Telecominfraproject/archived-ols-ucentral-schema
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/ols-ucentral-schema.git synced 2026-03-20 03:39:31 +00:00
Code Issues Packages Projects Releases 4 Wiki Activity

Compare commits

base: Telecominfraproject:v4.0.0
Branches Tags
Telecominfraproject:main Telecominfraproject:release/v5.0.0 Telecominfraproject:staging-release-5.0.0-pki-2.0 Telecominfraproject:ols-969-priority-mapping-schema Telecominfraproject:ols-976-port-security-schema Telecominfraproject:ols-975-diffserv-schema Telecominfraproject:ols-970-rspan-schema Telecominfraproject:extend_mclag-group_schema_to_support_static_trunk Telecominfraproject:ols-909-add-port-autoneg-schema Telecominfraproject:OLS-849-add-xSTP-parameters Telecominfraproject:OLS-848-Schema-Intrusion-detection Telecominfraproject:OLS-838-Update-OLS-Schema-version-to-4.2.0 Telecominfraproject:correct-storm-control-indentation Telecominfraproject:ols-821-mclag-schema-correction Telecominfraproject:fix/fix_invalid_schema Telecominfraproject:ols-688-bpdu-guard Telecominfraproject:ols-822-lldp-peers-statemessage-enhancements Telecominfraproject:OLS_UpdateSchemaVersion_410 Telecominfraproject:ols-659-simplify-vlan-config Telecominfraproject:staging-OLS-644-global-dns Telecominfraproject:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release Telecominfraproject:Sprint-8-OLS-ARP-Inspect-Schema Telecominfraproject:Sprint-8-OLS---Rate-Limiting-schema Telecominfraproject:OLS-556-Sprint-8-IPSourceGuard Telecominfraproject:OLS-556-Sprint-8-SubcribeRTEvents Telecominfraproject:OLS-550_Schema_Corrections_Pre4p0_Features Telecominfraproject:OLS-562-Add-schema-version-to-ols-ucentral-schema Telecominfraproject:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema Telecominfraproject:OLS-538_port_speed_enum_fix_40g Telecominfraproject:OLS-425_sprint6_schema Telecominfraproject:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities Telecominfraproject:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities Telecominfraproject:OLS_319_sprint4_schema Telecominfraproject:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames Telecominfraproject:link_aggregation Telecominfraproject:change_port_mirror_type_to_array Telecominfraproject:lacp Telecominfraproject:jumbo_frames Telecominfraproject:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml Telecominfraproject:OLS-228-delta_counters Telecominfraproject:secure_http_server Telecominfraproject:fix_loop_detection_schema_instances_indentation Telecominfraproject:change_vrf_id_to_integer Telecominfraproject:schema_fixes_and_updates Telecominfraproject:default-values-for-schema/ethernet.yml-speed-and-duplex Telecominfraproject:next Telecominfraproject:1-incorrect-indentation-for-statelink-stateyml
Telecominfraproject:v5.0.0 Telecominfraproject:v4.1.0-rc1 Telecominfraproject:v4.0.0 Telecominfraproject:v4.0.0-rc1 Telecominfraproject:v3.2.7
...
compare: Telecominfraproject:ols-975-diffserv-schema
Branches Tags
Telecominfraproject:main Telecominfraproject:release/v5.0.0 Telecominfraproject:staging-release-5.0.0-pki-2.0 Telecominfraproject:ols-969-priority-mapping-schema Telecominfraproject:ols-976-port-security-schema Telecominfraproject:ols-975-diffserv-schema Telecominfraproject:ols-970-rspan-schema Telecominfraproject:extend_mclag-group_schema_to_support_static_trunk Telecominfraproject:ols-909-add-port-autoneg-schema Telecominfraproject:OLS-849-add-xSTP-parameters Telecominfraproject:OLS-848-Schema-Intrusion-detection Telecominfraproject:OLS-838-Update-OLS-Schema-version-to-4.2.0 Telecominfraproject:correct-storm-control-indentation Telecominfraproject:ols-821-mclag-schema-correction Telecominfraproject:fix/fix_invalid_schema Telecominfraproject:ols-688-bpdu-guard Telecominfraproject:ols-822-lldp-peers-statemessage-enhancements Telecominfraproject:OLS_UpdateSchemaVersion_410 Telecominfraproject:ols-659-simplify-vlan-config Telecominfraproject:staging-OLS-644-global-dns Telecominfraproject:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release Telecominfraproject:Sprint-8-OLS-ARP-Inspect-Schema Telecominfraproject:Sprint-8-OLS---Rate-Limiting-schema Telecominfraproject:OLS-556-Sprint-8-IPSourceGuard Telecominfraproject:OLS-556-Sprint-8-SubcribeRTEvents Telecominfraproject:OLS-550_Schema_Corrections_Pre4p0_Features Telecominfraproject:OLS-562-Add-schema-version-to-ols-ucentral-schema Telecominfraproject:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema Telecominfraproject:OLS-538_port_speed_enum_fix_40g Telecominfraproject:OLS-425_sprint6_schema Telecominfraproject:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities Telecominfraproject:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities Telecominfraproject:OLS_319_sprint4_schema Telecominfraproject:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames Telecominfraproject:link_aggregation Telecominfraproject:change_port_mirror_type_to_array Telecominfraproject:lacp Telecominfraproject:jumbo_frames Telecominfraproject:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml Telecominfraproject:OLS-228-delta_counters Telecominfraproject:secure_http_server Telecominfraproject:fix_loop_detection_schema_instances_indentation Telecominfraproject:change_vrf_id_to_integer Telecominfraproject:schema_fixes_and_updates Telecominfraproject:default-values-for-schema/ethernet.yml-speed-and-duplex Telecominfraproject:next Telecominfraproject:1-incorrect-indentation-for-statelink-stateyml
Telecominfraproject:v5.0.0 Telecominfraproject:v4.1.0-rc1 Telecominfraproject:v4.0.0 Telecominfraproject:v4.0.0-rc1 Telecominfraproject:v3.2.7

34 Commits
v4.0.0 ... ols-975-di

Author SHA1 Message Date
Binny
79848de50c ols-975-diffserv-schema-draft 2026-01-28 14:32:46 +00:00
Binny
a109852c33 Merge pull request #55 from Telecominfraproject/extend_mclag-group_schema_to_support_static_trunk 
MCLAG: extend mclag-group schema to support static trunk
 2026-01-21 10:56:53 +05:30
Binny
23bc815936 Merge pull request #54 from Telecominfraproject/ols-909-add-port-autoneg-schema 
ols-909-autoneg-port-draft
 2026-01-21 10:55:59 +05:30
jacky_chang
7bca1f897a MCLAG: extend mclag-group schema to support static trunk 
During our MCLAG feature development, we identified that the current mclag-group schema only considers the LACP-based use case.
Since Edgecore switches only support MLAG on static trunk interfaces, we currently have no way to specify static trunk parameters within the existing schema.

To address this limitation, we would like to propose adding a new field, trunk-id, to the mclag-group definition:
 2025-12-18 11:21:26 +08:00
Olexandr, Mazur
429bf9eb87 Merge pull request #53 from Telecominfraproject/wip/mclag_schema_additions 
MCLAG: extend schema and state with additional fields
 2025-12-08 17:02:04 +02:00
Oleksandr Mazur
e0d69521d5 MCLAG: extend schema and state with additional fields 
Current MCLAG configuration schema looks fine
yet misses some crucial keepalive and session configuration.

Not only that, there's no real state being back-reported
to the Gateway in a state message, which might complicate
remote debugging of configuration applied on the switch itself.

Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2025-12-05 15:00:42 +02:00
Binny
c7a8f2e727 ols-909-autoneg-port-draft 2025-12-03 12:56:52 +00:00
Binny
68c6e98fb0 Merge pull request #51 from Telecominfraproject/OLS-848-Schema-Intrusion-detection 
ols-848-intrusiondetection-draft-changes
 2025-11-26 17:42:33 +05:30
Binny
b6996ce24d Merge pull request #52 from Telecominfraproject/OLS-849-add-xSTP-parameters 
ols-849-new-stp-params-draft
 2025-11-26 17:41:51 +05:30
Binny
57c7138e64 ols-849-reviewcomments-made 2025-10-29 09:50:18 +00:00
Binny
2711412306 ols-848-comments-addressed 2025-10-29 09:44:19 +00:00
Binny
75e2910729 ols-849-new-stp-params-draft 2025-10-08 13:50:50 +00:00
Binny
f11d7d8181 ols-848-intrusiondetection-draft-changes 2025-10-08 11:47:20 +00:00
Binny
02f749cc11 Merge pull request #46 from Telecominfraproject/ols-821-mclag-schema-correction 
ols-821-mclag-schema-correcttion-draft Changes
 2025-10-07 12:06:22 +05:30
Mike Hansen
5b00327adc Merge pull request #50 from Telecominfraproject/correct-storm-control-indentation 
Fix indentation for storm-control configuration.
 2025-09-24 12:29:33 -04:00
Mike Hansen
117aa70d4f Fix indentation for storm-control configuration. 
Signed-off-by: Mike Hansen <mike.hansen@netexperience.com>
 2025-09-24 11:18:21 -04:00
Binny
c3073a9a45 ols-821-mclag-schema-final-draft 2025-09-16 06:10:50 +00:00
Binny
04a8901620 Merge pull request #47 from Telecominfraproject/ols-822-lldp-peers-statemessage-enhancements 
ols-822-lldp-enhanced-state-reporting-draft Review
 2025-09-16 11:37:54 +05:30
Olexandr, Mazur
23ebf25cba Merge pull request #48 from Telecominfraproject/fix/fix_invalid_schema 
Fix broken schema json file
 2025-09-05 12:38:40 +03:00
Oleksandr Mazur
c9b4970b29 Fix broken schema json file 
After latest main merge, there's some overlapping which effectively
breaks the schema (it becomes invalid json file, due to some objects
not ending where they should).

Run generate.sh to provide a complete valid generated json file.

Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2025-09-05 12:36:54 +03:00
Mike Hansen
fdf54a7e0e Merge pull request #44 from Telecominfraproject/ols-688-bpdu-guard 
ols-688-sprint-12-bpdu-guard-draft
 2025-09-03 13:39:44 -04:00
Binny
52e38ce792 Merge branch 'main' into ols-688-bpdu-guard 2025-09-03 23:05:31 +05:30
Binny
05849922ed ols-821-mclag-corrections-rev2 2025-08-22 15:19:46 +00:00
Binny
9228a6c290 ols-822-lldp-peerstate-enhancement-rev2 2025-08-22 14:57:34 +00:00
Mike Hansen
41e621b455 Merge pull request #45 from Telecominfraproject/ols-688-sprint-12-storm-control-draft 
ols-688-sprint-12-stormcontrol-draft
 2025-08-20 09:43:38 -04:00
Binny
30b5864ada ols-822-lldp-enhanced-state-reporting-draft 2025-08-18 14:52:15 +00:00
Binny
598af29d51 ols-821-mclag-schema-correcttion-draft 2025-08-18 13:38:01 +00:00
Binny
c79f7f4517 ols-688-sprint12-bpduguard-final-p2 2025-06-17 15:12:40 +00:00
Binny
0e43b3cb3a ols-688-sprint12-stormcontrol-finalreview-p2 2025-06-17 15:06:46 +00:00
Binny
67f3f14fab ols-688-sprint12-stormcontrol-finalreview 2025-06-17 04:12:10 +00:00
Binny
8c82a276d8 ols-688-sprint12-bpdu-guard-finalreview 2025-06-17 04:05:31 +00:00
Binny
a098465268 ols-688-bpdu-guard-first-reviewchange 2025-06-11 03:33:54 +00:00
Binny
040650cb5c ols-688-sprint-12-stormcontrol-draft 2025-06-09 04:09:55 +00:00
Binny
adf3514ae9 ols-688-sprint-12-bpdu-guard-draft 2025-06-08 18:16:46 +00:00
12 changed files with 2462 additions and 210 deletions
Expand all files Collapse all files

3
capabilities/connect.capabilities.yml
View File

@@ -243,6 +243,7 @@ properties:
- Spanning-Tree-Per-VLAN
- Spanning-Tree-Per-VLAN-Rapid
- Spanning-Tree-MSTP
- BPDU-Guard
# L3
- SVI-StaticIPv4
- SVI-StaticIPv6
@@ -280,6 +281,8 @@ properties:
- MAC-ACL
- IP-ACL
- Guest-VLAN
- Storm-Control
- Access-Lockout
# Services
- Service-SSH
- Service-RSSH

65
schema/ethernet.yml
View File

@@ -25,6 +25,13 @@ properties:
type: string
examples:
- cloud_uplink_port
autoneg:
description:
Controls whether link autonegotiation is enabled.
When set to true, the switch negotiates speed and duplex with the link partner.
When set to false, the configured speed and duplex values are forced.
type: boolean
default: true
speed:
description:
The link speed that shall be forced.
@@ -499,3 +506,61 @@ properties:
type: string
minLength: 1
maxLength: 32
bpdu-guard:
description: BPDU Guard configuration block. Enables protection against unexpected BPDUs
on edge ports to prevent loops and rogue switch connections.
type: object
properties:
enabled:
description: When true, the port will be placed into an error-disabled state if any BPDU is received.
type: boolean
auto-recovery-secs:
description: Time in 'seconds' after which a port that was err-disabled due to BPDU Guard
violation will be automatically re-enabled.
type: integer
default: 300
edge-port:
description: When true, the port behaves as an STP Edge Port. When false, the port
participates fully in STP and is treated as a normal switch port.
type: boolean
default: false
storm-control:
description: Storm Control configuration per storm type. Allows enabling or disabling traffic storm control for broadcast, multicast, and unknown unicast packets,
with independent packet-per-second (pps) thresholds. A limit-pps value of 0 implies the control is disabled for that traffic type.
type: object
properties:
broadcast-pps:
type: integer
minimum: 0
default: 0
description: Maximum allowed broadcast packets per second. 0 disables broadcast storm control.
multicast-pps:
type: integer
minimum: 0
default: 0
description: Maximum allowed multicast packets per second. 0 disables multicast storm control.
unknown-unicast-pps:
type: integer
minimum: 0
default: 0
description: Maximum allowed unknown unicast packets per second. 0 disables unknown unicast storm control.
diffserv-policy:
type: object
description: Associates DiffServ policy maps with a physical interface.
This object represents the binding of policy maps to the
ingress and/or egress direction of an interface.
properties:
ingress:
type: string
description: Name of the policy map applied to ingress (input) traffic
on the interface. The referenced policy map must be defined prior to binding.
minLength: 1
maxLength: 32
example: "PM-INGRESS-QOS"
egress:
type: string
description: Name of the policy map applied to egress (output) traffic
on the interface. The referenced policy map must be defined prior to binding.
minLength: 1
maxLength: 32
example: "PM-EGRESS-SHAPE"

