Telecominfraproject/archived-ols-ucentral-schema
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/ols-ucentral-schema.git synced 2026-03-20 03:39:31 +00:00
Code Issues Packages Projects Releases 4 Wiki Activity

Compare commits

base: Telecominfraproject:OLS-849-add-xSTP-parameters
Branches Tags
Telecominfraproject:main Telecominfraproject:release/v5.0.0 Telecominfraproject:staging-release-5.0.0-pki-2.0 Telecominfraproject:ols-969-priority-mapping-schema Telecominfraproject:ols-976-port-security-schema Telecominfraproject:ols-975-diffserv-schema Telecominfraproject:ols-970-rspan-schema Telecominfraproject:extend_mclag-group_schema_to_support_static_trunk Telecominfraproject:ols-909-add-port-autoneg-schema Telecominfraproject:OLS-849-add-xSTP-parameters Telecominfraproject:OLS-848-Schema-Intrusion-detection Telecominfraproject:OLS-838-Update-OLS-Schema-version-to-4.2.0 Telecominfraproject:correct-storm-control-indentation Telecominfraproject:ols-821-mclag-schema-correction Telecominfraproject:fix/fix_invalid_schema Telecominfraproject:ols-688-bpdu-guard Telecominfraproject:ols-822-lldp-peers-statemessage-enhancements Telecominfraproject:OLS_UpdateSchemaVersion_410 Telecominfraproject:ols-659-simplify-vlan-config Telecominfraproject:staging-OLS-644-global-dns Telecominfraproject:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release Telecominfraproject:Sprint-8-OLS-ARP-Inspect-Schema Telecominfraproject:Sprint-8-OLS---Rate-Limiting-schema Telecominfraproject:OLS-556-Sprint-8-IPSourceGuard Telecominfraproject:OLS-556-Sprint-8-SubcribeRTEvents Telecominfraproject:OLS-550_Schema_Corrections_Pre4p0_Features Telecominfraproject:OLS-562-Add-schema-version-to-ols-ucentral-schema Telecominfraproject:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema Telecominfraproject:OLS-538_port_speed_enum_fix_40g Telecominfraproject:OLS-425_sprint6_schema Telecominfraproject:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities Telecominfraproject:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities Telecominfraproject:OLS_319_sprint4_schema Telecominfraproject:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames Telecominfraproject:link_aggregation Telecominfraproject:change_port_mirror_type_to_array Telecominfraproject:lacp Telecominfraproject:jumbo_frames Telecominfraproject:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml Telecominfraproject:OLS-228-delta_counters Telecominfraproject:secure_http_server Telecominfraproject:fix_loop_detection_schema_instances_indentation Telecominfraproject:change_vrf_id_to_integer Telecominfraproject:schema_fixes_and_updates Telecominfraproject:default-values-for-schema/ethernet.yml-speed-and-duplex Telecominfraproject:next Telecominfraproject:1-incorrect-indentation-for-statelink-stateyml
Telecominfraproject:v5.0.0 Telecominfraproject:v4.1.0-rc1 Telecominfraproject:v4.0.0 Telecominfraproject:v4.0.0-rc1 Telecominfraproject:v3.2.7
...
compare: Telecominfraproject:main
Branches Tags
Telecominfraproject:main Telecominfraproject:release/v5.0.0 Telecominfraproject:staging-release-5.0.0-pki-2.0 Telecominfraproject:ols-969-priority-mapping-schema Telecominfraproject:ols-976-port-security-schema Telecominfraproject:ols-975-diffserv-schema Telecominfraproject:ols-970-rspan-schema Telecominfraproject:extend_mclag-group_schema_to_support_static_trunk Telecominfraproject:ols-909-add-port-autoneg-schema Telecominfraproject:OLS-849-add-xSTP-parameters Telecominfraproject:OLS-848-Schema-Intrusion-detection Telecominfraproject:OLS-838-Update-OLS-Schema-version-to-4.2.0 Telecominfraproject:correct-storm-control-indentation Telecominfraproject:ols-821-mclag-schema-correction Telecominfraproject:fix/fix_invalid_schema Telecominfraproject:ols-688-bpdu-guard Telecominfraproject:ols-822-lldp-peers-statemessage-enhancements Telecominfraproject:OLS_UpdateSchemaVersion_410 Telecominfraproject:ols-659-simplify-vlan-config Telecominfraproject:staging-OLS-644-global-dns Telecominfraproject:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release Telecominfraproject:Sprint-8-OLS-ARP-Inspect-Schema Telecominfraproject:Sprint-8-OLS---Rate-Limiting-schema Telecominfraproject:OLS-556-Sprint-8-IPSourceGuard Telecominfraproject:OLS-556-Sprint-8-SubcribeRTEvents Telecominfraproject:OLS-550_Schema_Corrections_Pre4p0_Features Telecominfraproject:OLS-562-Add-schema-version-to-ols-ucentral-schema Telecominfraproject:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema Telecominfraproject:OLS-538_port_speed_enum_fix_40g Telecominfraproject:OLS-425_sprint6_schema Telecominfraproject:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities Telecominfraproject:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities Telecominfraproject:OLS_319_sprint4_schema Telecominfraproject:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames Telecominfraproject:link_aggregation Telecominfraproject:change_port_mirror_type_to_array Telecominfraproject:lacp Telecominfraproject:jumbo_frames Telecominfraproject:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml Telecominfraproject:OLS-228-delta_counters Telecominfraproject:secure_http_server Telecominfraproject:fix_loop_detection_schema_instances_indentation Telecominfraproject:change_vrf_id_to_integer Telecominfraproject:schema_fixes_and_updates Telecominfraproject:default-values-for-schema/ethernet.yml-speed-and-duplex Telecominfraproject:next Telecominfraproject:1-incorrect-indentation-for-statelink-stateyml
Telecominfraproject:v5.0.0 Telecominfraproject:v4.1.0-rc1 Telecominfraproject:v4.0.0 Telecominfraproject:v4.0.0-rc1 Telecominfraproject:v3.2.7

