From 8e32d2775aa5c6c1288e7425a8cbf8b0dff74b0d Mon Sep 17 00:00:00 2001 From: Binny Date: Tue, 21 Jan 2025 06:54:14 +0000 Subject: [PATCH] ols-550 changes for old ols 3.2 features to align with schema design and acl index and rule id suggestion --- schema/ethernet.yml | 82 ++++- schema/interface.acl.yml | 33 -- schema/interface.dhcp-snoop-port.yml | 16 - schema/interface.ipv4.yml | 29 -- schema/interface.yml | 6 +- schema/switch.yml | 254 +++++-------- ucentral.schema.full.json | 516 ++++++++++++-------------- ucentral.schema.json | 439 ++++++++++------------ ucentral.schema.pretty.json | 522 ++++++++++++--------------- 9 files changed, 827 insertions(+), 1070 deletions(-) delete mode 100644 schema/interface.acl.yml delete mode 100644 schema/interface.dhcp-snoop-port.yml diff --git a/schema/ethernet.yml b/schema/ethernet.yml index 2c2e4ea..1d4c565 100644 --- a/schema/ethernet.yml +++ b/schema/ethernet.yml @@ -367,4 +367,84 @@ properties: lldp-notification: type: boolean description: Enables the transmission of SNMP trap notifications about LLDP changes. - default: false \ No newline at end of file + default: false + acl: + description: A collection of access control entries that define the rules for filtering traffic through a network port. + type: array + items: + type: object + properties: + acl-inf-policy-preference: + description: Determines the priority of multiple ACL policies when more than one is applied to an interface, if any. + type: integer + minimum: 1 + maximum: 64 + default: 1 + acl-inf-policy-ingress: + description: Specifies the ACL policy that is applied to incoming traffic on an interface. + type: string + maxLength: 32 + minLength: 1 + examples: + - blacklisted-macs + acl-inf-counters-ingress: + description: Tracks the number and type of packets that match the ingress ACL rules on an interface. + type: boolean + default: false + acl-inf-policy-egress: + description: Specifies the ACL policy that is applied to outgoing traffic from an interface. + type: string + maxLength: 32 + minLength: 1 + examples: + - blacklisted-macs + acl-inf-counters-egress: + description: Tracks the number and type of packets that match the egress ACL rules on an interface. + type: boolean + default: false + voice-vlan-intf-config: + description: "Configure the Voice VLAN feature at the interface level, allowing for VoIP traffic to be prioritized on this specific port." + type: object + properties: + voice-vlan-intf-mode: + description: "Specify the mode of placing this port on the voice VLAN." + type: string + default: "auto" + enum: + - none + - manual + - auto + voice-vlan-intf-priority: + description: "Define the Class of Service (CoS) priority for VoIP traffic passing through this port, ensuring higher priority over other traffic types." + type: integer + default: 6 + minimum: 0 + maximum: 6 + voice-vlan-intf-detect-voice: + description: "Select the detection method for identifying VoIP traffic on this port, such as OUI-based detection or traffic pattern recognition." + type: string + default: "oui" + enum: + - oui + - lldp + voice-vlan-intf-security: + description: "Enable or configure security filtering for VoIP traffic on the interface to protect against unauthorized devices." + type: boolean + default: false +dhcp-snoop-port: + description: "Configuration for DHCP Snooping on a port level on a switch" + type: object + properties: + dhcp-snoop-port-trust: + description: "This parameter designates a switch port as ‘trusted’ for DHCP messages, meaning it can forward DHCP offers and acknowledgments, which is essential for connecting to legitimate DHCP servers" + type: boolean + default: false + dhcp-snoop-port-client-limit: + description: "It sets a limit on the number of DHCP clients that can be associated with a single port, helping to prevent a single port from exhausting the network’s IP address pool" + type: integer + minimum: 1 + dhcp-snoop-port-circuit-id: + description: "Specifies DHCP Option 82 circuit ID suboption information. Often including information like the interface number and VLAN ID, this can be useful for network management and troubleshooting" + type: string + minLength: 1 + maxLength: 32 \ No newline at end of file diff --git a/schema/interface.acl.yml b/schema/interface.acl.yml deleted file mode 100644 index 809002a..0000000 --- a/schema/interface.acl.yml +++ /dev/null @@ -1,33 +0,0 @@ -description: A collection of access control entries that define the rules for filtering traffic through a network interface. -type: array -items: - type: object - properties: - acl-inf-policy-preference: - description: Determines the priority of multiple ACL policies when more than one is applied to an interface, if any. - type: integer - minimum: 1 - maximum: 64 - default: 1 - acl-inf-policy-ingress: - description: Specifies the ACL policy that is applied to incoming traffic on an interface. - type: string - maxLength: 32 - minLength: 1 - examples: - - blacklisted-macs - acl-inf-counters-ingress: - description: Tracks the number and type of packets that match the ingress ACL rules on an interface. - type: boolean - default: false - acl-inf-policy-egress: - description: Specifies the ACL policy that is applied to outgoing traffic from an interface. - type: string - maxLength: 32 - minLength: 1 - examples: - - blacklisted-macs - acl-inf-counters-egress: - description: Tracks the number and type of packets that match the egress ACL rules on an interface. - type: boolean - default: false \ No newline at end of file diff --git a/schema/interface.dhcp-snoop-port.yml b/schema/interface.dhcp-snoop-port.yml deleted file mode 100644 index 730934f..0000000 --- a/schema/interface.dhcp-snoop-port.yml +++ /dev/null @@ -1,16 +0,0 @@ -description: "Configuration for DHCP Snooping on a port level on a switch" -type: object -properties: - dhcp-snoop-port-trust: - description: "This parameter designates a switch port as ‘trusted’ for DHCP messages, meaning it can forward DHCP offers and acknowledgments, which is essential for connecting to legitimate DHCP servers" - type: boolean - default: false - dhcp-snoop-port-client-limit: - description: "It sets a limit on the number of DHCP clients that can be associated with a single port, helping to prevent a single port from exhausting the network’s IP address pool" - type: integer - minimum: 1 - dhcp-snoop-port-circuit-id: - description: "Specifies DHCP Option 82 circuit ID suboption information. Often including information like the interface number and VLAN ID, this can be useful for network management and troubleshooting" - type: string - minLength: 1 - maxLength: 32 \ No newline at end of file diff --git a/schema/interface.ipv4.yml b/schema/interface.ipv4.yml index 3a8f16d..8477775 100644 --- a/schema/interface.ipv4.yml +++ b/schema/interface.ipv4.yml @@ -200,35 +200,6 @@ properties: description: "Enables DHCP Snooping on a VLAN" type: boolean default: false - voice-vlan-intf-config: - description: "Configure the