Telecominfraproject/archived-ols-ucentral-schema
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/ols-ucentral-schema.git synced 2026-03-20 03:39:31 +00:00
Code Issues Packages Projects Releases 4 Wiki Activity

Compare commits

base: Telecominfraproject:fix/fix_invalid_schema
Branches Tags
Telecominfraproject:main Telecominfraproject:release/v5.0.0 Telecominfraproject:staging-release-5.0.0-pki-2.0 Telecominfraproject:ols-969-priority-mapping-schema Telecominfraproject:ols-976-port-security-schema Telecominfraproject:ols-975-diffserv-schema Telecominfraproject:ols-970-rspan-schema Telecominfraproject:extend_mclag-group_schema_to_support_static_trunk Telecominfraproject:ols-909-add-port-autoneg-schema Telecominfraproject:OLS-849-add-xSTP-parameters Telecominfraproject:OLS-848-Schema-Intrusion-detection Telecominfraproject:OLS-838-Update-OLS-Schema-version-to-4.2.0 Telecominfraproject:correct-storm-control-indentation Telecominfraproject:ols-821-mclag-schema-correction Telecominfraproject:fix/fix_invalid_schema Telecominfraproject:ols-688-bpdu-guard Telecominfraproject:ols-822-lldp-peers-statemessage-enhancements Telecominfraproject:OLS_UpdateSchemaVersion_410 Telecominfraproject:ols-659-simplify-vlan-config Telecominfraproject:staging-OLS-644-global-dns Telecominfraproject:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release Telecominfraproject:Sprint-8-OLS-ARP-Inspect-Schema Telecominfraproject:Sprint-8-OLS---Rate-Limiting-schema Telecominfraproject:OLS-556-Sprint-8-IPSourceGuard Telecominfraproject:OLS-556-Sprint-8-SubcribeRTEvents Telecominfraproject:OLS-550_Schema_Corrections_Pre4p0_Features Telecominfraproject:OLS-562-Add-schema-version-to-ols-ucentral-schema Telecominfraproject:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema Telecominfraproject:OLS-538_port_speed_enum_fix_40g Telecominfraproject:OLS-425_sprint6_schema Telecominfraproject:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities Telecominfraproject:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities Telecominfraproject:OLS_319_sprint4_schema Telecominfraproject:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames Telecominfraproject:link_aggregation Telecominfraproject:change_port_mirror_type_to_array Telecominfraproject:lacp Telecominfraproject:jumbo_frames Telecominfraproject:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml Telecominfraproject:OLS-228-delta_counters Telecominfraproject:secure_http_server Telecominfraproject:fix_loop_detection_schema_instances_indentation Telecominfraproject:change_vrf_id_to_integer Telecominfraproject:schema_fixes_and_updates Telecominfraproject:default-values-for-schema/ethernet.yml-speed-and-duplex Telecominfraproject:next Telecominfraproject:1-incorrect-indentation-for-statelink-stateyml
Telecominfraproject:v5.0.0 Telecominfraproject:v4.1.0-rc1 Telecominfraproject:v4.0.0 Telecominfraproject:v4.0.0-rc1 Telecominfraproject:v3.2.7
...
compare: Telecominfraproject:ols-970-rspan-schema
Branches Tags
Telecominfraproject:main Telecominfraproject:release/v5.0.0 Telecominfraproject:staging-release-5.0.0-pki-2.0 Telecominfraproject:ols-969-priority-mapping-schema Telecominfraproject:ols-976-port-security-schema Telecominfraproject:ols-975-diffserv-schema Telecominfraproject:ols-970-rspan-schema Telecominfraproject:extend_mclag-group_schema_to_support_static_trunk Telecominfraproject:ols-909-add-port-autoneg-schema Telecominfraproject:OLS-849-add-xSTP-parameters Telecominfraproject:OLS-848-Schema-Intrusion-detection Telecominfraproject:OLS-838-Update-OLS-Schema-version-to-4.2.0 Telecominfraproject:correct-storm-control-indentation Telecominfraproject:ols-821-mclag-schema-correction Telecominfraproject:fix/fix_invalid_schema Telecominfraproject:ols-688-bpdu-guard Telecominfraproject:ols-822-lldp-peers-statemessage-enhancements Telecominfraproject:OLS_UpdateSchemaVersion_410 Telecominfraproject:ols-659-simplify-vlan-config Telecominfraproject:staging-OLS-644-global-dns Telecominfraproject:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release Telecominfraproject:Sprint-8-OLS-ARP-Inspect-Schema Telecominfraproject:Sprint-8-OLS---Rate-Limiting-schema Telecominfraproject:OLS-556-Sprint-8-IPSourceGuard Telecominfraproject:OLS-556-Sprint-8-SubcribeRTEvents Telecominfraproject:OLS-550_Schema_Corrections_Pre4p0_Features Telecominfraproject:OLS-562-Add-schema-version-to-ols-ucentral-schema Telecominfraproject:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema Telecominfraproject:OLS-538_port_speed_enum_fix_40g Telecominfraproject:OLS-425_sprint6_schema Telecominfraproject:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities Telecominfraproject:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities Telecominfraproject:OLS_319_sprint4_schema Telecominfraproject:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames Telecominfraproject:link_aggregation Telecominfraproject:change_port_mirror_type_to_array Telecominfraproject:lacp Telecominfraproject:jumbo_frames Telecominfraproject:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml Telecominfraproject:OLS-228-delta_counters Telecominfraproject:secure_http_server Telecominfraproject:fix_loop_detection_schema_instances_indentation Telecominfraproject:change_vrf_id_to_integer Telecominfraproject:schema_fixes_and_updates Telecominfraproject:default-values-for-schema/ethernet.yml-speed-and-duplex Telecominfraproject:next Telecominfraproject:1-incorrect-indentation-for-statelink-stateyml
Telecominfraproject:v5.0.0 Telecominfraproject:v4.1.0-rc1 Telecominfraproject:v4.0.0 Telecominfraproject:v4.0.0-rc1 Telecominfraproject:v3.2.7

23 Commits
fix/fix_in ... ols-970-rs

Author SHA1 Message Date
Binny
2ce7fb0c73 ols-970-schema-rspan-draft 2026-01-28 14:11:08 +00:00
Binny
a109852c33 Merge pull request #55 from Telecominfraproject/extend_mclag-group_schema_to_support_static_trunk 
MCLAG: extend mclag-group schema to support static trunk
 2026-01-21 10:56:53 +05:30
Binny
23bc815936 Merge pull request #54 from Telecominfraproject/ols-909-add-port-autoneg-schema 
ols-909-autoneg-port-draft
 2026-01-21 10:55:59 +05:30
jacky_chang
7bca1f897a MCLAG: extend mclag-group schema to support static trunk 
During our MCLAG feature development, we identified that the current mclag-group schema only considers the LACP-based use case.
Since Edgecore switches only support MLAG on static trunk interfaces, we currently have no way to specify static trunk parameters within the existing schema.

To address this limitation, we would like to propose adding a new field, trunk-id, to the mclag-group definition:
 2025-12-18 11:21:26 +08:00
Olexandr, Mazur
429bf9eb87 Merge pull request #53 from Telecominfraproject/wip/mclag_schema_additions 
MCLAG: extend schema and state with additional fields
 2025-12-08 17:02:04 +02:00
Oleksandr Mazur
e0d69521d5 MCLAG: extend schema and state with additional fields 
Current MCLAG configuration schema looks fine
yet misses some crucial keepalive and session configuration.

Not only that, there's no real state being back-reported
to the Gateway in a state message, which might complicate
remote debugging of configuration applied on the switch itself.

Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2025-12-05 15:00:42 +02:00
Binny
c7a8f2e727 ols-909-autoneg-port-draft 2025-12-03 12:56:52 +00:00
Binny
68c6e98fb0 Merge pull request #51 from Telecominfraproject/OLS-848-Schema-Intrusion-detection 
ols-848-intrusiondetection-draft-changes
 2025-11-26 17:42:33 +05:30
Binny
b6996ce24d Merge pull request #52 from Telecominfraproject/OLS-849-add-xSTP-parameters 
ols-849-new-stp-params-draft
 2025-11-26 17:41:51 +05:30
Binny
57c7138e64 ols-849-reviewcomments-made 2025-10-29 09:50:18 +00:00
Binny
2711412306 ols-848-comments-addressed 2025-10-29 09:44:19 +00:00
Binny
75e2910729 ols-849-new-stp-params-draft 2025-10-08 13:50:50 +00:00
Binny
f11d7d8181 ols-848-intrusiondetection-draft-changes 2025-10-08 11:47:20 +00:00
Binny
02f749cc11 Merge pull request #46 from Telecominfraproject/ols-821-mclag-schema-correction 
ols-821-mclag-schema-correcttion-draft Changes
 2025-10-07 12:06:22 +05:30
Mike Hansen
5b00327adc Merge pull request #50 from Telecominfraproject/correct-storm-control-indentation 
Fix indentation for storm-control configuration.
 2025-09-24 12:29:33 -04:00
Mike Hansen
117aa70d4f Fix indentation for storm-control configuration. 
Signed-off-by: Mike Hansen <mike.hansen@netexperience.com>
 2025-09-24 11:18:21 -04:00
Binny
c3073a9a45 ols-821-mclag-schema-final-draft 2025-09-16 06:10:50 +00:00
Binny
04a8901620 Merge pull request #47 from Telecominfraproject/ols-822-lldp-peers-statemessage-enhancements 
ols-822-lldp-enhanced-state-reporting-draft Review
 2025-09-16 11:37:54 +05:30
Olexandr, Mazur
23ebf25cba Merge pull request #48 from Telecominfraproject/fix/fix_invalid_schema 
Fix broken schema json file
 2025-09-05 12:38:40 +03:00
Binny
05849922ed ols-821-mclag-corrections-rev2 2025-08-22 15:19:46 +00:00
Binny
9228a6c290 ols-822-lldp-peerstate-enhancement-rev2 2025-08-22 14:57:34 +00:00
Binny
30b5864ada ols-822-lldp-enhanced-state-reporting-draft 2025-08-18 14:52:15 +00:00
Binny
598af29d51 ols-821-mclag-schema-correcttion-draft 2025-08-18 13:38:01 +00:00
11 changed files with 1556 additions and 275 deletions
Expand all files Collapse all files

1
capabilities/connect.capabilities.yml
View File

@@ -282,6 +282,7 @@ properties:
- IP-ACL
- Guest-VLAN
- Storm-Control
- Access-Lockout
# Services
- Service-SSH
- Service-RSSH

37
schema/ethernet.yml
View File

@@ -25,6 +25,13 @@ properties:
type: string
examples:
- cloud_uplink_port
autoneg:
description:
Controls whether link autonegotiation is enabled.
When set to true, the switch negotiates speed and duplex with the link partner.
When set to false, the configured speed and duplex values are forced.
type: boolean
default: true
speed:
description:
The link speed that shall be forced.
@@ -522,18 +529,18 @@ properties:
with independent packet-per-second (pps) thresholds. A limit-pps value of 0 implies the control is disabled for that traffic type.
type: object
properties:
broadcast-pps:
type: integer
minimum: 0
default: 0
description: Maximum allowed broadcast packets per second. 0 disables broadcast storm control.
multicast-pps:
type: integer
minimum: 0
default: 0
description: Maximum allowed multicast packets per second. 0 disables multicast storm control.
unknown-unicast-pps:
type: integer
minimum: 0
default: 0
description: Maximum allowed unknown unicast packets per second. 0 disables unknown unicast storm control.
broadcast-pps:
type: integer
minimum: 0
default: 0
description: Maximum allowed broadcast packets per second. 0 disables broadcast storm control.
multicast-pps:
type: integer
minimum: 0
default: 0
description: Maximum allowed multicast packets per second. 0 disables multicast storm control.
unknown-unicast-pps:
type: integer
minimum: 0
default: 0
description: Maximum allowed unknown unicast packets per second. 0 disables unknown unicast storm control.