493
schema/switch.yml
View File

@@ -45,6 +45,56 @@ properties:
enum:
- upstream
- downstream
bridge-prio:
description: Bridge priority for root election. Ranging from 061440 (in steps of 4096)
type: integer
default: 32768
forward-delay-secs:
description: Time in seconds a port stays in Listening and Learning states
before transitioning to Forwarding.
type: integer
hello-time-secs:
description: Determines how often switches send BPDU.
type: integer
max-age-secs:
description: Maximum time (in seconds) before a BPDU is considered invalid.
type: integer
pathcost-method:
description: Specifies the method used for path cost calculation.
- short, 16-bit values (065535), IEEE 802.1D
- long, 32-bit values (0200,000,000), IEEE 802.1w
type: string
enum:
- short
- long
bpdu-flooding:
description: Configures how BPDUs are flooded to spanning-tree disabled ports.
- to-all, Flood to all STP-disabled ports
- to-vlan, Flood to STP-disabled ports within the same VLAN
type: string
enum:
- to-all
- to-vlan
bpdu-tx-limit:
description: Maximum number of BPDU transmissions allowed per Hello interval.
type: integer
root-guard:
description: Enable Root Guard globally to prevent designated ports from becoming root.
type: boolean
mst-region:
description: MSTP region-wide configuration. Applicable when protocol is mstp.
type: object
properties:
name:
description: Name of multiple spanning tree region.
type: string
maxLength: 32
minLength: 1
revision:
description: MST region revision number.
type: integer
maximum: 65535
minimum: 0
instances:
description:
Define a list of configuration for each STP instance.
@@ -55,40 +105,43 @@ properties:
type: object
properties:
id:
description:
Indicates instance to configure.
description: Indicates instance to configure.
Depends on current STP protocol
If RPVSTP/PVSTP - vlan id
If MSTP - instance id
type: integer
enabled:
description:
Enable STP on this instance.
description: Enable STP on this instance.
type: boolean
default: true
priority:
description:
Bridge priority.
description: MST priority.
type: integer
default: 32768
forward_delay:
description:
Defines the amount of time a switch port stays in the Listening
forward-delay:
description: Defines the amount of time a switch port stays in the Listening
and Learning states before transitioning to the Forwarding state.
type: integer
default: 15
hello_time:
description:
Determines how often switches send BPDU.
hello-time:
description: Determines how often switches send BPDU.
type: integer
default: 2
max_age:
description:
Specifies the maximum time that a switch port should wait to
receive a BPDU from its neighbor before
max-age:
description: Specifies the maximum time that a switch port should wait to
receive a BPDU from its neighbor before
considering the link as failed or disconnected.
type: integer
default: 20
path-cost:
description: Path cost for this MST instance.
type: integer
vlan-start:
description: VLAN starting range assigned to this MST instance.
type: integer
vlan-end:
description: VLAN ending range assigned to this MST instance.
type: integer
ieee8021x:
description:
This section describes the global 802.1X (port access control) configuration.
@@ -423,6 +476,10 @@ properties:
description: This section defines the MC-LAG configuration parameters for the switch.
type: object
properties:
global-gateway-mac:
description: (Optional) Global Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers
type: string
format: uc-mac
mclag-domains:
description: List of MC-LAG domain configurations for the switch.
type: array
@@ -435,62 +492,104 @@ properties:
minimum: 1
maximum: 1024
default: 1
gateway-mac:
description:
(Optional) Per-domain Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers
This MAC address is used as the virtual MAC address for the Layer 3 VLAN Interfaces (Switch Virtual Interfaces or SVIs) across both MCLAG peers
type: string
format: uc-mac
source-ip:
description: IPv4 address of the MCLAG keepalive link on the local switch
type: string
format: ipv4
examples:
- 192.168.0.5
peer-ip:
description: IPv4 address of the MCLAG keepalive link on the peer switch
type: string
format: ipv4
examples:
- 192.168.0.5
system-mac-address:
description: (Optional) Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers
type: string
format: uc-mac
keepalive-interval:
description: Interval (in seconds) between sending keepalive messages over the peer link to determine if the remote peer is up or down
type: integer
default: 30
minimum: 1
maximum: 64
session-timeout:
description: Time (in seconds) to wait before shutting down an MCLAG session with a remote peer if no keepalive reply is received
type: integer
default: 50
minimum: 1
maximum: 64
peer-link:
description: Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches.
type: object
properties:
type:
link-type:
description: Defines the type of peer-link, either 'port' or 'trunk-group'
type: string
enum:
- port
- trunk-group
default: trunk-group
value:
description: Specifies the port or trunk-group ID for the peer-link.
port-id:
description: Specifies the physical port name used as peer-link (only valid if type = port).
type: string
examples:
- "Ethernet1"
- "Ethernet2"
trunk-id:
description: Specifies the trunk group ID used as peer-link (only valid if type = trunk-group).
type: integer
minimum: 1
maximum: 64
mclag-group:
description: Configures the MC-LAG group, which binds the interfaces into a multi-chassis LAG.
type: object
properties:
group-id:
description: Defines the unique MC-LAG group identifier.
type: integer
minimum: 1
maximum: 128
members:
description: List of interfaces that participate in the MC-LAG group.
type: array
items:
type: string
description: Interface names that are part of the MC-LAG group.
examples:
- eth0
- eth1
lacp-config:
description: LACP configuration settings for the MC-LAG group.
type: object
properties:
lacp-enable:
description: Enables or disables LACP for the MC-LAG group.
type: boolean
default: true
lacp-role:
description: Configures the LACP role as 'actor' or 'partner'
description: Configures the MC-LAG group(s), which binds the interfaces into a multi-chassis LAG.
type: array
items:
type: object
properties:
group-id:
description: Defines the unique MC-LAG group identifier.
type: integer
minimum: 1
maximum: 128
members:
description: List of interfaces that participate in the MC-LAG group.
type: array
items:
type: string
enum:
- actor
- partner
default: actor
lacp-timeout:
description: Sets the LACP timeout as either 'short' or 'long'.
type: string
enum:
- short
- long
default: long
description: Interface names that are part of the MC-LAG group.
examples:
- Ethernet0
- Ethernet1
lacp-config:
description: LACP configuration settings for the MC-LAG group.
type: object
properties:
lacp-enable:
description: Enables or disables LACP for the MC-LAG group.
type: boolean
default: true
lacp-role:
description: Configures the LACP role as 'actor' or 'partner'
type: string
enum:
- actor
- partner
default: actor
lacp-timeout:
description: Sets the LACP timeout as either 'short' or 'long'.
type: string
enum:
- short
- long
default: long
system-priority:
description: Specifies the system priority used by the switch for LACP negotiations.
type: integer
@@ -537,6 +636,284 @@ properties:
minLength: 1
examples:
- "A VoIP Phone"
intrusion-detection-access-lockout:
description: Enables protection against unauthorized login attempts by locking user access
after a specified number of failed authentication attempts within a defined period.
type: object
properties:
lockout-attempt-count:
description: Number of consecutive failed login attempts allowed before the user account is locked.
type: integer
minimum: 1
lockout-period-seconds:
description: Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold.
type: integer
class-maps:
type: array
description: Defines a list of DiffServ class maps. Each class map represents
a traffic classification container that groups one or more match
rules used to identify packets based on Layer 2, Layer 3, or
Layer 4 header fields.
items:
type: object
properties:
name:
type: string
description: Unique name identifying the class map. This name is later
referenced by policy maps to associate actions with the
classified traffic.
example: CM-IP-VOICE
match-rule:
type: string
description: Determines how multiple match rules within the class map
are evaluated.
- match-any - Packet matches if any rule matches
- match-all - Packet matches only if all rules match
enum:
- match-any
- match-all
matches:
type: array
description: List of match rules that define the traffic classification
criteria for this class map. Up to "n" match rules may be
configured per class maps, per defined as maxItems. Mutual exclusivity rules may apply
between the match rules.
maxItems: 16
items:
type: object
properties:
match-type:
type: string
description: Specifies the type of match criterion used for traffic classification.
enum:
- access-list
- cos
- ip-dscp
- ip-precedence
- ipv6-dscp
- vlan
- source-port
example: ip-dscp
value:
type: string
description: value associated with the selected match type. The
interpretation of this field depends on the match type. Numeric values
must be encoded as strings, to keep the type-value pair simple.
example: "46"
policy-maps:
type: array
description: Defines a list of DiffServ policy maps. Each policy map associates
one or more previously defined class maps with specific QoS actions
such as packet marking and traffic policing. Policy maps are later
applied to interfaces using DiffServ service-policy bindings.
items:
type: object
properties:
name:
type: string
description: Unique name identifying the policy map. This name is referenced
when binding the policy map to an interface for ingress or
egress traffic processing.
example: rd-policy
classes:
type: array
description: List of class map references included in this policy map.
Each class entry applies a defined set of QoS actions
to traffic matching the referenced class map.
items:
type: object
properties:
class-name:
type: string
description: Name of a previously defined class map whose matching
traffic will be subject to the configured marking
and/or policing actions.
example: rd-class
marking-action:
type: object
description: Packet marking actions applied to traffic matching
this class. Marking may update internal forwarding
behavior, VLAN CoS bits, or IP DSCP values.
Only one marking action is typically effective
per packet processing stage.
properties:
phb:
type: integer
description: Per-Hop Behavior (PHB) value used for internal
packet processing and queue selection within
the forwarding pipeline.
minimum: 0
maximum: 7
cos:
type: integer
description: Class of Service (CoS) value written to the VLAN
priority field (802.1p) of matching packets.
minimum: 0
maximum: 7
ip-dscp:
type: integer
description: Differentiated Services Code Point (DSCP) value
written to the IP header of matching packets.
minimum: 0
maximum: 63
police:
type: object
description: Traffic policing configuration applied to packets
matching this class. Policing enforces bandwidth
limits and applies actions based on traffic conformance.
Only one policing mode may be configured per class.
properties:
flow:
type: object
description: Single-rate, two-color policing based on a token
bucket defined by a committed rate and burst size.
Traffic is classified as conforming or violating.
properties:
committed-rate-kbps:
type: integer
description: Committed Information Rate (CIR) in kilobits
per second enforced by the policer.
committed-burst-bytes:
type: integer
description: Committed Burst Size (BC) in bytes allowed
by the policer.
conform-action:
type: object
description: Action applied when traffic conforms to the
committed rate and burst limits.
properties:
action:
type: string
description: Action taken for conforming packets.
enum:
- transmit
- new-dscp
new-dscp:
type: integer
description: DSCP value applied to conforming packets
when action is set to new-dscp.
minimum: 0
maximum: 63
violate-action:
type: object
description: Action applied when traffic exceeds the
committed rate or burst size.
properties:
action:
type: string
description: Action taken for violating packets.
enum:
- drop
- new-dscp
new-dscp:
type: integer
description: DSCP value applied to violating packets
when action is set to new-dscp.
minimum: 0
maximum: 63
srtcm:
type: object
description: Single Rate Three Color Meter (srTCM) policing,
supporting color-blind or color-aware modes.
Traffic is classified as green, yellow, or red.
properties:
mode:
type: string
description: Specifies whether the policer operates in
color-blind or color-aware mode.
enum:
- color-blind
- color-aware
committed-rate-kbps:
type: integer
description: Committed Information Rate (CIR) in kilobits
per second.
committed-burst-bytes:
type: integer
description: Committed Burst Size (CBS) in bytes.
excess-burst-bytes:
type: integer
description: Excess Burst Size (EBS) in bytes used to
classify packets as exceeding committed limits.
conform-action:
type: string
description: Action applied to packets classified as
conforming (green).
enum:
- transmit
exceed-action:
type: string
description: Action applied to packets classified as
exceeding (yellow).
enum:
- drop
- new-dscp
violate-action:
type: string
description: Action applied to packets classified as
violating (red).
enum:
- drop
- new-dscp
new-dscp:
type: integer
description: DSCP value applied when exceed or violate
action is set to new-dscp.
minimum: 0
maximum: 63
trtcm:
type: object
description: Two Rate Three Color Meter (trTCM) policing,
enforcing both committed and peak rate limits
with three traffic colors.
properties:
mode:
type: string
description: Specifies whether the policer operates in
color-blind or color-aware mode.
enum:
- color-blind
- color-aware
committed-rate-kbps:
type: integer
description: Committed Information Rate (CIR) in kilobits
per second.
committed-burst-bytes:
type: integer
description: Committed Burst Size (CBS) in bytes.
peak-rate-kbps:
type: integer
description: Peak Information Rate (PIR) in kilobits
per second.
peak-burst-bytes:
type: integer
description: Peak Burst Size (PBS) in bytes.
conform-action:
type: string
description: Action applied to packets conforming to
committed rate limits.
enum:
- transmit
- new-dscp
exceed-action:
type: string
description: Action applied to packets exceeding committed
rate but within peak rate.
enum:
- drop
- new-dscp
violate-action:
type: string
description: Action applied to packets exceeding peak rate.
enum:
- drop
- new-dscp
new-dscp:
type: integer
description: DSCP value applied when exceed or violate
action is set to new-dscp.
minimum: 0
maximum: 63
arp-inspect:
$ref: "https://ucentral.io/schema/v1/switch/arp-inspect/"
ip-source-guard:
@@ -549,4 +926,4 @@ properties:
description: Define a global list of dns servers.
type: array
items:
type: string
type: string

23
state/link-state.yml
View File

@@ -242,6 +242,14 @@ properties:
transitions:
type: integer
description: Number of STP state transitions (forwarding/discarding) on this port.
bpdu-guard:
type: string
description: Runtime status of BPDU Guard on the port, when it detects any issue.
- `errdisabled`- Port is shutdown due to BPDU violation.
- `recovering`- Temporarily disabled and in auto-recovery interval.
enum:
- errdisabled
- recovering
lbd:
description: Loopback Detection (LBD) status on this port.
type: object
@@ -262,4 +270,17 @@ properties:
enum:
- none
- block
- shutdown
- shutdown
storm-status:
description: Runtime status of Storm Control feature on the port for each storm type.
type: object
properties:
broadcast:
type: boolean
description: Runtime status of Broadcast Storm Control on the port. Return `true`if Storm condition is detected.
multicast:
type: boolean
description: Runtime status of Multicast Storm Control on the port. Return `true`if Storm condition is detected.
unknown-unicast:
type: boolean
description: Runtime status of Unknown Unicast Storm Control on the port. Return `true`if Storm condition is detected.

55
state/lldp-peers.yml
View File

@@ -49,6 +49,10 @@ items:
type: string
description: Provides a textual description of the remote port, typically describing the interface or its purpose.
example: "Ethernet Port on unit 1, port 2"
lldp-remote-sys-name:
type: string
description: Provides a textual description of the system name string (as defined by the sending device)
example: "Datacenter Switch-1"
lldp-remote-port-max-mtu:
type: string
description: Displays the maximum transmission unit (MTU) size that the remote port supports, indicating the largest packet size the port can handle.
@@ -117,6 +121,19 @@ items:
type: string
description: Displays the PoE class of the remote device, indicating its power consumption classification.
enum: ["Class-1", "Class-2", "Class-3", "Class-4","Class-5", "Class-6", "Class-7", "Class-8"]
lldp-remote-port-power-priority:
type: string
description: Indicates the power priority level assigned to the PD.
enum:
- low
- high
- critical
lldp-remote-port-pd-requested-power:
type: number
description: Power requested by the PD in watts (0.1W resolution possible). The values must be presented with real values like 25.5, 20.5 etc.
lldp-remote-port-pse-available-power:
type: number
description: Power that the PSE port is able to provide in watts (0.1W resolution).
lldp-remote-port-lag-info:
type: object
description: Provides information about the remote ports involvement in Link Aggregation Groups (LAG), if applicable.
@@ -129,4 +146,40 @@ items:
description: Shows whether Link Aggregation is enabled on the remote port.
lldp-remote-port-lag-port-id:
type: integer
description: Displays the identifier of the Link Aggregation Group (LAG) that the remote port belongs to.
description: Displays the identifier of the Link Aggregation Group (LAG) that the remote port belongs to.
lldp-remote-port-location:
type: object
description: Location information provided by LLDP-MED.
properties:
location-subtype:
type: string
description: Indicates the type of location information being conveyed.
enum:
- coordinate
- civic-address
- elin
civic-addr:
type: array
description: Civic address information consisting of CA-Type and CA-Value pairs as per LLDP-MED.
items:
type: object
properties:
ca-type:
type: integer
description: Civic Address Type identifier (e.g., 1 = Language, 3 = Country, 6 = A1 state/province, etc.)
ca-value:
type: string
description: Civic Address Value corresponding to the type.
coordinates:
type: object
description: Location coordinates information.
properties:
latitude:
type: string
description: Latitude in decimal degrees (e.g., +37.7749).
longitude:
type: string
description: Longitude in decimal degrees (e.g., -122.4194).
elin:
type: string
description: Emergency Location Identification Number (ELIN) assigned to endpoint location

36
state/state.yml
View File

@@ -187,4 +187,38 @@ properties:
description: Total number of topology changes detected.
last-topology-change-seconds:
type: integer
description: Time (in seconds) since the last topology change.
description: Time (in seconds) since the last topology change.
access-lockout:
type: object
description: Represents the operational state and statistics of the Intrusion Detection and Access Lockout feature.
properties:
user-sessions:
type: array
description: Displays a list of user sessions being tracked for failed login attempts.
items:
type: object
properties:
username:
type: string
description: The username associated with the login attempts being tracked.
source-ip:
type: string
description: The IP address from which the login attempts originated.
failed-attempts:
type: integer
description: The number of consecutive failed login attempts recorded for this user session.
status:
type: string
description: Indicates whether the user account is currently locked or active.
enum:
- active
- locked
last-failed-attempt-time:
type: integer
description: UNIX timestamp (in seconds) of the most recent failed login attempt.
lockout-start-time:
type: integer
description: UNIX timestamp (in seconds) when the user account was locked.
lockout-expiry-time:
type: integer
description: UNIX timestamp (in seconds) when the lockout period will end and access will be restored.