Voice VLAN feature at the interface level, allowing for VoIP traffic to be prioritized on this specific port." - type: object - properties: - voice-vlan-intf-mode: - description: "Specify the mode of placing this port on the voice VLAN." - type: string - default: "auto" - enum: - - none - - manual - - auto - voice-vlan-intf-priority: - description: "Define the Class of Service (CoS) priority for VoIP traffic passing through this port, ensuring higher priority over other traffic types." - type: integer - default: 6 - minimum: 0 - maximum: 6 - voice-vlan-intf-detect-voice: - description: "Select the detection method for identifying VoIP traffic on this port, such as OUI-based detection or traffic pattern recognition." - type: string - default: "oui" - enum: - - oui - - lldp - voice-vlan-intf-security: - description: "Enable or configure security filtering for VoIP traffic on the interface to protect against unauthorized devices." - type: boolean - default: false dhcp: $ref: "https://ucentral.io/schema/v1/interface/ipv4/dhcp/" dhcp-leases: diff --git a/schema/interface.yml b/schema/interface.yml index d3250eb..f442bb5 100644 --- a/schema/interface.yml +++ b/schema/interface.yml @@ -68,11 +68,7 @@ properties: $ref: "https://ucentral.io/schema/v1/interface/ipv4/" ipv6: $ref: "https://ucentral.io/schema/v1/interface/ipv6/" - acl: - $ref: "https://ucentral.io/schema/v1/interface/acl/" - dhcp-snoop-port: - $ref: "https://ucentral.io/schema/v1/interface/dhcp-snoop-port/" broad-band: $ref: "https://ucentral.io/schema/v1/interface/broad-band/" tunnel: - $ref: "https://ucentral.io/schema/v1/interface/tunnel/" + $ref: "https://ucentral.io/schema/v1/interface/tunnel/" \ No newline at end of file diff --git a/schema/switch.yml b/schema/switch.yml index 1550c80..5298b57 100644 --- a/schema/switch.yml +++ b/schema/switch.yml @@ -285,6 +285,15 @@ properties: items: type: object properties: + acl-index: + description: Unique identifier for the ACL grouping + type: integer + minimum: 1 + acl-name: + description: The identifier or name for the Access Control List + type: string + maxLength: 32 + minLength: 1 acl-type: description: Type of the access control list type: string @@ -295,160 +304,97 @@ properties: - ipv6Ext - mac - arp - acl-name: - description: The identifier or name for the Access Control List - type: string - maxLength: 32 - minLength: 1 - acl-rule-action: - description: Defines whether to permit or deny traffic matching the rule - type: string - enum: - - permit - - deny - acl-source-macaddress: - description: Specifies the source MAC address to filter on - type: string - format: uc-mac - acl-source-macbitmask: - description: The mask applied to the source MAC address - type: string - format: uc-mac - acl-dest-macaddress: - description: Specifies the destination MAC address for the filter - type: string - format: uc-mac - acl-dest-macbitmask: - description: The mask applied to the destination MAC address - type: string - format: uc-mac - acl-packet-format: - description: Identifies the protocol encapsulated in the Ethernet frame by its EtherType - type: string - enum: - - any - - untagged-eth2 - - untagged-802.3 - - tagged-eth2 - - tagged-802.3 - acl-vlanid: - description: Specifies a VLAN ID to filter traffic from a specific VLAN - type: integer - minimum: 1 - maximum: 4094 - acl-vid-bitmask: - description: The mask applied to the VLAN ID - type: integer - minimum: 1 - maximum: 4095 - acl-ethertype: - description: Filters packets based on the custom EtherType field (HEX) in the Ethernet frame - type: string - default: "800" - acl-ethertype-bitmask: - description: The mask applied to the EtherType field - type: string - default: "FFFF" - acl-cos: - description: Filters based on the Class of Service (CoS) field in the frame - type: integer - minimum: 0 - maximum: 7 - acl-cos-bitmask: - description: The mask applied to the CoS field - type: integer - minimum: 0 - maximum: 7 - # IP-ACL (IPv4/IPv6) Parameters - acl-ipv4-source-address: - description: The IPv4 address of the source to filter on - type: string - format: ipv4 - acl-ipv4-source-subnetmask: - description: The subnet mask applied to the source IPv4 address - type: string - format: ipv4 - acl-ipv4-dest-address: - description: The IPv4 address of the destination to filter on - type: string - format: ipv4 - acl-ipv4-dest-subnetmask: - description: The subnet mask applied to the destination IPv4 address - type: string - format: ipv4 - acl-ipv6-source-address: - description: The IPv6 address of the source to filter on - type: string - format: ipv6 - acl-ipv6-source-prefix-length: - description: Defines the length of the prefix used in filtering IPv6 source addresses - type: integer - minimum: 0 - maximum: 128 - acl-ipv6-dest-address: - description: The IPv6 address of the destination to filter on - type: string - format: ipv6 - acl-ipv6-dest-prefix-length: - description: Defines the length of the prefix used in filtering IPv6 destination addresses - type: integer - minimum: 0 - maximum: 128 - acl-ip-proto: - description: Filters based on the IP protocol number - type: integer - minimum: 0 - maximum: 255 - acl-ipv6-next-header: - description: Specifies the next header type in IPv6 traffic, such as TCP, UDP, or ICMPv6 - type: integer - minimum: 0 - maximum: 255 - acl-ipv6-flow-label: - description: Filters packets based on the IPv6 Flow Label field - type: integer - minimum: 0 - maximum: 1048575 - acl-ip-source-port: - description: Specifies the source port number for filtering - type: integer - minimum: 0 - maximum: 65535 - acl-ip-source-port-bitmask: - description: The mask applied to the source port number - type: integer - minimum: 0 - maximum: 65535 - acl-ip-dest-port: - description: Specifies the destination port number for filtering - type: integer - minimum: 0 - maximum: 65535 - acl-ip-dest-port-bitmask: - description: The mask applied to the destination port number - type: integer - minimum: 0 - maximum: 65535 - acl-ipv4-fragment-offset: - description: Filters based on IPv4 fragment offset for fragmented packets - type: integer - minimum: 0 - maximum: 8191 - acl-ipv6-fragment-offset: - description: Filters based on IPv6 fragment offset for fragmented packets - type: integer - minimum: 0 - maximum: 8191 - acl-ip-ttl: - description: Filters IPv4 traffic based on the TTL (Time to Live) value - type: integer - minimum: 0 - maximum: 255 - acl-ipv6-hop-limit: - description: Filters IPv6 traffic based on the hop limit value, equivalent to IPv4 TTL - type: integer - minimum: 0 - maximum: 255 + acl-rules: + description: List of access control rules under this ACL + type: array + items: + type: object + properties: + acl-rule-priority: + description: Priority of the rule within the ACL + type: integer + minimum: 0 + maximum: 1024 + acl-rule-action: + description: Defines whether to permit or deny traffic matching the rule + type: string + enum: + - permit + - deny + acl-source-macaddress: + description: Specifies the source MAC address to filter on + type: string + format: uc-mac + acl-source-macbitmask: + description: The mask applied to the source MAC address + type: string + format: uc-mac + acl-dest-macaddress: + description: Specifies the destination MAC address for the filter + type: string + format: uc-mac + acl-dest-macbitmask: + description: The mask applied to the destination MAC address + type: string + format: uc-mac + acl-packet-format: + description: Identifies the protocol encapsulated in the Ethernet frame by its EtherType + type: string + enum: + - any + - untagged-eth2 + - untagged-802.3 + - tagged-eth2 + - tagged-802.3 + acl-vlanid: + description: Specifies a VLAN ID to filter traffic from a specific VLAN + type: integer + minimum: 1 + maximum: 4094 + acl-vid-bitmask: + description: The mask applied to the VLAN ID + type: integer + minimum: 1 + maximum: 4095 + acl-ethertype: + description: Filters packets based on the custom EtherType field (HEX) in the Ethernet frame + type: string + default: "800" + acl-ethertype-bitmask: + description: The mask applied to the EtherType field + type: string + default: "FFFF" + acl-cos: + description: Filters based on the Class of Service (CoS) field in the frame + type: integer + minimum: 0 + maximum: 7 + acl-cos-bitmask: + description: The mask applied to the CoS field + type: integer + minimum: 0 + maximum: 7 + acl-ipv4-source-address: + description: The IPv4 address of the source to filter on + type: string + format: ipv4 + acl-ipv4-source-subnetmask: + description: The subnet mask applied to the source IPv4 address + type: string + format: ipv4 + acl-ipv4-dest-address: + description: The IPv4 address of the destination to filter on + type: string + format: ipv4 + acl-ipv4-dest-subnetmask: + description: The subnet mask applied to the destination IPv4 address + type: string + format: ipv4 + acl-ip-proto: + description: Filters based on the IP protocol number + type: integer + minimum: 0 + maximum: 255 mvr-config: description: This section defines the Multicast VLAN Registration (MVR) general configuration. type: object diff --git a/ucentral.schema.full.json b/ucentral.schema.full.json index 7238cd4..b527aa9 100644 --- a/ucentral.schema.full.json +++ b/ucentral.schema.full.json @@ -588,6 +588,109 @@ "default": false } } + }, + "acl": { + "description": "A collection of access control entries that define the rules for filtering traffic through a network port.", + "type": "array", + "items": { + "type": "object", + "properties": { + "acl-inf-policy-preference": { + "description": "Determines the priority of multiple ACL policies when more than one is applied to an interface, if any.", + "type": "integer", + "minimum": 1, + "maximum": 64, + "default": 1 + }, + "acl-inf-policy-ingress": { + "description": "Specifies the ACL policy that is applied to incoming traffic on an interface.", + "type": "string", + "maxLength": 32, + "minLength": 1, + "examples": [ + "blacklisted-macs" + ] + }, + "acl-inf-counters-ingress": { + "description": "Tracks the number and type of packets that match the ingress ACL rules on an interface.", + "type": "boolean", + "default": false + }, + "acl-inf-policy-egress": { + "description": "Specifies the ACL policy that is applied to outgoing traffic from an interface.", + "type": "string", + "maxLength": 32, + "minLength": 1, + "examples": [ + "blacklisted-macs" + ] + }, + "acl-inf-counters-egress": { + "description": "Tracks the number and type of packets that match the egress ACL rules on an interface.", + "type": "boolean", + "default": false + } + } + } + }, + "voice-vlan-intf-config": { + "description": "Configure the Voice VLAN feature at the interface level, allowing for VoIP traffic to be prioritized on this specific port.", + "type": "object", + "properties": { + "voice-vlan-intf-mode": { + "description": "Specify the mode of placing this port on the voice VLAN.", + "type": "string", + "default": "auto", + "enum": [ + "none", + "manual", + "auto" + ] + }, + "voice-vlan-intf-priority": { + "description": "Define the Class of Service (CoS) priority for VoIP traffic passing through this port, ensuring higher priority over other traffic types.", + "type": "integer", + "default": 6, + "minimum": 0, + "maximum": 6 + }, + "voice-vlan-intf-detect-voice": { + "description": "Select the detection method for identifying VoIP traffic on this port, such as OUI-based detection or traffic pattern recognition.", + "type": "string", + "default": "oui", + "enum": [ + "oui", + "lldp" + ] + }, + "voice-vlan-intf-security": { + "description": "Enable or configure security filtering for VoIP traffic on the interface to protect against unauthorized devices.", + "type": "boolean", + "default": false + } + } + } + }, + "dhcp-snoop-port": { + "description": "Configuration for DHCP Snooping on a port level on a switch", + "type": "object", + "properties": { + "dhcp-snoop-port-trust": { + "description": "This parameter designates a switch port as \u2018trusted\u2019 for DHCP messages, meaning it can forward DHCP offers and acknowledgments, which is essential for connecting to legitimate DHCP servers", + "type": "boolean", + "default": false + }, + "dhcp-snoop-port-client-limit": { + "description": "It sets a limit on the number of DHCP clients that can be associated with a single port, helping to prevent a single port from exhausting the network\u2019s IP address pool", + "type": "integer", + "minimum": 1 + }, + "dhcp-snoop-port-circuit-id": { + "description": "Specifies DHCP Option 82 circuit ID suboption information. Often including information like the interface number and VLAN ID, this can be useful for network management and troubleshooting", + "type": "string", + "minLength": 1, + "maxLength": 32 + } } } } @@ -903,6 +1006,17 @@ "items": { "type": "object", "properties": { + "acl-index": { + "description": "Unique identifier for the ACL grouping", + "type": "integer", + "minimum": 1 + }, + "acl-name": { + "description": "The identifier or name for the Access Control List", + "type": "string", + "maxLength": 32, + "minLength": 1 + }, "acl-type": { "description": "Type of the access control list", "type": "string", @@ -915,192 +1029,119 @@ "arp" ] }, - "acl-name": { - "description": "The identifier or name for the Access Control List", - "type": "string", - "maxLength": 32, - "minLength": 1 - }, - "acl-rule-action": { - "description": "Defines whether to permit or deny traffic matching the rule", - "type": "string", - "enum": [ - "permit", - "deny" - ] - }, - "acl-source-macaddress": { - "description": "Specifies the source MAC address to filter on", - "type": "string", - "format": "uc-mac" - }, - "acl-source-macbitmask": { - "description": "The mask applied to the source MAC address", - "type": "string", - "format": "uc-mac" - }, - "acl-dest-macaddress": { - "description": "Specifies the destination MAC address for the filter", - "type": "string", - "format": "uc-mac" - }, - "acl-dest-macbitmask": { - "description": "The