"high"
"medium"
"low"
-This section describes the per-port specific 802.1X (port access control) configuration.
Configure PAE processing on port, as well as select this port as an Authenticator (configure PAC role to authenticator). False configures the switch to not process PAC
Configure PAE processing on port, as well as select this port as an Authenticator (configure PAC role to authenticator). force-authorized - Disables IEEE 802.1X authentication and causes the port to change to the authorized state without any authentication exchange required. The port sends and receives normal traffic without IEEE 802.1X-based authentication of the client. force-unauthorized - Causes the port to remain in the unauthorized state, ignoring all attempts by the supplicant to authenticate. The Device cannot provide authentication services to the supplicant through the port. auto - Enables IEEE 802.1X authentication and causes the port to begin in the unauthorized state, allowing only EAPOL frames to be sent and received through the port. The authentication process begins when the link state of the port changes from down to up or when an EAPOL-start frame is received. The Device requests the identity of the supplicant and begins relaying authentication messages between the supplicant and the authentication server. Each supplicant attempting to access the network is uniquely identified by the Device by using the supplicant MAC address.
Multi-auth - While in this mode, multiple devices are allowed to independently authenticate through the same port.
Multi-domain - While in this mode, the authenticator will allow one host from the data domain and one from the voice domain.
Multi-host - While in this mode, the first device to authenticate will open to the switchport so that all other devices can use the port. These other devices are not required to be authenticated independently.
Single-host - While in this mode, the switchport will only allow a single host to be authenticated and to pass traffic at a time.
Configure a VLAN as a guest VLAN on an interface if the switch receives no response in an authentication event.
Value must be greater or equal to 1 and lesser or equal to 4094
Configure the unauthenticated VLAN to use when the AAA server fails to recognize the client credentials
Value must be greater or equal to 1 and lesser or equal to 4094
Enables bypass when a device does not support 802.1X authentication (e.g., printers, IP phones)
Defines the time period (in minutes) for which a MAC address is allowed access to the network without requiring reauthentication, after being authenticated or allowed via MAC Authentication Bypass (MAB).
Associates this port to a trunk or a port-channel.
Value must be greater or equal to 1 and lesser or equal to 64
This section describes the 802.3ad Link Aggregation Control Protocol (LACP) configuration for the current interface.
Enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface.
Configures the port LACP role as actor or partner.
Configures the LACP negotiation activity mode as active or passive.
Configures the port's LACP administration key.
Value must be greater or equal to 1 and lesser or equal to 65535
Configures the LACP port priority.
Value must be greater or equal to 1 and lesser or equal to 65535
Configures the LACP System priority.
Value must be greater or equal to 1 and lesser or equal to 65535
Configures the port channel's LACP administration key (optional).
Value must be greater or equal to 1 and lesser or equal to 65535
Configures the timeout to wait for the next LACP data unit.
Configurations of LLDP on a specified interface.
Enables LLDP transmit, receive, or transmit and receive mode on the specified port.
Configures an LLDP-enabled port to advertise the management address for this device.
Configures an LLDP-enabled port to advertise the management IPv6 address for this device, if available.
Configures an LLDP-enabled port to advertise its port description.
Configures an LLDP-enabled port to advertise its system capabilities.
Configures an LLDP-enabled port to advertise the system description.
Configures an LLDP-enabled port to advertise its system name.
Configures an LLDP-enabled port to advertise the supported protocols.
Configures an LLDP-enabled port to advertise port-based protocol-related VLAN information.
Configures an LLDP-enabled port to advertise its default Native VLAN ID (PVID).
Configures an LLDP-enabled port to advertise its VLAN name.
Configures an LLDP-enabled port to advertise its link aggregation capabilities.
Configures an LLDP-enabled port to advertise its MAC and physical layer specifications.
Configures an LLDP-enabled port to advertise its maximum frame size.
Configures an LLDP-enabled port to advertise its Power-over-Ethernet capabilities.
Configures an LLDP-MED-enabled port to advertise its location identification details.
Enables or disables the advertisement of this TLV.
Configure the two-letter ISO 3166 country code in capital ASCII letters.
The type of device to which the location applies.
The list of LLDP MED Location CA Types to advertise the physical location of the device, that is the city, street number, building and room information.
No Additional ItemsA one-octet descriptor of the data civic address value.
Value must be greater or equal to 0 and lesser or equal to 255
Description of a location.
Must be at least 1 characters long
Must be at most 32 characters long
Enables the transmission of SNMP trap notifications about LLDP-MED changes.
Configures an LLDP-MED-enabled port to advertise its extended Power over Ethernet configuration and usage information.
Configures an LLDP-MED-enabled port to advertise its inventory identification details.
Configures an LLDP-MED-enabled port to advertise its location identification details.
Configures an LLDP-MED-enabled port to advertise its Media Endpoint Device capabilities.
Configures an LLDP-MED-enabled port to advertise its network policy configuration.
Enables the transmission of SNMP trap notifications about LLDP changes.
This section defines the switch fabric specific features of a physical switch.
Enable mirror of traffic from multiple minotor ports to a single analysis port.
No Additional ItemsThe list of ports that we want to mirror.
No Additional ItemsThe port that mirror'ed packets should be sent to.
