scottk/ols-ucentral-schema
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/ols-ucentral-schema.git synced 2025-10-30 17:47:59 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Compare commits

base: scottk:Sprint-8-OLS---Rate-Limiting-schema
Branches Tags
scottk:main scottk:OLS-849-add-xSTP-parameters scottk:OLS-848-Schema-Intrusion-detection scottk:OLS-838-Update-OLS-Schema-version-to-4.2.0 scottk:correct-storm-control-indentation scottk:ols-821-mclag-schema-correction scottk:fix/fix_invalid_schema scottk:ols-688-bpdu-guard scottk:ols-822-lldp-peers-statemessage-enhancements scottk:OLS_UpdateSchemaVersion_410 scottk:ols-659-simplify-vlan-config scottk:staging-OLS-644-global-dns scottk:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release scottk:Sprint-8-OLS-ARP-Inspect-Schema scottk:Sprint-8-OLS---Rate-Limiting-schema scottk:OLS-556-Sprint-8-IPSourceGuard scottk:OLS-556-Sprint-8-SubcribeRTEvents scottk:OLS-550_Schema_Corrections_Pre4p0_Features scottk:OLS-562-Add-schema-version-to-ols-ucentral-schema scottk:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema scottk:OLS-538_port_speed_enum_fix_40g scottk:OLS-425_sprint6_schema scottk:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities scottk:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities scottk:OLS_319_sprint4_schema scottk:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames scottk:link_aggregation scottk:change_port_mirror_type_to_array scottk:lacp scottk:jumbo_frames scottk:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml scottk:OLS-228-delta_counters scottk:secure_http_server scottk:fix_loop_detection_schema_instances_indentation scottk:change_vrf_id_to_integer scottk:schema_fixes_and_updates scottk:default-values-for-schema/ethernet.yml-speed-and-duplex scottk:next scottk:1-incorrect-indentation-for-statelink-stateyml
scottk:v4.1.0-rc1 scottk:v4.0.0 scottk:v4.0.0-rc1 scottk:v3.2.7
...
compare: scottk:fix/fix_invalid_schema
Branches Tags
scottk:OLS-849-add-xSTP-parameters scottk:OLS-848-Schema-Intrusion-detection scottk:OLS-838-Update-OLS-Schema-version-to-4.2.0 scottk:main scottk:correct-storm-control-indentation scottk:ols-821-mclag-schema-correction scottk:fix/fix_invalid_schema scottk:ols-688-bpdu-guard scottk:ols-822-lldp-peers-statemessage-enhancements scottk:OLS_UpdateSchemaVersion_410 scottk:ols-659-simplify-vlan-config scottk:staging-OLS-644-global-dns scottk:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release scottk:Sprint-8-OLS-ARP-Inspect-Schema scottk:Sprint-8-OLS---Rate-Limiting-schema scottk:OLS-556-Sprint-8-IPSourceGuard scottk:OLS-556-Sprint-8-SubcribeRTEvents scottk:OLS-550_Schema_Corrections_Pre4p0_Features scottk:OLS-562-Add-schema-version-to-ols-ucentral-schema scottk:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema scottk:OLS-538_port_speed_enum_fix_40g scottk:OLS-425_sprint6_schema scottk:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities scottk:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities scottk:OLS_319_sprint4_schema scottk:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames scottk:link_aggregation scottk:change_port_mirror_type_to_array scottk:lacp scottk:jumbo_frames scottk:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml scottk:OLS-228-delta_counters scottk:secure_http_server scottk:fix_loop_detection_schema_instances_indentation scottk:change_vrf_id_to_integer scottk:schema_fixes_and_updates scottk:default-values-for-schema/ethernet.yml-speed-and-duplex scottk:next scottk:1-incorrect-indentation-for-statelink-stateyml
scottk:v4.1.0-rc1 scottk:v4.0.0 scottk:v4.0.0-rc1 scottk:v3.2.7

30 Commits
Sprint-8-O ... fix/fix_in

Author SHA1 Message Date
Oleksandr Mazur
c9b4970b29 Fix broken schema json file 
After latest main merge, there's some overlapping which effectively
breaks the schema (it becomes invalid json file, due to some objects
not ending where they should).

Run generate.sh to provide a complete valid generated json file.

Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2025-09-05 12:36:54 +03:00
Mike Hansen
fdf54a7e0e Merge pull request #44 from Telecominfraproject/ols-688-bpdu-guard 
ols-688-sprint-12-bpdu-guard-draft
 2025-09-03 13:39:44 -04:00
Binny
52e38ce792 Merge branch 'main' into ols-688-bpdu-guard 2025-09-03 23:05:31 +05:30
Mike Hansen
41e621b455 Merge pull request #45 from Telecominfraproject/ols-688-sprint-12-storm-control-draft 
ols-688-sprint-12-stormcontrol-draft
 2025-08-20 09:43:38 -04:00
Binny
c79f7f4517 ols-688-sprint12-bpduguard-final-p2 2025-06-17 15:12:40 +00:00
Binny
0e43b3cb3a ols-688-sprint12-stormcontrol-finalreview-p2 2025-06-17 15:06:46 +00:00
Binny
67f3f14fab ols-688-sprint12-stormcontrol-finalreview 2025-06-17 04:12:10 +00:00
Binny
8c82a276d8 ols-688-sprint12-bpdu-guard-finalreview 2025-06-17 04:05:31 +00:00
Binny
a098465268 ols-688-bpdu-guard-first-reviewchange 2025-06-11 03:33:54 +00:00
Binny
040650cb5c ols-688-sprint-12-stormcontrol-draft 2025-06-09 04:09:55 +00:00
Binny
adf3514ae9 ols-688-sprint-12-bpdu-guard-draft 2025-06-08 18:16:46 +00:00
Mike Hansen
d8d4380977 Merge pull request #43 from Telecominfraproject/OLS_UpdateSchemaVersion_410 
Update OLS Schema version to 4.1.0, regenerate html
 2025-05-26 13:21:31 -04:00
Mike Hansen
c63ac1f5d9 Update OLS Schema version to 4.1.0, regenerate html 
Signed-off-by: Mike Hansen <mike.hansen@netexperience.com>
 2025-05-26 08:48:43 -04:00
Binny
37b9152b6e Merge pull request #42 from Telecominfraproject/ols-659-simplify-vlan-config 
OLS-659 proposal draft for bulk-vlan
 2025-05-16 06:29:12 +05:30
Binny
5db059b95b Merge pull request #41 from Telecominfraproject/ols-655-state-message-l2-loopdetection-info 
OLS-655 - STP and Loop Detection Protocol States in State Message
 2025-05-16 06:28:45 +05:30
Binny
5a7f055793 ols-655 final change to merge 2025-05-06 02:37:02 +00:00
Binny
2b7ce76453 ols-655-review-comments-part1 2025-04-23 20:33:39 +00:00
Binny
d1ab8b453b ols-659 changes_after_review1 2025-04-23 20:19:25 +00:00
Binny
e80a6d2166 OLS-659 proposal draft for bulk-vlan 2025-04-22 16:28:58 +00:00
Binny
6469510af1 OLS-655 draft changes 2025-04-21 16:24:18 +00:00
Mike Hansen
d84e5ee624 Merge pull request #40 from Telecominfraproject/staging-OLS-644-global-dns 
OLS-644: Global DNS configuration
 2025-04-10 09:03:18 -04:00
Tanya Singh
029cdb4ed9 OLS-644: Add Global DNS to switch.yml and use generate.sh to create the json files 
Signed-off-by: Tanya Singh <tanya_singh@accton.com>
 2025-04-10 17:13:03 +08:00
Tanya Singh
cd7d50997c OLS-644: Global DNS configuration 
Signed-off-by: Tanya Singh <tanya_singh@accton.com>
 2025-03-27 11:37:06 +08:00
Mike Hansen
f394cb4019 Merge pull request #38 from Telecominfraproject/OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release 
[OLS-578] Tag ols-ucentral-client and ols-ucentral-schema 4.0.0 pre-r…
 2025-02-05 08:16:49 -05:00
Mike Hansen
5e345b22a3 [OLS-578] Tag ols-ucentral-client and ols-ucentral-schema 4.0.0 pre-release 
Update to 4.0.0

Signed-off-by: Mike Hansen <mike.hansen@netexperience.com>
 2025-02-04 12:21:40 -05:00
Mike Hansen
dcd935359c Merge pull request #36 from Telecominfraproject/Sprint-8-OLS-ARP-Inspect-Schema 
ols-556-sprint8-arp-inspect-schema-draft
 2025-02-04 12:09:05 -05:00
Mike Hansen
362e03a363 Resolving merge issues 2025-02-04 12:08:04 -05:00
Mike Hansen
51c5b1b9f4 Merge pull request #34 from Telecominfraproject/Sprint-8-OLS---Rate-Limiting-schema 
Sprint-8 OLS Rate Limiting Schema change
 2025-02-04 11:54:02 -05:00
Binny
1d052a18c2 created new files, and accomodated review comments 2025-01-29 15:36:13 +00:00
Binny
59ad89be0f ols-556-sprint8-arp-inspect-schema-draft 2025-01-22 14:48:04 +00:00
19 changed files with 945 additions and 19 deletions
Expand all files Collapse all files

3
capabilities/connect.capabilities.yml
View File

@@ -243,6 +243,7 @@ properties:
- Spanning-Tree-Per-VLAN
- Spanning-Tree-Per-VLAN-Rapid
- Spanning-Tree-MSTP
- BPDU-Guard
# L3
- SVI-StaticIPv4
- SVI-StaticIPv6
@@ -280,6 +281,7 @@ properties:
- MAC-ACL
- IP-ACL
- Guest-VLAN
- Storm-Control
# Services
- Service-SSH
- Service-RSSH
@@ -300,6 +302,7 @@ properties:
- Service-Online-Check
- Service-CaptivePortal
- Service-PublicIpCheck
- Service-Global-DNS
# Tunneling
- Tunneling-VxLAN
- Tunneling-GRE

10
docs/ucentral-schema.html
View File

File diff suppressed because one or more lines are too long

8
docs/ucentral-state.html
View File

File diff suppressed because one or more lines are too long

2
docs/ucentral.capabilities.html
View File

File diff suppressed because one or more lines are too long

6
schema.json
View File

@@ -1,5 +1,5 @@
{
"major": 3,
"minor": 2,
"patch": 7
"major": 4,
"minor": 1,
"patch": 0
}