78
state/unit.yml
View File

@@ -121,3 +121,81 @@ properties:
description:
Number of CoA requests that are sent if the NAS is configured to prohibit honoring of CoA-Request or Disconnect-Request packets for the specified session.
type: number
mclag-state:
description:
This section describes the global (switch's device) state of the underlying state of MCLAG system.
type: object
properties:
domains:
description:
holds MCLAG domain state information, including domain ID, role, session status,
peer link status, number of interfaces, and interface statuses.
type: array
items:
type: object
properties:
mclag-domain:
description: Configured domain-id state
type: integer
minimum: 1
maximum: 1024
default: 1
role:
description:
Role of the domain (Configured switch's domain-id state)
Active means local switch posesses primary control responsibility
(handles control protocol exchanges on behalf of the pair and is the default source for any shared virtual MAC addresses if they aren't explicitly configured)
Standby means that local switch is the redundant switch that monitors the Active peer, maintains synchronized state information and is ready to take over full control plane responsibility if the Active peer fails.
type: string
enum:
- active
- standby
session-status:
description:
Logical status of the underlying MCLAG session between local switch and remote peer switch.
The 'up' value shows the underlying session is fully setup.
(peers can exchange keepalive messages - if configured, the synchronization is happening and the overall state of link is operational)
The 'down' value means the logical session's status is <down> - potentially, peers can't establish a connection between each other;
(either through a misconfiguration, a routing problem in the field, or due to keepalive messages not being received)
The 'unknown' value means the state cannot be determined (no ports configured, remote peer issues etc)
type: string
enum:
- up
- down
- unknown
peer-link-status:
description:
Operational state of the physical link(s) directly connecting the two Multi-Chassis Link Aggregation Group (MCLAG) peer switches.
type: string
enum:
- up
- down
- unknown
interface-num:
description: Number of MCLAG interfaces configured within current domain id.
type: integer
interfaces:
description: List of configured interfaces statuses (that are part of this domain id)
type: array
items:
type: object
properties:
port:
description: Port name / identifier.
type: string
examples:
- Ethernet1
local-status:
description: Represents local port's status.
type: string
enum:
- up
- down
- unknown
remote-status:
description: Represents remote peer's port status.
type: string
enum:
- up
- down
- unknown

3
ucentral.capabilities.pretty.json
View File

@@ -310,6 +310,7 @@
"Spanning-Tree-Per-VLAN",
"Spanning-Tree-Per-VLAN-Rapid",
"Spanning-Tree-MSTP",
"BPDU-Guard",
"SVI-StaticIPv4",
"SVI-StaticIPv6",
"Interface-StaticIPv4",
@@ -342,6 +343,8 @@
"MAC-ACL",
"IP-ACL",
"Guest-VLAN",
"Storm-Control",
"Access-Lockout",
"Service-SSH",
"Service-RSSH",
"Service-Telnet",