16 Commits
OLS-849-ad ... main

Author SHA1 Message Date
Mike Hansen
5aba2c37f3 Merge pull request #60 from Telecominfraproject/staging-release-5.0.0-pki-2.0 
Release 5.0.0 - Update schema version

No other changes

This will be the schema for the release/v5.0.0
 2026-02-26 12:51:58 -05:00
Mike Hansen
3fda75b7db Release 5.0.0 - Update schema version 2026-02-26 09:45:08 -05:00
Binny
f2a9d622e9 Merge pull request #56 from Telecominfraproject/ols-969-priority-mapping-schema 
ols-969-Schema for Priority Mapping-firstdraft
 2026-02-03 13:36:54 +05:30
Binny
f172a3630e ols-969-rev1-push 2026-01-30 19:03:48 +00:00
Binny
2c2a8810c8 ols-969-prio-mapping-rev1 2026-01-30 18:59:11 +00:00
Binny
ab89f53750 ols-969-Schema for Priority Mapping-firstdraft 2026-01-28 13:59:27 +00:00
Binny
a109852c33 Merge pull request #55 from Telecominfraproject/extend_mclag-group_schema_to_support_static_trunk 
MCLAG: extend mclag-group schema to support static trunk
 2026-01-21 10:56:53 +05:30
Binny
23bc815936 Merge pull request #54 from Telecominfraproject/ols-909-add-port-autoneg-schema 
ols-909-autoneg-port-draft
 2026-01-21 10:55:59 +05:30
jacky_chang
7bca1f897a MCLAG: extend mclag-group schema to support static trunk 
During our MCLAG feature development, we identified that the current mclag-group schema only considers the LACP-based use case.
Since Edgecore switches only support MLAG on static trunk interfaces, we currently have no way to specify static trunk parameters within the existing schema.

To address this limitation, we would like to propose adding a new field, trunk-id, to the mclag-group definition:
 2025-12-18 11:21:26 +08:00
Olexandr, Mazur
429bf9eb87 Merge pull request #53 from Telecominfraproject/wip/mclag_schema_additions 
MCLAG: extend schema and state with additional fields
 2025-12-08 17:02:04 +02:00
Oleksandr Mazur
e0d69521d5 MCLAG: extend schema and state with additional fields 
Current MCLAG configuration schema looks fine
yet misses some crucial keepalive and session configuration.

Not only that, there's no real state being back-reported
to the Gateway in a state message, which might complicate
remote debugging of configuration applied on the switch itself.

Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2025-12-05 15:00:42 +02:00
Binny
c7a8f2e727 ols-909-autoneg-port-draft 2025-12-03 12:56:52 +00:00
Binny
68c6e98fb0 Merge pull request #51 from Telecominfraproject/OLS-848-Schema-Intrusion-detection 
ols-848-intrusiondetection-draft-changes
 2025-11-26 17:42:33 +05:30
Binny
b6996ce24d Merge pull request #52 from Telecominfraproject/OLS-849-add-xSTP-parameters 
ols-849-new-stp-params-draft
 2025-11-26 17:41:51 +05:30
Binny
2711412306 ols-848-comments-addressed 2025-10-29 09:44:19 +00:00
Binny
f11d7d8181 ols-848-intrusiondetection-draft-changes 2025-10-08 11:47:20 +00:00
11 changed files with 1165 additions and 5 deletions
Expand all files Collapse all files

1
capabilities/connect.capabilities.yml
View File

@@ -282,6 +282,7 @@ properties:
- IP-ACL
- Guest-VLAN
- Storm-Control
- Access-Lockout
# Services
- Service-SSH
- Service-RSSH

6
schema.json
View File

@@ -1,5 +1,5 @@
{
"major": 4,
"minor": 1,
"patch": 0
"major": 5,
"minor": 0,
"patch": 0
}

