scottk/ols-ucentral-schema
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/ols-ucentral-schema.git synced 2025-10-30 01:32:26 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Compare commits

base: scottk:OLS-849-add-xSTP-parameters
Branches Tags
scottk:main scottk:OLS-849-add-xSTP-parameters scottk:OLS-848-Schema-Intrusion-detection scottk:OLS-838-Update-OLS-Schema-version-to-4.2.0 scottk:correct-storm-control-indentation scottk:ols-821-mclag-schema-correction scottk:fix/fix_invalid_schema scottk:ols-688-bpdu-guard scottk:ols-822-lldp-peers-statemessage-enhancements scottk:OLS_UpdateSchemaVersion_410 scottk:ols-659-simplify-vlan-config scottk:staging-OLS-644-global-dns scottk:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release scottk:Sprint-8-OLS-ARP-Inspect-Schema scottk:Sprint-8-OLS---Rate-Limiting-schema scottk:OLS-556-Sprint-8-IPSourceGuard scottk:OLS-556-Sprint-8-SubcribeRTEvents scottk:OLS-550_Schema_Corrections_Pre4p0_Features scottk:OLS-562-Add-schema-version-to-ols-ucentral-schema scottk:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema scottk:OLS-538_port_speed_enum_fix_40g scottk:OLS-425_sprint6_schema scottk:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities scottk:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities scottk:OLS_319_sprint4_schema scottk:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames scottk:link_aggregation scottk:change_port_mirror_type_to_array scottk:lacp scottk:jumbo_frames scottk:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml scottk:OLS-228-delta_counters scottk:secure_http_server scottk:fix_loop_detection_schema_instances_indentation scottk:change_vrf_id_to_integer scottk:schema_fixes_and_updates scottk:default-values-for-schema/ethernet.yml-speed-and-duplex scottk:next scottk:1-incorrect-indentation-for-statelink-stateyml
scottk:v4.1.0-rc1 scottk:v4.0.0 scottk:v4.0.0-rc1 scottk:v3.2.7
...
compare: scottk:OLS-848-Schema-Intrusion-detection
Branches Tags
scottk:OLS-849-add-xSTP-parameters scottk:OLS-848-Schema-Intrusion-detection scottk:OLS-838-Update-OLS-Schema-version-to-4.2.0 scottk:main scottk:correct-storm-control-indentation scottk:ols-821-mclag-schema-correction scottk:fix/fix_invalid_schema scottk:ols-688-bpdu-guard scottk:ols-822-lldp-peers-statemessage-enhancements scottk:OLS_UpdateSchemaVersion_410 scottk:ols-659-simplify-vlan-config scottk:staging-OLS-644-global-dns scottk:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release scottk:Sprint-8-OLS-ARP-Inspect-Schema scottk:Sprint-8-OLS---Rate-Limiting-schema scottk:OLS-556-Sprint-8-IPSourceGuard scottk:OLS-556-Sprint-8-SubcribeRTEvents scottk:OLS-550_Schema_Corrections_Pre4p0_Features scottk:OLS-562-Add-schema-version-to-ols-ucentral-schema scottk:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema scottk:OLS-538_port_speed_enum_fix_40g scottk:OLS-425_sprint6_schema scottk:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities scottk:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities scottk:OLS_319_sprint4_schema scottk:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames scottk:link_aggregation scottk:change_port_mirror_type_to_array scottk:lacp scottk:jumbo_frames scottk:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml scottk:OLS-228-delta_counters scottk:secure_http_server scottk:fix_loop_detection_schema_instances_indentation scottk:change_vrf_id_to_integer scottk:schema_fixes_and_updates scottk:default-values-for-schema/ethernet.yml-speed-and-duplex scottk:next scottk:1-incorrect-indentation-for-statelink-stateyml
scottk:v4.1.0-rc1 scottk:v4.0.0 scottk:v4.0.0-rc1 scottk:v3.2.7

2 Commits
OLS-849-ad ... OLS-848-Sc

Author SHA1 Message Date
Binny
2711412306 ols-848-comments-addressed 2025-10-29 09:44:19 +00:00
Binny
f11d7d8181 ols-848-intrusiondetection-draft-changes 2025-10-08 11:47:20 +00:00
8 changed files with 139 additions and 2 deletions
Expand all files Collapse all files

1
capabilities/connect.capabilities.yml
View File

@@ -282,6 +282,7 @@ properties:
- IP-ACL
- Guest-VLAN
- Storm-Control
- Access-Lockout
# Services
- Service-SSH
- Service-RSSH