595
ucentral.schema.full.json
View File

@@ -219,6 +219,11 @@
"cloud_uplink_port"
]
},
"autoneg": {
"description": "Controls whether link autonegotiation is enabled. When set to true, the switch negotiates speed and duplex with the link partner. When set to false, the configured speed and duplex values are forced.",
"type": "boolean",
"default": true
},
"speed": {
"description": "The link speed that shall be forced.",
"type": "integer",
@@ -753,6 +758,70 @@
"maxLength": 32
}
}
},
"bpdu-guard": {
"description": "BPDU Guard configuration block. Enables protection against unexpected BPDUs on edge ports to prevent loops and rogue switch connections.",
"type": "object",
"properties": {
"enabled": {
"description": "When true, the port will be placed into an error-disabled state if any BPDU is received.",
"type": "boolean"
},
"auto-recovery-secs": {
"description": "Time in 'seconds' after which a port that was err-disabled due to BPDU Guard violation will be automatically re-enabled.",
"type": "integer",
"default": 300
}
}
},
"edge-port": {
"description": "When true, the port behaves as an STP Edge Port. When false, the port participates fully in STP and is treated as a normal switch port.",
"type": "boolean",
"default": false
},
"storm-control": {
"description": "Storm Control configuration per storm type. Allows enabling or disabling traffic storm control for broadcast, multicast, and unknown unicast packets, with independent packet-per-second (pps) thresholds. A limit-pps value of 0 implies the control is disabled for that traffic type.",
"type": "object",
"properties": {
"broadcast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed broadcast packets per second. 0 disables broadcast storm control."
},
"multicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed multicast packets per second. 0 disables multicast storm control."
},
"unknown-unicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed unknown unicast packets per second. 0 disables unknown unicast storm control."
}
}
},
"diffserv-policy": {
"type": "object",
"description": "Associates DiffServ policy maps with a physical interface. This object represents the binding of policy maps to the ingress and/or egress direction of an interface.",
"properties": {
"ingress": {
"type": "string",
"description": "Name of the policy map applied to ingress (input) traffic on the interface. The referenced policy map must be defined prior to binding.",
"minLength": 1,
"maxLength": 32,
"example": "PM-INGRESS-QOS"
},
"egress": {
"type": "string",
"description": "Name of the policy map applied to egress (output) traffic on the interface. The referenced policy map must be defined prior to binding.",
"minLength": 1,
"maxLength": 32,
"example": "PM-EGRESS-SHAPE"
}
}
}
}
}
@@ -809,6 +878,65 @@
]
}
},
"bridge-prio": {
"description": "Bridge priority for root election. Ranging from 0\u201361440 (in steps of 4096)",
"type": "integer",
"default": 32768
},
"forward-delay-secs": {
"description": "Time in seconds a port stays in Listening and Learning states before transitioning to Forwarding.",
"type": "integer"
},
"hello-time-secs": {
"description": "Determines how often switches send BPDU.",
"type": "integer"
},
"max-age-secs": {
"description": "Maximum time (in seconds) before a BPDU is considered invalid.",
"type": "integer"
},
"pathcost-method": {
"description": "Specifies the method used for path cost calculation. - short, 16-bit values (0\u201365535), IEEE 802.1D - long, 32-bit values (0\u2013200,000,000), IEEE 802.1w",
"type": "string",
"enum": [
"short",
"long"
]
},
"bpdu-flooding": {
"description": "Configures how BPDUs are flooded to spanning-tree disabled ports. - to-all, Flood to all STP-disabled ports - to-vlan, Flood to STP-disabled ports within the same VLAN",
"type": "string",
"enum": [
"to-all",
"to-vlan"
]
},
"bpdu-tx-limit": {
"description": "Maximum number of BPDU transmissions allowed per Hello interval.",
"type": "integer"
},
"root-guard": {
"description": "Enable Root Guard globally to prevent designated ports from becoming root.",
"type": "boolean"
},
"mst-region": {
"description": "MSTP region-wide configuration. Applicable when protocol is mstp.",
"type": "object",
"properties": {
"name": {
"description": "Name of multiple spanning tree region.",
"type": "string",
"maxLength": 32,
"minLength": 1
},
"revision": {
"description": "MST region revision number.",
"type": "integer",
"maximum": 65535,
"minimum": 0
}
}
},
"instances": {
"description": "Define a list of configuration for each STP instance. Meaning of this field depends on current STP protocol (switch.loop-detection.protocol)",
"type": "array",
@@ -825,24 +953,36 @@
"default": true
},
"priority": {
"description": "Bridge priority.",
"description": "MST priority.",
"type": "integer",
"default": 32768
},
"forward_delay": {
"forward-delay": {
"description": "Defines the amount of time a switch port stays in the Listening and Learning states before transitioning to the Forwarding state.",
"type": "integer",
"default": 15
},
"hello_time": {
"hello-time": {
"description": "Determines how often switches send BPDU.",
"type": "integer",
"default": 2
},
"max_age": {
"max-age": {
"description": "Specifies the maximum time that a switch port should wait to receive a BPDU from its neighbor before considering the link as failed or disconnected.",
"type": "integer",
"default": 20
},
"path-cost": {
"description": "Path cost for this MST instance.",
"type": "integer"
},
"vlan-start": {
"description": "VLAN starting range assigned to this MST instance.",
"type": "integer"
},
"vlan-end": {
"description": "VLAN ending range assigned to this MST instance.",
"type": "integer"
}
}
}
@@ -1228,6 +1368,11 @@
"description": "This section defines the MC-LAG configuration parameters for the switch.",
"type": "object",
"properties": {
"global-gateway-mac": {
"description": "(Optional) Global Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers",
"type": "string",
"format": "uc-mac"
},
"mclag-domains": {
"description": "List of MC-LAG domain configurations for the switch.",
"type": "array",
@@ -1241,11 +1386,51 @@
"maximum": 1024,
"default": 1
},
"gateway-mac": {
"description": "(Optional) Per-domain Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers This MAC address is used as the virtual MAC address for the Layer 3 VLAN Interfaces (Switch Virtual Interfaces or SVIs) across both MCLAG peers",
"type": "string",
"format": "uc-mac"
},
"source-ip": {
"description": "IPv4 address of the MCLAG keepalive link on the local switch",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"peer-ip": {
"description": "IPv4 address of the MCLAG keepalive link on the peer switch",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"system-mac-address": {
"description": "(Optional) Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers",
"type": "string",
"format": "uc-mac"
},
"keepalive-interval": {
"description": "Interval (in seconds) between sending keepalive messages over the peer link to determine if the remote peer is up or down",
"type": "integer",
"default": 30,
"minimum": 1,
"maximum": 64
},
"session-timeout": {
"description": "Time (in seconds) to wait before shutting down an MCLAG session with a remote peer if no keepalive reply is received",
"type": "integer",
"default": 50,
"minimum": 1,
"maximum": 64
},
"peer-link": {
"description": "Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches.",
"type": "object",
"properties": {
"type": {
"link-type": {
"description": "Defines the type of peer-link, either 'port' or 'trunk-group'",
"type": "string",
"enum": [
@@ -1254,8 +1439,16 @@
],
"default": "trunk-group"
},
"value": {
"description": "Specifies the port or trunk-group ID for the peer-link.",
"port-id": {
"description": "Specifies the physical port name used as peer-link (only valid if type = port).",
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
},
"trunk-id": {
"description": "Specifies the trunk group ID used as peer-link (only valid if type = trunk-group).",
"type": "integer",
"minimum": 1,
"maximum": 64
@@ -1263,53 +1456,56 @@
}
},
"mclag-group": {
"description": "Configures the MC-LAG group, which binds the interfaces into a multi-chassis LAG.",
"type": "object",
"properties": {
"group-id": {
"description": "Defines the unique MC-LAG group identifier.",
"type": "integer",
"minimum": 1,
"maximum": 128
},
"members": {
"description": "List of interfaces that participate in the MC-LAG group.",
"type": "array",
"items": {
"type": "string",
"description": "Interface names that are part of the MC-LAG group.",
"examples": [
"eth0",
"eth1"
]
}
},
"lacp-config": {
"description": "LACP configuration settings for the MC-LAG group.",
"type": "object",
"properties": {
"lacp-enable": {
"description": "Enables or disables LACP for the MC-LAG group.",
"type": "boolean",
"default": true
},
"lacp-role": {
"description": "Configures the LACP role as 'actor' or 'partner'",
"description": "Configures the MC-LAG group(s), which binds the interfaces into a multi-chassis LAG.",
"type": "array",
"items": {
"type": "object",
"properties": {
"group-id": {
"description": "Defines the unique MC-LAG group identifier.",
"type": "integer",
"minimum": 1,
"maximum": 128
},
"members": {
"description": "List of interfaces that participate in the MC-LAG group.",
"type": "array",
"items": {
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-timeout": {
"description": "Sets the LACP timeout as either 'short' or 'long'.",
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
"description": "Interface names that are part of the MC-LAG group.",
"examples": [
"Ethernet0",
"Ethernet1"
]
}
},
"lacp-config": {
"description": "LACP configuration settings for the MC-LAG group.",
"type": "object",
"properties": {
"lacp-enable": {
"description": "Enables or disables LACP for the MC-LAG group.",
"type": "boolean",
"default": true
},
"lacp-role": {
"description": "Configures the LACP role as 'actor' or 'partner'",
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-timeout": {
"description": "Sets the LACP timeout as either 'short' or 'long'.",
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
}
}
}
}
@@ -1379,6 +1575,299 @@
}
}
},
"intrusion-detection-access-lockout": {
"description": "Enables protection against unauthorized login attempts by locking user access after a specified number of failed authentication attempts within a defined period.",
"type": "object",
"properties": {
"lockout-attempt-count": {
"description": "Number of consecutive failed login attempts allowed before the user account is locked.",
"type": "integer",
"minimum": 1
},
"lockout-period-seconds": {
"description": "Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold.",
"type": "integer"
}
}
},
"class-maps": {
"type": "array",
"description": "Defines a list of DiffServ class maps. Each class map represents a traffic classification container that groups one or more match rules used to identify packets based on Layer 2, Layer 3, or Layer 4 header fields.",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Unique name identifying the class map. This name is later referenced by policy maps to associate actions with the classified traffic.",
"example": "CM-IP-VOICE"
},
"match-rule": {
"type": "string",
"description": "Determines how multiple match rules within the class map are evaluated. - match-any - Packet matches if any rule matches - match-all - Packet matches only if all rules match",
"enum": [
"match-any",
"match-all"
]
},
"matches": {
"type": "array",
"description": "List of match rules that define the traffic classification criteria for this class map. Up to \"n\" match rules may be configured per class maps, per defined as maxItems. Mutual exclusivity rules may apply between the match rules.",
"maxItems": 16,
"items": {
"type": "object",
"properties": {
"match-type": {
"type": "string",
"description": "Specifies the type of match criterion used for traffic classification.",
"enum": [
"access-list",
"cos",
"ip-dscp",
"ip-precedence",
"ipv6-dscp",
"vlan",
"source-port"
],
"example": "ip-dscp"
},
"value": {
"type": "string",
"description": "value associated with the selected match type. The interpretation of this field depends on the match type. Numeric values must be encoded as strings, to keep the type-value pair simple.",
"example": "46"
}
}
}
}
}
}
},
"policy-maps": {
"type": "array",
"description": "Defines a list of DiffServ policy maps. Each policy map associates one or more previously defined class maps with specific QoS actions such as packet marking and traffic policing. Policy maps are later applied to interfaces using DiffServ service-policy bindings.",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Unique name identifying the policy map. This name is referenced when binding the policy map to an interface for ingress or egress traffic processing.",
"example": "rd-policy"
},
"classes": {
"type": "array",
"description": "List of class map references included in this policy map. Each class entry applies a defined set of QoS actions to traffic matching the referenced class map.",
"items": {
"type": "object",
"properties": {
"class-name": {
"type": "string",
"description": "Name of a previously defined class map whose matching traffic will be subject to the configured marking and/or policing actions.",
"example": "rd-class"
},
"marking-action": {
"type": "object",
"description": "Packet marking actions applied to traffic matching this class. Marking may update internal forwarding behavior, VLAN CoS bits, or IP DSCP values. Only one marking action is typically effective per packet processing stage.",
"properties": {
"phb": {
"type": "integer",
"description": "Per-Hop Behavior (PHB) value used for internal packet processing and queue selection within the forwarding pipeline.",
"minimum": 0,
"maximum": 7
},
"cos": {
"type": "integer",
"description": "Class of Service (CoS) value written to the VLAN priority field (802.1p) of matching packets.",
"minimum": 0,
"maximum": 7
},
"ip-dscp": {
"type": "integer",
"description": "Differentiated Services Code Point (DSCP) value written to the IP header of matching packets.",
"minimum": 0,
"maximum": 63
}
}
},
"police": {
"type": "object",
"description": "Traffic policing configuration applied to packets matching this class. Policing enforces bandwidth limits and applies actions based on traffic conformance. Only one policing mode may be configured per class.",
"properties": {
"flow": {
"type": "object",
"description": "Single-rate, two-color policing based on a token bucket defined by a committed rate and burst size. Traffic is classified as conforming or violating.",
"properties": {
"committed-rate-kbps": {
"type": "integer",
"description": "Committed Information Rate (CIR) in kilobits per second enforced by the policer."
},
"committed-burst-bytes": {
"type": "integer",
"description": "Committed Burst Size (BC) in bytes allowed by the policer."
},
"conform-action": {
"type": "object",
"description": "Action applied when traffic conforms to the committed rate and burst limits.",
"properties": {
"action": {
"type": "string",
"description": "Action taken for conforming packets.",
"enum": [
"transmit",
"new-dscp"
]
},
"new-dscp": {
"type": "integer",
"description": "DSCP value applied to conforming packets when action is set to new-dscp.",
"minimum": 0,
"maximum": 63
}
}
},
"violate-action": {
"type": "object",
"description": "Action applied when traffic exceeds the committed rate or burst size.",
"properties": {
"action": {
"type": "string",
"description": "Action taken for violating packets.",
"enum": [
"drop",
"new-dscp"
]
},
"new-dscp": {
"type": "integer",
"description": "DSCP value applied to violating packets when action is set to new-dscp.",
"minimum": 0,
"maximum": 63
}
}
}
}
},
"srtcm": {
"type": "object",
"description": "Single Rate Three Color Meter (srTCM) policing, supporting color-blind or color-aware modes. Traffic is classified as green, yellow, or red.",
"properties": {
"mode": {
"type": "string",
"description": "Specifies whether the policer operates in color-blind or color-aware mode.",
"enum": [
"color-blind",
"color-aware"
]
},
"committed-rate-kbps": {
"type": "integer",
"description": "Committed Information Rate (CIR) in kilobits per second."
},
"committed-burst-bytes": {
"type": "integer",
"description": "Committed Burst Size (CBS) in bytes."
},
"excess-burst-bytes": {
"type": "integer",
"description": "Excess Burst Size (EBS) in bytes used to classify packets as exceeding committed limits."
},
"conform-action": {
"type": "string",
"description": "Action applied to packets classified as conforming (green).",
"enum": [
"transmit"
]
},
"exceed-action": {
"type": "string",
"description": "Action applied to packets classified as exceeding (yellow).",
"enum": [
"drop",
"new-dscp"
]
},
"violate-action": {
"type": "string",
"description": "Action applied to packets classified as violating (red).",
"enum": [
"drop",
"new-dscp"
]
},
"new-dscp": {
"type": "integer",
"description": "DSCP value applied when exceed or violate action is set to new-dscp.",
"minimum": 0,
"maximum": 63
}
}
},
"trtcm": {
"type": "object",
"description": "Two Rate Three Color Meter (trTCM) policing, enforcing both committed and peak rate limits with three traffic colors.",
"properties": {
"mode": {
"type": "string",
"description": "Specifies whether the policer operates in color-blind or color-aware mode.",
"enum": [
"color-blind",
"color-aware"
]
},
"committed-rate-kbps": {
"type": "integer",
"description": "Committed Information Rate (CIR) in kilobits per second."
},
"committed-burst-bytes": {
"type": "integer",
"description": "Committed Burst Size (CBS) in bytes."
},
"peak-rate-kbps": {
"type": "integer",
"description": "Peak Information Rate (PIR) in kilobits per second."
},
"peak-burst-bytes": {
"type": "integer",
"description": "Peak Burst Size (PBS) in bytes."
},
"conform-action": {
"type": "string",
"description": "Action applied to packets conforming to committed rate limits.",
"enum": [
"transmit",
"new-dscp"
]
},
"exceed-action": {
"type": "string",
"description": "Action applied to packets exceeding committed rate but within peak rate.",
"enum": [
"drop",
"new-dscp"
]
},
"violate-action": {
"type": "string",
"description": "Action applied to packets exceeding peak rate.",
"enum": [
"drop",
"new-dscp"
]
},
"new-dscp": {
"type": "integer",
"description": "DSCP value applied when exceed or violate action is set to new-dscp.",
"minimum": 0,
"maximum": 63
}
}
}
}
}
}
}
}
}
}
},
"arp-inspect": {
"type": "object",
"description": "Global configuration for ARP Inspection on the switch.",