Enable loop detection on the L2 switches/bridge.
Define which protocol shall be used for loop detection.
Define on which logical switches/bridges we want to provide loop-detection.
No Additional ItemsDefine a list of configuration for each STP instance. Meaning of this field depends on current STP protocol (switch.loop-detection.protocol)
No Additional ItemsIndicates instance to configure. Depends on current STP protocol If RPVSTP/PVSTP - vlan id If MSTP - instance id
Enable STP on this instance.
Bridge priority.
Defines the amount of time a switch port stays in the Listening and Learning states before transitioning to the Forwarding state.
Determines how often switches send BPDU.
Specifies the maximum time that a switch port should wait to receive a BPDU from its neighbor before considering the link as failed or disconnected.
This section describes the global 802.1X (port access control) configuration.
Enabled processing of PAE frames on ports that have .1X configured.
Define a list of RADIUS server to forward auth requests to.
No Additional ItemsRemote radius server address (IP or hostname).
"192.168.1.1"
+This section describes the per-port specific 802.1X (port access control) configuration.
Configure PAE processing on port, as well as select this port as an Authenticator (configure PAC role to authenticator). False configures the switch to not process PAC
Configure PAE processing on port, as well as select this port as an Authenticator (configure PAC role to authenticator). force-authorized - Disables IEEE 802.1X authentication and causes the port to change to the authorized state without any authentication exchange required. The port sends and receives normal traffic without IEEE 802.1X-based authentication of the client. force-unauthorized - Causes the port to remain in the unauthorized state, ignoring all attempts by the supplicant to authenticate. The Device cannot provide authentication services to the supplicant through the port. auto - Enables IEEE 802.1X authentication and causes the port to begin in the unauthorized state, allowing only EAPOL frames to be sent and received through the port. The authentication process begins when the link state of the port changes from down to up or when an EAPOL-start frame is received. The Device requests the identity of the supplicant and begins relaying authentication messages between the supplicant and the authentication server. Each supplicant attempting to access the network is uniquely identified by the Device by using the supplicant MAC address.
Multi-auth - While in this mode, multiple devices are allowed to independently authenticate through the same port.
Multi-domain - While in this mode, the authenticator will allow one host from the data domain and one from the voice domain.
Multi-host - While in this mode, the first device to authenticate will open to the switchport so that all other devices can use the port. These other devices are not required to be authenticated independently.
Single-host - While in this mode, the switchport will only allow a single host to be authenticated and to pass traffic at a time.
Configure a VLAN as a guest VLAN on an interface if the switch receives no response in an authentication event.
Value must be greater or equal to 1 and lesser or equal to 4094
Configure the unauthenticated VLAN to use when the AAA server fails to recognize the client credentials
Value must be greater or equal to 1 and lesser or equal to 4094
Enables bypass when a device does not support 802.1X authentication (e.g., printers, IP phones)
Defines the time period (in minutes) for which a MAC address is allowed access to the network without requiring reauthentication, after being authenticated or allowed via MAC Authentication Bypass (MAB).
Associates this port to a trunk or a port-channel.
Value must be greater or equal to 1 and lesser or equal to 64
This section describes the 802.3ad Link Aggregation Control Protocol (LACP) configuration for the current interface.
Enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface.
Configures the port LACP role as actor or partner.
Configures the LACP negotiation activity mode as active or passive.
Configures the port's LACP administration key.
Value must be greater or equal to 1 and lesser or equal to 65535
Configures the LACP port priority.
Value must be greater or equal to 1 and lesser or equal to 65535
Configures the LACP System priority.
Value must be greater or equal to 1 and lesser or equal to 65535
Configures the port channel's LACP administration key (optional).
Value must be greater or equal to 1 and lesser or equal to 65535
Configures the timeout to wait for the next LACP data unit.
Configurations of LLDP on a specified interface.
Enables LLDP transmit, receive, or transmit and receive mode on the specified port.
Configures an LLDP-enabled port to advertise the management address for this device.
Configures an LLDP-enabled port to advertise the management IPv6 address for this device, if available.
Configures an LLDP-enabled port to advertise its port description.
Configures an LLDP-enabled port to advertise its system capabilities.
Configures an LLDP-enabled port to advertise the system description.
Configures an LLDP-enabled port to advertise its system name.
Configures an LLDP-enabled port to advertise the supported protocols.
Configures an LLDP-enabled port to advertise port-based protocol-related VLAN information.
Configures an LLDP-enabled port to advertise its default Native VLAN ID (PVID).
Configures an LLDP-enabled port to advertise its VLAN name.
Configures an LLDP-enabled port to advertise its link aggregation capabilities.
Configures an LLDP-enabled port to advertise its MAC and physical layer specifications.
Configures an LLDP-enabled port to advertise its maximum frame size.
Configures an LLDP-enabled port to advertise its Power-over-Ethernet capabilities.
Configures an LLDP-MED-enabled port to advertise its location identification details.
Enables or disables the advertisement of this TLV.
Configure the two-letter ISO 3166 country code in capital ASCII letters.
The type of device to which the location applies.
The list of LLDP MED Location CA Types to advertise the physical location of the device, that is the city, street number, building and room information.
No Additional ItemsA one-octet descriptor of the data civic address value.
