scottk/ols-ucentral-schema
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/ols-ucentral-schema.git synced 2025-10-30 17:47:59 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Compare commits

base: scottk:default-values-for-schema/ethernet.yml-speed-and-duplex
Branches Tags
scottk:main scottk:OLS-849-add-xSTP-parameters scottk:OLS-848-Schema-Intrusion-detection scottk:OLS-838-Update-OLS-Schema-version-to-4.2.0 scottk:correct-storm-control-indentation scottk:ols-821-mclag-schema-correction scottk:fix/fix_invalid_schema scottk:ols-688-bpdu-guard scottk:ols-822-lldp-peers-statemessage-enhancements scottk:OLS_UpdateSchemaVersion_410 scottk:ols-659-simplify-vlan-config scottk:staging-OLS-644-global-dns scottk:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release scottk:Sprint-8-OLS-ARP-Inspect-Schema scottk:Sprint-8-OLS---Rate-Limiting-schema scottk:OLS-556-Sprint-8-IPSourceGuard scottk:OLS-556-Sprint-8-SubcribeRTEvents scottk:OLS-550_Schema_Corrections_Pre4p0_Features scottk:OLS-562-Add-schema-version-to-ols-ucentral-schema scottk:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema scottk:OLS-538_port_speed_enum_fix_40g scottk:OLS-425_sprint6_schema scottk:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities scottk:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities scottk:OLS_319_sprint4_schema scottk:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames scottk:link_aggregation scottk:change_port_mirror_type_to_array scottk:lacp scottk:jumbo_frames scottk:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml scottk:OLS-228-delta_counters scottk:secure_http_server scottk:fix_loop_detection_schema_instances_indentation scottk:change_vrf_id_to_integer scottk:schema_fixes_and_updates scottk:default-values-for-schema/ethernet.yml-speed-and-duplex scottk:next scottk:1-incorrect-indentation-for-statelink-stateyml
scottk:v4.1.0-rc1 scottk:v4.0.0 scottk:v4.0.0-rc1 scottk:v3.2.7
...
compare: scottk:secure_http_server
Branches Tags
scottk:OLS-849-add-xSTP-parameters scottk:OLS-848-Schema-Intrusion-detection scottk:OLS-838-Update-OLS-Schema-version-to-4.2.0 scottk:main scottk:correct-storm-control-indentation scottk:ols-821-mclag-schema-correction scottk:fix/fix_invalid_schema scottk:ols-688-bpdu-guard scottk:ols-822-lldp-peers-statemessage-enhancements scottk:OLS_UpdateSchemaVersion_410 scottk:ols-659-simplify-vlan-config scottk:staging-OLS-644-global-dns scottk:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release scottk:Sprint-8-OLS-ARP-Inspect-Schema scottk:Sprint-8-OLS---Rate-Limiting-schema scottk:OLS-556-Sprint-8-IPSourceGuard scottk:OLS-556-Sprint-8-SubcribeRTEvents scottk:OLS-550_Schema_Corrections_Pre4p0_Features scottk:OLS-562-Add-schema-version-to-ols-ucentral-schema scottk:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema scottk:OLS-538_port_speed_enum_fix_40g scottk:OLS-425_sprint6_schema scottk:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities scottk:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities scottk:OLS_319_sprint4_schema scottk:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames scottk:link_aggregation scottk:change_port_mirror_type_to_array scottk:lacp scottk:jumbo_frames scottk:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml scottk:OLS-228-delta_counters scottk:secure_http_server scottk:fix_loop_detection_schema_instances_indentation scottk:change_vrf_id_to_integer scottk:schema_fixes_and_updates scottk:default-values-for-schema/ethernet.yml-speed-and-duplex scottk:next scottk:1-incorrect-indentation-for-statelink-stateyml
scottk:v4.1.0-rc1 scottk:v4.0.0 scottk:v4.0.0-rc1 scottk:v3.2.7

32 Commits
default-va ... secure_htt

Author SHA1 Message Date
jacky_chang
4336be981b Use generate.sh to generate related json files to make settings consistent. 2024-08-05 10:38:57 +08:00
jacky_chang
1e33d3fa0a add whether enabled & port number support for https 2024-05-10 16:27:03 +08:00
Olexandr, Mazur
dc754dc519 Merge pull request #15 from Telecominfraproject/feat/connect_capabilities 
Schema: formalize connect.capabilities message format
 2024-04-12 12:21:15 +03:00
Oleksandr Mazur
b3374bb60b Schema: formalize connect.capabilities message format 
Capabilities message is unregulated as of now;
Formalize the layout by introducing yml file.

Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2024-04-11 10:18:27 +03:00
Olexandr, Mazur
0ef7362930 Merge pull request #14 from Telecominfraproject/feat/global_igmp_querier_floodcontrol 
Add flood-control and querier-enable fields to unit.yml
 2024-04-02 15:30:51 +03:00
Serhiy Boiko
b9762df2cf Add flood-control and querier-enable fields to unit.yml 
These fields are used to specify the global fc and querier
configuration.

Signed-off-by: Serhiy Boiko <serhiy.boiko@plvision.eu>
 2024-04-02 12:58:10 +03:00
Olexandr, Mazur
0983abe2bf Merge pull request #13 from Telecominfraproject/revert_public_ip_lookup 
Revert public ip lookup
 2024-03-27 11:09:20 +02:00
Oleksandr Mazur
719fd97705 Fixup generated schema after fdeb2b8 revert 
Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2024-03-26 11:25:07 +02:00
Oleksandr Mazur
777e2b26a8 Revert "revert "public_ip_lookup" patch" 
This reverts commit fdeb2b8b85.
 2024-03-26 11:24:35 +02:00
Olexandr, Mazur
ab43179a83 Merge pull request #12 from Telecominfraproject/fix_port_isolation 
Move port-isolation schema from ethernet.yml to switch.yml
 2024-03-19 20:08:28 +02:00
Serhiy Boiko
3a41591f85 Move port-isolation schema from ethernet.yml to switch.yml 
port-isolation is a global configuration and should be described in
switch.yml, not in ethernet.yml
No changes were made to any of the fields.

Signed-off-by: Serhiy Boiko <serhiy.boiko@plvision.eu>
 2024-03-19 12:44:31 +02:00
tip-admin
7fa4d15f5e Create LICENSE 2024-02-29 08:53:54 -08:00
Olexandr, Mazur
d105fe165e Merge pull request #11 from Telecominfraproject/fix_loop_detection_schema_instances_indentation 
Correct indentation of instances block in switch.yml
 2024-02-27 10:50:30 +02:00
Mike Hansen
d3f610d9ef Correct indentation of instances block in switch.yml 
The property 'instance' is not indented correctly and therefore doesn't end up under the loop-detection properties in the switch configuration.

Signed-off-by: Mike Hansen <mike.hansen@netexperience.com>
 2024-02-26 11:35:09 -05:00
Olexandr, Mazur
711d7d9066 Merge pull request #10 from Telecominfraproject/change_vrf_id_to_integer 
Change VRF id type from number to integer
 2024-02-21 18:16:16 +02:00
Mike Hansen
89a78c61be Change VRF id type from number to integer 
Signed-off-by: Mike Hansen <mike.hansen@netexperience.com>
 2024-02-21 05:28:01 -05:00
Olexandr, Mazur
f5608bd42c Merge pull request #9 from Telecominfraproject/schema_fixes_and_updates 
Align dhcp-relay with ols-ucentral-client, STP object typo #7 Fix spelling, make power limit an integer
 2024-02-15 12:17:22 +02:00
Mike Hansen
54358ff146 - Align dhcp-relay with ols-ucentral-client 
Declare dhcp-relay in interface.ipv4.dhcp.yml, aligns with client and allows setting per logical interface.
- STP object typo #7
Fix spelling

Additional:
schema/ethernet.yml - make power limit an integer

Signed-off-by: Mike Hansen <mike.hansen@netexperience.com>
 2024-02-14 10:22:22 -05:00
Olexandr, Mazur
7994980a3d Merge pull request #5 from Telecominfraproject/feat/move_changes_shastacloud_to_tip 
Feat/move changes shastacloud to tip
 2024-02-05 21:42:15 +02:00
Oleksandr Mazur
ffafd5bfae Update ucentral.schema using generated version 
Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2024-02-05 19:52:49 +02:00
Oleksandr Mazur
c29c0d3b3a state: interface: ipv6-lease: add missing description 
Add description to lease object, as lack of one causes invalid
schema to be generated.

Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2024-02-05 19:52:17 +02:00
Oleksandr Mazur
02fa109dc6 state: link-state: PoE: add missing counters description 
Empty object description lead to invalid schema generation.
Fix it by adding description.

Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2024-02-05 19:52:17 +02:00
Oleksandr Mazur
ad41fc5b27 ethernet: fix host-mode description (802.1x) 
Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2024-02-05 19:46:42 +02:00
Oleksandr Mazur
8a55cf509d state: extend schema to support setting static system password 
Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2024-02-05 19:46:42 +02:00
Oleksandr Mazur
0b59636360 Extend schema/service.yml to support altering services state 
Extend schema to support enabling or disabling completely specified services (ssh,telnet)

Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2024-02-05 19:46:42 +02:00
Oleksandr Mazur
75a5670219 Extend state/link-state.yml to support reporting of SFP transceivers info 
Report SFP transceiver base info (if connected, module inserted) per-port -
vendor, name, form-factor, supported link modes etc.

Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2024-02-05 19:46:42 +02:00
Oleksandr Mazur
d2042faf6b Extend schema to support reporting of FDB table (wired clients) 
Extend state/unit.yml to report triplet that states which mac
  has been learned on which port in which vlan.
Example of "mac-forwarding-table" in json format:
...
            "mac-forwarding-table": {
                "overflow": false,
                "Ethernet0":    {
                    "1":    ["90:3c:b3:6a:e3:59"]
                },
                "Ethernet1":    {
                    "1":    ["90:3c:b3:6a:e4:d5"]
                },
                "Ethernet47":   {
                    "1":    ["ac:1f:6b:65:a4:86"]
                },
                "Ethernet46":   {
                    "1":    ["ac:1f:6b:65:a4:89"]
                }
            },
...

Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2024-02-05 19:46:39 +02:00
Oleksandr Mazur
fec747ae43 state/link-state.yml: remove trailing space in Duplex object 
Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2024-02-05 14:46:18 +02:00
Oleksandr Mazur
e81889c1c2 Extend schema to support port-isolation config 
Extend schema/ethernet.yml to allow configuring port-forwarding
  matrix (which ports can allow forwarding traffic to which ports).
Extend state/link-state.yml to support reporting configured
  port-forwarding matrix back.

Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2024-02-05 14:46:18 +02:00
Oleksandr Mazur
4e9d466c81 Extend schema to add dynamic authorization (CoA) support 
- Extend schema/switch.yml to support configuring
  DAC list (origin of CoA and DM messages), as well as
  configiguring DAS (port on which receive CoA + DM) etc.
- Extend state/unit.yml to report back to the cloud
  current DAS configuration and DAC config.

Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2024-02-05 14:46:18 +02:00
Oleksandr Mazur
a57682c9ef Extend state and config models to support mcast (IGMP) 
Extend interface config data model to support configuring underline device's
IGMP engine - switching snooping, IGMP version used, querier config, static
groups configuration etc.

Extend state model to report back to the cloud current IGMP configuration,
IGMP-enabled-groups (both static and dynamically joined), ports that are
members of groups that should replicate mcast traffic etc.

Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2024-02-05 14:46:05 +02:00
Olexandr, Mazur
c769b4e24e Merge pull request #3 from Telecominfraproject/default-values-for-schema/ethernet.yml-speed-and-duplex 
The ols-ucentral-client src/ucentral-client/proto.c depends on the et…
 2024-01-26 15:34:35 +02:00
28 changed files with 3998 additions and 142 deletions
Expand all files Collapse all files

28
LICENSE Normal file
View File

@@ -0,0 +1,28 @@
BSD 3-Clause License
Copyright (c) 2024, Telecom Infra Project
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

193
capabilities/connect.capabilities.yml Normal file
View File

@@ -0,0 +1,193 @@
description:
uCentral protocol (OpenLan) device and features capabilities schema
type: object
properties:
serial:
type: string
examples:
- aabbccddeeff
firmware:
type: string
description:
Platform revision
examples:
- Rel 1.6 build 5
platform:
type: string
enum:
- Switch
- AP
model:
type: string
description:
Device model
hw-sku:
type: string
description:
Stock keeping unit
base-mac:
type: string
description:
Switch MAC address
format: uc-mac
examples:
- aa:bb:cc:dd:ee:ff
port-list:
type: array
description:
The list of physical network devices
items:
type: object
properties:
name:
type: string
description:
The logical name of the port that is used by the OS
examples:
- Ethernet0
- Ethernet1
- Ethernet76
front-panel-number:
type: integer
description:
The identification number of the port as can be seen on the front-panel of the device
port-capabilities:
type: object
description:
Description of physical ports and their form-factors
properties:
form-factors:
type: array
items:
type: string
enum:
- RJ45
- SFP
- SFP+
- SFP28
- SFP-DD
- QSFP
- QSFP+
- QSFP28
- QSFP-DD
ports-list:
type: array
items:
type: object
properties:
type:
type: string
examples:
- RJ45
ports:
type: array
items:
type: string
examples:
- Ethernet1
poe-capabilities:
type: object
description:
Description of physical ports and their PoE capabilities
properties:
supported-standards:
type: array
items:
type: string
enum:
- .3AF-POE
- .3AT-POE+
- .3BT-PoE++
- PreStandard-Passive
power-budget:
type: integer
examples:
- 2000
poe-ports:
type: array
items:
type: object
properties:
type:
type: string
examples:
- .3AF-POE
budget-capacity:
type: integer
ports:
type: array
items:
type: string
examples:
- Ethernet1
supported-features:
type: array
description:
List of all features supported by the device
items:
type: string
enum:
# L2
- VLAN
- Port-Isolation
- Spanning-Tree
- Spanning-Tree-Rapid
- Spanning-Tree-Per-VLAN
- Spanning-Tree-Per-VLAN-Rapid
- Spanning-Tree-MSTP
# L3
- SVI-StaticIPv4
- SVI-StaticIPv6
- Interface-StaticIPv4
- Interface-StaticIPv6
- Routing-VRF
- Routing-IPv4-Route-Blackhole
- Routing-IPv4-Route-Unreachable
- Routing-IPv4-Nexthop
- Routing-IPv4-Broadcast
- Routing-IPv4-Multicast-IGMP-Snooping
- Routing-IPv4-Multicast-IGMP-Querier
- Routing-IPv4-Multicast-IGMP-Static
- Routing-IPv4-DHCP-Server
- Routing-IPv4-DHCP-Relay
- Routing-IPv4-DHCP-Snooping
- Routing-IPv4-Port-Forward
- Routing-IPv6-DHCP-Relay
- Routing-IPv6-DHCP-Stateful
- Routing-IPv6-DHCP-Stateless
- Routing-IPv6-Port-Forward
# PoE
- PoE-Reset
# .1X
- Port-Access-Control
- PAC-Dynamic-Auth
# System
- System-PasswordChange
- System-SwUpdate
- System-SwUpdate-Partial
- Port-Mirroring
# Services
- Service-SSH
- Service-RSSH
- Service-Telnet
- Service-LLDP
- Service-HTTP
- Service-HTTPS
- Service-GPS
- Service-IGMP
- Service-NTP
- Service-MDNS
- Service-QoS
- Service-Syslog
- Service-PAC
- Service-Wireguard-Overlay
- Service-Radius-Proxy
- Service-Online-Check
- Service-CaptivePortal
- Service-PublicIpCheck
# Tunneling
- Tunneling-VxLAN
- Tunneling-GRE
- Tunneling-GRE6
- Tunneling-L2TP
- Tunneling-Mesh

10
schema/ethernet.yml
View File

@@ -94,7 +94,7 @@ properties:
power-limit:
description:
Option to configure user defined absolute power limit PoE port can dain (in milliwatts, mW).
type: number
type: integer
default: 99900
priority:
description:
@@ -137,10 +137,10 @@ properties:
- auto
default: force-authorized
host-mode:
description:
Multi-auth While in this mode, multiple devices are allowed to independently authenticate through the same port.
Multi-domain While in this mode, the authenticator will allow one host from the data domain and one from the voice domain.
Multi-host While in this mode, the first device to authenticate will open to the switchport so that all other devices can use the port. These other devices are not required to be authenticated independently.
description: |
Multi-auth - While in this mode, multiple devices are allowed to independently authenticate through the same port.
Multi-domain - While in this mode, the authenticator will allow one host from the data domain and one from the voice domain.
Multi-host - While in this mode, the first device to authenticate will open to the switchport so that all other devices can use the port. These other devices are not required to be authenticated independently.
Single-host - While in this mode, the switchport will only allow a single host to be authenticated and to pass traffic at a time.
type: string
enum:

4
schema/globals.yml
View File

@@ -40,7 +40,7 @@ properties:
vrf:
description:
VRF id.
type: number
type: integer
ipv4-unreachable:
description:
Define a list of non-interface specific UNREACHABLE routes.
@@ -58,4 +58,4 @@ properties:
vrf:
description:
VRF id.
type: number
type: integer

16
schema/interface.ipv4.dhcp.yml
View File

@@ -20,3 +20,19 @@ properties:
type: string
format: uc-timeout
default: 6h
relay-server:
description:
Use host at this IPv4 address to forward packets between clients and servers on different subnets.
type: string
format: ipv4
example: 192.168.2.1
circuit-id-format:
description:
This option selects what info shall be contained within a relayed frame's circuit ID.
The string passed in has placeholders that are placed inside a bracket pair "{}".
Any text not contained within brackets will be included as freetext.
Valid placeholders are "Interface, VLAN-ID"
type: string
example:
- \{Interface\}:\{VLAN-ID\}}

78
schema/interface.ipv4.yml
View File

@@ -30,7 +30,7 @@ properties:
vrf:
description:
VRF id.
type: number
type: integer
gateway:
description:
This option defines the static IPv4 gateway of the logical interface.
@@ -55,7 +55,7 @@ properties:
vrf:
description:
VRF id.
type: number
type: integer
metric:
description:
Optional metric value (define a NH route's weight / metric).
@@ -77,7 +77,79 @@ properties:
vrf:
description:
VRF id.
type: number
type: integer
multicast:
type: object
properties:
unknown-multicast-flood-control:
description:
The unknown multicast flood control feature enables the system to forward unknown multicast packets only to a multicast router (mrouter).
type: boolean
default: true
igmp:
type: object
properties:
snooping-enable:
description:
Enable or disable IGMP snooping on per-VLAN basis.
type: boolean
default: true
version:
description:
Configures the IGMP version. Configurable versions are IGMPv1, IGMPv2, and IGMPv3
type: integer
enum:
- 1
- 2
- 3
examples:
- 3
default: 3
querier-enable:
description:
Configure this interface to act as a querier (multicast router)
type: boolean
default: false
fast-leave-enable:
description:
Removes the group state when it receives an IGMP Leave report without sending an IGMP query message
type: boolean
default: false
query-interval:
description:
Defines the interval between sending IGMP general queries
type: integer
default: 1000
last-member-query-interval:
description:
Defines the maximum response time (milliseconds) advertised in IGMP group-specific queries
type: integer
default: 1000
max-response-time:
description:
Configures a query maximum response time (in seconds) that is advertised on IGMP queries.
type: integer
default: 10
static-mcast-groups:
description:
Configures a Layer 2 port of a VLAN as a static member of an IGMP multicast group(s).
type: array
items:
type: object
properties:
egress-ports:
description:
Specify egress port(s) to forward mcast traffc of static group to.
type: array
items:
type: string
address:
description:
Specify IPV4 address (group) this interface is statically configured to be member of.
type: string
format: ipv4
examples:
- 225.0.0.1
send-hostname:
description:
include the devices hostname inside DHCP requests

7
schema/metrics.statistics.yml
View File

@@ -18,3 +18,10 @@ properties:
- lldp
- clients
- tid-stats
wired-clients-max-num:
description:
Configure maximum number of FDB entries device's allowed to report.
If omitted, device-default number should be used (2000).
Setting to zero means no entries should be reported, flag should be raised.
If device's current FDB size exceeds configured value, flag should be raised as well.
type: integer

4
schema/service.http.yml
View File

@@ -9,3 +9,7 @@ properties:
maximum: 65535
minimum: 1
default: 80
enable:
description:
This option whether http server should be enabled or disabled.
type: boolean

15
schema/service.https.yml Normal file
View File

@@ -0,0 +1,15 @@
description:
Enable the webserver with the on-boarding webui
type: object
properties:
https-port:
description:
The port that the secure HTTP server should run on.
type: integer
maximum: 65535
minimum: 1
default: 443
enable:
description:
This option whether secure http server should be enabled or disabled.
type: boolean

4
schema/service.ssh.yml
View File

@@ -25,3 +25,7 @@ properties:
to false, only ssh key based authentication is possible.
type: boolean
default: true
enable:
description:
This option whether SSH server should be enabled or disabled.
type: boolean

8
schema/service.telnet.yml Normal file
View File

@@ -0,0 +1,8 @@
description:
This section can be used to setup a Telnet server on the device.
type: object
properties:
enable:
description:
This option whether telnet server should be enabled or disabled.
type: boolean

4
schema/service.yml
View File

@@ -47,3 +47,7 @@ properties:
$ref: 'https://ucentral.io/schema/v1/service/admin-ui/'
rrm:
$ref: 'https://ucentral.io/schema/v1/service/rrm/'
telnet:
$ref: "https://ucentral.io/schema/v1/service/telnet/"
https:
$ref: "https://ucentral.io/schema/v1/service/https/"