495
ucentral.schema.json
View File

@@ -217,6 +217,10 @@
"cloud_uplink_port"
]
},
"autoneg": {
"type": "boolean",
"default": true
},
"speed": {
"type": "integer",
"enum": [
@@ -668,6 +672,59 @@
"maxLength": 32
}
}
},
"bpdu-guard": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
},
"auto-recovery-secs": {
"type": "integer",
"default": 300
}
}
},
"edge-port": {
"type": "boolean",
"default": false
},
"storm-control": {
"type": "object",
"properties": {
"broadcast-pps": {
"type": "integer",
"minimum": 0,
"default": 0
},
"multicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0
},
"unknown-unicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0
}
}
},
"diffserv-policy": {
"type": "object",
"properties": {
"ingress": {
"type": "string",
"minLength": 1,
"maxLength": 32,
"example": "PM-INGRESS-QOS"
},
"egress": {
"type": "string",
"minLength": 1,
"maxLength": 32,
"example": "PM-EGRESS-SHAPE"
}
}
}
}
},
@@ -1071,6 +1128,54 @@
]
}
},
"bridge-prio": {
"type": "integer",
"default": 32768
},
"forward-delay-secs": {
"type": "integer"
},
"hello-time-secs": {
"type": "integer"
},
"max-age-secs": {
"type": "integer"
},
"pathcost-method": {
"type": "string",
"enum": [
"short",
"long"
]
},
"bpdu-flooding": {
"type": "string",
"enum": [
"to-all",
"to-vlan"
]
},
"bpdu-tx-limit": {
"type": "integer"
},
"root-guard": {
"type": "boolean"
},
"mst-region": {
"type": "object",
"properties": {
"name": {
"type": "string",
"maxLength": 32,
"minLength": 1
},
"revision": {
"type": "integer",
"maximum": 65535,
"minimum": 0
}
}
},
"instances": {
"type": "array",
"items": {
@@ -1087,17 +1192,26 @@
"type": "integer",
"default": 32768
},
"forward_delay": {
"forward-delay": {
"type": "integer",
"default": 15
},
"hello_time": {
"hello-time": {
"type": "integer",
"default": 2
},
"max_age": {
"max-age": {
"type": "integer",
"default": 20
},
"path-cost": {
"type": "integer"
},
"vlan-start": {
"type": "integer"
},
"vlan-end": {
"type": "integer"
}
}
}
@@ -1424,6 +1538,10 @@
"mclag-config": {
"type": "object",
"properties": {
"global-gateway-mac": {
"type": "string",
"format": "uc-mac"
},
"mclag-domains": {
"type": "array",
"items": {
@@ -1435,10 +1553,44 @@
"maximum": 1024,
"default": 1
},
"gateway-mac": {
"type": "string",
"format": "uc-mac"
},
"source-ip": {
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"peer-ip": {
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"system-mac-address": {
"type": "string",
"format": "uc-mac"
},
"keepalive-interval": {
"type": "integer",
"default": 30,
"minimum": 1,
"maximum": 64
},
"session-timeout": {
"type": "integer",
"default": 50,
"minimum": 1,
"maximum": 64
},
"peer-link": {
"type": "object",
"properties": {
"type": {
"link-type": {
"type": "string",
"enum": [
"port",
@@ -1446,7 +1598,14 @@
],
"default": "trunk-group"
},
"value": {
"port-id": {
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
},
"trunk-id": {
"type": "integer",
"minimum": 1,
"maximum": 64
@@ -1454,45 +1613,48 @@
}
},
"mclag-group": {
"type": "object",
"properties": {
"group-id": {
"type": "integer",
"minimum": 1,
"maximum": 128
},
"members": {
"type": "array",
"items": {
"type": "string",
"examples": [
"eth0",
"eth1"
]
}
},
"lacp-config": {
"type": "object",
"properties": {
"lacp-enable": {
"type": "boolean",
"default": true
},
"lacp-role": {
"type": "array",
"items": {
"type": "object",
"properties": {
"group-id": {
"type": "integer",
"minimum": 1,
"maximum": 128
},
"members": {
"type": "array",
"items": {
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-timeout": {
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
"examples": [
"Ethernet0",
"Ethernet1"
]
}
},
"lacp-config": {
"type": "object",
"properties": {
"lacp-enable": {
"type": "boolean",
"default": true
},
"lacp-role": {
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-timeout": {
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
}
}
}
}
@@ -1553,6 +1715,253 @@
}
}
},
"intrusion-detection-access-lockout": {
"type": "object",
"properties": {
"lockout-attempt-count": {
"type": "integer",
"minimum": 1
},
"lockout-period-seconds": {
"type": "integer"
}
}
},
"class-maps": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "CM-IP-VOICE"
},
"match-rule": {
"type": "string",
"enum": [
"match-any",
"match-all"
]
},
"matches": {
"type": "array",
"maxItems": 16,
"items": {
"type": "object",
"properties": {
"match-type": {
"type": "string",
"enum": [
"access-list",
"cos",
"ip-dscp",
"ip-precedence",
"ipv6-dscp",
"vlan",
"source-port"
],
"example": "ip-dscp"
},
"value": {
"type": "string",
"example": "46"
}
}
}
}
}
}
},
"policy-maps": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string",
"example": "rd-policy"
},
"classes": {
"type": "array",
"items": {
"type": "object",
"properties": {
"class-name": {
"type": "string",
"example": "rd-class"
},
"marking-action": {
"type": "object",
"properties": {
"phb": {
"type": "integer",
"minimum": 0,
"maximum": 7
},
"cos": {
"type": "integer",
"minimum": 0,
"maximum": 7
},
"ip-dscp": {
"type": "integer",
"minimum": 0,
"maximum": 63
}
}
},
"police": {
"type": "object",
"properties": {
"flow": {
"type": "object",
"properties": {
"committed-rate-kbps": {
"type": "integer"
},
"committed-burst-bytes": {
"type": "integer"
},
"conform-action": {
"type": "object",
"properties": {
"action": {
"type": "string",
"enum": [
"transmit",
"new-dscp"
]
},
"new-dscp": {
"type": "integer",
"minimum": 0,
"maximum": 63
}
}
},
"violate-action": {
"type": "object",
"properties": {
"action": {
"type": "string",
"enum": [
"drop",
"new-dscp"
]
},
"new-dscp": {
"type": "integer",
"minimum": 0,
"maximum": 63
}
}
}
}
},
"srtcm": {
"type": "object",
"properties": {
"mode": {
"type": "string",
"enum": [
"color-blind",
"color-aware"
]
},
"committed-rate-kbps": {
"type": "integer"
},
"committed-burst-bytes": {
"type": "integer"
},
"excess-burst-bytes": {
"type": "integer"
},
"conform-action": {
"type": "string",
"enum": [
"transmit"
]
},
"exceed-action": {
"type": "string",
"enum": [
"drop",
"new-dscp"
]
},
"violate-action": {
"type": "string",
"enum": [
"drop",
"new-dscp"
]
},
"new-dscp": {
"type": "integer",
"minimum": 0,
"maximum": 63
}
}
},
"trtcm": {
"type": "object",
"properties": {
"mode": {
"type": "string",
"enum": [
"color-blind",
"color-aware"
]
},
"committed-rate-kbps": {
"type": "integer"
},
"committed-burst-bytes": {
"type": "integer"
},
"peak-rate-kbps": {
"type": "integer"
},
"peak-burst-bytes": {
"type": "integer"
},
"conform-action": {
"type": "string",
"enum": [
"transmit",
"new-dscp"
]
},
"exceed-action": {
"type": "string",
"enum": [
"drop",
"new-dscp"
]
},
"violate-action": {
"type": "string",
"enum": [
"drop",
"new-dscp"
]
},
"new-dscp": {
"type": "integer",
"minimum": 0,
"maximum": 63
}
}
}
}
}
}
}
}
}
}
},
"arp-inspect": {
"$ref": "#/$defs/switch.arp-inspect"
},