mask applied to the destination MAC address", - "type": "string", - "format": "uc-mac" - }, - "acl-packet-format": { - "description": "Identifies the protocol encapsulated in the Ethernet frame by its EtherType", - "type": "string", - "enum": [ - "any", - "untagged-eth2", - "untagged-802.3", - "tagged-eth2", - "tagged-802.3" - ] - }, - "acl-vlanid": { - "description": "Specifies a VLAN ID to filter traffic from a specific VLAN", - "type": "integer", - "minimum": 1, - "maximum": 4094 - }, - "acl-vid-bitmask": { - "description": "The mask applied to the VLAN ID", - "type": "integer", - "minimum": 1, - "maximum": 4095 - }, - "acl-ethertype": { - "description": "Filters packets based on the custom EtherType field (HEX) in the Ethernet frame", - "type": "string", - "default": "800" - }, - "acl-ethertype-bitmask": { - "description": "The mask applied to the EtherType field", - "type": "string", - "default": "FFFF" - }, - "acl-cos": { - "description": "Filters based on the Class of Service (CoS) field in the frame", - "type": "integer", - "minimum": 0, - "maximum": 7 - }, - "acl-cos-bitmask": { - "description": "The mask applied to the CoS field", - "type": "integer", - "minimum": 0, - "maximum": 7 - }, - "acl-ipv4-source-address": { - "description": "The IPv4 address of the source to filter on", - "type": "string", - "format": "ipv4" - }, - "acl-ipv4-source-subnetmask": { - "description": "The subnet mask applied to the source IPv4 address", - "type": "string", - "format": "ipv4" - }, - "acl-ipv4-dest-address": { - "description": "The IPv4 address of the destination to filter on", - "type": "string", - "format": "ipv4" - }, - "acl-ipv4-dest-subnetmask": { - "description": "The subnet mask applied to the destination IPv4 address", - "type": "string", - "format": "ipv4" - }, - "acl-ipv6-source-address": { - "description": "The IPv6 address of the source to filter on", - "type": "string", - "format": "ipv6" - }, - "acl-ipv6-source-prefix-length": { - "description": "Defines the length of the prefix used in filtering IPv6 source addresses", - "type": "integer", - "minimum": 0, - "maximum": 128 - }, - "acl-ipv6-dest-address": { - "description": "The IPv6 address of the destination to filter on", - "type": "string", - "format": "ipv6" - }, - "acl-ipv6-dest-prefix-length": { - "description": "Defines the length of the prefix used in filtering IPv6 destination addresses", - "type": "integer", - "minimum": 0, - "maximum": 128 - }, - "acl-ip-proto": { - "description": "Filters based on the IP protocol number", - "type": "integer", - "minimum": 0, - "maximum": 255 - }, - "acl-ipv6-next-header": { - "description": "Specifies the next header type in IPv6 traffic, such as TCP, UDP, or ICMPv6", - "type": "integer", - "minimum": 0, - "maximum": 255 - }, - "acl-ipv6-flow-label": { - "description": "Filters packets based on the IPv6 Flow Label field", - "type": "integer", - "minimum": 0, - "maximum": 1048575 - }, - "acl-ip-source-port": { - "description": "Specifies the source port number for filtering", - "type": "integer", - "minimum": 0, - "maximum": 65535 - }, - "acl-ip-source-port-bitmask": { - "description": "The mask applied to the source port number", - "type": "integer", - "minimum": 0, - "maximum": 65535 - }, - "acl-ip-dest-port": { - "description": "Specifies the destination port number for filtering", - "type": "integer", - "minimum": 0, - "maximum": 65535 - }, - "acl-ip-dest-port-bitmask": { - "description": "The mask applied to the destination port number", - "type": "integer", - "minimum": 0, - "maximum": 65535 - }, - "acl-ipv4-fragment-offset": { - "description": "Filters based on IPv4 fragment offset for fragmented packets", - "type": "integer", - "minimum": 0, - "maximum": 8191 - }, - "acl-ipv6-fragment-offset": { - "description": "Filters based on IPv6 fragment offset for fragmented packets", - "type": "integer", - "minimum": 0, - "maximum": 8191 - }, - "acl-ip-ttl": { - "description": "Filters IPv4 traffic based on the TTL (Time to Live) value", - "type": "integer", - "minimum": 0, - "maximum": 255 - }, - "acl-ipv6-hop-limit": { - "description": "Filters IPv6 traffic based on the hop limit value, equivalent to IPv4 TTL", - "type": "integer", - "minimum": 0, - "maximum": 255 + "acl-rules": { + "description": "List of access control rules under this ACL", + "type": "array", + "items": { + "type": "object", + "properties": { + "acl-rule-priority": { + "description": "Priority of the rule within the ACL", + "type": "integer", + "minimum": 0, + "maximum": 1024 + }, + "acl-rule-action": { + "description": "Defines whether to permit or deny traffic matching the rule", + "type": "string", + "enum": [ + "permit", + "deny" + ] + }, + "acl-source-macaddress": { + "description": "Specifies the source MAC address to filter on", + "type": "string", + "format": "uc-mac" + }, + "acl-source-macbitmask": { + "description": "The mask applied to the source MAC address", + "type": "string", + "format": "uc-mac" + }, + "acl-dest-macaddress": { + "description": "Specifies the destination MAC address for the filter", + "type": "string", + "format": "uc-mac" + }, + "acl-dest-macbitmask": { + "description": "The mask applied to the destination MAC address", + "type": "string", + "format": "uc-mac" + }, + "acl-packet-format": { + "description": "Identifies the protocol encapsulated in the Ethernet frame by its EtherType", + "type": "string", + "enum": [ + "any", + "untagged-eth2", + "untagged-802.3", + "tagged-eth2", + "tagged-802.3" + ] + }, + "acl-vlanid": { + "description": "Specifies a VLAN ID to filter traffic from a specific VLAN", + "type": "integer", + "minimum": 1, + "maximum": 4094 + }, + "acl-vid-bitmask": { + "description": "The mask applied to the VLAN ID", + "type": "integer", + "minimum": 1, + "maximum": 4095 + }, + "acl-ethertype": { + "description": "Filters packets based on the custom EtherType field (HEX) in the Ethernet frame", + "type": "string", + "default": "800" + }, + "acl-ethertype-bitmask": { + "description": "The mask applied to the EtherType field", + "type": "string", + "default": "FFFF" + }, + "acl-cos": { + "description": "Filters based on the Class of Service (CoS) field in the frame", + "type": "integer", + "minimum": 0, + "maximum": 7 + }, + "acl-cos-bitmask": { + "description": "The mask applied to the CoS field", + "type": "integer", + "minimum": 0, + "maximum": 7 + }, + "acl-ipv4-source-address": { + "description": "The IPv4 address of the source to filter on", + "type": "string", + "format": "ipv4" + }, + "acl-ipv4-source-subnetmask": { + "description": "The subnet mask applied to the source IPv4 address", + "type": "string", + "format": "ipv4" + }, + "acl-ipv4-dest-address": { + "description": "The IPv4 address of the destination to filter on", + "type": "string", + "format": "ipv4" + }, + "acl-ipv4-dest-subnetmask": { + "description": "The subnet mask applied to the destination IPv4 