50
schema/ethernet.yml
View File

@@ -368,6 +368,18 @@ properties:
type: boolean
description: Enables the transmission of SNMP trap notifications about LLDP changes.
default: false
ip-arp-inspect-port:
type: object
description: Configuration for ARP Inspection on specific interfaces or ports in the switch.
properties:
rate-limit-pps:
type: integer
description: Sets a rate limit (packets per second) for the ARP packets received on a port. Ensures that the port does not process ARP packets beyond the configured limit.
minimum: 0
maximum: 65535
trusted:
type: boolean
description: Configures the port as trusted, exempting it from ARP Inspection. Trusted ports bypass ARP validation checks.
rate-limit-port:
type: object
description: Configuration for ingress and egress rate limiting on a specific port (in kbps)
@@ -487,3 +499,41 @@ properties:
type: string
minLength: 1
maxLength: 32
bpdu-guard:
description: BPDU Guard configuration block. Enables protection against unexpected BPDUs
on edge ports to prevent loops and rogue switch connections.
type: object
properties:
enabled:
description: When true, the port will be placed into an error-disabled state if any BPDU is received.
type: boolean
auto-recovery-secs:
description: Time in 'seconds' after which a port that was err-disabled due to BPDU Guard
violation will be automatically re-enabled.
type: integer
default: 300
edge-port:
description: When true, the port behaves as an STP Edge Port. When false, the port
participates fully in STP and is treated as a normal switch port.
type: boolean
default: false
storm-control:
description: Storm Control configuration per storm type. Allows enabling or disabling traffic storm control for broadcast, multicast, and unknown unicast packets,
with independent packet-per-second (pps) thresholds. A limit-pps value of 0 implies the control is disabled for that traffic type.
type: object
properties:
broadcast-pps:
type: integer
minimum: 0
default: 0
description: Maximum allowed broadcast packets per second. 0 disables broadcast storm control.
multicast-pps:
type: integer
minimum: 0
default: 0
description: Maximum allowed multicast packets per second. 0 disables multicast storm control.
unknown-unicast-pps:
type: integer
minimum: 0
default: 0
description: Maximum allowed unknown unicast packets per second. 0 disables unknown unicast storm control.

14
schema/interface.ipv4.arp-inspect.yml Normal file
View File

@@ -0,0 +1,14 @@
type: object
description: Configuration for ARP Inspection on specific VLANs in the switch.
properties:
vlan-enable:
type: boolean
description: Enable or disable ARP Inspection for a specified VLAN.
vlan-acl-rule:
type: string
description: Specifies an ARP ACL to apply to one or more VLANs.
maxLength: 32
minLength: 1
vlan-acl-nodhcp-bindings:
type: boolean
description: Validate ARP packets against only the specified ACL without checking address bindings in the DHCP snooping database.

2
schema/interface.ipv4.yml
View File

@@ -200,6 +200,8 @@ properties:
description: "Enables DHCP Snooping on a VLAN"
type: boolean
default: false
ip-arp-inspect-vlan:
$ref: "https://ucentral.io/schema/v1/interface/ipv4/arp-inspect/"
dhcp:
$ref: "https://ucentral.io/schema/v1/interface/ipv4/dhcp/"
dhcp-leases:

10
schema/interface.vlan.yml
View File

@@ -8,7 +8,15 @@ properties:
The individual physical network devices contained within the interface
need to be told explicitly if egress traffic shall be tagged.
type: integer
maximum: 4050
maximum: 4094
range-start:
decription: Start vlan-id of the specified range
type: integer
maximum: 4094
range-end:
decription: End vlan-id of the specified range
type: integer
maximum: 4094
proto:
decription:
The L2 vlan tag that shall be added (1q,1ad)

19
schema/switch.arp-inspect.yml Normal file
View File

@@ -0,0 +1,19 @@
type: object
description: Global configuration for ARP Inspection on the switch.
properties:
ip-arp-inspect:
type: boolean
description: Enable or disable ARP Inspection globally.
default: false
validate-dst-mac:
type: boolean
description: Validate that the destination MAC address in the Ethernet header matches the target MAC address in the ARP body for ARP responses.
validate-ip:
type: boolean
description: Validate ARP packets for unexpected or invalid IP addresses, such as 0.0.0.0, 255.255.255.255, and IP multicast addresses.
validate-allow-zeros:
type: boolean
description: Allow ARP packets where the sender IP address is 0.0.0.0.
validate-src-mac:
type: boolean
description: Validate that the source MAC address in the Ethernet header matches the sender MAC address in the ARP body for both ARP requests and responses.

7
schema/switch.yml
View File

@@ -537,9 +537,16 @@ properties:
minLength: 1
examples:
- "A VoIP Phone"
arp-inspect:
$ref: "https://ucentral.io/schema/v1/switch/arp-inspect/"
ip-source-guard:
$ref: "https://ucentral.io/schema/v1/switch/ip-source-guard/"
rt-events:
$ref: "https://ucentral.io/schema/v1/switch/rtevent/"
acl:
$ref: "https://ucentral.io/schema/v1/switch/acl/"
dns:
description: Define a global list of dns servers.
type: array
items:
type: string

7
state/interface.yml
View File

@@ -15,8 +15,11 @@ items:
name:
type: string
description:
The administrative name of this logical interface. This field is
freetext
The administrative name of this logical interface. This field is freetext
vlan_id:
description: VLAN-ID of the logical interface
type: integer
maximum: 4094
ntp_server:
type: string
description:

93
state/link-state.yml
View File

@@ -191,3 +191,96 @@ properties:
description:
Max power (in Watts) module can drain.
type: number
loop-detect-protocol:
description: Status and protocol information for loop detection or prevention mechanisms
active on this interface. Includes STP/xSTP/MSTP, Loopback Detection (LBD), etc.
type: object
properties:
stp:
description: Spanning Tree Protocol (IEEE 802.1D/RSTP/MSTP) state on the port.
type: object
properties:
protocol:
type: string
description: Variant of STP running (e.g., STP, RSTP, MSTP, RPVST+).
examples:
- RSTP
- MSTP
state:
type: string
description: STP state of the port.
enum:
- disabled
- blocking
- listening
- learning
- forwarding
role:
type: string
description: Role of the port in STP topology.
enum:
- root
- designated
- alternate
- backup
- disabled
bridge-id:
type: string
description: STP Bridge ID
root-bridge-id:
type: string
description: STP Root Bridge ID for the instance.
oper-edge-port:
type: boolean
description: Whether the port is operating as an edge port (no BPDU expected).
cost:
type: integer
description: Operational path cost of the port.
designated-cost:
type: integer
description: Cost advertised by the designated port.
transitions:
type: integer
description: Number of STP state transitions (forwarding/discarding) on this port.
bpdu-guard:
type: string
description: Runtime status of BPDU Guard on the port, when it detects any issue.
- `errdisabled`- Port is shutdown due to BPDU violation.
- `recovering`- Temporarily disabled and in auto-recovery interval.
enum:
- errdisabled
- recovering
lbd:
description: Loopback Detection (LBD) status on this port.
type: object
properties:
enabled:
type: boolean
description: Whether LBD is enabled on this port.
state:
type: string
description: Current loop detection status.
enum:
- no_loop
- loop_detected
- disabled
action:
type: string
description: Action taken when loop is detected (e.g., block, shutdown).
enum:
- none
- block
- shutdown
storm-status:
description: Runtime status of Storm Control feature on the port for each storm type.
type: object
properties:
broadcast:
type: boolean
description: Runtime status of Broadcast Storm Control on the port. Return `true`if Storm condition is detected.
multicast:
type: boolean
description: Runtime status of Multicast Storm Control on the port. Return `true`if Storm condition is detected.
unknown-unicast:
type: boolean
description: Runtime status of Unknown Unicast Storm Control on the port. Return `true`if Storm condition is detected.

104
state/state.yml
View File

@@ -60,6 +60,34 @@ properties:
type: string
description:
Current interface that serves as the Uplink. Example Ethernet2.
arp-inspect-stats:
type: object
description: Statistics related to ARP Inspection activity in the switch.
properties:
arp-pkt-rcvd:
type: integer
description: Total number of ARP packets received.
arp-pkt-dropped-rate-limit:
type: integer
description: Number of ARP packets dropped due to rate limiting.
arp-pkt-processed:
type: integer
description: Total number of ARP packets processed by ARP Inspection.
arp-pkt-dropped-src-mac:
type: integer
description: Number of ARP packets dropped due to source MAC address validation failures.
arp-pkt-dropped-dst-mac:
type: integer
description: Number of ARP packets dropped due to destination MAC address validation failures.
arp-pkt-dropped-ip:
type: integer
description: Number of ARP packets dropped due to IP address validation failures."
arp-pkt-dropped-acl:
type: integer
description: Number of ARP packets dropped due to ARP ACL rules.
arp-pkt-dropped-dhcp:
type: integer
description: Number of ARP packets dropped due to DHCP snooping validation failures.
ip-source-guard:
type: object
description: Represents the configuration and state of IP Source Guard.
@@ -85,4 +113,78 @@ properties:
maximum: 4095
blocked-interface:
type: string
description: The interface (e.g., port) where the blocked entry was detected.
description: The interface (e.g., port) where the blocked entry was detected.
stp:
description: Global status and configuration of the Spanning Tree Protocol (STP) across the switch.
Supports variants like STP, RSTP, MSTP. Includes bridge-wide parameters and protocol behavior.
type: object
properties:
enabled:
type: boolean
description: Whether STP is enabled globally on the switch.
mode:
type: string
description: Operational STP mode used across the switch.
enum:
- stp
- rstp
- mstp
- pvst
- rpvstp
transmission-limit:
type: integer
description: Maximum number of BPDUs that can be transmitted per hello time.
path-cost-method:
type: string
description: Indicates whether "Short" or "Long" path cost method is in use.
enum:
- short
- long
max-hops:
type: integer
description: Maximum hop count used in MSTP.
instances:
type: array
description: List of STP instances (e.g., MSTP instances).
items:
type: object
properties:
instance-id:
type: integer
description: Instance number (for MSTP or multiple-instance support).
vlans:
type: string
description: VLAN ranges associated with the STP instance.
example: "1-4094"
bridge-priority:
type: integer
description: Bridge priority value for STP election.
bridge-hello-time:
type: integer
description: Hello Time interval (in seconds) configured on the bridge.
bridge-max-age:
type: integer
description: Max Age value (in seconds) used for aging STP information.
bridge-forward-delay:
type: integer
description: Delay (in seconds) before transitioning port to forwarding state.
remaining-hops:
type: integer
description: Remaining hop count from the Root Bridge to this bridge.
root-bridge-id:
type: string
description: Bridge ID of the current Root Bridge.
root-port:
type: string
description: Local interface acting as Root Port.
example:
- Ëthernet1
root-cost:
type: integer
description: Cumulative cost to reach the Root Bridge.
topology-changes:
type: integer
description: Total number of topology changes detected.
last-topology-change-seconds:
type: integer
description: Time (in seconds) since the last topology change.

