
          destinations: # required

              # Next-hop IP address or interface name.
            - nexthop: <str; required>

              # Administrative distance for this route.
              distance: <int; 1-255>
  ipv6:

    # MFIB entry activity polling interval.
    activity_polling_interval: <int; 1-60>
  vrfs:
    - name: <str; required; unique>
      ipv4:
        routing: <bool>

Router PIM sparse-mode

Variable Type Required Default Value Restrictions Description
router_pim_sparse_mode Dictionary
  ipv4 Dictionary
    bfd Boolean Enable/Disable BFD.
    ssm_range String IPv4 Prefix associated with SSM.
    rp_addresses List, items: Dictionary
      - address String Required RP Address.
        groups List, items: String
          - <str> String
        access_lists List, items: String
          - <str> String
        priority Integer Min: 0
Max: 255
        hashmask Integer Min: 0
Max: 32
        override Boolean
    anycast_rps List, items: Dictionary
      - address String Required, Unique Anycast RP Address.
        other_anycast_rp_addresses List, items: Dictionary
          - address String Required, Unique Other Anycast RP Address.
            register_count Integer
  vrfs List, items: Dictionary
    - name String Required, Unique VRF Name.
      ipv4 Dictionary
        bfd Boolean Enable/Disable BFD.
        rp_addresses List, items: Dictionary
          - address String Required RP Address.
            groups List, items: String
              - <str> String
            access_lists List, items: String
              - <str> String
            priority Integer Min: 0
Max: 255
            hashmask Integer Min: 0
Max: 32
            override Boolean
router_pim_sparse_mode:
  ipv4:

    # Enable/Disable BFD.
    bfd: <bool>

    # IPv4 Prefix associated with SSM.
    ssm_range: <str>
    rp_addresses:

        # RP Address.
      - address: <str; required>
        groups:
          - <str>
        access_lists:
          - <str>
        priority: <int; 0-255>
        hashmask: <int; 0-32>
        override: <bool>
    anycast_rps:

        # Anycast RP Address.
      - address: <str; required; unique>
        other_anycast_rp_addresses:

            # Other Anycast RP Address.
          - address: <str; required; unique>
            register_count: <int>
  vrfs:

      # VRF Name.
    - name: <str; required; unique>
      ipv4:

        # Enable/Disable BFD.
        bfd: <bool>
        rp_addresses:

            # RP Address.
          - address: <str; required>
            groups:
              - <str>
            access_lists:
              - <str>
            priority: <int; 0-255>
            hashmask: <int; 0-32>
            override: <bool>

Quality of Service

Priority flow control

Variable Type Required Default Value Restrictions Description
priority_flow_control Dictionary Global Priority Flow Control settings.
  all_off Boolean Disable PFC on all interfaces.
  watchdog Dictionary
    action String Valid Values:
- drop
- no-drop
Action on stuck queue.
    timeout String Pattern: ^\d+(\.\d{1,2})?$ Timeout in seconds after which port should be errdisabled or
should start dropping on congested priorities.
This should be decimal with up to 2 decimal point.
Example: 0.01 or 60
    polling_interval String Pattern: ^\d+(\.\d{1,3})?$ Time interval in seconds at which the watchdog should poll the queues.
This should be decimal with up to 3 decimal point.
Example: 0.005 or 60
    recovery_time String Pattern: ^\d+(\.\d{1,2})?$ Recovery-time in seconds after which stuck queue should
recover and start forwarding again.
This should be decimal with up to 2 decimal point.
Example: 0.01 or 60
    override_action_drop Boolean Override configured action on stuck queue to drop.
# Global Priority Flow Control settings.
priority_flow_control:

  # Disable PFC on all interfaces.
  all_off: <bool>
  watchdog:

    # Action on stuck queue.
    action: <str; "drop" | "no-drop">

    # Timeout in seconds after which port should be errdisabled or
    # should start dropping on congested priorities.
    # This should be decimal with up to 2 decimal point.
    # Example: 0.01 or 60
    timeout: <str>

    # Time interval in seconds at which the watchdog should poll the queues.
    # This should be decimal with up to 3 decimal point.
    # Example: 0.005 or 60
    polling_interval: <str>

    # Recovery-time in seconds after which stuck queue should
    # recover and start forwarding again.
    # This should be decimal with up to 2 decimal point.
    # Example: 0.01 or 60
    recovery_time: <str>

    # Override configured action on stuck queue to drop.
    override_action_drop: <bool>

QoS

Variable Type Required Default Value Restrictions Description
qos Dictionary
  map Dictionary
    cos List, items: String
      - <str> String Example: “0 1 to traffic-class 1”
    dscp List, items: String
      - <str> String Example: “8 9 10 to traffic-class 1”
    exp List, items: String
      - <str> String Example “0 to traffic-class 0”
    traffic_class List, items: String
      - <str> String Example: “1 to dscp 32”
  rewrite_dscp Boolean
  random_detect Dictionary Global random-detect settings.
    ecn Dictionary Global ECN Configuration.
      allow_non_ect Dictionary
        enabled Boolean Allow non-ect and set drop-precedence 1 in a policy map simultaneously.
Check which command is required for your platform.
        chip_based Boolean Allow non-ect chip-based.
qos:
  map:
    cos:

        # Example: "0 1 to traffic-class 1"
      - <str>
    dscp:

        # Example: "8 9 10 to traffic-class 1"
      - <str>
    exp:

        # Example "0 to traffic-class 0"
      - <str>
    traffic_class:

        # Example: "1 to dscp 32"
      - <str>
  rewrite_dscp: <bool>

  # Global random-detect settings.
  random_detect:

    # Global ECN Configuration.
    ecn:
      allow_non_ect:

        # Allow non-ect and set drop-precedence 1 in a policy map simultaneously.
        # Check which command is required for your platform.
        enabled: <bool>

        # Allow non-ect chip-based.
        chip_based: <bool>

QoS profiles

Variable Type Required Default Value Restrictions Description
qos_profiles List, items: Dictionary
  - name String Required, Unique Profile-Name.
    trust String Valid Values:
- cos
- dscp
- disabled
    cos Integer
    dscp Integer
    shape Dictionary
      rate String Supported options are platform dependent.
Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
    service_policy Dictionary
      type Dictionary
        qos_input String Policy-map name.
    tx_queues List, items: Dictionary
      - id Integer Required, Unique TX-Queue ID.
        bandwidth_percent Integer
        bandwidth_guaranteed_percent Integer
        priority String Valid Values:
- priority strict
- no priority
        shape Dictionary
          rate String Supported options are platform dependent.
Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
        comment String Text comment added to queue.
        random_detect Dictionary
          ecn Dictionary Explicit Congestion Notification.
            count Boolean Enable counter for random-detect ECNs.
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- milliseconds
Units to be used for the threshold values.
This should be one of segments, byte, kbytes, mbytes.
              min Integer Required Min: 1 Random-detect ECN minimum-threshold.
              max Integer Required Min: 1 Random-detect ECN maximum-threshold.
              max_probability Integer Min: 1
Max: 100
Random-detect ECN maximum mark probability.
              weight Integer Min: 0
Max: 15
Random-detect ECN weight.
          drop Dictionary Set WRED parameters.
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- microseconds
- milliseconds
Units to be used for the threshold values.
              drop_precedence Integer Min: 0
Max: 2
Specify Drop Precedence value.
              min Integer Required Min: 1 WRED minimum-threshold.
              max Integer Required Min: 1 WRED maximum-threshold.
              drop_probability Integer Required Min: 1
Max: 100
WRED drop probability.
              weight Integer Min: 0
Max: 15
WRED weight.
    uc_tx_queues List, items: Dictionary
      - id Integer Required, Unique UC TX queue ID.
        bandwidth_percent Integer
        bandwidth_guaranteed_percent Integer
        priority String Valid Values:
- priority strict
- no priority
        shape Dictionary
          rate String Supported options are platform dependent.
Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
        comment String Text comment added to queue.
        random_detect Dictionary
          ecn Dictionary Explicit Congestion Notification.
            count Boolean Enable counter for random-detect ECNs.
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- milliseconds
Unit to be used for the threshold values.
              min Integer Required Min: 1 Random-detect ECN minimum-threshold.
              max Integer Required Min: 1 Random-detect ECN maximum-threshold.
              max_probability Integer Min: 1
Max: 100
Random-detect ECN maximum mark probability.
              weight Integer Min: 0
Max: 15
Random-detect ECN weight.
          drop Dictionary Set WRED parameters.
            threshold Dictionary
              units String Required Valid Values:
- segments
- bytes
- kbytes
- mbytes
- microseconds
- milliseconds
Units to be used for the threshold values.
              drop_precedence Integer Min: 0
Max: 2
Specify Drop Precedence value.
              min Integer Required Min: 1 WRED minimum-threshold.
              max Integer Required Min: 1 WRED maximum-threshold.
              drop_probability Integer Required Min: 1
Max: 100
WRED drop probability.
              weight Integer Min: 0
Max: 15
WRED weight.
    mc_tx_queues List, items: Dictionary
      - id Integer Required, Unique MC TX queue ID.
        bandwidth_percent Integer
        bandwidth_guaranteed_percent Integer
        priority String Valid Values:
- priority strict
- no priority
        shape Dictionary
          rate String Supported options are platform dependent.
Example: “< rate > kbps”, “1-100 percent”, “< rate > pps”
        comment String Text comment added to queue.
    priority_flow_control Dictionary Priority Flow Control settings.
      enabled Boolean Enable Priority Flow control.
      watchdog Dictionary Watchdog can detect stuck transmit queues.
        enabled Boolean Required Enable the watchdog on stuck transmit queues.
        action String Valid Values:
- drop
- notify-only
Override the default error-disable action to either drop
traffic on the stuck queue or notify-only
without making any actions on the stuck queue.
        timer Dictionary Timer thresholds whilst monitoring queues.
          timeout String Required Pattern: ^\d+(\.\d{1,2})?$ Timeout in seconds after which port should be errdisabled or
should start dropping on congested priorities.
This should be decimal with up to 2 decimal point.
Example: 0.01 or 60
          polling_interval String Required Pattern: ^auto|\d+(\.\d{1,3})?$ Time interval in seconds at which the watchdog should poll the queues.
This should be decimal with up to 3 decimal point or set
to ‘auto’ based on recovery_time and timeout values.
Example: 0.005 or 60
          recovery_time String Required Pattern: ^\d+(\.\d{1,2})?$ Recovery-time in seconds after which stuck queue should
recover and start forwarding again.
This should be decimal with up to 2 decimal point.
Example: 0.01 or 60
          forced Boolean Force recover any stuck queue(s) after the duration,
irrespective of whether PFC frames are being
received or not.
      priorities List, items: Dictionary Set the drop/no_drop on each queue.
        - priority Integer Required, Unique Min: 0
Max: 7
Priority queue number (COS value).
          no_drop Boolean Required Enable Priority Flow Control frames on this queue.
qos_profiles:

    # Profile-Name.
  - name: <str; required; unique>
    trust: <str; "cos" | "dscp" | "disabled">
    cos: <int>
    dscp: <int>
    shape:

      # Supported options are platform dependent.
      # Example: "< rate > kbps", "1-100 percent", "< rate > pps"
      rate: <str>
    service_policy:
      type:

        # Policy-map name.
        qos_input: <str>
    tx_queues:

        # TX-Queue ID.
      - id: <int; required; unique>
        bandwidth_percent: <int>
        bandwidth_guaranteed_percent: <int>
        priority: <str; "priority strict" | "no priority">
        shape:

          # Supported options are platform dependent.
          # Example: "< rate > kbps", "1-100 percent", "< rate > pps"
          rate: <str>

        # Text comment added to queue.
        comment: <str>
        random_detect:

          # Explicit Congestion Notification.
          ecn:

            # Enable counter for random-detect ECNs.
            count: <bool>
            threshold:

              # Units to be used for the threshold values.
              # This should be one of segments, byte, kbytes, mbytes.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>

              # Random-detect ECN minimum-threshold.
              min: <int; >=1; required>

              # Random-detect ECN maximum-threshold.
              max: <int; >=1; required>

              # Random-detect ECN maximum mark probability.
              max_probability: <int; 1-100>

              # Random-detect ECN weight.
              weight: <int; 0-15>

          # Set WRED parameters.
          drop:
            threshold:

              # Units to be used for the threshold values.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "microseconds" | "milliseconds"; required>

              # Specify Drop Precedence value.
              drop_precedence: <int; 0-2>

              # WRED minimum-threshold.
              min: <int; >=1; required>

              # WRED maximum-threshold.
              max: <int; >=1; required>

              # WRED drop probability.
              drop_probability: <int; 1-100; required>

              # WRED weight.
              weight: <int; 0-15>
    uc_tx_queues:

        # UC TX queue ID.
      - id: <int; required; unique>
        bandwidth_percent: <int>
        bandwidth_guaranteed_percent: <int>
        priority: <str; "priority strict" | "no priority">
        shape:

          # Supported options are platform dependent.
          # Example: "< rate > kbps", "1-100 percent", "< rate > pps"
          rate: <str>

        # Text comment added to queue.
        comment: <str>
        random_detect:

          # Explicit Congestion Notification.
          ecn:

            # Enable counter for random-detect ECNs.
            count: <bool>
            threshold:

              # Unit to be used for the threshold values.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "milliseconds"; required>

              # Random-detect ECN minimum-threshold.
              min: <int; >=1; required>

              # Random-detect ECN maximum-threshold.
              max: <int; >=1; required>

              # Random-detect ECN maximum mark probability.
              max_probability: <int; 1-100>

              # Random-detect ECN weight.
              weight: <int; 0-15>

          # Set WRED parameters.
          drop:
            threshold:

              # Units to be used for the threshold values.
              units: <str; "segments" | "bytes" | "kbytes" | "mbytes" | "microseconds" | "milliseconds"; required>

              # Specify Drop Precedence value.
              drop_precedence: <int; 0-2>

              # WRED minimum-threshold.
              min: <int; >=1; required>

              # WRED maximum-threshold.
              max: <int; >=1; required>

              # WRED drop probability.
              drop_probability: <int; 1-100; required>

              # WRED weight.
              weight: <int; 0-15>
    mc_tx_queues:

        # MC TX queue ID.
      - id: <int; required; unique>
        bandwidth_percent: <int>
        bandwidth_guaranteed_percent: <int>
        priority: <str; "priority strict" | "no priority">
        shape:

          # Supported options are platform dependent.
          # Example: "< rate > kbps", "1-100 percent", "< rate > pps"
          rate: <str>

        # Text comment added to queue.
        comment: <str>

    # Priority Flow Control settings.
    priority_flow_control:

      # Enable Priority Flow control.
      enabled: <bool>

      # Watchdog can detect stuck transmit queues.
      watchdog:

        # Enable the watchdog on stuck transmit queues.
        enabled: <bool; required>

        # Override the default error-disable action to either drop
        # traffic on the stuck queue or notify-only
        # without making any actions on the stuck queue.
        action: <str; "drop" | "notify-only">

        # Timer thresholds whilst monitoring queues.
        timer:

          # Timeout in seconds after which port should be errdisabled or
          # should start dropping on congested priorities.
          # This should be decimal with up to 2 decimal point.
          # Example: 0.01 or 60
          timeout: <str; required>

          # Time interval in seconds at which the watchdog should poll the queues.
          # This should be decimal with up to 3 decimal point or set
          # to 'auto' based on recovery_time and timeout values.
          # Example: 0.005 or 60
          polling_interval: <str; required>

          # Recovery-time in seconds after which stuck queue should
          # recover and start forwarding again.
          # This should be decimal with up to 2 decimal point.
          # Example: 0.01 or 60
          recovery_time: <str; required>

          # Force recover any stuck queue(s) after the duration,
          # irrespective of whether PFC frames are being
          # received or not.
          forced: <bool>

      # Set the drop/no_drop on each queue.
      priorities:

          # Priority queue number (COS value).
        - priority: <int; 0-7; required; unique>

          # Enable Priority Flow Control frames on this queue.
          no_drop: <bool; required>

Queue monitor-length

Variable Type Required Default Value Restrictions Description
queue_monitor_length Dictionary
  enabled Boolean Required
  default_thresholds Dictionary
    high Integer Required Default high threshold for Ethernet Interfaces.
    low Integer Default low threshold for Ethernet Interfaces.
Low threshold support is platform dependent.
  log Integer Logging interval in seconds.
  notifying Boolean Should only be used for platforms supporting the “queue-monitor length notifying” CLI.
  cpu Dictionary
    thresholds Dictionary
      high Integer Required
      low Integer
  tx_latency Boolean Enable tx-latency mode.
queue_monitor_length:
  enabled: <bool; required>
  default_thresholds:

    # Default high threshold for Ethernet Interfaces.
    high: <int; required>

    # Default low threshold for Ethernet Interfaces.
    # Low threshold support is platform dependent.
    low: <int>

  # Logging interval in seconds.
  log: <int>

  # Should only be used for platforms supporting the "queue-monitor length notifying" CLI.
  notifying: <bool>
  cpu:
    thresholds:
      high: <int; required>
      low: <int>

  # Enable tx-latency mode.
  tx_latency: <bool>

Queue monitor-streaming

Variable Type Required Default Value Restrictions Description
queue_monitor_streaming Dictionary
  enable Boolean
  ip_access_group String Name of IP ACL.
  ipv6_access_group String Name of IPv6 ACL.
  max_connections Integer Min: 1
Max: 100
  vrf String
queue_monitor_streaming:
  enable: <bool>

  # Name of IP ACL.
  ip_access_group: <str>

  # Name of IPv6 ACL.
  ipv6_access_group: <str>
  max_connections: <int; 1-100>
  vrf: <str>

Application traffic recognition

Variable Type Required Default Value Restrictions Description
application_traffic_recognition Dictionary Application traffic recognition configuration.
  categories List, items: Dictionary List of categories.
    - name String Required, Unique Category name.
      applications List, items: Dictionary List of applications.
        - name String Application name.
          service String Valid Values:
- audio-video
- chat
- default
- file-transfer
- networking-protocols
- peer-to-peer
- software-update
Service Name.
Specific service to target for this application.
If no service is specified, all supported services of the application are matched.
Not all valid values are valid for all applications, check on EOS CLI.
  field_sets Dictionary
    l4_ports List, items: Dictionary L4 port field-set.
      - name String Required, Unique L4 port field-set name.
        port_values List, items: String Min Length: 1
          - <str> String Port values or range of port values.
Port values are between 0 and 65535.
    ipv4_prefixes List, items: Dictionary IPv4 prefix field set.
      - name String Required, Unique IPv4 prefix field-set name.
        prefix_values List, items: String Min Length: 1
          - <str> String IP prefix (ex 1.2.3.0/24).
  applications Dictionary
    ipv4_applications List, items: Dictionary List of user defined IPv4 applications. The name should be unique over all defined applications (ipv4 and l4).
      - name String Required, Unique Application name.
        src_prefix_set_name String Source prefix set name.
        dest_prefix_set_name String Destination prefix set name.
        dscp_ranges List, items: String Accept DSCP value(s) or range(s).
DSCP values can be between 0 and 63.
Other valid values are cs0 to cs7, af11-13, af21-23, af31-33, af41-af43 and ef.
Note: The values are not sorted so the list items need to be supplied in the right order to match the CLI if required.
          - <str> String Pattern: ^(?:cs[1-7]|af[1-4][1-3]|ef|(?:(?:,|,\s|^)(?:\d|[1-5]\d|6[0-3])(?:-(?:\d|[1-5]\d|6[0-3]))?)+)$ DSCP value or range syntax.
        protocols List, items: String List of protocols to consider for this application.
To use port field-sets (source, destination or both), the list
must contain only one or two protocols, either tcp or udp.
When using both protocols, one line is rendered for each in the configuration,
hence the field-sets must have the same value for tcp_src_port_set_name and
udp_src_port_set_name and for tcp_dest_port_set_name and udp_dest_port_set_name
if set in order to generate valid configuration in EOS.
          - <str> String Valid Values:
- ahp
- esp
- icmp
- igmp
- ospf
- pim
- rsvp
- tcp
- udp
- vrrp
        protocol_ranges List, items: String Accept protocol value(s) or range(s).
Protocol values can be between 1 and 255.
          - <str> String
        udp_src_port_set_name String Name of field set for UDP source ports.
When the protocols list contain both tcp and udp, this key value
must be the same as tcp_src_port_set_name.
        tcp_src_port_set_name String Name of field set for TCP source ports.
When the protocols list contain both tcp and udp, this key value
must be the same as udp_src_port_set_name.
        udp_dest_port_set_name String Name of field set for UDP destination ports.
When the protocols list contain both tcp and udp, this key value
must be the same as tcp_dest_port_set_name.
        tcp_dest_port_set_name String Name of field set for TCP destination ports.
When the protocols list contain both tcp and udp, this key value
must be the same as udp_dest_port_set_name.
    l4_applications List, items: Dictionary List of user defined L4 applications. The name should be unique over all defined applications (ipv4 and l4).
      - name String Required, Unique Application name.
        protocols List, items: String List of protocols to consider for this application.
To use port field-sets (source, destination or both), the list
must contain only one or two protocols, either tcp or udp.
When using both protocols, one line is rendered for each in the configuration,
hence the field-sets must have the same value for tcp_src_port_set_name and
udp_src_port_set_name and for tcp_dest_port_set_name and udp_dest_port_set_name
if set in order to generate valid configuration in EOS.
          - <str> String Valid Values:
- ahp
- esp
- icmp
- igmp
- ospf
- pim
- rsvp
- tcp
- udp
- vrrp
        protocol_ranges List, items: String Accept protocol value(s) or range(s).
Protocol values can be between 1 and 255.
          - <str> String
        udp_src_port_set_name String Name of field set for UDP source ports.
When the protocols list contain both tcp and udp, this key value
must be the same as tcp_src_port_set_name.
        tcp_src_port_set_name String Name of field set for TCP source ports.
When the protocols list contain both tcp and udp, this key value
must be the same as udp_src_port_set_name.
        udp_dest_port_set_name String Name of field set for UDP destination ports.
When the protocols list contain both tcp and udp, this key value
must be the same as tcp_dest_port_set_name.
        tcp_dest_port_set_name String Name of field set for TCP destination ports.
When the protocols list contain both tcp and udp, this key value
must be the same as udp_dest_port_set_name.
  application_profiles List, items: Dictionary Group of applications.
    - name String Required, Unique Application Profile name.
      applications List, items: Dictionary List of applications part of the application profile.
        - name String Application Name.
          service String Valid Values:
- audio-video
- chat
- default
- file-transfer
- networking-protocols
- peer-to-peer
- software-update
Service Name.
Specific service to target for this application.
If no service is specified, all supported services of the application are matched.
Not all valid values are valid for all applications, check on EOS CLI.
      application_transports List, items: String List of transport protocols.
        - <str> String Valid Values:
- http
- https
- udp
- tcp
- ip
- ip6
- ssl
- rtp
- sctp
- quic
Transport name.
      categories List, items: Dictionary Categories under this application profile.
        - name String Name of a category.
          service String Valid Values:
- audio-video
- chat
- default
- file-transfer
- networking-protocols
- peer-to-peer
- software-update
Service Name.
Specific service to target for this application.
If no service is specified, all supported services of the application are matched.
Not all valid values are valid for all applications, check on EOS CLI.
# Application traffic recognition configuration.
application_traffic_recognition:

  # List of categories.
  categories:

      # Category name.
    - name: <str; required; unique>

      # List of applications.
      applications:

          # Application name.
        - name: <str>

          # Service Name.
          # Specific service to target for this application.
          # If no service is specified, all supported services of the application are matched.
          # Not all valid values are valid for all applications, check on EOS CLI.
          service: <str; "audio-video" | "chat" | "default" | "file-transfer" | "networking-protocols" | "peer-to-peer" | "software-update">
  field_sets:

    # L4 port field-set.
    l4_ports:

        # L4 port field-set name.
      - name: <str; required; unique>
        port_values: # >=1 items

            # Port values or range of port values.
            # Port values are between 0 and 65535.
          - <str>

    # IPv4 prefix field set.
    ipv4_prefixes:

        # IPv4 prefix field-set name.
      - name: <str; required; unique>
        prefix_values: # >=1 items

            # IP prefix (ex 1.2.3.0/24).
          - <str>
  applications:

    # List of user defined IPv4 applications. The name should be unique over all defined applications (ipv4 and l4).
    ipv4_applications:

        # Application name.
      - name: <str; required; unique>

        # Source prefix set name.
        src_prefix_set_name: <str>

        # Destination prefix set name.
        dest_prefix_set_name: <str>

        # Accept DSCP value(s) or range(s).
        # DSCP values can be between 0 and 63.
        # Other valid values are cs0 to cs7, af11-13, af21-23, af31-33, af41-af43 and ef.
        # Note: The values are not sorted so the list items need to be supplied in the right order to match the CLI if required.
        dscp_ranges:

            # DSCP value or range syntax.
          - <str>

        # List of protocols to consider for this application.
        # To use port field-sets (source, destination or both), the list
        # must contain only one or two protocols, either `tcp` or `udp`.
        # When using both protocols, one line is rendered for each in the configuration,
        # hence the field-sets must have the same value for `tcp_src_port_set_name` and
        # `udp_src_port_set_name` and for `tcp_dest_port_set_name` and `udp_dest_port_set_name`
        # if set in order to generate valid configuration in EOS.
        protocols:
          - <str; "ahp" | "esp" | "icmp" | "igmp" | "ospf" | "pim" | "rsvp" | "tcp" | "udp" | "vrrp">

        # Accept protocol value(s) or range(s).
        # Protocol values can be between 1 and 255.
        protocol_ranges:
          - <str>

        # Name of field set for UDP source ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `tcp_src_port_set_name`.
        udp_src_port_set_name: <str>

        # Name of field set for TCP source ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `udp_src_port_set_name`.
        tcp_src_port_set_name: <str>

        # Name of field set for UDP destination ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `tcp_dest_port_set_name`.
        udp_dest_port_set_name: <str>

        # Name of field set for TCP destination ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `udp_dest_port_set_name`.
        tcp_dest_port_set_name: <str>

    # List of user defined L4 applications. The name should be unique over all defined applications (ipv4 and l4).
    l4_applications:

        # Application name.
      - name: <str; required; unique>

        # List of protocols to consider for this application.
        # To use port field-sets (source, destination or both), the list
        # must contain only one or two protocols, either `tcp` or `udp`.
        # When using both protocols, one line is rendered for each in the configuration,
        # hence the field-sets must have the same value for `tcp_src_port_set_name` and
        # `udp_src_port_set_name` and for `tcp_dest_port_set_name` and `udp_dest_port_set_name`
        # if set in order to generate valid configuration in EOS.
        protocols:
          - <str; "ahp" | "esp" | "icmp" | "igmp" | "ospf" | "pim" | "rsvp" | "tcp" | "udp" | "vrrp">

        # Accept protocol value(s) or range(s).
        # Protocol values can be between 1 and 255.
        protocol_ranges:
          - <str>

        # Name of field set for UDP source ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `tcp_src_port_set_name`.
        udp_src_port_set_name: <str>

        # Name of field set for TCP source ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `udp_src_port_set_name`.
        tcp_src_port_set_name: <str>

        # Name of field set for UDP destination ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `tcp_dest_port_set_name`.
        udp_dest_port_set_name: <str>

        # Name of field set for TCP destination ports.
        # When the `protocols` list contain both `tcp` and `udp`, this key value
        # must be the same as `udp_dest_port_set_name`.
        tcp_dest_port_set_name: <str>

  # Group of applications.
  application_profiles:

      # Application Profile name.
    - name: <str; required; unique>

      # List of applications part of the application profile.
      applications:

          # Application Name.
        - name: <str>

          # Service Name.
          # Specific service to target for this application.
          # If no service is specified, all supported services of the application are matched.
          # Not all valid values are valid for all applications, check on EOS CLI.
          service: <str; "audio-video" | "chat" | "default" | "file-transfer" | "networking-protocols" | "peer-to-peer" | "software-update">

      # List of transport protocols.
      application_transports:

          # Transport name.
        - <str; "http" | "https" | "udp" | "tcp" | "ip" | "ip6" | "ssl" | "rtp" | "sctp" | "quic">

      # Categories under this application profile.
      categories:

          # Name of a category.
        - name: <str>

          # Service Name.
          # Specific service to target for this application.
          # If no service is specified, all supported services of the application are matched.
          # Not all valid values are valid for all applications, check on EOS CLI.
          service: <str; "audio-video" | "chat" | "default" | "file-transfer" | "networking-protocols" | "peer-to-peer" | "software-update">

Routing

ARP

Variable Type Required Default Value Restrictions Description
arp Dictionary
  persistent Dictionary
    enabled Boolean Required Restore the ARP cache after reboot.
    refresh_delay Integer Min: 600
Max: 3600
Time to wait in seconds before refreshing the ARP cache after reboot (EOS default 600).
  aging Dictionary
    timeout_default Integer Min: 60
Max: 65535
Timeout in seconds.
  static_entries List, items: Dictionary Static ARP entries.
    - ipv4_address String Required ARP entry IPv4 address.
      vrf String ARP entry VRF.
      mac_address String Required Pattern: ^[0-9A-Fa-f]{4}\.[0-9A-Fa-f]{4}\.[0-9A-Fa-f]{4}$ ARP entry MAC address.
arp:
  persistent:

    # Restore the ARP cache after reboot.
    enabled: <bool; required>

    # Time to wait in seconds before refreshing the ARP cache after reboot (EOS default 600).
    refresh_delay: <int; 600-3600>
  aging:

    # Timeout in seconds.
    timeout_default: <int; 60-65535>

  # Static ARP entries.
  static_entries:

      # ARP entry IPv4 address.
    - ipv4_address: <str; required>

      # ARP entry VRF.
      vrf: <str>

      # ARP entry MAC address.
      mac_address: <str; required>

DHCP relay

Variable Type Required Default Value Restrictions Description
dhcp_relay Dictionary
  servers List, items: String
    - <str> String Server IP or Hostname.
  tunnel_requests_disabled Boolean
  mlag_peerlink_requests_disabled Boolean
dhcp_relay:
  servers:

      # Server IP or Hostname.
    - <str>
  tunnel_requests_disabled: <bool>
  mlag_peerlink_requests_disabled: <bool>

IP DHCP relay

Variable Type Required Default Value Restrictions Description
ip_dhcp_relay Dictionary
  always_on Boolean DhcpRelay Agent will be in always-on mode.
  all_subnets Boolean Allow forwarding requests with secondary IP addresses in the gateway address “giaddr” field.
  information_option Boolean Insert Option-82 information.
ip_dhcp_relay:

  # DhcpRelay Agent will be in always-on mode.
  always_on: <bool>

  # Allow forwarding requests with secondary IP addresses in the gateway address "giaddr" field.
  all_subnets: <bool>

  # Insert Option-82 information.
  information_option: <bool>

IP DHCP Snooping

Variable Type Required Default Value Restrictions Description
ip_dhcp_snooping Dictionary
  enabled Boolean
  bridging Boolean
  information_option Dictionary
    enabled Boolean Enable insertion of option-82 in DHCP request packets.
    circuit_id_type String “none” or <0 - 255>.
    circuit_id_format String Valid Values:
- %h:%p
- %p:%v
Required if circuit_id_type is set.
- “%h:%p” Hostname and interface name
- “%p:%v” Interface name and VLAN ID
  vlan String VLAN range as string.
“< vlan_id >, < vlan_id >-< vlan_id >”
Example: 15,16,17,18
ip_dhcp_snooping:
  enabled: <bool>
  bridging: <bool>
  information_option:

    # Enable insertion of option-82 in DHCP request packets.
    enabled: <bool>

    # "none" or <0 - 255>.
    circuit_id_type: <str>

    # Required if `circuit_id_type` is set.
    # - "%h:%p" Hostname and interface name
    # - "%p:%v" Interface name and VLAN ID
    circuit_id_format: <str; "%h:%p" | "%p:%v">