324
schema/switch.yml
View File

@@ -45,6 +45,56 @@ properties:
enum:
- upstream
- downstream
bridge-prio:
description: Bridge priority for root election. Ranging from 061440 (in steps of 4096)
type: integer
default: 32768
forward-delay-secs:
description: Time in seconds a port stays in Listening and Learning states
before transitioning to Forwarding.
type: integer
hello-time-secs:
description: Determines how often switches send BPDU.
type: integer
max-age-secs:
description: Maximum time (in seconds) before a BPDU is considered invalid.
type: integer
pathcost-method:
description: Specifies the method used for path cost calculation.
- short, 16-bit values (065535), IEEE 802.1D
- long, 32-bit values (0200,000,000), IEEE 802.1w
type: string
enum:
- short
- long
bpdu-flooding:
description: Configures how BPDUs are flooded to spanning-tree disabled ports.
- to-all, Flood to all STP-disabled ports
- to-vlan, Flood to STP-disabled ports within the same VLAN
type: string
enum:
- to-all
- to-vlan
bpdu-tx-limit:
description: Maximum number of BPDU transmissions allowed per Hello interval.
type: integer
root-guard:
description: Enable Root Guard globally to prevent designated ports from becoming root.
type: boolean
mst-region:
description: MSTP region-wide configuration. Applicable when protocol is mstp.
type: object
properties:
name:
description: Name of multiple spanning tree region.
type: string
maxLength: 32
minLength: 1
revision:
description: MST region revision number.
type: integer
maximum: 65535
minimum: 0
instances:
description:
Define a list of configuration for each STP instance.
@@ -55,40 +105,43 @@ properties:
type: object
properties:
id:
description:
Indicates instance to configure.
description: Indicates instance to configure.
Depends on current STP protocol
If RPVSTP/PVSTP - vlan id
If MSTP - instance id
type: integer
enabled:
description:
Enable STP on this instance.
description: Enable STP on this instance.
type: boolean
default: true
priority:
description:
Bridge priority.
description: MST priority.
type: integer
default: 32768
forward_delay:
description:
Defines the amount of time a switch port stays in the Listening
forward-delay:
description: Defines the amount of time a switch port stays in the Listening
and Learning states before transitioning to the Forwarding state.
type: integer
default: 15
hello_time:
description:
Determines how often switches send BPDU.
hello-time:
description: Determines how often switches send BPDU.
type: integer
default: 2
max_age:
description:
Specifies the maximum time that a switch port should wait to
receive a BPDU from its neighbor before
max-age:
description: Specifies the maximum time that a switch port should wait to
receive a BPDU from its neighbor before
considering the link as failed or disconnected.
type: integer
default: 20
path-cost:
description: Path cost for this MST instance.
type: integer
vlan-start:
description: VLAN starting range assigned to this MST instance.
type: integer
vlan-end:
description: VLAN ending range assigned to this MST instance.
type: integer
ieee8021x:
description:
This section describes the global 802.1X (port access control) configuration.
@@ -423,6 +476,10 @@ properties:
description: This section defines the MC-LAG configuration parameters for the switch.
type: object
properties:
global-gateway-mac:
description: (Optional) Global Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers
type: string
format: uc-mac
mclag-domains:
description: List of MC-LAG domain configurations for the switch.
type: array
@@ -435,62 +492,104 @@ properties:
minimum: 1
maximum: 1024
default: 1
gateway-mac:
description:
(Optional) Per-domain Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers
This MAC address is used as the virtual MAC address for the Layer 3 VLAN Interfaces (Switch Virtual Interfaces or SVIs) across both MCLAG peers
type: string
format: uc-mac
source-ip:
description: IPv4 address of the MCLAG keepalive link on the local switch
type: string
format: ipv4
examples:
- 192.168.0.5
peer-ip:
description: IPv4 address of the MCLAG keepalive link on the peer switch
type: string
format: ipv4
examples:
- 192.168.0.5
system-mac-address:
description: (Optional) Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers
type: string
format: uc-mac
keepalive-interval:
description: Interval (in seconds) between sending keepalive messages over the peer link to determine if the remote peer is up or down
type: integer
default: 30
minimum: 1
maximum: 64
session-timeout:
description: Time (in seconds) to wait before shutting down an MCLAG session with a remote peer if no keepalive reply is received
type: integer
default: 50
minimum: 1
maximum: 64
peer-link:
description: Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches.
type: object
properties:
type:
link-type:
description: Defines the type of peer-link, either 'port' or 'trunk-group'
type: string
enum:
- port
- trunk-group
default: trunk-group
value:
description: Specifies the port or trunk-group ID for the peer-link.
port-id:
description: Specifies the physical port name used as peer-link (only valid if type = port).
type: string
examples:
- "Ethernet1"
- "Ethernet2"
trunk-id:
description: Specifies the trunk group ID used as peer-link (only valid if type = trunk-group).
type: integer
minimum: 1
maximum: 64
mclag-group:
description: Configures the MC-LAG group, which binds the interfaces into a multi-chassis LAG.
type: object
properties:
group-id:
description: Defines the unique MC-LAG group identifier.
type: integer
minimum: 1
maximum: 128
members:
description: List of interfaces that participate in the MC-LAG group.
type: array
items:
type: string
description: Interface names that are part of the MC-LAG group.
examples:
- eth0
- eth1
lacp-config:
description: LACP configuration settings for the MC-LAG group.
type: object
properties:
lacp-enable:
description: Enables or disables LACP for the MC-LAG group.
type: boolean
default: true
lacp-role:
description: Configures the LACP role as 'actor' or 'partner'
description: Configures the MC-LAG group(s), which binds the interfaces into a multi-chassis LAG.
type: array
items:
type: object
properties:
group-id:
description: Defines the unique MC-LAG group identifier.
type: integer
minimum: 1
maximum: 128
members:
description: List of interfaces that participate in the MC-LAG group.
type: array
items:
type: string
enum:
- actor
- partner
default: actor
lacp-timeout:
description: Sets the LACP timeout as either 'short' or 'long'.
type: string
enum:
- short
- long
default: long
description: Interface names that are part of the MC-LAG group.
examples:
- Ethernet0
- Ethernet1
lacp-config:
description: LACP configuration settings for the MC-LAG group.
type: object
properties:
lacp-enable:
description: Enables or disables LACP for the MC-LAG group.
type: boolean
default: true
lacp-role:
description: Configures the LACP role as 'actor' or 'partner'
type: string
enum:
- actor
- partner
default: actor
lacp-timeout:
description: Sets the LACP timeout as either 'short' or 'long'.
type: string
enum:
- short
- long
default: long
system-priority:
description: Specifies the system priority used by the switch for LACP negotiations.
type: integer
@@ -537,6 +636,115 @@ properties:
minLength: 1
examples:
- "A VoIP Phone"
intrusion-detection-access-lockout:
description: Enables protection against unauthorized login attempts by locking user access
after a specified number of failed authentication attempts within a defined period.
type: object
properties:
lockout-attempt-count:
description: Number of consecutive failed login attempts allowed before the user account is locked.
type: integer
minimum: 1
lockout-period-seconds:
description: Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold.
type: integer
rspan-sessions:
description: A list of Remote SPAN (RSPAN) sessions configured on the switch. Each
session operates independently and may use its own RSPAN VLAN. The
configuration applied depends on the switchs role in the session
(source, intermediate, or destination).
type: array
items:
type: object
properties:
session-id:
description: Numeric identifier of the RSPAN session. Each session-id represents
a distinct mirroring instance configured on the Switch
type: integer
rspan-vlan-id:
description: The VLAN ID used as the RSPAN transport VLAN for this session.
Traffic replicated at the source is encapsulated with this VLAN tag
and carried across the Layer-2 network to the destination switch.
type: integer
minimum: 1
maximum: 4094
role:
description: Defines the function of this switch in the RSPAN session. A switch
may act as - source- where traffic is captured and injected into the RSPAN VLAN
- intermediate- forwards the RSPAN VLAN transparently
- destination- where mirrored traffic exits toward analysis tools
type: string
enum:
- source
- intermediate
- destination
source:
description: Configuration applicable only when the switch is operating as the
RSPAN source. Specifies which ports generate mirrored traffic and the
direction of traffic replication.
type: object
properties:
monitor-ports:
description: List of ingress/egress interfaces whose traffic is mirrored.
Source ports must support forwarding the RSPAN VLAN (typically
trunk or hybrid mode ports)
type: array
items:
type: string
examples:
- "Ethernet1"
- "Ethernet2"
direction:
description: Direction of the traffic to be mirrored from the source ports
- rx- mirror ingress traffic only
- tx- mirror egress traffic only
- rx-tx- mirror both ingress and egress
type: string
enum:
- rx
- tx
- rx-tx
destination:
description: Configuration applicable only when the switch acts as the RSPAN
destination. Determines which ports output the replicated traffic
arriving on the RSPAN VLAN.
type: object
properties:
analysis-ports:
description: One or more interfaces that receive the final mirrored traffic.
These ports typically connect to packet analyzers, probes, or
traffic capture tools.
type: array
items:
type: string
examples:
- "Ethernet1"
- "Ethernet2"
tag-mode:
description: Specifies whether the mirrored packets should exit the
destination port with the RSPAN VLAN tag preserved (tagged) or
with the VLAN tag removed (untagged), depending on the analyzer
requirements.
type: string
enum:
- tagged
- untagged
remote:
description: Defines configuration used by both intermediate and destination
switches. It identifies which uplink ports should carry the RSPAN
VLAN transparently across the switching fabric.
type: object
properties:
uplink-ports:
description: List of trunk/hybrid uplink ports through which the RSPAN VLAN
is forwarded. These ports must allow the RSPAN VLAN to pass
unchanged throughout the L2 domain.
type: array
items:
type: string
examples:
- "Ethernet1"
- "Ethernet2"
arp-inspect:
$ref: "https://ucentral.io/schema/v1/switch/arp-inspect/"
ip-source-guard:
@@ -549,4 +757,4 @@ properties:
description: Define a global list of dns servers.
type: array
items:
type: string
type: string

55
state/lldp-peers.yml
View File

@@ -49,6 +49,10 @@ items:
type: string
description: Provides a textual description of the remote port, typically describing the interface or its purpose.
example: "Ethernet Port on unit 1, port 2"
lldp-remote-sys-name:
type: string
description: Provides a textual description of the system name string (as defined by the sending device)
example: "Datacenter Switch-1"
lldp-remote-port-max-mtu:
type: string
description: Displays the maximum transmission unit (MTU) size that the remote port supports, indicating the largest packet size the port can handle.
@@ -117,6 +121,19 @@ items:
type: string
description: Displays the PoE class of the remote device, indicating its power consumption classification.
enum: ["Class-1", "Class-2", "Class-3", "Class-4","Class-5", "Class-6", "Class-7", "Class-8"]
lldp-remote-port-power-priority:
type: string
description: Indicates the power priority level assigned to the PD.
enum:
- low
- high
- critical
lldp-remote-port-pd-requested-power:
type: number
description: Power requested by the PD in watts (0.1W resolution possible). The values must be presented with real values like 25.5, 20.5 etc.
lldp-remote-port-pse-available-power:
type: number
description: Power that the PSE port is able to provide in watts (0.1W resolution).
lldp-remote-port-lag-info:
type: object
description: Provides information about the remote ports involvement in Link Aggregation Groups (LAG), if applicable.
@@ -129,4 +146,40 @@ items:
description: Shows whether Link Aggregation is enabled on the remote port.
lldp-remote-port-lag-port-id:
type: integer
description: Displays the identifier of the Link Aggregation Group (LAG) that the remote port belongs to.
description: Displays the identifier of the Link Aggregation Group (LAG) that the remote port belongs to.
lldp-remote-port-location:
type: object
description: Location information provided by LLDP-MED.
properties:
location-subtype:
type: string
description: Indicates the type of location information being conveyed.
enum:
- coordinate
- civic-address
- elin
civic-addr:
type: array
description: Civic address information consisting of CA-Type and CA-Value pairs as per LLDP-MED.
items:
type: object
properties:
ca-type:
type: integer
description: Civic Address Type identifier (e.g., 1 = Language, 3 = Country, 6 = A1 state/province, etc.)
ca-value:
type: string
description: Civic Address Value corresponding to the type.
coordinates:
type: object
description: Location coordinates information.
properties:
latitude:
type: string
description: Latitude in decimal degrees (e.g., +37.7749).
longitude:
type: string
description: Longitude in decimal degrees (e.g., -122.4194).
elin:
type: string
description: Emergency Location Identification Number (ELIN) assigned to endpoint location