3
ucentral.capabilities.pretty.json
View File

@@ -310,6 +310,7 @@
"Spanning-Tree-Per-VLAN",
"Spanning-Tree-Per-VLAN-Rapid",
"Spanning-Tree-MSTP",
"BPDU-Guard",
"SVI-StaticIPv4",
"SVI-StaticIPv6",
"Interface-StaticIPv4",
@@ -342,6 +343,7 @@
"MAC-ACL",
"IP-ACL",
"Guest-VLAN",
"Storm-Control",
"Service-SSH",
"Service-RSSH",
"Service-Telnet",
@@ -361,6 +363,7 @@
"Service-Online-Check",
"Service-CaptivePortal",
"Service-PublicIpCheck",
"Service-Global-DNS",
"Tunneling-VxLAN",
"Tunneling-GRE",
"Tunneling-GRE6",

125
ucentral.schema.full.json
View File

@@ -589,6 +589,22 @@
}
}
},
"ip-arp-inspect-port": {
"type": "object",
"description": "Configuration for ARP Inspection on specific interfaces or ports in the switch.",
"properties": {
"rate-limit-pps": {
"type": "integer",
"description": "Sets a rate limit (packets per second) for the ARP packets received on a port. Ensures that the port does not process ARP packets beyond the configured limit.",
"minimum": 0,
"maximum": 65535
},
"trusted": {
"type": "boolean",
"description": "Configures the port as trusted, exempting it from ARP Inspection. Trusted ports bypass ARP validation checks."
}
}
},
"rate-limit-port": {
"type": "object",
"description": "Configuration for ingress and egress rate limiting on a specific port (in kbps)",
@@ -737,6 +753,49 @@
"maxLength": 32
}
}
},
"bpdu-guard": {
"description": "BPDU Guard configuration block. Enables protection against unexpected BPDUs on edge ports to prevent loops and rogue switch connections.",
"type": "object",
"properties": {
"enabled": {
"description": "When true, the port will be placed into an error-disabled state if any BPDU is received.",
"type": "boolean"
},
"auto-recovery-secs": {
"description": "Time in 'seconds' after which a port that was err-disabled due to BPDU Guard violation will be automatically re-enabled.",
"type": "integer",
"default": 300
}
}
},
"edge-port": {
"description": "When true, the port behaves as an STP Edge Port. When false, the port participates fully in STP and is treated as a normal switch port.",
"type": "boolean",
"default": false
},
"storm-control": {
"description": "Storm Control configuration per storm type. Allows enabling or disabling traffic storm control for broadcast, multicast, and unknown unicast packets, with independent packet-per-second (pps) thresholds. A limit-pps value of 0 implies the control is disabled for that traffic type.",
"type": "object",
"properties": null,
"broadcast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed broadcast packets per second. 0 disables broadcast storm control."
},
"multicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed multicast packets per second. 0 disables multicast storm control."
},
"unknown-unicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed unknown unicast packets per second. 0 disables unknown unicast storm control."
}
}
}
}
@@ -1363,6 +1422,33 @@
}
}
},
"arp-inspect": {
"type": "object",
"description": "Global configuration for ARP Inspection on the switch.",
"properties": {
"ip-arp-inspect": {
"type": "boolean",
"description": "Enable or disable ARP Inspection globally.",
"default": false
},
"validate-dst-mac": {
"type": "boolean",
"description": "Validate that the destination MAC address in the Ethernet header matches the target MAC address in the ARP body for ARP responses."
},
"validate-ip": {
"type": "boolean",
"description": "Validate ARP packets for unexpected or invalid IP addresses, such as 0.0.0.0, 255.255.255.255, and IP multicast addresses."
},
"validate-allow-zeros": {
"type": "boolean",
"description": "Allow ARP packets where the sender IP address is 0.0.0.0."
},
"validate-src-mac": {
"type": "boolean",
"description": "Validate that the source MAC address in the Ethernet header matches the sender MAC address in the ARP body for both ARP requests and responses."
}
}
},
"ip-source-guard": {
"type": "object",
"description": "Configuration for IP Source Guard global static bindings in a Layer 2 switch.",
@@ -1760,6 +1846,13 @@
}
}
}
},
"dns": {
"description": "Define a global list of dns servers.",
"type": "array",
"items": {
"type": "string"
}
}
}
},
@@ -1830,7 +1923,17 @@
"id": {
"description": "This is the pvid of the vlan that shall be assigned to the interface. The individual physical network devices contained within the interface need to be told explicitly if egress traffic shall be tagged.",
"type": "integer",
"maximum": 4050
"maximum": 4094
},
"range-start": {
"decription": "Start vlan-id of the specified range",
"type": "integer",
"maximum": 4094
},
"range-end": {
"decription": "End vlan-id of the specified range",
"type": "integer",
"maximum": 4094
},
"proto": {
"decription": "The L2 vlan tag that shall be added (1q,1ad)",
@@ -2168,6 +2271,26 @@
"type": "boolean",
"default": false
},
"ip-arp-inspect-vlan": {
"type": "object",
"description": "Configuration for ARP Inspection on specific VLANs in the switch.",
"properties": {
"vlan-enable": {
"type": "boolean",
"description": "Enable or disable ARP Inspection for a specified VLAN."
},
"vlan-acl-rule": {
"type": "string",
"description": "Specifies an ARP ACL to apply to one or more VLANs.",
"maxLength": 32,
"minLength": 1
},
"vlan-acl-nodhcp-bindings": {
"type": "boolean",
"description": "Validate ARP packets against only the specified ACL without checking address bindings in the DHCP snooping database."
}
}
},
"dhcp": {
"description": "This section describes the DHCP server configuration",
"type": "object",