address", + "type": "string", + "format": "ipv4" + }, + "acl-ip-proto": { + "description": "Filters based on the IP protocol number", + "type": "integer", + "minimum": 0, + "maximum": 255 + } + } + } } } } @@ -1829,43 +1870,6 @@ "type": "boolean", "default": false }, - "voice-vlan-intf-config": { - "description": "Configure the Voice VLAN feature at the interface level, allowing for VoIP traffic to be prioritized on this specific port.", - "type": "object", - "properties": { - "voice-vlan-intf-mode": { - "description": "Specify the mode of placing this port on the voice VLAN.", - "type": "string", - "default": "auto", - "enum": [ - "none", - "manual", - "auto" - ] - }, - "voice-vlan-intf-priority": { - "description": "Define the Class of Service (CoS) priority for VoIP traffic passing through this port, ensuring higher priority over other traffic types.", - "type": "integer", - "default": 6, - "minimum": 0, - "maximum": 6 - }, - "voice-vlan-intf-detect-voice": { - "description": "Select the detection method for identifying VoIP traffic on this port, such as OUI-based detection or traffic pattern recognition.", - "type": "string", - "default": "oui", - "enum": [ - "oui", - "lldp" - ] - }, - "voice-vlan-intf-security": { - "description": "Enable or configure security filtering for VoIP traffic on the interface to protect against unauthorized devices.", - "type": "boolean", - "default": false - } - } - }, "dhcp": { "description": "This section describes the DHCP server configuration", "type": "object", @@ -2164,72 +2168,6 @@ } } }, - "acl": { - "description": "A collection of access control entries that define the rules for filtering traffic through a network interface.", - "type": "array", - "items": { - "type": "object", - "properties": { - "acl-inf-policy-preference": { - "description": "Determines the priority of multiple ACL policies when more than one is applied to an interface, if any.", - "type": "integer", - "minimum": 1, - "maximum": 64, - "default": 1 - }, - "acl-inf-policy-ingress": { - "description": "Specifies the ACL policy that is applied to incoming traffic on an interface.", - "type": "string", - "maxLength": 32, - "minLength": 1, - "examples": [ - "blacklisted-macs" - ] - }, - "acl-inf-counters-ingress": { - "description": "Tracks the number and type of packets that match the ingress ACL rules on an interface.", - "type": "boolean", - "default": false - }, - "acl-inf-policy-egress": { - "description": "Specifies the ACL policy that is applied to outgoing traffic from an interface.", - "type": "string", - "maxLength": 32, - "minLength": 1, - "examples": [ - "blacklisted-macs" - ] - }, - "acl-inf-counters-egress": { - "description": "Tracks the number and type of packets that match the egress ACL rules on an interface.", - "type": "boolean", - "default": false - } - } - } - }, - "dhcp-snoop-port": { - "description": "Configuration for DHCP Snooping on a port level on a switch", - "type": "object", - "properties": { - "dhcp-snoop-port-trust": { - "description": "This parameter designates a switch port as \u2018trusted\u2019 for DHCP messages, meaning it can forward DHCP offers and acknowledgments, which is essential for connecting to legitimate DHCP servers", - "type": "boolean", - "default": false - }, - "dhcp-snoop-port-client-limit": { - "description": "It sets a limit on the number of DHCP clients that can be associated with a single port, helping to prevent a single port from exhausting the network\u2019s IP address pool", - "type": "integer", - "minimum": 1 - }, - "dhcp-snoop-port-circuit-id": { - "description": "Specifies DHCP Option 82 circuit ID suboption information. Often including information like the interface number and VLAN ID, this can be useful for network management and troubleshooting", - "type": "string", - "minLength": 1, - "maxLength": 32 - } - } - }, "broad-band": { "oneOf": [ { diff --git a/ucentral.schema.json b/ucentral.schema.json index f6d1fe7..8504ebb 100644 --- a/ucentral.schema.json +++ b/ucentral.schema.json @@ -528,6 +528,94 @@ "default": false } } + }, + "acl": { + "type": "array", + "items": { + "type": "object", + "properties": { + "acl-inf-policy-preference": { + "type": "integer", + "minimum": 1, + "maximum": 64, + "default": 1 + }, + "acl-inf-policy-ingress": { + "type": "string", + "maxLength": 32, + "minLength": 1, + "examples": [ + "blacklisted-macs" + ] + }, + "acl-inf-counters-ingress": { + "type": "boolean", + "default": false + }, + "acl-inf-policy-egress": { + "type": "string", + "maxLength": 32, + "minLength": 1, + "examples": [ + "blacklisted-macs" + ] + }, + "acl-inf-counters-egress": { + "type": "boolean", + "default": false + } + } + } + }, + "voice-vlan-intf-config": { + "type": "object", + "properties": { + "voice-vlan-intf-mode": { + "type": "string", + "default": "auto", + "enum": [ + "none", + "manual", + "auto" + ] + }, + "voice-vlan-intf-priority": { + "type": "integer", + "default": 6, + "minimum": 0, + "maximum": 6 + }, + "voice-vlan-intf-detect-voice": { + "type": "string", + "default": "oui", + "enum": [ + "oui", + "lldp" + ] + }, + "voice-vlan-intf-security": { + "type": "boolean", + "default": false + } + } + } + }, + "dhcp-snoop-port": { + "type": "object", + "properties": { + "dhcp-snoop-port-trust": { + "type": "boolean", + "default": false + }, + "dhcp-snoop-port-client-limit": { + "type": "integer", + "minimum": 1 + }, + "dhcp-snoop-port-circuit-id": { + "type": "string", + "minLength": 1, + "maxLength": 32 + } } } }, @@ -793,6 +881,15 @@ "items": { "type": "object", "properties": { + "acl-index": { + "type": "integer", + "minimum": 1 + }, + "acl-name": { + "type": "string", + "maxLength": 32, + "minLength": 1 + }, "acl-type": { "type": "string", "enum": [ @@ -804,160 +901,100 @@ "arp" ] }, - "acl-name": { - "type": "string", - "maxLength": 32, - "minLength": 1 - }, - "acl-rule-action": { - "type": "string", - "enum": [ - "permit", - "deny" - ] - }, - "acl-source-macaddress": { - "type": "string", - "format": "uc-mac" - }, - "acl-source-macbitmask": { - "type": "string", - "format": "uc-mac" - }, - "acl-dest-macaddress": { - "type": "string", - "format": "uc-mac" - }, - "acl-dest-macbitmask": { - "type": "string", - "format": "uc-mac" - }, - "acl-packet-format": { - "type": "string", - "enum": [ - "any", - "untagged-eth2", - "untagged-802.3", - "tagged-eth2", - "tagged-802.3" - ] - }, - "acl-vlanid": { - "type": "integer", - "minimum": 1, - "maximum": 4094 - }, - "acl-vid-bitmask": { - "type": "integer", - "minimum": 1, - "maximum": 4095 - }, - "acl-ethertype": { - "type": "string", - "default": "800" - }, - "acl-ethertype-bitmask": { - "type": "string", - "default": "FFFF" - }, - "acl-cos": { - "type": "integer", - "minimum": 0, - "maximum": 7 - }, - "acl-cos-bitmask": { - "type": "integer", - "minimum": 0, - "maximum": 7 - }, - "acl-ipv4-source-address": { - "type": "string", - "format": "ipv4" - }, - "acl-ipv4-source-subnetmask": { - "type": "string", - "format": "ipv4" - }, - "acl-ipv4-dest-address": { - "type": "string", - "format": "ipv4" - }, - "acl-ipv4-dest-subnetmask": { - "type": "string", - "format": "ipv4" - }, - "acl-ipv6-source-address": { - "type": "string", - "format": "ipv6" - }, - "acl-ipv6-source-prefix-length": { - "type": "integer", - "minimum": 0, - "maximum": 128 - }, - "acl-ipv6-dest-address": { - "type": "string", - "format": "ipv6" - }, - "acl-ipv6-dest-prefix-length": { - "type": "integer", - "minimum": 0, - "maximum": 128 - }, - "acl-ip-proto": { - "type": "integer", - "minimum": 0, - "maximum": 255 - }, - "acl-ipv6-next-header": { - "type": "integer", - "minimum": 0, - "maximum": 255 - }, - "acl-ipv6-flow-label": { - "type": "integer", - "minimum": 0, - "maximum": 1048575 - }, - "acl-ip-source-port": { - "type": "integer", - "minimum": 0, - "maximum": 65535 - }, - "acl-ip-source-port-bitmask": { - "type": "integer", - "minimum": 0, - "maximum": 65535 - }, - "acl-ip-dest-port": { - "type": "integer", - "minimum": 0, - "maximum": 65535 - }, - "acl-ip-dest-port-bitmask": { - "type": "integer", - "minimum": 0, - "maximum": 65535 - }, - "acl-ipv4-fragment-offset": { - "type": "integer", - "minimum": 0, - "maximum": 8191 - }, - "acl-ipv6-fragment-offset": { - "type": "integer", - "minimum": 0, - "maximum": 8191 - }, - "acl-ip-ttl": { - "type": "integer", - "minimum": 0, - "maximum": 255 - }, - "acl-ipv6-hop-limit": { - "type": "integer", - "minimum": 0, - "maximum": 255 + "acl-rules": { + "type": "array", + "items": { + "type": "object", + "properties": { + "acl-rule-priority": { + "type": "integer", + "minimum": 0, + "maximum": 1024 + }, + "acl-rule-action": { + "type": "string", + "enum": [ + "permit", + "deny" + ] + }, + "acl-source-macaddress": { + "type": "string", + "format": "uc-mac" + }, + "acl-source-macbitmask": { + "type": "string", + "format": "uc-mac" + }, + "acl-dest-macaddress": { + "type": "string", + "format": "uc-mac" + }, + "acl-dest-macbitmask": { + "type": "string", + "format": "uc-mac" + }, + "acl-packet-format": { + "type": "string", + "enum": [ + "any", + "untagged-eth2", + "untagged-802.3", + "tagged-eth2", + "tagged-802.3" + ] + }, + "acl-vlanid": { + "type": "integer", + "minimum": 1, + "maximum": 4094 + }, + "acl-vid-bitmask": { + "type": "integer", + "minimum": 1, + "maximum": 4095 + }, + "acl-ethertype": { + "type": "string", + "default": "800" + }, + "acl-ethertype-bitmask": { + "type": "string", + "default": "FFFF" + }, + "acl-cos": { + "type": "integer", + "minimum": 0, + "maximum": 7 + }, + "acl-cos-bitmask": { + "type": "integer", + "minimum": 0, + "maximum": 7 + }, + "acl-ipv4-source-address": { + "type": "string", + "format": "ipv4" + }, + "acl-ipv4-source-subnetmask": { + "type": "string", + "format": "ipv4" + }, + "acl-ipv4-dest-address": { + "type": "string", + "format": "ipv4" + }, + "acl-ipv4-dest-subnetmask": { + "type": "string", + "format": "ipv4" + }, + "acl-ip-proto": { + "type": "integer", + "minimum": 0, + "maximum": 255 + } + } + } } } } @@ -1632,38 +1669,6 @@ "type": "boolean", "default": false }, - "voice-vlan-intf-config": { - "type": "object", - "properties": { - "voice-vlan-intf-mode": { - "type": "string", - "default": "auto", - "enum": [ - "none", - "manual", - "auto" - ] - }, - "voice-vlan-intf-priority": { - "type": "integer", - "default": 6, - "minimum": 0, - "maximum": 6 - }, - "voice-vlan-intf-detect-voice": { - "type": "string", - "default": "oui", - "enum": [ - "oui", - "lldp" - ] - }, - "voice-vlan-intf-security": { - "type": "boolean", - "default": false - } - } - }, "dhcp": { "$ref": "#/$defs/interface.ipv4.dhcp" }, @@ -1843,62 +1848,6 @@ } } }, - "interface.acl": { - "type": "array", - "items": { - "type": "object", - "properties": { - "acl-inf-policy-preference": { - "type": "integer", - "minimum": 1, - "maximum": 64, - "default": 1 - }, - "acl-inf-policy-ingress": { - "type": "string", - "maxLength": 32, - "minLength": 1, - "examples": [ - "blacklisted-macs" - ] - }, - "acl-inf-counters-ingress": { - "type": "boolean", - "default": false - }, - "acl-inf-policy-egress": { - "type": "string", - "maxLength": 32, - "minLength": 1, - "examples": [ - "blacklisted-macs" - ] - }, - "acl-inf-counters-egress": { - "type": "boolean", - "default": false - } - } - } - }, - "interface.dhcp-snoop-port": { - "type": "object", - "properties": { - "dhcp-snoop-port-trust": { - "type": "boolean", - "default": false - }, - "dhcp-snoop-port-client-limit": { - "type": "integer", - "minimum": 1 - }, - "dhcp-snoop-port-circuit-id": { - "type": "string", - "minLength": 1, - "maxLength": 32 - } - } - }, "interface.broad-band.wwan": { "type": "object", "properties": { @@ -2150,12 +2099,6 @@ "ipv6": { "$ref": "#/$defs/interface.ipv6" }, - "acl": { - "$ref": "#/$defs/interface.acl" - }, - "dhcp-snoop-port": { - "$ref": "#/$defs/interface.dhcp-snoop-port" - }, "broad-band": { "$ref": "#/$defs/interface.broad-band" }, diff --git a/ucentral.schema.pretty.json b/ucentral.schema.pretty.json index 2cd29c9..af893d1 100644 --- a/ucentral.schema.pretty.json +++ b/ucentral.schema.pretty.json @@ -622,6 +622,109 @@ "default": false } } + }, + "acl": { + "description": "A collection of access control entries that define the rules for filtering traffic through a network port.", + "type": "array", + "items": { + "type": "object", + "properties": { + "acl-inf-policy-preference": { + "description": "Determines the priority of multiple ACL policies when more than one is applied to an interface, if any.", + "type": "integer", + "minimum": 1, + "maximum": 64, + "default": 1 + }, + "acl-inf-policy-ingress": { + "description": "Specifies the ACL policy that is applied to incoming traffic on an interface.", + "type": "string", + "maxLength": 32, + "minLength": 1, + "examples": [ + "blacklisted-macs" + ] + }, + "acl-inf-counters-ingress": { + "description": "Tracks the number and type of packets that match the ingress ACL rules on an interface.", + "type": "boolean", + "default": false + }, + "acl-inf-policy-egress": { + "description": "Specifies the ACL policy that is applied to outgoing traffic from an interface.", + "type": "string", + "maxLength": 32, + "minLength": 1, + "examples": [ + "blacklisted-macs" + ] + }, + "acl-inf-counters-egress": { + "description": "Tracks the number and type of packets that match the egress ACL rules on an interface.", + "type": "boolean", + "default": false + } + } + } + }, + "voice-vlan-intf-config": { + "description": "Configure the Voice VLAN feature at the interface level, allowing for VoIP traffic to be prioritized on this specific port.", + "type": "object", + "properties": { + "voice-vlan-intf-mode": { + "description": "Specify the mode of placing this port on the voice VLAN.", + "type": "string", + "default": "auto", + "enum": [ + "none", + "manual", + "auto" + ] + }, + "voice-vlan-intf-priority": { + "description": "Define the Class of Service (CoS) priority for VoIP traffic passing through this port, ensuring higher priority over other