36
state/state.yml
View File

@@ -187,4 +187,38 @@ properties:
description: Total number of topology changes detected.
last-topology-change-seconds:
type: integer
description: Time (in seconds) since the last topology change.
description: Time (in seconds) since the last topology change.
access-lockout:
type: object
description: Represents the operational state and statistics of the Intrusion Detection and Access Lockout feature.
properties:
user-sessions:
type: array
description: Displays a list of user sessions being tracked for failed login attempts.
items:
type: object
properties:
username:
type: string
description: The username associated with the login attempts being tracked.
source-ip:
type: string
description: The IP address from which the login attempts originated.
failed-attempts:
type: integer
description: The number of consecutive failed login attempts recorded for this user session.
status:
type: string
description: Indicates whether the user account is currently locked or active.
enum:
- active
- locked
last-failed-attempt-time:
type: integer
description: UNIX timestamp (in seconds) of the most recent failed login attempt.
lockout-start-time:
type: integer
description: UNIX timestamp (in seconds) when the user account was locked.
lockout-expiry-time:
type: integer
description: UNIX timestamp (in seconds) when the lockout period will end and access will be restored.

78
state/unit.yml
View File

@@ -121,3 +121,81 @@ properties:
description:
Number of CoA requests that are sent if the NAS is configured to prohibit honoring of CoA-Request or Disconnect-Request packets for the specified session.
type: number
mclag-state:
description:
This section describes the global (switch's device) state of the underlying state of MCLAG system.
type: object
properties:
domains:
description:
holds MCLAG domain state information, including domain ID, role, session status,
peer link status, number of interfaces, and interface statuses.
type: array
items:
type: object
properties:
mclag-domain:
description: Configured domain-id state
type: integer
minimum: 1
maximum: 1024
default: 1
role:
description:
Role of the domain (Configured switch's domain-id state)
Active means local switch posesses primary control responsibility
(handles control protocol exchanges on behalf of the pair and is the default source for any shared virtual MAC addresses if they aren't explicitly configured)
Standby means that local switch is the redundant switch that monitors the Active peer, maintains synchronized state information and is ready to take over full control plane responsibility if the Active peer fails.
type: string
enum:
- active
- standby
session-status:
description:
Logical status of the underlying MCLAG session between local switch and remote peer switch.
The 'up' value shows the underlying session is fully setup.
(peers can exchange keepalive messages - if configured, the synchronization is happening and the overall state of link is operational)
The 'down' value means the logical session's status is <down> - potentially, peers can't establish a connection between each other;
(either through a misconfiguration, a routing problem in the field, or due to keepalive messages not being received)
The 'unknown' value means the state cannot be determined (no ports configured, remote peer issues etc)
type: string
enum:
- up
- down
- unknown
peer-link-status:
description:
Operational state of the physical link(s) directly connecting the two Multi-Chassis Link Aggregation Group (MCLAG) peer switches.
type: string
enum:
- up
- down
- unknown
interface-num:
description: Number of MCLAG interfaces configured within current domain id.
type: integer
interfaces:
description: List of configured interfaces statuses (that are part of this domain id)
type: array
items:
type: object
properties:
port:
description: Port name / identifier.
type: string
examples:
- Ethernet1
local-status:
description: Represents local port's status.
type: string
enum:
- up
- down
- unknown
remote-status:
description: Represents remote peer's port status.
type: string
enum:
- up
- down
- unknown

1
ucentral.capabilities.pretty.json
View File

@@ -344,6 +344,7 @@
"IP-ACL",
"Guest-VLAN",
"Storm-Control",
"Access-Lockout",
"Service-SSH",
"Service-RSSH",
"Service-Telnet",