595
ucentral.schema.pretty.json
View File

@@ -253,6 +253,11 @@
"cloud_uplink_port"
]
},
"autoneg": {
"description": "Controls whether link autonegotiation is enabled. When set to true, the switch negotiates speed and duplex with the link partner. When set to false, the configured speed and duplex values are forced.",
"type": "boolean",
"default": true
},
"speed": {
"description": "The link speed that shall be forced.",
"type": "integer",
@@ -787,6 +792,70 @@
"maxLength": 32
}
}
},
"bpdu-guard": {
"description": "BPDU Guard configuration block. Enables protection against unexpected BPDUs on edge ports to prevent loops and rogue switch connections.",
"type": "object",
"properties": {
"enabled": {
"description": "When true, the port will be placed into an error-disabled state if any BPDU is received.",
"type": "boolean"
},
"auto-recovery-secs": {
"description": "Time in 'seconds' after which a port that was err-disabled due to BPDU Guard violation will be automatically re-enabled.",
"type": "integer",
"default": 300
}
}
},
"edge-port": {
"description": "When true, the port behaves as an STP Edge Port. When false, the port participates fully in STP and is treated as a normal switch port.",
"type": "boolean",
"default": false
},
"storm-control": {
"description": "Storm Control configuration per storm type. Allows enabling or disabling traffic storm control for broadcast, multicast, and unknown unicast packets, with independent packet-per-second (pps) thresholds. A limit-pps value of 0 implies the control is disabled for that traffic type.",
"type": "object",
"properties": {
"broadcast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed broadcast packets per second. 0 disables broadcast storm control."
},
"multicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed multicast packets per second. 0 disables multicast storm control."
},
"unknown-unicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed unknown unicast packets per second. 0 disables unknown unicast storm control."
}
}
},
"diffserv-policy": {
"type": "object",
"description": "Associates DiffServ policy maps with a physical interface. This object represents the binding of policy maps to the ingress and/or egress direction of an interface.",
"properties": {
"ingress": {
"type": "string",
"description": "Name of the policy map applied to ingress (input) traffic on the interface. The referenced policy map must be defined prior to binding.",
"minLength": 1,
"maxLength": 32,
"example": "PM-INGRESS-QOS"
},
"egress": {
"type": "string",
"description": "Name of the policy map applied to egress (output) traffic on the interface. The referenced policy map must be defined prior to binding.",
"minLength": 1,
"maxLength": 32,
"example": "PM-EGRESS-SHAPE"
}
}
}
}
},
@@ -1267,6 +1336,65 @@
]
}
},
"bridge-prio": {
"description": "Bridge priority for root election. Ranging from 0\u201361440 (in steps of 4096)",
"type": "integer",
"default": 32768
},
"forward-delay-secs": {
"description": "Time in seconds a port stays in Listening and Learning states before transitioning to Forwarding.",
"type": "integer"
},
"hello-time-secs": {
"description": "Determines how often switches send BPDU.",
"type": "integer"
},
"max-age-secs": {
"description": "Maximum time (in seconds) before a BPDU is considered invalid.",
"type": "integer"
},
"pathcost-method": {
"description": "Specifies the method used for path cost calculation. - short, 16-bit values (0\u201365535), IEEE 802.1D - long, 32-bit values (0\u2013200,000,000), IEEE 802.1w",
"type": "string",
"enum": [
"short",
"long"
]
},
"bpdu-flooding": {
"description": "Configures how BPDUs are flooded to spanning-tree disabled ports. - to-all, Flood to all STP-disabled ports - to-vlan, Flood to STP-disabled ports within the same VLAN",
"type": "string",
"enum": [
"to-all",
"to-vlan"
]
},
"bpdu-tx-limit": {
"description": "Maximum number of BPDU transmissions allowed per Hello interval.",
"type": "integer"
},
"root-guard": {
"description": "Enable Root Guard globally to prevent designated ports from becoming root.",
"type": "boolean"
},
"mst-region": {
"description": "MSTP region-wide configuration. Applicable when protocol is mstp.",
"type": "object",
"properties": {
"name": {
"description": "Name of multiple spanning tree region.",
"type": "string",
"maxLength": 32,
"minLength": 1
},
"revision": {
"description": "MST region revision number.",
"type": "integer",
"maximum": 65535,
"minimum": 0
}
}
},
"instances": {
"description": "Define a list of configuration for each STP instance. Meaning of this field depends on current STP protocol (switch.loop-detection.protocol)",
"type": "array",
@@ -1283,24 +1411,36 @@
"default": true
},
"priority": {
"description": "Bridge priority.",
"description": "MST priority.",
"type": "integer",
"default": 32768
},
"forward_delay": {
"forward-delay": {
"description": "Defines the amount of time a switch port stays in the Listening and Learning states before transitioning to the Forwarding state.",
"type": "integer",
"default": 15
},
"hello_time": {
"hello-time": {
"description": "Determines how often switches send BPDU.",
"type": "integer",
"default": 2
},
"max_age": {
"max-age": {
"description": "Specifies the maximum time that a switch port should wait to receive a BPDU from its neighbor before considering the link as failed or disconnected.",
"type": "integer",
"default": 20
},
"path-cost": {
"description": "Path cost for this MST instance.",
"type": "integer"
},
"vlan-start": {
"description": "VLAN starting range assigned to this MST instance.",
"type": "integer"
},
"vlan-end": {
"description": "VLAN ending range assigned to this MST instance.",
"type": "integer"
}
}
}
@@ -1686,6 +1826,11 @@
"description": "This section defines the MC-LAG configuration parameters for the switch.",
"type": "object",
"properties": {
"global-gateway-mac": {
"description": "(Optional) Global Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers",
"type": "string",
"format": "uc-mac"
},
"mclag-domains": {
"description": "List of MC-LAG domain configurations for the switch.",
"type": "array",
@@ -1699,11 +1844,51 @@
"maximum": 1024,
"default": 1
},
"gateway-mac": {
"description": "(Optional) Per-domain Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers This MAC address is used as the virtual MAC address for the Layer 3 VLAN Interfaces (Switch Virtual Interfaces or SVIs) across both MCLAG peers",
"type": "string",
"format": "uc-mac"
},
"source-ip": {
"description": "IPv4 address of the MCLAG keepalive link on the local switch",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"peer-ip": {
"description": "IPv4 address of the MCLAG keepalive link on the peer switch",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"system-mac-address": {
"description": "(Optional) Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers",
"type": "string",
"format": "uc-mac"
},
"keepalive-interval": {
"description": "Interval (in seconds) between sending keepalive messages over the peer link to determine if the remote peer is up or down",
"type": "integer",
"default": 30,
"minimum": 1,
"maximum": 64
},
"session-timeout": {
"description": "Time (in seconds) to wait before shutting down an MCLAG session with a remote peer if no keepalive reply is received",
"type": "integer",
"default": 50,
"minimum": 1,
"maximum": 64
},
"peer-link": {
"description": "Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches.",
"type": "object",
"properties": {
"type": {
"link-type": {
"description": "Defines the type of peer-link, either 'port' or 'trunk-group'",
"type": "string",
"enum": [
@@ -1712,8 +1897,16 @@
],
"default": "trunk-group"
},
"value": {
"description": "Specifies the port or trunk-group ID for the peer-link.",
"port-id": {
"description": "Specifies the physical port name used as peer-link (only valid if type = port).",
"type": "string",
"examples": [
"Ethernet1",
"Ethernet2"
]
},
"trunk-id": {
"description": "Specifies the trunk group ID used as peer-link (only valid if type = trunk-group).",
"type": "integer",
"minimum": 1,
"maximum": 64
@@ -1721,53 +1914,56 @@
}
},
"mclag-group": {
"description": "Configures the MC-LAG group, which binds the interfaces into a multi-chassis LAG.",
"type": "object",
"properties": {
"group-id": {
"description": "Defines the unique MC-LAG group identifier.",
"type": "integer",
"minimum": 1,
"maximum": 128
},
"members": {
"description": "List of interfaces that participate in the MC-LAG group.",
"type": "array",
"items": {
"type": "string",
"description": "Interface names that are part of the MC-LAG group.",
"examples": [
"eth0",
"eth1"
]
}
},
"lacp-config": {
"description": "LACP configuration settings for the MC-LAG group.",
"type": "object",
"properties": {
"lacp-enable": {
"description": "Enables or disables LACP for the MC-LAG group.",
"type": "boolean",
"default": true
},
"lacp-role": {
"description": "Configures the LACP role as 'actor' or 'partner'",
"description": "Configures the MC-LAG group(s), which binds the interfaces into a multi-chassis LAG.",
"type": "array",
"items": {
"type": "object",
"properties": {
"group-id": {
"description": "Defines the unique MC-LAG group identifier.",
"type": "integer",
"minimum": 1,
"maximum": 128
},
"members": {
"description": "List of interfaces that participate in the MC-LAG group.",
"type": "array",
"items": {
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-timeout": {
"description": "Sets the LACP timeout as either 'short' or 'long'.",
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
"description": "Interface names that are part of the MC-LAG group.",
"examples": [
"Ethernet0",
"Ethernet1"
]
}
},
"lacp-config": {
"description": "LACP configuration settings for the MC-LAG group.",
"type": "object",
"properties": {
"lacp-enable": {
"description": "Enables or disables LACP for the MC-LAG group.",
"type": "boolean",
"default": true
},
"lacp-role": {
"description": "Configures the LACP role as 'actor' or 'partner'",
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-timeout": {
"description": "Sets the LACP timeout as either 'short' or 'long'.",
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
}
}
}
}
@@ -1837,6 +2033,299 @@
}
}
},
"intrusion-detection-access-lockout": {
"description": "Enables protection against unauthorized login attempts by locking user access after a specified number of failed authentication attempts within a defined period.",
"type": "object",
"properties": {
"lockout-attempt-count": {
"description": "Number of consecutive failed login attempts allowed before the user account is locked.",
"type": "integer",
"minimum": 1
},
"lockout-period-seconds": {
"description": "Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold.",
"type": "integer"
}
}
},
"class-maps": {
"type": "array",
"description": "Defines a list of DiffServ class maps. Each class map represents a traffic classification container that groups one or more match rules used to identify packets based on Layer 2, Layer 3, or Layer 4 header fields.",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Unique name identifying the class map. This name is later referenced by policy maps to associate actions with the classified traffic.",
"example": "CM-IP-VOICE"
},
"match-rule": {
"type": "string",
"description": "Determines how multiple match rules within the class map are evaluated. - match-any - Packet matches if any rule matches - match-all - Packet matches only if all rules match",
"enum": [
"match-any",
"match-all"
]
},
"matches": {
"type": "array",
"description": "List of match rules that define the traffic classification criteria for this class map. Up to \"n\" match rules may be configured per class maps, per defined as maxItems. Mutual exclusivity rules may apply between the match rules.",
"maxItems": 16,
"items": {
"type": "object",
"properties": {
"match-type": {
"type": "string",
"description": "Specifies the type of match criterion used for traffic classification.",
"enum": [
"access-list",
"cos",
"ip-dscp",
"ip-precedence",
"ipv6-dscp",
"vlan",
"source-port"
],
"example": "ip-dscp"
},
"value": {
"type": "string",
"description": "value associated with the selected match type. The interpretation of this field depends on the match type. Numeric values must be encoded as strings, to keep the type-value pair simple.",
"example": "46"
}
}
}
}
}
}
},
"policy-maps": {
"type": "array",
"description": "Defines a list of DiffServ policy maps. Each policy map associates one or more previously defined class maps with specific QoS actions such as packet marking and traffic policing. Policy maps are later applied to interfaces using DiffServ service-policy bindings.",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Unique name identifying the policy map. This name is referenced when binding the policy map to an interface for ingress or egress traffic processing.",
"example": "rd-policy"
},
"classes": {
"type": "array",
"description": "List of class map references included in this policy map. Each class entry applies a defined set of QoS actions to traffic matching the referenced class map.",
"items": {
"type": "object",
"properties": {
"class-name": {
"type": "string",
"description": "Name of a previously defined class map whose matching traffic will be subject to the configured marking and/or policing actions.",
"example": "rd-class"
},
"marking-action": {
"type": "object",
"description": "Packet marking actions applied to traffic matching this class. Marking may update internal forwarding behavior, VLAN CoS bits, or IP DSCP values. Only one marking action is typically effective per packet processing stage.",
"properties": {
"phb": {
"type": "integer",
"description": "Per-Hop Behavior (PHB) value used for internal packet processing and queue selection within the forwarding pipeline.",
"minimum": 0,
"maximum": 7
},
"cos": {
"type": "integer",
"description": "Class of Service (CoS) value written to the VLAN priority field (802.1p) of matching packets.",
"minimum": 0,
"maximum": 7
},
"ip-dscp": {
"type": "integer",
"description": "Differentiated Services Code Point (DSCP) value written to the IP header of matching packets.",
"minimum": 0,
"maximum": 63
}
}
},
"police": {
"type": "object",
"description": "Traffic policing configuration applied to packets matching this class. Policing enforces bandwidth limits and applies actions based on traffic conformance. Only one policing mode may be configured per class.",
"properties": {
"flow": {
"type": "object",
"description": "Single-rate, two-color policing based on a token bucket defined by a committed rate and burst size. Traffic is classified as conforming or violating.",
"properties": {
"committed-rate-kbps": {
"type": "integer",
"description": "Committed Information Rate (CIR) in kilobits per second enforced by the policer."
},
"committed-burst-bytes": {
"type": "integer",
"description": "Committed Burst Size (BC) in bytes allowed by the policer."
},
"conform-action": {
"type": "object",
"description": "Action applied when traffic conforms to the committed rate and burst limits.",
"properties": {
"action": {
"type": "string",
"description": "Action taken for conforming packets.",
"enum": [
"transmit",
"new-dscp"
]
},
"new-dscp": {
"type": "integer",
"description": "DSCP value applied to conforming packets when action is set to new-dscp.",
"minimum": 0,
"maximum": 63
}
}
},
"violate-action": {
"type": "object",
"description": "Action applied when traffic exceeds the committed rate or burst size.",
"properties": {
"action": {
"type": "string",
"description": "Action taken for violating packets.",
"enum": [
"drop",
"new-dscp"
]
},
"new-dscp": {
"type": "integer",
"description": "DSCP value applied to violating packets when action is set to new-dscp.",
"minimum": 0,
"maximum": 63
}
}
}
}
},
"srtcm": {
"type": "object",
"description": "Single Rate Three Color Meter (srTCM) policing, supporting color-blind or color-aware modes. Traffic is classified as green, yellow, or red.",
"properties": {
"mode": {
"type": "string",
"description": "Specifies whether the policer operates in color-blind or color-aware mode.",
"enum": [
"color-blind",
"color-aware"
]
},
"committed-rate-kbps": {
"type": "integer",
"description": "Committed Information Rate (CIR) in kilobits per second."
},
"committed-burst-bytes": {
"type": "integer",
"description": "Committed Burst Size (CBS) in bytes."
},
"excess-burst-bytes": {
"type": "integer",
"description": "Excess Burst Size (EBS) in bytes used to classify packets as exceeding committed limits."
},
"conform-action": {
"type": "string",
"description": "Action applied to packets classified as conforming (green).",
"enum": [
"transmit"
]
},
"exceed-action": {
"type": "string",
"description": "Action applied to packets classified as exceeding (yellow).",
"enum": [
"drop",
"new-dscp"
]
},
"violate-action": {
"type": "string",
"description": "Action applied to packets classified as violating (red).",
"enum": [
"drop",
"new-dscp"
]
},
"new-dscp": {
"type": "integer",
"description": "DSCP value applied when exceed or violate action is set to new-dscp.",
"minimum": 0,
"maximum": 63
}
}
},
"trtcm": {
"type": "object",
"description": "Two Rate Three Color Meter (trTCM) policing, enforcing both committed and peak rate limits with three traffic colors.",
"properties": {
"mode": {
"type": "string",
"description": "Specifies whether the policer operates in color-blind or color-aware mode.",
"enum": [
"color-blind",
"color-aware"
]
},
"committed-rate-kbps": {
"type": "integer",
"description": "Committed Information Rate (CIR) in kilobits per second."
},
"committed-burst-bytes": {
"type": "integer",
"description": "Committed Burst Size (CBS) in bytes."
},
"peak-rate-kbps": {
"type": "integer",
"description": "Peak Information Rate (PIR) in kilobits per second."
},
"peak-burst-bytes": {
"type": "integer",
"description": "Peak Burst Size (PBS) in bytes."
},
"conform-action": {
"type": "string",
"description": "Action applied to packets conforming to committed rate limits.",
"enum": [
"transmit",
"new-dscp"
]
},
"exceed-action": {
"type": "string",
"description": "Action applied to packets exceeding committed rate but within peak rate.",
"enum": [
"drop",
"new-dscp"
]
},
"violate-action": {
"type": "string",
"description": "Action applied to packets exceeding peak rate.",
"enum": [
"drop",
"new-dscp"
]
},
"new-dscp": {
"type": "integer",
"description": "DSCP value applied when exceed or violate action is set to new-dscp.",
"minimum": 0,
"maximum": 63
}
}
}
}
}
}
}
}
}
}
},
"arp-inspect": {
"$ref": "#/$defs/switch.arp-inspect"
},