  # VLAN range as string.
  # "< vlan_id >, < vlan_id >-< vlan_id >"
  # Example: 15,16,17,18
  vlan: <str>

DHCP Servers

Variable Type Required Default Value Restrictions Description
dhcp_servers List, items: Dictionary
  - disabled Boolean
    vrf String Required, Unique VRF in which to configure the DHCP server, use default to indicate default VRF.
    lease_time_ipv4 Dictionary
      days Integer Required Min: 0
Max: 2000
      hours Integer Required Min: 0
Max: 23
      minutes Integer Required Min: 0
Max: 59
    lease_time_ipv6 Dictionary
      days Integer Required Min: 0
Max: 2000
      hours Integer Required Min: 0
Max: 23
      minutes Integer Required Min: 0
Max: 59
    dns_domain_name_ipv4 String
    dns_domain_name_ipv6 String
    dns_servers_ipv4 List, items: String Min Length: 1 List of DNS servers for IPv4 clients.
      - <str> String Required IPv4 address of DNS server.
    dns_servers_ipv6 List, items: String Min Length: 1 List of DNS servers for IPv6 clients.
      - <str> String Required IPv6 address of DNS server.
    tftp_server Dictionary
      file_ipv4 String Min Length: 1
Max Length: 255
Name of TFTP file for IPv4 clients.
      file_ipv6 String Min Length: 1
Max Length: 255
Name of TFTP file for IPv6 clients.
    ipv4_vendor_options List, items: Dictionary
      - vendor_id String Required, Unique
        sub_options List, items: Dictionary
          - code Integer Required, Unique Min: 1
Max: 254
            string String String value for suboption data.
Only one of string, ipv4_address and array_ipv4_address variables should be used for any one suboption.
The order of precedence if multiple of these variables are defined is string -> ipv4_address -> array_ipv4_address.
            ipv4_address String IPv4 address value for suboption data.
Only one of string, ipv4_address and array_ipv4_address variables should be used for any one suboption.
The order of precedence if multiple of these variables are defined is string -> ipv4_address -> array_ipv4_address.
            array_ipv4_address List, items: String Array of IPv4 addresses for suboption data.
Only one of string, ipv4_address and array_ipv4_address variables should be used for any one suboption.
The order of precedence if multiple of these variables are defined is string -> ipv4_address -> array_ipv4_address.
              - <str> String
    subnets List, items: Dictionary
      - subnet String Required, Unique IPv4/IPv6 subnet.
        name String
        default_gateway String
        dns_servers List, items: String
          - <str> String
        ranges List, items: Dictionary
          - start String Required
            end String Required
        lease_time Dictionary
          days Integer Required Min: 0
Max: 2000
          hours Integer Required Min: 0
Max: 23
          minutes Integer Required Min: 0
Max: 59
        reservations List, items: Dictionary DHCP client reservations.
          - mac_address String Required, Unique Ethernet address in format - HHHH.HHHH.HHHH
            hostname String
            ipv4_address String Valid IPv4 address from the given subnet.
This should only be used within an IPv4 subnet.
            ipv6_address String Valid IPv6 address from the given subnet.
This should only be used within an IPv6 subnet.
    eos_cli String Multiline EOS CLI rendered directly on the dhcp server in the final EOS configuration.
dhcp_servers:
  - disabled: <bool>

    # VRF in which to configure the DHCP server, use `default` to indicate default VRF.
    vrf: <str; required; unique>
    lease_time_ipv4:
      days: <int; 0-2000; required>
      hours: <int; 0-23; required>
      minutes: <int; 0-59; required>
    lease_time_ipv6:
      days: <int; 0-2000; required>
      hours: <int; 0-23; required>
      minutes: <int; 0-59; required>
    dns_domain_name_ipv4: <str>
    dns_domain_name_ipv6: <str>

    # List of DNS servers for IPv4 clients.
    dns_servers_ipv4: # >=1 items

        # IPv4 address of DNS server.
      - <str; required>

    # List of DNS servers for IPv6 clients.
    dns_servers_ipv6: # >=1 items

        # IPv6 address of DNS server.
      - <str; required>
    tftp_server:

      # Name of TFTP file for IPv4 clients.
      file_ipv4: <str; length 1-255>

      # Name of TFTP file for IPv6 clients.
      file_ipv6: <str; length 1-255>
    ipv4_vendor_options:
      - vendor_id: <str; required; unique>
        sub_options:
          - code: <int; 1-254; required; unique>

            # String value for suboption data.
            # Only one of `string`, `ipv4_address` and `array_ipv4_address` variables should be used for any one suboption.
            # The order of precedence if multiple of these variables are defined is `string` -> `ipv4_address` -> `array_ipv4_address`.
            string: <str>

            # IPv4 address value for suboption data.
            # Only one of `string`, `ipv4_address` and `array_ipv4_address` variables should be used for any one suboption.
            # The order of precedence if multiple of these variables are defined is `string` -> `ipv4_address` -> `array_ipv4_address`.
            ipv4_address: <str>

            # Array of IPv4 addresses for suboption data.
            # Only one of `string`, `ipv4_address` and `array_ipv4_address` variables should be used for any one suboption.
            # The order of precedence if multiple of these variables are defined is `string` -> `ipv4_address` -> `array_ipv4_address`.
            array_ipv4_address:
              - <str>
    subnets:

        # IPv4/IPv6 subnet.
      - subnet: <str; required; unique>
        name: <str>
        default_gateway: <str>
        dns_servers:
          - <str>
        ranges:
          - start: <str; required>
            end: <str; required>
        lease_time:
          days: <int; 0-2000; required>
          hours: <int; 0-23; required>
          minutes: <int; 0-59; required>

        # DHCP client reservations.
        reservations:

            # Ethernet address in format - HHHH.HHHH.HHHH
          - mac_address: <str; required; unique>
            hostname: <str>

            # Valid IPv4 address from the given subnet.
            # This should only be used within an IPv4 subnet.
            ipv4_address: <str>

            # Valid IPv6 address from the given subnet.
            # This should only be used within an IPv6 subnet.
            ipv6_address: <str>

    # Multiline EOS CLI rendered directly on the dhcp server in the final EOS configuration.
    eos_cli: <str>

IP ICMP redirect

Variable Type Required Default Value Restrictions Description
ip_icmp_redirect Boolean
ip_icmp_redirect: <bool>

IP NAT

Variable Type Required Default Value Restrictions Description
ip_nat Dictionary
  kernel_buffer_size Integer Min: 1
Max: 64
Buffer size in MB.
  profiles List, items: Dictionary
    - name String Required, Unique
      vrf String Specify VRF for NAT profile.
      destination Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            pool_name String Required
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive.
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive.
            original_ip String IPv4 address. The combination of original_ip and original_port must be unique.
            original_port Integer Min: 1
Max: 65535
TCP/UDP port. The combination of original_ip and original_port must be unique.
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address.
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’.
      source Dictionary
        dynamic List, items: Dictionary
          - access_list String Required, Unique
            comment String
            nat_type String Required Valid Values:
- overload
- pool
- pool-address-only
- pool-full-cone
            pool_name String required if ‘nat_type’ is pool, pool-address-only or pool-full-cone.
ignored if ‘nat_type’ is overload.
            priority Integer Min: 0
Max: 4294967295
        static List, items: Dictionary
          - access_list String ‘access_list’ and ‘group’ are mutual exclusive.
            comment String
            direction String Valid Values:
- egress
- ingress
Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            group Integer Min: 1
Max: 65535
‘access_list’ and ‘group’ are mutual exclusive.
            original_ip String IPv4 address. The combination of original_ip and original_port must be unique.
            original_port Integer Min: 1
Max: 65535
TCP/UDP port. The combination of original_ip and original_port must be unique.
            priority Integer Min: 0
Max: 4294967295
            protocol String Valid Values:
- udp
- tcp
            translated_ip String Required IPv4 address.
            translated_port Integer Min: 1
Max: 65535
requires ‘original_port’.
  pools List, items: Dictionary
    - name String Required, Unique
      type String ip-port Valid Values:
- ip-port
- port-only
      prefix_length Integer Min: 16
Max: 32
It is only used and required when type is ip-port.
      ranges List, items: Dictionary
        - first_ip String IPv4 address.
Required when type is ip-port and ignored otherwise.
          last_ip String IPv4 address.
Required when type is ip-port and ignored otherwise.
first_ip and last_ip ip addresses should lie in same subnet.
          first_port Integer Min: 1
Max: 65535
          last_port Integer Min: 1
Max: 65535
Required when first_port is set.
last_port must be greater than or equal to first_port.
      utilization_log_threshold Integer Min: 1
Max: 100
  synchronization Dictionary
    description String
    expiry_interval Integer Min: 60
Max: 3600
In seconds.
    local_interface String EOS interface name.
    peer_address String IPv4 address.
    port_range Dictionary
      first_port Integer Min: 1024
Max: 65535
      last_port Integer Min: 1024
Max: 65535
>= first_port.
      split_disabled Boolean
    shutdown Boolean
  translation Dictionary
    address_selection Dictionary
      any Boolean
      hash_field_source_ip Boolean
    counters Boolean
    low_mark Dictionary
      percentage Integer Min: 1
Max: 99
Used to render ‘ip nat translation low-mark ‘.
      host_percentage Integer Min: 1
Max: 99
Used to render ‘ip nat translation low-mark host’.
    max_entries Dictionary
      limit Integer Min: 0
Max: 4294967295
      host_limit Integer Min: 0
Max: 4294967295
      ip_limits List, items: Dictionary
        - ip String Required, Unique IPv4 address.
          limit Integer Required Min: 0
Max: 4294967295
    timeouts List, items: Dictionary
      - protocol String Required, Unique Valid Values:
- tcp
- udp
        timeout Integer Required Min: 0
Max: 4294967295
In seconds.
ip_nat:

  # Buffer size in MB.
  kernel_buffer_size: <int; 1-64>
  profiles:
    - name: <str; required; unique>

      # Specify VRF for NAT profile.
      vrf: <str>
      destination:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            pool_name: <str; required>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
      source:
        dynamic:
          - access_list: <str; required; unique>
            comment: <str>
            nat_type: <str; "overload" | "pool" | "pool-address-only" | "pool-full-cone"; required>

            # required if 'nat_type' is pool, pool-address-only or pool-full-cone.
            # ignored if 'nat_type' is overload.
            pool_name: <str>
            priority: <int; 0-4294967295>
        static:

            # 'access_list' and 'group' are mutual exclusive.
          - access_list: <str>
            comment: <str>

            # Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform.
            # EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
            direction: <str; "egress" | "ingress">

            # 'access_list' and 'group' are mutual exclusive.
            group: <int; 1-65535>

            # IPv4 address. The combination of `original_ip` and `original_port` must be unique.
            original_ip: <str>

            # TCP/UDP port. The combination of `original_ip` and `original_port` must be unique.
            original_port: <int; 1-65535>
            priority: <int; 0-4294967295>
            protocol: <str; "udp" | "tcp">

            # IPv4 address.
            translated_ip: <str; required>

            # requires 'original_port'.
            translated_port: <int; 1-65535>
  pools:
    - name: <str; required; unique>
      type: <str; "ip-port" | "port-only"; default="ip-port">

      # It is only used and required when `type` is `ip-port`.
      prefix_length: <int; 16-32>
      ranges:

          # IPv4 address.
          # Required when `type` is `ip-port` and ignored otherwise.
        - first_ip: <str>

          # IPv4 address.
          # Required when `type` is `ip-port` and ignored otherwise.
          # `first_ip` and `last_ip` ip addresses should lie in same subnet.
          last_ip: <str>
          first_port: <int; 1-65535>

          # Required when `first_port` is set.
          # `last_port` must be greater than or equal to `first_port`.
          last_port: <int; 1-65535>
      utilization_log_threshold: <int; 1-100>
  synchronization:
    description: <str>

    # In seconds.
    expiry_interval: <int; 60-3600>

    # EOS interface name.
    local_interface: <str>

    # IPv4 address.
    peer_address: <str>
    port_range:
      first_port: <int; 1024-65535>

      # >= first_port.
      last_port: <int; 1024-65535>
      split_disabled: <bool>
    shutdown: <bool>
  translation:
    address_selection:
      any: <bool>
      hash_field_source_ip: <bool>
    counters: <bool>
    low_mark:

      # Used to render 'ip nat translation low-mark <percentage>'.
      percentage: <int; 1-99>

      # Used to render 'ip nat translation low-mark <host_percentage> host'.
      host_percentage: <int; 1-99>
    max_entries:
      limit: <int; 0-4294967295>
      host_limit: <int; 0-4294967295>
      ip_limits:

          # IPv4 address.
        - ip: <str; required; unique>
          limit: <int; 0-4294967295; required>
    timeouts:
      - protocol: <str; "tcp" | "udp"; required; unique>

        # In seconds.
        timeout: <int; 0-4294967295; required>

IP routing IPv6 interfaces

Variable Type Required Default Value Restrictions Description
ip_routing_ipv6_interfaces Boolean
ip_routing_ipv6_interfaces: <bool>

IP routing

Variable Type Required Default Value Restrictions Description
ip_routing Boolean
ip_routing: <bool>

IP virtual router MAC address

Variable Type Required Default Value Restrictions Description
ip_virtual_router_mac_address String MAC address (hh:hh:hh:hh:hh:hh).
# MAC address (hh:hh:hh:hh:hh:hh).
ip_virtual_router_mac_address: <str>

IPv6 DHCP relay

Variable Type Required Default Value Restrictions Description
ipv6_dhcp_relay Dictionary
  always_on Boolean DhcpRelay Agent will be in always-on mode, off by default.
  all_subnets Boolean Allow forwarding requests with additional IPv6 addresses in the gateway address “giaddr” field.
  option Dictionary Insert DHCP Option.
    link_layer_address Boolean Add Option 79 (Link Layer Address Option).
    remote_id_format String Valid Values:
- %m:%i
- %m:%p
Add RemoteID option 37 in format MAC address and interface ID (%m:%i) or MAC address and interface name (%m:%p).
ipv6_dhcp_relay:

  # DhcpRelay Agent will be in always-on mode, off by default.
  always_on: <bool>

  # Allow forwarding requests with additional IPv6 addresses in the gateway address "giaddr" field.
  all_subnets: <bool>

  # Insert DHCP Option.
  option:

    # Add Option 79 (Link Layer Address Option).
    link_layer_address: <bool>

    # Add RemoteID option 37 in format MAC address and interface ID (`%m:%i`) or MAC address and interface name (`%m:%p`).
    remote_id_format: <str; "%m:%i" | "%m:%p">

IPv6 ICMP redirects

Variable Type Required Default Value Restrictions Description
ipv6_icmp_redirect Boolean
ipv6_icmp_redirect: <bool>

IPv6 static routes

Variable Type Required Default Value Restrictions Description
ipv6_static_routes List, items: Dictionary
  - vrf String
    destination_address_prefix String IPv6 Network/Mask.
    interface String
    gateway String IPv6 Address.
    track_bfd Boolean Track next-hop using BFD.
    distance Integer Min: 1
Max: 255
    tag Integer Min: 0
Max: 4294967295
    name String Description.
    metric Integer Min: 0
Max: 4294967295
ipv6_static_routes:
  - vrf: <str>

    # IPv6 Network/Mask.
    destination_address_prefix: <str>
    interface: <str>

    # IPv6 Address.
    gateway: <str>

    # Track next-hop using BFD.
    track_bfd: <bool>
    distance: <int; 1-255>
    tag: <int; 0-4294967295>

    # Description.
    name: <str>
    metric: <int; 0-4294967295>

IPv6 unicast routing

Variable Type Required Default Value Restrictions Description
ipv6_unicast_routing Boolean
ipv6_unicast_routing: <bool>

MPLS

Variable Type Required Default Value Restrictions Description
mpls Dictionary
  ip Boolean
  ldp Dictionary
    interface_disabled_default Boolean
    router_id String
    shutdown Boolean
    transport_address_interface String Interface Name.
  icmp Dictionary Enables the LSRs to generate ICMP reply messages and deliver them to the originating host.
    fragmentation_needed_tunneling Boolean Enables the MPLS tunneling of MTU exceeded ICMP replies (fragmentation needed, packet too big).
    ttl_exceeded_tunneling Boolean Enables the MPLS tunneling of TTL exceeded ICMP replies.
mpls:
  ip: <bool>
  ldp:
    interface_disabled_default: <bool>
    router_id: <str>
    shutdown: <bool>

    # Interface Name.
    transport_address_interface: <str>

  # Enables the LSRs to generate ICMP reply messages and deliver them to the originating host.
  icmp:

    # Enables the MPLS tunneling of MTU exceeded ICMP replies (fragmentation needed, packet too big).
    fragmentation_needed_tunneling: <bool>

    # Enables the MPLS tunneling of TTL exceeded ICMP replies.
    ttl_exceeded_tunneling: <bool>

Router adaptive virtual topology

Variable Type Required Default Value Restrictions Description
router_adaptive_virtual_topology Dictionary
  topology_role String Valid Values:
- edge
- pathfinder
- transit region
- transit zone
Role name.
  gateway_vxlan Boolean Enables VXLAN gateway router profile.
Only applicable for topology_role: edge, topology_role: transit region or topology_role: transit zone.
  region Dictionary Region name and ID.
    name String Required Pattern: ^[A-Za-z0-9_.:{}\[\]-]+$
    id Integer Required Min: 1
Max: 255
  zone Dictionary Zone name and ID.
    name String Required Pattern: ^[A-Za-z0-9_.:{}\[\]-]+$
    id Integer Required Min: 1
Max: 10000
  site Dictionary Site name and ID.
    name String Required Pattern: ^[A-Za-z0-9_.:{}\[\]-]+$
    id Integer Required Min: 1
Max: 10000
  profiles List, items: Dictionary
    - name String Required, Unique AVT Name.
      load_balance_policy String Name of the load-balance policy.
      internet_exit_policy String Name of the internet exit policy.
  policies List, items: Dictionary A sequence of application profiles mapped to some virtual topologies.
    - name String Required, Unique Policy name.
      matches List, items: Dictionary
        - application_profile String Application profile name.
          avt_profile String AVT Profile name.
          dscp Integer Min: 0
Max: 63
Set DSCP for matched traffic.
          traffic_class Integer Min: 0
Max: 7
Set traffic-class for matched traffic.
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name.
      policy String AVT Policy name.
      profiles List, items: Dictionary AVT profiles in this VRF.
        - name String AVT profile name.
          id Integer Required, Unique Min: 1
Max: 254
Unique ID for this AVT (per VRF).
router_adaptive_virtual_topology:

  # Role name.
  topology_role: <str; "edge" | "pathfinder" | "transit region" | "transit zone">

  # Enables VXLAN gateway router profile.
  # Only applicable for `topology_role: edge`, `topology_role: transit region` or `topology_role: transit zone`.
  gateway_vxlan: <bool>

  # Region name and ID.
  region:
    name: <str; required>
    id: <int; 1-255; required>

  # Zone name and ID.
  zone:
    name: <str; required>
    id: <int; 1-10000; required>

  # Site name and ID.
  site:
    name: <str; required>
    id: <int; 1-10000; required>
  profiles:

      # AVT Name.
    - name: <str; required; unique>

      # Name of the load-balance policy.
      load_balance_policy: <str>

      # Name of the internet exit policy.
      internet_exit_policy: <str>

  # A sequence of application profiles mapped to some virtual topologies.
  policies:

      # Policy name.
    - name: <str; required; unique>
      matches:

          # Application profile name.
        - application_profile: <str>

          # AVT Profile name.
          avt_profile: <str>

          # Set DSCP for matched traffic.
          dscp: <int; 0-63>

          # Set traffic-class for matched traffic.
          traffic_class: <int; 0-7>
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # AVT Policy name.
      policy: <str>

      # AVT profiles in this VRF.
      profiles:

          # AVT profile name.
        - name: <str>

          # Unique ID for this AVT (per VRF).
          id: <int; 1-254; required; unique>

Router BFD

Variable Type Required Default Value Restrictions Description
router_bfd Dictionary
  interval Integer Rate in milliseconds.
  local_address String Configure BFD local IP/IPv6 address.
  min_rx Integer Rate in milliseconds.
  multiplier Integer Min: 3
Max: 50
  multihop Dictionary
    interval Integer Rate in milliseconds.
    min_rx Integer Rate in milliseconds.
    multiplier Integer Min: 3
Max: 50
  session_snapshot_interval Integer Min: 1
Max: 3600
Interval in seconds.
Intervals below 10 are considered “dangerous” on EOS and must have session_snapshot_interval_dangerous set to true.
  session_snapshot_interval_dangerous Boolean
  sbfd Dictionary
    local_interface Dictionary
      name String Interface Name.
      protocols Dictionary
        ipv4 Boolean
        ipv6 Boolean
    initiator_interval Integer Rate in milliseconds.
    initiator_multiplier Integer Min: 3
Max: 50
    initiator_measurement_round_trip Boolean Enable round-trip delay measurement.
    reflector Dictionary
      min_rx Integer Rate in milliseconds.
      local_discriminator String IPv4 address or 32 bit integer.
  slow_timer Integer Min: 2000
Max: 60000
Rate in milliseconds.
router_bfd:

  # Rate in milliseconds.
  interval: <int>

  # Configure BFD local IP/IPv6 address.
  local_address: <str>

  # Rate in milliseconds.
  min_rx: <int>
  multiplier: <int; 3-50>
  multihop:

    # Rate in milliseconds.
    interval: <int>

    # Rate in milliseconds.
    min_rx: <int>
    multiplier: <int; 3-50>

  # Interval in seconds.
  # Intervals below 10 are considered "dangerous" on EOS and must have `session_snapshot_interval_dangerous` set to `true`.
  session_snapshot_interval: <int; 1-3600>
  session_snapshot_interval_dangerous: <bool>
  sbfd:
    local_interface:

      # Interface Name.
      name: <str>
      protocols:
        ipv4: <bool>
        ipv6: <bool>

    # Rate in milliseconds.
    initiator_interval: <int>
    initiator_multiplier: <int; 3-50>

    # Enable round-trip delay measurement.
    initiator_measurement_round_trip: <bool>
    reflector:

      # Rate in milliseconds.
      min_rx: <int>

      # IPv4 address or 32 bit integer.
      local_discriminator: <str>

  # Rate in milliseconds.
  slow_timer: <int; 2000-60000>

Router BGP

Variable Type Required Default Value Restrictions Description
router_bgp Dictionary
  as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
  as_notation String Valid Values:
- asdot
- asplain
BGP AS can be deplayed in the asplain <1-4294967295> or asdot notation “<1-65535>.<0-65535>”. This flag indicates which mode is preferred - asplain is the default.
  router_id String In IP address format A.B.C.D.
  timers Dictionary
    keepalive_time Integer Min: 0
Max: 3600
Time between BGP keepalive messages in seconds.
keepalive_time should be lesser than hold_time.
    hold_time Integer Min: 0
Max: 7200
Hold time in seconds. Must be defined along with keepalive_time.
The valid values are 3-7200 or 0 if both values are 0.
    min_hold_time Integer Min: 3
Max: 7200
Neighbor’s minimum hold time constraint in seconds.
min_hold_time should be less than hold_time.
    send_failure_hold_time Integer Min: 60
Max: 65535
Send failure hold time in seconds.
  distance Dictionary
    external_routes Integer Required Min: 1
Max: 255
    internal_routes Integer Required Min: 1
Max: 255
    local_routes Integer Required Min: 1
Max: 255
  graceful_restart Dictionary
    enabled Boolean
    restart_time Integer Min: 1
Max: 3600
Number of seconds.
    stalepath_time Integer Min: 1
Max: 3600
Number of seconds.
  graceful_restart_helper Dictionary
    enabled Boolean
    restart_time Integer Min: 1
Max: 100000000
Number of seconds
graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
restart-time will take precedence if both are configured.
    long_lived Boolean graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
restart-time will take precedence if both are configured.
  maximum_paths Dictionary
    paths Integer Required Min: 1
Max: 600
    ecmp Integer Min: 1
Max: 600
  updates Dictionary
    wait_for_convergence Boolean Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
    wait_install Boolean Do not advertise reachability to a prefix until that prefix has been installed in hardware.
This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
  bgp_cluster_id String IP Address A.B.C.D.
  bgp_defaults List, items: String BGP command as string.
    - <str> String
  bgp Dictionary
    default Dictionary
      ipv4_unicast Boolean Default activation of IPv4 unicast address-family on all IPv4 neighbors (EOS default = True).
      ipv4_unicast_transport_ipv6 Boolean Default activation of IPv4 unicast address-family on all IPv6 neighbors (EOS default == False).
    route_reflector_preserve_attributes Dictionary
      enabled Boolean
      always Boolean
    bestpath Dictionary
      d_path Boolean
    additional_paths Dictionary
      receive Boolean Enable or disable reception of additional-paths.
      send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
      send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
    redistribute_internal Boolean Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
  listen_ranges List, items: Dictionary Improved “listen_ranges” data model to support multiple listen ranges and additional filter capabilities.
    - prefix String IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
      peer_id_include_router_id Boolean Include router ID as part of peer filter.
      peer_group String Peer group name.
      peer_filter String Peer-filter name.
note: peer_filter or remote_as is required but mutually exclusive.
If both are defined, peer_filter takes precedence
      remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
  neighbor_default Dictionary
    send_community String Valid Values:
- all
- large
- extended
- standard
- extended large
- standard large
- standard extended
- standard extended large
  peer_groups List, items: Dictionary
    - name String Required, Unique Peer-group name.
      type String Key only used for documentation or validation purposes.
      remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      local_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      description String
      shutdown Boolean
      as_path Dictionary BGP AS-PATH options.
        remote_as_replace_out Boolean Replace AS number with local AS number.
        prepend_own_disabled Boolean Disable prepending own AS number to AS path.
      remove_private_as Dictionary Remove private AS numbers in outbound AS path.
        enabled Boolean
        all Boolean
        replace_as Boolean
      remove_private_as_ingress Dictionary
        enabled Boolean
        replace_as Boolean
      next_hop_unchanged Boolean
      update_source String IP address or interface name.
      route_reflector_client Boolean
      bfd Boolean Enable BFD.
      bfd_timers Dictionary Override default BFD timers. BFD must be enabled with bfd: true.
        interval Integer Required Min: 50
Max: 60000
Interval in milliseconds.
        min_rx Integer Required Min: 50
Max: 60000
Rate in milliseconds.
        multiplier Integer Required Min: 3
Max: 50
      ebgp_multihop Integer Min: 1
Max: 255
Time-to-live in range of hops.
      next_hop_self Boolean
      password String
      passive Boolean
      default_originate Dictionary
        enabled Boolean
        always Boolean
        route_map String Route-map name.
      send_community String ‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’.
      maximum_routes Integer Min: 0
Max: 4294967294
Maximum number of routes (0 means unlimited).
      maximum_routes_warning_limit String Maximum number of routes after which a warning is issued (0 means never warn) or
Percentage of maximum number of routes at which to warn (“<1-100> percent”).
      maximum_routes_warning_only Boolean
      missing_policy Dictionary Missing policy configuration for all address-families.
        direction_in Dictionary Missing policy inbound direction.
          action String Required Valid Values:
- deny
- permit
- deny-in-out
Missing policy action.
          include_community_list Boolean Include community-list references in missing policy decision.
          include_prefix_list Boolean Include prefix-list references in missing policy decision.
          include_sub_route_map Boolean Include sub-route-map references in missing policy decision.
        direction_out Dictionary Missing policy outbound direction.
          action String Required Valid Values:
- deny
- permit
- deny-in-out
Missing policy action.
          include_community_list Boolean Include community-list references in missing policy decision.
          include_prefix_list Boolean Include prefix-list references in missing policy decision.
          include_sub_route_map Boolean Include sub-route-map references in missing policy decision.
      link_bandwidth Dictionary
        enabled Boolean
        default String nn.nn(K
      allowas_in Dictionary
        enabled Boolean
        times Integer Min: 1
Max: 10
Number of local ASNs allowed in a BGP update.
      weight Integer Min: 0
Max: 65535
      timers String BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”.
      rib_in_pre_policy_retain Dictionary
        enabled Boolean
        all Boolean
      route_map_in String Inbound route-map name.
      route_map_out String Outbound route-map name.
      session_tracker String
      shared_secret Dictionary
        profile String Required Name of profile defined under management_security.
        hash_algorithm String Required Valid Values:
- aes-128-cmac-96
- hmac-sha-256
- hmac-sha1-96
Note: Algorithm hmac-sha-256 requires EOS version 4.31.1F and above.
      ttl_maximum_hops Integer Min: 0
Max: 254
Maximum number of hops.
      peer_filter removed String This key was removed. Support was removed in AVD version 5.0.0. Use router_bgp.listen_ranges[].peer_filter instead.
      bgp_listen_range_prefix removed String This key was removed. Support was removed in AVD version 5.0.0. Use router_bgp.listen_ranges[].bgp_listen_range_prefix instead.
  neighbors List, items: Dictionary
    - ip_address String Required, Unique
      peer_group String
      remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      local_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      as_path Dictionary BGP AS-PATH options.
        remote_as_replace_out Boolean Replace AS number with local AS number.
        prepend_own_disabled Boolean Disable prepending own AS number to AS path.
      peer String Key only used for documentation or validation purposes.
      description String
      route_reflector_client Boolean
      password String
      passive Boolean
      shutdown Boolean
      update_source String Source Interface.
      bfd Boolean Enable BFD.
      bfd_timers Dictionary Override default BFD timers. BFD must be enabled with bfd: true.
        interval Integer Required Min: 50
Max: 60000
Interval in milliseconds.
        min_rx Integer Required Min: 50
Max: 60000
Rate in milliseconds.
        multiplier Integer Required Min: 3
Max: 50
      weight Integer Min: 0
Max: 65535
      timers String BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”.
      route_map_in String Inbound route-map name.
      route_map_out String Outbound route-map name.
      default_originate Dictionary
        enabled Boolean
        always Boolean
        route_map String
      send_community String ‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’.
      maximum_routes Integer Min: 0
Max: 4294967294
Maximum number of routes (0 means unlimited).
      maximum_routes_warning_limit String Maximum number of routes after which a warning is issued (0 means never warn) or
Percentage of maximum number of routes at which to warn (“<1-100> percent”).
      maximum_routes_warning_only Boolean
      missing_policy Dictionary Missing policy configuration for all address-families.
        direction_in Dictionary Missing policy inbound direction.
          action String Required Valid Values:
- deny
- permit
- deny-in-out
Missing policy action.
          include_community_list Boolean Include community-list references in missing policy decision.
          include_prefix_list Boolean Include prefix-list references in missing policy decision.
          include_sub_route_map Boolean Include sub-route-map references in missing policy decision.
        direction_out Dictionary Missing policy outbound direction.
          action String Required Valid Values:
- deny
- permit
- deny-in-out
Missing policy action.
          include_community_list Boolean Include community-list references in missing policy decision.
          include_prefix_list Boolean Include prefix-list references in missing policy decision.
          include_sub_route_map Boolean Include sub-route-map references in missing policy decision.
      allowas_in Dictionary
        enabled Boolean
        times Integer Min: 1
Max: 10
Number of local ASNs allowed in a BGP update.
      ebgp_multihop Integer Min: 1
Max: 255
Time-to-live in range of hops.
      next_hop_self Boolean
      link_bandwidth Dictionary
        enabled Boolean
        default String nn.nn(K
      rib_in_pre_policy_retain Dictionary
        enabled Boolean
        all Boolean
      remove_private_as Dictionary Remove private AS numbers in outbound AS path.
        enabled Boolean
        all Boolean
        replace_as Boolean
      remove_private_as_ingress Dictionary
        enabled Boolean
        replace_as Boolean
      session_tracker String
      shared_secret Dictionary
        profile String Required Name of profile defined under management_security.
        hash_algorithm String Required Valid Values:
- aes-128-cmac-96
- hmac-sha-256
- hmac-sha1-96
Note: Algorithm hmac-sha-256 requires EOS version 4.31.1F and above.
      ttl_maximum_hops Integer Min: 0
Max: 254
Maximum number of hops.
  neighbor_interfaces List, items: Dictionary
    - name String Required, Unique Interface name.
      remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      peer String Key only used for documentation or validation purposes.
      peer_group String Peer-group name
      description String
      peer_filter String Peer-filter name.
  aggregate_addresses List, items: Dictionary
    - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
      advertise_only Boolean
      as_set Boolean
      summary_only Boolean
      attribute_map String Route-map name.
      match_map String Route-map name.
  redistribute Dictionary Redistribute routes in to BGP.
    attached_host Dictionary
      enabled Boolean Required
      route_map String
    bgp Dictionary
      enabled Boolean Required
      route_map String
    connected Dictionary
      enabled Boolean Required
      route_map String
      rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
      include_leaked Boolean Include following routes while redistributing.
    dynamic Dictionary
      enabled Boolean Required
      route_map String
      rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
    isis Dictionary
      enabled Boolean Required
      isis_level String Valid Values:
- level-1
- level-2
- level-1-2
Redistribute IS-IS route level.
      route_map String
      rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
      include_leaked Boolean Include following routes while redistributing.
    ospf Dictionary
      enabled Boolean Redistribute OSPF routes.
      match_external Dictionary Redistribute OSPF routes learned from external sources.
        enabled Boolean Required
        route_map String
        include_leaked Boolean Include following routes while redistributing.
      match_internal Dictionary Redistribute OSPF routes learned from internal sources.
        enabled Boolean Required
        route_map String
        include_leaked Boolean Include following routes while redistributing.
      match_nssa_external Dictionary Redistribute OSPF routes learned from external NSSA sources.
        enabled Boolean Required
        nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
        route_map String
        include_leaked Boolean Include following routes while redistributing.
      route_map String
      include_leaked Boolean Include following routes while redistributing.
    ospfv3 Dictionary
      enabled Boolean Redistribute OSPFv3 routes.
      match_external Dictionary Redistribute OSPFv3 routes learned from external sources.
        enabled Boolean Required
        route_map String
        include_leaked Boolean Include following routes while redistributing.
      match_internal Dictionary Redistribute OSPFv3 routes learned from internal sources.
        enabled Boolean Required
        route_map String
        include_leaked Boolean Include following routes while redistributing.
      match_nssa_external Dictionary Redistribute OSPFv3 routes learned from external NSSA sources.
        enabled Boolean Required
        nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
        route_map String
        include_leaked Boolean Include following routes while redistributing.
      route_map String
      include_leaked Boolean Include following routes while redistributing.
    rip Dictionary
      enabled Boolean Required
      route_map String
    static Dictionary
      enabled Boolean Required
      route_map String
      rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
      include_leaked Boolean Include following routes while redistributing.
    user Dictionary
      enabled Boolean Required
      rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
  redistribute_routes deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead.
    - source_protocol String Required Valid Values:
- attached-host
- bgp
- connected
- dynamic
- isis
- ospf
- ospfv3
- rip
- static
- user
      route_map String
      rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is one of connected, static, isis, user, dynamic.
      include_leaked Boolean
      ospf_route_type String Valid Values:
- external
- internal
- nssa-external
- nssa-external 1
- nssa-external 2
Routes learned by the OSPF protocol.
The ospf_route_type is valid for source_protocols ‘ospf’ and ‘ospfv3’.
  vlan_aware_bundles List, items: Dictionary
    - name String Required, Unique VLAN aware bundle name.
      tenant String Key only used for documentation or validation purposes.
      description String Key only used for documentation or validation purposes.
      rd String Route distinguisher.
      rd_evpn_domain Dictionary
        domain String Valid Values:
- remote
- all
        rd String Route distinguisher.
      route_targets Dictionary
        both List, items: String
          - <str> String
        import List, items: String
          - <str> String
        export List, items: String
          - <str> String
        import_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
        export_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
        import_export_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
      redistribute_routes List, items: String
        - <str> String
      no_redistribute_routes List, items: String
        - <str> String
      vlan String VLAN range as string. Example “100-200,300”.
      eos_cli String Multiline EOS CLI rendered directly on the Router BGP, VLAN-aware-bundle definition in the final EOS configuration.
  vlans List, items: Dictionary
    - id Integer Required, Unique
      tenant String Key only used for documentation or validation purposes.
      rd String Route distinguisher.
      rd_evpn_domain Dictionary
        domain String Valid Values:
- remote
- all
        rd String Route distinguisher.
      route_targets Dictionary
        both List, items: String
          - <str> String
        import List, items: String
          - <str> String
        export List, items: String
          - <str> String
        import_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
        export_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
        import_export_evpn_domains List, items: Dictionary
          - domain String Valid Values:
- remote
- all
            route_target String
      redistribute_routes List, items: String
        - <str> String
      no_redistribute_routes List, items: String
        - <str> String
      eos_cli String Multiline EOS CLI rendered directly on the Router BGP, VLAN definition in the final EOS configuration.
  vpws List, items: Dictionary
    - name String Required, Unique VPWS instance name.
      rd String Route distinguisher.
      route_targets Dictionary
        import_export String Route Target.
      mpls_control_word Boolean
      label_flow Boolean
      mtu Integer
      pseudowires List, items: Dictionary
        - name String Required, Unique Pseudowire name.
          id_local Integer Must match id_remote on other pe.
          id_remote Integer Must match id_local on other pe.
  address_family_evpn Dictionary
    domain_identifier String
    domain_identifier_remote String
    neighbor_default Dictionary
      encapsulation String Valid Values:
- vxlan
- mpls
- path-selection
Transport encapsulation for neighbor.
      next_hop_self_source_interface String Source interface name for MPLS encapsulation. Requires encapsulation to be set as mpls.
      next_hop_self_received_evpn_routes Dictionary
        enable Boolean
        inter_domain Boolean
    next_hop_mpls_resolution_ribs List, items: Dictionary Min Length: 1
Max Length: 3
Specify the RIBs used to resolve MPLS next-hops. The order of this list determines the order of RIB lookups.
      - rib_type String Required Valid Values:
- system-connected
- tunnel-rib-colored
- tunnel-rib
Type of RIB. For ‘tunnel-rib’, use ‘rib_name’ to specify the name of the Tunnel-RIB to use.
        rib_name String The name of the tunnel-rib to use when using ‘tunnel-rib’ type.
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        default_route Dictionary
          enabled Boolean
          rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
          route_map String
        additional_paths Dictionary
          receive Boolean Enable or disable reception of additional-paths.
          send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
          send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
        encapsulation String Valid Values:
- vxlan
- mpls
- path-selection
Transport encapsulation for the neighbor.
        next_hop_self_source_interface String Source interface name for MPLS encapsulation. Requires encapsulation to be set as mpls.
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        default_route Dictionary
          enabled Boolean
          rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
          route_map String
        domain_remote Boolean
        encapsulation String Valid Values:
- vxlan
- mpls
- path-selection
Transport encapsulation for the peer-group.
        additional_paths Dictionary
          receive Boolean Enable or disable reception of additional-paths.
          send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
          send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
    evpn_hostflap_detection Dictionary
      enabled Boolean
      window Integer Min: 0
Max: 4294967295
Time (in seconds) to detect a MAC duplication issue.
      threshold Integer Min: 0
Max: 4294967295
Minimum number of MAC moves that indicate a MAC Duplication issue.
      expiry_timeout Integer Min: 0
Max: 4294967295
Time (in seconds) to purge a MAC duplication issue.
    next_hop Dictionary
      resolution_disabled Boolean
    route Dictionary
      import_match_failure_action String Valid Values:
- discard
      import_ethernet_segment_ip_mass_withdraw Boolean
      import_overlay_index_gateway Boolean
      export_ethernet_segment_ip_mass_withdraw Boolean
    next_hop_unchanged Boolean
    bgp Dictionary
      additional_paths Dictionary
        receive Boolean Enable or disable reception of additional-paths.
        send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
        send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
    layer_2_fec_in_place_update Dictionary BGP layer-2 in-place FEC operation.
      enabled Boolean Required
      timeout Integer Min: 0
Max: 300
In-place FEC update tracking timeout in seconds.
    evpn_ethernet_segment List, items: Dictionary
      - domain String Required, Unique Valid Values:
- all
- local
- remote
        identifier String EVPN Ethernet Segment Identifier (Type 1 format).
        route_target_import String Low-order 6 bytes of ES-Import Route Target.
    bgp_additional_paths deprecated Dictionary BGP additional-paths commands.This key is deprecated. Support will be removed in AVD version 6.0.0. Use bgp.additional_paths instead.
      receive Boolean Receive multiple paths.
      send Dictionary Send multiple paths.
        any Boolean Any eligible path.
        backup Boolean Best path and installed backup path.
        ecmp Boolean All paths in best path ECMP group.
        ecmp_limit Integer Min: 2
Max: 64
Amount of ECMP paths to send.
        limit Integer Min: 2
Max: 64
Amount of paths to send.
  address_family_rtc Dictionary
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        default_route_target Dictionary
          only Boolean
          encoding_origin_as_omit String
  address_family_ipv4 Dictionary
    networks List, items: Dictionary
      - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
        route_map String Route-map name.
    bgp Dictionary
      additional_paths Dictionary
        install Boolean Install BGP backup path.
        install_ecmp_primary Boolean Allow additional path with ECMP primary path.
        receive Boolean Enable or disable reception of additional-paths.
        send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
        send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
      redistribute_internal Boolean Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        default_originate Dictionary
          always Boolean
          route_map String Route-map name.
        prefix_list_in String Inbound prefix-list name.
        prefix_list_out String Outbound prefix-list name.
        additional_paths Dictionary
          prefix_list String Apply the configurations only to the routes matching the prefix list.
          receive Boolean Enable or disable reception of additional-paths.
          send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
          send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
        next_hop Dictionary
          address_family_ipv6 Dictionary
            enabled Boolean Required
            originate Boolean
          address_family_ipv6_originate removed Boolean This key was removed. Support was removed in AVD version 5.0.0. Use address_family_ipv6 instead.
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        prefix_list_in String Inbound prefix-list name.
        prefix_list_out String Prefix-list name.
        default_originate Dictionary
          always Boolean
          route_map String
        additional_paths Dictionary
          prefix_list String Apply the configurations only to the routes matching the prefix list.
          receive Boolean Enable or disable reception of additional-paths.
          send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
          send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
    redistribute Dictionary Redistribute routes in to BGP.
      attached_host Dictionary
        enabled Boolean Required
        route_map String
      bgp Dictionary
        enabled Boolean Required
        route_map String
      connected Dictionary
        enabled Boolean Required
        route_map String
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
        include_leaked Boolean Include following routes while redistributing.
      dynamic Dictionary
        enabled Boolean Required
        route_map String
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
      isis Dictionary
        enabled Boolean Required
        isis_level String Valid Values:
- level-1
- level-2
- level-1-2
Redistribute IS-IS route level.
        route_map String
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
        include_leaked Boolean Include following routes while redistributing.
      ospf Dictionary
        enabled Boolean Redistribute OSPF routes.
        match_external Dictionary Redistribute OSPF routes learned from external sources.
          enabled Boolean Required
          route_map String
          include_leaked Boolean Include following routes while redistributing.
        match_internal Dictionary Redistribute OSPF routes learned from internal sources.
          enabled Boolean Required
          route_map String
          include_leaked Boolean Include following routes while redistributing.
        match_nssa_external Dictionary Redistribute OSPF routes learned from external NSSA sources.
          enabled Boolean Required
          nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
          route_map String
          include_leaked Boolean Include following routes while redistributing.
        route_map String
        include_leaked Boolean Include following routes while redistributing.
      ospfv3 Dictionary
        enabled Boolean Redistribute OSPFv3 routes.
        match_external Dictionary Redistribute OSPFv3 routes learned from external sources.
          enabled Boolean Required
          route_map String
          include_leaked Boolean Include following routes while redistributing.
        match_internal Dictionary Redistribute OSPFv3 routes learned from internal sources.
          enabled Boolean Required
          route_map String
          include_leaked Boolean Include following routes while redistributing.
        match_nssa_external Dictionary Redistribute OSPFv3 routes learned from external NSSA sources.
          enabled Boolean Required
          nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
          route_map String
          include_leaked Boolean Include following routes while redistributing.
        route_map String
        include_leaked Boolean Include following routes while redistributing.
      rip Dictionary
        enabled Boolean Required
        route_map String
      static Dictionary
        enabled Boolean Required
        route_map String
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
        include_leaked Boolean Include following routes while redistributing.
      user Dictionary
        enabled Boolean Required
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
    redistribute_routes deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead.
      - source_protocol String Required Valid Values:
- attached-host
- bgp
- connected
- dynamic
- isis
- ospf
- ospfv3
- rip
- static
- user
        route_map String
        include_leaked Boolean Only applicable if source_protocol is one of connected, static, isis, ospf, ospfv3.
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is one of connected, static, isis, user, dynamic.
        ospf_route_type String Valid Values:
- external
- internal
- nssa-external
- nssa-external 1
- nssa-external 2
Routes learned by the OSPF protocol.
The ospf_route_type is valid for source_protocols ‘ospf’ and ‘ospfv3’.
  address_family_ipv4_labeled_unicast Dictionary
    aigp_session Dictionary
      confederation Boolean
      ebgp Boolean
      ibgp Boolean
    bgp Dictionary
      additional_paths Dictionary
        receive Boolean Enable or disable reception of additional-paths.
        send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
        send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
      missing_policy Dictionary Missing policy configuration for all address-families.
        direction_in Dictionary Missing policy inbound direction.
          action String Required Valid Values:
- deny
- permit
- deny-in-out
Missing policy action.
          include_community_list Boolean Include community-list references in missing policy decision.
          include_prefix_list Boolean Include prefix-list references in missing policy decision.
          include_sub_route_map Boolean Include sub-route-map references in missing policy decision.
        direction_out Dictionary Missing policy outbound direction.
          action String Required Valid Values:
- deny
- permit
- deny-in-out
Missing policy action.
          include_community_list Boolean Include community-list references in missing policy decision.
          include_prefix_list Boolean Include prefix-list references in missing policy decision.
          include_sub_route_map Boolean Include sub-route-map references in missing policy decision.
      next_hop_unchanged Boolean
    graceful_restart Boolean
    label_local_termination String Valid Values:
- explicit-null
- implicit-null
    lfib_entry_installation_skipped Boolean Skip LFIB entry installation and next hop self route advertisements.
    neighbor_default Dictionary
      next_hop_self Boolean
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        additional_paths Dictionary
          receive Boolean Enable or disable reception of additional-paths.
          send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
          send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
        aigp_session Boolean
        graceful_restart Boolean
        graceful_restart_helper Dictionary
          stale_route_map String
        maximum_advertised_routes Integer Min: 0
Max: 4294967294
Maximum number of routes (0 means unlimited).
        maximum_advertised_routes_warning_limit String Maximum number of routes after which a warning is issued (0 means never warn) or
Percentage of maximum number of routes at which to warn (“<1-100> percent”).
        missing_policy Dictionary Missing policy configuration for BGP Labeled-Unicast neighbor.
          direction_in Dictionary Missing policy inbound direction.
            action String Required Valid Values:
- deny
- permit
- deny-in-out
Missing policy action.
            include_community_list Boolean Include community-list references in missing policy decision.
            include_prefix_list Boolean Include prefix-list references in missing policy decision.
            include_sub_route_map Boolean Include sub-route-map references in missing policy decision.
          direction_out Dictionary Missing policy outbound direction.
            action String Required Valid Values:
- deny
- permit
- deny-in-out
Missing policy action.
            include_community_list Boolean Include community-list references in missing policy decision.
            include_prefix_list Boolean Include prefix-list references in missing policy decision.
            include_sub_route_map Boolean Include sub-route-map references in missing policy decision.
        multi_path Boolean
        next_hop_resolution removed Dictionary This key was removed. Support was removed in AVD version 5.0.0.
        next_hop_self Boolean
        next_hop_self_source_interface String Source interface name.
        next_hop_self_v4_mapped_v6_source_interface String v4-mapped-v6 source interface name. Takes precedence over the next_hop_self_source_interface.
        next_hop_unchanged Boolean
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        additional_paths Dictionary
          receive Boolean Enable or disable reception of additional-paths.
          send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
          send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
        aigp_session Boolean
        graceful_restart Boolean
        graceful_restart_helper Dictionary
          stale_route_map String
        maximum_advertised_routes Integer Min: 0
Max: 4294967294
Maximum number of routes (0 means unlimited).
        maximum_advertised_routes_warning_limit String Maximum number of routes after which a warning is issued (0 means never warn) or
Percentage of maximum number of routes at which to warn (“<1-100> percent”).
        missing_policy Dictionary Missing policy configuration for BGP Labeled-Unicast neighbor.
          direction_in Dictionary Missing policy inbound direction.
            action String Required Valid Values:
- deny
- permit
- deny-in-out
Missing policy action.
            include_community_list Boolean Include community-list references in missing policy decision.
            include_prefix_list Boolean Include prefix-list references in missing policy decision.
            include_sub_route_map Boolean Include sub-route-map references in missing policy decision.
          direction_out Dictionary Missing policy outbound direction.
            action String Required Valid Values:
- deny
- permit
- deny-in-out
Missing policy action.
            include_community_list Boolean Include community-list references in missing policy decision.
            include_prefix_list Boolean Include prefix-list references in missing policy decision.
            include_sub_route_map Boolean Include sub-route-map references in missing policy decision.
        multi_path Boolean
        next_hop_resolution removed Dictionary This key was removed. Support was removed in AVD version 5.0.0.
        next_hop_self Boolean
        next_hop_self_source_interface String Source interface name.
        next_hop_self_v4_mapped_v6_source_interface String v4-mapped-v6 source interface name. Takes precedence over the next_hop_self_source_interface.
        next_hop_unchanged Boolean
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
    networks List, items: Dictionary Min Length: 1
      - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
        route_map String Route-map name.
    next_hops List, items: Dictionary Min Length: 1
      - ip_address String Required, Unique
        lfib_backup_ip_forwarding Boolean
    next_hop_resolution_ribs List, items: Dictionary Min Length: 1
Max Length: 3
Specify the RIBs used to resolve next-hops. The order of this list determines the order of RIB lookups.
      - rib_type String Required Valid Values:
- system-connected
- tunnel-rib-colored
- tunnel-rib
Type of RIB. For ‘tunnel-rib’, use ‘rib_name’ to specify the name of the Tunnel-RIB to use.
        rib_name String The name of the tunnel-rib to use when using ‘tunnel-rib’ type.
    tunnel_source_protocols List, items: Dictionary Min Length: 1
Max Length: 2
      - protocol String Required, Unique Valid Values:
- isis segment-routing
- ldp
        rcf String Optional RCF function name with parenthesis.
Example: MyFunction(myarg).
    update_wait_for_convergence Boolean Wait for BGP to converge before sending out any route updates.
  address_family_ipv4_multicast Dictionary
    bgp Dictionary
      additional_paths Dictionary
        receive Boolean
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        additional_paths Dictionary
          receive Boolean
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        additional_paths Dictionary
          receive Boolean
    redistribute Dictionary Redistribute routes in to BGP.
      attached_host Dictionary
        enabled Boolean Required
        route_map String
      connected Dictionary
        enabled Boolean Required
        route_map String
      isis Dictionary
        enabled Boolean Required
        isis_level String Valid Values:
- level-1
- level-2
- level-1-2
Redistribute IS-IS route level.
        route_map String
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
        include_leaked Boolean Include following routes while redistributing.
      ospf Dictionary
        enabled Boolean Redistribute OSPF routes.
        match_external Dictionary Redistribute OSPF routes learned from external sources.
          enabled Boolean Required
          route_map String
        match_internal Dictionary Redistribute OSPF routes learned from internal sources.
          enabled Boolean Required
          route_map String
        match_nssa_external Dictionary Redistribute OSPF routes learned from external NSSA sources.
          enabled Boolean Required
          nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
          route_map String
        route_map String
      ospfv3 Dictionary
        enabled Boolean Redistribute OSPFv3 routes.
        match_external Dictionary Redistribute OSPFv3 routes learned from external sources.
          enabled Boolean Required
          route_map String
        match_internal Dictionary Redistribute OSPFv3 routes learned from internal sources.
          enabled Boolean Required
          route_map String
        match_nssa_external Dictionary Redistribute OSPFv3 routes learned from external NSSA sources.
          enabled Boolean Required
          nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
          route_map String
        route_map String
      static Dictionary
        enabled Boolean Required
        route_map String
    redistribute_routes deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead.
      - source_protocol String Required
        route_map String
        include_leaked Boolean Only applicable if source_protocol is isis.
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is isis.
        ospf_route_type String Valid Values:
- external
- internal
- nssa-external
- nssa-external 1
- nssa-external 2
Routes learned by the OSPF protocol.
The ospf_route_type is valid for source_protocols ‘ospf’ and ‘ospfv3’.
  address_family_ipv4_sr_te Dictionary
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
  address_family_ipv6 Dictionary
    networks List, items: Dictionary
      - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
        route_map String Route-map name.
    bgp Dictionary
      redistribute_internal Boolean Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
      additional_paths Dictionary
        install Boolean Install BGP backup path.
        install_ecmp_primary Boolean Allow additional path with ECMP primary path.
        receive Boolean Enable or disable reception of additional-paths.
        send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
        send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        prefix_list_in String Inbound prefix-list name.
        prefix_list_out String Outbound prefix-list name.
        additional_paths Dictionary
          prefix_list String Apply the configurations only to the routes matching the prefix list.
          receive Boolean Enable or disable reception of additional-paths.
          send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
          send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        prefix_list_in String Inbound prefix-list name.
        prefix_list_out String Outbound prefix-list name.
        additional_paths Dictionary
          prefix_list String Apply the configurations only to the routes matching the prefix list.
          receive Boolean Enable or disable reception of additional-paths.
          send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
          send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
    redistribute Dictionary Redistribute routes in to BGP.
      attached_host Dictionary
        enabled Boolean Required
        route_map String
      bgp Dictionary
        enabled Boolean Required
        route_map String
      connected Dictionary
        enabled Boolean Required
        route_map String
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
        include_leaked Boolean Include following routes while redistributing.
      dhcp Dictionary
        enabled Boolean Required
        route_map String
      dynamic Dictionary
        enabled Boolean Required
        route_map String
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
      isis Dictionary
        enabled Boolean Required
        isis_level String Valid Values:
- level-1
- level-2
- level-1-2
Redistribute IS-IS route level.
        route_map String
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
        include_leaked Boolean Include following routes while redistributing.
      ospfv3 Dictionary
        enabled Boolean Redistribute OSPFv3 routes.
        match_external Dictionary Redistribute OSPFv3 routes learned from external sources.
          enabled Boolean Required
          route_map String
          include_leaked Boolean Include following routes while redistributing.
        match_internal Dictionary Redistribute OSPFv3 routes learned from internal sources.
          enabled Boolean Required
          route_map String
          include_leaked Boolean Include following routes while redistributing.
        match_nssa_external Dictionary Redistribute OSPFv3 routes learned from external NSSA sources.
          enabled Boolean Required
          nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
          route_map String
          include_leaked Boolean Include following routes while redistributing.
        route_map String
        include_leaked Boolean Include following routes while redistributing.
      static Dictionary
        enabled Boolean Required
        route_map String
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
        include_leaked Boolean Include following routes while redistributing.
      user Dictionary
        enabled Boolean Required
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
    redistribute_routes deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead.
      - source_protocol String Required
        route_map String
        include_leaked Boolean
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only used if source_protocol is one of connected, static, isis, user, dynamic.
        ospf_route_type String Valid Values:
- external
- internal
- nssa-external
- nssa-external 1
- nssa-external 2
Routes learned by the OSPF protocol.
The ospf_route_type is valid for source_protocols ‘ospfv3’.
  address_family_ipv6_multicast Dictionary
    bgp Dictionary
      missing_policy Dictionary
        direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
        direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
      additional_paths Dictionary
        receive Boolean
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        additional_paths Dictionary
          receive Boolean
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        additional_paths Dictionary
          receive Boolean
    networks List, items: Dictionary
      - prefix String Required, Unique IPv6 prefix “A:B:C:D:E:F:G:H/I”.
        route_map String
    redistribute Dictionary Redistribute routes in to BGP.
      connected Dictionary
        enabled Boolean Required
        route_map String
      isis Dictionary
        enabled Boolean Required
        isis_level String Valid Values:
- level-1
- level-2
- level-1-2
Redistribute IS-IS route level.
        route_map String
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
        include_leaked Boolean Include following routes while redistributing.
      ospf Dictionary
        enabled Boolean Redistribute OSPF routes.
        match_external Dictionary Redistribute OSPF routes learned from external sources.
          enabled Boolean Required
          route_map String
        match_internal Dictionary Redistribute OSPF routes learned from internal sources.
          enabled Boolean Required
          route_map String
        match_nssa_external Dictionary Redistribute OSPF routes learned from external NSSA sources.
          enabled Boolean Required
          nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
          route_map String
        route_map String
      ospfv3 Dictionary
        enabled Boolean Redistribute OSPFv3 routes.
        match_external Dictionary Redistribute OSPFv3 routes learned from external sources.
          enabled Boolean Required
          route_map String
        match_internal Dictionary Redistribute OSPFv3 routes learned from internal sources.
          enabled Boolean Required
          route_map String
        match_nssa_external Dictionary Redistribute OSPFv3 routes learned from external NSSA sources.
          enabled Boolean Required
          nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
          route_map String
        route_map String
      static Dictionary
        enabled Boolean Required
        route_map String
    redistribute_routes deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead.
      - source_protocol String Required Valid Values:
- connected
- isis
- ospf
- ospfv3
- static
        include_leaked Boolean Only applicable if source_protocol is isis.
        route_map String
        rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is isis.
        ospf_route_type String Valid Values:
- external
- internal
- nssa-external
- nssa-external 1
- nssa-external 2
Routes learned by the OSPF protocol.
The ospf_route_type is valid for source_protocols ‘ospf’ and ‘ospfv3’.
  address_family_ipv6_sr_te Dictionary
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
  address_family_link_state Dictionary
    bgp Dictionary
      missing_policy Dictionary
        direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
        direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        missing_policy Dictionary
          direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
          direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        missing_policy Dictionary
          direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
          direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
    path_selection Dictionary
      roles Dictionary
        producer Boolean
        consumer Boolean
        propagator Boolean
  address_family_flow_spec_ipv4 Dictionary
    bgp Dictionary
      missing_policy Dictionary
        direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
        direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
  address_family_flow_spec_ipv6 Dictionary
    bgp Dictionary
      missing_policy Dictionary
        direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
        direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
  address_family_path_selection Dictionary
    bgp Dictionary
      additional_paths Dictionary
        receive Boolean Enable or disable reception of additional-paths.
        send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
        send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        additional_paths Dictionary
          receive Boolean Enable or disable reception of additional-paths.
          send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
          send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        additional_paths Dictionary
          receive Boolean Enable or disable reception of additional-paths.
          send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
          send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
  address_family_vpn_ipv4 Dictionary
    domain_identifier String
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        default_route Dictionary
          enabled Boolean
          rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
          route_map String
    route Dictionary
      import_match_failure_action String Valid Values:
- discard
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        default_route Dictionary
          enabled Boolean
          rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
          route_map String
    neighbor_default_encapsulation_mpls_next_hop_self Dictionary
      source_interface String
  address_family_vpn_ipv6 Dictionary
    domain_identifier String
    peer_groups List, items: Dictionary
      - name String Required, Unique Peer-group name.
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        default_route Dictionary
          enabled Boolean
          rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
          route_map String
    route Dictionary
      import_match_failure_action String Valid Values:
- discard
    neighbors List, items: Dictionary
      - ip_address String Required, Unique
        activate Boolean
        route_map_in String Inbound route-map name.
        route_map_out String Outbound route-map name.
        rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
        default_route Dictionary
          enabled Boolean
          rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
          route_map String
    neighbor_default_encapsulation_mpls_next_hop_self Dictionary
      source_interface String
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name.
      bgp Dictionary
        redistribute_internal Boolean Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
        additional_paths Dictionary
          install Boolean Install BGP backup path.
          install_ecmp_primary Boolean Allow additional path with ECMP primary path.
          receive Boolean Enable or disable reception of additional-paths.
          send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
          send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
      rd String Route distinguisher.
      evpn_multicast Boolean
      evpn_multicast_address_family Dictionary Enable per-AF EVPN multicast settings.
        ipv4 Dictionary
          transit Boolean Enable EVPN multicast transit mode.
      evpn_multicast_gateway_dr_election Dictionary
        algorithm String Required Valid Values:
- hrw
- modulus
- preference
DR election algorithms:
hrw: Default selection based on highest random weight.
modulus: Selection based on VLAN ID modulo number of candidates.
preference: Selection based on a configured preference value.
        preference_value Integer Min: 0
Max: 65535
Required when algorithm is preference.
      default_route_exports List, items: Dictionary Enable default-originate per VRF/address-family.
        - address_family String Required, Unique Valid Values:
- evpn
- vpn-ipv4
- vpn-ipv6
          always Boolean
          route_map String
          rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
      route_targets Dictionary
        import List, items: Dictionary
          - address_family String Required, Unique
            route_targets List, items: String
              - <str> String
            route_map String Only applicable if address_family is one of evpn, vpn-ipv4 or vpn-ipv6.
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
Only applicable if address_family is one of evpn, vpn-ipv4 or vpn-ipv6.
            vpn_route_filter_rcf String RCF function name with parenthesis for filtering VPN routes. Also requires rcf to be set.
Example: MyFunction(myarg).
Only applicable if address_family is one of vpn-ipv4 or vpn-ipv6.
        export List, items: Dictionary
          - address_family String Required, Unique
            route_targets List, items: String
              - <str> String
            route_map String Only applicable if address_family is one of evpn, vpn-ipv4 or vpn-ipv6.
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
Only applicable if address_family is one of evpn, vpn-ipv4 or vpn-ipv6.
            vpn_route_filter_rcf String RCF function name with parenthesis for filtering VPN routes. Also requires rcf to be set.
Example: MyFunction(myarg).
Only applicable if address_family is one of vpn-ipv4 or vpn-ipv6.
      router_id String in IP address format A.B.C.D.
      timers String BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”.
      networks List, items: Dictionary
        - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
          route_map String
      maximum_paths Dictionary
        paths Integer Required Min: 1
Max: 600
        ecmp Integer Min: 1
Max: 600
      updates Dictionary
        wait_for_convergence Boolean Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
        wait_install Boolean Do not advertise reachability to a prefix until that prefix has been installed in hardware.
This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
      listen_ranges List, items: Dictionary Improved “listen_ranges” data model to support multiple listen ranges and additional filter capabilities.
        - prefix String IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
          peer_id_include_router_id Boolean Include router ID as part of peer filter.
          peer_group String Peer-group name.
          peer_filter String Peer-filter name.
note: peer_filter`` orremote_as` is required but mutually exclusive.
If both are defined, peer_filter takes precedence.
          remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      neighbors List, items: Dictionary
        - ip_address String Required, Unique
          peer_group String Peer-group name.
          remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          password String
          passive Boolean
          remove_private_as Dictionary Remove private AS numbers in outbound AS path.
            enabled Boolean
            all Boolean
            replace_as Boolean
          remove_private_as_ingress Dictionary
            enabled Boolean
            replace_as Boolean
          weight Integer Min: 0
Max: 65535
          local_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          as_path Dictionary BGP AS-PATH options.
            remote_as_replace_out Boolean Replace AS number with local AS number.
            prepend_own_disabled Boolean Disable prepending own AS number to AS path.
          description String
          route_reflector_client Boolean
          ebgp_multihop Integer Min: 1
Max: 255
Time-to-live in range of hops.
          next_hop_self Boolean
          shutdown Boolean
          bfd Boolean Enable BFD.
          bfd_timers Dictionary Override default BFD timers. BFD must be enabled with bfd: true.
            interval Integer Required Min: 50
Max: 60000
Interval in milliseconds.
            min_rx Integer Required Min: 50
Max: 60000
Rate in milliseconds.
            multiplier Integer Required Min: 3
Max: 50
          timers String BGP Keepalive and Hold Timer values in seconds as string “<0-3600> <0-3600>”.
          rib_in_pre_policy_retain Dictionary
            enabled Boolean
            all Boolean
          send_community String ‘all’ or a combination of ‘standard’, ‘extended’, ‘large’ and ‘link-bandwidth (w/options)’.
          maximum_routes Integer
          maximum_routes_warning_limit String Maximum number of routes after which a warning is issued (0 means never warn) or
Percentage of maximum number of routes at which to warn (“<1-100> percent”).
          maximum_routes_warning_only Boolean
          allowas_in Dictionary
            enabled Boolean
            times Integer Min: 1
Max: 10
Number of local ASNs allowed in a BGP update.
          default_originate Dictionary
            enabled Boolean
            always Boolean
            route_map String
          update_source String
          route_map_in String Inbound route-map name.
          route_map_out String Outbound route-map name.
          additional_paths Dictionary
            receive Boolean Enable or disable reception of additional-paths.
            send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
            send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
          prefix_list_in removed String Inbound prefix-list name.This key was removed. Support was removed in AVD version 5.0.0. Use router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_in or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_in instead.
          prefix_list_out removed String Outbound prefix-list name.This key was removed. Support was removed in AVD version 5.0.0. Use router_bgp.vrfs[].address_family_ipv4.neighbors[].prefix_list_out or router_bgp.vrfs[].address_family_ipv6.neighbors[].prefix_list_out instead.
      neighbor_interfaces List, items: Dictionary
        - name String Required, Unique Interface name.
          remote_as String BGP AS <1-4294967295> or AS number in asdot notation “<1-65535>.<0-65535>”.
For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          peer_group String Peer-group name.
          peer_filter String Peer-filter name.
          description String
      redistribute Dictionary Redistribute routes in to BGP.
        attached_host Dictionary
          enabled Boolean Required
          route_map String
        bgp Dictionary
          enabled Boolean Required
          route_map String
        connected Dictionary
          enabled Boolean Required
          route_map String
          rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
          include_leaked Boolean Include following routes while redistributing.
        dynamic Dictionary
          enabled Boolean Required
          route_map String
          rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
        isis Dictionary
          enabled Boolean Required
          isis_level String Valid Values:
- level-1
- level-2
- level-1-2
Redistribute IS-IS route level.
          route_map String
          rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
          include_leaked Boolean Include following routes while redistributing.
        ospf Dictionary
          enabled Boolean Redistribute OSPF routes.
          match_external Dictionary Redistribute OSPF routes learned from external sources.
            enabled Boolean Required
            route_map String
            include_leaked Boolean Include following routes while redistributing.
          match_internal Dictionary Redistribute OSPF routes learned from internal sources.
            enabled Boolean Required
            route_map String
            include_leaked Boolean Include following routes while redistributing.
          match_nssa_external Dictionary Redistribute OSPF routes learned from external NSSA sources.
            enabled Boolean Required
            nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
            route_map String
            include_leaked Boolean Include following routes while redistributing.
          route_map String
          include_leaked Boolean Include following routes while redistributing.
        ospfv3 Dictionary
          enabled Boolean Redistribute OSPFv3 routes.
          match_external Dictionary Redistribute OSPFv3 routes learned from external sources.
            enabled Boolean Required
            route_map String
            include_leaked Boolean Include following routes while redistributing.
          match_internal Dictionary Redistribute OSPFv3 routes learned from internal sources.
            enabled Boolean Required
            route_map String
            include_leaked Boolean Include following routes while redistributing.
          match_nssa_external Dictionary Redistribute OSPFv3 routes learned from external NSSA sources.
            enabled Boolean Required
            nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
            route_map String
            include_leaked Boolean Include following routes while redistributing.
          route_map String
          include_leaked Boolean Include following routes while redistributing.
        rip Dictionary
          enabled Boolean Required
          route_map String
        static Dictionary
          enabled Boolean Required
          route_map String
          rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
          include_leaked Boolean Include following routes while redistributing.
        user Dictionary
          enabled Boolean Required
          rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
      redistribute_routes deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead.
        - source_protocol String Required
          route_map String
          include_leaked Boolean
          rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is one of connected, dynamic, isis, static and user.
          ospf_route_type String Valid Values:
- external
- internal
- nssa-external
- nssa-external 1
- nssa-external 2
Routes learned by the OSPF protocol.
The ospf_route_type is valid for source_protocols ‘ospf’ and ‘ospfv3’.
      aggregate_addresses List, items: Dictionary
        - prefix String Required, Unique IPv4 prefix “A.B.C.D/E” or IPv6 prefix “A:B:C:D:E:F:G:H/I”.
          advertise_only Boolean
          as_set Boolean
          summary_only Boolean
          attribute_map String
          match_map String
      address_family_ipv4 Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
          additional_paths Dictionary
            install Boolean Install BGP backup path.
            install_ecmp_primary Boolean Allow additional path with ECMP primary path.
            receive Boolean Enable or disable reception of additional-paths.
            send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
            send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
          redistribute_internal Boolean Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
            route_map_in String Inbound route-map name.
            route_map_out String Outbound route-map name.
            rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
            rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
            prefix_list_in String Inbound prefix-list name.
            prefix_list_out String Outbound prefix-list name.
            next_hop Dictionary
              address_family_ipv6 Dictionary
                enabled Boolean Required
                originate Boolean
            additional_paths Dictionary
              receive Boolean Enable or disable reception of additional-paths.
              send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
              send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
        networks List, items: Dictionary
          - prefix String Required, Unique IPv4 prefix “A.B.C.D/E”.
            route_map String
        redistribute Dictionary Redistribute routes in to BGP.
          attached_host Dictionary
            enabled Boolean Required
            route_map String
          bgp Dictionary
            enabled Boolean Required
            route_map String
          connected Dictionary
            enabled Boolean Required
            route_map String
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
            include_leaked Boolean Include following routes while redistributing.
          dynamic Dictionary
            enabled Boolean Required
            route_map String
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
          isis Dictionary
            enabled Boolean Required
            isis_level String Valid Values:
- level-1
- level-2
- level-1-2
Redistribute IS-IS route level.
            route_map String
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
            include_leaked Boolean Include following routes while redistributing.
          ospf Dictionary
            enabled Boolean Redistribute OSPF routes.
            match_external Dictionary Redistribute OSPF routes learned from external sources.
              enabled Boolean Required
              route_map String
              include_leaked Boolean Include following routes while redistributing.
            match_internal Dictionary Redistribute OSPF routes learned from internal sources.
              enabled Boolean Required
              route_map String
              include_leaked Boolean Include following routes while redistributing.
            match_nssa_external Dictionary Redistribute OSPF routes learned from external NSSA sources.
              enabled Boolean Required
              nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
              route_map String
              include_leaked Boolean Include following routes while redistributing.
            route_map String
            include_leaked Boolean Include following routes while redistributing.
          ospfv3 Dictionary
            enabled Boolean Redistribute OSPFv3 routes.
            match_external Dictionary Redistribute OSPFv3 routes learned from external sources.
              enabled Boolean Required
              route_map String
              include_leaked Boolean Include following routes while redistributing.
            match_internal Dictionary Redistribute OSPFv3 routes learned from internal sources.
              enabled Boolean Required
              route_map String
              include_leaked Boolean Include following routes while redistributing.
            match_nssa_external Dictionary Redistribute OSPFv3 routes learned from external NSSA sources.
              enabled Boolean Required
              nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
              route_map String
              include_leaked Boolean Include following routes while redistributing.
            route_map String
            include_leaked Boolean Include following routes while redistributing.
          rip Dictionary
            enabled Boolean Required
            route_map String
          static Dictionary
            enabled Boolean Required
            route_map String
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
            include_leaked Boolean Include following routes while redistributing.
          user Dictionary
            enabled Boolean Required
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
        redistribute_routes deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead.
          - source_protocol String Required Valid Values:
- attached-host
- bgp
- connected
- dynamic
- isis
- ospf
- ospfv3
- rip
- static
- user
            route_map String
            include_leaked Boolean
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is one of connected, dynamic, isis, static and user.
            ospf_route_type String Valid Values:
- external
- internal
- nssa-external
- nssa-external 1
- nssa-external 2
Routes learned by the OSPF protocol.
The ospf_route_type is valid for source_protocols ‘ospf’ and ‘ospfv3’.
      address_family_ipv6 Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
          additional_paths Dictionary
            install Boolean Install BGP backup path.
            install_ecmp_primary Boolean Allow additional path with ECMP primary path.
            receive Boolean Enable or disable reception of additional-paths.
            send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
            send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
          redistribute_internal Boolean Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
            route_map_in String Inbound route-map name.
            route_map_out String Outbound route-map name.
            rcf_in String Inbound RCF function name with parenthesis.
Example: MyFunction(myarg).
            rcf_out String Outbound RCF function name with parenthesis.
Example: MyFunction(myarg).
            prefix_list_in String Inbound prefix-list name.
            prefix_list_out String Outbound prefix-list name.
            additional_paths Dictionary
              receive Boolean Enable or disable reception of additional-paths.
              send String Valid Values:
- any
- backup
- ecmp
- limit
- disabled
Select an option to send multiple paths for same prefix through bgp updates.
any: Send any eligible path.
backup: Best path and installed backup path.
ecmp: All paths in best path ECMP group.
limit: Limit to n eligible paths.
disabled: Disable sending any paths.
              send_limit Integer Min: 2
Max: 64
Number of paths to send through bgp updates. For this setting, send must be set to limit or ecmp.
        networks List, items: Dictionary
          - prefix String Required, Unique IPv6 prefix “A:B:C:D:E:F:G:H/I”.
            route_map String
        redistribute Dictionary Redistribute routes in to BGP.
          attached_host Dictionary
            enabled Boolean Required
            route_map String
          bgp Dictionary
            enabled Boolean Required
            route_map String
          connected Dictionary
            enabled Boolean Required
            route_map String
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
            include_leaked Boolean Include following routes while redistributing.
          dhcp Dictionary
            enabled Boolean Required
            route_map String
          dynamic Dictionary
            enabled Boolean Required
            route_map String
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
          isis Dictionary
            enabled Boolean Required
            isis_level String Valid Values:
- level-1
- level-2
- level-1-2
Redistribute IS-IS route level.
            route_map String
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
            include_leaked Boolean Include following routes while redistributing.
          ospfv3 Dictionary
            enabled Boolean Redistribute OSPFv3 routes.
            match_external Dictionary Redistribute OSPFv3 routes learned from external sources.
              enabled Boolean Required
              route_map String
              include_leaked Boolean Include following routes while redistributing.
            match_internal Dictionary Redistribute OSPFv3 routes learned from internal sources.
              enabled Boolean Required
              route_map String
              include_leaked Boolean Include following routes while redistributing.
            match_nssa_external Dictionary Redistribute OSPFv3 routes learned from external NSSA sources.
              enabled Boolean Required
              nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
              route_map String
              include_leaked Boolean Include following routes while redistributing.
            route_map String
            include_leaked Boolean Include following routes while redistributing.
          static Dictionary
            enabled Boolean Required
            route_map String
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
            include_leaked Boolean Include following routes while redistributing.
          user Dictionary
            enabled Boolean Required
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
        redistribute_routes deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead.
          - source_protocol String Required Valid Values:
- attached-host
- bgp
- connected
- dhcp
- dynamic
- isis
- ospfv3
- static
- user
            route_map String
            include_leaked Boolean
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is one of connected, dynamic, isis, static and user.
            ospf_route_type String Valid Values:
- external
- internal
- nssa-external
- nssa-external 1
- nssa-external 2
Routes learned by the OSPF protocol.
The ospf_route_type is valid for source_protocols ‘ospfv3’.
      address_family_ipv4_multicast Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
          additional_paths Dictionary
            receive Boolean
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
            route_map_in String Inbound route-map name.
            route_map_out String Outbound route-map name.
            additional_paths Dictionary
              receive Boolean
        networks List, items: Dictionary
          - prefix String Required, Unique IPv6 prefix “A.B.C.D/E”.
            route_map String
        redistribute Dictionary Redistribute routes in to BGP.
          attached_host Dictionary
            enabled Boolean Required
            route_map String
          connected Dictionary
            enabled Boolean Required
            route_map String
          isis Dictionary
            enabled Boolean Required
            isis_level String Valid Values:
- level-1
- level-2
- level-1-2
Redistribute IS-IS route level.
            route_map String
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
            include_leaked Boolean Include following routes while redistributing.
          ospf Dictionary
            enabled Boolean Redistribute OSPF routes.
            match_external Dictionary Redistribute OSPF routes learned from external sources.
              enabled Boolean Required
              route_map String
            match_internal Dictionary Redistribute OSPF routes learned from internal sources.
              enabled Boolean Required
              route_map String
            match_nssa_external Dictionary Redistribute OSPF routes learned from external NSSA sources.
              enabled Boolean Required
              nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
              route_map String
            route_map String
          ospfv3 Dictionary
            enabled Boolean Redistribute OSPFv3 routes.
            match_external Dictionary Redistribute OSPFv3 routes learned from external sources.
              enabled Boolean Required
              route_map String
              include_leaked Boolean Include following routes while redistributing.
            match_internal Dictionary Redistribute OSPFv3 routes learned from internal sources.
              enabled Boolean Required
              route_map String
              include_leaked Boolean Include following routes while redistributing.
            match_nssa_external Dictionary Redistribute OSPFv3 routes learned from external NSSA sources.
              enabled Boolean Required
              nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
              route_map String
              include_leaked Boolean Include following routes while redistributing.
            route_map String
            include_leaked Boolean Include following routes while redistributing.
          static Dictionary
            enabled Boolean Required
            route_map String
        redistribute_routes deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead.
          - source_protocol String Required Valid Values:
- attached-host
- connected
- isis
- ospf
- ospfv3
- static
            route_map String
            include_leaked Boolean Only applicable if source_protocol is isis.
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is isis.
            ospf_route_type String Valid Values:
- external
- internal
- nssa-external
- nssa-external 1
- nssa-external 2
Routes learned by the OSPF protocol.
The ospf_route_type is valid for source_protocols ‘ospf’ and ‘ospfv3’.
      address_family_ipv6_multicast Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
          additional_paths Dictionary
            receive Boolean
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
            route_map_in String Inbound route-map name.
            route_map_out String Outbound route-map name.
            additional_paths Dictionary
              receive Boolean
        networks List, items: Dictionary
          - prefix String Required, Unique IPv6 prefix “A:B:C:D:E:F:G:H/I”.
            route_map String
        redistribute Dictionary Redistribute routes in to BGP.
          connected Dictionary
            enabled Boolean Required
            route_map String
          isis Dictionary
            enabled Boolean Required
            isis_level String Valid Values:
- level-1
- level-2
- level-1-2
Redistribute IS-IS route level.
            route_map String
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
            include_leaked Boolean Include following routes while redistributing.
          ospf Dictionary
            enabled Boolean Redistribute OSPF routes.
            match_external Dictionary Redistribute OSPF routes learned from external sources.
              enabled Boolean Required
              route_map String
            match_internal Dictionary Redistribute OSPF routes learned from internal sources.
              enabled Boolean Required
              route_map String
            match_nssa_external Dictionary Redistribute OSPF routes learned from external NSSA sources.
              enabled Boolean Required
              nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
              route_map String
            route_map String
          ospfv3 Dictionary
            enabled Boolean Redistribute OSPFv3 routes.
            match_external Dictionary Redistribute OSPFv3 routes learned from external sources.
              enabled Boolean Required
              route_map String
            match_internal Dictionary Redistribute OSPFv3 routes learned from internal sources.
              enabled Boolean Required
              route_map String
            match_nssa_external Dictionary Redistribute OSPFv3 routes learned from external NSSA sources.
              enabled Boolean Required
              nssa_type Integer Valid Values:
- 1
- 2
NSSA External Type Number.
              route_map String
            route_map String
          static Dictionary
            enabled Boolean Required
            route_map String
        redistribute_routes deprecated List, items: Dictionary This key is deprecated. Support will be removed in AVD version 6.0.0. Use redistribute instead.
          - source_protocol String Required Valid Values:
- connected
- isis
- ospf
- ospfv3
- static
            route_map String
            include_leaked Boolean Only applicable if source_protocol is isis.
            rcf String RCF function name with parenthesis.
Example: MyFunction(myarg).
route_map and rcf are mutually exclusive. route_map takes precedence.
Only applicable if source_protocol is isis.
            ospf_route_type String Valid Values:
- external
- internal
- nssa-external
- nssa-external 1
- nssa-external 2
Routes learned by the OSPF protocol.
The ospf_route_type is valid for source_protocols ‘ospf’ and ‘ospfv3’.
      address_family_flow_spec_ipv4 Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
      address_family_flow_spec_ipv6 Dictionary
        bgp Dictionary
          missing_policy Dictionary
            direction_in_action String Valid Values:
- deny
- deny-in-out
- permit
            direction_out_action String Valid Values:
- deny
- deny-in-out
- permit
        neighbors List, items: Dictionary
          - ip_address String Required, Unique
            activate Boolean
      eos_cli String Multiline EOS CLI rendered directly on the Router BGP, VRF definition in the final EOS configuration.
      address_families removed List This key was removed. Support was removed in AVD version 5.0.0. Use address_family_* instead.
  session_trackers List, items: Dictionary
    - name String Required, Unique Name of session tracker.
      recovery_delay Integer Min: 1
Max: 3600
Recovery delay in seconds.
  eos_cli String Multiline EOS CLI rendered directly on the Router BGP in the final EOS configuration.
router_bgp:

  # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
  # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
  as: <str>

  # BGP AS can be deplayed in the asplain <1-4294967295> or asdot notation "<1-65535>.<0-65535>". This flag indicates which mode is preferred - asplain is the default.
  as_notation: <str; "asdot" | "asplain">

  # In IP address format A.B.C.D.
  router_id: <str>
  timers:

    # Time between BGP keepalive messages in seconds.
    # `keepalive_time` should be lesser than `hold_time`.
    keepalive_time: <int; 0-3600>

    # Hold time in seconds. Must be defined along with `keepalive_time`.
    # The valid values are 3-7200 or 0 if both values are 0.
    hold_time: <int; 0-7200>

    # Neighbor's minimum hold time constraint in seconds.
    # `min_hold_time` should be less than `hold_time`.
    min_hold_time: <int; 3-7200>

    # Send failure hold time in seconds.
    send_failure_hold_time: <int; 60-65535>
  distance:
    external_routes: <int; 1-255; required>
    internal_routes: <int; 1-255; required>
    local_routes: <int; 1-255; required>
  graceful_restart:
    enabled: <bool>

    # Number of seconds.
    restart_time: <int; 1-3600>

    # Number of seconds.
    stalepath_time: <int; 1-3600>
  graceful_restart_helper:
    enabled: <bool>

    # Number of seconds
    # graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
    # restart-time will take precedence if both are configured.
    restart_time: <int; 1-100000000>

    # graceful-restart-help long-lived and restart-time are mutually exclusive in CLI.
    # restart-time will take precedence if both are configured.
    long_lived: <bool>
  maximum_paths:
    paths: <int; 1-600; required>
    ecmp: <int; 1-600>
  updates:

    # Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
    wait_for_convergence: <bool>

    # Do not advertise reachability to a prefix until that prefix has been installed in hardware.
    # This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
    wait_install: <bool>

  # IP Address A.B.C.D.
  bgp_cluster_id: <str>

  # BGP command as string.
  bgp_defaults:
    - <str>
  bgp:
    default:

      # Default activation of IPv4 unicast address-family on all IPv4 neighbors (EOS default = True).
      ipv4_unicast: <bool>

      # Default activation of IPv4 unicast address-family on all IPv6 neighbors (EOS default == False).
      ipv4_unicast_transport_ipv6: <bool>
    route_reflector_preserve_attributes:
      enabled: <bool>
      always: <bool>
    bestpath:
      d_path: <bool>
    additional_paths:

      # Enable or disable reception of additional-paths.
      receive: <bool>

      # Select an option to send multiple paths for same prefix through bgp updates.
      # any: Send any eligible path.
      # backup: Best path and installed backup path.
      # ecmp: All paths in best path ECMP group.
      # limit: Limit to n eligible paths.
      # disabled: Disable sending any paths.
      send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

      # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
      send_limit: <int; 2-64>

    # Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
    redistribute_internal: <bool>

  # Improved "listen_ranges" data model to support multiple listen ranges and additional filter capabilities.
  listen_ranges:

      # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
    - prefix: <str>

      # Include router ID as part of peer filter.
      peer_id_include_router_id: <bool>

      # Peer group name.
      peer_group: <str>

      # Peer-filter name.
      # note: `peer_filter` or `remote_as` is required but mutually exclusive.
      # If both are defined, `peer_filter` takes precedence
      peer_filter: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      remote_as: <str>
  neighbor_default:
    send_community: <str; "all" | "large" | "extended" | "standard" | "extended large" | "standard large" | "standard extended" | "standard extended large">
  peer_groups:

      # Peer-group name.
    - name: <str; required; unique>

      # Key only used for documentation or validation purposes.
      type: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      remote_as: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      local_as: <str>
      description: <str>
      shutdown: <bool>

      # BGP AS-PATH options.
      as_path:

        # Replace AS number with local AS number.
        remote_as_replace_out: <bool>

        # Disable prepending own AS number to AS path.
        prepend_own_disabled: <bool>

      # Remove private AS numbers in outbound AS path.
      remove_private_as:
        enabled: <bool>
        all: <bool>
        replace_as: <bool>
      remove_private_as_ingress:
        enabled: <bool>
        replace_as: <bool>
      next_hop_unchanged: <bool>

      # IP address or interface name.
      update_source: <str>
      route_reflector_client: <bool>

      # Enable BFD.
      bfd: <bool>

      # Override default BFD timers. BFD must be enabled with `bfd: true`.
      bfd_timers:

        # Interval in milliseconds.
        interval: <int; 50-60000; required>

        # Rate in milliseconds.
        min_rx: <int; 50-60000; required>
        multiplier: <int; 3-50; required>

      # Time-to-live in range of hops.
      ebgp_multihop: <int; 1-255>
      next_hop_self: <bool>
      password: <str>
      passive: <bool>
      default_originate:
        enabled: <bool>
        always: <bool>

        # Route-map name.
        route_map: <str>

      # 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'.
      send_community: <str>

      # Maximum number of routes (0 means unlimited).
      maximum_routes: <int; 0-4294967294>

      # Maximum number of routes after which a warning is issued (0 means never warn) or
      # Percentage of maximum number of routes at which to warn ("<1-100> percent").
      maximum_routes_warning_limit: <str>
      maximum_routes_warning_only: <bool>

      # Missing policy configuration for all address-families.
      missing_policy:

        # Missing policy inbound direction.
        direction_in:

          # Missing policy action.
          action: <str; "deny" | "permit" | "deny-in-out"; required>

          # Include community-list references in missing policy decision.
          include_community_list: <bool>

          # Include prefix-list references in missing policy decision.
          include_prefix_list: <bool>

          # Include sub-route-map references in missing policy decision.
          include_sub_route_map: <bool>

        # Missing policy outbound direction.
        direction_out:

          # Missing policy action.
          action: <str; "deny" | "permit" | "deny-in-out"; required>

          # Include community-list references in missing policy decision.
          include_community_list: <bool>

          # Include prefix-list references in missing policy decision.
          include_prefix_list: <bool>

          # Include sub-route-map references in missing policy decision.
          include_sub_route_map: <bool>
      link_bandwidth:
        enabled: <bool>

        # nn.nn(K|M|G) link speed in bits/second.
        default: <str>
      allowas_in:
        enabled: <bool>

        # Number of local ASNs allowed in a BGP update.
        times: <int; 1-10>
      weight: <int; 0-65535>

      # BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>".
      timers: <str>
      rib_in_pre_policy_retain:
        enabled: <bool>
        all: <bool>

      # Inbound route-map name.
      route_map_in: <str>

      # Outbound route-map name.
      route_map_out: <str>
      session_tracker: <str>
      shared_secret:

        # Name of profile defined under `management_security`.
        profile: <str; required>

        # Note: Algorithm hmac-sha-256 requires EOS version 4.31.1F and above.
        hash_algorithm: <str; "aes-128-cmac-96" | "hmac-sha-256" | "hmac-sha1-96"; required>

      # Maximum number of hops.
      ttl_maximum_hops: <int; 0-254>
  neighbors:
    - ip_address: <str; required; unique>
      peer_group: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      remote_as: <str>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      local_as: <str>

      # BGP AS-PATH options.
      as_path:

        # Replace AS number with local AS number.
        remote_as_replace_out: <bool>

        # Disable prepending own AS number to AS path.
        prepend_own_disabled: <bool>

      # Key only used for documentation or validation purposes.
      peer: <str>
      description: <str>
      route_reflector_client: <bool>
      password: <str>
      passive: <bool>
      shutdown: <bool>

      # Source Interface.
      update_source: <str>

      # Enable BFD.
      bfd: <bool>

      # Override default BFD timers. BFD must be enabled with `bfd: true`.
      bfd_timers:

        # Interval in milliseconds.
        interval: <int; 50-60000; required>

        # Rate in milliseconds.
        min_rx: <int; 50-60000; required>
        multiplier: <int; 3-50; required>
      weight: <int; 0-65535>

      # BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>".
      timers: <str>

      # Inbound route-map name.
      route_map_in: <str>

      # Outbound route-map name.
      route_map_out: <str>
      default_originate:
        enabled: <bool>
        always: <bool>
        route_map: <str>

      # 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'.
      send_community: <str>

      # Maximum number of routes (0 means unlimited).
      maximum_routes: <int; 0-4294967294>

      # Maximum number of routes after which a warning is issued (0 means never warn) or
      # Percentage of maximum number of routes at which to warn ("<1-100> percent").
      maximum_routes_warning_limit: <str>
      maximum_routes_warning_only: <bool>

      # Missing policy configuration for all address-families.
      missing_policy:

        # Missing policy inbound direction.
        direction_in:

          # Missing policy action.
          action: <str; "deny" | "permit" | "deny-in-out"; required>

          # Include community-list references in missing policy decision.
          include_community_list: <bool>

          # Include prefix-list references in missing policy decision.
          include_prefix_list: <bool>

          # Include sub-route-map references in missing policy decision.
          include_sub_route_map: <bool>

        # Missing policy outbound direction.
        direction_out:

          # Missing policy action.
          action: <str; "deny" | "permit" | "deny-in-out"; required>

          # Include community-list references in missing policy decision.
          include_community_list: <bool>

          # Include prefix-list references in missing policy decision.
          include_prefix_list: <bool>

          # Include sub-route-map references in missing policy decision.
          include_sub_route_map: <bool>
      allowas_in:
        enabled: <bool>

        # Number of local ASNs allowed in a BGP update.
        times: <int; 1-10>

      # Time-to-live in range of hops.
      ebgp_multihop: <int; 1-255>
      next_hop_self: <bool>
      link_bandwidth:
        enabled: <bool>

        # nn.nn(K|M|G) link speed in bits/second.
        default: <str>
      rib_in_pre_policy_retain:
        enabled: <bool>
        all: <bool>

      # Remove private AS numbers in outbound AS path.
      remove_private_as:
        enabled: <bool>
        all: <bool>
        replace_as: <bool>
      remove_private_as_ingress:
        enabled: <bool>
        replace_as: <bool>
      session_tracker: <str>
      shared_secret:

        # Name of profile defined under `management_security`.
        profile: <str; required>

        # Note: Algorithm hmac-sha-256 requires EOS version 4.31.1F and above.
        hash_algorithm: <str; "aes-128-cmac-96" | "hmac-sha-256" | "hmac-sha1-96"; required>

      # Maximum number of hops.
      ttl_maximum_hops: <int; 0-254>
  neighbor_interfaces:

      # Interface name.
    - name: <str; required; unique>

      # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
      # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
      remote_as: <str>

      # Key only used for documentation or validation purposes.
      peer: <str>
      peer_group: <str; default="Peer-group name">
      description: <str>

      # Peer-filter name.
      peer_filter: <str>
  aggregate_addresses:

      # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
    - prefix: <str; required; unique>
      advertise_only: <bool>
      as_set: <bool>
      summary_only: <bool>

      # Route-map name.
      attribute_map: <str>

      # Route-map name.
      match_map: <str>

  # Redistribute routes in to BGP.
  redistribute:
    attached_host:
      enabled: <bool; required>
      route_map: <str>
    bgp:
      enabled: <bool; required>
      route_map: <str>
    connected:
      enabled: <bool; required>
      route_map: <str>

      # RCF function name with parenthesis.
      # Example: MyFunction(myarg).
      # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
      rcf: <str>

      # Include following routes while redistributing.
      include_leaked: <bool>
    dynamic:
      enabled: <bool; required>
      route_map: <str>

      # RCF function name with parenthesis.
      # Example: MyFunction(myarg).
      # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
      rcf: <str>
    isis:
      enabled: <bool; required>

      # Redistribute IS-IS route level.
      isis_level: <str; "level-1" | "level-2" | "level-1-2">
      route_map: <str>

      # RCF function name with parenthesis.
      # Example: MyFunction(myarg).
      # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
      rcf: <str>

      # Include following routes while redistributing.
      include_leaked: <bool>
    ospf:

      # Redistribute OSPF routes.
      enabled: <bool>

      # Redistribute OSPF routes learned from external sources.
      match_external:
        enabled: <bool; required>
        route_map: <str>

        # Include following routes while redistributing.
        include_leaked: <bool>

      # Redistribute OSPF routes learned from internal sources.
      match_internal:
        enabled: <bool; required>
        route_map: <str>

        # Include following routes while redistributing.
        include_leaked: <bool>

      # Redistribute OSPF routes learned from external NSSA sources.
      match_nssa_external:
        enabled: <bool; required>

        # NSSA External Type Number.
        nssa_type: <int; 1 | 2>
        route_map: <str>

        # Include following routes while redistributing.
        include_leaked: <bool>
      route_map: <str>

      # Include following routes while redistributing.
      include_leaked: <bool>
    ospfv3:

      # Redistribute OSPFv3 routes.
      enabled: <bool>

      # Redistribute OSPFv3 routes learned from external sources.
      match_external:
        enabled: <bool; required>
        route_map: <str>

        # Include following routes while redistributing.
        include_leaked: <bool>

      # Redistribute OSPFv3 routes learned from internal sources.
      match_internal:
        enabled: <bool; required>
        route_map: <str>

        # Include following routes while redistributing.
        include_leaked: <bool>

      # Redistribute OSPFv3 routes learned from external NSSA sources.
      match_nssa_external:
        enabled: <bool; required>

        # NSSA External Type Number.
        nssa_type: <int; 1 | 2>
        route_map: <str>

        # Include following routes while redistributing.
        include_leaked: <bool>
      route_map: <str>

      # Include following routes while redistributing.
      include_leaked: <bool>
    rip:
      enabled: <bool; required>
      route_map: <str>
    static:
      enabled: <bool; required>
      route_map: <str>

      # RCF function name with parenthesis.
      # Example: MyFunction(myarg).
      # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
      rcf: <str>

      # Include following routes while redistributing.
      include_leaked: <bool>
    user:
      enabled: <bool; required>

      # RCF function name with parenthesis.
      # Example: MyFunction(myarg).
      # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
      rcf: <str>
  # This key is deprecated.
  # Support will be removed in AVD version 6.0.0.
  # Use <samp>redistribute</samp> instead.
  redistribute_routes:
    - source_protocol: <str; "attached-host" | "bgp" | "connected" | "dynamic" | "isis" | "ospf" | "ospfv3" | "rip" | "static" | "user"; required>
      route_map: <str>

      # RCF function name with parenthesis.
      # Example: MyFunction(myarg).
      # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
      # Only applicable if `source_protocol` is one of `connected`, `static`, `isis`, `user`, `dynamic`.
      rcf: <str>
      include_leaked: <bool>

      # Routes learned by the OSPF protocol.
      # The `ospf_route_type` is valid for source_protocols 'ospf' and 'ospfv3'.
      ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
  vlan_aware_bundles:

      # VLAN aware bundle name.
    - name: <str; required; unique>

      # Key only used for documentation or validation purposes.
      tenant: <str>

      # Key only used for documentation or validation purposes.
      description: <str>

      # Route distinguisher.
      rd: <str>
      rd_evpn_domain:
        domain: <str; "remote" | "all">

        # Route distinguisher.
        rd: <str>
      route_targets:
        both:
          - <str>
        import:
          - <str>
        export:
          - <str>
        import_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
        export_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
        import_export_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
      redistribute_routes:
        - <str>
      no_redistribute_routes:
        - <str>

      # VLAN range as string. Example "100-200,300".
      vlan: <str>

      # Multiline EOS CLI rendered directly on the Router BGP, VLAN-aware-bundle definition in the final EOS configuration.
      eos_cli: <str>
  vlans:
    - id: <int; required; unique>

      # Key only used for documentation or validation purposes.
      tenant: <str>

      # Route distinguisher.
      rd: <str>
      rd_evpn_domain:
        domain: <str; "remote" | "all">

        # Route distinguisher.
        rd: <str>
      route_targets:
        both:
          - <str>
        import:
          - <str>
        export:
          - <str>
        import_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
        export_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
        import_export_evpn_domains:
          - domain: <str; "remote" | "all">
            route_target: <str>
      redistribute_routes:
        - <str>
      no_redistribute_routes:
        - <str>

      # Multiline EOS CLI rendered directly on the Router BGP, VLAN definition in the final EOS configuration.
      eos_cli: <str>
  vpws:

      # VPWS instance name.
    - name: <str; required; unique>

      # Route distinguisher.
      rd: <str>
      route_targets:

        # Route Target.
        import_export: <str>
      mpls_control_word: <bool>
      label_flow: <bool>
      mtu: <int>
      pseudowires:

          # Pseudowire name.
        - name: <str; required; unique>

          # Must match id_remote on other pe.
          id_local: <int>

          # Must match id_local on other pe.
          id_remote: <int>
  address_family_evpn:
    domain_identifier: <str>
    domain_identifier_remote: <str>
    neighbor_default:

      # Transport encapsulation for neighbor.
      encapsulation: <str; "vxlan" | "mpls" | "path-selection">

      # Source interface name for MPLS encapsulation. Requires `encapsulation` to be set as `mpls`.
      next_hop_self_source_interface: <str>
      next_hop_self_received_evpn_routes:
        enable: <bool>
        inter_domain: <bool>

    # Specify the RIBs used to resolve MPLS next-hops. The order of this list determines the order of RIB lookups.
    next_hop_mpls_resolution_ribs: # 1-3 items

        # Type of RIB. For 'tunnel-rib', use 'rib_name' to specify the name of the Tunnel-RIB to use.
      - rib_type: <str; "system-connected" | "tunnel-rib-colored" | "tunnel-rib"; required>

        # The name of the tunnel-rib to use when using 'tunnel-rib' type.
        rib_name: <str>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
        default_route:
          enabled: <bool>

          # RCF function name with parenthesis.
          # Example: MyFunction(myarg).
          rcf: <str>
          route_map: <str>
        additional_paths:

          # Enable or disable reception of additional-paths.
          receive: <bool>

          # Select an option to send multiple paths for same prefix through bgp updates.
          # any: Send any eligible path.
          # backup: Best path and installed backup path.
          # ecmp: All paths in best path ECMP group.
          # limit: Limit to n eligible paths.
          # disabled: Disable sending any paths.
          send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

          # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
          send_limit: <int; 2-64>

        # Transport encapsulation for the neighbor.
        encapsulation: <str; "vxlan" | "mpls" | "path-selection">

        # Source interface name for MPLS encapsulation. Requires `encapsulation` to be set as `mpls`.
        next_hop_self_source_interface: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
        default_route:
          enabled: <bool>

          # RCF function name with parenthesis.
          # Example: MyFunction(myarg).
          rcf: <str>
          route_map: <str>
        domain_remote: <bool>

        # Transport encapsulation for the peer-group.
        encapsulation: <str; "vxlan" | "mpls" | "path-selection">
        additional_paths:

          # Enable or disable reception of additional-paths.
          receive: <bool>

          # Select an option to send multiple paths for same prefix through bgp updates.
          # any: Send any eligible path.
          # backup: Best path and installed backup path.
          # ecmp: All paths in best path ECMP group.
          # limit: Limit to n eligible paths.
          # disabled: Disable sending any paths.
          send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

          # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
          send_limit: <int; 2-64>
    evpn_hostflap_detection:
      enabled: <bool>

      # Time (in seconds) to detect a MAC duplication issue.
      window: <int; 0-4294967295>

      # Minimum number of MAC moves that indicate a MAC Duplication issue.
      threshold: <int; 0-4294967295>

      # Time (in seconds) to purge a MAC duplication issue.
      expiry_timeout: <int; 0-4294967295>
    next_hop:
      resolution_disabled: <bool>
    route:
      import_match_failure_action: <str; "discard">
      import_ethernet_segment_ip_mass_withdraw: <bool>
      import_overlay_index_gateway: <bool>
      export_ethernet_segment_ip_mass_withdraw: <bool>
    next_hop_unchanged: <bool>
    bgp:
      additional_paths:

        # Enable or disable reception of additional-paths.
        receive: <bool>

        # Select an option to send multiple paths for same prefix through bgp updates.
        # any: Send any eligible path.
        # backup: Best path and installed backup path.
        # ecmp: All paths in best path ECMP group.
        # limit: Limit to n eligible paths.
        # disabled: Disable sending any paths.
        send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

        # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
        send_limit: <int; 2-64>

    # BGP layer-2 in-place FEC operation.
    layer_2_fec_in_place_update:
      enabled: <bool; required>

      # In-place FEC update tracking timeout in seconds.
      timeout: <int; 0-300>
    evpn_ethernet_segment:
      - domain: <str; "all" | "local" | "remote"; required; unique>

        # EVPN Ethernet Segment Identifier (Type 1 format).
        identifier: <str>

        # Low-order 6 bytes of ES-Import Route Target.
        route_target_import: <str>

    # BGP additional-paths commands.
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>bgp.additional_paths</samp> instead.
    bgp_additional_paths:

      # Receive multiple paths.
      receive: <bool>

      # Send multiple paths.
      send:

        # Any eligible path.
        any: <bool>

        # Best path and installed backup path.
        backup: <bool>

        # All paths in best path ECMP group.
        ecmp: <bool>

        # Amount of ECMP paths to send.
        ecmp_limit: <int; 2-64>

        # Amount of paths to send.
        limit: <int; 2-64>
  address_family_rtc:
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
        default_route_target:
          only: <bool>
          encoding_origin_as_omit: <str>
  address_family_ipv4:
    networks:

        # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
      - prefix: <str; required; unique>

        # Route-map name.
        route_map: <str>
    bgp:
      additional_paths:

        # Install BGP backup path.
        install: <bool>

        # Allow additional path with ECMP primary path.
        install_ecmp_primary: <bool>

        # Enable or disable reception of additional-paths.
        receive: <bool>

        # Select an option to send multiple paths for same prefix through bgp updates.
        # any: Send any eligible path.
        # backup: Best path and installed backup path.
        # ecmp: All paths in best path ECMP group.
        # limit: Limit to n eligible paths.
        # disabled: Disable sending any paths.
        send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

        # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
        send_limit: <int; 2-64>

      # Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
      redistribute_internal: <bool>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
        default_originate:
          always: <bool>

          # Route-map name.
          route_map: <str>

        # Inbound prefix-list name.
        prefix_list_in: <str>

        # Outbound prefix-list name.
        prefix_list_out: <str>
        additional_paths:

          # Apply the configurations only to the routes matching the prefix list.
          prefix_list: <str>

          # Enable or disable reception of additional-paths.
          receive: <bool>

          # Select an option to send multiple paths for same prefix through bgp updates.
          # any: Send any eligible path.
          # backup: Best path and installed backup path.
          # ecmp: All paths in best path ECMP group.
          # limit: Limit to n eligible paths.
          # disabled: Disable sending any paths.
          send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

          # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
          send_limit: <int; 2-64>
        next_hop:
          address_family_ipv6:
            enabled: <bool; required>
            originate: <bool>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>

        # Inbound prefix-list name.
        prefix_list_in: <str>

        # Prefix-list name.
        prefix_list_out: <str>
        default_originate:
          always: <bool>
          route_map: <str>
        additional_paths:

          # Apply the configurations only to the routes matching the prefix list.
          prefix_list: <str>

          # Enable or disable reception of additional-paths.
          receive: <bool>

          # Select an option to send multiple paths for same prefix through bgp updates.
          # any: Send any eligible path.
          # backup: Best path and installed backup path.
          # ecmp: All paths in best path ECMP group.
          # limit: Limit to n eligible paths.
          # disabled: Disable sending any paths.
          send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

          # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
          send_limit: <int; 2-64>

    # Redistribute routes in to BGP.
    redistribute:
      attached_host:
        enabled: <bool; required>
        route_map: <str>
      bgp:
        enabled: <bool; required>
        route_map: <str>
      connected:
        enabled: <bool; required>
        route_map: <str>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        rcf: <str>

        # Include following routes while redistributing.
        include_leaked: <bool>
      dynamic:
        enabled: <bool; required>
        route_map: <str>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        rcf: <str>
      isis:
        enabled: <bool; required>

        # Redistribute IS-IS route level.
        isis_level: <str; "level-1" | "level-2" | "level-1-2">
        route_map: <str>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        rcf: <str>

        # Include following routes while redistributing.
        include_leaked: <bool>
      ospf:

        # Redistribute OSPF routes.
        enabled: <bool>

        # Redistribute OSPF routes learned from external sources.
        match_external:
          enabled: <bool; required>
          route_map: <str>

          # Include following routes while redistributing.
          include_leaked: <bool>

        # Redistribute OSPF routes learned from internal sources.
        match_internal:
          enabled: <bool; required>
          route_map: <str>

          # Include following routes while redistributing.
          include_leaked: <bool>

        # Redistribute OSPF routes learned from external NSSA sources.
        match_nssa_external:
          enabled: <bool; required>

          # NSSA External Type Number.
          nssa_type: <int; 1 | 2>
          route_map: <str>

          # Include following routes while redistributing.
          include_leaked: <bool>
        route_map: <str>

        # Include following routes while redistributing.
        include_leaked: <bool>
      ospfv3:

        # Redistribute OSPFv3 routes.
        enabled: <bool>

        # Redistribute OSPFv3 routes learned from external sources.
        match_external:
          enabled: <bool; required>
          route_map: <str>

          # Include following routes while redistributing.
          include_leaked: <bool>

        # Redistribute OSPFv3 routes learned from internal sources.
        match_internal:
          enabled: <bool; required>
          route_map: <str>

          # Include following routes while redistributing.
          include_leaked: <bool>

        # Redistribute OSPFv3 routes learned from external NSSA sources.
        match_nssa_external:
          enabled: <bool; required>

          # NSSA External Type Number.
          nssa_type: <int; 1 | 2>
          route_map: <str>

          # Include following routes while redistributing.
          include_leaked: <bool>
        route_map: <str>

        # Include following routes while redistributing.
        include_leaked: <bool>
      rip:
        enabled: <bool; required>
        route_map: <str>
      static:
        enabled: <bool; required>
        route_map: <str>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        rcf: <str>

        # Include following routes while redistributing.
        include_leaked: <bool>
      user:
        enabled: <bool; required>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        rcf: <str>
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>redistribute</samp> instead.
    redistribute_routes:
      - source_protocol: <str; "attached-host" | "bgp" | "connected" | "dynamic" | "isis" | "ospf" | "ospfv3" | "rip" | "static" | "user"; required>
        route_map: <str>

        # Only applicable if `source_protocol` is one of `connected`, `static`, `isis`, `ospf`, `ospfv3`.
        include_leaked: <bool>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        # Only applicable if `source_protocol` is one of `connected`, `static`, `isis`, `user`, `dynamic`.
        rcf: <str>

        # Routes learned by the OSPF protocol.
        # The `ospf_route_type` is valid for source_protocols 'ospf' and 'ospfv3'.
        ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
  address_family_ipv4_labeled_unicast:
    aigp_session:
      confederation: <bool>
      ebgp: <bool>
      ibgp: <bool>
    bgp:
      additional_paths:

        # Enable or disable reception of additional-paths.
        receive: <bool>

        # Select an option to send multiple paths for same prefix through bgp updates.
        # any: Send any eligible path.
        # backup: Best path and installed backup path.
        # ecmp: All paths in best path ECMP group.
        # limit: Limit to n eligible paths.
        # disabled: Disable sending any paths.
        send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

        # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
        send_limit: <int; 2-64>

      # Missing policy configuration for all address-families.
      missing_policy:

        # Missing policy inbound direction.
        direction_in:

          # Missing policy action.
          action: <str; "deny" | "permit" | "deny-in-out"; required>

          # Include community-list references in missing policy decision.
          include_community_list: <bool>

          # Include prefix-list references in missing policy decision.
          include_prefix_list: <bool>

          # Include sub-route-map references in missing policy decision.
          include_sub_route_map: <bool>

        # Missing policy outbound direction.
        direction_out:

          # Missing policy action.
          action: <str; "deny" | "permit" | "deny-in-out"; required>

          # Include community-list references in missing policy decision.
          include_community_list: <bool>

          # Include prefix-list references in missing policy decision.
          include_prefix_list: <bool>

          # Include sub-route-map references in missing policy decision.
          include_sub_route_map: <bool>
      next_hop_unchanged: <bool>
    graceful_restart: <bool>
    label_local_termination: <str; "explicit-null" | "implicit-null">

    # Skip LFIB entry installation and next hop self route advertisements.
    lfib_entry_installation_skipped: <bool>
    neighbor_default:
      next_hop_self: <bool>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
        additional_paths:

          # Enable or disable reception of additional-paths.
          receive: <bool>

          # Select an option to send multiple paths for same prefix through bgp updates.
          # any: Send any eligible path.
          # backup: Best path and installed backup path.
          # ecmp: All paths in best path ECMP group.
          # limit: Limit to n eligible paths.
          # disabled: Disable sending any paths.
          send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

          # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
          send_limit: <int; 2-64>
        aigp_session: <bool>
        graceful_restart: <bool>
        graceful_restart_helper:
          stale_route_map: <str>

        # Maximum number of routes (0 means unlimited).
        maximum_advertised_routes: <int; 0-4294967294>

        # Maximum number of routes after which a warning is issued (0 means never warn) or
        # Percentage of maximum number of routes at which to warn ("<1-100> percent").
        maximum_advertised_routes_warning_limit: <str>

        # Missing policy configuration for BGP Labeled-Unicast neighbor.
        missing_policy:

          # Missing policy inbound direction.
          direction_in:

            # Missing policy action.
            action: <str; "deny" | "permit" | "deny-in-out"; required>

            # Include community-list references in missing policy decision.
            include_community_list: <bool>

            # Include prefix-list references in missing policy decision.
            include_prefix_list: <bool>

            # Include sub-route-map references in missing policy decision.
            include_sub_route_map: <bool>

          # Missing policy outbound direction.
          direction_out:

            # Missing policy action.
            action: <str; "deny" | "permit" | "deny-in-out"; required>

            # Include community-list references in missing policy decision.
            include_community_list: <bool>

            # Include prefix-list references in missing policy decision.
            include_prefix_list: <bool>

            # Include sub-route-map references in missing policy decision.
            include_sub_route_map: <bool>
        multi_path: <bool>
        next_hop_self: <bool>

        # Source interface name.
        next_hop_self_source_interface: <str>

        # v4-mapped-v6 source interface name. Takes precedence over the next_hop_self_source_interface.
        next_hop_self_v4_mapped_v6_source_interface: <str>
        next_hop_unchanged: <bool>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>
        additional_paths:

          # Enable or disable reception of additional-paths.
          receive: <bool>

          # Select an option to send multiple paths for same prefix through bgp updates.
          # any: Send any eligible path.
          # backup: Best path and installed backup path.
          # ecmp: All paths in best path ECMP group.
          # limit: Limit to n eligible paths.
          # disabled: Disable sending any paths.
          send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

          # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
          send_limit: <int; 2-64>
        aigp_session: <bool>
        graceful_restart: <bool>
        graceful_restart_helper:
          stale_route_map: <str>

        # Maximum number of routes (0 means unlimited).
        maximum_advertised_routes: <int; 0-4294967294>

        # Maximum number of routes after which a warning is issued (0 means never warn) or
        # Percentage of maximum number of routes at which to warn ("<1-100> percent").
        maximum_advertised_routes_warning_limit: <str>

        # Missing policy configuration for BGP Labeled-Unicast neighbor.
        missing_policy:

          # Missing policy inbound direction.
          direction_in:

            # Missing policy action.
            action: <str; "deny" | "permit" | "deny-in-out"; required>

            # Include community-list references in missing policy decision.
            include_community_list: <bool>

            # Include prefix-list references in missing policy decision.
            include_prefix_list: <bool>

            # Include sub-route-map references in missing policy decision.
            include_sub_route_map: <bool>

          # Missing policy outbound direction.
          direction_out:

            # Missing policy action.
            action: <str; "deny" | "permit" | "deny-in-out"; required>

            # Include community-list references in missing policy decision.
            include_community_list: <bool>

            # Include prefix-list references in missing policy decision.
            include_prefix_list: <bool>

            # Include sub-route-map references in missing policy decision.
            include_sub_route_map: <bool>
        multi_path: <bool>
        next_hop_self: <bool>

        # Source interface name.
        next_hop_self_source_interface: <str>

        # v4-mapped-v6 source interface name. Takes precedence over the next_hop_self_source_interface.
        next_hop_self_v4_mapped_v6_source_interface: <str>
        next_hop_unchanged: <bool>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
    networks: # >=1 items

        # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
      - prefix: <str; required; unique>

        # Route-map name.
        route_map: <str>
    next_hops: # >=1 items
      - ip_address: <str; required; unique>
        lfib_backup_ip_forwarding: <bool>

    # Specify the RIBs used to resolve next-hops. The order of this list determines the order of RIB lookups.
    next_hop_resolution_ribs: # 1-3 items

        # Type of RIB. For 'tunnel-rib', use 'rib_name' to specify the name of the Tunnel-RIB to use.
      - rib_type: <str; "system-connected" | "tunnel-rib-colored" | "tunnel-rib"; required>

        # The name of the tunnel-rib to use when using 'tunnel-rib' type.
        rib_name: <str>
    tunnel_source_protocols: # 1-2 items
      - protocol: <str; "isis segment-routing" | "ldp"; required; unique>

        # Optional RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf: <str>

    # Wait for BGP to converge before sending out any route updates.
    update_wait_for_convergence: <bool>
  address_family_ipv4_multicast:
    bgp:
      additional_paths:
        receive: <bool>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
        additional_paths:
          receive: <bool>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
        additional_paths:
          receive: <bool>

    # Redistribute routes in to BGP.
    redistribute:
      attached_host:
        enabled: <bool; required>
        route_map: <str>
      connected:
        enabled: <bool; required>
        route_map: <str>
      isis:
        enabled: <bool; required>

        # Redistribute IS-IS route level.
        isis_level: <str; "level-1" | "level-2" | "level-1-2">
        route_map: <str>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        rcf: <str>

        # Include following routes while redistributing.
        include_leaked: <bool>
      ospf:

        # Redistribute OSPF routes.
        enabled: <bool>

        # Redistribute OSPF routes learned from external sources.
        match_external:
          enabled: <bool; required>
          route_map: <str>

        # Redistribute OSPF routes learned from internal sources.
        match_internal:
          enabled: <bool; required>
          route_map: <str>

        # Redistribute OSPF routes learned from external NSSA sources.
        match_nssa_external:
          enabled: <bool; required>

          # NSSA External Type Number.
          nssa_type: <int; 1 | 2>
          route_map: <str>
        route_map: <str>
      ospfv3:

        # Redistribute OSPFv3 routes.
        enabled: <bool>

        # Redistribute OSPFv3 routes learned from external sources.
        match_external:
          enabled: <bool; required>
          route_map: <str>

        # Redistribute OSPFv3 routes learned from internal sources.
        match_internal:
          enabled: <bool; required>
          route_map: <str>

        # Redistribute OSPFv3 routes learned from external NSSA sources.
        match_nssa_external:
          enabled: <bool; required>

          # NSSA External Type Number.
          nssa_type: <int; 1 | 2>
          route_map: <str>
        route_map: <str>
      static:
        enabled: <bool; required>
        route_map: <str>
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>redistribute</samp> instead.
    redistribute_routes:
      - source_protocol: <str; required>
        route_map: <str>

        # Only applicable if `source_protocol` is `isis`.
        include_leaked: <bool>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        # Only applicable if `source_protocol` is `isis`.
        rcf: <str>

        # Routes learned by the OSPF protocol.
        # The `ospf_route_type` is valid for source_protocols 'ospf' and 'ospfv3'.
        ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
  address_family_ipv4_sr_te:
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
  address_family_ipv6:
    networks:

        # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
      - prefix: <str; required; unique>

        # Route-map name.
        route_map: <str>
    bgp:

      # Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
      redistribute_internal: <bool>
      additional_paths:

        # Install BGP backup path.
        install: <bool>

        # Allow additional path with ECMP primary path.
        install_ecmp_primary: <bool>

        # Enable or disable reception of additional-paths.
        receive: <bool>

        # Select an option to send multiple paths for same prefix through bgp updates.
        # any: Send any eligible path.
        # backup: Best path and installed backup path.
        # ecmp: All paths in best path ECMP group.
        # limit: Limit to n eligible paths.
        # disabled: Disable sending any paths.
        send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

        # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
        send_limit: <int; 2-64>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>

        # Inbound prefix-list name.
        prefix_list_in: <str>

        # Outbound prefix-list name.
        prefix_list_out: <str>
        additional_paths:

          # Apply the configurations only to the routes matching the prefix list.
          prefix_list: <str>

          # Enable or disable reception of additional-paths.
          receive: <bool>

          # Select an option to send multiple paths for same prefix through bgp updates.
          # any: Send any eligible path.
          # backup: Best path and installed backup path.
          # ecmp: All paths in best path ECMP group.
          # limit: Limit to n eligible paths.
          # disabled: Disable sending any paths.
          send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

          # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
          send_limit: <int; 2-64>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>

        # Inbound prefix-list name.
        prefix_list_in: <str>

        # Outbound prefix-list name.
        prefix_list_out: <str>
        additional_paths:

          # Apply the configurations only to the routes matching the prefix list.
          prefix_list: <str>

          # Enable or disable reception of additional-paths.
          receive: <bool>

          # Select an option to send multiple paths for same prefix through bgp updates.
          # any: Send any eligible path.
          # backup: Best path and installed backup path.
          # ecmp: All paths in best path ECMP group.
          # limit: Limit to n eligible paths.
          # disabled: Disable sending any paths.
          send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

          # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
          send_limit: <int; 2-64>

    # Redistribute routes in to BGP.
    redistribute:
      attached_host:
        enabled: <bool; required>
        route_map: <str>
      bgp:
        enabled: <bool; required>
        route_map: <str>
      connected:
        enabled: <bool; required>
        route_map: <str>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        rcf: <str>

        # Include following routes while redistributing.
        include_leaked: <bool>
      dhcp:
        enabled: <bool; required>
        route_map: <str>
      dynamic:
        enabled: <bool; required>
        route_map: <str>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        rcf: <str>
      isis:
        enabled: <bool; required>

        # Redistribute IS-IS route level.
        isis_level: <str; "level-1" | "level-2" | "level-1-2">
        route_map: <str>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        rcf: <str>

        # Include following routes while redistributing.
        include_leaked: <bool>
      ospfv3:

        # Redistribute OSPFv3 routes.
        enabled: <bool>

        # Redistribute OSPFv3 routes learned from external sources.
        match_external:
          enabled: <bool; required>
          route_map: <str>

          # Include following routes while redistributing.
          include_leaked: <bool>

        # Redistribute OSPFv3 routes learned from internal sources.
        match_internal:
          enabled: <bool; required>
          route_map: <str>

          # Include following routes while redistributing.
          include_leaked: <bool>

        # Redistribute OSPFv3 routes learned from external NSSA sources.
        match_nssa_external:
          enabled: <bool; required>

          # NSSA External Type Number.
          nssa_type: <int; 1 | 2>
          route_map: <str>

          # Include following routes while redistributing.
          include_leaked: <bool>
        route_map: <str>

        # Include following routes while redistributing.
        include_leaked: <bool>
      static:
        enabled: <bool; required>
        route_map: <str>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        rcf: <str>

        # Include following routes while redistributing.
        include_leaked: <bool>
      user:
        enabled: <bool; required>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        rcf: <str>
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>redistribute</samp> instead.
    redistribute_routes:
      - source_protocol: <str; required>
        route_map: <str>
        include_leaked: <bool>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        # Only used if `source_protocol` is one of `connected`, `static`, `isis`, `user`, `dynamic`.
        rcf: <str>

        # Routes learned by the OSPF protocol.
        # The `ospf_route_type` is valid for source_protocols 'ospfv3'.
        ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
  address_family_ipv6_multicast:
    bgp:
      missing_policy:
        direction_in_action: <str; "deny" | "deny-in-out" | "permit">
        direction_out_action: <str; "deny" | "deny-in-out" | "permit">
      additional_paths:
        receive: <bool>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
        additional_paths:
          receive: <bool>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
        additional_paths:
          receive: <bool>
    networks:

        # IPv6 prefix "A:B:C:D:E:F:G:H/I".
      - prefix: <str; required; unique>
        route_map: <str>

    # Redistribute routes in to BGP.
    redistribute:
      connected:
        enabled: <bool; required>
        route_map: <str>
      isis:
        enabled: <bool; required>

        # Redistribute IS-IS route level.
        isis_level: <str; "level-1" | "level-2" | "level-1-2">
        route_map: <str>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        rcf: <str>

        # Include following routes while redistributing.
        include_leaked: <bool>
      ospf:

        # Redistribute OSPF routes.
        enabled: <bool>

        # Redistribute OSPF routes learned from external sources.
        match_external:
          enabled: <bool; required>
          route_map: <str>

        # Redistribute OSPF routes learned from internal sources.
        match_internal:
          enabled: <bool; required>
          route_map: <str>

        # Redistribute OSPF routes learned from external NSSA sources.
        match_nssa_external:
          enabled: <bool; required>

          # NSSA External Type Number.
          nssa_type: <int; 1 | 2>
          route_map: <str>
        route_map: <str>
      ospfv3:

        # Redistribute OSPFv3 routes.
        enabled: <bool>

        # Redistribute OSPFv3 routes learned from external sources.
        match_external:
          enabled: <bool; required>
          route_map: <str>

        # Redistribute OSPFv3 routes learned from internal sources.
        match_internal:
          enabled: <bool; required>
          route_map: <str>

        # Redistribute OSPFv3 routes learned from external NSSA sources.
        match_nssa_external:
          enabled: <bool; required>

          # NSSA External Type Number.
          nssa_type: <int; 1 | 2>
          route_map: <str>
        route_map: <str>
      static:
        enabled: <bool; required>
        route_map: <str>
    # This key is deprecated.
    # Support will be removed in AVD version 6.0.0.
    # Use <samp>redistribute</samp> instead.
    redistribute_routes:
      - source_protocol: <str; "connected" | "isis" | "ospf" | "ospfv3" | "static"; required>

        # Only applicable if `source_protocol` is `isis`.
        include_leaked: <bool>
        route_map: <str>

        # RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
        # Only applicable if `source_protocol` is `isis`.
        rcf: <str>

        # Routes learned by the OSPF protocol.
        # The `ospf_route_type` is valid for source_protocols 'ospf' and 'ospfv3'.
        ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
  address_family_ipv6_sr_te:
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>
  address_family_link_state:
    bgp:
      missing_policy:
        direction_in_action: <str; "deny" | "deny-in-out" | "permit">
        direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
        missing_policy:
          direction_in_action: <str; "deny" | "deny-in-out" | "permit">
          direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>
        missing_policy:
          direction_in_action: <str; "deny" | "deny-in-out" | "permit">
          direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    path_selection:
      roles:
        producer: <bool>
        consumer: <bool>
        propagator: <bool>
  address_family_flow_spec_ipv4:
    bgp:
      missing_policy:
        direction_in_action: <str; "deny" | "deny-in-out" | "permit">
        direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
  address_family_flow_spec_ipv6:
    bgp:
      missing_policy:
        direction_in_action: <str; "deny" | "deny-in-out" | "permit">
        direction_out_action: <str; "deny" | "deny-in-out" | "permit">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
  address_family_path_selection:
    bgp:
      additional_paths:

        # Enable or disable reception of additional-paths.
        receive: <bool>

        # Select an option to send multiple paths for same prefix through bgp updates.
        # any: Send any eligible path.
        # backup: Best path and installed backup path.
        # ecmp: All paths in best path ECMP group.
        # limit: Limit to n eligible paths.
        # disabled: Disable sending any paths.
        send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

        # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
        send_limit: <int; 2-64>
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>
        additional_paths:

          # Enable or disable reception of additional-paths.
          receive: <bool>

          # Select an option to send multiple paths for same prefix through bgp updates.
          # any: Send any eligible path.
          # backup: Best path and installed backup path.
          # ecmp: All paths in best path ECMP group.
          # limit: Limit to n eligible paths.
          # disabled: Disable sending any paths.
          send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

          # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
          send_limit: <int; 2-64>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>
        additional_paths:

          # Enable or disable reception of additional-paths.
          receive: <bool>

          # Select an option to send multiple paths for same prefix through bgp updates.
          # any: Send any eligible path.
          # backup: Best path and installed backup path.
          # ecmp: All paths in best path ECMP group.
          # limit: Limit to n eligible paths.
          # disabled: Disable sending any paths.
          send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

          # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
          send_limit: <int; 2-64>
  address_family_vpn_ipv4:
    domain_identifier: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
        default_route:
          enabled: <bool>

          # RCF function name with parenthesis.
          # Example: MyFunction(myarg).
          rcf: <str>
          route_map: <str>
    route:
      import_match_failure_action: <str; "discard">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
        default_route:
          enabled: <bool>

          # RCF function name with parenthesis.
          # Example: MyFunction(myarg).
          rcf: <str>
          route_map: <str>
    neighbor_default_encapsulation_mpls_next_hop_self:
      source_interface: <str>
  address_family_vpn_ipv6:
    domain_identifier: <str>
    peer_groups:

        # Peer-group name.
      - name: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
        default_route:
          enabled: <bool>

          # RCF function name with parenthesis.
          # Example: MyFunction(myarg).
          rcf: <str>
          route_map: <str>
    route:
      import_match_failure_action: <str; "discard">
    neighbors:
      - ip_address: <str; required; unique>
        activate: <bool>

        # Inbound route-map name.
        route_map_in: <str>

        # Outbound route-map name.
        route_map_out: <str>

        # Inbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_in: <str>

        # Outbound RCF function name with parenthesis.
        # Example: MyFunction(myarg).
        rcf_out: <str>
        default_route:
          enabled: <bool>

          # RCF function name with parenthesis.
          # Example: MyFunction(myarg).
          rcf: <str>
          route_map: <str>
    neighbor_default_encapsulation_mpls_next_hop_self:
      source_interface: <str>
  vrfs:

      # VRF name.
    - name: <str; required; unique>
      bgp:

        # Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
        redistribute_internal: <bool>
        additional_paths:

          # Install BGP backup path.
          install: <bool>

          # Allow additional path with ECMP primary path.
          install_ecmp_primary: <bool>

          # Enable or disable reception of additional-paths.
          receive: <bool>

          # Select an option to send multiple paths for same prefix through bgp updates.
          # any: Send any eligible path.
          # backup: Best path and installed backup path.
          # ecmp: All paths in best path ECMP group.
          # limit: Limit to n eligible paths.
          # disabled: Disable sending any paths.
          send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

          # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
          send_limit: <int; 2-64>

      # Route distinguisher.
      rd: <str>
      evpn_multicast: <bool>

      # Enable per-AF EVPN multicast settings.
      evpn_multicast_address_family:
        ipv4:

          # Enable EVPN multicast transit mode.
          transit: <bool>
      evpn_multicast_gateway_dr_election:

        # DR election algorithms:
        #   hrw: Default selection based on highest random weight.
        #   modulus: Selection based on VLAN ID modulo number of candidates.
        #   preference: Selection based on a configured preference value.
        algorithm: <str; "hrw" | "modulus" | "preference"; required>

        # Required when `algorithm` is `preference`.
        preference_value: <int; 0-65535>

      # Enable default-originate per VRF/address-family.
      default_route_exports:
        - address_family: <str; "evpn" | "vpn-ipv4" | "vpn-ipv6"; required; unique>
          always: <bool>
          route_map: <str>

          # RCF function name with parenthesis.
          # Example: MyFunction(myarg).
          rcf: <str>
      route_targets:
        import:
          - address_family: <str; required; unique>
            route_targets:
              - <str>

            # Only applicable if `address_family` is one of `evpn`, `vpn-ipv4` or `vpn-ipv6`.
            route_map: <str>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # Only applicable if `address_family` is one of `evpn`, `vpn-ipv4` or `vpn-ipv6`.
            rcf: <str>

            # RCF function name with parenthesis for filtering VPN routes. Also requires `rcf` to be set.
            # Example: MyFunction(myarg).
            # Only applicable if `address_family` is one of `vpn-ipv4` or `vpn-ipv6`.
            vpn_route_filter_rcf: <str>
        export:
          - address_family: <str; required; unique>
            route_targets:
              - <str>

            # Only applicable if `address_family` is one of `evpn`, `vpn-ipv4` or `vpn-ipv6`.
            route_map: <str>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # Only applicable if `address_family` is one of `evpn`, `vpn-ipv4` or `vpn-ipv6`.
            rcf: <str>

            # RCF function name with parenthesis for filtering VPN routes. Also requires `rcf` to be set.
            # Example: MyFunction(myarg).
            # Only applicable if `address_family` is one of `vpn-ipv4` or `vpn-ipv6`.
            vpn_route_filter_rcf: <str>

      # in IP address format A.B.C.D.
      router_id: <str>

      # BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>".
      timers: <str>
      networks:

          # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
        - prefix: <str; required; unique>
          route_map: <str>
      maximum_paths:
        paths: <int; 1-600; required>
        ecmp: <int; 1-600>
      updates:

        # Disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
        wait_for_convergence: <bool>

        # Do not advertise reachability to a prefix until that prefix has been installed in hardware.
        # This will eliminate any temporary black holes due to a BGP speaker advertising reachability to a prefix that may not yet be installed into the forwarding plane.
        wait_install: <bool>

      # Improved "listen_ranges" data model to support multiple listen ranges and additional filter capabilities.
      listen_ranges:

          # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
        - prefix: <str>

          # Include router ID as part of peer filter.
          peer_id_include_router_id: <bool>

          # Peer-group name.
          peer_group: <str>

          # Peer-filter name.
          # note: `peer_filter`` or `remote_as` is required but mutually exclusive.
          # If both are defined, peer_filter takes precedence.
          peer_filter: <str>

          # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
          # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          remote_as: <str>
      neighbors:
        - ip_address: <str; required; unique>

          # Peer-group name.
          peer_group: <str>

          # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
          # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          remote_as: <str>
          password: <str>
          passive: <bool>

          # Remove private AS numbers in outbound AS path.
          remove_private_as:
            enabled: <bool>
            all: <bool>
            replace_as: <bool>
          remove_private_as_ingress:
            enabled: <bool>
            replace_as: <bool>
          weight: <int; 0-65535>

          # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
          # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          local_as: <str>

          # BGP AS-PATH options.
          as_path:

            # Replace AS number with local AS number.
            remote_as_replace_out: <bool>

            # Disable prepending own AS number to AS path.
            prepend_own_disabled: <bool>
          description: <str>
          route_reflector_client: <bool>

          # Time-to-live in range of hops.
          ebgp_multihop: <int; 1-255>
          next_hop_self: <bool>
          shutdown: <bool>

          # Enable BFD.
          bfd: <bool>

          # Override default BFD timers. BFD must be enabled with `bfd: true`.
          bfd_timers:

            # Interval in milliseconds.
            interval: <int; 50-60000; required>

            # Rate in milliseconds.
            min_rx: <int; 50-60000; required>
            multiplier: <int; 3-50; required>

          # BGP Keepalive and Hold Timer values in seconds as string "<0-3600> <0-3600>".
          timers: <str>
          rib_in_pre_policy_retain:
            enabled: <bool>
            all: <bool>

          # 'all' or a combination of 'standard', 'extended', 'large' and 'link-bandwidth (w/options)'.
          send_community: <str>
          maximum_routes: <int>

          # Maximum number of routes after which a warning is issued (0 means never warn) or
          # Percentage of maximum number of routes at which to warn ("<1-100> percent").
          maximum_routes_warning_limit: <str>
          maximum_routes_warning_only: <bool>
          allowas_in:
            enabled: <bool>

            # Number of local ASNs allowed in a BGP update.
            times: <int; 1-10>
          default_originate:
            enabled: <bool>
            always: <bool>
            route_map: <str>
          update_source: <str>