386
ucentral.schema.full.json
View File

@@ -219,6 +219,11 @@
"cloud_uplink_port"
]
},
"autoneg": {
"description": "Controls whether link autonegotiation is enabled. When set to true, the switch negotiates speed and duplex with the link partner. When set to false, the configured speed and duplex values are forced.",
"type": "boolean",
"default": true
},
"speed": {
"description": "The link speed that shall be forced.",
"type": "integer",
@@ -777,24 +782,25 @@
"storm-control": {
"description": "Storm Control configuration per storm type. Allows enabling or disabling traffic storm control for broadcast, multicast, and unknown unicast packets, with independent packet-per-second (pps) thresholds. A limit-pps value of 0 implies the control is disabled for that traffic type.",
"type": "object",
"properties": null,
"broadcast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed broadcast packets per second. 0 disables broadcast storm control."
},
"multicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed multicast packets per second. 0 disables multicast storm control."
},
"unknown-unicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed unknown unicast packets per second. 0 disables unknown unicast storm control."
"properties": {
"broadcast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed broadcast packets per second. 0 disables broadcast storm control."
},
"multicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed multicast packets per second. 0 disables multicast storm control."
},
"unknown-unicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed unknown unicast packets per second. 0 disables unknown unicast storm control."
}
}
}
}
@@ -852,6 +858,65 @@
]
}
},
"bridge-prio": {
"description": "Bridge priority for root election. Ranging from 0\u201361440 (in steps of 4096)",
"type": "integer",
"default": 32768
},
"forward-delay-secs": {
"description": "Time in seconds a port stays in Listening and Learning states before transitioning to Forwarding.",
"type": "integer"
},
"hello-time-secs": {
"description": "Determines how often switches send BPDU.",
"type": "integer"
},
"max-age-secs": {
"description": "Maximum time (in seconds) before a BPDU is considered invalid.",
"type": "integer"
},
"pathcost-method": {
"description": "Specifies the method used for path cost calculation. - short, 16-bit values (0\u201365535), IEEE 802.1D - long, 32-bit values (0\u2013200,000,000), IEEE 802.1w",
"type": "string",
"enum": [
"short",
"long"
]
},
"bpdu-flooding": {
"description": "Configures how BPDUs are flooded to spanning-tree disabled ports. - to-all, Flood to all STP-disabled ports - to-vlan, Flood to STP-disabled ports within the same VLAN",
"type": "string",
"enum": [
"to-all",
"to-vlan"
]
},
"bpdu-tx-limit": {
"description": "Maximum number of BPDU transmissions allowed per Hello interval.",
"type": "integer"
},
"root-guard": {
"description": "Enable Root Guard globally to prevent designated ports from becoming root.",
"type": "boolean"
},
"mst-region": {
"description": "MSTP region-wide configuration. Applicable when protocol is mstp.",
"type": "object",
"properties": {
"name": {
"description": "Name of multiple spanning tree region.",
"type": "string",
"maxLength": 32,
"minLength": 1
},
"revision": {
"description": "MST region revision number.",
"type": "integer",
"maximum": 65535,
"minimum": 0
}
}
},
"instances": {
"description": "Define a list of configuration for each STP instance. Meaning of this field depends on current STP protocol (switch.loop-detection.protocol)",
"type": "array",
@@ -868,24 +933,36 @@
"default": true
},
"priority": {
"description": "Bridge priority.",
"description": "MST priority.",
"type": "integer",
"default": 32768
},
"forward_delay": {
"forward-delay": {
"description": "Defines the amount of time a switch port stays in the Listening and Learning states before transitioning to the Forwarding state.",
"type": "integer",
"default": 15
},
"hello_time": {
"hello-time": {
"description": "Determines how often switches send BPDU.",
"type": "integer",
"default": 2
},
"max_age": {
"max-age": {
"description": "Specifies the maximum time that a switch port should wait to receive a BPDU from its neighbor before considering the link as failed or disconnected.",
"type": "integer",
"default": 20
},
"path-cost": {
"description": "Path cost for this MST instance.",
"type": "integer"
},
"vlan-start": {
"description": "VLAN starting range assigned to this MST instance.",
"type": "integer"
},
"vlan-end": {
"description": "VLAN ending range assigned to this MST instance.",
"type": "integer"
}
}
}
@@ -1271,6 +1348,11 @@
"description": "This section defines the MC-LAG configuration parameters for the switch.",
"type": "object",
"properties": {
"global-gateway-mac": {
"description": "(Optional) Global Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers",
"type": "string",
"format": "uc-mac"
},
"mclag-domains": {
"description": "List of MC-LAG domain configurations for the switch.",
"type": "array",
@@ -1284,11 +1366,51 @@
"maximum": 1024,
"default": 1
},
"gateway-mac": {
"description": "(Optional) Per-domain Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers This MAC address is used as the virtual MAC address for the Layer 3 VLAN Interfaces (Switch Virtual Interfaces or SVIs) across both MCLAG peers",
"type": "string",
"format": "uc-mac"
},
"source-ip": {
"description": "IPv4 address of the MCLAG keepalive link on the local switch",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"peer-ip": {
"description": "IPv4 address of the MCLAG keepalive link on the peer switch",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"system-mac-address": {
"description": "(Optional) Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers",
"type": "string",
"format": "uc-mac"
},
"keepalive-interval": {
"description": "Interval (in seconds) between sending keepalive messages over the peer link to determine if the remote peer is up or down",
"type": "integer",
"default": 30,
"minimum": 1,
"maximum": 64
},
"session-timeout": {
"description": "Time (in seconds) to wait before shutting down an MCLAG session with a remote peer if no keepalive reply is received",
"type": "integer",
"default": 50,
"minimum": 1,
"maximum": 64
},
"peer-link": {
"description": "Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches.",
"type": "object",
"properties": {
"type": {
"link-type": {
"description": "Defines the type of peer-link, either 'port' or 'trunk-group'",
"type": "string",
"enum": [
@@ -1297,8 +1419,16 @@
],
"default": "trunk-group"
},
"value": {
"description": "Specifies the port or trunk-group ID for the peer-link.",
"port-id": {
"description": "Specifies the physical port name used as peer-link (only valid if type = port).",
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
},
"trunk-id": {
"description": "Specifies the trunk group ID used as peer-link (only valid if type = trunk-group).",
"type": "integer",
"minimum": 1,
"maximum": 64
@@ -1306,53 +1436,56 @@
}
},
"mclag-group": {
"description": "Configures the MC-LAG group, which binds the interfaces into a multi-chassis LAG.",
"type": "object",
"properties": {
"group-id": {
"description": "Defines the unique MC-LAG group identifier.",
"type": "integer",
"minimum": 1,
"maximum": 128
},
"members": {
"description": "List of interfaces that participate in the MC-LAG group.",
"type": "array",
"items": {
"type": "string",
"description": "Interface names that are part of the MC-LAG group.",
"examples": [
"eth0",
"eth1"
]
}
},
"lacp-config": {
"description": "LACP configuration settings for the MC-LAG group.",
"type": "object",
"properties": {
"lacp-enable": {
"description": "Enables or disables LACP for the MC-LAG group.",
"type": "boolean",
"default": true
},
"lacp-role": {
"description": "Configures the LACP role as 'actor' or 'partner'",
"description": "Configures the MC-LAG group(s), which binds the interfaces into a multi-chassis LAG.",
"type": "array",
"items": {
"type": "object",
"properties": {
"group-id": {
"description": "Defines the unique MC-LAG group identifier.",
"type": "integer",
"minimum": 1,
"maximum": 128
},
"members": {
"description": "List of interfaces that participate in the MC-LAG group.",
"type": "array",
"items": {
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-timeout": {
"description": "Sets the LACP timeout as either 'short' or 'long'.",
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
"description": "Interface names that are part of the MC-LAG group.",
"examples": [
"Ethernet0",
"Ethernet1"
]
}
},
"lacp-config": {
"description": "LACP configuration settings for the MC-LAG group.",
"type": "object",
"properties": {
"lacp-enable": {
"description": "Enables or disables LACP for the MC-LAG group.",
"type": "boolean",
"default": true
},
"lacp-role": {
"description": "Configures the LACP role as 'actor' or 'partner'",
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-timeout": {
"description": "Sets the LACP timeout as either 'short' or 'long'.",
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
}
}
}
}
@@ -1422,6 +1555,117 @@
}
}
},
"intrusion-detection-access-lockout": {
"description": "Enables protection against unauthorized login attempts by locking user access after a specified number of failed authentication attempts within a defined period.",
"type": "object",
"properties": {
"lockout-attempt-count": {
"description": "Number of consecutive failed login attempts allowed before the user account is locked.",
"type": "integer",
"minimum": 1
},
"lockout-period-seconds": {
"description": "Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold.",
"type": "integer"
}
}
},
"rspan-sessions": {
"description": "A list of Remote SPAN (RSPAN) sessions configured on the switch. Each session operates independently and may use its own RSPAN VLAN. The configuration applied depends on the switch\u2019s role in the session (source, intermediate, or destination).",
"type": "array",
"items": {
"type": "object",
"properties": {
"session-id": {
"description": "Numeric identifier of the RSPAN session. Each session-id represents a distinct mirroring instance configured on the Switch",
"type": "integer"
},
"rspan-vlan-id": {
"description": "The VLAN ID used as the RSPAN transport VLAN for this session. Traffic replicated at the source is encapsulated with this VLAN tag and carried across the Layer-2 network to the destination switch.",
"type": "integer",
"minimum": 1,
"maximum": 4094
},
"role": {
"description": "Defines the function of this switch in the RSPAN session. A switch may act as - source- where traffic is captured and injected into the RSPAN VLAN - intermediate- forwards the RSPAN VLAN transparently - destination- where mirrored traffic exits toward analysis tools",
"type": "string",
"enum": [
"source",
"intermediate",
"destination"
]
},
"source": {
"description": "Configuration applicable only when the switch is operating as the RSPAN source. Specifies which ports generate mirrored traffic and the direction of traffic replication.",
"type": "object",
"properties": {
"monitor-ports": {
"description": "List of ingress/egress interfaces whose traffic is mirrored. Source ports must support forwarding the RSPAN VLAN (typically trunk or hybrid mode ports)",
"type": "array",
"items": {
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
}
},
"direction": {
"description": "Direction of the traffic to be mirrored from the source ports - rx- mirror ingress traffic only - tx- mirror egress traffic only - rx-tx- mirror both ingress and egress",
"type": "string",
"enum": [
"rx",
"tx",
"rx-tx"
]
}
}
},
"destination": {
"description": "Configuration applicable only when the switch acts as the RSPAN destination. Determines which ports output the replicated traffic arriving on the RSPAN VLAN.",
"type": "object",
"properties": {
"analysis-ports": {
"description": "One or more interfaces that receive the final mirrored traffic. These ports typically connect to packet analyzers, probes, or traffic capture tools.",
"type": "array",
"items": {
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
}
},
"tag-mode": {
"description": "Specifies whether the mirrored packets should exit the destination port with the RSPAN VLAN tag preserved (tagged) or with the VLAN tag removed (untagged), depending on the analyzer requirements.",
"type": "string",
"enum": [
"tagged",
"untagged"
]
}
}
},
"remote": {
"description": "Defines configuration used by both intermediate and destination switches. It identifies which uplink ports should carry the RSPAN VLAN transparently across the switching fabric.",
"type": "object",
"properties": {
"uplink-ports": {
"description": "List of trunk/hybrid uplink ports through which the RSPAN VLAN is forwarded. These ports must allow the RSPAN VLAN to pass unchanged throughout the L2 domain.",
"type": "array",
"items": {
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
}
}
}
}
}
}
},
"arp-inspect": {
"type": "object",
"description": "Global configuration for ARP Inspection on the switch.",