117
schema/ethernet.yml
View File

@@ -25,6 +25,13 @@ properties:
type: string
examples:
- cloud_uplink_port
autoneg:
description:
Controls whether link autonegotiation is enabled.
When set to true, the switch negotiates speed and duplex with the link partner.
When set to false, the configured speed and duplex values are forced.
type: boolean
default: true
speed:
description:
The link speed that shall be forced.
@@ -537,3 +544,113 @@ properties:
minimum: 0
default: 0
description: Maximum allowed unknown unicast packets per second. 0 disables unknown unicast storm control.
qos-priority-mapping:
type: object
description: Interface-level QoS priority mapping configuration. Defines how ingress packet
markings (IP Precedence, CoS, DSCP) are interpreted and mapped to internal
per-hop behavior (PHB), drop precedence, and egress queue selection.
properties:
priority-untagged:
type: integer
description: Sets the default priority for incoming untagged Ethernet frames.
minimum: 0
maximum: 7
qos-map-trust-mode:
type: string
description: Determines which packet header field is trusted for ingress classification.
enum:
- cos
- dscp
- ip-precedence
qos-map-ipprec2dscp:
type: array
description: Maps IP Precedence values (07) in ingress packets to per-hop behavior (PHB)
and drop precedence. Used when trust mode is set to ip-precedence.
items:
type: object
properties:
preced:
type: integer
description: IP Precedence value in the incoming packet.
minimum: 0
maximum: 7
phb:
type: integer
description: Per-hop behavior (PHB) assigned to this IP Precedence.
minimum: 0
maximum: 63
drop-preced:
type: string
description: Drop precedence assigned for congestion control.
enum:
- green
- yellow
- red
qos-map-cos2dscp:
type: array
description: Maps CoS/CFI values in ingress packets to PHB and drop precedence.
Applied when trust mode is set to cos.
items:
type: object
properties:
cos:
type: integer
description: CoS value extracted from ingress frames.
minimum: 0
maximum: 7
cfi:
type: integer
description: Canonical Format Indicator (0 or 1).
minimum: 0
maximum: 1
phb:
type: integer
description: PHB assigned to this CoS/CFI mapping.
minimum: 0
maximum: 63
drop-preced:
type: string
description: Drop precedence for congestion handling.
enum:
- green
- yellow
- red
qos-map-dscpmutate:
type: array
description: Maps DSCP values (063) in ingress packets to custom PHB and drop precedence.
Used when trust mode is set to dscp.
items:
type: object
properties:
dscp:
type: integer
description: DSCP value from the IP header.
minimum: 0
maximum: 63
phb:
type: integer
description: PHB derived from DSCP-to-internal-priority mapping.
minimum: 0
maximum: 63
drop-preced:
type: string
description: Drop precedence classification for congestion.
enum:
- green
- yellow
- red
qos-map-phb2queue:
type: array
description: Maps PHB to output hardware queues for traffic scheduling.
items:
type: object
properties:
phb:
type: integer
description: Per-hop behavior value (internal priority).
minimum: 0
maximum: 63
queue-id:
type: integer
description: Hardware queue ID chosen for this PHB.
minimum: 0

88
schema/switch.yml
View File

@@ -476,6 +476,10 @@ properties:
description: This section defines the MC-LAG configuration parameters for the switch.
type: object
properties:
global-gateway-mac:
description: (Optional) Global Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers
type: string
format: uc-mac
mclag-domains:
description: List of MC-LAG domain configurations for the switch.
type: array
@@ -488,6 +492,40 @@ properties:
minimum: 1
maximum: 1024
default: 1
gateway-mac:
description:
(Optional) Per-domain Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers
This MAC address is used as the virtual MAC address for the Layer 3 VLAN Interfaces (Switch Virtual Interfaces or SVIs) across both MCLAG peers
type: string
format: uc-mac
source-ip:
description: IPv4 address of the MCLAG keepalive link on the local switch
type: string
format: ipv4
examples:
- 192.168.0.5
peer-ip:
description: IPv4 address of the MCLAG keepalive link on the peer switch
type: string
format: ipv4
examples:
- 192.168.0.5
system-mac-address:
description: (Optional) Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers
type: string
format: uc-mac
keepalive-interval:
description: Interval (in seconds) between sending keepalive messages over the peer link to determine if the remote peer is up or down
type: integer
default: 30
minimum: 1
maximum: 64
session-timeout:
description: Time (in seconds) to wait before shutting down an MCLAG session with a remote peer if no keepalive reply is received
type: integer
default: 50
minimum: 1
maximum: 64
peer-link:
description: Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches.
type: object
@@ -552,6 +590,11 @@ properties:
- short
- long
default: long
trunk-id:
description: Specifies the trunk group ID used as the mclag-group.
type: integer
minimum: 1
maximum: 64
system-priority:
description: Specifies the system priority used by the switch for LACP negotiations.
type: integer
@@ -598,6 +641,49 @@ properties:
minLength: 1
examples:
- "A VoIP Phone"
intrusion-detection-access-lockout:
description: Enables protection against unauthorized login attempts by locking user access
after a specified number of failed authentication attempts within a defined period.
type: object
properties:
lockout-attempt-count:
description: Number of consecutive failed login attempts allowed before the user account is locked.
type: integer
minimum: 1
lockout-period-seconds:
description: Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold.
type: integer
qos-queue-config:
type: object
description: Global configuration for QoS priority queue scheduling and processing on L2 switches.
properties:
queue-scheduler-mode:
type: string
description: Sets the scheduling mode used for processing each of the Class of Service (CoS) priority queues.
enum:
- strict
- wrr
- strict-wrr
- wfq
- dwrr
queue-config:
type: array
description: List of priority queue configurations applied at the global QoS layer.
items:
type: object
properties:
queue-id:
type: integer
description: Identifier of the priority queue under configuration.
minimum: 0
queue-weight:
type: integer
description: Assigns weights to the CoS priority queues when using WRR or hybrid scheduling modes.
minimum: 1
queue-strict-mode:
type: boolean
description: Ensures that the highest priority packets are always serviced first, ahead of all other traffic.
default: false
arp-inspect:
$ref: "https://ucentral.io/schema/v1/switch/arp-inspect/"
ip-source-guard:
@@ -610,4 +696,4 @@ properties:
description: Define a global list of dns servers.
type: array
items:
type: string
type: string