Value must be greater or equal to 0 and lesser or equal to 255
Description of a location.
Must be at least 1 characters long
Must be at most 32 characters long
Enables the transmission of SNMP trap notifications about LLDP-MED changes.
Configures an LLDP-MED-enabled port to advertise its extended Power over Ethernet configuration and usage information.
Configures an LLDP-MED-enabled port to advertise its inventory identification details.
Configures an LLDP-MED-enabled port to advertise its location identification details.
Configures an LLDP-MED-enabled port to advertise its Media Endpoint Device capabilities.
Configures an LLDP-MED-enabled port to advertise its network policy configuration.
Enables the transmission of SNMP trap notifications about LLDP changes.
A collection of access control entries that define the rules for filtering traffic through a network port.
No Additional ItemsDetermines the priority of multiple ACL policies when more than one is applied to an interface, if any.
Value must be greater or equal to 1 and lesser or equal to 64
Specifies the ACL policy that is applied to incoming traffic on an interface.
Must be at least 1 characters long
Must be at most 32 characters long
"blacklisted-macs"
+Tracks the number and type of packets that match the ingress ACL rules on an interface.
Specifies the ACL policy that is applied to outgoing traffic from an interface.
Must be at least 1 characters long
Must be at most 32 characters long
"blacklisted-macs"
+Tracks the number and type of packets that match the egress ACL rules on an interface.
Configure the Voice VLAN feature at the interface level, allowing for VoIP traffic to be prioritized on this specific port.
Specify the mode of placing this port on the voice VLAN.
Define the Class of Service (CoS) priority for VoIP traffic passing through this port, ensuring higher priority over other traffic types.
Value must be greater or equal to 0 and lesser or equal to 6
Select the detection method for identifying VoIP traffic on this port, such as OUI-based detection or traffic pattern recognition.
Enable or configure security filtering for VoIP traffic on the interface to protect against unauthorized devices.
Configuration for DHCP Snooping on a port level on a switch
This parameter designates a switch port as ‘trusted’ for DHCP messages, meaning it can forward DHCP offers and acknowledgments, which is essential for connecting to legitimate DHCP servers
It sets a limit on the number of DHCP clients that can be associated with a single port, helping to prevent a single port from exhausting the network’s IP address pool
Value must be greater or equal to 1
Specifies DHCP Option 82 circuit ID suboption information. Often including information like the interface number and VLAN ID, this can be useful for network management and troubleshooting
Must be at least 1 characters long
Must be at most 32 characters long
This section defines the switch fabric specific features of a physical switch.
Enable mirror of traffic from multiple minotor ports to a single analysis port.
No Additional ItemsThe list of ports that we want to mirror.
No Additional ItemsThe port that mirror'ed packets should be sent to.
Enable loop detection on the L2 switches/bridge.
Define which protocol shall be used for loop detection.
Define on which logical switches/bridges we want to provide loop-detection.
No Additional ItemsDefine a list of configuration for each STP instance. Meaning of this field depends on current STP protocol (switch.loop-detection.protocol)
No Additional ItemsIndicates instance to configure. Depends on current STP protocol If RPVSTP/PVSTP - vlan id If MSTP - instance id
Enable STP on this instance.
Bridge priority.
Defines the amount of time a switch port stays in the Listening and Learning states before transitioning to the Forwarding state.
Determines how often switches send BPDU.
Specifies the maximum time that a switch port should wait to receive a BPDU from its neighbor before considering the link as failed or disconnected.
This section describes the global 802.1X (port access control) configuration.
Enabled processing of PAE frames on ports that have .1X configured.
Define a list of RADIUS server to forward auth requests to.
No Additional ItemsRemote radius server address (IP or hostname).
"192.168.1.1"
"somehost.com"
The port that the RADIUS authentication agent is running on.
Value must be greater or equal to 1 and lesser or equal to 65535
Secret key text that is shared between a RADIUS server and the switch.
"somepassword"
-The server's priority (used when multiple servers are present. Bigger prio value = higher priority).
Value must be greater or equal to 1 and lesser or equal to 64
This section describes the per-port specific port-isolation matrix (to which ports selected port can forward traffic to) configuration. Omitting this configuration completely fully disables any port-isolation configuration on this given port.
Allow selected port to forward traffic in the provided session-based format.
No Additional ItemsSession id to configure.
Configuration object for uplink interface(s)
List of interfaces (either physical or trunk ports)
No Additional ItemsConfiguration object for downlink interface(s)
List of interfaces (either physical or trunk ports)
No Additional ItemsSets the load-distribution method among ports in aggregated links for both static and LACP based trunks.