322
ucentral.schema.json
View File

@@ -217,6 +217,10 @@
"cloud_uplink_port"
]
},
"autoneg": {
"type": "boolean",
"default": true
},
"speed": {
"type": "integer",
"enum": [
@@ -687,21 +691,22 @@
},
"storm-control": {
"type": "object",
"properties": null,
"broadcast-pps": {
"type": "integer",
"minimum": 0,
"default": 0
},
"multicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0
},
"unknown-unicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0
"properties": {
"broadcast-pps": {
"type": "integer",
"minimum": 0,
"default": 0
},
"multicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0
},
"unknown-unicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0
}
}
}
}
@@ -1106,6 +1111,54 @@
]
}
},
"bridge-prio": {
"type": "integer",
"default": 32768
},
"forward-delay-secs": {
"type": "integer"
},
"hello-time-secs": {
"type": "integer"
},
"max-age-secs": {
"type": "integer"
},
"pathcost-method": {
"type": "string",
"enum": [
"short",
"long"
]
},
"bpdu-flooding": {
"type": "string",
"enum": [
"to-all",
"to-vlan"
]
},
"bpdu-tx-limit": {
"type": "integer"
},
"root-guard": {
"type": "boolean"
},
"mst-region": {
"type": "object",
"properties": {
"name": {
"type": "string",
"maxLength": 32,
"minLength": 1
},
"revision": {
"type": "integer",
"maximum": 65535,
"minimum": 0
}
}
},
"instances": {
"type": "array",
"items": {
@@ -1122,17 +1175,26 @@
"type": "integer",
"default": 32768
},
"forward_delay": {
"forward-delay": {
"type": "integer",
"default": 15
},
"hello_time": {
"hello-time": {
"type": "integer",
"default": 2
},
"max_age": {
"max-age": {
"type": "integer",
"default": 20
},
"path-cost": {
"type": "integer"
},
"vlan-start": {
"type": "integer"
},
"vlan-end": {
"type": "integer"
}
}
}
@@ -1459,6 +1521,10 @@
"mclag-config": {
"type": "object",
"properties": {
"global-gateway-mac": {
"type": "string",
"format": "uc-mac"
},
"mclag-domains": {
"type": "array",
"items": {
@@ -1470,10 +1536,44 @@
"maximum": 1024,
"default": 1
},
"gateway-mac": {
"type": "string",
"format": "uc-mac"
},
"source-ip": {
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"peer-ip": {
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"system-mac-address": {
"type": "string",
"format": "uc-mac"
},
"keepalive-interval": {
"type": "integer",
"default": 30,
"minimum": 1,
"maximum": 64
},
"session-timeout": {
"type": "integer",
"default": 50,
"minimum": 1,
"maximum": 64
},
"peer-link": {
"type": "object",
"properties": {
"type": {
"link-type": {
"type": "string",
"enum": [
"port",
@@ -1481,7 +1581,14 @@
],
"default": "trunk-group"
},
"value": {
"port-id": {
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
},
"trunk-id": {
"type": "integer",
"minimum": 1,
"maximum": 64
@@ -1489,45 +1596,48 @@
}
},
"mclag-group": {
"type": "object",
"properties": {
"group-id": {
"type": "integer",
"minimum": 1,
"maximum": 128
},
"members": {
"type": "array",
"items": {
"type": "string",
"examples": [
"eth0",
"eth1"
]
}
},
"lacp-config": {
"type": "object",
"properties": {
"lacp-enable": {
"type": "boolean",
"default": true
},
"lacp-role": {
"type": "array",
"items": {
"type": "object",
"properties": {
"group-id": {
"type": "integer",
"minimum": 1,
"maximum": 128
},
"members": {
"type": "array",
"items": {
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-timeout": {
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
"examples": [
"Ethernet0",
"Ethernet1"
]
}
},
"lacp-config": {
"type": "object",
"properties": {
"lacp-enable": {
"type": "boolean",
"default": true
},
"lacp-role": {
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-timeout": {
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
}
}
}
}
@@ -1588,6 +1698,102 @@
}
}
},
"intrusion-detection-access-lockout": {
"type": "object",
"properties": {
"lockout-attempt-count": {
"type": "integer",
"minimum": 1
},
"lockout-period-seconds": {
"type": "integer"
}
}
},
"rspan-sessions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"session-id": {
"type": "integer"
},
"rspan-vlan-id": {
"type": "integer",
"minimum": 1,
"maximum": 4094
},
"role": {
"type": "string",
"enum": [
"source",
"intermediate",
"destination"
]
},
"source": {
"type": "object",
"properties": {
"monitor-ports": {
"type": "array",
"items": {
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
}
},
"direction": {
"type": "string",
"enum": [
"rx",
"tx",
"rx-tx"
]
}
}
},
"destination": {
"type": "object",
"properties": {
"analysis-ports": {
"type": "array",
"items": {
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
}
},
"tag-mode": {
"type": "string",
"enum": [
"tagged",
"untagged"
]
}
}
},
"remote": {
"type": "object",
"properties": {
"uplink-ports": {
"type": "array",
"items": {
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
}
}
}
}
}
}
},
"arp-inspect": {
"$ref": "#/$defs/switch.arp-inspect"
},