182
schema/switch.yml
View File

@@ -43,50 +43,50 @@ properties:
enum:
- upstream
- downstream
instances:
description:
Define a list of configuration for each STP instance.
Meaning of this field depends on current
STP protocol (switch.loop-detection.protocol)
type: array
items:
type: object
properties:
id:
description:
Indicates instance to configure.
Depends on current STP protocol
If RPVSTP/PVSTP - vlan id
If MSTP - instance id
type: integer
enabled:
description:
Enable STP on this instance.
type: boolean
default: true
priority:
description:
Bridge priority.
type: integer
default: 32768
forward_delay:
description:
Defines the amount of time a switch port stays in the Listening
and Learning states before transitioning to the Forwarding state.
type: integer
default: 15
hellow_time:
description:
Determines how often switches send BPDU.
type: integer
default: 2
max_age:
description:
Specifies the maximum time that a switch port should wait to
receive a BPDU from its neighbor before
considering the link as failed or disconnected.
type: integer
default: 20
instances:
description:
Define a list of configuration for each STP instance.
Meaning of this field depends on current
STP protocol (switch.loop-detection.protocol)
type: array
items:
type: object
properties:
id:
description:
Indicates instance to configure.
Depends on current STP protocol
If RPVSTP/PVSTP - vlan id
If MSTP - instance id
type: integer
enabled:
description:
Enable STP on this instance.
type: boolean
default: true
priority:
description:
Bridge priority.
type: integer
default: 32768
forward_delay:
description:
Defines the amount of time a switch port stays in the Listening
and Learning states before transitioning to the Forwarding state.
type: integer
default: 15
hello_time:
description:
Determines how often switches send BPDU.
type: integer
default: 2
max_age:
description:
Specifies the maximum time that a switch port should wait to
receive a BPDU from its neighbor before
considering the link as failed or disconnected.
type: integer
default: 20
ieee8021x:
description:
This section describes the global 802.1X (port access control) configuration.
@@ -129,3 +129,97 @@ properties:
type: integer
maximum: 64
minimum: 1
dynamic-authorization:
description:
Additional dynamic authorization (RFC 5176 compliant) - configure option for DAS that enable RM and CoA processing.
type: object
properties:
auth-type:
description:
Sets the accepted authorization types for dynamic RADIUS clients.
all - Selects all COA client authentication types. All authentication attributes must match for the authentication to succeed.
any - Selects any COA client authentication type. Any authentication attribute may match for the authentication to succeed.
session-key - Indicates that the session-key must match for authentication to succeed.
type: string
enum:
- all
- any
- session-key
bounce-port-ignore:
description:
Sets the switch to ignore bounce-port requests from dynamic authorization clients.
type: boolean
default: false
disable-port-ignore:
description:
Sets the switch to ignore requests from dynamic authorization clients.
type: boolean
default: false
ignore-server-key:
description:
Do not attmept to authenticate with the server key.
type: boolean
default: false
ignore-session-key:
description:
Do not attmept to authenticate with the session key.
type: boolean
default: false
server-key:
description:
Sets the shared secret to verify client COA requests for this server.
type: string
client:
description:
Configure DAC.
type: array
items:
type: object
properties:
address:
description:
A valid IP address or hostname of a DAC.
type: string
server-key:
description:
Sets the shared secret to verify client COA requests for this server.
type: string
port-isolation:
description:
This section describes the per-port specific port-isolation matrix (to which ports selected port can forward traffic to) configuration.
Omitting this configuration completely fully disables any port-isolation configuration on this given port.
type: object
properties:
sessions:
description:
Allow selected port to forward traffic in the provided session-based format.
type: array
items:
type: object
properties:
id:
description:
Session id to configure.
type: integer
uplink:
description:
Configuration object for uplink interface(s)
type: object
properties:
interface-list:
description:
List of interfaces (either physical or trunk ports)
type: array
items:
type: string
downlink:
description:
Configuration object for downlink interface(s)
type: object
properties:
interface-list:
description:
List of interfaces (either physical or trunk ports)
type: array
items:
type: string

5
schema/ucentral.yml
View File

@@ -12,6 +12,11 @@ properties:
description:
The unique ID of the configuration. This is the unix timestamp of when the config was created.
type: integer
public_ip_lookup:
description:
The fqdn to retrieve public ip of internet connection.
type: string
format: uc-fqdn
unit:
$ref: "https://ucentral.io/schema/v1/unit/"
globals:

30
schema/unit.yml
View File

@@ -37,6 +37,10 @@ properties:
The device shall create a random root password and tell the gateway about it.
type: boolean
default: false
system-password:
description:
System-config string that holds the password for main (root / admin) user to apply.
type: string
beacon-advertisement:
description:
The TIP vendor IEs that shall be added to beacons
@@ -81,4 +85,28 @@ properties:
Configure a power alarm threshold for the Power sourcing equipment (in percentages %).
type: number
default: 90
multicast:
description:
This sections describes the system-wide (unit) multicast configuration object.
type: object
properties:
igmp-snooping-enable:
description:
Global config for controlling whether IGMP snooping is enabled. If this global setting is disabled, all VLANs are treated as disabled, whether they are enabled or not.
type: boolean
default: true
mld-snooping-enable:
description:
Global config for controlling whether MLD snooping is enabled. If this global setting is disabled, all VLANs are treated as disabled, whether they are enabled or not.
type: boolean
default: true
unknown-multicast-flood-control:
description:
Global config for the unknown multicast flood control feature. This enables the system to forward unknown multicast packets only to a multicast router (mrouter).
type: boolean
default: false
querier-enable:
description:
Global IGMP querier config. This enables all Vlan interfaces to act as a querier.
type: boolean
default: false

1519
schemareader.uc
View File

File diff suppressed because it is too large Load Diff

4
state/interface.ipv4.yml
View File

@@ -8,6 +8,10 @@ properties:
type: string
description:
An IPv4 addreess.
public_ip:
type: string
description:
The public IP address of internet connection.
leasetime:
type: number
description:

3
state/interface.ipv6-lease.yml
View File

@@ -1,9 +1,10 @@
type: array
description:
This section describes an IPv6 lease that we have served.
items:
type: object
description:
This section describes an IPv6 lease that we have served.
An object, that describes a single served IPv6 address.
properties:
addresses:
type: array

31
state/interface.yml
View File

@@ -42,4 +42,33 @@ items:
$ref: "https://ucentral.io/state/v1/interface/mesh-path/"
ssids:
$ref: "https://ucentral.io/state/v1/interface/ssid/"
multicast:
type: object
description:
Detailed information about all multicast-related data (groups joined, src address used etc)
properties:
igmp:
description:
Detailed information about IGMP configured / joined multicast groups, outgoing interfaces etc.
type: object
properties:
enabled-groups:
description:
List of joined IGMP multicast groups.
type: array
items:
type: object
properties:
address:
description:
Address of single group this interface is member of.
type: string
format: ipv4
examples:
- 225.0.0.1
egress-ports:
description:
List of ports where multicast traffic of this group is being replicated to.
type: array
items:
type: string

51
state/link-state.yml
View File

@@ -10,7 +10,7 @@ properties:
type: number
description:
The speed of the physical link.
duplex:
duplex:
type: string
description:
The physical links duplex mode.
@@ -74,6 +74,7 @@ properties:
- "NO_ERROR"
counters:
description:
PoE-related descriptive statistics (counters).
type: object
properties:
overload:
@@ -140,3 +141,51 @@ properties:
Vlan type of authenticated client (Authorization status of the client).
type: integer
maximum: 4095
transceiver-info:
description:
Object holds information about underlying SFP module currently inserted into port's cage.
Some of information is read directly from module's EEPROM, while other data is measured in runtime by device's hardware (vcc for example).
type: object
properties:
vendor-name:
description:
Vendor (name) identifier
type: string
form-factor:
description:
Form-factor of the module itself (For example - QSFP28, QSFP56-DD etc)
type: string
supported-link-modes:
description:
Reports supported link modes of inserted module
type: array
items:
type: string
part-number:
description:
Module's part number (vendor's specific)
type: string
serial-number:
description:
Serial number of connected module
type: string
revision:
description:
Module's HW revision (same part number can have multiple revisions)
type: string
temperature:
description:
Current module's temperature
type: number
tx-optical-power:
description:
Current module's transmit optical level (power)
type: number
rx-optical-power:
description:
Current module's receive optical level (power)
type: number
max-module-power:
description:
Max power (in Watts) module can drain.
type: number

22
state/mac-address-list.yml Normal file
View File

@@ -0,0 +1,22 @@
type: object
description:
This section describes the global (device-wise) mac-address-list (FDB table / wired clients).
properties:
overflow:
description:
Flag indicates that device could report an amount of FDB entries, which is bigger than what cloud had requested.
type: boolean
additionalProperties:
type: object
additionalProperties:
description:
VID (vlan id) identifier
type: array
items:
type: string
examples:
- overflow: true
Ethernet1:
'1': [ 'AABBCCDDEEFF', '112233445566']
Ethernet2:
'10': [ '11BBCCDDEEFF', '332233445566']

2
state/state.yml
View File

@@ -52,3 +52,5 @@ properties:
patternProperties:
"^(eth|lan|wan)[0-9]*$":
$ref: "https://ucentral.io/state/v1/link-state/"
mac-address-list:
$ref: "https://ucentral.io/state/v1/mac-address-list/"

48
state/unit.yml
View File

@@ -74,4 +74,50 @@ properties:
examples:
- "ON"
- "OFF"
ieee8021x:
description:
This section describes the global (device-wise) 802.1X (port access control) state and config applied.
type: object
properties:
dynamic-authorization:
description:
Reported DAS-related state info.
type: object
properties:
stats:
description:
Cumulative statistics for all configured DACs.
type: object
properties:
coa_req_received:
description:
Number of CoA requests received.
type: number
coa_ack_sent:
description:
Number of CoA ACK responses sent.
type: number
coa_nak_sent:
description:
Number of CoA NAK responses sent.
type: number
coa_ignored:
description:
Number of CoA requests ignored.
type: number
coa_wrong_attr:
description:
Number of CoA requests received with invalid (unsupported) attributes.
type: number
coa_wrong_attr_value:
description:
Number of CoA requests received with invalid (unsupported) attribute value.
type: number
coa_wrong_session_context:
description:
Number of CoA requests received with inexisting session context.
type: number
administratively_prohibited_req:
description:
Number of CoA requests that are sent if the NAS is configured to prohibit honoring of CoA-Request or Disconnect-Request packets for the specified session.
type: number