109
ucentral.schema.json
View File

@@ -529,6 +529,19 @@
}
}
},
"ip-arp-inspect-port": {
"type": "object",
"properties": {
"rate-limit-pps": {
"type": "integer",
"minimum": 0,
"maximum": 65535
},
"trusted": {
"type": "boolean"
}
}
},
"rate-limit-port": {
"type": "object",
"properties": {
@@ -655,6 +668,62 @@
"maxLength": 32
}
}
},
"bpdu-guard": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
},
"auto-recovery-secs": {
"type": "integer",
"default": 300
}
}
},
"edge-port": {
"type": "boolean",
"default": false
},
"storm-control": {
"type": "object",
"properties": null,
"broadcast-pps": {
"type": "integer",
"minimum": 0,
"default": 0
},
"multicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0
},
"unknown-unicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0
}
}
}
},
"switch.arp-inspect": {
"type": "object",
"properties": {
"ip-arp-inspect": {
"type": "boolean",
"default": false
},
"validate-dst-mac": {
"type": "boolean"
},
"validate-ip": {
"type": "boolean"
},
"validate-allow-zeros": {
"type": "boolean"
},
"validate-src-mac": {
"type": "boolean"
}
}
},
@@ -1519,6 +1588,9 @@
}
}
},
"arp-inspect": {
"$ref": "#/$defs/switch.arp-inspect"
},
"ip-source-guard": {
"$ref": "#/$defs/switch.ip-source-guard"
},
@@ -1527,6 +1599,12 @@
},
"acl": {
"$ref": "#/$defs/switch.acl"
},
"dns": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
@@ -1535,7 +1613,17 @@
"properties": {
"id": {
"type": "integer",
"maximum": 4050
"maximum": 4094
},
"range-start": {
"decription": "Start vlan-id of the specified range",
"type": "integer",
"maximum": 4094
},
"range-end": {
"decription": "End vlan-id of the specified range",
"type": "integer",
"maximum": 4094
},
"proto": {
"decription": "The L2 vlan tag that shall be added (1q,1ad)",
@@ -1624,6 +1712,22 @@
}
}
},
"interface.ipv4.arp-inspect": {
"type": "object",
"properties": {
"vlan-enable": {
"type": "boolean"
},
"vlan-acl-rule": {
"type": "string",
"maxLength": 32,
"minLength": 1
},
"vlan-acl-nodhcp-bindings": {
"type": "boolean"
}
}
},
"interface.ipv4.dhcp": {
"type": "object",
"properties": {
@@ -1928,6 +2032,9 @@
"type": "boolean",
"default": false
},
"ip-arp-inspect-vlan": {
"$ref": "#/$defs/interface.ipv4.arp-inspect"
},
"dhcp": {
"$ref": "#/$defs/interface.ipv4.dhcp"
},

