description: This section defines the switch fabric specific features of a physical switch. type: object properties: port-mirror: description: Enable mirror of traffic from multiple minotor ports to a single analysis port. type: array items: type: object properties: monitor-ports: description: The list of ports that we want to mirror. type: array items: type: string analysis-port: description: The port that mirror'ed packets should be sent to. type: string loop-detection: description: Enable loop detection on the L2 switches/bridge. type: object properties: protocol: description: Define which protocol shall be used for loop detection. type: string enum: - none - stp - rstp - mstp - pvstp - rpvstp default: rstp roles: description: Define on which logical switches/bridges we want to provide loop-detection. type: array items: type: string enum: - upstream - downstream bridge-prio: description: Bridge priority for root election. Ranging from 0–61440 (in steps of 4096) type: integer default: 32768 forward-delay-secs: description: Time in seconds a port stays in Listening and Learning states before transitioning to Forwarding. type: integer hello-time-secs: description: Determines how often switches send BPDU. type: integer max-age-secs: description: Maximum time (in seconds) before a BPDU is considered invalid. type: integer pathcost-method: description: Specifies the method used for path cost calculation. - short, 16-bit values (0–65535), IEEE 802.1D - long, 32-bit values (0–200,000,000), IEEE 802.1w type: string enum: - short - long bpdu-flooding: description: Configures how BPDUs are flooded to spanning-tree disabled ports. - to-all, Flood to all STP-disabled ports - to-vlan, Flood to STP-disabled ports within the same VLAN type: string enum: - to-all - to-vlan bpdu-tx-limit: description: Maximum number of BPDU transmissions allowed per Hello interval. type: integer root-guard: description: Enable Root Guard globally to prevent designated ports from becoming root. type: boolean mst-region: description: MSTP region-wide configuration. Applicable when protocol is mstp. type: object properties: name: description: Name of multiple spanning tree region. type: string maxLength: 32 minLength: 1 revision: description: MST region revision number. type: integer maximum: 65535 minimum: 0 instances: description: Define a list of configuration for each STP instance. Meaning of this field depends on current STP protocol (switch.loop-detection.protocol) type: array items: type: object properties: id: description: Indicates instance to configure. Depends on current STP protocol If RPVSTP/PVSTP - vlan id If MSTP - instance id type: integer enabled: description: Enable STP on this instance. type: boolean default: true priority: description: MST priority. type: integer default: 32768 forward-delay: description: Defines the amount of time a switch port stays in the Listening and Learning states before transitioning to the Forwarding state. type: integer default: 15 hello-time: description: Determines how often switches send BPDU. type: integer default: 2 max-age: description: Specifies the maximum time that a switch port should wait to receive a BPDU from its neighbor before considering the link as failed or disconnected. type: integer default: 20 path-cost: description: Path cost for this MST instance. type: integer vlan-start: description: VLAN starting range assigned to this MST instance. type: integer vlan-end: description: VLAN ending range assigned to this MST instance. type: integer ieee8021x: description: This section describes the global 802.1X (port access control) configuration. type: object properties: auth-control-enable: description: Enabled processing of PAE frames on ports that have .1X configured. type: boolean default: false radius: description: Define a list of RADIUS server to forward auth requests to. type: array items: type: object properties: server-host: description: Remote radius server address (IP or hostname). type: string examples: - 192.168.1.1 - somehost.com server-authentication-port: description: The port that the RADIUS authentication agent is running on. type: integer maximum: 65535 minimum: 1 server-key: description: Secret key text that is shared between a RADIUS server and the switch. type: string examples: - somepassword server-priority: description: The server's priority (used when multiple servers are present. Bigger prio value = higher priority). type: integer maximum: 64 minimum: 1 dynamic-authorization: description: Additional dynamic authorization (RFC 5176 compliant) - configure option for DAS that enable RM and CoA processing. type: object properties: auth-type: description: Sets the accepted authorization types for dynamic RADIUS clients. all - Selects all COA client authentication types. All authentication attributes must match for the