36
state/state.yml
View File

@@ -187,4 +187,38 @@ properties:
description: Total number of topology changes detected.
last-topology-change-seconds:
type: integer
description: Time (in seconds) since the last topology change.
description: Time (in seconds) since the last topology change.
access-lockout:
type: object
description: Represents the operational state and statistics of the Intrusion Detection and Access Lockout feature.
properties:
user-sessions:
type: array
description: Displays a list of user sessions being tracked for failed login attempts.
items:
type: object
properties:
username:
type: string
description: The username associated with the login attempts being tracked.
source-ip:
type: string
description: The IP address from which the login attempts originated.
failed-attempts:
type: integer
description: The number of consecutive failed login attempts recorded for this user session.
status:
type: string
description: Indicates whether the user account is currently locked or active.
enum:
- active
- locked
last-failed-attempt-time:
type: integer
description: UNIX timestamp (in seconds) of the most recent failed login attempt.
lockout-start-time:
type: integer
description: UNIX timestamp (in seconds) when the user account was locked.
lockout-expiry-time:
type: integer
description: UNIX timestamp (in seconds) when the lockout period will end and access will be restored.

78
state/unit.yml
View File

@@ -121,3 +121,81 @@ properties:
description:
Number of CoA requests that are sent if the NAS is configured to prohibit honoring of CoA-Request or Disconnect-Request packets for the specified session.
type: number
mclag-state:
description:
This section describes the global (switch's device) state of the underlying state of MCLAG system.
type: object
properties:
domains:
description:
holds MCLAG domain state information, including domain ID, role, session status,
peer link status, number of interfaces, and interface statuses.
type: array
items:
type: object
properties:
mclag-domain:
description: Configured domain-id state
type: integer
minimum: 1
maximum: 1024
default: 1
role:
description:
Role of the domain (Configured switch's domain-id state)
Active means local switch posesses primary control responsibility
(handles control protocol exchanges on behalf of the pair and is the default source for any shared virtual MAC addresses if they aren't explicitly configured)
Standby means that local switch is the redundant switch that monitors the Active peer, maintains synchronized state information and is ready to take over full control plane responsibility if the Active peer fails.
type: string
enum:
- active
- standby
session-status:
description:
Logical status of the underlying MCLAG session between local switch and remote peer switch.
The 'up' value shows the underlying session is fully setup.
(peers can exchange keepalive messages - if configured, the synchronization is happening and the overall state of link is operational)
The 'down' value means the logical session's status is <down> - potentially, peers can't establish a connection between each other;
(either through a misconfiguration, a routing problem in the field, or due to keepalive messages not being received)
The 'unknown' value means the state cannot be determined (no ports configured, remote peer issues etc)
type: string
enum:
- up
- down
- unknown
peer-link-status:
description:
Operational state of the physical link(s) directly connecting the two Multi-Chassis Link Aggregation Group (MCLAG) peer switches.
type: string
enum:
- up
- down
- unknown
interface-num:
description: Number of MCLAG interfaces configured within current domain id.
type: integer
interfaces:
description: List of configured interfaces statuses (that are part of this domain id)
type: array
items:
type: object
properties:
port:
description: Port name / identifier.
type: string
examples:
- Ethernet1
local-status:
description: Represents local port's status.
type: string
enum:
- up
- down
- unknown
remote-status:
description: Represents remote peer's port status.
type: string
enum:
- up
- down
- unknown

1
ucentral.capabilities.pretty.json
View File

@@ -344,6 +344,7 @@
"IP-ACL",
"Guest-VLAN",
"Storm-Control",
"Access-Lockout",
"Service-SSH",
"Service-RSSH",
"Service-Telnet",