          # Inbound route-map name.
          route_map_in: <str>

          # Outbound route-map name.
          route_map_out: <str>
          additional_paths:

            # Enable or disable reception of additional-paths.
            receive: <bool>

            # Select an option to send multiple paths for same prefix through bgp updates.
            # any: Send any eligible path.
            # backup: Best path and installed backup path.
            # ecmp: All paths in best path ECMP group.
            # limit: Limit to n eligible paths.
            # disabled: Disable sending any paths.
            send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

            # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
            send_limit: <int; 2-64>
      neighbor_interfaces:

          # Interface name.
        - name: <str; required; unique>

          # BGP AS <1-4294967295> or AS number in asdot notation "<1-65535>.<0-65535>".
          # For asdot notation in YAML inputs, the value must be put in quotes, to prevent it from being interpreted as a float number.
          remote_as: <str>

          # Peer-group name.
          peer_group: <str>

          # Peer-filter name.
          peer_filter: <str>
          description: <str>

      # Redistribute routes in to BGP.
      redistribute:
        attached_host:
          enabled: <bool; required>
          route_map: <str>
        bgp:
          enabled: <bool; required>
          route_map: <str>
        connected:
          enabled: <bool; required>
          route_map: <str>

          # RCF function name with parenthesis.
          # Example: MyFunction(myarg).
          # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
          rcf: <str>

          # Include following routes while redistributing.
          include_leaked: <bool>
        dynamic:
          enabled: <bool; required>
          route_map: <str>

          # RCF function name with parenthesis.
          # Example: MyFunction(myarg).
          # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
          rcf: <str>
        isis:
          enabled: <bool; required>

          # Redistribute IS-IS route level.
          isis_level: <str; "level-1" | "level-2" | "level-1-2">
          route_map: <str>

          # RCF function name with parenthesis.
          # Example: MyFunction(myarg).
          # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
          rcf: <str>

          # Include following routes while redistributing.
          include_leaked: <bool>
        ospf:

          # Redistribute OSPF routes.
          enabled: <bool>

          # Redistribute OSPF routes learned from external sources.
          match_external:
            enabled: <bool; required>
            route_map: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>

          # Redistribute OSPF routes learned from internal sources.
          match_internal:
            enabled: <bool; required>
            route_map: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>

          # Redistribute OSPF routes learned from external NSSA sources.
          match_nssa_external:
            enabled: <bool; required>

            # NSSA External Type Number.
            nssa_type: <int; 1 | 2>
            route_map: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>
          route_map: <str>

          # Include following routes while redistributing.
          include_leaked: <bool>
        ospfv3:

          # Redistribute OSPFv3 routes.
          enabled: <bool>

          # Redistribute OSPFv3 routes learned from external sources.
          match_external:
            enabled: <bool; required>
            route_map: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>

          # Redistribute OSPFv3 routes learned from internal sources.
          match_internal:
            enabled: <bool; required>
            route_map: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>

          # Redistribute OSPFv3 routes learned from external NSSA sources.
          match_nssa_external:
            enabled: <bool; required>

            # NSSA External Type Number.
            nssa_type: <int; 1 | 2>
            route_map: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>
          route_map: <str>

          # Include following routes while redistributing.
          include_leaked: <bool>
        rip:
          enabled: <bool; required>
          route_map: <str>
        static:
          enabled: <bool; required>
          route_map: <str>

          # RCF function name with parenthesis.
          # Example: MyFunction(myarg).
          # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
          rcf: <str>

          # Include following routes while redistributing.
          include_leaked: <bool>
        user:
          enabled: <bool; required>

          # RCF function name with parenthesis.
          # Example: MyFunction(myarg).
          # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
          rcf: <str>
      # This key is deprecated.
      # Support will be removed in AVD version 6.0.0.
      # Use <samp>redistribute</samp> instead.
      redistribute_routes:
        - source_protocol: <str; required>
          route_map: <str>
          include_leaked: <bool>

          # RCF function name with parenthesis.
          # Example: MyFunction(myarg).
          # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
          # Only applicable if `source_protocol` is one of `connected`, `dynamic`, `isis`, `static` and `user`.
          rcf: <str>

          # Routes learned by the OSPF protocol.
          # The `ospf_route_type` is valid for source_protocols 'ospf' and 'ospfv3'.
          ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
      aggregate_addresses:

          # IPv4 prefix "A.B.C.D/E" or IPv6 prefix "A:B:C:D:E:F:G:H/I".
        - prefix: <str; required; unique>
          advertise_only: <bool>
          as_set: <bool>
          summary_only: <bool>
          attribute_map: <str>
          match_map: <str>
      address_family_ipv4:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
          additional_paths:

            # Install BGP backup path.
            install: <bool>

            # Allow additional path with ECMP primary path.
            install_ecmp_primary: <bool>

            # Enable or disable reception of additional-paths.
            receive: <bool>

            # Select an option to send multiple paths for same prefix through bgp updates.
            # any: Send any eligible path.
            # backup: Best path and installed backup path.
            # ecmp: All paths in best path ECMP group.
            # limit: Limit to n eligible paths.
            # disabled: Disable sending any paths.
            send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

            # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
            send_limit: <int; 2-64>

          # Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
          redistribute_internal: <bool>
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>

            # Inbound route-map name.
            route_map_in: <str>

            # Outbound route-map name.
            route_map_out: <str>

            # Inbound RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            rcf_in: <str>

            # Outbound RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            rcf_out: <str>

            # Inbound prefix-list name.
            prefix_list_in: <str>

            # Outbound prefix-list name.
            prefix_list_out: <str>
            next_hop:
              address_family_ipv6:
                enabled: <bool; required>
                originate: <bool>
            additional_paths:

              # Enable or disable reception of additional-paths.
              receive: <bool>

              # Select an option to send multiple paths for same prefix through bgp updates.
              # any: Send any eligible path.
              # backup: Best path and installed backup path.
              # ecmp: All paths in best path ECMP group.
              # limit: Limit to n eligible paths.
              # disabled: Disable sending any paths.
              send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

              # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
              send_limit: <int; 2-64>
        networks:

            # IPv4 prefix "A.B.C.D/E".
          - prefix: <str; required; unique>
            route_map: <str>

        # Redistribute routes in to BGP.
        redistribute:
          attached_host:
            enabled: <bool; required>
            route_map: <str>
          bgp:
            enabled: <bool; required>
            route_map: <str>
          connected:
            enabled: <bool; required>
            route_map: <str>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            rcf: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>
          dynamic:
            enabled: <bool; required>
            route_map: <str>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            rcf: <str>
          isis:
            enabled: <bool; required>

            # Redistribute IS-IS route level.
            isis_level: <str; "level-1" | "level-2" | "level-1-2">
            route_map: <str>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            rcf: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>
          ospf:

            # Redistribute OSPF routes.
            enabled: <bool>

            # Redistribute OSPF routes learned from external sources.
            match_external:
              enabled: <bool; required>
              route_map: <str>

              # Include following routes while redistributing.
              include_leaked: <bool>

            # Redistribute OSPF routes learned from internal sources.
            match_internal:
              enabled: <bool; required>
              route_map: <str>

              # Include following routes while redistributing.
              include_leaked: <bool>

            # Redistribute OSPF routes learned from external NSSA sources.
            match_nssa_external:
              enabled: <bool; required>

              # NSSA External Type Number.
              nssa_type: <int; 1 | 2>
              route_map: <str>

              # Include following routes while redistributing.
              include_leaked: <bool>
            route_map: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>
          ospfv3:

            # Redistribute OSPFv3 routes.
            enabled: <bool>

            # Redistribute OSPFv3 routes learned from external sources.
            match_external:
              enabled: <bool; required>
              route_map: <str>

              # Include following routes while redistributing.
              include_leaked: <bool>

            # Redistribute OSPFv3 routes learned from internal sources.
            match_internal:
              enabled: <bool; required>
              route_map: <str>

              # Include following routes while redistributing.
              include_leaked: <bool>

            # Redistribute OSPFv3 routes learned from external NSSA sources.
            match_nssa_external:
              enabled: <bool; required>

              # NSSA External Type Number.
              nssa_type: <int; 1 | 2>
              route_map: <str>

              # Include following routes while redistributing.
              include_leaked: <bool>
            route_map: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>
          rip:
            enabled: <bool; required>
            route_map: <str>
          static:
            enabled: <bool; required>
            route_map: <str>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            rcf: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>
          user:
            enabled: <bool; required>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            rcf: <str>
        # This key is deprecated.
        # Support will be removed in AVD version 6.0.0.
        # Use <samp>redistribute</samp> instead.
        redistribute_routes:
          - source_protocol: <str; "attached-host" | "bgp" | "connected" | "dynamic" | "isis" | "ospf" | "ospfv3" | "rip" | "static" | "user"; required>
            route_map: <str>
            include_leaked: <bool>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            # Only applicable if `source_protocol` is one of `connected`, `dynamic`, `isis`, `static` and `user`.
            rcf: <str>

            # Routes learned by the OSPF protocol.
            # The `ospf_route_type` is valid for source_protocols 'ospf' and 'ospfv3'.
            ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
      address_family_ipv6:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
          additional_paths:

            # Install BGP backup path.
            install: <bool>

            # Allow additional path with ECMP primary path.
            install_ecmp_primary: <bool>

            # Enable or disable reception of additional-paths.
            receive: <bool>

            # Select an option to send multiple paths for same prefix through bgp updates.
            # any: Send any eligible path.
            # backup: Best path and installed backup path.
            # ecmp: All paths in best path ECMP group.
            # limit: Limit to n eligible paths.
            # disabled: Disable sending any paths.
            send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

            # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
            send_limit: <int; 2-64>

          # Allow redistribution of iBGP routes into an Interior Gateway Protocol (IGP). EOS default is true.
          redistribute_internal: <bool>
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>

            # Inbound route-map name.
            route_map_in: <str>

            # Outbound route-map name.
            route_map_out: <str>

            # Inbound RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            rcf_in: <str>

            # Outbound RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            rcf_out: <str>

            # Inbound prefix-list name.
            prefix_list_in: <str>

            # Outbound prefix-list name.
            prefix_list_out: <str>
            additional_paths:

              # Enable or disable reception of additional-paths.
              receive: <bool>

              # Select an option to send multiple paths for same prefix through bgp updates.
              # any: Send any eligible path.
              # backup: Best path and installed backup path.
              # ecmp: All paths in best path ECMP group.
              # limit: Limit to n eligible paths.
              # disabled: Disable sending any paths.
              send: <str; "any" | "backup" | "ecmp" | "limit" | "disabled">

              # Number of paths to send through bgp updates. For this setting, `send` must be set to `limit` or `ecmp`.
              send_limit: <int; 2-64>
        networks:

            # IPv6 prefix "A:B:C:D:E:F:G:H/I".
          - prefix: <str; required; unique>
            route_map: <str>

        # Redistribute routes in to BGP.
        redistribute:
          attached_host:
            enabled: <bool; required>
            route_map: <str>
          bgp:
            enabled: <bool; required>
            route_map: <str>
          connected:
            enabled: <bool; required>
            route_map: <str>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            rcf: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>
          dhcp:
            enabled: <bool; required>
            route_map: <str>
          dynamic:
            enabled: <bool; required>
            route_map: <str>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            rcf: <str>
          isis:
            enabled: <bool; required>

            # Redistribute IS-IS route level.
            isis_level: <str; "level-1" | "level-2" | "level-1-2">
            route_map: <str>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            rcf: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>
          ospfv3:

            # Redistribute OSPFv3 routes.
            enabled: <bool>

            # Redistribute OSPFv3 routes learned from external sources.
            match_external:
              enabled: <bool; required>
              route_map: <str>

              # Include following routes while redistributing.
              include_leaked: <bool>

            # Redistribute OSPFv3 routes learned from internal sources.
            match_internal:
              enabled: <bool; required>
              route_map: <str>

              # Include following routes while redistributing.
              include_leaked: <bool>

            # Redistribute OSPFv3 routes learned from external NSSA sources.
            match_nssa_external:
              enabled: <bool; required>

              # NSSA External Type Number.
              nssa_type: <int; 1 | 2>
              route_map: <str>

              # Include following routes while redistributing.
              include_leaked: <bool>
            route_map: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>
          static:
            enabled: <bool; required>
            route_map: <str>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            rcf: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>
          user:
            enabled: <bool; required>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            rcf: <str>
        # This key is deprecated.
        # Support will be removed in AVD version 6.0.0.
        # Use <samp>redistribute</samp> instead.
        redistribute_routes:
          - source_protocol: <str; "attached-host" | "bgp" | "connected" | "dhcp" | "dynamic" | "isis" | "ospfv3" | "static" | "user"; required>
            route_map: <str>
            include_leaked: <bool>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            # Only applicable if `source_protocol` is one of `connected`, `dynamic`, `isis`, `static` and `user`.
            rcf: <str>

            # Routes learned by the OSPF protocol.
            # The `ospf_route_type` is valid for source_protocols 'ospfv3'.
            ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
      address_family_ipv4_multicast:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
          additional_paths:
            receive: <bool>
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>

            # Inbound route-map name.
            route_map_in: <str>

            # Outbound route-map name.
            route_map_out: <str>
            additional_paths:
              receive: <bool>
        networks:

            # IPv6 prefix "A.B.C.D/E".
          - prefix: <str; required; unique>
            route_map: <str>

        # Redistribute routes in to BGP.
        redistribute:
          attached_host:
            enabled: <bool; required>
            route_map: <str>
          connected:
            enabled: <bool; required>
            route_map: <str>
          isis:
            enabled: <bool; required>

            # Redistribute IS-IS route level.
            isis_level: <str; "level-1" | "level-2" | "level-1-2">
            route_map: <str>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            rcf: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>
          ospf:

            # Redistribute OSPF routes.
            enabled: <bool>

            # Redistribute OSPF routes learned from external sources.
            match_external:
              enabled: <bool; required>
              route_map: <str>

            # Redistribute OSPF routes learned from internal sources.
            match_internal:
              enabled: <bool; required>
              route_map: <str>

            # Redistribute OSPF routes learned from external NSSA sources.
            match_nssa_external:
              enabled: <bool; required>

              # NSSA External Type Number.
              nssa_type: <int; 1 | 2>
              route_map: <str>
            route_map: <str>
          ospfv3:

            # Redistribute OSPFv3 routes.
            enabled: <bool>

            # Redistribute OSPFv3 routes learned from external sources.
            match_external:
              enabled: <bool; required>
              route_map: <str>

              # Include following routes while redistributing.
              include_leaked: <bool>

            # Redistribute OSPFv3 routes learned from internal sources.
            match_internal:
              enabled: <bool; required>
              route_map: <str>

              # Include following routes while redistributing.
              include_leaked: <bool>

            # Redistribute OSPFv3 routes learned from external NSSA sources.
            match_nssa_external:
              enabled: <bool; required>

              # NSSA External Type Number.
              nssa_type: <int; 1 | 2>
              route_map: <str>

              # Include following routes while redistributing.
              include_leaked: <bool>
            route_map: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>
          static:
            enabled: <bool; required>
            route_map: <str>
        # This key is deprecated.
        # Support will be removed in AVD version 6.0.0.
        # Use <samp>redistribute</samp> instead.
        redistribute_routes:
          - source_protocol: <str; "attached-host" | "connected" | "isis" | "ospf" | "ospfv3" | "static"; required>
            route_map: <str>

            # Only applicable if `source_protocol` is `isis`.
            include_leaked: <bool>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            # Only applicable if `source_protocol` is `isis`.
            rcf: <str>

            # Routes learned by the OSPF protocol.
            # The `ospf_route_type` is valid for source_protocols 'ospf' and 'ospfv3'.
            ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
      address_family_ipv6_multicast:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
          additional_paths:
            receive: <bool>
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>

            # Inbound route-map name.
            route_map_in: <str>

            # Outbound route-map name.
            route_map_out: <str>
            additional_paths:
              receive: <bool>
        networks:

            # IPv6 prefix "A:B:C:D:E:F:G:H/I".
          - prefix: <str; required; unique>
            route_map: <str>

        # Redistribute routes in to BGP.
        redistribute:
          connected:
            enabled: <bool; required>
            route_map: <str>
          isis:
            enabled: <bool; required>

            # Redistribute IS-IS route level.
            isis_level: <str; "level-1" | "level-2" | "level-1-2">
            route_map: <str>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            rcf: <str>

            # Include following routes while redistributing.
            include_leaked: <bool>
          ospf:

            # Redistribute OSPF routes.
            enabled: <bool>

            # Redistribute OSPF routes learned from external sources.
            match_external:
              enabled: <bool; required>
              route_map: <str>

            # Redistribute OSPF routes learned from internal sources.
            match_internal:
              enabled: <bool; required>
              route_map: <str>

            # Redistribute OSPF routes learned from external NSSA sources.
            match_nssa_external:
              enabled: <bool; required>

              # NSSA External Type Number.
              nssa_type: <int; 1 | 2>
              route_map: <str>
            route_map: <str>
          ospfv3:

            # Redistribute OSPFv3 routes.
            enabled: <bool>

            # Redistribute OSPFv3 routes learned from external sources.
            match_external:
              enabled: <bool; required>
              route_map: <str>

            # Redistribute OSPFv3 routes learned from internal sources.
            match_internal:
              enabled: <bool; required>
              route_map: <str>

            # Redistribute OSPFv3 routes learned from external NSSA sources.
            match_nssa_external:
              enabled: <bool; required>

              # NSSA External Type Number.
              nssa_type: <int; 1 | 2>
              route_map: <str>
            route_map: <str>
          static:
            enabled: <bool; required>
            route_map: <str>
        # This key is deprecated.
        # Support will be removed in AVD version 6.0.0.
        # Use <samp>redistribute</samp> instead.
        redistribute_routes:
          - source_protocol: <str; "connected" | "isis" | "ospf" | "ospfv3" | "static"; required>
            route_map: <str>

            # Only applicable if `source_protocol` is `isis`.
            include_leaked: <bool>

            # RCF function name with parenthesis.
            # Example: MyFunction(myarg).
            # `route_map` and `rcf` are mutually exclusive. `route_map` takes precedence.
            # Only applicable if `source_protocol` is `isis`.
            rcf: <str>

            # Routes learned by the OSPF protocol.
            # The `ospf_route_type` is valid for source_protocols 'ospf' and 'ospfv3'.
            ospf_route_type: <str; "external" | "internal" | "nssa-external" | "nssa-external 1" | "nssa-external 2">
      address_family_flow_spec_ipv4:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>
      address_family_flow_spec_ipv6:
        bgp:
          missing_policy:
            direction_in_action: <str; "deny" | "deny-in-out" | "permit">
            direction_out_action: <str; "deny" | "deny-in-out" | "permit">
        neighbors:
          - ip_address: <str; required; unique>
            activate: <bool>

      # Multiline EOS CLI rendered directly on the Router BGP, VRF definition in the final EOS configuration.
      eos_cli: <str>
  session_trackers:

      # Name of session tracker.
    - name: <str; required; unique>

      # Recovery delay in seconds.
      recovery_delay: <int; 1-3600>

  # Multiline EOS CLI rendered directly on the Router BGP in the final EOS configuration.
  eos_cli: <str>

Router general

Variable Type Required Default Value Restrictions Description
router_general Dictionary
  router_id Dictionary
    ipv4 String IPv4 Address.
    ipv6 String IPv6 Address.
  nexthop_fast_failover Boolean False
  vrfs List, items: Dictionary
    - name String Required, Unique Destination-VRF.
      leak_routes List, items: Dictionary
        - source_vrf String
          subscribe_policy String Route-Map Policy.
      routes Dictionary
        dynamic_prefix_lists List, items: Dictionary
          - name String Dynamic Prefix List Name.
  control_functions Dictionary Routing control functions (RCF) used to filter and update routes from a peer or during redistributions.
Warning:
This configuration cannot be pushed with eos_config_deploy_eapi, because of limitations in arista.eos and ansible.netcommon plugins.
The configuration can be pushed via CloudVision with eos_config_deploy_cvp or cv_deploy.
    code_units List, items: Dictionary
      - name String Required, Unique Name of the code unit.
        content String Required Content of route control function.
e.g.
function ACCEPT_ALL() {
return true;
}
EOF
router_general:
  router_id:

    # IPv4 Address.
    ipv4: <str>

    # IPv6 Address.
    ipv6: <str>
  nexthop_fast_failover: <bool; default=False>
  vrfs:

      # Destination-VRF.
    - name: <str; required; unique>
      leak_routes:
        - source_vrf: <str>

          # Route-Map Policy.
          subscribe_policy: <str>
      routes:
        dynamic_prefix_lists:

            # Dynamic Prefix List Name.
          - name: <str>

  # Routing control functions (RCF) used to filter and update routes from a peer or during redistributions.
  # Warning:
  # This configuration cannot be pushed with `eos_config_deploy_eapi`, because of limitations in `arista.eos` and `ansible.netcommon` plugins.
  # The configuration can be pushed via CloudVision with `eos_config_deploy_cvp` or `cv_deploy`.
  control_functions:
    code_units:

        # Name of the code unit.
      - name: <str; required; unique>

        # Content of route control function.
        # e.g.
        # function ACCEPT_ALL() {
        #   return true;
        #   }
        # EOF
        content: <str; required>

Router internet-exit

Variable Type Required Default Value Restrictions Description
router_internet_exit Dictionary Internet-exit feature to configure internet bound service for virtual topologies.
  policies List, items: Dictionary Internet-exit policy represent a policy which can be attached to a virtual topology profile.
    - name String Required, Unique
      exit_groups List, items: Dictionary The exit groups that are configured under a policy are strictly ordered, meaning an exit group appearing first has more priority than the exit group that follows it.
        - name String
  exit_groups List, items: Dictionary Exit groups represent a group of exit options (connections).
Traffic flows are load balanced in a round robin fashion across all the members (exits) of the exit-group.
    - name String Required, Unique
      fib_default Boolean Fib default exit indicates that the flows that select this exit will follow the default route available in the VRF of the flow.
      local_connections List, items: Dictionary Local connections refer to connections configured under the router_service_insertion.
The service-insertion module reports the health of the connection and the exit will qualify for use only when it is healthy.
        - name String
# Internet-exit feature to configure internet bound service for virtual topologies.
router_internet_exit:

  # Internet-exit policy represent a policy which can be attached to a virtual topology profile.
  policies:
    - name: <str; required; unique>

      # The exit groups that are configured under a policy are strictly ordered, meaning an exit group appearing first has more priority than the exit group that follows it.
      exit_groups:
        - name: <str>

  # Exit groups represent a group of exit options (connections).
  # Traffic flows are load balanced in a round robin fashion across all the members (exits) of the exit-group.
  exit_groups:
    - name: <str; required; unique>

      # Fib default exit indicates that the flows that select this exit will follow the default route available in the VRF of the flow.
      fib_default: <bool>

      # Local connections refer to connections configured under the `router_service_insertion`.
      # The service-insertion module reports the health of the connection and the exit will qualify for use only when it is healthy.
      local_connections:
        - name: <str>

Router ISIS

Variable Type Required Default Value Restrictions Description
router_isis Dictionary
  instance String Required ISIS Instance Name.
  net String CLNS Address like “49.0001.0001.0000.0001.00”.
  router_id String IPv4 Address.
  is_type String Valid Values:
- level-1
- level-1-2
- level-2
  log_adjacency_changes Boolean
  mpls_ldp_sync_default Boolean
  timers Dictionary
    local_convergence Dictionary
      protected_prefixes Boolean
      delay Integer 10000 Delay in milliseconds.
    lsp Dictionary Link State Packet timers.
      generation Dictionary
        interval Integer Required Min: 1
Max: 300
Maximum interval (in seconds) between generating two LSPs.
        initial_wait_time Integer Min: 1
Max: 300000
Initial wait time (in milliseconds) before generating LSPs.
        wait_time Integer Min: 1
Max: 300000
Wait time (in milliseconds) between generating the first and second LSPs.
      out_delay Integer Min: 1
Max: 65000
Transmit delay (in milliseconds) for link state packets.
      refresh_interval Integer Min: 30
Max: 65535
Interval (in seconds) between two LSP refreshes.
      min_remaining_lifetime Integer Min: 60
Max: 65535
Minimum remaining lifetime for LSPs (in seconds).
    csnp Dictionary CSN Packet timers.
      generation Dictionary
        interval Integer Min: 1
Max: 300
Transmit frequency (in seconds) for CSN packets.
        p2p_disabled Boolean Disable periodic CSN packets for P2P links.
  set_overload_bit Dictionary
    enabled Boolean
    on_startup Dictionary
      delay Integer Number of seconds.
      wait_for_bgp Dictionary
        enabled Boolean
        timeout Integer Number of seconds.
  authentication Dictionary
    both Dictionary Authentication settings for level-1 and level-2. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
      key_type String Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
      key String Password string. key_type is required for this setting.
      key_ids List, items: Dictionary
        - id Integer Required, Unique Min: 1
Max: 65535
Configure authentication key-id.
          algorithm String Required Valid Values:
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
          key_type String Required Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
          key String Required Password string.
          rfc_5310 Boolean SHA digest computation according to rfc5310.
      mode String Valid Values:
- md5
- sha
- text
- shared-secret
Authentication mode.
      sha Dictionary Required settings for authentication mode ‘sha’.
        key_id Integer Required Min: 1
Max: 65535
      shared_secret Dictionary Required settings for authentication mode ‘shared_secret’.
        profile String Required
        algorithm String Required Valid Values:
- md5
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
      rx_disabled Boolean Disable authentication check on the receive side.
    level_1 Dictionary Authentication settings for level-1. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
      key_type String Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
      key String Password string. key_type is required for this setting.
      key_ids List, items: Dictionary
        - id Integer Required, Unique Min: 1
Max: 65535
Configure authentication key-id.
          algorithm String Required Valid Values:
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
          key_type String Required Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
          key String Required Password string.
          rfc_5310 Boolean SHA digest computation according to rfc5310.
      mode String Valid Values:
- md5
- sha
- text
- shared-secret
Authentication mode.
      sha Dictionary Required settings for authentication mode ‘sha’.
        key_id Integer Required Min: 1
Max: 65535
      shared_secret Dictionary Required settings for authentication mode ‘shared_secret’.
        profile String Required
        algorithm String Required Valid Values:
- md5
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
      rx_disabled Boolean Disable authentication check on the receive side.
    level_2 Dictionary Authentication settings for level-2. ‘both’ takes precedence over ‘level_1’ and ‘level_2’ settings.
      key_type String Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
      key String Password string. key_type is required for this setting.
      key_ids List, items: Dictionary
        - id Integer Required, Unique Min: 1
Max: 65535
Configure authentication key-id.
          algorithm String Required Valid Values:
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
          key_type String Required Valid Values:
- 0
- 7
- 8a
Configure authentication key type.
          key String Required Password string.
          rfc_5310 Boolean SHA digest computation according to rfc5310.
      mode String Valid Values:
- md5
- sha
- text
- shared-secret
Authentication mode.
      sha Dictionary Required settings for authentication mode ‘sha’.
        key_id Integer Required Min: 1
Max: 65535
      shared_secret Dictionary Required settings for authentication mode ‘shared_secret’.
        profile String Required
        algorithm String Required Valid Values:
- md5
- sha-1
- sha-224
- sha-256
- sha-384
- sha-512
      rx_disabled Boolean Disable authentication check on the receive side.
  advertise Dictionary
    passive_only Boolean
  redistribute_routes List, items: Dictionary
    - source_protocol String Required Valid Values:
- bgp
- connected
- isis
- ospf
- ospfv3
- static
      route_map String Route-map name.
      include_leaked Boolean
      ospf_route_type String Valid Values:
- external
- internal
- nssa-external
ospf_route_type is required with source_protocols ‘ospf’ and ‘ospfv3’.
  address_family_ipv4 Dictionary
    enabled Boolean Required
    maximum_paths Integer Min: 1
Max: 128
    bfd_all_interfaces Boolean Enable BFD on all interfaces.
    fast_reroute_ti_lfa Dictionary
      mode String Valid Values:
- link-protection
- node-protection
      level String Valid Values:
- level-1
- level-2
      srlg Dictionary Shared Risk Link Group.
        enable Boolean
        strict Boolean
    tunnel_source_labeled_unicast Dictionary
      enabled Boolean
      rcf String Route Control Function.
  address_family_ipv6 Dictionary
    enabled Boolean Required
    maximum_paths Integer Min: 1
Max: 128
    bfd_all_interfaces Boolean Enable BFD on all interfaces.
    fast_reroute_ti_lfa Dictionary
      mode String Valid Values:
- link-protection
- node-protection
      level String Valid Values:
- level-1
- level-2
Optional, default is to protect all levels.
      srlg Dictionary Shared Risk Link Group.
        enable Boolean
        strict Boolean
  segment_routing_mpls Dictionary
    enabled Boolean
    router_id String
    prefix_segments List, items: Dictionary
      - prefix String
        index Integer
  spf_interval Dictionary
    interval Integer Maximum interval between two SPFs in seconds or milliseconds.
Range in seconds: <1-300>
Range in milliseconds: <1-300000>
    interval_unit String Valid Values:
- seconds
- milliseconds
If interval unit is not defined EOS takes seconds by default.
    wait_interval Integer Min: 1
Max: 300000
Initial wait interval for SPF in milliseconds.
    hold_interval Integer Min: 1
Max: 300000
Hold interval between the first and second SPF runs in milliseconds.
  graceful_restart Dictionary
    enabled Boolean
    restart_hold_time Integer Min: 5
Max: 300
Number of seconds.
    t2 Dictionary
      level_1_wait_time Integer Min: 5
Max: 300
Level-1 LSP database sync wait time in seconds.
      level_2_wait_time Integer Min: 5
Max: 300
Level-2 LSP database sync wait time in seconds.
  eos_cli String Multiline EOS CLI rendered directly on the router isis in the final EOS configuration.
  address_family removed List This key was removed. Support was removed in AVD version 5.0.0. Use address_family_ipv4.enabled or address_family_ipv6.enabled instead.
  isis_af_defaults removed List This key was removed. Support was removed in AVD version 5.0.0. Use address_family_ipv4/address_family_ipv6 instead.
router_isis:

  # ISIS Instance Name.
  instance: <str; required>

  # CLNS Address like "49.0001.0001.0000.0001.00".
  net: <str>

  # IPv4 Address.
  router_id: <str>
  is_type: <str; "level-1" | "level-1-2" | "level-2">
  log_adjacency_changes: <bool>
  mpls_ldp_sync_default: <bool>
  timers:
    local_convergence:
      protected_prefixes: <bool>

      # Delay in milliseconds.
      delay: <int; default=10000>

    # Link State Packet timers.
    lsp:
      generation:

        # Maximum interval (in seconds) between generating two LSPs.
        interval: <int; 1-300; required>

        # Initial wait time (in milliseconds) before generating LSPs.
        initial_wait_time: <int; 1-300000>

        # Wait time (in milliseconds) between generating the first and second LSPs.
        wait_time: <int; 1-300000>

      # Transmit delay (in milliseconds) for link state packets.
      out_delay: <int; 1-65000>

      # Interval (in seconds) between two LSP refreshes.
      refresh_interval: <int; 30-65535>

      # Minimum remaining lifetime for LSPs (in seconds).
      min_remaining_lifetime: <int; 60-65535>

    # CSN Packet timers.
    csnp:
      generation:

        # Transmit frequency (in seconds) for CSN packets.
        interval: <int; 1-300>

        # Disable periodic CSN packets for P2P links.
        p2p_disabled: <bool>
  set_overload_bit:
    enabled: <bool>
    on_startup:

      # Number of seconds.
      delay: <int>
      wait_for_bgp:
        enabled: <bool>

        # Number of seconds.
        timeout: <int>
  authentication:

    # Authentication settings for level-1 and level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
    both:

      # Configure authentication key type.
      key_type: <str; "0" | "7" | "8a">

      # Password string. `key_type` is required for this setting.
      key: <str>
      key_ids:

          # Configure authentication key-id.
        - id: <int; 1-65535; required; unique>
          algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

          # Configure authentication key type.
          key_type: <str; "0" | "7" | "8a"; required>

          # Password string.
          key: <str; required>

          # SHA digest computation according to rfc5310.
          rfc_5310: <bool>

      # Authentication mode.
      mode: <str; "md5" | "sha" | "text" | "shared-secret">

      # Required settings for authentication mode 'sha'.
      sha:
        key_id: <int; 1-65535; required>

      # Required settings for authentication mode 'shared_secret'.
      shared_secret:
        profile: <str; required>
        algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

      # Disable authentication check on the receive side.
      rx_disabled: <bool>

    # Authentication settings for level-1. 'both' takes precedence over 'level_1' and 'level_2' settings.
    level_1:

      # Configure authentication key type.
      key_type: <str; "0" | "7" | "8a">

      # Password string. `key_type` is required for this setting.
      key: <str>
      key_ids:

          # Configure authentication key-id.
        - id: <int; 1-65535; required; unique>
          algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