authentication to succeed. any - Selects any COA client authentication type. Any authentication attribute may match for the authentication to succeed. session-key - Indicates that the session-key must match for authentication to succeed. type: string enum: - all - any - session-key bounce-port-ignore: description: Sets the switch to ignore bounce-port requests from dynamic authorization clients. type: boolean default: false disable-port-ignore: description: Sets the switch to ignore requests from dynamic authorization clients. type: boolean default: false ignore-server-key: description: Do not attmept to authenticate with the server key. type: boolean default: false ignore-session-key: description: Do not attmept to authenticate with the session key. type: boolean default: false server-key: description: Sets the shared secret to verify client COA requests for this server. type: string client: description: Configure DAC. type: array items: type: object properties: address: description: A valid IP address or hostname of a DAC. type: string server-key: description: Sets the shared secret to verify client COA requests for this server. type: string port-isolation: description: This section describes the per-port specific port-isolation matrix (to which ports selected port can forward traffic to) configuration. Omitting this configuration completely fully disables any port-isolation configuration on this given port. type: object properties: sessions: description: Allow selected port to forward traffic in the provided session-based format. type: array items: type: object properties: id: description: Session id to configure. type: integer uplink: description: Configuration object for uplink interface(s) type: object properties: interface-list: description: List of interfaces (either physical or trunk ports) type: array items: type: string downlink: description: Configuration object for downlink interface(s) type: object properties: interface-list: description: List of interfaces (either physical or trunk ports) type: array items: type: string trunk-balance-method: description: Sets the load-distribution method among ports in aggregated links for both static and LACP based trunks. type: string enum: - dst-ip - dst-mac - src-dst-ip - src-dst-mac - src-ip - src-mac default: src-dst-mac jumbo-frames: description: Enables Jumbo frames type: boolean default: false dhcp-snooping: description: DHCP Snooping configuration parameters type: object properties: dhcp-snoop-enable: description: "Enables DHCP Snooping on the network switch, which is a security feature that prevents unauthorized DHCP servers from offering IP addresses" type: boolean default: false dhcp-snoop-rate-limit: description: "Sets a limit on the number of DHCP packets per second that can be received on an untrusted interface to prevent DHCP flooding attacks" type: integer minimum: 1 maximum: 2048 dhcp-snoop-mac-verify: description: "This option ensures that the MAC address in a DHCP request matches the source MAC address of the packet, providing an additional layer of security" type: boolean default: false dhcp-snoop-inf-opt-82: description: "This refers to the insertion of information option 82 in DHCP packets, which adds more details about the client’s location and network information for tracking and control purposes" type: boolean default: false dhcp-snoop-inf-opt-encode-subopt: description: "This parameter allows for the encoding of sub-options within option 82 to further specify client information" type: boolean default: false dhcp-snoop-inf-opt-remoteid: description: "It specifies the remote ID sub-option in option 82, which typically includes information like the circuit ID or remote host identifier" type: string maxLength: 32 minLength: 1 dhcp-snoop-inf-opt-policy: description: "This defines the policy for handling packets with option 82, determining whether they should be forwarded or dropped based on the configuration" type: string enum: - drop - keep - replace mvr-config: description: This section defines the Multicast VLAN Registration (MVR) general configuration. type: object properties: mvr-enable: description: Enable/Disable MVR globally on the switch. type: boolean default: false mvr-proxy-query-intvl: description: This command configures the interval (in seconds) at which the receiver port sends out general queries. The maximum value is determined based on 12 hours as maximum interval, and minimum as 1 second as allowed value. type: integer default: 125 maximum: 43200 minimum: 1 mvr-proxy-switching: description: Enable the MVR proxy switching mode, where the source port acts as a host, and the receiver port acts as an MVR router with querier service enabled. type: boolean default: false mvr-robustness-val: description: Configure the expected packet loss, and thereby the number of times to generate