12
system/state.uc
View File

@@ -79,6 +79,16 @@ let delta = 1;
if (telemetry)
delta = 0;
let public_ip_file = "/tmp/public_ip";
let public_ip = "";
if (cfg.public_ip_lookup) {
if (!fs.access(public_ip_file))
system(sprintf("/usr/bin/curl -m 3 %s -o %s", cfg.public_ip_lookup, public_ip_file));
let online_file = fs.open(public_ip_file);
public_ip = online_file.read("all") || '';
online_file.close();
}
global.tid_stats = (index(stats.types, 'tid-stats') > 0);
/* load state data */
@@ -412,6 +422,8 @@ cursor.foreach("network", "interface", function(d) {
push(ipv4, sprintf("%s/%d", a.address, a.mask));
iface.ipv4.addresses = ipv4;
if( cfg.public_ip_lookup && length(public_ip))
iface.ipv4.public_ip = public_ip;
}
if (length(status["ipv6-address"])) {

610
ucentral.schema.full.json
View File

@@ -13,6 +13,11 @@
"description": "The unique ID of the configuration. This is the unix timestamp of when the config was created.",
"type": "integer"
},
"public_ip_lookup": {
"description": "The fqdn to retrieve public ip of internet connection.",
"type": "string",
"format": "uc-fqdn"
},
"unit": {
"description": "A device has certain properties that describe its identity and location. These properties are described inside this object.",
"type": "object",
@@ -49,6 +54,10 @@
"type": "boolean",
"default": false
},
"system-password": {
"description": "System-config string that holds the password for main (root / admin) user to apply.",
"type": "string"
},
"beacon-advertisement": {
"description": "The TIP vendor IEs that shall be added to beacons",
"type": "object",
@@ -66,6 +75,54 @@
"type": "integer"
}
}
},
"poe": {
"description": "This section describes the system-wide (unit) PoE controller configuration object.",
"type": "object",
"properties": {
"power-management": {
"description": "This configuration mode controls the power management algorithm used by the Power sourcing equipment to deliver power to the requesting PDs. \"class\" option - Class-based power management. \"dynamic\" option - Power management is done by the POE controller and the maximum power for a port is not reserved for each port. \"static\" option - The power deducted from the total power pool is the maximum power for that port. This mode ensures that the maximum power specified by you for the interface is always reserved and cannot be shared by other PDs.",
"type": "string",
"examples": [
"class",
"dynamic",
"dynamic-priority",
"static",
"static-priority"
]
},
"usage-threshold": {
"description": "Configure a power alarm threshold for the Power sourcing equipment (in percentages %).",
"type": "number",
"default": 90
}
}
},
"multicast": {
"description": "This sections describes the system-wide (unit) multicast configuration object.",
"type": "object",
"properties": {
"igmp-snooping-enable": {
"description": "Global config for controlling whether IGMP snooping is enabled. If this global setting is disabled, all VLANs are treated as disabled, whether they are enabled or not.",
"type": "boolean",
"default": true
},
"mld-snooping-enable": {
"description": "Global config for controlling whether MLD snooping is enabled. If this global setting is disabled, all VLANs are treated as disabled, whether they are enabled or not.",
"type": "boolean",
"default": true
},
"unknown-multicast-flood-control": {
"description": "Global config for the unknown multicast flood control feature. This enables the system to forward unknown multicast packets only to a multicast router (mrouter).",
"type": "boolean",
"default": false
},
"querier-enable": {
"description": "Global IGMP querier config. This enables all Vlan interfaces to act as a querier.",
"type": "boolean",
"default": false
}
}
}
}
},
@@ -370,6 +427,48 @@
}
}
]
},
"ipv4-blackhole": {
"description": "Define a list of non-interface specific BLACKHOLE (to-nowhere) routes.",
"type": "array",
"items": {
"type": "object",
"properties": {
"prefix": {
"description": "Defines a BLACKHOLE route's prefix.",
"type": "string",
"format": "uc-cidr4",
"examples": [
"192.168.1.0/24"
]
},
"vrf": {
"description": "VRF id.",
"type": "integer"
}
}
}
},
"ipv4-unreachable": {
"description": "Define a list of non-interface specific UNREACHABLE routes.",
"type": "array",
"items": {
"type": "object",
"properties": {
"prefix": {
"description": "Defines a UNREACHABLE route's prefix.",
"type": "string",
"format": "uc-cidr4",
"examples": [
"192.168.1.0/24"
]
},
"vrf": {
"description": "VRF id.",
"type": "integer"
}
}
}
}
}
},
@@ -468,8 +567,11 @@
1000,
2500,
5000,
10000
]
10000,
25000,
100000
],
"default": 1000
},
"duplex": {
"description": "The duplex mode that shall be forced.",
@@ -477,7 +579,8 @@
"enum": [
"half",
"full"
]
],
"default": "full"
},
"enabled": {
"description": "This allows forcing the port to down state by default.",
@@ -493,6 +596,95 @@
"quality-of-service"
]
}
},
"poe": {
"description": "This section describes the ethernet poe-port configuration object.",
"type": "object",
"properties": {
"admin-mode": {
"description": "Option to force admin state over selected port. Setting to <false> immediately shuts down power. Setting to <true> starts PoE hanshake (Power sourcing equipment < - > Powered Device) sequence and in case of success, power is being delivered to Powered Device.",
"type": "boolean",
"default": false
},
"do-reset": {
"description": "Option to force device's PSE (Power sourcing equipment) to invoke a PoE port reset sequence. This option can be used to reset PoE port without flickering it via <admin-mode> down/up sequence.",
"type": "boolean"
},
"detection": {
"description": "The detection mode is used to set the type of devices that are allowed for powering up. The PoE controller can be configured to detect only IEEE standard devices or pre-IEEE legacy devices (which were pre-standard - non-IEEE 802.3af compliant). For example, if \"dot3af\" is used (PoE, max up to 15.4 W), and Powered Device drains >15.4W, Power sourcing equipment won't allow this port to drain power.",
"type": "string",
"examples": [
"2pt-dot3af",
"2pt-dot3af+legacy",
"4pt-dot3af",
"4pt-dot3af+legacy",
"dot3bt",
"dot3bt+legacy",
"legacy"
],
"default": "dot3bt"
},
"power-limit": {
"description": "Option to configure user defined absolute power limit PoE port can dain (in milliwatts, mW).",
"type": "integer",
"default": 99900
},
"priority": {
"description": "Option to set priority to each PoE port. When the PoE switch has less power available and more ports are required to supply power, higher priority ports are receive power in preference to lower priority ports.",
"type": "string",
"default": "low",
"examples": [
"critical",
"high",
"medium",
"low"
]
}
}
},
"ieee8021x": {
"description": "This section describes the per-port specific 802.1X (port access control) configuration.",
"type": "object",
"properties": {
"is-authenticator": {
"description": "Configure PAE processing on port, as well as select this port as an Authenticator (configure PAC role to authenticator). False configures the switch to not process PAC",
"type": "boolean",
"default": false
},
"authentication-mode": {
"description": "Configure PAE processing on port, as well as select this port as an Authenticator (configure PAC role to authenticator). force-authorized - Disables IEEE 802.1X authentication and causes the port to change to the authorized state without any authentication exchange required. The port sends and receives normal traffic without IEEE 802.1X-based authentication of the client. force-unauthorized - Causes the port to remain in the unauthorized state, ignoring all attempts by the supplicant to authenticate. The Device cannot provide authentication services to the supplicant through the port. auto - Enables IEEE 802.1X authentication and causes the port to begin in the unauthorized state, allowing only EAPOL frames to be sent and received through the port. The authentication process begins when the link state of the port changes from down to up or when an EAPOL-start frame is received. The Device requests the identity of the supplicant and begins relaying authentication messages between the supplicant and the authentication server. Each supplicant attempting to access the network is uniquely identified by the Device by using the supplicant MAC address.",
"type": "string",
"enum": [
"force-authorized",
"force-unauthorized",
"auto"
],
"default": "force-authorized"
},
"host-mode": {
"description": "Multi-auth - While in this mode, multiple devices are allowed to independently authenticate through the same port.\nMulti-domain - While in this mode, the authenticator will allow one host from the data domain and one from the voice domain.\nMulti-host - While in this mode, the first device to authenticate will open to the switchport so that all other devices can use the port. These other devices are not required to be authenticated independently.\nSingle-host - While in this mode, the switchport will only allow a single host to be authenticated and to pass traffic at a time.\n",
"type": "string",
"enum": [
"multi-auth",
"multi-domain",
"multi-host",
"single-host"
],
"default": "multi-auth"
},
"guest-vlan": {
"description": "Configure a VLAN as a guest VLAN on an interface if the switch receives no response in an authentication event.",
"type": "integer",
"minimum": 1,
"maximum": 4094
},
"unauthenticated-vlan": {
"description": "Configure the unauthenticated VLAN to use when the AAA server fails to recognize the client credentials",
"type": "integer",
"minimum": 1,
"maximum": 4094
}
}
}
}
}
@@ -526,7 +718,12 @@
"description": "Define which protocol shall be used for loop detection.",
"type": "string",
"enum": [
"rstp"
"none",
"stp",
"rstp",
"mstp",
"pvstp",
"rpvstp"
],
"default": "rstp"
},
@@ -540,6 +737,192 @@
"downstream"
]
}
},
"instances": {
"description": "Define a list of configuration for each STP instance. Meaning of this field depends on current STP protocol (switch.loop-detection.protocol)",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"description": "Indicates instance to configure. Depends on current STP protocol If RPVSTP/PVSTP - vlan id If MSTP - instance id",
"type": "integer"
},
"enabled": {
"description": "Enable STP on this instance.",
"type": "boolean",
"default": true
},
"priority": {
"description": "Bridge priority.",
"type": "integer",
"default": 32768
},
"forward_delay": {
"description": "Defines the amount of time a switch port stays in the Listening and Learning states before transitioning to the Forwarding state.",
"type": "integer",
"default": 15
},
"hello_time": {