386
ucentral.schema.pretty.json
View File

@@ -253,6 +253,11 @@
"cloud_uplink_port"
]
},
"autoneg": {
"description": "Controls whether link autonegotiation is enabled. When set to true, the switch negotiates speed and duplex with the link partner. When set to false, the configured speed and duplex values are forced.",
"type": "boolean",
"default": true
},
"speed": {
"description": "The link speed that shall be forced.",
"type": "integer",
@@ -811,24 +816,25 @@
"storm-control": {
"description": "Storm Control configuration per storm type. Allows enabling or disabling traffic storm control for broadcast, multicast, and unknown unicast packets, with independent packet-per-second (pps) thresholds. A limit-pps value of 0 implies the control is disabled for that traffic type.",
"type": "object",
"properties": null,
"broadcast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed broadcast packets per second. 0 disables broadcast storm control."
},
"multicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed multicast packets per second. 0 disables multicast storm control."
},
"unknown-unicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed unknown unicast packets per second. 0 disables unknown unicast storm control."
"properties": {
"broadcast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed broadcast packets per second. 0 disables broadcast storm control."
},
"multicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed multicast packets per second. 0 disables multicast storm control."
},
"unknown-unicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed unknown unicast packets per second. 0 disables unknown unicast storm control."
}
}
}
}
@@ -1310,6 +1316,65 @@
]
}
},
"bridge-prio": {
"description": "Bridge priority for root election. Ranging from 0\u201361440 (in steps of 4096)",
"type": "integer",
"default": 32768
},
"forward-delay-secs": {
"description": "Time in seconds a port stays in Listening and Learning states before transitioning to Forwarding.",
"type": "integer"
},
"hello-time-secs": {
"description": "Determines how often switches send BPDU.",
"type": "integer"
},
"max-age-secs": {
"description": "Maximum time (in seconds) before a BPDU is considered invalid.",
"type": "integer"
},
"pathcost-method": {
"description": "Specifies the method used for path cost calculation. - short, 16-bit values (0\u201365535), IEEE 802.1D - long, 32-bit values (0\u2013200,000,000), IEEE 802.1w",
"type": "string",
"enum": [
"short",
"long"
]
},
"bpdu-flooding": {
"description": "Configures how BPDUs are flooded to spanning-tree disabled ports. - to-all, Flood to all STP-disabled ports - to-vlan, Flood to STP-disabled ports within the same VLAN",
"type": "string",
"enum": [
"to-all",
"to-vlan"
]
},
"bpdu-tx-limit": {
"description": "Maximum number of BPDU transmissions allowed per Hello interval.",
"type": "integer"
},
"root-guard": {
"description": "Enable Root Guard globally to prevent designated ports from becoming root.",
"type": "boolean"
},
"mst-region": {
"description": "MSTP region-wide configuration. Applicable when protocol is mstp.",
"type": "object",
"properties": {
"name": {
"description": "Name of multiple spanning tree region.",
"type": "string",
"maxLength": 32,
"minLength": 1
},
"revision": {
"description": "MST region revision number.",
"type": "integer",
"maximum": 65535,
"minimum": 0
}
}
},
"instances": {
"description": "Define a list of configuration for each STP instance. Meaning of this field depends on current STP protocol (switch.loop-detection.protocol)",
"type": "array",
@@ -1326,24 +1391,36 @@
"default": true
},
"priority": {
"description": "Bridge priority.",
"description": "MST priority.",
"type": "integer",
"default": 32768
},
"forward_delay": {
"forward-delay": {
"description": "Defines the amount of time a switch port stays in the Listening and Learning states before transitioning to the Forwarding state.",
"type": "integer",
"default": 15
},
"hello_time": {
"hello-time": {
"description": "Determines how often switches send BPDU.",
"type": "integer",
"default": 2
},
"max_age": {
"max-age": {
"description": "Specifies the maximum time that a switch port should wait to receive a BPDU from its neighbor before considering the link as failed or disconnected.",
"type": "integer",
"default": 20
},
"path-cost": {
"description": "Path cost for this MST instance.",
"type": "integer"
},
"vlan-start": {
"description": "VLAN starting range assigned to this MST instance.",
"type": "integer"
},
"vlan-end": {
"description": "VLAN ending range assigned to this MST instance.",
"type": "integer"
}
}
}
@@ -1729,6 +1806,11 @@
"description": "This section defines the MC-LAG configuration parameters for the switch.",
"type": "object",
"properties": {
"global-gateway-mac": {
"description": "(Optional) Global Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers",
"type": "string",
"format": "uc-mac"
},
"mclag-domains": {
"description": "List of MC-LAG domain configurations for the switch.",
"type": "array",
@@ -1742,11 +1824,51 @@
"maximum": 1024,
"default": 1
},
"gateway-mac": {
"description": "(Optional) Per-domain Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers This MAC address is used as the virtual MAC address for the Layer 3 VLAN Interfaces (Switch Virtual Interfaces or SVIs) across both MCLAG peers",
"type": "string",
"format": "uc-mac"
},
"source-ip": {
"description": "IPv4 address of the MCLAG keepalive link on the local switch",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"peer-ip": {
"description": "IPv4 address of the MCLAG keepalive link on the peer switch",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"system-mac-address": {
"description": "(Optional) Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers",
"type": "string",
"format": "uc-mac"
},
"keepalive-interval": {
"description": "Interval (in seconds) between sending keepalive messages over the peer link to determine if the remote peer is up or down",
"type": "integer",
"default": 30,
"minimum": 1,
"maximum": 64
},
"session-timeout": {
"description": "Time (in seconds) to wait before shutting down an MCLAG session with a remote peer if no keepalive reply is received",
"type": "integer",
"default": 50,
"minimum": 1,
"maximum": 64
},
"peer-link": {
"description": "Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches.",
"type": "object",
"properties": {
"type": {
"link-type": {
"description": "Defines the type of peer-link, either 'port' or 'trunk-group'",
"type": "string",
"enum": [
@@ -1755,8 +1877,16 @@
],
"default": "trunk-group"
},
"value": {
"description": "Specifies the port or trunk-group ID for the peer-link.",
"port-id": {
"description": "Specifies the physical port name used as peer-link (only valid if type = port).",
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
},
"trunk-id": {
"description": "Specifies the trunk group ID used as peer-link (only valid if type = trunk-group).",
"type": "integer",
"minimum": 1,
"maximum": 64
@@ -1764,53 +1894,56 @@
}
},
"mclag-group": {
"description": "Configures the MC-LAG group, which binds the interfaces into a multi-chassis LAG.",
"type": "object",
"properties": {
"group-id": {
"description": "Defines the unique MC-LAG group identifier.",
"type": "integer",
"minimum": 1,
"maximum": 128
},
"members": {
"description": "List of interfaces that participate in the MC-LAG group.",
"type": "array",
"items": {
"type": "string",
"description": "Interface names that are part of the MC-LAG group.",
"examples": [
"eth0",
"eth1"
]
}
},
"lacp-config": {
"description": "LACP configuration settings for the MC-LAG group.",
"type": "object",
"properties": {
"lacp-enable": {
"description": "Enables or disables LACP for the MC-LAG group.",
"type": "boolean",
"default": true
},
"lacp-role": {
"description": "Configures the LACP role as 'actor' or 'partner'",
"description": "Configures the MC-LAG group(s), which binds the interfaces into a multi-chassis LAG.",
"type": "array",
"items": {
"type": "object",
"properties": {
"group-id": {
"description": "Defines the unique MC-LAG group identifier.",
"type": "integer",
"minimum": 1,
"maximum": 128
},
"members": {
"description": "List of interfaces that participate in the MC-LAG group.",
"type": "array",
"items": {
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-timeout": {
"description": "Sets the LACP timeout as either 'short' or 'long'.",
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
"description": "Interface names that are part of the MC-LAG group.",
"examples": [
"Ethernet0",
"Ethernet1"
]
}
},
"lacp-config": {
"description": "LACP configuration settings for the MC-LAG group.",
"type": "object",
"properties": {
"lacp-enable": {
"description": "Enables or disables LACP for the MC-LAG group.",
"type": "boolean",
"default": true
},
"lacp-role": {
"description": "Configures the LACP role as 'actor' or 'partner'",
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-timeout": {
"description": "Sets the LACP timeout as either 'short' or 'long'.",
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
}
}
}
}
@@ -1880,6 +2013,117 @@
}
}
},
"intrusion-detection-access-lockout": {
"description": "Enables protection against unauthorized login attempts by locking user access after a specified number of failed authentication attempts within a defined period.",
"type": "object",
"properties": {
"lockout-attempt-count": {
"description": "Number of consecutive failed login attempts allowed before the user account is locked.",
"type": "integer",
"minimum": 1
},
"lockout-period-seconds": {
"description": "Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold.",
"type": "integer"
}
}
},
"rspan-sessions": {
"description": "A list of Remote SPAN (RSPAN) sessions configured on the switch. Each session operates independently and may use its own RSPAN VLAN. The configuration applied depends on the switch\u2019s role in the session (source, intermediate, or destination).",
"type": "array",
"items": {
"type": "object",
"properties": {
"session-id": {
"description": "Numeric identifier of the RSPAN session. Each session-id represents a distinct mirroring instance configured on the Switch",
"type": "integer"
},
"rspan-vlan-id": {
"description": "The VLAN ID used as the RSPAN transport VLAN for this session. Traffic replicated at the source is encapsulated with this VLAN tag and carried across the Layer-2 network to the destination switch.",
"type": "integer",
"minimum": 1,
"maximum": 4094
},
"role": {
"description": "Defines the function of this switch in the RSPAN session. A switch may act as - source- where traffic is captured and injected into the RSPAN VLAN - intermediate- forwards the RSPAN VLAN transparently - destination- where mirrored traffic exits toward analysis tools",
"type": "string",
"enum": [
"source",
"intermediate",
"destination"
]
},
"source": {
"description": "Configuration applicable only when the switch is operating as the RSPAN source. Specifies which ports generate mirrored traffic and the direction of traffic replication.",
"type": "object",
"properties": {
"monitor-ports": {
"description": "List of ingress/egress interfaces whose traffic is mirrored. Source ports must support forwarding the RSPAN VLAN (typically trunk or hybrid mode ports)",
"type": "array",
"items": {
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
}
},
"direction": {
"description": "Direction of the traffic to be mirrored from the source ports - rx- mirror ingress traffic only - tx- mirror egress traffic only - rx-tx- mirror both ingress and egress",
"type": "string",
"enum": [
"rx",
"tx",
"rx-tx"
]
}
}
},
"destination": {
"description": "Configuration applicable only when the switch acts as the RSPAN destination. Determines which ports output the replicated traffic arriving on the RSPAN VLAN.",
"type": "object",
"properties": {
"analysis-ports": {
"description": "One or more interfaces that receive the final mirrored traffic. These ports typically connect to packet analyzers, probes, or traffic capture tools.",
"type": "array",
"items": {
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
}
},
"tag-mode": {
"description": "Specifies whether the mirrored packets should exit the destination port with the RSPAN VLAN tag preserved (tagged) or with the VLAN tag removed (untagged), depending on the analyzer requirements.",
"type": "string",
"enum": [
"tagged",
"untagged"
]
}
}
},
"remote": {
"description": "Defines configuration used by both intermediate and destination switches. It identifies which uplink ports should carry the RSPAN VLAN transparently across the switching fabric.",
"type": "object",
"properties": {
"uplink-ports": {
"description": "List of trunk/hybrid uplink ports through which the RSPAN VLAN is forwarded. These ports must allow the RSPAN VLAN to pass unchanged throughout the L2 domain.",
"type": "array",
"items": {
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
}
}
}
}
}
}
},
"arp-inspect": {
"$ref": "#/$defs/switch.arp-inspect"
},