report and group-specific queries when changes are learned about downstream groups, and the number of times group-specific queries are sent to downstream receiver ports. Right configuration ensures that multicast group memberships are correctly maintained even if some control messages are lost due to network issues. type: integer default: 2 maximum: 255 minimum: 1 mvr-source-port-mode: description: Configure the switch to forward only multicast streams that a source port has dynamically joined or to forward all multicast groups. type: string default: forward enum: - dynamic - forward mvr-domain-config: description: Configure the Multicast VLAN Registration (MVR) domains. type: array items: type: object properties: mvr-domain-id: description: Unique identifier for a Multicast Domain defined under the MVR. type: integer minimum: 1 maximum: 10 default: 1 mvr-domain-enable: description: Enable/disable Multicast VLAN Registration (MVR) for a specific domain. type: boolean default: false mvr-domain-vlan-id: description: Per domain Level Multicast VLAN ID. Specifies the VLAN through which MVR multicast data is received. This is the VLAN to which all source ports must be assigned. type: integer minimum: 1 maximum: 4094 default: 1 mvr-domain-upstream-sip: description: Configures the source IP address assigned to all MVR control packets sent upstream on all domains or on a specified domain. type: string format: ipv4 examples: - 192.168.0.5 mvr-group-config: type: array description: List of MVR groups (or profiles) configuration. items: type: object properties: mvr-group-name: type: string description: The name of a MVR group that consists of one or more MVR group addresses maxLength: 16 minLength: 1 mvr-group-range-start: type: string format: ipv4 description: Start IP address on the range of MVR group addresses that maps to a profile/MVR group mvr-group-range-end: type: string format: ipv4 description: Statically configure all multicast group addresses that will join an MVR VLAN. Map a range of MVR group addresses to a profile mvr-group-assoc-domain: descpription: Map the MVR Group to a secific domain. There can be many profiles under a single domain type: array items: type: integer maximum: 10 minimum: 1 required: - mvr-group-name - mvr-group-range-start - mvr-group-range-end - mvr-group-assoc-domain lldp-global-config: type: object description: Configuration options for LLDP on a global level in a OLS switch. properties: lldp-enable: type: boolean default: true description: Enables or disables LLDP globally at a switch level. lldp-holdtime-multiplier: type: integer description: Configures the time-to-live (TTL) value sent in LLDP advertisements. The TTL tells the receiving LLDP agent how long to retain all information from the sending LLDP agent if it does not transmit updates in a timely manner. default: 4 lldp-med-fast-start-count: type: integer description: Configures how many medFastStart packets are transmitted during the activation process of the LLDP-MED Fast Start mechanism. default: 4 lldp-refresh-interval: type: integer description: Configures the periodic transmit interval for LLDP advertisements (in seconds). default: 30 lldp-reinit-delay: type: integer description: Configures the delay (in seconds) before reinitializing after LLDP ports are disabled or the link goes down. default: 2 lldp-tx-delay: type: integer description: Configures a delay (in seconds) between successive transmissions of advertisements initiated by a change in local LLDP state. maximum: 8192 minimum: 1 lldp-notification-interval: type: integer description: Configures the interval (in seconds) for sending SNMP notifications about LLDP changes. default: 5 mc-lag: type: boolean description: Enables MC-LAG or disables it. default: false mclag-config: description: This section defines the MC-LAG configuration parameters for the switch. type: object properties: global-gateway-mac: description: (Optional) Global Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers type: string format: uc-mac mclag-domains: description: List of MC-LAG domain configurations for the switch. type: array items: type: object properties: mclag-domain: description: Specifies the MC-LAG domain ID to identify the grouping of peer switches. type: integer minimum: 1 maximum: 1024 default: 1 gateway-mac: description: (Optional) Per-domain Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers This MAC address is used as the virtual MAC address for the Layer 3 VLAN Interfaces (Switch Virtual Interfaces or SVIs) across both MCLAG peers type: string format: uc-mac source-ip: description: IPv4 address of the MCLAG keepalive link on the local switch type: string format: ipv4 examples: - 192.168.0.5 peer-ip: description: IPv4 address of the MCLAG keepalive link on the peer switch type: string format: ipv4 examples: - 