"description": "Determines how often switches send BPDU.",
"type": "integer",
"default": 2
},
"max_age": {
"description": "Specifies the maximum time that a switch port should wait to receive a BPDU from its neighbor before considering the link as failed or disconnected.",
"type": "integer",
"default": 20
}
}
}
}
}
},
"ieee8021x": {
"description": "This section describes the global 802.1X (port access control) configuration.",
"type": "object",
"properties": {
"auth-control-enable": {
"description": "Enabled processing of PAE frames on ports that have .1X configured.",
"type": "boolean",
"default": false
},
"radius": {
"description": "Define a list of RADIUS server to forward auth requests to.",
"type": "array",
"items": {
"type": "object",
"properties": {
"server-host": {
"description": "Remote radius server address (IP or hostname).",
"type": "string",
"examples": [
"192.168.1.1",
"somehost.com"
]
},
"server-authentication-port": {
"description": "The port that the RADIUS authentication agent is running on.",
"type": "integer",
"maximum": 65535,
"minimum": 1
},
"server-key": {
"description": "Secret key text that is shared between a RADIUS server and the switch.",
"type": "string",
"examples": [
"somepassword"
]
},
"server-priority": {
"description": "The server's priority (used when multiple servers are present. Bigger prio value = higher priority).",
"type": "integer",
"maximum": 64,
"minimum": 1
}
}
}
},
"dynamic-authorization": {
"description": "Additional dynamic authorization (RFC 5176 compliant) - configure option for DAS that enable RM and CoA processing.",
"type": "object",
"properties": {
"auth-type": {
"description": "Sets the accepted authorization types for dynamic RADIUS clients. all - Selects all COA client authentication types. All authentication attributes must match for the authentication to succeed. any - Selects any COA client authentication type. Any authentication attribute may match for the authentication to succeed. session-key - Indicates that the session-key must match for authentication to succeed.",
"type": "string",
"enum": [
"all",
"any",
"session-key"
]
},
"bounce-port-ignore": {
"description": "Sets the switch to ignore bounce-port requests from dynamic authorization clients.",
"type": "boolean",
"default": false
},
"disable-port-ignore": {
"description": "Sets the switch to ignore requests from dynamic authorization clients.",
"type": "boolean",
"default": false
},
"ignore-server-key": {
"description": "Do not attmept to authenticate with the server key.",
"type": "boolean",
"default": false
},
"ignore-session-key": {
"description": "Do not attmept to authenticate with the session key.",
"type": "boolean",
"default": false
},
"server-key": {
"description": "Sets the shared secret to verify client COA requests for this server.",
"type": "string"
},
"client": {
"description": "Configure DAC.",
"type": "array",
"items": {
"type": "object",
"properties": {
"address": {
"description": "A valid IP address or hostname of a DAC.",
"type": "string"
},
"server-key": {
"description": "Sets the shared secret to verify client COA requests for this server.",
"type": "string"
}
}
}
}
}
}
}
},
"port-isolation": {
"description": "This section describes the per-port specific port-isolation matrix (to which ports selected port can forward traffic to) configuration. Omitting this configuration completely fully disables any port-isolation configuration on this given port.",
"type": "object",
"properties": {
"sessions": {
"description": "Allow selected port to forward traffic in the provided session-based format.",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"description": "Session id to configure.",
"type": "integer"
},
"uplink": {
"description": "Configuration object for uplink interface(s)",
"type": "object",
"properties": {
"interface-list": {
"description": "List of interfaces (either physical or trunk ports)",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"downlink": {
"description": "Configuration object for downlink interface(s)",
"type": "object",
"properties": {
"interface-list": {
"description": "List of interfaces (either physical or trunk ports)",
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
}
}
}
}
@@ -846,6 +1229,10 @@
"802.1q"
],
"default": "802.1q"
},
"stp-instance": {
"decription": "MSTP instance identifier of the vlan. This field does nothing if MSTP is not enabled.",
"type": "integer"
}
}
},
@@ -953,20 +1340,161 @@
]
},
"subnet": {
"description": "This option defines the static IPv4 of the logical interface in CIDR notation. auto/24 can be used, causing the configuration layer to automatically use and address range from globals.ipv4-network.",
"type": "string",
"format": "uc-cidr4",
"examples": [
"auto/24"
]
"description": "This option defines a list of CONNECTED routes (with VRF id) in CIDR notation.",
"type": "array",
"items": {
"type": "object",
"properties": {
"prefix": {
"description": "Defines a CONNECTED route's prefix (network).",
"type": "string",
"format": "uc-cidr4",
"examples": [
"192.168.1.0/24"
]
},
"vrf": {
"description": "VRF id.",
"type": "integer"
}
}
}
},
"gateway": {
"description": "This option defines the static IPv4 gateway of the logical interface.",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.1.1"
]
"type": "array",
"items": {
"type": "object",
"properties": {
"prefix": {
"description": "Defines a NEXTHOP route's prefix (network).",
"type": "string",
"format": "uc-cidr4",
"examples": [
"192.168.1.0/24"
]
},
"nexthop": {
"description": "Gateway (nexthop) address.",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.1.1"
]
},
"vrf": {
"description": "VRF id.",
"type": "integer"
},
"metric": {
"description": "Optional metric value (define a NH route's weight / metric).",
"type": "number"
}
}
}
},
"broadcast": {
"description": "This option defines a list of BROADCAST routes (with VRF id) in CIDR notation.",
"type": "array",
"items": {
"type": "object",
"properties": {
"prefix": {
"description": "Defines a BROADCAST route's prefix (network).",
"type": "string",
"format": "uc-cidr4",
"examples": [
"192.168.1.0/24"
]
},
"vrf": {
"description": "VRF id.",
"type": "integer"
}
}
}
},
"multicast": {
"type": "object",
"properties": {
"unknown-multicast-flood-control": {
"description": "The unknown multicast flood control feature enables the system to forward unknown multicast packets only to a multicast router (mrouter).",
"type": "boolean",
"default": true
},
"igmp": {
"type": "object",
"properties": {
"snooping-enable": {
"description": "Enable or disable IGMP snooping on per-VLAN basis.",
"type": "boolean",
"default": true
},
"version": {
"description": "Configures the IGMP version. Configurable versions are IGMPv1, IGMPv2, and IGMPv3",
"type": "integer",
"enum": [
1,
2,
3
],
"examples": [
3
],
"default": 3
},
"querier-enable": {
"description": "Configure this interface to act as a querier (multicast router)",
"type": "boolean",
"default": false
},
"fast-leave-enable": {
"description": "Removes the group state when it receives an IGMP Leave report without sending an IGMP query message",
"type": "boolean",
"default": false
},
"query-interval": {
"description": "Defines the interval between sending IGMP general queries",
"type": "integer",
"default": 1000
},
"last-member-query-interval": {
"description": "Defines the maximum response time (milliseconds) advertised in IGMP group-specific queries",
"type": "integer",
"default": 1000
},
"max-response-time": {
"description": "Configures a query maximum response time (in seconds) that is advertised on IGMP queries.",
"type": "integer",
"default": 10
},
"static-mcast-groups": {
"description": "Configures a Layer 2 port of a VLAN as a static member of an IGMP multicast group(s).",
"type": "array",
"items": {
"type": "object",
"properties": {
"egress-ports": {
"description": "Specify egress port(s) to forward mcast traffc of static group to.",
"type": "array",
"items": {
"type": "string"
}
},
"address": {
"description": "Specify IPV4 address (group) this interface is statically configured to be member of.",
"type": "string",
"format": "ipv4",
"examples": [
"225.0.0.1"
]
}
}
}
}
}
}
}
},
"send-hostname": {
"description": "include the devices hostname inside DHCP requests",
@@ -1011,6 +1539,19 @@
"type": "string",
"format": "uc-timeout",
"default": "6h"
},
"relay-server": {
"description": "Use host at this IPv4 address to forward packets between clients and servers on different subnets.",
"type": "string",
"format": "ipv4",
"example": "192.168.2.1"
},
"circuit-id-format": {
"description": "This option selects what info shall be contained within a relayed frame's circuit ID. The string passed in has placeholders that are placed inside a bracket pair \"{}\". Any text not contained within brackets will be included as freetext. Valid placeholders are \"Interface, VLAN-ID\"",
"type": "string",
"example": [
"\\{Interface\\}:\\{VLAN-ID\\}}"
]
}
}
},
@@ -2879,6 +3420,10 @@
"description": "This option defines if password authentication shall be enabled. If set to false, only ssh key based authentication is possible.",
"type": "boolean",
"default": true
},
"enable": {
"description": "This option whether SSH server should be enabled or disabled.",
"type": "boolean"
}
}
},
@@ -3005,6 +3550,10 @@
"maximum": 65535,
"minimum": 1,
"default": 80
},
"enable": {
"description": "This option whether http server should be enabled or disabled.",
"type": "boolean"
}
}
},
@@ -4184,6 +4733,33 @@
"type": "number"
}
}
},
"telnet": {
"description": "This section can be used to setup a Telnet server on the device.",
"type": "object",
"properties": {
"enable": {
"description": "This option whether telnet server should be enabled or disabled.",
"type": "boolean"
}
}
},
"https": {
"description": "Enable the webserver with the on-boarding webui",
"type": "object",
"properties": {
"https-port": {
"description": "The port that the secure HTTP server should run on.",
"type": "integer",
"maximum": 65535,
"minimum": 1,
"default": 443
},
"enable": {
"description": "This option whether secure http server should be enabled or disabled.",
"type": "boolean"
}
}
}
}
},
@@ -4212,6 +4788,10 @@
"tid-stats"
]
}
},
"wired-clients-max-num": {
"description": "Configure maximum number of FDB entries device's allowed to report. If omitted, device-default number should be used (2000). Setting to zero means no entries should be reported, flag should be raised. If device's current FDB size exceeds configured value, flag should be raised as well.",
"type": "integer"
}
}
},