Enables Jumbo frames
DHCP Snooping configuration parameters
Enables DHCP Snooping on the network switch, which is a security feature that prevents unauthorized DHCP servers from offering IP addresses
Sets a limit on the number of DHCP packets per second that can be received on an untrusted interface to prevent DHCP flooding attacks
Value must be greater or equal to 1 and lesser or equal to 2048
This option ensures that the MAC address in a DHCP request matches the source MAC address of the packet, providing an additional layer of security
This refers to the insertion of information option 82 in DHCP packets, which adds more details about the client’s location and network information for tracking and control purposes
This parameter allows for the encoding of sub-options within option 82 to further specify client information
It specifies the remote ID sub-option in option 82, which typically includes information like the circuit ID or remote host identifier
Must be at least 1 characters long
Must be at most 32 characters long
This defines the policy for handling packets with option 82, determining whether they should be forwarded or dropped based on the configuration
Contains all the access control rule definitions
No Additional ItemsType of the access control list
The identifier or name for the Access Control List
Must be at least 1 characters long
Must be at most 32 characters long
Defines whether to permit or deny traffic matching the rule
Specifies the source MAC address to filter on
The mask applied to the source MAC address
Specifies the destination MAC address for the filter
The mask applied to the destination MAC address
Identifies the protocol encapsulated in the Ethernet frame by its EtherType
Specifies a VLAN ID to filter traffic from a specific VLAN
Value must be greater or equal to 1 and lesser or equal to 4094
The mask applied to the VLAN ID
Value must be greater or equal to 1 and lesser or equal to 4095
Filters packets based on the custom EtherType field (HEX) in the Ethernet frame
The mask applied to the EtherType field
Filters based on the Class of Service (CoS) field in the frame
Value must be greater or equal to 0 and lesser or equal to 7
The mask applied to the CoS field
Value must be greater or equal to 0 and lesser or equal to 7
The IPv4 address of the source to filter on
The subnet mask applied to the source IPv4 address
The IPv4 address of the destination to filter on
The subnet mask applied to the destination IPv4 address
The IPv6 address of the source to filter on
Defines the length of the prefix used in filtering IPv6 source addresses
Value must be greater or equal to 0 and lesser or equal to 128
The IPv6 address of the destination to filter on
Defines the length of the prefix used in filtering IPv6 destination addresses
Value must be greater or equal to 0 and lesser or equal to 128
Filters based on the IP protocol number
Value must be greater or equal to 0 and lesser or equal to 255
Specifies the next header type in IPv6 traffic, such as TCP, UDP, or ICMPv6
Value must be greater or equal to 0 and lesser or equal to 255
Filters packets based on the IPv6 Flow Label field
Value must be greater or equal to 0 and lesser or equal to 1048575
Specifies the source port number for filtering
Value must be greater or equal to 0 and lesser or equal to 65535
The mask applied to the source port number
Value must be greater or equal to 0 and lesser or equal to 65535
Specifies the destination port number for filtering
Value must be greater or equal to 0 and lesser or equal to 65535
The mask applied to the destination port number
Value must be greater or equal to 0 and lesser or equal to 65535
Filters based on IPv4 fragment offset for fragmented packets
Value must be greater or equal to 0 and lesser or equal to 8191
Filters based on IPv6 fragment offset for fragmented packets
Value must be greater or equal to 0 and lesser or equal to 8191
Filters IPv4 traffic based on the TTL (Time to Live) value
Value must be greater or equal to 0 and lesser or equal to 255
Filters IPv6 traffic based on the hop limit value, equivalent to IPv4 TTL
Value must be greater or equal to 0 and lesser or equal to 255
This section defines the Multicast VLAN Registration (MVR) general configuration.
Enable/Disable MVR globally on the switch.
This command configures the interval (in seconds) at which the receiver port sends out general queries. The maximum value is determined based on 12 hours as maximum interval, and minimum as 1 second as allowed value.
Value must be greater or equal to 1 and lesser or equal to 43200
Enable the MVR proxy switching mode, where the source port acts as a host, and the receiver port acts as an MVR router with querier service enabled.
Configure the expected packet loss, and thereby the number of times to generate report and group-specific queries when changes are learned about downstream groups, and the number of times group-specific queries are sent to downstream receiver ports. Right configuration ensures that multicast group memberships are correctly maintained even if some control messages are lost due to network issues.
Value must be greater or equal to 1 and lesser or equal to 255
Configure the switch to forward only multicast streams that a source port has dynamically joined or to forward all multicast groups.
Configure the Multicast VLAN Registration (MVR) domains.
No Additional ItemsUnique identifier for a Multicast Domain defined under the MVR.
Value must be greater or equal to 1 and lesser or equal to 10
Enable/disable Multicast VLAN Registration (MVR) for a specific domain.
Per domain Level Multicast VLAN ID. Specifies the VLAN through which MVR multicast data is received. This is the VLAN to which all source ports must be assigned.
Value must be greater or equal to 1 and lesser or equal to 4094
Configures the source IP address assigned to all MVR control packets sent upstream on all domains or on a specified domain.
"192.168.0.5"
+The server's priority (used when multiple servers are present. Bigger prio value = higher priority).
Value must be greater or equal to 1 and lesser or equal to 64
This section describes the per-port specific port-isolation matrix (to which ports selected port can forward traffic to) configuration. Omitting this configuration completely fully disables any port-isolation configuration on this given port.
Allow selected port to forward traffic in the provided session-based format.
No Additional ItemsSession id to configure.
Configuration object for uplink interface(s)
List of interfaces (either physical or trunk ports)
No Additional ItemsConfiguration object for downlink interface(s)
List of interfaces (either physical or trunk ports)
No Additional ItemsSets the load-distribution method among ports in aggregated links for both static and LACP based trunks.