192.168.0.5 system-mac-address: description: (Optional) Unique MCLAG system MAC address that is assigned to the MCLAG domain on both peers type: string format: uc-mac keepalive-interval: description: Interval (in seconds) between sending keepalive messages over the peer link to determine if the remote peer is up or down type: integer default: 30 minimum: 1 maximum: 64 session-timeout: description: Time (in seconds) to wait before shutting down an MCLAG session with a remote peer if no keepalive reply is received type: integer default: 50 minimum: 1 maximum: 64 peer-link: description: Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches. type: object properties: link-type: description: Defines the type of peer-link, either 'port' or 'trunk-group' type: string enum: - port - trunk-group default: trunk-group port-id: description: Specifies the physical port name used as peer-link (only valid if type = port). type: string examples: - "Ethernet1" - "Ethernet2" trunk-id: description: Specifies the trunk group ID used as peer-link (only valid if type = trunk-group). type: integer minimum: 1 maximum: 64 mclag-group: description: Configures the MC-LAG group(s), which binds the interfaces into a multi-chassis LAG. type: array items: type: object properties: group-id: description: Defines the unique MC-LAG group identifier. type: integer minimum: 1 maximum: 128 members: description: List of interfaces that participate in the MC-LAG group. type: array items: type: string description: Interface names that are part of the MC-LAG group. examples: - Ethernet0 - Ethernet1 lacp-config: description: LACP configuration settings for the MC-LAG group. type: object properties: lacp-enable: description: Enables or disables LACP for the MC-LAG group. type: boolean default: true lacp-role: description: Configures the LACP role as 'actor' or 'partner' type: string enum: - actor - partner default: actor lacp-timeout: description: Sets the LACP timeout as either 'short' or 'long'. type: string enum: - short - long default: long system-priority: description: Specifies the system priority used by the switch for LACP negotiations. type: integer minimum: 1 maximum: 65535 default: 32768 dual-active-detection: description: Enables dual-active detection to prevent split-brain scenarios in MC-LAG. type: boolean default: true voice-vlan-config: description: This parameter enables or disables the overall configuration of the Voice VLAN feature on the switch. When enabled, it allows the system to classify and prioritize voice traffic. type: object properties: voice-vlan-id: description: Specifies the VLAN ID assigned to the Voice VLAN. This is the unique identifier for the VLAN that will be used for prioritizing voice traffic. type: integer minimum: 1 maximum: 4094 voice-vlan-ageing-time: description: Defines the time, in minutes, that a dynamic Voice VLAN entry remains in the VLAN after voice traffic is no longer detected. It helps manage resources by removing inactive voice devices from the VLAN after this time elapses. type: integer minimum: 5 maximum: 43200 default: 1440 voice-vlan-oui-config: description: Configures the Organizationally Unique Identifier (OUI) for identifying the voice devices (like IP phones). type: array items: type: object properties: voice-vlan-oui-mac: description: The specific MAC address pattern that corresponds to voice devices, as determined by the OUI. It is used for identifying and classifying voice traffic. type: string format: uc-mac voice-vlan-oui-mask: description: A mask applied to the MAC address to help match the OUI more precisely. It ensures that the correct portion of the MAC address is evaluated to identify a device as a voice device. type: string format: uc-mac voice-vlan-oui-description: description: A descriptive label or comment for the OUI configuration. This can help administrators keep track of which OUI belongs to which type of voice device or vendor. type: string maxLength: 32 minLength: 1 examples: - "A VoIP Phone" intrusion-detection-access-lockout: description: Enables protection against unauthorized login attempts by locking user access after a specified number of failed authentication attempts within a defined period. type: object properties: lockout-attempt-count: description: Number of consecutive failed login attempts allowed before the user account is locked. type: integer minimum: 1 lockout-period-seconds: description: Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold. type: integer arp-inspect: $ref: "https://ucentral.io/schema/v1/switch/arp-inspect/" ip-source-guard: $ref: "https://ucentral.io/schema/v1/switch/ip-source-guard/" rt-events: $ref: "https://ucentral.io/schema/v1/switch/rtevent/" acl: $ref: "https://ucentral.io/schema/v1/switch/acl/" dns: description: Define a global list of dns servers. type: array items: type: string