traffic types.", + "type": "integer", + "default": 6, + "minimum": 0, + "maximum": 6 + }, + "voice-vlan-intf-detect-voice": { + "description": "Select the detection method for identifying VoIP traffic on this port, such as OUI-based detection or traffic pattern recognition.", + "type": "string", + "default": "oui", + "enum": [ + "oui", + "lldp" + ] + }, + "voice-vlan-intf-security": { + "description": "Enable or configure security filtering for VoIP traffic on the interface to protect against unauthorized devices.", + "type": "boolean", + "default": false + } + } + } + }, + "dhcp-snoop-port": { + "description": "Configuration for DHCP Snooping on a port level on a switch", + "type": "object", + "properties": { + "dhcp-snoop-port-trust": { + "description": "This parameter designates a switch port as \u2018trusted\u2019 for DHCP messages, meaning it can forward DHCP offers and acknowledgments, which is essential for connecting to legitimate DHCP servers", + "type": "boolean", + "default": false + }, + "dhcp-snoop-port-client-limit": { + "description": "It sets a limit on the number of DHCP clients that can be associated with a single port, helping to prevent a single port from exhausting the network\u2019s IP address pool", + "type": "integer", + "minimum": 1 + }, + "dhcp-snoop-port-circuit-id": { + "description": "Specifies DHCP Option 82 circuit ID suboption information. Often including information like the interface number and VLAN ID, this can be useful for network management and troubleshooting", + "type": "string", + "minLength": 1, + "maxLength": 32 + } } } }, @@ -936,6 +1039,17 @@ "items": { "type": "object", "properties": { + "acl-index": { + "description": "Unique identifier for the ACL grouping", + "type": "integer", + "minimum": 1 + }, + "acl-name": { + "description": "The identifier or name for the Access Control List", + "type": "string", + "maxLength": 32, + "minLength": 1 + }, "acl-type": { "description": "Type of the access control list", "type": "string", @@ -948,192 +1062,119 @@ "arp" ] }, - "acl-name": { - "description": "The identifier or name for the Access Control List", - "type": "string", - "maxLength": 32, - "minLength": 1 - }, - "acl-rule-action": { - "description": "Defines whether to permit or deny traffic matching the rule", - "type": "string", - "enum": [ - "permit", - "deny" - ] - }, - "acl-source-macaddress": { - "description": "Specifies the source MAC address to filter on", - "type": "string", - "format": "uc-mac" - }, - "acl-source-macbitmask": { - "description": "The mask applied to the source MAC address", - "type": "string", - "format": "uc-mac" - }, - "acl-dest-macaddress": { - "description": "Specifies the destination MAC address for the filter", - "type": "string", - "format": "uc-mac" - }, - "acl-dest-macbitmask": { - "description": "The mask applied to the destination MAC address", - "type": "string", - "format": "uc-mac" - }, - "acl-packet-format": { - "description": "Identifies the protocol encapsulated in the Ethernet frame by its EtherType", - "type": "string", - "enum": [ - "any", - "untagged-eth2", - "untagged-802.3", - "tagged-eth2", - "tagged-802.3" - ] - }, - "acl-vlanid": { - "description": "Specifies a VLAN ID to filter traffic from a specific VLAN", - "type": "integer", - "minimum": 1, - "maximum": 4094 - }, - "acl-vid-bitmask": { - "description": "The mask applied to the VLAN ID", - "type": "integer", - "minimum": 1, - "maximum": 4095 - }, - "acl-ethertype": { - "description": "Filters packets based on the custom EtherType field (HEX) in the Ethernet frame", - "type": "string", - "default": "800" - }, - "acl-ethertype-bitmask": { - "description": "The mask applied to the EtherType field", - "type": "string", - "default": "FFFF" - }, - "acl-cos": { - "description": "Filters based on the Class of Service (CoS) field in the frame", - "type": "integer", - "minimum": 0, - "maximum": 7 - }, - "acl-cos-bitmask": { - "description": "The mask applied to the CoS field", - "type": "integer", - "minimum": 0, - "maximum": 7 - }, - "acl-ipv4-source-address": { - "description": "The IPv4 address of the source to filter on", - "type": "string", - "format": "ipv4" - }, - "acl-ipv4-source-subnetmask": { - "description": "The subnet mask applied to the source IPv4 address", - "type": "string", - "format": "ipv4" - }, - "acl-ipv4-dest-address": { - "description": "The IPv4 address of the destination to filter on", - "type": "string", - "format": "ipv4" - }, - "acl-ipv4-dest-subnetmask": { - "description": "The subnet mask applied to the destination IPv4 address", - "type": "string", - "format": "ipv4" - }, - "acl-ipv6-source-address": { - "description": "The IPv6 address of the source to filter on", - "type": "string", - "format": "ipv6" - }, - "acl-ipv6-source-prefix-length": { - "description": "Defines the length of the prefix used in filtering IPv6 source addresses", - "type": "integer", - "minimum": 0, - "maximum": 128 - }, - "acl-ipv6-dest-address": { - "description": "The IPv6 address of the destination to filter on", - "type": "string", - "format": "ipv6" - }, - "acl-ipv6-dest-prefix-length": { - "description": "Defines the length of the prefix used in filtering IPv6 destination addresses", - "type": "integer", - "minimum": 0, - "maximum": 128 - }, - "acl-ip-proto": { - "description": "Filters based on the IP protocol number", - "type": "integer", - "minimum": 0, - "maximum": 255 - }, - "acl-ipv6-next-header": { - "description": "Specifies the next header type in IPv6 traffic, such as TCP, UDP, or ICMPv6", - "type": "integer", - "minimum": 0, - "maximum": 255 - }, - "acl-ipv6-flow-label": { - "description": "Filters packets based on the IPv6 Flow Label field", - "type": "integer", - "minimum": 0, - "maximum": 1048575 - }, - "acl-ip-source-port": { - "description": "Specifies the source port number for filtering", - "type": "integer", - "minimum": 0, - "maximum": 65535 - }, - "acl-ip-source-port-bitmask": { - "description": "The mask applied to the source port number", - "type": "integer", - "minimum": 0, - "maximum": 65535 - }, - "acl-ip-dest-port": { - "description": "Specifies the destination port number for filtering", - "type": "integer", - "minimum": 0, - "maximum": 65535 - }, - "acl-ip-dest-port-bitmask": { - "description": "The mask applied to the destination port number", - "type": "integer", - "minimum": 0, - "maximum": 65535 - }, - "acl-ipv4-fragment-offset": { - "description": "Filters based on IPv4 fragment offset for fragmented packets", - "type": "integer", - "minimum": 0, - "maximum": 8191 - }, - "acl-ipv6-fragment-offset": { - "description": "Filters based on IPv6 fragment offset for fragmented packets", - "type": "integer", - "minimum": 0, - "maximum": 8191 - }, - "acl-ip-ttl": { - "description": "Filters IPv4 traffic based on the TTL (Time to Live) value", - "type": "integer", - "minimum": 0, - "maximum": 255 - }, - "acl-ipv6-hop-limit": { - "description": "Filters IPv6 traffic based on