307
ucentral.schema.json
View File

@@ -10,6 +10,10 @@
"uuid": {
"type": "integer"
},
"public_ip_lookup": {
"type": "string",
"format": "uc-fqdn"
},
"unit": {
"$ref": "#/$defs/unit"
},
@@ -84,6 +88,9 @@
"type": "boolean",
"default": false
},
"system-password": {
"type": "string"
},
"beacon-advertisement": {
"type": "object",
"properties": {
@@ -116,6 +123,27 @@
"default": 90
}
}
},
"multicast": {
"type": "object",
"properties": {
"igmp-snooping-enable": {
"type": "boolean",
"default": true
},
"mld-snooping-enable": {
"type": "boolean",
"default": true
},
"unknown-multicast-flood-control": {
"type": "boolean",
"default": false
},
"querier-enable": {
"type": "boolean",
"default": false
}
}
}
}
},
@@ -235,7 +263,7 @@
]
},
"vrf": {
"type": "number"
"type": "integer"
}
}
}
@@ -253,7 +281,7 @@
]
},
"vrf": {
"type": "number"
"type": "integer"
}
}
}
@@ -349,14 +377,16 @@
10000,
25000,
100000
]
],
"default": 1000
},
"duplex": {
"type": "string",
"enum": [
"half",
"full"
]
],
"default": "full"
},
"enabled": {
"type": "boolean",
@@ -395,7 +425,7 @@
"default": "dot3bt"
},
"power-limit": {
"type": "number",
"type": "integer",
"default": 99900
},
"priority": {
@@ -491,35 +521,35 @@
"downstream"
]
}
}
},
"instances": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "integer"
},
"enabled": {
"type": "boolean",
"default": true
},
"priority": {
"type": "integer",
"default": 32768
},
"forward_delay": {
"type": "integer",
"default": 15
},
"hellow_time": {
"type": "integer",
"default": 2
},
"max_age": {
"type": "integer",
"default": 20
},
"instances": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "integer"
},
"enabled": {
"type": "boolean",
"default": true
},
"priority": {
"type": "integer",
"default": 32768
},
"forward_delay": {
"type": "integer",
"default": 15
},
"hello_time": {
"type": "integer",
"default": 2
},
"max_age": {
"type": "integer",
"default": 20
}
}
}
}
@@ -562,6 +592,90 @@
}
}
}
},
"dynamic-authorization": {
"type": "object",
"properties": {
"auth-type": {
"type": "string",
"enum": [
"all",
"any",
"session-key"
]
},
"bounce-port-ignore": {
"type": "boolean",
"default": false
},
"disable-port-ignore": {
"type": "boolean",
"default": false
},
"ignore-server-key": {
"type": "boolean",
"default": false
},
"ignore-session-key": {
"type": "boolean",
"default": false
},
"server-key": {
"type": "string"
},
"client": {
"type": "array",
"items": {
"type": "object",
"properties": {
"address": {
"type": "string"
},
"server-key": {
"type": "string"
}
}
}
}
}
}
}
},
"port-isolation": {
"type": "object",
"properties": {
"sessions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "integer"
},
"uplink": {
"type": "object",
"properties": {
"interface-list": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"downlink": {
"type": "object",
"properties": {
"interface-list": {
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
}
}
}
}
@@ -883,6 +997,17 @@
"type": "string",
"format": "uc-timeout",
"default": "6h"
},
"relay-server": {
"type": "string",
"format": "ipv4",
"example": "192.168.2.1"
},
"circuit-id-format": {
"type": "string",
"example": [
"\\{Interface\\}:\\{VLAN-ID\\}}"
]
}
}
},
@@ -981,7 +1106,7 @@
]
},
"vrf": {
"type": "number"
"type": "integer"
}
}
}
@@ -1006,7 +1131,7 @@
]
},
"vrf": {
"type": "number"
"type": "integer"
},
"metric": {
"type": "number"
@@ -1027,7 +1152,78 @@
]
},
"vrf": {
"type": "number"
"type": "integer"
}
}
}
},
"multicast": {
"type": "object",
"properties": {
"unknown-multicast-flood-control": {
"type": "boolean",
"default": true
},
"igmp": {
"type": "object",
"properties": {
"snooping-enable": {
"type": "boolean",
"default": true
},
"version": {
"type": "integer",
"enum": [
1,
2,
3
],
"examples": [
3
],
"default": 3
},
"querier-enable": {
"type": "boolean",
"default": false
},
"fast-leave-enable": {
"type": "boolean",
"default": false
},
"query-interval": {
"type": "integer",
"default": 1000
},
"last-member-query-interval": {
"type": "integer",
"default": 1000
},
"max-response-time": {
"type": "integer",
"default": 10
},
"static-mcast-groups": {
"type": "array",
"items": {
"type": "object",
"properties": {
"egress-ports": {
"type": "array",
"items": {
"type": "string"
}
},
"address": {
"type": "string",
"format": "ipv4",
"examples": [
"225.0.0.1"
]
}
}
}
}
}
}
}
@@ -2568,6 +2764,9 @@
"password-authentication": {
"type": "boolean",
"default": true
},
"enable": {
"type": "boolean"
}
}
},
@@ -2676,6 +2875,9 @@
"maximum": 65535,
"minimum": 1,
"default": 80
},
"enable": {
"type": "boolean"
}
}
},
@@ -3424,6 +3626,28 @@
}
}
},
"service.telnet": {
"type": "object",
"properties": {
"enable": {
"type": "boolean"
}
}
},
"service.https": {
"type": "object",
"properties": {
"https-port": {
"type": "integer",
"maximum": 65535,
"minimum": 1,
"default": 443
},
"enable": {
"type": "boolean"
}
}
},
"service": {
"type": "object",
"properties": {
@@ -3492,6 +3716,12 @@
},
"rrm": {
"$ref": "#/$defs/service.rrm"
},
"telnet": {
"$ref": "#/$defs/service.telnet"
},
"https": {
"$ref": "#/$defs/service.https"
}
}
},
@@ -3513,6 +3743,9 @@
"tid-stats"
]
}
},
"wired-clients-max-num": {
"type": "integer"
}
}
},