Enables Jumbo frames
DHCP Snooping configuration parameters
Enables DHCP Snooping on the network switch, which is a security feature that prevents unauthorized DHCP servers from offering IP addresses
Sets a limit on the number of DHCP packets per second that can be received on an untrusted interface to prevent DHCP flooding attacks
Value must be greater or equal to 1 and lesser or equal to 2048
This option ensures that the MAC address in a DHCP request matches the source MAC address of the packet, providing an additional layer of security
This refers to the insertion of information option 82 in DHCP packets, which adds more details about the client’s location and network information for tracking and control purposes
This parameter allows for the encoding of sub-options within option 82 to further specify client information
It specifies the remote ID sub-option in option 82, which typically includes information like the circuit ID or remote host identifier
Must be at least 1 characters long
Must be at most 32 characters long
This defines the policy for handling packets with option 82, determining whether they should be forwarded or dropped based on the configuration
This section defines the Multicast VLAN Registration (MVR) general configuration.
Enable/Disable MVR globally on the switch.
This command configures the interval (in seconds) at which the receiver port sends out general queries. The maximum value is determined based on 12 hours as maximum interval, and minimum as 1 second as allowed value.
Value must be greater or equal to 1 and lesser or equal to 43200
Enable the MVR proxy switching mode, where the source port acts as a host, and the receiver port acts as an MVR router with querier service enabled.
Configure the expected packet loss, and thereby the number of times to generate report and group-specific queries when changes are learned about downstream groups, and the number of times group-specific queries are sent to downstream receiver ports. Right configuration ensures that multicast group memberships are correctly maintained even if some control messages are lost due to network issues.
Value must be greater or equal to 1 and lesser or equal to 255
Configure the switch to forward only multicast streams that a source port has dynamically joined or to forward all multicast groups.
Configure the Multicast VLAN Registration (MVR) domains.
No Additional ItemsUnique identifier for a Multicast Domain defined under the MVR.
Value must be greater or equal to 1 and lesser or equal to 10
Enable/disable Multicast VLAN Registration (MVR) for a specific domain.
Per domain Level Multicast VLAN ID. Specifies the VLAN through which MVR multicast data is received. This is the VLAN to which all source ports must be assigned.
Value must be greater or equal to 1 and lesser or equal to 4094
Configures the source IP address assigned to all MVR control packets sent upstream on all domains or on a specified domain.
"192.168.0.5"
List of MVR groups (or profiles) configuration.
No Additional ItemsThe name of a MVR group that consists of one or more MVR group addresses
Must be at least 1 characters long
Must be at most 16 characters long
Start IP address on the range of MVR group addresses that maps to a profile/MVR group
Statically configure all multicast group addresses that will join an MVR VLAN. Map a range of MVR group addresses to a profile
Value must be greater or equal to 1 and lesser or equal to 10
Configuration options for LLDP on a global level in a OLS switch.
Enables or disables LLDP globally at a switch level.
Configures the time-to-live (TTL) value sent in LLDP advertisements. The TTL tells the receiving LLDP agent how long to retain all information from the sending LLDP agent if it does not transmit updates in a timely manner.
Configures how many medFastStart packets are transmitted during the activation process of the LLDP-MED Fast Start mechanism.
Configures the periodic transmit interval for LLDP advertisements (in seconds).
Configures the delay (in seconds) before reinitializing after LLDP ports are disabled or the link goes down.
Configures a delay (in seconds) between successive transmissions of advertisements initiated by a change in local LLDP state.
Value must be greater or equal to 1 and lesser or equal to 8192
Configures the interval (in seconds) for sending SNMP notifications about LLDP changes.
Enables MC-LAG or disables it.
This section defines the MC-LAG configuration parameters for the switch.
List of MC-LAG domain configurations for the switch.
No Additional ItemsSpecifies the MC-LAG domain ID to identify the grouping of peer switches.
Value must be greater or equal to 1 and lesser or equal to 1024
Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches.
Defines the type of peer-link, either 'port' or 'trunk-group'
Specifies the port or trunk-group ID for the peer-link.
Value must be greater or equal to 1 and lesser or equal to 64
Configures the MC-LAG group, which binds the interfaces into a multi-chassis LAG.
Defines the unique MC-LAG group identifier.
Value must be greater or equal to 1 and lesser or equal to 128
List of interfaces that participate in the MC-LAG group.
No Additional ItemsInterface names that are part of the MC-LAG group.
"eth0"
"eth1"
LACP configuration settings for the MC-LAG group.
Enables or disables LACP for the MC-LAG group.
Configures the LACP role as 'actor' or 'partner'
Sets the LACP timeout as either 'short' or 'long'.
Specifies the system priority used by the switch for LACP negotiations.
Value must be greater or equal to 1 and lesser or equal to 65535
Enables dual-active detection to prevent split-brain scenarios in MC-LAG.
This parameter enables or disables the overall configuration of the Voice VLAN feature on the switch. When enabled, it allows the system to classify and prioritize voice traffic.
Specifies the VLAN ID assigned to the Voice VLAN. This is the unique identifier for the VLAN that will be used for prioritizing voice traffic.