          # Configure authentication key type.
          key_type: <str; "0" | "7" | "8a"; required>

          # Password string.
          key: <str; required>

          # SHA digest computation according to rfc5310.
          rfc_5310: <bool>

      # Authentication mode.
      mode: <str; "md5" | "sha" | "text" | "shared-secret">

      # Required settings for authentication mode 'sha'.
      sha:
        key_id: <int; 1-65535; required>

      # Required settings for authentication mode 'shared_secret'.
      shared_secret:
        profile: <str; required>
        algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

      # Disable authentication check on the receive side.
      rx_disabled: <bool>

    # Authentication settings for level-2. 'both' takes precedence over 'level_1' and 'level_2' settings.
    level_2:

      # Configure authentication key type.
      key_type: <str; "0" | "7" | "8a">

      # Password string. `key_type` is required for this setting.
      key: <str>
      key_ids:

          # Configure authentication key-id.
        - id: <int; 1-65535; required; unique>
          algorithm: <str; "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

          # Configure authentication key type.
          key_type: <str; "0" | "7" | "8a"; required>

          # Password string.
          key: <str; required>

          # SHA digest computation according to rfc5310.
          rfc_5310: <bool>

      # Authentication mode.
      mode: <str; "md5" | "sha" | "text" | "shared-secret">

      # Required settings for authentication mode 'sha'.
      sha:
        key_id: <int; 1-65535; required>

      # Required settings for authentication mode 'shared_secret'.
      shared_secret:
        profile: <str; required>
        algorithm: <str; "md5" | "sha-1" | "sha-224" | "sha-256" | "sha-384" | "sha-512"; required>

      # Disable authentication check on the receive side.
      rx_disabled: <bool>
  advertise:
    passive_only: <bool>
  redistribute_routes:
    - source_protocol: <str; "bgp" | "connected" | "isis" | "ospf" | "ospfv3" | "static"; required>

      # Route-map name.
      route_map: <str>
      include_leaked: <bool>

      # ospf_route_type is required with source_protocols 'ospf' and 'ospfv3'.
      ospf_route_type: <str; "external" | "internal" | "nssa-external">
  address_family_ipv4:
    enabled: <bool; required>
    maximum_paths: <int; 1-128>

    # Enable BFD on all interfaces.
    bfd_all_interfaces: <bool>
    fast_reroute_ti_lfa:
      mode: <str; "link-protection" | "node-protection">
      level: <str; "level-1" | "level-2">

      # Shared Risk Link Group.
      srlg:
        enable: <bool>
        strict: <bool>
    tunnel_source_labeled_unicast:
      enabled: <bool>

      # Route Control Function.
      rcf: <str>
  address_family_ipv6:
    enabled: <bool; required>
    maximum_paths: <int; 1-128>

    # Enable BFD on all interfaces.
    bfd_all_interfaces: <bool>
    fast_reroute_ti_lfa:
      mode: <str; "link-protection" | "node-protection">

      # Optional, default is to protect all levels.
      level: <str; "level-1" | "level-2">

      # Shared Risk Link Group.
      srlg:
        enable: <bool>
        strict: <bool>
  segment_routing_mpls:
    enabled: <bool>
    router_id: <str>
    prefix_segments:
      - prefix: <str>
        index: <int>
  spf_interval:

    # Maximum interval between two SPFs in seconds or milliseconds.
    # Range in seconds: <1-300>
    # Range in milliseconds: <1-300000>
    interval: <int>

    # If interval unit is not defined EOS takes `seconds` by default.
    interval_unit: <str; "seconds" | "milliseconds">

    # Initial wait interval for SPF in milliseconds.
    wait_interval: <int; 1-300000>

    # Hold interval between the first and second SPF runs in milliseconds.
    hold_interval: <int; 1-300000>
  graceful_restart:
    enabled: <bool>

    # Number of seconds.
    restart_hold_time: <int; 5-300>
    t2:

      # Level-1 LSP database sync wait time in seconds.
      level_1_wait_time: <int; 5-300>

      # Level-2 LSP database sync wait time in seconds.
      level_2_wait_time: <int; 5-300>

  # Multiline EOS CLI rendered directly on the router isis in the final EOS configuration.
  eos_cli: <str>

Router L2 VPN

Variable Type Required Default Value Restrictions Description
router_l2_vpn Dictionary
  arp_learning_bridged Boolean
  arp_proxy Dictionary
    prefix_list String Prefix-list name. ARP Proxying is disabled for IPv4 addresses defined in the prefix-list.
  arp_selective_install Boolean
  nd_learning_bridged Boolean
  nd_proxy Dictionary
    prefix_list String Prefix-list name. Neighbor Discovery Proxying is disabled for IPv6 addresses defined in the prefix-list.
  nd_rs_flooding_disabled Boolean
  virtual_router_nd_ra_flooding_disabled Boolean
router_l2_vpn:
  arp_learning_bridged: <bool>
  arp_proxy:

    # Prefix-list name. ARP Proxying is disabled for IPv4 addresses defined in the prefix-list.
    prefix_list: <str>
  arp_selective_install: <bool>
  nd_learning_bridged: <bool>
  nd_proxy:

    # Prefix-list name. Neighbor Discovery Proxying is disabled for IPv6 addresses defined in the prefix-list.
    prefix_list: <str>
  nd_rs_flooding_disabled: <bool>
  virtual_router_nd_ra_flooding_disabled: <bool>

Router OSPF

Variable Type Required Default Value Restrictions Description
router_ospf Dictionary
  process_ids List, items: Dictionary
    - id Integer Required, Unique OSPF Process ID.
      vrf String VRF Name for OSPF Process.
      passive_interface_default Boolean
      router_id String IPv4 Address.
      distance Dictionary
        external Integer Min: 1
Max: 255
        inter_area Integer Min: 1
Max: 255
        intra_area Integer Min: 1
Max: 255
      log_adjacency_changes_detail Boolean
      network_prefixes List, items: Dictionary
        - ipv4_prefix String Required, Unique
          area String
      bfd_enable Boolean
      bfd_adjacency_state_any Boolean
      no_passive_interfaces List, items: String
        - <str> String Interface Name.
      distribute_list_in Dictionary
        route_map String
      max_lsa Integer
      timers Dictionary
        lsa Dictionary
          rx_min_interval Integer Min: 0
Max: 600000
Min interval in msecs between accepting the same LSA.
          tx_delay Dictionary
            initial Integer Min: 0
Max: 600000
Delay to generate first occurrence of LSA in msecs.
            min Integer Min: 1
Max: 600000
Min delay between originating the same LSA in msecs.
            max Integer Min: 1
Max: 600000
1-600000 Maximum delay between originating the same LSA in msec.
        spf_delay Dictionary
          initial Integer Min: 0
Max: 600000
Initial SPF schedule delay in msecs.
          min Integer Min: 0
Max: 65535000
Min Hold time between two SPFs in msecs.
          max Integer Min: 0
Max: 65535000
Max wait time between two SPFs in msecs.
      default_information_originate Dictionary
        always Boolean
        metric Integer Min: 1
Max: 65535
Metric for default route.
        metric_type Integer Valid Values:
- 1
- 2
OSPF metric type for default route.
      summary_addresses List, items: Dictionary
        - prefix String Required, Unique Summary Prefix Address.
          tag Integer
          attribute_map String
          not_advertise Boolean
      redistribute Dictionary
        static Dictionary
          enabled Boolean Required
          route_map String Route Map Name.
          include_leaked Boolean
        connected Dictionary
          enabled Boolean Required
          route_map String Route Map Name.
          include_leaked Boolean
        bgp Dictionary
          enabled Boolean Required
          route_map String Route Map Name.
          include_leaked Boolean
      auto_cost_reference_bandwidth Integer Bandwidth in mbps.
      areas List, items: Dictionary
        - id String Required, Unique
          filter Dictionary
            networks List, items: String
              - <str> String IPv4 Prefix.
            prefix_list String Prefix-List Name.
          type String normal Valid Values:
- normal
- stub
- nssa
          no_summary Boolean
          nssa_only Boolean
          default_information_originate Dictionary
            metric Integer Min: 1
Max: 65535
Metric for default route.
            metric_type Integer Valid Values:
- 1
- 2
OSPF metric type for default route.
      maximum_paths Integer Min: 1
Max: 128
      max_metric Dictionary
        router_lsa Dictionary
          external_lsa Dictionary
            override_metric Integer Min: 1
Max: 16777215
          include_stub Boolean
          on_startup String “wait-for-bgp” or Integer 5-86400.
Example: “wait-for-bgp” Or “222”
          summary_lsa Dictionary
            override_metric Integer Min: 1
Max: 16777215
      graceful_restart Dictionary
        enabled Boolean Required
        grace_period Integer Min: 1
Max: 1800
Specify maximum time in seconds to wait for graceful-restart to complete.
      graceful_restart_helper Boolean
      mpls_ldp_sync_default Boolean
      eos_cli String Multiline EOS CLI rendered directly on the Router OSPF process ID in the final EOS configuration.
router_ospf:
  process_ids:

      # OSPF Process ID.
    - id: <int; required; unique>

      # VRF Name for OSPF Process.
      vrf: <str>
      passive_interface_default: <bool>

      # IPv4 Address.
      router_id: <str>
      distance:
        external: <int; 1-255>
        inter_area: <int; 1-255>
        intra_area: <int; 1-255>
      log_adjacency_changes_detail: <bool>
      network_prefixes:
        - ipv4_prefix: <str; required; unique>
          area: <str>
      bfd_enable: <bool>
      bfd_adjacency_state_any: <bool>
      no_passive_interfaces:

          # Interface Name.
        - <str>
      distribute_list_in:
        route_map: <str>
      max_lsa: <int>
      timers:
        lsa:

          # Min interval in msecs between accepting the same LSA.
          rx_min_interval: <int; 0-600000>
          tx_delay:

            # Delay to generate first occurrence of LSA in msecs.
            initial: <int; 0-600000>

            # Min delay between originating the same LSA in msecs.
            min: <int; 1-600000>

            # 1-600000 Maximum delay between originating the same LSA in msec.
            max: <int; 1-600000>
        spf_delay:

          # Initial SPF schedule delay in msecs.
          initial: <int; 0-600000>

          # Min Hold time between two SPFs in msecs.
          min: <int; 0-65535000>

          # Max wait time between two SPFs in msecs.
          max: <int; 0-65535000>
      default_information_originate:
        always: <bool>

        # Metric for default route.
        metric: <int; 1-65535>

        # OSPF metric type for default route.
        metric_type: <int; 1 | 2>
      summary_addresses:

          # Summary Prefix Address.
        - prefix: <str; required; unique>
          tag: <int>
          attribute_map: <str>
          not_advertise: <bool>
      redistribute:
        static:
          enabled: <bool; required>

          # Route Map Name.
          route_map: <str>
          include_leaked: <bool>
        connected:
          enabled: <bool; required>

          # Route Map Name.
          route_map: <str>
          include_leaked: <bool>
        bgp:
          enabled: <bool; required>

          # Route Map Name.
          route_map: <str>
          include_leaked: <bool>

      # Bandwidth in mbps.
      auto_cost_reference_bandwidth: <int>
      areas:
        - id: <str; required; unique>
          filter:
            networks:

                # IPv4 Prefix.
              - <str>

            # Prefix-List Name.
            prefix_list: <str>
          type: <str; "normal" | "stub" | "nssa"; default="normal">
          no_summary: <bool>
          nssa_only: <bool>
          default_information_originate:

            # Metric for default route.
            metric: <int; 1-65535>

            # OSPF metric type for default route.
            metric_type: <int; 1 | 2>
      maximum_paths: <int; 1-128>
      max_metric:
        router_lsa:
          external_lsa:
            override_metric: <int; 1-16777215>
          include_stub: <bool>

          # "wait-for-bgp" or Integer 5-86400.
          # Example: "wait-for-bgp" Or "222"
          on_startup: <str>
          summary_lsa:
            override_metric: <int; 1-16777215>
      graceful_restart:
        enabled: <bool; required>

        # Specify maximum time in seconds to wait for graceful-restart to complete.
        grace_period: <int; 1-1800>
      graceful_restart_helper: <bool>
      mpls_ldp_sync_default: <bool>

      # Multiline EOS CLI rendered directly on the Router OSPF process ID in the final EOS configuration.
      eos_cli: <str>

Router path selection

Variable Type Required Default Value Restrictions Description
router_path_selection Dictionary Dynamic path selection configuration.
  peer_dynamic_source String Valid Values:
- stun
Source of dynamic peer discovery.
  path_groups List, items: Dictionary
    - name String Required, Unique Path group name.
      id Integer Min: 1
Max: 65535
Path group ID.
      ipsec_profile String IPSec profile for the path group.
      flow_assignment String Valid Values:
- lan
Flow assignment lan can not be configured in a path group with dynamic peers.
      local_interfaces List, items: Dictionary
        - name String Required, Unique Pattern: ^(Port-Channel|Ethernet(\d+/)*)\d+(\.\d+)?$ Local interface name.
          public_address String Public IP assigned by NAT.
          stun Dictionary
            server_profiles List, items: String Required Min Length: 1
Max Length: 12
STUN server-profile names.
              - <str> String
      local_ips List, items: Dictionary
        - ip_address String Required, Unique
          public_address String Public IP assigned by NAT.
          stun Dictionary
            server_profiles List, items: String Required Min Length: 1
Max Length: 12
STUN server-profile names.
              - <str> String
      dynamic_peers Dictionary Flow assignment lan can not be configured in a path group with dynamic peers.
        enabled Boolean Enable peer dynamic.
        ip_local Boolean Prefer local IP address.
        ipsec Boolean IPsec configuration for dynamic peers.
      static_peers List, items: Dictionary
        - router_ip String Required, Unique Peer router IP.
          name String Name of the site.
          ipv4_addresses List, items: String Static IPv4 addresses.
            - <str> String
      keepalive Dictionary
        auto Boolean False Enable adaptive keepalive and feedback interval.
        interval Integer Min: 50
Max: 60000
Interval in milliseconds.
        failure_threshold Integer Min: 2
Max: 100
Failure threshold in number of intervals. Required when interval is set.
  load_balance_policies List, items: Dictionary
    - name String Required, Unique Load-balance policy name.
      lowest_hop_count Boolean Prefer paths with lowest hop-count.
      jitter Integer Min: 0
Max: 10000
Jitter requirement for this load balance policy in milliseconds.
      latency Integer Min: 0
Max: 10000
One way delay requirement for this load balance policy in milliseconds.
      loss_rate String Pattern: ^\d+(\.\d{1,2})?$ Loss Rate requirement in percentage for this load balance policy.
Value between 0.00 and 100.00.
      path_groups List, items: Dictionary List of path-groups to use for this load balance policy.
        - name String Required, Unique Path-group name.
          priority Integer Min: 1
Max: 65535
Priority for this path-group.
The EOS default value is 1.
  policies List, items: Dictionary
    - name String Required, Unique DPS policy name.
      default_match Dictionary
        load_balance String Name of the load-balance policy.
      rules List, items: Dictionary
        - id Integer Required, Unique Min: 1
Max: 255
Rule ID.
          application_profile String Required
          load_balance String Name of the load-balance policy.
  vrfs List, items: Dictionary
    - name String Required, Unique VRF name.
      path_selection_policy String DPS policy name to use for this VRF.
  tcp_mss_ceiling Dictionary
    ipv4_segment_size String Segment Size for IPv4.
Can be an integer in the range 64-65515 or “auto”.
“auto” will enable auto-discovery which clamps the TCP MSS value to the minimum of all the direct paths
and multi-hop path MTU towards a remote VTEP (minus 40bytes to account for IP + TCP header).
    direction String ingress Valid Values:
- ingress
Enforce on packets through DPS tunnel for a specific direction.
Only ‘ingress’ direction is supported.
# Dynamic path selection configuration.
router_path_selection:

  # Source of dynamic peer discovery.
  peer_dynamic_source: <str; "stun">
  path_groups:

      # Path group name.
    - name: <str; required; unique>

      # Path group ID.
      id: <int; 1-65535>

      # IPSec profile for the path group.
      ipsec_profile: <str>

      # Flow assignment `lan` can not be configured in a path group with dynamic peers.
      flow_assignment: <str; "lan">
      local_interfaces:

          # Local interface name.
        - name: <str; required; unique>

          # Public IP assigned by NAT.
          public_address: <str>
          stun:

            # STUN server-profile names.
            server_profiles: # 1-12 items; required
              - <str>
      local_ips:
        - ip_address: <str; required; unique>

          # Public IP assigned by NAT.
          public_address: <str>
          stun:

            # STUN server-profile names.
            server_profiles: # 1-12 items; required
              - <str>

      # Flow assignment `lan` can not be configured in a path group with dynamic peers.
      dynamic_peers:

        # Enable `peer dynamic`.
        enabled: <bool>

        # Prefer local IP address.
        ip_local: <bool>

        # IPsec configuration for dynamic peers.
        ipsec: <bool>
      static_peers:

          # Peer router IP.
        - router_ip: <str; required; unique>

          # Name of the site.
          name: <str>

          # Static IPv4 addresses.
          ipv4_addresses:
            - <str>
      keepalive:

        # Enable adaptive keepalive and feedback interval.
        auto: <bool; default=False>

        # Interval in milliseconds.
        interval: <int; 50-60000>

        # Failure threshold in number of intervals. Required when `interval` is set.
        failure_threshold: <int; 2-100>
  load_balance_policies:

      # Load-balance policy name.
    - name: <str; required; unique>

      # Prefer paths with lowest hop-count.
      lowest_hop_count: <bool>

      # Jitter requirement for this load balance policy in milliseconds.
      jitter: <int; 0-10000>

      # One way delay requirement for this load balance policy in milliseconds.
      latency: <int; 0-10000>

      # Loss Rate requirement in percentage for this load balance policy.
      # Value between 0.00 and 100.00.
      loss_rate: <str>

      # List of path-groups to use for this load balance policy.
      path_groups:

          # Path-group name.
        - name: <str; required; unique>

          # Priority for this path-group.
          # The EOS default value is 1.
          priority: <int; 1-65535>
  policies:

      # DPS policy name.
    - name: <str; required; unique>
      default_match:

        # Name of the load-balance policy.
        load_balance: <str>
      rules:

          # Rule ID.
        - id: <int; 1-255; required; unique>
          application_profile: <str; required>

          # Name of the load-balance policy.
          load_balance: <str>
  vrfs:

      # VRF name.
    - name: <str; required; unique>

      # DPS policy name to use for this VRF.
      path_selection_policy: <str>
  tcp_mss_ceiling:

    # Segment Size for IPv4.
    # Can be an integer in the range 64-65515 or "auto".
    # "auto" will enable auto-discovery which clamps the TCP MSS value to the minimum of all the direct paths
    # and multi-hop path MTU towards a remote VTEP (minus 40bytes to account for IP + TCP header).
    ipv4_segment_size: <str>

    # Enforce on packets through DPS tunnel for a specific direction.
    # Only 'ingress' direction is supported.
    direction: <str; "ingress"; default="ingress">

Router service-insertion

Variable Type Required Default Value Restrictions Description
router_service_insertion Dictionary Configure network services inserted to data forwarding.
  enabled Boolean
  connections List, items: Dictionary
    - name String Required, Unique Connection name.
      ethernet_interface Dictionary Outgoing physical interface or subinterface to use for the connection.
If both ethernet_interface and tunnel_interface are configured, ethernet_interface will be used.
        name String Required e.g. Ethernet2 or Ethernet2/2.2
        next_hop String Required Next-hop IPv4 address (without mask).
      tunnel_interface Dictionary Outgoing tunnel interface(s) to use for this connection.
If both ethernet_interface and tunnel_interface are configured, ethernet_interface will be used.
        primary String e.g. Tunnel2
        secondary String e.g. Tunnel3
      monitor_connectivity_host String Name of the host defined under monitor_connectivity.hosts used to derive the health of the connection.
# Configure network services inserted to data forwarding.
router_service_insertion:
  enabled: <bool>
  connections:

      # Connection name.
    - name: <str; required; unique>

      # Outgoing physical interface or subinterface to use for the connection.
      # If both `ethernet_interface` and `tunnel_interface` are configured, `ethernet_interface` will be used.
      ethernet_interface:

        # e.g. Ethernet2 or Ethernet2/2.2
        name: <str; required>

        # Next-hop IPv4 address (without mask).
        next_hop: <str; required>

      # Outgoing tunnel interface(s) to use for this connection.
      # If both `ethernet_interface` and `tunnel_interface` are configured, `ethernet_interface` will be used.
      tunnel_interface:

        # e.g. Tunnel2
        primary: <str>

        # e.g. Tunnel3
        secondary: <str>

      # Name of the host defined under `monitor_connectivity.hosts` used to derive the health of the connection.
      monitor_connectivity_host: <str>

Router traffic engineering

Variable Type Required Default Value Restrictions Description
router_traffic_engineering Dictionary
  enabled Boolean Required
  router_id Dictionary
    ipv4 String
    ipv6 String
  segment_routing Dictionary
    colored_tunnel_rib Boolean
    policy_endpoints List, items: Dictionary
      - address String IPv4 or IPv6 address.
        colors List, items: Dictionary
          - value Integer Required, Unique
            binding_sid Integer
            description String
            name String
            sbfd_remote_discriminator String IPv4 address or 32 bit integer.
            path_group List, items: Dictionary
              - preference Integer
                explicit_null String Valid Values:
- ipv4
- ipv6
- ipv4 ipv6
- none
                segment_list List, items: Dictionary
                  - label_stack String Label Stack as string.
Example: “100 2000 30”
                    weight Integer
                    index Integer
router_traffic_engineering:
  enabled: <bool; required>
  router_id:
    ipv4: <str>
    ipv6: <str>
  segment_routing:
    colored_tunnel_rib: <bool>
    policy_endpoints:

        # IPv4 or IPv6 address.
      - address: <str>
        colors:
          - value: <int; required; unique>
            binding_sid: <int>
            description: <str>
            name: <str>

            # IPv4 address or 32 bit integer.
            sbfd_remote_discriminator: <str>
            path_group:
              - preference: <int>
                explicit_null: <str; "ipv4" | "ipv6" | "ipv4 ipv6" | "none">
                segment_list:

                    # Label Stack as string.
                    # Example: "100 2000 30"
                  - label_stack: <str>
                    weight: <int>
                    index: <int>

Service routing configuration bgp

Variable Type Required Default Value Restrictions Description
service_routing_configuration_bgp Dictionary
  no_equals_default Boolean
service_routing_configuration_bgp:
  no_equals_default: <bool>

Service routing protocols model

Variable Type Required Default Value Restrictions Description
service_routing_protocols_model String Valid Values:
- multi-agent
- ribd
service_routing_protocols_model: <str; "multi-agent" | "ribd">

Static routes

Variable Type Required Default Value Restrictions Description
static_routes List, items: Dictionary
  - vrf String VRF Name.
    destination_address_prefix String IPv4_network/Mask.
    interface String
    gateway String IPv4 Address.
    track_bfd Boolean Track next-hop using BFD.
    distance Integer Min: 1
Max: 255
    tag Integer Min: 0
Max: 4294967295
    name String Description.
    metric Integer Min: 0
Max: 4294967295
static_routes:

    # VRF Name.
  - vrf: <str>

    # IPv4_network/Mask.
    destination_address_prefix: <str>
    interface: <str>

    # IPv4 Address.
    gateway: <str>

    # Track next-hop using BFD.
    track_bfd: <bool>
    distance: <int; 1-255>
    tag: <int; 0-4294967295>

    # Description.
    name: <str>
    metric: <int; 0-4294967295>

STUN

Variable Type Required Default Value Restrictions Description
stun Dictionary STUN configuration.
  client Dictionary STUN client settings.
    server_profiles List, items: Dictionary List of server profiles for the client.
      - name String Required, Unique
        ip_address String
        ssl_profile String SSL profile name.
        port Integer Min: 1
Max: 65535
Destination port for the request STUN server (default - 3478).
  server Dictionary STUN server settings.
    local_interfaces List, items: String Min Length: 1
      - <str> String
    bindings_timeout Integer Min: 10
Max: 7200
Timeout for bindings stored on STUN server in seconds.
    ssl_profile String SSL profile name.
    ssl_connection_lifetime Dictionary SSL connection lifetime in minutes or hours.
If both are specified, minutes is given higher precedence.
      minutes Integer Min: 1
Max: 1440
SSL connection lifetime in minutes (default - 120).
      hours Integer Min: 1
Max: 24
SSL connection lifetime in hours (default - 2).
    port Integer Min: 1
Max: 65535
Listening port for STUN server (default - 3478).
    local_interface removed String This key was removed. Support was removed in AVD version v5.0.0. Use local_interfaces instead.
# STUN configuration.
stun:

  # STUN client settings.
  client:

    # List of server profiles for the client.
    server_profiles:
      - name: <str; required; unique>
        ip_address: <str>

        # SSL profile name.
        ssl_profile: <str>

        # Destination port for the request STUN server (default - 3478).
        port: <int; 1-65535>

  # STUN server settings.
  server:
    local_interfaces: # >=1 items
      - <str>

    # Timeout for bindings stored on STUN server in seconds.
    bindings_timeout: <int; 10-7200>

    # SSL profile name.
    ssl_profile: <str>

    # SSL connection lifetime in minutes or hours.
    # If both are specified, minutes is given higher precedence.
    ssl_connection_lifetime:

      # SSL connection lifetime in minutes (default - 120).
      minutes: <int; 1-1440>

      # SSL connection lifetime in hours (default - 2).
      hours: <int; 1-24>

    # Listening port for STUN server (default - 3478).
    port: <int; 1-65535>

VRFs

Variable Type Required Default Value Restrictions Description
vrfs List, items: Dictionary These keys are ignored if the name of the vrf is ‘default’.
  - name String Required, Unique VRF Name.
    description String
    ip_routing Boolean
    ipv6_routing Boolean
    ip_routing_ipv6_interfaces Boolean
    tenant String Key only used for documentation or validation purposes.
# These keys are ignored if the name of the vrf is 'default'.
vrfs:

    # VRF Name.
  - name: <str; required; unique>
    description: <str>
    ip_routing: <bool>
    ipv6_routing: <bool>
    ip_routing_ipv6_interfaces: <bool>

    # Key only used for documentation or validation purposes.
    tenant: <str>

Security

IP Security

Variable Type Required Default Value Restrictions Description
ip_security Dictionary
  ike_policies List, items: Dictionary Internet Security Association and Key Mgmt Protocol.
    - name String Required, Unique Policy name.
      local_id String Local IKE identification.
Can be an IPv4 or an IPv6 address.
If both local_id and local_id_fqdn are set, local_id_fqdn takes precedence.
      local_id_fqdn String Local FQDN or UFQDN IKE identification.
If both local_id and local_id_fqdn are set, local_id_fqdn takes precedence.
      ike_lifetime Integer Min: 1
Max: 24
IKE lifetime in hours.
      encryption String Valid Values:
- 3des
- aes128
- aes256
IKE encryption algorithm.
      dh_group Integer Valid Values:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 20
- 21
- 24
Diffie-Hellman group for the key exchange.
      integrity String Valid Values:
- md5
- sha1
- sha256
- sha384
- sha512
Integrity algorithm.
  sa_policies List, items: Dictionary Security Association policies.
    - name String Required, Unique Name of the SA policy.
      sa_lifetime Dictionary
        value Integer Lifetime value for this SA.
Valid range depends on the unit.
<1-24> Lifetime in hours ( default )
<1-4000000> Packet limit in thousands
<1-6000> Byte limit in GB ( 1024 MB )
<1-6144000> Byte limit in MB ( 1024 KB )
        unit String hours Valid Values:
- gigabytes
- hours
- megabytes
- thousand-packets
      esp Dictionary
        integrity String Valid Values:
- disabled
- sha1
- sha256
- sha384
- sha512
- md5
        encryption String Valid Values:
- disabled
- aes128
- aes128gcm128
- aes128gcm64
- aes256
- aes256gcm128
- 3des
      pfs_dh_group Integer Valid Values:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 20
- 21
- 24
  profiles List, items: Dictionary IPSec profiles.
    - name String Required, Unique Name of the IPsec profile.
      ike_policy String Name of the IKE policy to use in this profile.
      sa_policy String Name of the Security Association to use in this profile.
      connection String Valid Values:
- add
- start
- route
IPsec connection (Initiator/Responder/Dynamic).
      shared_key String Encrypted password - only type 7 supported.
      dpd Dictionary Dead Peer Detection.
        interval Integer Required Min: 2
Max: 3600
Interval (in seconds) between keep-alive messages.
        time Integer Required Min: 10
Max: 3600
Time (in seconds) after which the action is applied.
        action String Required Valid Values:
- clear
- hold
- restart
Action to apply.