616
ucentral.schema.pretty.json
View File

@@ -13,6 +13,11 @@
"description": "The unique ID of the configuration. This is the unix timestamp of when the config was created.",
"type": "integer"
},
"public_ip_lookup": {
"description": "The fqdn to retrieve public ip of internet connection.",
"type": "string",
"format": "uc-fqdn"
},
"unit": {
"$ref": "#/$defs/unit"
},
@@ -94,6 +99,10 @@
"type": "boolean",
"default": false
},
"system-password": {
"description": "System-config string that holds the password for main (root / admin) user to apply.",
"type": "string"
},
"beacon-advertisement": {
"description": "The TIP vendor IEs that shall be added to beacons",
"type": "object",
@@ -111,6 +120,54 @@
"type": "integer"
}
}
},
"poe": {
"description": "This section describes the system-wide (unit) PoE controller configuration object.",
"type": "object",
"properties": {
"power-management": {
"description": "This configuration mode controls the power management algorithm used by the Power sourcing equipment to deliver power to the requesting PDs. \"class\" option - Class-based power management. \"dynamic\" option - Power management is done by the POE controller and the maximum power for a port is not reserved for each port. \"static\" option - The power deducted from the total power pool is the maximum power for that port. This mode ensures that the maximum power specified by you for the interface is always reserved and cannot be shared by other PDs.",
"type": "string",
"examples": [
"class",
"dynamic",
"dynamic-priority",
"static",
"static-priority"
]
},
"usage-threshold": {
"description": "Configure a power alarm threshold for the Power sourcing equipment (in percentages %).",
"type": "number",
"default": 90
}
}
},
"multicast": {
"description": "This sections describes the system-wide (unit) multicast configuration object.",
"type": "object",
"properties": {
"igmp-snooping-enable": {
"description": "Global config for controlling whether IGMP snooping is enabled. If this global setting is disabled, all VLANs are treated as disabled, whether they are enabled or not.",
"type": "boolean",
"default": true
},
"mld-snooping-enable": {
"description": "Global config for controlling whether MLD snooping is enabled. If this global setting is disabled, all VLANs are treated as disabled, whether they are enabled or not.",
"type": "boolean",
"default": true
},
"unknown-multicast-flood-control": {
"description": "Global config for the unknown multicast flood control feature. This enables the system to forward unknown multicast packets only to a multicast router (mrouter).",
"type": "boolean",
"default": false
},
"querier-enable": {
"description": "Global IGMP querier config. This enables all Vlan interfaces to act as a querier.",
"type": "boolean",
"default": false
}
}
}
}
},
@@ -221,6 +278,48 @@
"$ref": "#/$defs/globals.wireless-multimedia.profile"
}
]
},
"ipv4-blackhole": {
"description": "Define a list of non-interface specific BLACKHOLE (to-nowhere) routes.",
"type": "array",
"items": {
"type": "object",
"properties": {
"prefix": {
"description": "Defines a BLACKHOLE route's prefix.",
"type": "string",
"format": "uc-cidr4",
"examples": [
"192.168.1.0/24"
]
},
"vrf": {
"description": "VRF id.",
"type": "integer"
}
}
}
},
"ipv4-unreachable": {
"description": "Define a list of non-interface specific UNREACHABLE routes.",
"type": "array",
"items": {
"type": "object",
"properties": {
"prefix": {
"description": "Defines a UNREACHABLE route's prefix.",
"type": "string",
"format": "uc-cidr4",
"examples": [
"192.168.1.0/24"
]
},
"vrf": {
"description": "VRF id.",
"type": "integer"
}
}
}
}
}
},
@@ -320,8 +419,11 @@
1000,
2500,
5000,
10000
]
10000,
25000,
100000
],
"default": 1000
},
"duplex": {
"description": "The duplex mode that shall be forced.",
@@ -329,7 +431,8 @@
"enum": [
"half",
"full"
]
],
"default": "full"
},
"enabled": {
"description": "This allows forcing the port to down state by default.",
@@ -345,6 +448,95 @@
"quality-of-service"
]
}
},
"poe": {
"description": "This section describes the ethernet poe-port configuration object.",
"type": "object",
"properties": {
"admin-mode": {
"description": "Option to force admin state over selected port. Setting to <false> immediately shuts down power. Setting to <true> starts PoE hanshake (Power sourcing equipment < - > Powered Device) sequence and in case of success, power is being delivered to Powered Device.",
"type": "boolean",
"default": false
},
"do-reset": {
"description": "Option to force device's PSE (Power sourcing equipment) to invoke a PoE port reset sequence. This option can be used to reset PoE port without flickering it via <admin-mode> down/up sequence.",
"type": "boolean"
},
"detection": {
"description": "The detection mode is used to set the type of devices that are allowed for powering up. The PoE controller can be configured to detect only IEEE standard devices or pre-IEEE legacy devices (which were pre-standard - non-IEEE 802.3af compliant). For example, if \"dot3af\" is used (PoE, max up to 15.4 W), and Powered Device drains >15.4W, Power sourcing equipment won't allow this port to drain power.",
"type": "string",
"examples": [
"2pt-dot3af",
"2pt-dot3af+legacy",
"4pt-dot3af",
"4pt-dot3af+legacy",
"dot3bt",
"dot3bt+legacy",
"legacy"
],
"default": "dot3bt"
},
"power-limit": {
"description": "Option to configure user defined absolute power limit PoE port can dain (in milliwatts, mW).",
"type": "integer",
"default": 99900
},
"priority": {
"description": "Option to set priority to each PoE port. When the PoE switch has less power available and more ports are required to supply power, higher priority ports are receive power in preference to lower priority ports.",
"type": "string",
"default": "low",
"examples": [
"critical",
"high",
"medium",
"low"
]
}
}
},
"ieee8021x": {
"description": "This section describes the per-port specific 802.1X (port access control) configuration.",
"type": "object",
"properties": {
"is-authenticator": {
"description": "Configure PAE processing on port, as well as select this port as an Authenticator (configure PAC role to authenticator). False configures the switch to not process PAC",
"type": "boolean",
"default": false
},
"authentication-mode": {
"description": "Configure PAE processing on port, as well as select this port as an Authenticator (configure PAC role to authenticator). force-authorized - Disables IEEE 802.1X authentication and causes the port to change to the authorized state without any authentication exchange required. The port sends and receives normal traffic without IEEE 802.1X-based authentication of the client. force-unauthorized - Causes the port to remain in the unauthorized state, ignoring all attempts by the supplicant to authenticate. The Device cannot provide authentication services to the supplicant through the port. auto - Enables IEEE 802.1X authentication and causes the port to begin in the unauthorized state, allowing only EAPOL frames to be sent and received through the port. The authentication process begins when the link state of the port changes from down to up or when an EAPOL-start frame is received. The Device requests the identity of the supplicant and begins relaying authentication messages between the supplicant and the authentication server. Each supplicant attempting to access the network is uniquely identified by the Device by using the supplicant MAC address.",
"type": "string",
"enum": [
"force-authorized",
"force-unauthorized",
"auto"
],
"default": "force-authorized"
},
"host-mode": {
"description": "Multi-auth - While in this mode, multiple devices are allowed to independently authenticate through the same port.\nMulti-domain - While in this mode, the authenticator will allow one host from the data domain and one from the voice domain.\nMulti-host - While in this mode, the first device to authenticate will open to the switchport so that all other devices can use the port. These other devices are not required to be authenticated independently.\nSingle-host - While in this mode, the switchport will only allow a single host to be authenticated and to pass traffic at a time.\n",
"type": "string",
"enum": [
"multi-auth",
"multi-domain",
"multi-host",
"single-host"
],
"default": "multi-auth"
},
"guest-vlan": {
"description": "Configure a VLAN as a guest VLAN on an interface if the switch receives no response in an authentication event.",
"type": "integer",
"minimum": 1,
"maximum": 4094
},
"unauthenticated-vlan": {
"description": "Configure the unauthenticated VLAN to use when the AAA server fails to recognize the client credentials",
"type": "integer",
"minimum": 1,
"maximum": 4094
}
}
}
}
},
@@ -377,7 +569,12 @@
"description": "Define which protocol shall be used for loop detection.",
"type": "string",
"enum": [
"rstp"
"none",
"stp",
"rstp",
"mstp",
"pvstp",
"rpvstp"
],
"default": "rstp"
},
@@ -391,6 +588,192 @@
"downstream"
]
}
},
"instances": {
"description": "Define a list of configuration for each STP instance. Meaning of this field depends on current STP protocol (switch.loop-detection.protocol)",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"description": "Indicates instance to configure. Depends on current STP protocol If RPVSTP/PVSTP - vlan id If MSTP - instance id",
"type": "integer"
},
"enabled": {
"description": "Enable STP on this instance.",
"type": "boolean",
"default": true
},
"priority": {
"description": "Bridge priority.",
"type": "integer",
"default": 32768
},
"forward_delay": {
"description": "Defines the amount of time a switch port stays in the Listening and Learning states before transitioning to the Forwarding state.",
"type": "integer",
"default": 15
},
"hello_time": {
"description": "Determines how often switches send BPDU.",
"type": "integer",
"default": 2
},
"max_age": {
"description": "Specifies the maximum time that a switch port should wait to receive a BPDU from its neighbor before considering the link as failed or disconnected.",
"type": "integer",
"default": 20
}
}
}
}
}
},
"ieee8021x": {
"description": "This section describes the global 802.1X (port access control) configuration.",
"type": "object",
"properties": {
"auth-control-enable": {
"description": "Enabled processing of PAE frames on ports that have .1X configured.",
"type": "boolean",
"default": false
},
"radius": {
"description": "Define a list of RADIUS server to forward auth requests to.",
"type": "array",
"items": {
"type": "object",
"properties": {
"server-host": {
"description": "Remote radius server address (IP or hostname).",
"type": "string",
"examples": [
"192.168.1.1",
"somehost.com"
]
},
"server-authentication-port": {
"description": "The port that the RADIUS authentication agent is running on.",
"type": "integer",
"maximum": 65535,
"minimum": 1
},
"server-key": {
"description": "Secret key text that is shared between a RADIUS server and the switch.",
"type": "string",
"examples": [
"somepassword"
]
},
"server-priority": {
"description": "The server's priority (used when multiple servers are present. Bigger prio value = higher priority).",
"type": "integer",
"maximum": 64,
"minimum": 1
}
}
}
},
"dynamic-authorization": {
"description": "Additional dynamic authorization (RFC 5176 compliant) - configure option for DAS that enable RM and CoA processing.",
"type": "object",
"properties": {
"auth-type": {
"description": "Sets the accepted authorization types for dynamic RADIUS clients. all - Selects all COA client authentication types. All authentication attributes must match for the authentication to succeed. any - Selects any COA client authentication type. Any authentication attribute may match for the authentication to succeed. session-key - Indicates that the session-key must match for authentication to succeed.",
"type": "string",
"enum": [
"all",
"any",
"session-key"
]
},
"bounce-port-ignore": {
"description": "Sets the switch to ignore bounce-port requests from dynamic authorization clients.",
"type": "boolean",
"default": false
},
"disable-port-ignore": {
"description": "Sets the switch to ignore requests from dynamic authorization clients.",
"type": "boolean",
"default": false
},
"ignore-server-key": {
"description": "Do not attmept to authenticate with the server key.",
"type": "boolean",
"default": false
},
"ignore-session-key": {
"description": "Do not attmept to authenticate with the session key.",
"type": "boolean",
"default": false
},
"server-key": {
"description": "Sets the shared secret to verify client COA requests for this server.",
"type": "string"
},
"client": {
"description": "Configure DAC.",
"type": "array",
"items": {
"type": "object",
"properties": {
"address": {
"description": "A valid IP address or hostname of a DAC.",
"type": "string"
},
"server-key": {
"description": "Sets the shared secret to verify client COA requests for this server.",
"type": "string"
}
}
}
}
}
}
}
},
"port-isolation": {
"description": "This section describes the per-port specific port-isolation matrix (to which ports selected port can forward traffic to) configuration. Omitting this configuration completely fully disables any port-isolation configuration on this given port.",
"type": "object",
"properties": {
"sessions": {
"description": "Allow selected port to forward traffic in the provided session-based format.",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"description": "Session id to configure.",
"type": "integer"
},
"uplink": {
"description": "Configuration object for uplink interface(s)",
"type": "object",
"properties": {
"interface-list": {
"description": "List of interfaces (either physical or trunk ports)",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"downlink": {
"description": "Configuration object for downlink interface(s)",
"type": "object",
"properties": {
"interface-list": {
"description": "List of interfaces (either physical or trunk ports)",
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
}
}
}
}
@@ -640,6 +1023,10 @@
"802.1q"
],
"default": "802.1q"
},
"stp-instance": {
"decription": "MSTP instance identifier of the vlan. This field does nothing if MSTP is not enabled.",
"type": "integer"
}
}
},
@@ -750,6 +1137,19 @@
"type": "string",
"format": "uc-timeout",
"default": "6h"
},
"relay-server": {
"description": "Use host at this IPv4 address to forward packets between clients and servers on different subnets.",
"type": "string",
"format": "ipv4",
"example": "192.168.2.1"
},
"circuit-id-format": {
"description": "This option selects what info shall be contained within a relayed frame's circuit ID. The string passed in has placeholders that are placed inside a bracket pair \"{}\". Any text not contained within brackets will be included as freetext. Valid placeholders are \"Interface, VLAN-ID\"",
"type": "string",
"example": [
"\\{Interface\\}:\\{VLAN-ID\\}}"
]
}
}
},
@@ -848,20 +1248,161 @@
]
},
"subnet": {
"description": "This option defines the static IPv4 of the logical interface in CIDR notation. auto/24 can be used, causing the configuration layer to automatically use and address range from globals.ipv4-network.",
"type": "string",
"format": "uc-cidr4",
"examples": [
"auto/24"
]
"description": "This option defines a list of CONNECTED routes (with VRF id) in CIDR notation.",
"type": "array",
"items": {
"type": "object",
"properties": {
"prefix": {
"description": "Defines a CONNECTED route's prefix (network).",
"type": "string",
"format": "uc-cidr4",
"examples": [
"192.168.1.0/24"
]
},
"vrf": {
"description": "VRF id.",
"type": "integer"
}
}
}
},
"gateway": {
"description": "This option defines the static IPv4 gateway of the logical interface.",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.1.1"
]
"type": "array",
"items": {
"type": "object",
"properties": {
"prefix": {
"description": "Defines a NEXTHOP route's prefix (network).",
"type": "string",
"format": "uc-cidr4",
"examples": [
"192.168.1.0/24"
]
},
"nexthop": {
"description": "Gateway (nexthop) address.",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.1.1"
]
},
"vrf": {
"description": "VRF id.",
"type": "integer"
},
"metric": {
"description": "Optional metric value (define a NH route's weight / metric).",
"type": "number"
}
}
}
},
"broadcast": {
"description": "This option defines a list of BROADCAST routes (with VRF id) in CIDR notation.",
"type": "array",
"items": {
"type": "object",
"properties": {
"prefix": {
"description": "Defines a BROADCAST route's prefix (network).",
"type": "string",
"format": "uc-cidr4",
"examples": [
"192.168.1.0/24"
]
},
"vrf": {
"description": "VRF id.",
"type": "integer"
}
}
}
},
"multicast": {
"type": "object",
"properties": {
"unknown-multicast-flood-control": {
"description": "The unknown multicast flood control feature enables the system to forward unknown multicast packets only to a multicast router (mrouter).",
"type": "boolean",
"default": true
},
"igmp": {
"type": "object",
"properties": {
"snooping-enable": {
"description": "Enable or disable IGMP snooping on per-VLAN basis.",
"type": "boolean",
"default": true
},
"version": {
"description": "Configures the IGMP version. Configurable versions are IGMPv1, IGMPv2, and IGMPv3",
"type": "integer",
"enum": [
1,
2,
3
],
"examples": [
3
],
"default": 3
},
"querier-enable": {
"description": "Configure this interface to act as a querier (multicast router)",
"type": "boolean",
"default": false
},
"fast-leave-enable": {
"description": "Removes the group state when it receives an IGMP Leave report without sending an IGMP query message",
"type": "boolean",
"default": false
},
"query-interval": {
"description": "Defines the interval between sending IGMP general queries",
"type": "integer",
"default": 1000
},
"last-member-query-interval": {
"description": "Defines the maximum response time (milliseconds) advertised in IGMP group-specific queries",
"type": "integer",
"default": 1000
},
"max-response-time": {
"description": "Configures a query maximum response time (in seconds) that is advertised on IGMP queries.",
"type": "integer",
"default": 10
},
"static-mcast-groups": {
"description": "Configures a Layer 2 port of a VLAN as a static member of an IGMP multicast group(s).",
"type": "array",
"items": {
"type": "object",
"properties": {
"egress-ports": {
"description": "Specify egress port(s) to forward mcast traffc of static group to.",
"type": "array",
"items": {
"type": "string"
}
},
"address": {
"description": "Specify IPV4 address (group) this interface is statically configured to be member of.",
"type": "string",
"format": "ipv4",
"examples": [
"225.0.0.1"
]
}
}
}
}
}
}
}
},
"send-hostname": {
"description": "include the devices hostname inside DHCP requests",
@@ -2627,6 +3168,10 @@
"description": "This option defines if password authentication shall be enabled. If set to false, only ssh key based authentication is possible.",
"type": "boolean",
"default": true
},
"enable": {
"description": "This option whether SSH server should be enabled or disabled.",
"type": "boolean"
}
}
},
@@ -2753,6 +3298,10 @@
"maximum": 65535,
"minimum": 1,
"default": 80
},
"enable": {
"description": "This option whether http server should be enabled or disabled.",
"type": "boolean"
}
}
},
@@ -3628,6 +4177,33 @@
}
}
},
"service.telnet": {
"description": "This section can be used to setup a Telnet server on the device.",
"type": "object",
"properties": {
"enable": {
"description": "This option whether telnet server should be enabled or disabled.",
"type": "boolean"
}
}
},
"service.https": {
"description": "Enable the webserver with the on-boarding webui",
"type": "object",
"properties": {
"https-port": {
"description": "The port that the secure HTTP server should run on.",
"type": "integer",
"maximum": 65535,
"minimum": 1,
"default": 443
},
"enable": {
"description": "This option whether secure http server should be enabled or disabled.",
"type": "boolean"
}
}
},
"service": {
"description": "This section describes all of the services that may be present on the AP. Each service is then referenced via its name inside an interface, ssid, ...",
"type": "object",
@@ -3697,6 +4273,12 @@
},
"rrm": {
"$ref": "#/$defs/service.rrm"
},
"telnet": {
"$ref": "#/$defs/service.telnet"
},
"https": {
"$ref": "#/$defs/service.https"
}
}
},
@@ -3721,6 +4303,10 @@
"tid-stats"
]
}
},
"wired-clients-max-num": {
"description": "Configure maximum number of FDB entries device's allowed to report. If omitted, device-default number should be used (2000). Setting to zero means no entries should be reported, flag should be raised. If device's current FDB size exceeds configured value, flag should be raised as well.",
"type": "integer"
}
}
},