Value must be greater or equal to 1 and lesser or equal to 4094
Defines the time, in minutes, that a dynamic Voice VLAN entry remains in the VLAN after voice traffic is no longer detected. It helps manage resources by removing inactive voice devices from the VLAN after this time elapses.
Value must be greater or equal to 5 and lesser or equal to 43200
Configures the Organizationally Unique Identifier (OUI) for identifying the voice devices (like IP phones).
No Additional ItemsThe specific MAC address pattern that corresponds to voice devices, as determined by the OUI. It is used for identifying and classifying voice traffic.
A mask applied to the MAC address to help match the OUI more precisely. It ensures that the correct portion of the MAC address is evaluated to identify a device as a voice device.
A descriptive label or comment for the OUI configuration. This can help administrators keep track of which OUI belongs to which type of voice device or vendor.
Must be at least 1 characters long
Must be at most 32 characters long
"A VoIP Phone"
-This section describes the logical network interfaces of the device. Interfaces as their primary have a role that is upstream, downstream, guest, ....
This is a free text field, stating the administrative name of the interface. It may contain spaces and special characters.
"LAN"
+Contains all the access control rule definitions
All items must be unique
No Additional ItemsThe identifier or name for the Access Control List
Must be at least 1 characters long
Must be at most 32 characters long
Type of the access control list
access control rules under this ACL
Each additional property must conform to the following schema
Type: array of objectAll items must be unique
No Additional ItemsDefines whether to permit or deny traffic matching the rule
Specifies the source MAC address to filter on
The mask applied to the source MAC address
Specifies the destination MAC address for the filter
The mask applied to the destination MAC address
Identifies the protocol encapsulated in the Ethernet frame by its EtherType
Specifies a VLAN ID to filter traffic from a specific VLAN
Value must be greater or equal to 1 and lesser or equal to 4094
The mask applied to the VLAN ID
Value must be greater or equal to 1 and lesser or equal to 4095
Filters packets based on the custom EtherType field (HEX) in the Ethernet frame
The mask applied to the EtherType field
Filters based on the Class of Service (CoS) field in the frame
Value must be greater or equal to 0 and lesser or equal to 7
The mask applied to the CoS field
Value must be greater or equal to 0 and lesser or equal to 7
The IPv4 address of the source to filter on
The subnet mask applied to the source IPv4 address
The IPv4 address of the destination to filter on
The subnet mask applied to the destination IPv4 address
Filters based on the IP protocol number
Value must be greater or equal to 0 and lesser or equal to 255
This section describes the logical network interfaces of the device. Interfaces as their primary have a role that is upstream, downstream, guest, ....
This is a free text field, stating the administrative name of the interface. It may contain spaces and special characters.
"LAN"
The role defines if the interface is upstream or downstream facing.
This option makes sure that any traffic leaving this interface is isolated and all local IP ranges are blocked. It essentially enforces "guest network" firewall settings.
The routing metric of this logical interface. Lower values have higher priority.
Value must be greater or equal to 0 and lesser or equal to 4294967295
The MTU of this logical interface.
Value must be greater or equal to 1280 and lesser or equal to 1500
The services that shall be offered on this logical interface. These are just strings such as "ssh", "lldp", "mdns"
No Additional Items"ssh"
"lldp"
Setup additional VLANs inside the bridge
This section describes the vlan behaviour of a logical network interface.
This is the pvid of the vlan that shall be assigned to the interface. The individual physical network devices contained within the interface need to be told explicitly if egress traffic shall be tagged.
Value must be lesser or equal to 4050
This section describes the bridge behaviour of a logical network interface.
The MTU that shall be used by the network interface.
Value must be greater or equal to 256 and lesser or equal to 65535
1500
@@ -59,15 +61,13 @@
MVR attributes on a given interface
Configure an interface as an MVR receiver or source port. A port which is not configured as an MVR receiver or source port can use IGMP snooping to join or leave multicast groups using the standard rules for multicast filtering.
Switch to immediately remove an interface from a multicast stream as soon as it receives a leave message for that group. Applies to only receiver role ports.
Map the port to a specific domain.
Value must be greater or equal to 1 and lesser or equal to 10
include the devices hostname inside DHCP requests
true
Define which DNS servers shall be used. This can either be a list of static IPv4 addresse or dhcp (use the server provided by the DHCP lease)
No Additional Items"8.8.8.8"
"4.4.4.4"
-Enables DHCP Snooping on a VLAN
Configure the Voice VLAN feature at the interface level, allowing for VoIP traffic to be prioritized on this specific port.
Specify the mode of placing this port on the voice VLAN.
Define the Class of Service (CoS) priority for VoIP traffic passing through this port, ensuring higher priority over other traffic types.
Value must be greater or equal to 0 and lesser or equal to 6
Select the detection method for identifying VoIP traffic on this port, such as OUI-based detection or traffic pattern recognition.
Enable or configure security filtering for VoIP traffic on the interface to protect against unauthorized devices.
This section describes the DHCP server configuration
The last octet of the first IPv4 address in this DHCP pool.
10
+Enables DHCP Snooping on a VLAN
This section describes the DHCP server configuration
The last octet of the first IPv4 address in this DHCP pool.
10
The number of IPv4 addresses inside the DHCP pool.
100
How long the lease is valid before a RENEW must be issued.