131
ucentral.schema.pretty.json
View File

@@ -623,6 +623,22 @@
}
}
},
"ip-arp-inspect-port": {
"type": "object",
"description": "Configuration for ARP Inspection on specific interfaces or ports in the switch.",
"properties": {
"rate-limit-pps": {
"type": "integer",
"description": "Sets a rate limit (packets per second) for the ARP packets received on a port. Ensures that the port does not process ARP packets beyond the configured limit.",
"minimum": 0,
"maximum": 65535
},
"trusted": {
"type": "boolean",
"description": "Configures the port as trusted, exempting it from ARP Inspection. Trusted ports bypass ARP validation checks."
}
}
},
"rate-limit-port": {
"type": "object",
"description": "Configuration for ingress and egress rate limiting on a specific port (in kbps)",
@@ -771,6 +787,76 @@
"maxLength": 32
}
}
},
"bpdu-guard": {
"description": "BPDU Guard configuration block. Enables protection against unexpected BPDUs on edge ports to prevent loops and rogue switch connections.",
"type": "object",
"properties": {
"enabled": {
"description": "When true, the port will be placed into an error-disabled state if any BPDU is received.",
"type": "boolean"
},
"auto-recovery-secs": {
"description": "Time in 'seconds' after which a port that was err-disabled due to BPDU Guard violation will be automatically re-enabled.",
"type": "integer",
"default": 300
}
}
},
"edge-port": {
"description": "When true, the port behaves as an STP Edge Port. When false, the port participates fully in STP and is treated as a normal switch port.",
"type": "boolean",
"default": false
},
"storm-control": {
"description": "Storm Control configuration per storm type. Allows enabling or disabling traffic storm control for broadcast, multicast, and unknown unicast packets, with independent packet-per-second (pps) thresholds. A limit-pps value of 0 implies the control is disabled for that traffic type.",
"type": "object",
"properties": null,
"broadcast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed broadcast packets per second. 0 disables broadcast storm control."
},
"multicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed multicast packets per second. 0 disables multicast storm control."
},
"unknown-unicast-pps": {
"type": "integer",
"minimum": 0,
"default": 0,
"description": "Maximum allowed unknown unicast packets per second. 0 disables unknown unicast storm control."
}
}
}
},
"switch.arp-inspect": {
"type": "object",
"description": "Global configuration for ARP Inspection on the switch.",
"properties": {
"ip-arp-inspect": {
"type": "boolean",
"description": "Enable or disable ARP Inspection globally.",
"default": false
},
"validate-dst-mac": {
"type": "boolean",
"description": "Validate that the destination MAC address in the Ethernet header matches the target MAC address in the ARP body for ARP responses."
},
"validate-ip": {
"type": "boolean",
"description": "Validate ARP packets for unexpected or invalid IP addresses, such as 0.0.0.0, 255.255.255.255, and IP multicast addresses."
},
"validate-allow-zeros": {
"type": "boolean",
"description": "Allow ARP packets where the sender IP address is 0.0.0.0."
},
"validate-src-mac": {
"type": "boolean",
"description": "Validate that the source MAC address in the Ethernet header matches the sender MAC address in the ARP body for both ARP requests and responses."
}
}
},
@@ -1794,6 +1880,9 @@
}
}
},
"arp-inspect": {
"$ref": "#/$defs/switch.arp-inspect"
},
"ip-source-guard": {
"$ref": "#/$defs/switch.ip-source-guard"
},
@@ -1802,6 +1891,13 @@
},
"acl": {
"$ref": "#/$defs/switch.acl"
},
"dns": {
"description": "Define a global list of dns servers.",
"type": "array",
"items": {
"type": "string"
}
}
}
},
@@ -1812,7 +1908,17 @@
"id": {
"description": "This is the pvid of the vlan that shall be assigned to the interface. The individual physical network devices contained within the interface need to be told explicitly if egress traffic shall be tagged.",
"type": "integer",
"maximum": 4050
"maximum": 4094
},
"range-start": {
"decription": "Start vlan-id of the specified range",
"type": "integer",
"maximum": 4094
},
"range-end": {
"decription": "End vlan-id of the specified range",
"type": "integer",
"maximum": 4094
},
"proto": {
"decription": "The L2 vlan tag that shall be added (1q,1ad)",
@@ -1913,6 +2019,26 @@
}
}
},
"interface.ipv4.arp-inspect": {
"type": "object",
"description": "Configuration for ARP Inspection on specific VLANs in the switch.",
"properties": {
"vlan-enable": {
"type": "boolean",
"description": "Enable or disable ARP Inspection for a specified VLAN."
},
"vlan-acl-rule": {
"type": "string",
"description": "Specifies an ARP ACL to apply to one or more VLANs.",
"maxLength": 32,
"minLength": 1
},
"vlan-acl-nodhcp-bindings": {
"type": "boolean",
"description": "Validate ARP packets against only the specified ACL without checking address bindings in the DHCP snooping database."
}
}
},
"interface.ipv4.dhcp": {
"description": "This section describes the DHCP server configuration",
"type": "object",
@@ -2264,6 +2390,9 @@
"type": "boolean",
"default": false
},
"ip-arp-inspect-vlan": {
"$ref": "#/$defs/interface.ipv4.arp-inspect"
},
"dhcp": {
"$ref": "#/$defs/interface.ipv4.dhcp"
},