327
ucentral.state.pretty.json
View File

@@ -75,6 +75,9 @@
}
}
}
},
"mac-address-list": {
"$ref": "#/$defs/mac-address-list"
}
},
"$defs": {
@@ -132,6 +135,82 @@
"items": {
"type": "number"
}
},
"poe": {
"description": "This section describes the current state of the PoE unit on the device",
"type": "object",
"properties": {
"max-power-budget": {
"description": "Reports the total power available (power budget) (in watts, W) device's Power sourcing equipment is able to source.",
"type": "number"
},
"power-threshold": {
"description": "Reports configured power alarm threshold value for the Power sourcing equipment (in milliwatts, mW).",
"type": "number"
},
"power-consumed": {
"description": "Reports a total power Powered Devices are draining from the device's Power sourcing equipment (in milliwatts, mW).",
"type": "number"
},
"power-status": {
"description": "Reports power status of the device's Power sourcing equipment.",
"type": "string",
"examples": [
"ON",
"OFF"
]
}
}
},
"ieee8021x": {
"description": "This section describes the global (device-wise) 802.1X (port access control) state and config applied.",
"type": "object",
"properties": {
"dynamic-authorization": {
"description": "Reported DAS-related state info.",
"type": "object",
"properties": {
"stats": {
"description": "Cumulative statistics for all configured DACs.",
"type": "object",
"properties": {
"coa_req_received": {
"description": "Number of CoA requests received.",
"type": "number"
},
"coa_ack_sent": {
"description": "Number of CoA ACK responses sent.",
"type": "number"
},
"coa_nak_sent": {
"description": "Number of CoA NAK responses sent.",
"type": "number"
},
"coa_ignored": {
"description": "Number of CoA requests ignored.",
"type": "number"
},
"coa_wrong_attr": {
"description": "Number of CoA requests received with invalid (unsupported) attributes.",
"type": "number"
},
"coa_wrong_attr_value": {
"description": "Number of CoA requests received with invalid (unsupported) attribute value.",
"type": "number"
},
"coa_wrong_session_context": {
"description": "Number of CoA requests received with inexisting session context.",
"type": "number"
},
"administratively_prohibited_req": {
"description": "Number of CoA requests that are sent if the NAS is configured to prohibit honoring of CoA-Request or Disconnect-Request packets for the specified session.",
"type": "number"
}
}
}
}
}
}
}
}
},
@@ -246,6 +325,10 @@
"description": "An IPv4 addreess."
}
},
"public_ip": {
"type": "string",
"description": "The public IP address of internet connection."
},
"leasetime": {
"type": "number",
"description": "This is the leasetime if the IPv4 address of this logical interface was acquired via DHCPv4."
@@ -278,10 +361,10 @@
},
"interface.ipv6-lease": {
"type": "array",
"description": null,
"description": "This section describes an IPv6 lease that we have served.",
"items": {
"type": "object",
"description": "This section describes an IPv6 lease that we have served.",
"description": "An object, that describes a single served IPv6 address.",
"properties": {
"addresses": {
"type": "array",
@@ -681,6 +764,42 @@
},
"ssids": {
"$ref": "#/$defs/interface.ssid"
},
"multicast": {
"type": "object",
"description": "Detailed information about all multicast-related data (groups joined, src address used etc)",
"properties": {
"igmp": {
"description": "Detailed information about IGMP configured / joined multicast groups, outgoing interfaces etc.",
"type": "object",
"properties": {
"enabled-groups": {
"description": "List of joined IGMP multicast groups.",
"type": "array",
"items": {
"type": "object",
"properties": {
"address": {
"description": "Address of single group this interface is member of.",
"type": "string",
"format": "ipv4",
"examples": [
"225.0.0.1"
]
},
"egress-ports": {
"description": "List of ports where multicast traffic of this group is being replicated to.",
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
}
}
}
}
}
}
@@ -767,8 +886,212 @@
},
"counters": {
"$ref": "#/$defs/interface.counter"
},
"poe": {
"description": "This section describes the ethernet poe-port link-state object (statistics + PD info). Present only in case if port has any Power sourcing capabilities.",
"type": "object",
"properties": {
"class-requested": {
"description": "Reports which PoE power class PD requested.",
"type": "number"
},
"class-assigned": {
"description": "Reports which PoE power class PD has been assigned by the Power sourcing equipment.",
"type": "number"
},
"output-power": {
"description": "Reports the power-value (in milliwatts, mW) poe-port's Powered Device is currently draining.",
"type": "number"
},
"output-current": {
"description": "Reports the current value (in milliamps, mA) poe-port's Powered Device is currently draining.",
"type": "number"
},
"output-voltage": {
"description": "Reports the operational voltage-level-value of poe-port's Power sourcing equipment (in Volts, V).",
"type": "string",
"examples": [
"54.14"
]
},
"temp": {
"description": "Reports the operational temperature of poe-port's Power sourcing equipment (in Celsius, C).",
"type": "string",
"examples": [
"22.5"
]
},
"status": {
"description": "Reports the operational status of poe-port's Power sourcing equipment. Searching option - the poe-port's PSE is trying to detect a Powered Device. Delivering option - the poe-port's PSE is delivering power to a Powered Device. Disabled option - the poe-port's PSE is either disabled or PoE power is enabled but the PoE module does not have enough power available to supply the port's power needs. Fault option - the poe-port's PSE detects a problem with the Powered Device. Other Fault option - the PSE has detected an internal fault that prevents it from supplying power on that port.",
"type": "string",
"examples": [
"DELIVERING_POWER",
"DISABLED"
]
},
"fault-status": {
"description": "Reports the fault status of poe-port's PSE (in case if any).",
"type": "string",
"examples": [
"NO_ERROR"
]
},
"counters": {
"description": "PoE-related descriptive statistics (counters).",
"type": "object",
"properties": {
"overload": {
"description": "Displays the total number of power overload occurrences. (Powered Device is consuming more power than the maximum limit of a port)",
"type": "number"
},
"short": {
"description": "Displays the total number of power shortage occurrences.",
"type": "number"
},
"power-denied": {
"description": "Displays the number of times that the powered device was denied power. (possible cause could be that Requested power exceeds PSE capability)",
"type": "number"
},
"absent": {
"description": "Displays the number of times that the power was stopped to the powered device because the powered device was no longer detected.",
"type": "number"
},
"invalid-signature": {
"description": "Displays the times that an invalid signature was received. Signatures are the means by which the powered device identifies itself to the PSE. Signatures are generated during powered device detection, classification, or maintenance.",
"type": "number"
}
}
}
}
},
"ieee8021x": {
"description": "This section describes the per-port specific 802.1X (port access control) link-state object (authenticated clients). Present only in case if port has enabled EAP processing and has any authenticated clients.",
"type": "object",
"properties": {
"authenticated-clients": {
"description": "List of authenticated clients and (their) authentication data.",
"type": "array",
"items": {
"type": "object",
"properties": {
"authenticated-method": {
"description": "Authentication method used by client for it's authentication.",
"type": "string"
},
"mac-address": {
"description": "MAC address of authenticated client.",
"type": "string",
"format": "uc-mac"
},
"session-time": {
"description": "Client session time.",
"type": "integer"
},
"username": {
"description": "Client username.",
"type": "string"
},
"vlan-type": {
"description": "Vlan type of authenticated client (Authorization status of the client).",
"type": "string"
},
"vlan-id": {
"description": "Vlan type of authenticated client (Authorization status of the client).",
"type": "integer",
"maximum": 4095
}
}
}
}
}
},
"transceiver-info": {
"description": "Object holds information about underlying SFP module currently inserted into port's cage. Some of information is read directly from module's EEPROM, while other data is measured in runtime by device's hardware (vcc for example).",
"type": "object",
"properties": {
"vendor-name": {
"description": "Vendor (name) identifier",
"type": "string"
},
"form-factor": {
"description": "Form-factor of the module itself (For example - QSFP28, QSFP56-DD etc)",
"type": "string"
},
"supported-link-modes": {
"description": "Reports supported link modes of inserted module",
"type": "array",
"items": {
"type": "string"
}
},
"part-number": {
"description": "Module's part number (vendor's specific)",
"type": "string"
},
"serial-number": {
"description": "Serial number of connected module",
"type": "string"
},
"revision": {
"description": "Module's HW revision (same part number can have multiple revisions)",
"type": "string"
},
"temperature": {
"description": "Current module's temperature",
"type": "number"
},
"tx-optical-power": {
"description": "Current module's transmit optical level (power)",
"type": "number"
},
"rx-optical-power": {
"description": "Current module's receive optical level (power)",
"type": "number"
},
"max-module-power": {
"description": "Max power (in Watts) module can drain.",
"type": "number"
}
}
}
}
},
"mac-address-list": {
"type": "object",
"description": "This section describes the global (device-wise) mac-address-list (FDB table / wired clients).",
"properties": {
"overflow": {
"description": "Flag indicates that device could report an amount of FDB entries, which is bigger than what cloud had requested.",
"type": "boolean"
}
},
"additionalProperties": {
"type": "object",
"additionalProperties": {
"description": "VID (vlan id) identifier",
"type": "array",
"items": {
"type": "string"
}
}
},
"examples": [
{
"overflow": true,
"Ethernet1": {
"1": [
"AABBCCDDEEFF",
"112233445566"
]
},
"Ethernet2": {
"10": [
"11BBCCDDEEFF",
"332233445566"
]
}
}
]
}
}
}