Use host at this IPv4 address to forward packets between clients and servers on different subnets.
This option selects what info shall be contained within a relayed frame's circuit ID. The string passed in has placeholders that are placed inside a bracket pair "{}". Any text not contained within brackets will be included as freetext. Valid placeholders are "Interface, VLAN-ID"
This section describes the static DHCP leases of this logical interface.
The MAC address of the host that this lease shall be used for.
"00:11:22:33:44:55"
The offset of the IP that shall be used in relation to the first IP in the available range.
10
How long the lease is valid before a RENEW muss ne issued.
Shall the hosts hostname be made available locally via DNS.
This section describes an IPv4 port forwarding.
The layer 3 protocol to match.
The external port(s) to forward.
The internal IP to forward to. The address will be masked and concatenated with the effective interface subnet.
The internal port to forward to. Defaults to the external port if omitted.
This section describes the IPv6 properties of a logical interface.
This option defines the method by which the IPv6 subnet of the interface is acquired. In static addressing mode, the specified subnet and gateway, if any, are configured on the interface in a fixed manner. Also - if a prefix size hint is specified - a prefix of the given size is allocated from each upstream received prefix delegation pool and assigned to the interface. In dynamic addressing mode, a DHCPv6 client will be launched to obtain IPv6 prefixes for the interface itself and for downstream delegation. Note that dynamic addressing usually only ever makes sense on upstream interfaces.
This option defines a static IPv6 prefix in CIDR notation to set on the logical interface. A special notation "auto/64" can be used, causing the configuration agent to automatically allocate a suitable prefix from the IPv6 address pool specified in globals.ipv6-network. This property only applies to static addressing mode. Note that this is usually not needed due to DHCPv6-PD assisted prefix assignment.
"auto/64"
This option defines the static IPv6 gateway of the logical interface. It only applies to static addressing mode. Note that this is usually not needed due to DHCPv6-PD assisted prefix assignment.
"2001:db8:123:456::1"
-For dynamic addressing interfaces, this property specifies the prefix size to request from an upstream DHCPv6 server through prefix delegation. For static addressing interfaces, it specifies the size of the sub-prefix to allocate from the upstream-received delegation prefixes for assignment to the logical interface.
Value must be greater or equal to 0 and lesser or equal to 64
This section describes the DHCPv6 server configuration
Specifies the DHCPv6 server operation mode. When set to "stateless", the system will announce router advertisements only, without offering stateful DHCPv6 service. When set to "stateful", emitted router advertisements will instruct clients to obtain a DHCPv6 lease. When set to "hybrid", clients can freely chose whether to self-assign a random address through SLAAC, whether to request an address via DHCPv6, or both. For maximum compatibility with different clients, it is recommended to use the hybrid mode. The special mode "relay" will instruct the unit to act as DHCPv6 relay between this interface and any of the IPv6 interfaces in "upstream" mode.
Overrides the DNS server to announce in DHCPv6 and RA messages. By default, the device will announce its own local interface address as DNS server, essentially acting as proxy for downstream clients. By specifying a non-empty list of IPv6 addresses here, this default behaviour can be overridden.
No Additional ItemsSelects a specific downstream prefix or a number of downstream prefix ranges to announce in DHCPv6 and RA messages. By default, all prefixes configured on a given downstream interface are advertised. By specifying an IPv6 prefix in CIDR notation here, only prefixes covered by this CIDR are selected.
This section describes an IPv6 port forwarding.
The layer 3 protocol to match.
The external port(s) to forward.
The internal IP to forward to. The address will be masked and concatenated with the effective interface subnet.
The internal port to forward to. Defaults to the external port if omitted.
This section describes an IPv6 traffic accept rule.
The layer 3 protocol to match.
The source IP to allow traffic from.
The source port(s) to accept.
Must contain a minimum of 1 items
The destination IP to allow traffic to. The address will be masked and concatenated with the effective interface subnet.
The destination ports to accept.
Must contain a minimum of 1 items
A collection of access control entries that define the rules for filtering traffic through a network interface.
No Additional ItemsDetermines the priority of multiple ACL policies when more than one is applied to an interface, if any.
Value must be greater or equal to 1 and lesser or equal to 64
Specifies the ACL policy that is applied to incoming traffic on an interface.
Must be at least 1 characters long
Must be at most 32 characters long
"blacklisted-macs"
-Tracks the number and type of packets that match the ingress ACL rules on an interface.
Specifies the ACL policy that is applied to outgoing traffic from an interface.
Must be at least 1 characters long
Must be at most 32 characters long
"blacklisted-macs"
-Tracks the number and type of packets that match the egress ACL rules on an interface.
Configuration for DHCP Snooping on a port level on a switch
This parameter designates a switch port as ‘trusted’ for DHCP messages, meaning it can forward DHCP offers and acknowledgments, which is essential for connecting to legitimate DHCP servers
It sets a limit on the number of DHCP clients that can be associated with a single port, helping to prevent a single port from exhausting the network’s IP address pool
Value must be greater or equal to 1
Specifies DHCP Option 82 circuit ID suboption information. Often including information like the interface number and VLAN ID, this can be useful for network management and troubleshooting
Must be at least 1 characters long
Must be at most 32 characters long
This Object defines the properties of a broad-band uplink.