the hop limit value, equivalent to IPv4 TTL", - "type": "integer", - "minimum": 0, - "maximum": 255 + "acl-rules": { + "description": "List of access control rules under this ACL", + "type": "array", + "items": { + "type": "object", + "properties": { + "acl-rule-priority": { + "description": "Priority of the rule within the ACL", + "type": "integer", + "minimum": 0, + "maximum": 1024 + }, + "acl-rule-action": { + "description": "Defines whether to permit or deny traffic matching the rule", + "type": "string", + "enum": [ + "permit", + "deny" + ] + }, + "acl-source-macaddress": { + "description": "Specifies the source MAC address to filter on", + "type": "string", + "format": "uc-mac" + }, + "acl-source-macbitmask": { + "description": "The mask applied to the source MAC address", + "type": "string", + "format": "uc-mac" + }, + "acl-dest-macaddress": { + "description": "Specifies the destination MAC address for the filter", + "type": "string", + "format": "uc-mac" + }, + "acl-dest-macbitmask": { + "description": "The mask applied to the destination MAC address", + "type": "string", + "format": "uc-mac" + }, + "acl-packet-format": { + "description": "Identifies the protocol encapsulated in the Ethernet frame by its EtherType", + "type": "string", + "enum": [ + "any", + "untagged-eth2", + "untagged-802.3", + "tagged-eth2", + "tagged-802.3" + ] + }, + "acl-vlanid": { + "description": "Specifies a VLAN ID to filter traffic from a specific VLAN", + "type": "integer", + "minimum": 1, + "maximum": 4094 + }, + "acl-vid-bitmask": { + "description": "The mask applied to the VLAN ID", + "type": "integer", + "minimum": 1, + "maximum": 4095 + }, + "acl-ethertype": { + "description": "Filters packets based on the custom EtherType field (HEX) in the Ethernet frame", + "type": "string", + "default": "800" + }, + "acl-ethertype-bitmask": { + "description": "The mask applied to the EtherType field", + "type": "string", + "default": "FFFF" + }, + "acl-cos": { + "description": "Filters based on the Class of Service (CoS) field in the frame", + "type": "integer", + "minimum": 0, + "maximum": 7 + }, + "acl-cos-bitmask": { + "description": "The mask applied to the CoS field", + "type": "integer", + "minimum": 0, + "maximum": 7 + }, + "acl-ipv4-source-address": { + "description": "The IPv4 address of the source to filter on", + "type": "string", + "format": "ipv4" + }, + "acl-ipv4-source-subnetmask": { + "description": "The subnet mask applied to the source IPv4 address", + "type": "string", + "format": "ipv4" + }, + "acl-ipv4-dest-address": { + "description": "The IPv4 address of the destination to filter on", + "type": "string", + "format": "ipv4" + }, + "acl-ipv4-dest-subnetmask": { + "description": "The subnet mask applied to the destination IPv4 address", + "type": "string", + "format": "ipv4" + }, + "acl-ip-proto": { + "description": "Filters based on the IP protocol number", + "type": "integer", + "minimum": 0, + "maximum": 255 + } + } + } } } } @@ -1916,43 +1957,6 @@ "type": "boolean", "default": false }, - "voice-vlan-intf-config": { - "description": "Configure the Voice VLAN feature at the interface level, allowing for VoIP traffic to be prioritized on this specific port.", - "type": "object", - "properties": { - "voice-vlan-intf-mode": { - "description": "Specify the mode of placing this port on the voice VLAN.", - "type": "string", - "default": "auto", - "enum": [ - "none", - "manual", - "auto" - ] - }, - "voice-vlan-intf-priority": { - "description": "Define the Class of Service (CoS) priority for VoIP traffic passing through this port, ensuring higher priority over other traffic types.", - "type": "integer", - "default": 6, - "minimum": 0, - "maximum": 6 - }, - "voice-vlan-intf-detect-voice": { - "description": "Select the detection method for identifying VoIP traffic on this port, such as OUI-based detection or traffic pattern recognition.", - "type": "string", - "default": "oui", - "enum": [ - "oui", - "lldp" - ] - }, - "voice-vlan-intf-security": { - "description": "Enable or configure security filtering for VoIP traffic on the interface to protect against unauthorized devices.", - "type": "boolean", - "default": false - } - } - }, "dhcp": { "$ref": "#/$defs/interface.ipv4.dhcp" }, @@ -2152,72 +2156,6 @@ } } }, - "interface.acl": { - "description": "A collection of access control entries that define the rules for filtering traffic through a network interface.", - "type": "array", - "items": { - "type": "object", - "properties": { - "acl-inf-policy-preference": { - "description": "Determines the priority of multiple ACL policies when more than one is applied to an interface, if any.", - "type": "integer", - "minimum": 1, - "maximum": 64, - "default": 1 - }, - "acl-inf-policy-ingress": { - "description": "Specifies the ACL policy that is applied to incoming traffic on an interface.", - "type": "string", - "maxLength": 32, - "minLength": 1, - "examples": [ - "blacklisted-macs" - ] - }, - "acl-inf-counters-ingress": { - "description": "Tracks the number and type of packets that match the ingress ACL rules on an interface.", - "type": "boolean", - "default": false - }, - "acl-inf-policy-egress": { - "description": "Specifies the ACL policy that is applied to outgoing traffic from an interface.", - "type": "string", - "maxLength": 32, - "minLength": 1, - "examples": [ - "blacklisted-macs" - ] - }, - "acl-inf-counters-egress": { - "description": "Tracks the number and type of packets that match the egress ACL rules on an interface.", - "type": "boolean", - "default": false - } - } - } - }, - "interface.dhcp-snoop-port": { - "description": "Configuration for DHCP Snooping on a port level on a switch", - "type": "object", - "properties": { - "dhcp-snoop-port-trust": { - "description": "This parameter designates a switch port as \u2018trusted\u2019 for DHCP messages, meaning it can forward DHCP offers and acknowledgments, which is essential for connecting to legitimate DHCP servers", - "type": "boolean", - "default": false - }, - "dhcp-snoop-port-client-limit": { - "description": "It sets a limit on the number of DHCP clients that can be associated with a single port, helping to prevent a single port from exhausting the network\u2019s IP address pool", - "type": "integer", - "minimum": 1 - }, - "dhcp-snoop-port-circuit-id": { - "description": "Specifies DHCP Option 82 circuit ID suboption information. Often including information like the interface number and VLAN ID, this can be useful for network management and troubleshooting", - "type": "string", - "minLength": 1, - "maxLength": 32 - } - } - }, "interface.broad-band.wwan": { "description": "This Object defines the properties of a broad-band uplink.", "type": "object", @@ -2510,12 +2448,6 @@ "ipv6": { "$ref": "#/$defs/interface.ipv6" }, - "acl": { - "$ref": "#/$defs/interface.acl" - }, - "dhcp-snoop-port": { - "$ref": "#/$defs/interface.dhcp-snoop-port" - }, "broad-band": { "$ref": "#/$defs/interface.broad-band" },