* ‘clear’: Delete all connections
* ‘hold’: Re-negotiate connection on demand
* ‘restart’: Restart connection immediately
      mode String Valid Values:
- transport
- tunnel
Ipsec mode type.
      flow_parallelization_encapsulation_udp Boolean Enable flow parallelization.
When enabled, multiple cores are used to parallelize the IPsec encryption and decryption processing.
  key_controller Dictionary
    profile String IPsec profile name to use.
  hardware_encryption_disabled Boolean False Disable hardware encryption.
An SFE restart is needed for this change to take effect.
ip_security:

  # Internet Security Association and Key Mgmt Protocol.
  ike_policies:

      # Policy name.
    - name: <str; required; unique>

      # Local IKE identification.
      # Can be an IPv4 or an IPv6 address.
      # If both `local_id` and `local_id_fqdn` are set, `local_id_fqdn` takes precedence.
      local_id: <str>

      # Local FQDN or UFQDN IKE identification.
      # If both `local_id` and `local_id_fqdn` are set, `local_id_fqdn` takes precedence.
      local_id_fqdn: <str>

      # IKE lifetime in hours.
      ike_lifetime: <int; 1-24>

      # IKE encryption algorithm.
      encryption: <str; "3des" | "aes128" | "aes256">

      # Diffie-Hellman group for the key exchange.
      dh_group: <int; 1 | 2 | 5 | 14 | 15 | 16 | 17 | 20 | 21 | 24>

      # Integrity algorithm.
      integrity: <str; "md5" | "sha1" | "sha256" | "sha384" | "sha512">

  # Security Association policies.
  sa_policies:

      # Name of the SA policy.
    - name: <str; required; unique>
      sa_lifetime:

        # Lifetime value for this SA.
        # Valid range depends on the unit.
        # <1-24>       Lifetime in hours ( default )
        # <1-4000000>  Packet limit in thousands
        # <1-6000>     Byte limit in GB ( 1024 MB )
        # <1-6144000>  Byte limit in MB ( 1024 KB )
        value: <int>
        unit: <str; "gigabytes" | "hours" | "megabytes" | "thousand-packets"; default="hours">
      esp:
        integrity: <str; "disabled" | "sha1" | "sha256" | "sha384" | "sha512" | "md5">
        encryption: <str; "disabled" | "aes128" | "aes128gcm128" | "aes128gcm64" | "aes256" | "aes256gcm128" | "3des">
      pfs_dh_group: <int; 1 | 2 | 5 | 14 | 15 | 16 | 17 | 20 | 21 | 24>

  # IPSec profiles.
  profiles:

      # Name of the IPsec profile.
    - name: <str; required; unique>

      # Name of the IKE policy to use in this profile.
      ike_policy: <str>

      # Name of the Security Association to use in this profile.
      sa_policy: <str>

      # IPsec connection (Initiator/Responder/Dynamic).
      connection: <str; "add" | "start" | "route">

      # Encrypted password - only type 7 supported.
      shared_key: <str>

      # Dead Peer Detection.
      dpd:

        # Interval (in seconds) between keep-alive messages.
        interval: <int; 2-3600; required>

        # Time (in seconds) after which the action is applied.
        time: <int; 10-3600; required>

        # Action to apply.
        #
        # * 'clear': Delete all connections
        # * 'hold': Re-negotiate connection on demand
        # * 'restart': Restart connection immediately
        action: <str; "clear" | "hold" | "restart"; required>

      # Ipsec mode type.
      mode: <str; "transport" | "tunnel">

      # Enable flow parallelization.
      # When enabled, multiple cores are used to parallelize the IPsec encryption and decryption processing.
      flow_parallelization_encapsulation_udp: <bool>
  key_controller:

    # IPsec profile name to use.
    profile: <str>

  # Disable hardware encryption.
  # An SFE restart is needed for this change to take effect.
  hardware_encryption_disabled: <bool; default=False>

Router segment-security

Variable Type Required Default Value Restrictions Description
router_segment_security Dictionary
  enabled Boolean
  policies List, items: Dictionary Customised application policies.
Using the Application Traffic Recognition L4 profiles, custom policies can be defined. The built-in application ‘app-match-all’ can be used to match any packets.
Note that this is stateless, so both the source and destination flows need to be considered.
    - name String Required, Unique Policy name.
      sequence_numbers List, items: Dictionary Required
        - sequence Integer Required, Unique Min: 1
Max: 1023
Sequence ID.
          application String Required The name of the application.
          action String Required Valid Values:
- forward
- drop
- redirect
The action to take - note that platform support for the redirect action is limited. The “redirect” action also requires the ‘next_hop’ to be configured.
          log Boolean Enable logging - note that platform support is limited.
          stateless Boolean True Take action, regardless of state. Should be set to ‘true’ for MSS-G.
          next_hop String When the action is ‘redirect’, this indicates the IPv4 next hop to redirect to.
  vrfs List, items: Dictionary The name of the VRF that the segments and policies are defined in.
    - name String Required, Unique
      segments List, items: Dictionary Required
        - name String Required, Unique Segment name.
          definition Dictionary
            interfaces List, items: String Min Length: 1 The names of the source interface e.g. Port-Channel1 - note that platform support is limited.
              - <str> String
            match_lists List, items: Dictionary Min Length: 1
Max Length: 2
The set of lists that define the segment. These can be a mix of IPv4 and IPv6 prefix or match lists.
              - address_family String Required, Unique Valid Values:
- ipv4
- ipv6
Indicate which address-family the match list belongs to e.g. ipv4 or ipv6.
                covered_prefix_list String The name of the prefix-list. You can have a maximum of one per address-family. Mutually exclusive to the use of match_list. If both are configured prefix takes precedence.
                prefix String The name of the match-list. You can have a maximum of one per address-family. Mutually exclusive to the use of covered_prefix_list. If both are configured prefix takes precedence.
          policies List, items: Dictionary The policies controlling traffic into the segment.
            - from String Required, Unique The name of the source segment or ‘forwarding-segments’ for all segments.
              policy String The name of the policy to apply. The built-in policies are ‘policy-forward-all’ and ‘policy-drop-all’.
          fallback_policy String Only supported on the R3 series platforms, this allows a per-segment default policy to be specified by name.
router_segment_security:
  enabled: <bool>

  # Customised application policies.
  # Using the Application Traffic Recognition L4 profiles, custom policies can be defined. The built-in application 'app-match-all' can be used to match any packets.
  # Note that this is stateless, so both the source and destination flows need to be considered.
  policies:

      # Policy name.
    - name: <str; required; unique>
      sequence_numbers: # required

          # Sequence ID.
        - sequence: <int; 1-1023; required; unique>

          # The name of the application.
          application: <str; required>

          # The action to take - note that platform support for the redirect action is limited. The "redirect" action also requires the 'next_hop' to be configured.
          action: <str; "forward" | "drop" | "redirect"; required>

          # Enable logging - note that platform support is limited.
          log: <bool>

          # Take action, regardless of state. Should be set to 'true' for MSS-G.
          stateless: <bool; default=True>

          # When the action is 'redirect', this indicates the IPv4 next hop to redirect to.
          next_hop: <str>

  # The name of the VRF that the segments and policies are defined in.
  vrfs:
    - name: <str; required; unique>
      segments: # required

          # Segment name.
        - name: <str; required; unique>
          definition:

            # The names of the source interface e.g. Port-Channel1 - note that platform support is limited.
            interfaces: # >=1 items
              - <str>

            # The set of lists that define the segment. These can be a mix of IPv4 and IPv6 prefix or match lists.
            match_lists: # 1-2 items

                # Indicate which address-family the match list belongs to e.g. ipv4 or ipv6.
              - address_family: <str; "ipv4" | "ipv6"; required; unique>

                # The name of the prefix-list. You can have a maximum of one per address-family. Mutually exclusive to the use of match_list.  If both are configured prefix takes precedence.
                covered_prefix_list: <str>

                # The name of the match-list. You can have a maximum of one per address-family. Mutually exclusive to the use of covered_prefix_list. If both are configured prefix takes precedence.
                prefix: <str>

          # The policies controlling traffic into the segment.
          policies:

              # The name of the source segment or 'forwarding-segments' for all segments.
            - from: <str; required; unique>

              # The name of the policy to apply. The built-in policies are 'policy-forward-all' and 'policy-drop-all'.
              policy: <str>

          # Only supported on the R3 series platforms, this allows a per-segment default policy to be specified by name.
          fallback_policy: <str>

Switching

MLAG configuration

Variable Type Required Default Value Restrictions Description
mlag_configuration Dictionary
  domain_id String
  heartbeat_interval Integer Heartbeat interval in milliseconds.
  local_interface String Local Interface Name.
  peer_address String IPv4 or IPv6 Address.
  peer_address_heartbeat Dictionary
    peer_ip String IPv4 or IPv6 Address.
    vrf String VRF Name.
  dual_primary_detection_delay Integer Min: 0
Max: 86400
Delay in seconds.
  dual_primary_recovery_delay_mlag Integer Min: 0
Max: 86400
Delay in seconds.
  dual_primary_recovery_delay_non_mlag Integer Min: 0
Max: 86400
Delay in seconds.
  peer_link String Port-Channel interface name.
  reload_delay_mlag String Delay in seconds <0-86400> or ‘infinity’.
  reload_delay_non_mlag String Delay in seconds <0-86400> or ‘infinity’.
mlag_configuration:
  domain_id: <str>

  # Heartbeat interval in milliseconds.
  heartbeat_interval: <int>

  # Local Interface Name.
  local_interface: <str>

  # IPv4 or IPv6 Address.
  peer_address: <str>
  peer_address_heartbeat:

    # IPv4 or IPv6 Address.
    peer_ip: <str>

    # VRF Name.
    vrf: <str>

  # Delay in seconds.
  dual_primary_detection_delay: <int; 0-86400>

  # Delay in seconds.
  dual_primary_recovery_delay_mlag: <int; 0-86400>

  # Delay in seconds.
  dual_primary_recovery_delay_non_mlag: <int; 0-86400>

  # Port-Channel interface name.
  peer_link: <str>

  # Delay in seconds <0-86400> or 'infinity'.
  reload_delay_mlag: <str>

  # Delay in seconds <0-86400> or 'infinity'.
  reload_delay_non_mlag: <str>

Spanning-tree

Variable Type Required Default Value Restrictions Description
spanning_tree Dictionary
  root_super Boolean
  edge_port Dictionary
    bpdufilter_default Boolean
    bpduguard_default Boolean
  mode String Valid Values:
- mstp
- rstp
- rapid-pvst
- none
  bpduguard_rate_limit Dictionary
    default Boolean
    count Integer Maximum number of BPDUs per timer interval.
  rstp_priority Integer
  mst Dictionary
    pvst_border Boolean
    configuration Dictionary
      name String
      revision Integer 0-65535.
      instances List, items: Dictionary
        - id Integer Required, Unique Instance ID.
          vlans String ”< vlan_id >, < vlan_id >-< vlan_id >”
Example: 15,16,17,18
  mst_instances List, items: Dictionary
    - id String Required, Unique Instance ID.
      priority Integer
  no_spanning_tree_vlan String ”< vlan_id >, < vlan_id >-< vlan_id >”
Example: 105,202,505-506
  rapid_pvst_instances List, items: Dictionary
    - id String Required, Unique ”< vlan_id >, < vlan_id >-< vlan_id >”
Example: 105,202,505-506
      priority Integer
spanning_tree:
  root_super: <bool>
  edge_port:
    bpdufilter_default: <bool>
    bpduguard_default: <bool>
  mode: <str; "mstp" | "rstp" | "rapid-pvst" | "none">
  bpduguard_rate_limit:
    default: <bool>

    # Maximum number of BPDUs per timer interval.
    count: <int>
  rstp_priority: <int>
  mst:
    pvst_border: <bool>
    configuration:
      name: <str>

      # 0-65535.
      revision: <int>
      instances:

          # Instance ID.
        - id: <int; required; unique>

          # "< vlan_id >, < vlan_id >-< vlan_id >"
          # Example: 15,16,17,18
          vlans: <str>
  mst_instances:

      # Instance ID.
    - id: <str; required; unique>
      priority: <int>

  # "< vlan_id >, < vlan_id >-< vlan_id >"
  # Example: 105,202,505-506
  no_spanning_tree_vlan: <str>
  rapid_pvst_instances:

      # "< vlan_id >, < vlan_id >-< vlan_id >"
      # Example: 105,202,505-506
    - id: <str; required; unique>
      priority: <int>

VLAN internal order

Variable Type Required Default Value Restrictions Description
vlan_internal_order Dictionary
  allocation String Required Valid Values:
- ascending
- descending
  range Dictionary Required
    beginning Integer Required Min: 2
Max: 4094
First VLAN ID.
    ending Integer Required Min: 2
Max: 4094
Last VLAN ID.
vlan_internal_order:
  allocation: <str; "ascending" | "descending"; required>
  range: # required

    # First VLAN ID.
    beginning: <int; 2-4094; required>

    # Last VLAN ID.
    ending: <int; 2-4094; required>

VLANs

Variable Type Required Default Value Restrictions Description
vlans List, items: Dictionary
  - id Integer Required, Unique VLAN ID.
    name String VLAN Name.
    state String Valid Values:
- active
- suspend
    trunk_groups List, items: String
      - <str> String Trunk Group Name.
    private_vlan Dictionary
      type String Valid Values:
- community
- isolated
      primary_vlan Integer Primary VLAN ID.
    tenant String Key only used for documentation or validation purposes.
vlans:

    # VLAN ID.
  - id: <int; required; unique>

    # VLAN Name.
    name: <str>
    state: <str; "active" | "suspend">
    trunk_groups:

        # Trunk Group Name.
      - <str>
    private_vlan:
      type: <str; "community" | "isolated">

      # Primary VLAN ID.
      primary_vlan: <int>

    # Key only used for documentation or validation purposes.
    tenant: <str>

System settings

Agents

Variable Type Required Default Value Restrictions Description
agents List, items: Dictionary
  - name String Required, Unique Agent name.
    environment_variables List, items: Dictionary Min Length: 1
      - name String Required, Unique Environment variable name.
        value String Required Environment variable value.
agents:

    # Agent name.
  - name: <str; required; unique>
    environment_variables: # >=1 items

        # Environment variable name.
      - name: <str; required; unique>

        # Environment variable value.
        value: <str; required>

Hardware counters

Variable Type Required Default Value Restrictions Description
hardware_counters Dictionary
  features List, items: Dictionary This data model allows to configure the list of hardware counters feature
available on Arista platforms.

The name key accepts a list of valid_values which MUST be updated to support
new feature as they are released in EOS.

The available values of the different keys like ‘direction’ or ‘address_type’
are feature and hardware dependent and this model DOES NOT validate that the
combinations are valid. It is the responsibility of the user of this data model
to make sure that the rendered CLI is accepted by the targeted device.

Examples:

* Use:
yaml<br> hardware_counters:<br> features:<br> - name: ip<br> direction: out<br> layer3: true<br> units_packets: true<br>

to render:
eos<br> hardware counter feature ip out layer3 units packets<br>
* Use:
yaml<br> hardware_counters:<br> features:<br> - name: route<br> address_type: ipv4<br> vrf: test<br> prefix: 192.168.0.0/24<br>

to render:
eos<br> hardware counter feature route ipv4 vrf test 192.168.0.0/24<br>
    - name String Required Valid Values:
- acl
- decap-group
- directflow
- ecn
- flow-spec
- gre tunnel interface
- ip
- mpls interface
- mpls lfib
- mpls tunnel
- multicast
- nexthop
- pbr
- pdp
- policing interface
- qos
- qos dual-rate-policer
- route
- routed-port
- segment-security
- subinterface
- tapagg
- traffic-class
- traffic-policy
- vlan
- vlan-interface
- vni decap
- vni encap
- vtep decap
- vtep encap
      direction String Valid Values:
- in
- out
- cpu
Most features support only ‘in’ and ‘out’. Some like traffic-policy support ‘cpu’.
Some features DO NOT have any direction.
This validation IS NOT made by the schemas.
      address_type String Valid Values:
- ipv4
- ipv6
- mac
Supported only for the following features:
- acl: [ipv4, ipv6, mac] if direction is ‘out’
- multicast: [ipv4, ipv6]
- route: [ipv4, ipv6]
This validation IS NOT made by the schemas.
      layer3 Boolean Supported only for the ‘ip’ feature.
      vrf String Supported only for the ‘route’ feature.
This validation IS NOT made by the schemas.
      prefix String Supported only for the ‘route’ feature.
Mandatory for the ‘route’ feature.
This validation IS NOT made by the schemas.
      units_packets Boolean
hardware_counters:

  # This data model allows to configure the list of hardware counters feature
  # available on Arista platforms.
  #
  # The `name` key accepts a list of valid_values which MUST be updated to support
  # new feature as they are released in EOS.
  #
  # The available values of the different keys like 'direction' or 'address_type'
  # are feature and hardware dependent and this model DOES NOT validate that the
  # combinations are valid. It is the responsibility of the user of this data model
  # to make sure that the rendered CLI is accepted by the targeted device.
  #
  # Examples:
  #
  #   * Use:
  #     ```yaml
  #     hardware_counters:
  #       features:
  #         - name: ip
  #           direction: out
  #           layer3: true
  #           units_packets: true
  #     ```
  #
  #     to render:
  #     ```eos
  #     hardware counter feature ip out layer3 units packets
  #     ```
  #   * Use:
  #     ```yaml
  #     hardware_counters:
  #       features:
  #         - name: route
  #           address_type: ipv4
  #           vrf: test
  #           prefix: 192.168.0.0/24
  #     ```
  #
  #     to render:
  #     ```eos
  #     hardware counter feature route ipv4 vrf test 192.168.0.0/24
  #     ```
  features:
    - name: <str; "acl" | "decap-group" | "directflow" | "ecn" | "flow-spec" | "gre tunnel interface" | "ip" | "mpls interface" | "mpls lfib" | "mpls tunnel" | "multicast" | "nexthop" | "pbr" | "pdp" | "policing interface" | "qos" | "qos dual-rate-policer" | "route" | "routed-port" | "segment-security" | "subinterface" | "tapagg" | "traffic-class" | "traffic-policy" | "vlan" | "vlan-interface" | "vni decap" | "vni encap" | "vtep decap" | "vtep encap"; required>

      # Most features support only 'in' and 'out'. Some like traffic-policy support 'cpu'.
      # Some features DO NOT have any direction.
      # This validation IS NOT made by the schemas.
      direction: <str; "in" | "out" | "cpu">

      # Supported only for the following features:
      # - acl: [ipv4, ipv6, mac] if direction is 'out'
      # - multicast: [ipv4, ipv6]
      # - route: [ipv4, ipv6]
      # This validation IS NOT made by the schemas.
      address_type: <str; "ipv4" | "ipv6" | "mac">

      # Supported only for the 'ip' feature.
      layer3: <bool>

      # Supported only for the 'route' feature.
      # This validation IS NOT made by the schemas.
      vrf: <str>

      # Supported only for the 'route' feature.
      # Mandatory for the 'route' feature.
      # This validation IS NOT made by the schemas.
      prefix: <str>
      units_packets: <bool>

Hardware

Variable Type Required Default Value Restrictions Description
hardware Dictionary
  access_list Dictionary
    mechanism String Valid Values:
- algomatch
- none
- tcam
  speed_groups List, items: Dictionary
    - speed_group String Required, Unique
      serdes String Serdes speed like “10g” or “25g”.
  port_groups List, items: Dictionary
    - port_group String Required, Unique
      select String Select Ports to activate
hardware:
  access_list:
    mechanism: <str; "algomatch" | "none" | "tcam">
  speed_groups:
    - speed_group: <str; required; unique>

      # Serdes speed like "10g" or "25g".
      serdes: <str>
  port_groups:
    - port_group: <str; required; unique>

      # Select Ports to activate
      select: <str>

IP hardware

Variable Type Required Default Value Restrictions Description
ip_hardware Dictionary
  fib Dictionary
    optimize Dictionary
      prefixes Dictionary
        profile String Valid Values:
- internet
- urpf-internet
ip_hardware:
  fib:
    optimize:
      prefixes:
        profile: <str; "internet" | "urpf-internet">

IPv6 hardware

Variable Type Required Default Value Restrictions Description
ipv6_hardware Dictionary
  fib Dictionary
    optimize Dictionary
      prefixes Dictionary
        profile String Pre-defined profile ‘internet’ or user-defined profile name.
ipv6_hardware:
  fib:
    optimize:
      prefixes:

        # Pre-defined profile 'internet' or user-defined profile name.
        profile: <str>

L2 protocol

Variable Type Required Default Value Restrictions Description
l2_protocol Dictionary
  forwarding_profiles List, items: Dictionary
    - name String Required, Unique
      protocols List, items: Dictionary
        - name String Required, Unique Valid Values:
- bfd per-link rfc-7130
- e-lmi
- isis
- lacp
- lldp
- macsec
- pause
- stp
          forward Boolean
          tagged_forward Boolean
          untagged_forward Boolean
l2_protocol:
  forwarding_profiles:
    - name: <str; required; unique>
      protocols:
        - name: <str; "bfd per-link rfc-7130" | "e-lmi" | "isis" | "lacp" | "lldp" | "macsec" | "pause" | "stp"; required; unique>
          forward: <bool>
          tagged_forward: <bool>
          untagged_forward: <bool>

MAC address-table

Variable Type Required Default Value Restrictions Description
mac_address_table Dictionary
  aging_time Integer Aging time in seconds.
  notification_host_flap Dictionary
    logging Boolean
    detection Dictionary
      window Integer Min: 2
Max: 300
      moves Integer Min: 2
Max: 10
mac_address_table:

  # Aging time in seconds.
  aging_time: <int>
  notification_host_flap:
    logging: <bool>
    detection:
      window: <int; 2-300>
      moves: <int; 2-10>

Platform

Variable Type Required Default Value Restrictions Description
platform Dictionary Every key below this point is platform dependent.
  trident Dictionary
    forwarding_table_partition String
    l3 Dictionary
      routing_mac_address_per_vlan Boolean Enable bridging of packets with destination MAC being a Router MAC in VLANs without routing.
    mmu Dictionary Memory Management Unit settings.
      active_profile String The queue profile to be applied to the platform.
      queue_profiles List, items: Dictionary
        - name String Required, Unique
          multicast_queues List, items: Dictionary
            - id Integer Required, Unique Min: 0
Max: 7
              unit String Valid Values:
- bytes
- cells
Unit to be used for the reservation value. If not specified, default is bytes.
              reserved Integer Amount of memory that should be reserved for this
queue.
              threshold String Dynamic Shared Memory threshold.
              drop Dictionary
                precedence Integer Required Valid Values:
- 1
- 2
                threshold String Required Drop Threshold. This value may also be fractions.
Example: 7/8 or 3/4 or 1/2
          unicast_queues List, items: Dictionary
            - id Integer Required, Unique Min: 0
Max: 7
              unit String Valid Values:
- bytes
- cells
Unit to be used for the reservation value. If not specified, default is bytes.
              reserved Integer Amount of memory that should be reserved for this
queue.
              threshold String Dynamic Shared Memory threshold.
              drop Dictionary
                precedence Integer Required Valid Values:
- 1
- 2
                threshold String Required Drop Threshold. This value may also be fractions.
Example: 7/8 or 3/4 or 1/2
  sand Dictionary Most of the platform sand options are hardware dependent and optional.
    qos_maps List, items: Dictionary
      - traffic_class Integer Min: 0
Max: 7
        to_network_qos Integer Min: 0
Max: 63
    lag Dictionary
      hardware_only Boolean
      mode String
    forwarding_mode String
    multicast_replication Dictionary
      default String Valid Values:
- ingress
- egress
    mdb_profile String Valid Values:
- balanced
- balanced-xl
- l3
- l3-xl
- l3-xxl
- l3-xxxl
Sand platforms MDB Profile configuration. Note: l3-xxxl does not support MLAG.
  sfe Dictionary Sfe (Software Forwarding Engine) settings.
    data_plane_cpu_allocation_max Integer Min: 1
Max: 128
Maximum number of CPUs used for data plane traffic forwarding.
# Every key below this point is platform dependent.
platform:
  trident:
    forwarding_table_partition: <str>
    l3:

      # Enable bridging of packets with destination MAC being a Router MAC in VLANs without routing.
      routing_mac_address_per_vlan: <bool>

    # Memory Management Unit settings.
    mmu:

      # The queue profile to be applied to the platform.
      active_profile: <str>
      queue_profiles:
        - name: <str; required; unique>
          multicast_queues:
            - id: <int; 0-7; required; unique>

              # Unit to be used for the reservation value. If not specified, default is bytes.
              unit: <str; "bytes" | "cells">

              # Amount of memory that should be reserved for this
              # queue.
              reserved: <int>

              # Dynamic Shared Memory threshold.
              threshold: <str>
              drop:
                precedence: <int; 1 | 2; required>

                # Drop Threshold. This value may also be fractions.
                # Example: 7/8 or 3/4 or 1/2
                threshold: <str; required>
          unicast_queues:
            - id: <int; 0-7; required; unique>

              # Unit to be used for the reservation value. If not specified, default is bytes.
              unit: <str; "bytes" | "cells">

              # Amount of memory that should be reserved for this
              # queue.
              reserved: <int>

              # Dynamic Shared Memory threshold.
              threshold: <str>
              drop:
                precedence: <int; 1 | 2; required>

                # Drop Threshold. This value may also be fractions.
                # Example: 7/8 or 3/4 or 1/2
                threshold: <str; required>

  # Most of the platform sand options are hardware dependent and optional.
  sand:
    qos_maps:
      - traffic_class: <int; 0-7>
        to_network_qos: <int; 0-63>
    lag:
      hardware_only: <bool>
      mode: <str>
    forwarding_mode: <str>
    multicast_replication:
      default: <str; "ingress" | "egress">

    # Sand platforms MDB Profile configuration. Note: l3-xxxl does not support MLAG.
    mdb_profile: <str; "balanced" | "balanced-xl" | "l3" | "l3-xl" | "l3-xxl" | "l3-xxxl">

  # Sfe (Software Forwarding Engine) settings.
  sfe:

    # Maximum number of CPUs used for data plane traffic forwarding.
    data_plane_cpu_allocation_max: <int; 1-128>

PoE

Variable Type Required Default Value Restrictions Description
poe Dictionary
  reboot Dictionary Set the global PoE power behavior for PoE ports when the system is rebooted.
    action String Valid Values:
- power-off
- maintain
PoE action for interface. By default in EOS, reboot action is set to power-off.
  interface_shutdown Dictionary Set the global PoE power behavior for PoE ports when ports are admin down.
    action String Valid Values:
- power-off
- maintain
PoE action for interface. By default in EOS, interface shutdown action is set to maintain.
poe:

  # Set the global PoE power behavior for PoE ports when the system is rebooted.
  reboot:

    # PoE action for interface. By default in EOS, reboot action is set to power-off.
    action: <str; "power-off" | "maintain">

  # Set the global PoE power behavior for PoE ports when ports are admin down.
  interface_shutdown:

    # PoE action for interface. By default in EOS, interface shutdown action is set to maintain.
    action: <str; "power-off" | "maintain">

PTP

Variable Type Required Default Value Restrictions Description
ptp Dictionary
  mode String Valid Values:
- boundary
- disabled
- e2etransparent
- gptp
- ordinarymaster
- p2ptransparent
  profile String Valid Values:
- g8275.1
- g8275.2
  mode_one_step Boolean
  forward_unicast Boolean
  clock_identity String The clock-id in xx:xx:xx:xx:xx:xx format.
  source Dictionary
    ip String Source IP.
  priority1 Integer Min: 0
Max: 255
  priority2 Integer Min: 0
Max: 255
  ttl Integer Min: 1
Max: 255
  domain Integer Min: 0
Max: 255
  message_type Dictionary
    general Dictionary
      dscp Integer
    event Dictionary
      dscp Integer
  monitor Dictionary
    enabled Boolean True
    threshold Dictionary
      offset_from_master Integer Min: 0
Max: 1000000000
      mean_path_delay Integer Min: 0
Max: 1000000000
      drop Dictionary
        offset_from_master Integer Min: 0
Max: 1000000000
        mean_path_delay Integer Min: 0
Max: 1000000000
    missing_message Dictionary
      intervals Dictionary
        announce Integer Min: 2
Max: 255
        follow_up Integer Min: 2
Max: 255
        sync Integer Min: 2
Max: 255
      sequence_ids Dictionary
        enabled Boolean
        announce Integer Min: 2
Max: 255
        delay_resp Integer Min: 2
Max: 255
        follow_up Integer Min: 2
Max: 255
        sync Integer Min: 2
Max: 255
ptp:
  mode: <str; "boundary" | "disabled" | "e2etransparent" | "gptp" | "ordinarymaster" | "p2ptransparent">
  profile: <str; "g8275.1" | "g8275.2">
  mode_one_step: <bool>
  forward_unicast: <bool>

  # The clock-id in xx:xx:xx:xx:xx:xx format.
  clock_identity: <str>
  source:

    # Source IP.
    ip: <str>
  priority1: <int; 0-255>
  priority2: <int; 0-255>
  ttl: <int; 1-255>
  domain: <int; 0-255>
  message_type:
    general:
      dscp: <int>
    event:
      dscp: <int>
  monitor:
    enabled: <bool; default=True>
    threshold:
      offset_from_master: <int; 0-1000000000>
      mean_path_delay: <int; 0-1000000000>
      drop:
        offset_from_master: <int; 0-1000000000>
        mean_path_delay: <int; 0-1000000000>
    missing_message:
      intervals:
        announce: <int; 2-255>
        follow_up: <int; 2-255>
        sync: <int; 2-255>
      sequence_ids:
        enabled: <bool>
        announce: <int; 2-255>
        delay_resp: <int; 2-255>
        follow_up: <int; 2-255>
        sync: <int; 2-255>

Redundancy

Variable Type Required Default Value Restrictions Description
redundancy Dictionary
  protocol String Redundancy Protocol.
redundancy:

  # Redundancy Protocol.
  protocol: <str>

System

Variable Type Required Default Value Restrictions Description
system Dictionary
  control_plane Dictionary
    tcp_mss Dictionary
      ipv4 Integer Segment size.
      ipv6 Integer Segment size.
    ipv4_access_group_ingress_default String ACL name to be used as the default CP ACL for all VRFs.
    ipv4_access_groups List, items: Dictionary
      - acl_name String Required
        vrf String
    ipv6_access_group_ingress_default String ACL name to be used as the default CP ACL for all VRFs.
    ipv6_access_groups List, items: Dictionary
      - acl_name String Required
        vrf String
  l1 Dictionary
    unsupported_speed_action String Valid Values:
- error
- warn
    unsupported_error_correction_action String Valid Values:
- error
- warn
system:
  control_plane:
    tcp_mss:

      # Segment size.
      ipv4: <int>

      # Segment size.
      ipv6: <int>

    # ACL name to be used as the default CP ACL for all VRFs.
    ipv4_access_group_ingress_default: <str>
    ipv4_access_groups:
      - acl_name: <str; required>
        vrf: <str>

    # ACL name to be used as the default CP ACL for all VRFs.
    ipv6_access_group_ingress_default: <str>
    ipv6_access_groups:
      - acl_name: <str; required>
        vrf: <str>
  l1:
    unsupported_speed_action: <str; "error" | "warn">
    unsupported_error_correction_action: <str; "error" | "warn">

TCAM profile

Variable Type Required Default Value Restrictions Description
tcam_profile Dictionary
  system String TCAM profile name to activate.
  profiles List, items: Dictionary
    - name String Required, Unique Tcam-Profile Name.
      config String TCAM Profile Config. Since these can be very long, it is often a good idea to import the config from a file.
Example: “{{ lookup(‘file’, ‘TCAM_TRAFFIC_POLICY.conf’) }}”
      source String TCAM profile local source path. Used to read the TCAM profile from a local path existing on the device.
tcam_profile:

  # TCAM profile name to activate.
  system: <str>
  profiles:

      # Tcam-Profile Name.
    - name: <str; required; unique>

      # TCAM Profile Config. Since these can be very long, it is often a good idea to import the config from a file.
      # Example: "{{ lookup('file', 'TCAM_TRAFFIC_POLICY.conf') }}"
      config: <str>

      # TCAM profile local source path. Used to read the TCAM profile from a local path existing on the device.
      source: <str>

Metadata

These fields are not generating any configuration. They are meant to be used by tools that parse structured configuration.

Variable Type Required Default Value Restrictions Description
metadata Dictionary The data under metadata is used for documentation, validation or integration purposes.
It will not affect the generated EOS configuration.
  platform String
  system_mac_address String
  cv_tags Dictionary
    device_tags List, items: Dictionary
      - name String Required
        value String Required
    interface_tags List, items: Dictionary
      - interface String Required
        tags List, items: Dictionary
          - name String Required
            value String Required
  cv_pathfinder Dictionary Metadata used for CV Pathfinder visualization on CloudVision.
    role String
    region String
    zone String
    site String
    vtep_ip String
    ssl_profile String
    address String
    pathfinders List, items: Dictionary
      - vtep_ip String Required
    interfaces List, items: Dictionary
      - name String
        carrier String
        circuit_id String
        pathgroup String
        public_ip String
    pathgroups List, items: Dictionary
      - name String Required
        carriers List, items: Dictionary
          - name String
        imported_carriers List, items: Dictionary
          - name String
    regions List, items: Dictionary
      - id Integer
        name String
        zones List, items: Dictionary
          - id Integer
            name String
            sites List, items: Dictionary
              - id Integer
                name String
                location Dictionary
                  address String
    vrfs List, items: Dictionary
      - name String
        vni Integer
        avts List, items: Dictionary
          - constraints Dictionary
              jitter Integer
              latency Integer
              lossrate String
              hop_count String
            description String
            id Integer
            name String
            pathgroups List, items: Dictionary
              - name String
                preference String
            application_profiles List, items: String
              - <str> String
    internet_exit_policies List, items: Dictionary
      - name String Required
        type String Required
        city String Required
        country String Required
        upload_bandwidth Integer
        download_bandwidth Integer
        firewall Boolean Required
        ips_control Boolean Required
        acceptable_use_policy Boolean Required
        vpn_credentials List, items: Dictionary Required
          - fqdn String Required
            vpn_type String Required
            pre_shared_key String Required
        tunnels List, items: Dictionary Required
          - name String Required
            preference String Required
            endpoint Dictionary Required
              ip_address String Required
              datacenter String Required
              city String Required
              country String Required
              region String Required
              latitude String Required
              longitude String Required
    applications Dictionary
      profiles List, items: Dictionary
        - name String
          builtin_applications List, items: Dictionary
            - name String
              services List, items: String
                - <str> String
          user_defined_applications List, items: Dictionary
            - name String
          categories List, items: Dictionary
            - category String
              services List, items: String
                - <str> String
          transport_protocols List, items: String
            - <str> String
      categories Dictionary
        builtin_applications List, items: Dictionary
          - name String
            category String
            services List, items: String
              - <str> String
        user_defined_applications List, items: Dictionary
          - name String
            category String
# The data under `metadata` is used for documentation, validation or integration purposes.
# It will not affect the generated EOS configuration.
metadata:
  platform: <str>
  system_mac_address: <str>
  cv_tags:
    device_tags:
      - name: <str; required>
        value: <str; required>
    interface_tags:
      - interface: <str; required>
        tags:
          - name: <str; required>
            value: <str; required>

  # Metadata used for CV Pathfinder visualization on CloudVision.
  cv_pathfinder:
    role: <str>
    region: <str>
    zone: <str>
    site: <str>
    vtep_ip: <str>
    ssl_profile: <str>
    address: <str>
    pathfinders:
      - vtep_ip: <str; required>
    interfaces:
      - name: <str>
        carrier: <str>
        circuit_id: <str>
        pathgroup: <str>
        public_ip: <str>
    pathgroups:
      - name: <str; required>
        carriers:
          - name: <str>
        imported_carriers:
          - name: <str>
    regions:
      - id: <int>
        name: <str>
        zones:
          - id: <int>
            name: <str>
            sites:
              - id: <int>
                name: <str>
                location:
                  address: <str>
    vrfs:
      - name: <str>
        vni: <int>
        avts:
          - constraints:
              jitter: <int>
              latency: <int>
              lossrate: <str>
              hop_count: <str>
            description: <str>
            id: <int>
            name: <str>
            pathgroups:
              - name: <str>
                preference: <str>
            application_profiles:
              - <str>
    internet_exit_policies:
      - name: <str; required>
        type: <str; required>
        city: <str; required>
        country: <str; required>
        upload_bandwidth: <int>
        download_bandwidth: <int>
        firewall: <bool; required>
        ips_control: <bool; required>
        acceptable_use_policy: <bool; required>
        vpn_credentials: # required
          - fqdn: <str; required>
            vpn_type: <str; required>
            pre_shared_key: <str; required>
        tunnels: # required
          - name: <str; required>
            preference: <str; required>
            endpoint: # required
              ip_address: <str; required>
              datacenter: <str; required>
              city: <str; required>
              country: <str; required>
              region: <str; required>
              latitude: <str; required>
              longitude: <str; required>
    applications:
      profiles:
        - name: <str>
          builtin_applications:
            - name: <str>
              services:
                - <str>
          user_defined_applications:
            - name: <str>
          categories:
            - category: <str>
              services:
                - <str>
          transport_protocols:
            - <str>
      categories:
        builtin_applications:
          - name: <str>
            category: <str>
            services:
              - <str>
        user_defined_applications:
          - name: <str>
            category: <str>