205
ucentral.state.pretty.json
View File

@@ -256,6 +256,53 @@
}
}
}
},
"access-lockout": {
"type": "object",
"description": "Represents the operational state and statistics of the Intrusion Detection and Access Lockout feature.",
"properties": {
"user-sessions": {
"type": "array",
"description": "Displays a list of user sessions being tracked for failed login attempts.",
"items": {
"type": "object",
"properties": {
"username": {
"type": "string",
"description": "The username associated with the login attempts being tracked."
},
"source-ip": {
"type": "string",
"description": "The IP address from which the login attempts originated."
},
"failed-attempts": {
"type": "integer",
"description": "The number of consecutive failed login attempts recorded for this user session."
},
"status": {
"type": "string",
"description": "Indicates whether the user account is currently locked or active.",
"enum": [
"active",
"locked"
]
},
"last-failed-attempt-time": {
"type": "integer",
"description": "UNIX timestamp (in seconds) of the most recent failed login attempt."
},
"lockout-start-time": {
"type": "integer",
"description": "UNIX timestamp (in seconds) when the user account was locked."
},
"lockout-expiry-time": {
"type": "integer",
"description": "UNIX timestamp (in seconds) when the lockout period will end and access will be restored."
}
}
}
}
}
}
},
"$defs": {
@@ -389,6 +436,92 @@
}
}
}
},
"mclag-state": {
"description": "This section describes the global (switch's device) state of the underlying state of MCLAG system.",
"type": "object",
"properties": {
"domains": {
"description": "holds MCLAG domain state information, including domain ID, role, session status, peer link status, number of interfaces, and interface statuses.",
"type": "array",
"items": {
"type": "object",
"properties": {
"mclag-domain": {
"description": "Configured domain-id state",
"type": "integer",
"minimum": 1,
"maximum": 1024,
"default": 1
},
"role": {
"description": "Role of the domain (Configured switch's domain-id state) Active means local switch posesses primary control responsibility (handles control protocol exchanges on behalf of the pair and is the default source for any shared virtual MAC addresses if they aren't explicitly configured) Standby means that local switch is the redundant switch that monitors the Active peer, maintains synchronized state information and is ready to take over full control plane responsibility if the Active peer fails.",
"type": "string",
"enum": [
"active",
"standby"
]
},
"session-status": {
"description": "Logical status of the underlying MCLAG session between local switch and remote peer switch. The 'up' value shows the underlying session is fully setup. (peers can exchange keepalive messages - if configured, the synchronization is happening and the overall state of link is operational) The 'down' value means the logical session's status is <down> - potentially, peers can't establish a connection between each other; (either through a misconfiguration, a routing problem in the field, or due to keepalive messages not being received) The 'unknown' value means the state cannot be determined (no ports configured, remote peer issues etc)",
"type": "string",
"enum": [
"up",
"down",
"unknown"
]
},
"peer-link-status": {
"description": "Operational state of the physical link(s) directly connecting the two Multi-Chassis Link Aggregation Group (MCLAG) peer switches.",
"type": "string",
"enum": [
"up",
"down",
"unknown"
]
},
"interface-num": {
"description": "Number of MCLAG interfaces configured within current domain id.",
"type": "integer"
},
"interfaces": {
"description": "List of configured interfaces statuses (that are part of this domain id)",
"type": "array",
"items": {
"type": "object",
"properties": {
"port": {
"description": "Port name / identifier.",
"type": "string",
"examples": [
"Ethernet1"
]
},
"local-status": {
"description": "Represents local port's status.",
"type": "string",
"enum": [
"up",
"down",
"unknown"
]
},
"remote-status": {
"description": "Represents remote peer's port status.",
"type": "string",
"enum": [
"up",
"down",
"unknown"
]
}
}
}
}
}
}
}
}
}
}
},
@@ -909,6 +1042,11 @@
"description": "Provides a textual description of the remote port, typically describing the interface or its purpose.",
"example": "Ethernet Port on unit 1, port 2"
},
"lldp-remote-sys-name": {
"type": "string",
"description": "Provides a textual description of the system name string (as defined by the sending device)",
"example": "Datacenter Switch-1"
},
"lldp-remote-port-max-mtu": {
"type": "string",
"description": "Displays the maximum transmission unit (MTU) size that the remote port supports, indicating the largest packet size the port can handle."
@@ -1014,6 +1152,23 @@
"Class-7",
"Class-8"
]
},
"lldp-remote-port-power-priority": {
"type": "string",
"description": "Indicates the power priority level assigned to the PD.",
"enum": [
"low",
"high",
"critical"
]
},
"lldp-remote-port-pd-requested-power": {
"type": "number",
"description": "Power requested by the PD in watts (0.1W resolution possible). The values must be presented with real values like 25.5, 20.5 etc."
},
"lldp-remote-port-pse-available-power": {
"type": "number",
"description": "Power that the PSE port is able to provide in watts (0.1W resolution)."
}
}
},
@@ -1034,6 +1189,56 @@
"description": "Displays the identifier of the Link Aggregation Group (LAG) that the remote port belongs to."
}
}
},
"lldp-remote-port-location": {
"type": "object",
"description": "Location information provided by LLDP-MED.",
"properties": {
"location-subtype": {
"type": "string",
"description": "Indicates the type of location information being conveyed.",
"enum": [
"coordinate",
"civic-address",
"elin"
]
},
"civic-addr": {
"type": "array",
"description": "Civic address information consisting of CA-Type and CA-Value pairs as per LLDP-MED.",
"items": {
"type": "object",
"properties": {
"ca-type": {
"type": "integer",
"description": "Civic Address Type identifier (e.g., 1 = Language, 3 = Country, 6 = A1 state/province, etc.)"
},
"ca-value": {
"type": "string",
"description": "Civic Address Value corresponding to the type."
}
}
}
},
"coordinates": {
"type": "object",
"description": "Location coordinates information.",
"properties": {
"latitude": {
"type": "string",
"description": "Latitude in decimal degrees (e.g., +37.7749)."
},
"longitude": {
"type": "string",
"description": "Longitude in decimal degrees (e.g., -122.4194)."
}
}
},
"elin": {
"type": "string",
"description": "Emergency Location Identification Number (ELIN) assigned to endpoint location"
}
}
}
}
}