249
ucentral.schema.full.json
View File

@@ -219,6 +219,11 @@
"cloud_uplink_port"
]
},
"autoneg": {
"description": "Controls whether link autonegotiation is enabled. When set to true, the switch negotiates speed and duplex with the link partner. When set to false, the configured speed and duplex values are forced.",
"type": "boolean",
"default": true
},
"speed": {
"description": "The link speed that shall be forced.",
"type": "integer",
@@ -797,6 +802,143 @@
"description": "Maximum allowed unknown unicast packets per second. 0 disables unknown unicast storm control."
}
}
},
"qos-priority-mapping": {
"type": "object",
"description": "Interface-level QoS priority mapping configuration. Defines how ingress packet markings (IP Precedence, CoS, DSCP) are interpreted and mapped to internal per-hop behavior (PHB), drop precedence, and egress queue selection.",
"properties": {
"priority-untagged": {
"type": "integer",
"description": "Sets the default priority for incoming untagged Ethernet frames.",
"minimum": 0,
"maximum": 7
},
"qos-map-trust-mode": {
"type": "string",
"description": "Determines which packet header field is trusted for ingress classification.",
"enum": [
"cos",
"dscp",
"ip-precedence"
]
},
"qos-map-ipprec2dscp": {
"type": "array",
"description": "Maps IP Precedence values (0\u20137) in ingress packets to per-hop behavior (PHB) and drop precedence. Used when trust mode is set to ip-precedence.",
"items": {
"type": "object",
"properties": {
"preced": {
"type": "integer",
"description": "IP Precedence value in the incoming packet.",
"minimum": 0,
"maximum": 7
},
"phb": {
"type": "integer",
"description": "Per-hop behavior (PHB) assigned to this IP Precedence.",
"minimum": 0,
"maximum": 63
},
"drop-preced": {
"type": "string",
"description": "Drop precedence assigned for congestion control.",
"enum": [
"green",
"yellow",
"red"
]
}
}
}
},
"qos-map-cos2dscp": {
"type": "array",
"description": "Maps CoS/CFI values in ingress packets to PHB and drop precedence. Applied when trust mode is set to cos.",
"items": {
"type": "object",
"properties": {
"cos": {
"type": "integer",
"description": "CoS value extracted from ingress frames.",
"minimum": 0,
"maximum": 7
},
"cfi": {
"type": "integer",
"description": "Canonical Format Indicator (0 or 1).",
"minimum": 0,
"maximum": 1
},
"phb": {
"type": "integer",
"description": "PHB assigned to this CoS/CFI mapping.",
"minimum": 0,
"maximum": 63
},
"drop-preced": {
"type": "string",
"description": "Drop precedence for congestion handling.",
"enum": [
"green",
"yellow",
"red"
]
}
}
}
},
"qos-map-dscpmutate": {
"type": "array",
"description": "Maps DSCP values (0\u201363) in ingress packets to custom PHB and drop precedence. Used when trust mode is set to dscp.",
"items": {
"type": "object",
"properties": {
"dscp": {
"type": "integer",
"description": "DSCP value from the IP header.",
"minimum": 0,
"maximum": 63
},
"phb": {
"type": "integer",
"description": "PHB derived from DSCP-to-internal-priority mapping.",
"minimum": 0,
"maximum": 63
},
"drop-preced": {
"type": "string",
"description": "Drop precedence classification for congestion.",
"enum": [
"green",
"yellow",
"red"
]
}
}
}
},
"qos-map-phb2queue": {
"type": "array",
"description": "Maps PHB to output hardware queues for traffic scheduling.",
"items": {
"type": "object",
"properties": {
"phb": {
"type": "integer",
"description": "Per-hop behavior value (internal priority).",
"minimum": 0,
"maximum": 63
},
"queue-id": {
"type": "integer",
"description": "Hardware queue ID chosen for this PHB.",
"minimum": 0
}
}
}
}
}
}
}
}
@@ -1343,6 +1485,11 @@
"description": "This section defines the MC-LAG configuration parameters for the switch.",
"type": "object",
"properties": {
"global-gateway-mac": {
"description": "(Optional) Global Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers",
"type": "string",
"format": "uc-mac"
},
"mclag-domains": {
"description": "List of MC-LAG domain configurations for the switch.",
"type": "array",
@@ -1356,6 +1503,46 @@
"maximum": 1024,
"default": 1
},
"gateway-mac": {
"description": "(Optional) Per-domain Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers This MAC address is used as the virtual MAC address for the Layer 3 VLAN Interfaces (Switch Virtual Interfaces or SVIs) across both MCLAG peers",
"type": "string",
"format": "uc-mac"
},
"source-ip": {
"description": "IPv4 address of the MCLAG keepalive link on the local switch",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"peer-ip": {
"description": "IPv4 address of the MCLAG keepalive link on the peer switch",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"system-mac-address": {
"description": "(Optional) Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers",
"type": "string",
"format": "uc-mac"
},
"keepalive-interval": {
"description": "Interval (in seconds) between sending keepalive messages over the peer link to determine if the remote peer is up or down",
"type": "integer",
"default": 30,
"minimum": 1,
"maximum": 64
},
"session-timeout": {
"description": "Time (in seconds) to wait before shutting down an MCLAG session with a remote peer if no keepalive reply is received",
"type": "integer",
"default": 50,
"minimum": 1,
"maximum": 64
},
"peer-link": {
"description": "Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches.",
"type": "object",
@@ -1437,6 +1624,12 @@
"default": "long"
}
}
},
"trunk-id": {
"description": "Specifies the trunk group ID used as the mclag-group.",
"type": "integer",
"minimum": 1,
"maximum": 64
}
}
}
@@ -1505,6 +1698,62 @@
}
}
},
"intrusion-detection-access-lockout": {
"description": "Enables protection against unauthorized login attempts by locking user access after a specified number of failed authentication attempts within a defined period.",
"type": "object",
"properties": {
"lockout-attempt-count": {
"description": "Number of consecutive failed login attempts allowed before the user account is locked.",
"type": "integer",
"minimum": 1
},
"lockout-period-seconds": {
"description": "Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold.",
"type": "integer"
}
}
},
"qos-queue-config": {
"type": "object",
"description": "Global configuration for QoS priority queue scheduling and processing on L2 switches.",
"properties": {
"queue-scheduler-mode": {
"type": "string",
"description": "Sets the scheduling mode used for processing each of the Class of Service (CoS) priority queues.",
"enum": [
"strict",
"wrr",
"strict-wrr",
"wfq",
"dwrr"
]
},
"queue-config": {
"type": "array",
"description": "List of priority queue configurations applied at the global QoS layer.",
"items": {
"type": "object",
"properties": {
"queue-id": {
"type": "integer",
"description": "Identifier of the priority queue under configuration.",
"minimum": 0
},
"queue-weight": {
"type": "integer",
"description": "Assigns weights to the CoS priority queues when using WRR or hybrid scheduling modes.",
"minimum": 1
},
"queue-strict-mode": {
"type": "boolean",
"description": "Ensures that the highest priority packets are always serviced first, ahead of all other traffic.",
"default": false
}
}
}
}
}
},
"arp-inspect": {
"type": "object",
"description": "Global configuration for ARP Inspection on the switch.",