14
schema/switch.yml
View File

@@ -545,6 +545,18 @@ properties:
minLength: 1
examples:
- "A VoIP Phone"
intrusion-detection-access-lockout:
description: Enables protection against unauthorized login attempts by locking user access
after a specified number of failed authentication attempts within a defined period.
type: object
properties:
lockout-attempt-count:
description: Number of consecutive failed login attempts allowed before the user account is locked.
type: integer
minimum: 1
lockout-period-seconds:
description: Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold.
type: integer
arp-inspect:
$ref: "https://ucentral.io/schema/v1/switch/arp-inspect/"
ip-source-guard:
@@ -557,4 +569,4 @@ properties:
description: Define a global list of dns servers.
type: array
items:
type: string
type: string

36
state/state.yml
View File

@@ -187,4 +187,38 @@ properties:
description: Total number of topology changes detected.
last-topology-change-seconds:
type: integer
description: Time (in seconds) since the last topology change.
description: Time (in seconds) since the last topology change.
access-lockout:
type: object
description: Represents the operational state and statistics of the Intrusion Detection and Access Lockout feature.
properties:
user-sessions:
type: array
description: Displays a list of user sessions being tracked for failed login attempts.
items:
type: object
properties:
username:
type: string
description: The username associated with the login attempts being tracked.
source-ip:
type: string
description: The IP address from which the login attempts originated.
failed-attempts:
type: integer
description: The number of consecutive failed login attempts recorded for this user session.
status:
type: string
description: Indicates whether the user account is currently locked or active.
enum:
- active
- locked
last-failed-attempt-time:
type: integer
description: UNIX timestamp (in seconds) of the most recent failed login attempt.
lockout-start-time:
type: integer
description: UNIX timestamp (in seconds) when the user account was locked.
lockout-expiry-time:
type: integer
description: UNIX timestamp (in seconds) when the lockout period will end and access will be restored.

1
ucentral.capabilities.pretty.json
View File

@@ -344,6 +344,7 @@
"IP-ACL",
"Guest-VLAN",
"Storm-Control",
"Access-Lockout",
"Service-SSH",
"Service-RSSH",
"Service-Telnet",

15
ucentral.schema.full.json
View File

@@ -1434,6 +1434,21 @@
}
}
},
"intrusion-detection-access-lockout": {
"description": "Enables protection against unauthorized login attempts by locking user access after a specified number of failed authentication attempts within a defined period.",
"type": "object",
"properties": {
"lockout-attempt-count": {
"description": "Number of consecutive failed login attempts allowed before the user account is locked.",
"type": "integer",
"minimum": 1
},
"lockout-period-seconds": {
"description": "Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold.",
"type": "integer"
}
}
},
"arp-inspect": {
"type": "object",
"description": "Global configuration for ARP Inspection on the switch.",

12
ucentral.schema.json
View File

@@ -1599,6 +1599,18 @@
}
}
},
"intrusion-detection-access-lockout": {
"type": "object",
"properties": {
"lockout-attempt-count": {
"type": "integer",
"minimum": 1
},
"lockout-period-seconds": {
"type": "integer"
}
}
},
"arp-inspect": {
"$ref": "#/$defs/switch.arp-inspect"
},

15
ucentral.schema.pretty.json
View File

@@ -1892,6 +1892,21 @@
}
}
},
"intrusion-detection-access-lockout": {
"description": "Enables protection against unauthorized login attempts by locking user access after a specified number of failed authentication attempts within a defined period.",
"type": "object",
"properties": {
"lockout-attempt-count": {
"description": "Number of consecutive failed login attempts allowed before the user account is locked.",
"type": "integer",
"minimum": 1
},
"lockout-period-seconds": {
"description": "Duration (in seconds) for which the user account remains locked after exceeding the failed attempt threshold.",
"type": "integer"
}
}
},
"arp-inspect": {
"$ref": "#/$defs/switch.arp-inspect"
},

47
ucentral.state.pretty.json
View File

@@ -256,6 +256,53 @@
}
}
}
},
"access-lockout": {
"type": "object",
"description": "Represents the operational state and statistics of the Intrusion Detection and Access Lockout feature.",
"properties": {
"user-sessions": {
"type": "array",
"description": "Displays a list of user sessions being tracked for failed login attempts.",
"items": {
"type": "object",
"properties": {
"username": {
"type": "string",
"description": "The username associated with the login attempts being tracked."
},
"source-ip": {
"type": "string",
"description": "The IP address from which the login attempts originated."
},
"failed-attempts": {
"type": "integer",
"description": "The number of consecutive failed login attempts recorded for this user session."
},
"status": {
"type": "string",
"description": "Indicates whether the user account is currently locked or active.",
"enum": [
"active",
"locked"
]
},
"last-failed-attempt-time": {
"type": "integer",
"description": "UNIX timestamp (in seconds) of the most recent failed login attempt."
},
"lockout-start-time": {
"type": "integer",
"description": "UNIX timestamp (in seconds) when the user account was locked."
},
"lockout-expiry-time": {
"type": "integer",
"description": "UNIX timestamp (in seconds) when the lockout period will end and access will be restored."
}
}
}
}
}
}
},
"$defs": {