231
ucentral.state.pretty.json
View File

@@ -256,6 +256,53 @@
}
}
}
},
"access-lockout": {
"type": "object",
"description": "Represents the operational state and statistics of the Intrusion Detection and Access Lockout feature.",
"properties": {
"user-sessions": {
"type": "array",
"description": "Displays a list of user sessions being tracked for failed login attempts.",
"items": {
"type": "object",
"properties": {
"username": {
"type": "string",
"description": "The username associated with the login attempts being tracked."
},
"source-ip": {
"type": "string",
"description": "The IP address from which the login attempts originated."
},
"failed-attempts": {
"type": "integer",
"description": "The number of consecutive failed login attempts recorded for this user session."
},
"status": {
"type": "string",
"description": "Indicates whether the user account is currently locked or active.",
"enum": [
"active",
"locked"
]
},
"last-failed-attempt-time": {
"type": "integer",
"description": "UNIX timestamp (in seconds) of the most recent failed login attempt."
},
"lockout-start-time": {
"type": "integer",
"description": "UNIX timestamp (in seconds) when the user account was locked."
},
"lockout-expiry-time": {
"type": "integer",
"description": "UNIX timestamp (in seconds) when the lockout period will end and access will be restored."
}
}
}
}
}
}
},
"$defs": {
@@ -389,6 +436,92 @@
}
}
}
},
"mclag-state": {
"description": "This section describes the global (switch's device) state of the underlying state of MCLAG system.",
"type": "object",
"properties": {
"domains": {
"description": "holds MCLAG domain state information, including domain ID, role, session status, peer link status, number of interfaces, and interface statuses.",
"type": "array",
"items": {
"type": "object",
"properties": {
"mclag-domain": {
"description": "Configured domain-id state",
"type": "integer",
"minimum": 1,
"maximum": 1024,
"default": 1
},
"role": {
"description": "Role of the domain (Configured switch's domain-id state) Active means local switch posesses primary control responsibility (handles control protocol exchanges on behalf of the pair and is the default source for any shared virtual MAC addresses if they aren't explicitly configured) Standby means that local switch is the redundant switch that monitors the Active peer, maintains synchronized state information and is ready to take over full control plane responsibility if the Active peer fails.",
"type": "string",
"enum": [
"active",
"standby"
]
},
"session-status": {
"description": "Logical status of the underlying MCLAG session between local switch and remote peer switch. The 'up' value shows the underlying session is fully setup. (peers can exchange keepalive messages - if configured, the synchronization is happening and the overall state of link is operational) The 'down' value means the logical session's status is <down> - potentially, peers can't establish a connection between each other; (either through a misconfiguration, a routing problem in the field, or due to keepalive messages not being received) The 'unknown' value means the state cannot be determined (no ports configured, remote peer issues etc)",
"type": "string",
"enum": [
"up",
"down",
"unknown"
]
},
"peer-link-status": {
"description": "Operational state of the physical link(s) directly connecting the two Multi-Chassis Link Aggregation Group (MCLAG) peer switches.",
"type": "string",
"enum": [
"up",
"down",
"unknown"
]
},
"interface-num": {
"description": "Number of MCLAG interfaces configured within current domain id.",
"type": "integer"
},
"interfaces": {
"description": "List of configured interfaces statuses (that are part of this domain id)",
"type": "array",
"items": {
"type": "object",
"properties": {
"port": {
"description": "Port name / identifier.",
"type": "string",
"examples": [
"Ethernet1"
]
},
"local-status": {
"description": "Represents local port's status.",
"type": "string",
"enum": [
"up",
"down",
"unknown"
]
},
"remote-status": {
"description": "Represents remote peer's port status.",
"type": "string",
"enum": [
"up",
"down",
"unknown"
]
}
}
}
}
}
}
}
}
}
}
},
@@ -909,6 +1042,11 @@
"description": "Provides a textual description of the remote port, typically describing the interface or its purpose.",
"example": "Ethernet Port on unit 1, port 2"
},
"lldp-remote-sys-name": {
"type": "string",
"description": "Provides a textual description of the system name string (as defined by the sending device)",
"example": "Datacenter Switch-1"
},
"lldp-remote-port-max-mtu": {
"type": "string",
"description": "Displays the maximum transmission unit (MTU) size that the remote port supports, indicating the largest packet size the port can handle."
@@ -1014,6 +1152,23 @@
"Class-7",
"Class-8"
]
},
"lldp-remote-port-power-priority": {
"type": "string",
"description": "Indicates the power priority level assigned to the PD.",
"enum": [
"low",
"high",
"critical"
]
},
"lldp-remote-port-pd-requested-power": {
"type": "number",
"description": "Power requested by the PD in watts (0.1W resolution possible). The values must be presented with real values like 25.5, 20.5 etc."
},
"lldp-remote-port-pse-available-power": {
"type": "number",
"description": "Power that the PSE port is able to provide in watts (0.1W resolution)."
}
}
},
@@ -1034,6 +1189,56 @@
"description": "Displays the identifier of the Link Aggregation Group (LAG) that the remote port belongs to."
}
}
},
"lldp-remote-port-location": {
"type": "object",
"description": "Location information provided by LLDP-MED.",
"properties": {
"location-subtype": {
"type": "string",
"description": "Indicates the type of location information being conveyed.",
"enum": [
"coordinate",
"civic-address",
"elin"
]
},
"civic-addr": {
"type": "array",
"description": "Civic address information consisting of CA-Type and CA-Value pairs as per LLDP-MED.",
"items": {
"type": "object",
"properties": {
"ca-type": {
"type": "integer",
"description": "Civic Address Type identifier (e.g., 1 = Language, 3 = Country, 6 = A1 state/province, etc.)"
},
"ca-value": {
"type": "string",
"description": "Civic Address Value corresponding to the type."
}
}
}
},
"coordinates": {
"type": "object",
"description": "Location coordinates information.",
"properties": {
"latitude": {
"type": "string",
"description": "Latitude in decimal degrees (e.g., +37.7749)."
},
"longitude": {
"type": "string",
"description": "Longitude in decimal degrees (e.g., -122.4194)."
}
}
},
"elin": {
"type": "string",
"description": "Emergency Location Identification Number (ELIN) assigned to endpoint location"
}
}
}
}
}
@@ -1319,6 +1524,14 @@
"transitions": {
"type": "integer",
"description": "Number of STP state transitions (forwarding/discarding) on this port."
},
"bpdu-guard": {
"type": "string",
"description": "Runtime status of BPDU Guard on the port, when it detects any issue. - `errdisabled`- Port is shutdown due to BPDU violation. - `recovering`- Temporarily disabled and in auto-recovery interval.",
"enum": [
"errdisabled",
"recovering"
]
}
}
},
@@ -1351,6 +1564,24 @@
}
}
}
},
"storm-status": {
"description": "Runtime status of Storm Control feature on the port for each storm type.",
"type": "object",
"properties": {
"broadcast": {
"type": "boolean",
"description": "Runtime status of Broadcast Storm Control on the port. Return `true`if Storm condition is detected."
},
"multicast": {
"type": "boolean",
"description": "Runtime status of Multicast Storm Control on the port. Return `true`if Storm condition is detected."
},
"unknown-unicast": {
"type": "boolean",
"description": "Runtime status of Unknown Unicast Storm Control on the port. Return `true`if Storm condition is detected."
}
}
}
}
},