This uplink uses WWAN/LTE
Specific value:"wwan" The local protocol that the modem supports.
Commonly known as APN. The name of a gateway between a mobile network and the internet.
The authentication mode that shall be used.
The PIN that shall be used to unlock the SIM card.
This option is only required if an authentication-type is defined.
This option is only required if an authentication-type is defined.
Define what kind of IP stack shall be used.
This Object defines the properties of a PPPoE uplink.
This uplink uses PPPoE
Specific value:"pppoe" The username used to authenticate.
The password used to authenticate.
This Object defines the properties of a mesh interface overlay.
This field must be set to mesh.
Specific value:"mesh" This Object defines the properties of a vxlan tunnel.
This field must be set to vxlan.
Specific value:"vxlan" This is the IP address of the remote host, that the VXLAN tunnel shall be established with.
The network port that shall be used to establish the VXLAN tunnel.
Value must be greater or equal to 1 and lesser or equal to 65535
4789
+For dynamic addressing interfaces, this property specifies the prefix size to request from an upstream DHCPv6 server through prefix delegation. For static addressing interfaces, it specifies the size of the sub-prefix to allocate from the upstream-received delegation prefixes for assignment to the logical interface.
Value must be greater or equal to 0 and lesser or equal to 64
This section describes the DHCPv6 server configuration
Specifies the DHCPv6 server operation mode. When set to "stateless", the system will announce router advertisements only, without offering stateful DHCPv6 service. When set to "stateful", emitted router advertisements will instruct clients to obtain a DHCPv6 lease. When set to "hybrid", clients can freely chose whether to self-assign a random address through SLAAC, whether to request an address via DHCPv6, or both. For maximum compatibility with different clients, it is recommended to use the hybrid mode. The special mode "relay" will instruct the unit to act as DHCPv6 relay between this interface and any of the IPv6 interfaces in "upstream" mode.
Overrides the DNS server to announce in DHCPv6 and RA messages. By default, the device will announce its own local interface address as DNS server, essentially acting as proxy for downstream clients. By specifying a non-empty list of IPv6 addresses here, this default behaviour can be overridden.
No Additional ItemsSelects a specific downstream prefix or a number of downstream prefix ranges to announce in DHCPv6 and RA messages. By default, all prefixes configured on a given downstream interface are advertised. By specifying an IPv6 prefix in CIDR notation here, only prefixes covered by this CIDR are selected.
This section describes an IPv6 port forwarding.
The layer 3 protocol to match.
The external port(s) to forward.
The internal IP to forward to. The address will be masked and concatenated with the effective interface subnet.
The internal port to forward to. Defaults to the external port if omitted.
This section describes an IPv6 traffic accept rule.
The layer 3 protocol to match.
The source IP to allow traffic from.
The source port(s) to accept.
Must contain a minimum of 1 items
The destination IP to allow traffic to. The address will be masked and concatenated with the effective interface subnet.
The destination ports to accept.
Must contain a minimum of 1 items
This Object defines the properties of a broad-band uplink.
This uplink uses WWAN/LTE
Specific value:"wwan" The local protocol that the modem supports.
Commonly known as APN. The name of a gateway between a mobile network and the internet.
The authentication mode that shall be used.
The PIN that shall be used to unlock the SIM card.
This option is only required if an authentication-type is defined.
This option is only required if an authentication-type is defined.
Define what kind of IP stack shall be used.
This Object defines the properties of a PPPoE uplink.
This uplink uses PPPoE
Specific value:"pppoe" The username used to authenticate.
The password used to authenticate.
This Object defines the properties of a mesh interface overlay.
This field must be set to mesh.
Specific value:"mesh" This Object defines the properties of a vxlan tunnel.
This field must be set to vxlan.
Specific value:"vxlan" This is the IP address of the remote host, that the VXLAN tunnel shall be established with.
The network port that shall be used to establish the VXLAN tunnel.
Value must be greater or equal to 1 and lesser or equal to 65535
4789
This Object defines the properties of a l2tp tunnel.
This field must be set to vxlan.
Specific value:"l2tp" This is the IP address of the remote host, that the L2TP tunnel shall be established with.
The username used to authenticate.
The password used to authenticate.
This Object defines the properties of a GRE tunnel.
This field must be set to gre.
Specific value:"gre" This is the IP address of the remote host, that the GRE tunnel shall be established with.
Healthcheck will probe if the remote peer replies to DHCP discovery without sending an ACK.
Set “Don't Fragment” flag on encapsulated packets.
This Object defines the properties of a GREv6 tunnel.
This field must be set to gre6.
Specific value:"gre6" This is the IPv6 address of the remote host, that the GRE tunnel shall be established with.
Healthcheck will probe if the remote peer replies to DHCP discovery without sending an ACK.
This section describes all of the services that may be present on the AP. Each service is then referenced via its name inside an interface, ...
The LLDP description field. If set to "auto" it will be derived from unit.name.
The LLDP location field. If set to "auto" it will be derived from unit.location.
This section can be used to setup a SSH server on the AP.
This option defines which port the SSH server shall be available on.
Value must be lesser or equal to 65535
Additional Properties of any type are allowed.
Type: object