212
ucentral.schema.json
View File

@@ -217,6 +217,10 @@
"cloud_uplink_port"
]
},
"autoneg": {
"type": "boolean",
"default": true
},
"speed": {
"type": "integer",
"enum": [
@@ -704,6 +708,124 @@
"default": 0
}
}
},
"qos-priority-mapping": {
"type": "object",
"properties": {
"priority-untagged": {
"type": "integer",
"minimum": 0,
"maximum": 7
},
"qos-map-trust-mode": {
"type": "string",
"enum": [
"cos",
"dscp",
"ip-precedence"
]
},
"qos-map-ipprec2dscp": {
"type": "array",
"items": {
"type": "object",
"properties": {
"preced": {
"type": "integer",
"minimum": 0,
"maximum": 7
},
"phb": {
"type": "integer",
"minimum": 0,
"maximum": 63
},
"drop-preced": {
"type": "string",
"enum": [
"green",
"yellow",
"red"
]
}
}
}
},
"qos-map-cos2dscp": {
"type": "array",
"items": {
"type": "object",
"properties": {
"cos": {
"type": "integer",
"minimum": 0,
"maximum": 7
},
"cfi": {
"type": "integer",
"minimum": 0,
"maximum": 1
},
"phb": {
"type": "integer",
"minimum": 0,
"maximum": 63
},
"drop-preced": {
"type": "string",
"enum": [
"green",
"yellow",
"red"
]
}
}
}
},
"qos-map-dscpmutate": {
"type": "array",
"items": {
"type": "object",
"properties": {
"dscp": {
"type": "integer",
"minimum": 0,
"maximum": 63
},
"phb": {
"type": "integer",
"minimum": 0,
"maximum": 63
},
"drop-preced": {
"type": "string",
"enum": [
"green",
"yellow",
"red"
]
}
}
}
},
"qos-map-phb2queue": {
"type": "array",
"items": {
"type": "object",
"properties": {
"phb": {
"type": "integer",
"minimum": 0,
"maximum": 63
},
"queue-id": {
"type": "integer",
"minimum": 0
}
}
}
}
}
}
}
},
@@ -1517,6 +1639,10 @@
"mclag-config": {
"type": "object",
"properties": {
"global-gateway-mac": {
"type": "string",
"format": "uc-mac"
},
"mclag-domains": {
"type": "array",
"items": {
@@ -1528,6 +1654,40 @@
"maximum": 1024,
"default": 1
},
"gateway-mac": {
"type": "string",
"format": "uc-mac"
},
"source-ip": {
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"peer-ip": {
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"system-mac-address": {
"type": "string",
"format": "uc-mac"
},
"keepalive-interval": {
"type": "integer",
"default": 30,
"minimum": 1,
"maximum": 64
},
"session-timeout": {
"type": "integer",
"default": 50,
"minimum": 1,
"maximum": 64
},
"peer-link": {
"type": "object",
"properties": {
@@ -1597,6 +1757,11 @@
"default": "long"
}
}
},
"trunk-id": {
"type": "integer",
"minimum": 1,
"maximum": 64
}
}
}
@@ -1656,6 +1821,53 @@
}
}
},
"intrusion-detection-access-lockout": {
"type": "object",
"properties": {
"lockout-attempt-count": {
"type": "integer",
"minimum": 1
},
"lockout-period-seconds": {
"type": "integer"
}
}
},
"qos-queue-config": {
"type": "object",
"properties": {
"queue-scheduler-mode": {
"type": "string",
"enum": [
"strict",
"wrr",
"strict-wrr",
"wfq",
"dwrr"
]
},
"queue-config": {
"type": "array",
"items": {
"type": "object",
"properties": {
"queue-id": {
"type": "integer",
"minimum": 0
},
"queue-weight": {
"type": "integer",
"minimum": 1
},
"queue-strict-mode": {
"type": "boolean",
"default": false
}
}
}
}
}
},
"arp-inspect": {
"$ref": "#/$defs/switch.arp-inspect"
},