261
ucentral.state.pretty.json
View File

@@ -86,6 +86,44 @@
"type": "string",
"description": "Current interface that serves as the Uplink. Example Ethernet2."
},
"arp-inspect-stats": {
"type": "object",
"description": "Statistics related to ARP Inspection activity in the switch.",
"properties": {
"arp-pkt-rcvd": {
"type": "integer",
"description": "Total number of ARP packets received."
},
"arp-pkt-dropped-rate-limit": {
"type": "integer",
"description": "Number of ARP packets dropped due to rate limiting."
},
"arp-pkt-processed": {
"type": "integer",
"description": "Total number of ARP packets processed by ARP Inspection."
},
"arp-pkt-dropped-src-mac": {
"type": "integer",
"description": "Number of ARP packets dropped due to source MAC address validation failures."
},
"arp-pkt-dropped-dst-mac": {
"type": "integer",
"description": "Number of ARP packets dropped due to destination MAC address validation failures."
},
"arp-pkt-dropped-ip": {
"type": "integer",
"description": "Number of ARP packets dropped due to IP address validation failures.\""
},
"arp-pkt-dropped-acl": {
"type": "integer",
"description": "Number of ARP packets dropped due to ARP ACL rules."
},
"arp-pkt-dropped-dhcp": {
"type": "integer",
"description": "Number of ARP packets dropped due to DHCP snooping validation failures."
}
}
},
"ip-source-guard": {
"type": "object",
"description": "Represents the configuration and state of IP Source Guard.",
@@ -120,6 +158,104 @@
}
}
}
},
"stp": {
"description": "Global status and configuration of the Spanning Tree Protocol (STP) across the switch. Supports variants like STP, RSTP, MSTP. Includes bridge-wide parameters and protocol behavior.",
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Whether STP is enabled globally on the switch."
},
"mode": {
"type": "string",
"description": "Operational STP mode used across the switch.",
"enum": [
"stp",
"rstp",
"mstp",
"pvst",
"rpvstp"
]
},
"transmission-limit": {
"type": "integer",
"description": "Maximum number of BPDUs that can be transmitted per hello time."
},
"path-cost-method": {
"type": "string",
"description": "Indicates whether \"Short\" or \"Long\" path cost method is in use.",
"enum": [
"short",
"long"
]
},
"max-hops": {
"type": "integer",
"description": "Maximum hop count used in MSTP."
},
"instances": {
"type": "array",
"description": "List of STP instances (e.g., MSTP instances).",
"items": {
"type": "object",
"properties": {
"instance-id": {
"type": "integer",
"description": "Instance number (for MSTP or multiple-instance support)."
}
},
"vlans": {
"type": "string",
"description": "VLAN ranges associated with the STP instance.",
"example": "1-4094"
},
"bridge-priority": {
"type": "integer",
"description": "Bridge priority value for STP election."
},
"bridge-hello-time": {
"type": "integer",
"description": "Hello Time interval (in seconds) configured on the bridge."
},
"bridge-max-age": {
"type": "integer",
"description": "Max Age value (in seconds) used for aging STP information."
},
"bridge-forward-delay": {
"type": "integer",
"description": "Delay (in seconds) before transitioning port to forwarding state."
},
"remaining-hops": {
"type": "integer",
"description": "Remaining hop count from the Root Bridge to this bridge."
},
"root-bridge-id": {
"type": "string",
"description": "Bridge ID of the current Root Bridge."
},
"root-port": {
"type": "string",
"description": "Local interface acting as Root Port.",
"example": [
"\u00cbthernet1"
]
},
"root-cost": {
"type": "integer",
"description": "Cumulative cost to reach the Root Bridge."
},
"topology-changes": {
"type": "integer",
"description": "Total number of topology changes detected."
},
"last-topology-change-seconds": {
"type": "integer",
"description": "Time (in seconds) since the last topology change."
}
}
}
}
}
},
"$defs": {
@@ -486,6 +622,11 @@
"type": "string",
"description": "The administrative name of this logical interface. This field is freetext"
},
"vlan_id": {
"description": "VLAN-ID of the logical interface",
"type": "integer",
"maximum": 4094
},
"ntp_server": {
"type": "string",
"description": "The upstream NTP server being used by this interface."
@@ -1116,6 +1257,126 @@
"type": "number"
}
}
},
"loop-detect-protocol": {
"description": "Status and protocol information for loop detection or prevention mechanisms active on this interface. Includes STP/xSTP/MSTP, Loopback Detection (LBD), etc.",
"type": "object",
"properties": {
"stp": {
"description": "Spanning Tree Protocol (IEEE 802.1D/RSTP/MSTP) state on the port.",
"type": "object",
"properties": {
"protocol": {
"type": "string",
"description": "Variant of STP running (e.g., STP, RSTP, MSTP, RPVST+).",
"examples": [
"RSTP",
"MSTP"
]
},
"state": {
"type": "string",
"description": "STP state of the port.",
"enum": [
"disabled",
"blocking",
"listening",
"learning",
"forwarding"
]
},
"role": {
"type": "string",
"description": "Role of the port in STP topology.",
"enum": [
"root",
"designated",
"alternate",
"backup",
"disabled"
]
},
"bridge-id": {
"type": "string",
"description": "STP Bridge ID"
},
"root-bridge-id": {
"type": "string",
"description": "STP Root Bridge ID for the instance."
},
"oper-edge-port": {
"type": "boolean",
"description": "Whether the port is operating as an edge port (no BPDU expected)."
},
"cost": {
"type": "integer",
"description": "Operational path cost of the port."
},
"designated-cost": {
"type": "integer",
"description": "Cost advertised by the designated port."
},
"transitions": {
"type": "integer",
"description": "Number of STP state transitions (forwarding/discarding) on this port."
},
"bpdu-guard": {
"type": "string",
"description": "Runtime status of BPDU Guard on the port, when it detects any issue. - `errdisabled`- Port is shutdown due to BPDU violation. - `recovering`- Temporarily disabled and in auto-recovery interval.",
"enum": [
"errdisabled",
"recovering"
]
}
}
},
"lbd": {
"description": "Loopback Detection (LBD) status on this port.",
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Whether LBD is enabled on this port."
},
"state": {
"type": "string",
"description": "Current loop detection status.",
"enum": [
"no_loop",
"loop_detected",
"disabled"
]
},
"action": {
"type": "string",
"description": "Action taken when loop is detected (e.g., block, shutdown).",
"enum": [
"none",
"block",
"shutdown"
]
}
}
}
}
},
"storm-status": {
"description": "Runtime status of Storm Control feature on the port for each storm type.",
"type": "object",
"properties": {
"broadcast": {
"type": "boolean",
"description": "Runtime status of Broadcast Storm Control on the port. Return `true`if Storm condition is detected."
},
"multicast": {
"type": "boolean",
"description": "Runtime status of Multicast Storm Control on the port. Return `true`if Storm condition is detected."
},
"unknown-unicast": {
"type": "boolean",
"description": "Runtime status of Unknown Unicast Storm Control on the port. Return `true`if Storm condition is detected."
}
}
}
}
},