249
ucentral.schema.pretty.json
View File

@@ -253,6 +253,11 @@
"cloud_uplink_port"
]
},
"autoneg": {
"description": "Controls whether link autonegotiation is enabled. When set to true, the switch negotiates speed and duplex with the link partner. When set to false, the configured speed and duplex values are forced.",
"type": "boolean",
"default": true
},
"speed": {
"description": "The link speed that shall be forced.",
"type": "integer",
@@ -831,6 +836,143 @@
"description": "Maximum allowed unknown unicast packets per second. 0 disables unknown unicast storm control."
}
}
},
"qos-priority-mapping": {
"type": "object",
"description": "Interface-level QoS priority mapping configuration. Defines how ingress packet markings (IP Precedence, CoS, DSCP) are interpreted and mapped to internal per-hop behavior (PHB), drop precedence, and egress queue selection.",
"properties": {
"priority-untagged": {
"type": "integer",
"description": "Sets the default priority for incoming untagged Ethernet frames.",
"minimum": 0,
"maximum": 7
},
"qos-map-trust-mode": {
"type": "string",
"description": "Determines which packet header field is trusted for ingress classification.",
"enum": [
"cos",
"dscp",
"ip-precedence"
]
},
"qos-map-ipprec2dscp": {
"type": "array",
"description": "Maps IP Precedence values (0\u20137) in ingress packets to per-hop behavior (PHB) and drop precedence. Used when trust mode is set to ip-precedence.",
"items": {
"type": "object",
"properties": {
"preced": {
"type": "integer",
"description": "IP Precedence value in the incoming packet.",
"minimum": 0,
"maximum": 7
},
"phb": {
"type": "integer",
"description": "Per-hop behavior (PHB) assigned to this IP Precedence.",
"minimum": 0,
"maximum": 63
},
"drop-preced": {
"type": "string",
"description": "Drop precedence assigned for congestion control.",
"enum": [
"green",
"yellow",
"red"
]
}
}
}
},
"qos-map-cos2dscp": {
"type": "array",
"description": "Maps CoS/CFI values in ingress packets to PHB and drop precedence. Applied when trust mode is set to cos.",
"items": {
"type": "object",
"properties": {
"cos": {
"type": "integer",
"description": "CoS value extracted from ingress frames.",
"minimum": 0,
"maximum": 7
},
"cfi": {
"type": "integer",
"description": "Canonical Format Indicator (0 or 1).",
"minimum": 0,
"maximum": 1
},
"phb": {
"type": "integer",
"description": "PHB assigned to this CoS/CFI mapping.",
"minimum": 0,
"maximum": 63
},
"drop-preced": {
"type": "string",
"description": "Drop precedence for congestion handling.",
"enum": [
"green",
"yellow",
"red"
]
}
}
}
},
"qos-map-dscpmutate": {
"type": "array",
"description": "Maps DSCP values (0\u201363) in ingress packets to custom PHB and drop precedence. Used when trust mode is set to dscp.",
"items": {
"type": "object",
"properties": {
"dscp": {
"type": "integer",
"description": "DSCP value from the IP header.",
"minimum": 0,
"maximum": 63
},
"phb": {
"type": "integer",
"description": "PHB derived from DSCP-to-internal-priority mapping.",
"minimum": 0,
"maximum": 63
},
"drop-preced": {
"type": "string",
"description": "Drop precedence classification for congestion.",
"enum": [
"green",
"yellow",
"red"
]
}
}
}
},
"qos-map-phb2queue": {
"type": "array",
"description": "Maps PHB to output hardware queues for traffic scheduling.",
"items": {
"type": "object",
"properties": {
"phb": {
"type": "integer",
"description": "Per-hop behavior value (internal priority).",
"minimum": 0,
"maximum": 63
},
"queue-id": {
"type": "integer",
"description": "Hardware queue ID chosen for this PHB.",
"minimum": 0
}
}
}
}
}
}
}
},
@@ -1801,6 +1943,11 @@
"description": "This section defines the MC-LAG configuration parameters for the switch.",
"type": "object",
"properties": {
"global-gateway-mac": {
"description": "(Optional) Global Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers",
"type": "string",
"format": "uc-mac"
},
"mclag-domains": {
"description": "List of MC-LAG domain configurations for the switch.",
"type": "array",
@@ -1814,6 +1961,46 @@
"maximum": 1024,
"default": 1
},
"gateway-mac": {
"description": "(Optional) Per-domain Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers This MAC address is used as the virtual MAC address for the Layer 3 VLAN Interfaces (Switch Virtual Interfaces or SVIs) across both MCLAG peers",
"type": "string",
"format": "uc-mac"
},
"source-ip": {
"description": "IPv4 address of the MCLAG keepalive link on the local switch",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"peer-ip": {
"description": "IPv4 address of the MCLAG keepalive link on the peer switch",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
},
"system-mac-address": {
"description": "(Optional) Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers",
"type": "string",
"format": "uc-mac"
},
"keepalive-interval": {
"description": "Interval (in seconds) between sending keepalive messages over the peer link to determine if the remote peer is up or down",
"type": "integer",
"default": 30,
"minimum": 1,
"maximum": 64
},
"session-timeout": {
"description": "Time (in seconds) to wait before shutting down an MCLAG session with a remote peer if no keepalive reply is received",
"type": "integer",
"default": 50,
"minimum": 1,
"maximum": 64
},
"peer-link": {
"description": "Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches.",
"type": "object",
@@ -1895,6 +2082,12 @@
"default": "long"
}
}
},
"trunk-id": {
"description": "Specifies the trunk group ID used as the mclag-group.",
"type": "integer",
"minimum": 1,
"maximum": 64
}
}
}
@@ -1963,6 +2156,62 @@
}
}
},
"intrusion-detection-access-lockout": {
"description": "Enables protection against unauthorized login attempts by locking user access after a specified number of failed authentication attempts within a defined period.",
"type": "object",
"properties": {
"lockout-attempt-count": {
"description": "Number of consecutive failed login attempts allowed before the user account is locked.",
"type": "integer",
"minimum": 1
},
"lockout-period-seconds": {
"description": "Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold.",
"type": "integer"
}
}
},
"qos-queue-config": {
"type": "object",
"description": "Global configuration for QoS priority queue scheduling and processing on L2 switches.",
"properties": {
"queue-scheduler-mode": {
"type": "string",
"description": "Sets the scheduling mode used for processing each of the Class of Service (CoS) priority queues.",
"enum": [
"strict",
"wrr",
"strict-wrr",
"wfq",
"dwrr"
]
},
"queue-config": {
"type": "array",
"description": "List of priority queue configurations applied at the global QoS layer.",
"items": {
"type": "object",
"properties": {
"queue-id": {
"type": "integer",
"description": "Identifier of the priority queue under configuration.",
"minimum": 0
},
"queue-weight": {
"type": "integer",
"description": "Assigns weights to the CoS priority queues when using WRR or hybrid scheduling modes.",
"minimum": 1
},
"queue-strict-mode": {
"type": "boolean",
"description": "Ensures that the highest priority packets are always serviced first, ahead of all other traffic.",
"default": false
}
}
}
}
}
},
"arp-inspect": {
"$ref": "#/$defs/switch.arp-inspect"
},

133
ucentral.state.pretty.json
View File

@@ -256,6 +256,53 @@
}
}
}
},
"access-lockout": {
"type": "object",
"description": "Represents the operational state and statistics of the Intrusion Detection and Access Lockout feature.",
"properties": {
"user-sessions": {
"type": "array",
"description": "Displays a list of user sessions being tracked for failed login attempts.",
"items": {
"type": "object",
"properties": {
"username": {
"type": "string",
"description": "The username associated with the login attempts being tracked."
},
"source-ip": {
"type": "string",
"description": "The IP address from which the login attempts originated."
},
"failed-attempts": {
"type": "integer",
"description": "The number of consecutive failed login attempts recorded for this user session."
},
"status": {
"type": "string",
"description": "Indicates whether the user account is currently locked or active.",
"enum": [
"active",
"locked"
]
},
"last-failed-attempt-time": {
"type": "integer",
"description": "UNIX timestamp (in seconds) of the most recent failed login attempt."
},
"lockout-start-time": {
"type": "integer",
"description": "UNIX timestamp (in seconds) when the user account was locked."
},
"lockout-expiry-time": {
"type": "integer",
"description": "UNIX timestamp (in seconds) when the lockout period will end and access will be restored."
}
}
}
}
}
}
},
"$defs": {
@@ -389,6 +436,92 @@
}
}
}
},
"mclag-state": {
"description": "This section describes the global (switch's device) state of the underlying state of MCLAG system.",
"type": "object",
"properties": {
"domains": {
"description": "holds MCLAG domain state information, including domain ID, role, session status, peer link status, number of interfaces, and interface statuses.",
"type": "array",
"items": {
"type": "object",
"properties": {
"mclag-domain": {
"description": "Configured domain-id state",
"type": "integer",
"minimum": 1,
"maximum": 1024,
"default": 1
},
"role": {
"description": "Role of the domain (Configured switch's domain-id state) Active means local switch posesses primary control responsibility (handles control protocol exchanges on behalf of the pair and is the default source for any shared virtual MAC addresses if they aren't explicitly configured) Standby means that local switch is the redundant switch that monitors the Active peer, maintains synchronized state information and is ready to take over full control plane responsibility if the Active peer fails.",
"type": "string",
"enum": [
"active",
"standby"
]
},
"session-status": {
"description": "Logical status of the underlying MCLAG session between local switch and remote peer switch. The 'up' value shows the underlying session is fully setup. (peers can exchange keepalive messages - if configured, the synchronization is happening and the overall state of link is operational) The 'down' value means the logical session's status is <down> - potentially, peers can't establish a connection between each other; (either through a misconfiguration, a routing problem in the field, or due to keepalive messages not being received) The 'unknown' value means the state cannot be determined (no ports configured, remote peer issues etc)",
"type": "string",
"enum": [
"up",
"down",
"unknown"
]
},
"peer-link-status": {
"description": "Operational state of the physical link(s) directly connecting the two Multi-Chassis Link Aggregation Group (MCLAG) peer switches.",
"type": "string",
"enum": [
"up",
"down",
"unknown"
]
},
"interface-num": {
"description": "Number of MCLAG interfaces configured within current domain id.",
"type": "integer"
},
"interfaces": {
"description": "List of configured interfaces statuses (that are part of this domain id)",
"type": "array",
"items": {
"type": "object",
"properties": {
"port": {
"description": "Port name / identifier.",
"type": "string",
"examples": [
"Ethernet1"
]
},
"local-status": {
"description": "Represents local port's status.",
"type": "string",
"enum": [
"up",
"down",
"unknown"
]
},
"remote-status": {
"description": "Represents remote peer's port status.",
"type": "string",
"enum": [
"up",
"down",
"unknown"
]
}
}
}
}
}
}
}
}
}
}
},