scottk/ols-ucentral-schema
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/ols-ucentral-schema.git synced 2025-10-30 01:32:26 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Compare commits

base: scottk:fix_loop_detection_schema_instances_indentation
Branches Tags
scottk:main scottk:OLS-849-add-xSTP-parameters scottk:OLS-848-Schema-Intrusion-detection scottk:OLS-838-Update-OLS-Schema-version-to-4.2.0 scottk:correct-storm-control-indentation scottk:ols-821-mclag-schema-correction scottk:fix/fix_invalid_schema scottk:ols-688-bpdu-guard scottk:ols-822-lldp-peers-statemessage-enhancements scottk:OLS_UpdateSchemaVersion_410 scottk:ols-659-simplify-vlan-config scottk:staging-OLS-644-global-dns scottk:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release scottk:Sprint-8-OLS-ARP-Inspect-Schema scottk:Sprint-8-OLS---Rate-Limiting-schema scottk:OLS-556-Sprint-8-IPSourceGuard scottk:OLS-556-Sprint-8-SubcribeRTEvents scottk:OLS-550_Schema_Corrections_Pre4p0_Features scottk:OLS-562-Add-schema-version-to-ols-ucentral-schema scottk:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema scottk:OLS-538_port_speed_enum_fix_40g scottk:OLS-425_sprint6_schema scottk:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities scottk:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities scottk:OLS_319_sprint4_schema scottk:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames scottk:link_aggregation scottk:change_port_mirror_type_to_array scottk:lacp scottk:jumbo_frames scottk:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml scottk:OLS-228-delta_counters scottk:secure_http_server scottk:fix_loop_detection_schema_instances_indentation scottk:change_vrf_id_to_integer scottk:schema_fixes_and_updates scottk:default-values-for-schema/ethernet.yml-speed-and-duplex scottk:next scottk:1-incorrect-indentation-for-statelink-stateyml
scottk:v4.1.0-rc1 scottk:v4.0.0 scottk:v4.0.0-rc1 scottk:v3.2.7
...
compare: scottk:OLS_319_sprint4_schema
Branches Tags
scottk:OLS-849-add-xSTP-parameters scottk:OLS-848-Schema-Intrusion-detection scottk:OLS-838-Update-OLS-Schema-version-to-4.2.0 scottk:main scottk:correct-storm-control-indentation scottk:ols-821-mclag-schema-correction scottk:fix/fix_invalid_schema scottk:ols-688-bpdu-guard scottk:ols-822-lldp-peers-statemessage-enhancements scottk:OLS_UpdateSchemaVersion_410 scottk:ols-659-simplify-vlan-config scottk:staging-OLS-644-global-dns scottk:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release scottk:Sprint-8-OLS-ARP-Inspect-Schema scottk:Sprint-8-OLS---Rate-Limiting-schema scottk:OLS-556-Sprint-8-IPSourceGuard scottk:OLS-556-Sprint-8-SubcribeRTEvents scottk:OLS-550_Schema_Corrections_Pre4p0_Features scottk:OLS-562-Add-schema-version-to-ols-ucentral-schema scottk:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema scottk:OLS-538_port_speed_enum_fix_40g scottk:OLS-425_sprint6_schema scottk:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities scottk:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities scottk:OLS_319_sprint4_schema scottk:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames scottk:link_aggregation scottk:change_port_mirror_type_to_array scottk:lacp scottk:jumbo_frames scottk:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml scottk:OLS-228-delta_counters scottk:secure_http_server scottk:fix_loop_detection_schema_instances_indentation scottk:change_vrf_id_to_integer scottk:schema_fixes_and_updates scottk:default-values-for-schema/ethernet.yml-speed-and-duplex scottk:next scottk:1-incorrect-indentation-for-statelink-stateyml
scottk:v4.1.0-rc1 scottk:v4.0.0 scottk:v4.0.0-rc1 scottk:v3.2.7

40 Commits
fix_loop_d ... OLS_319_sp

Author SHA1 Message Date
Binny
53c239b60d OLS-319 incorporated most review comments, revised files 2024-09-23 07:47:42 +00:00
Binny
9a994374b5 OLS-319 Schema changes for 3.2 Sprint-4 Features to private Branch - Edits 2024-09-19 16:54:23 +00:00
Binny
44ed03b3f7 OLS-319 Schema changes for 3.2 Sprint-4 Features to private Branch 2024-09-19 16:51:30 +00:00
Binny
a72be45c21 OLS-319 test commit schema to priv repo 2024-09-19 09:27:16 +00:00
Mike Hansen
7c62326155 change port mirror type to array 
-- rebased and merge changes from https://github.com/Telecominfraproject/ols-ucentral-schema/pull/23 into main

Signed-off-by: Mike Hansen <mike.hansen@netexperience.com>
 2024-09-09 10:08:22 -04:00
Mike Hansen
5291c3da99 Merge pull request #24 from Telecominfraproject/OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames 
[OLS-295] Add LACP, Link-Aggregation, and Jumbo-Frames to capabilities
 2024-09-06 09:17:10 -04:00
Mike Hansen
1b12452eeb [OLS-295] Add LACP, Link-Aggregation, and Jumbo-Frames to capabilities 
In ols-ucentral-schema->capabilities->connect.capabilities.yml->supported-features
Added enums for
  - Jumbo-Frames
  - LACP
  - Link-Aggregation

Regenerated json files.

Signed-off-by: Mike Hansen <mike.hansen@netexperience.com>
 2024-09-04 14:50:31 -04:00
Mike Hansen
76504b1ad6 Merge pull request #20 from Telecominfraproject/link_aggregation 
support link aggregation
 2024-08-13 09:19:28 -04:00
jacky1100002
bcde6a7155 Merge branch 'main' into link_aggregation 2024-08-13 18:36:32 +08:00
Olexandr, Mazur
82f5eb7740 Merge pull request #19 from Telecominfraproject/jumbo_frames 
support jumbo frames
 2024-08-13 11:09:26 +03:00
Olexandr, Mazur
ceccdef561 Merge pull request #18 from Telecominfraproject/lacp 
support LACP
 2024-08-13 11:09:15 +03:00
jacky1100002
80a598fadf Merge branch 'main' into lacp 2024-08-12 17:43:00 +08:00
jacky1100002
81e8cd5706 Merge branch 'main' into link_aggregation 2024-08-12 17:40:36 +08:00
jacky1100002
8a4815187f Merge branch 'main' into jumbo_frames 2024-08-12 17:32:34 +08:00
jacky_chang
e8da89616e generate corresponding json files 2024-08-12 10:33:59 +08:00
jacky_chang
5da5b090be generate corresponding json files 2024-08-12 10:32:10 +08:00
jacky_chang
f9e15067ff generate corresponding json files 2024-08-12 10:28:53 +08:00
Mike Hansen
4235960ab8 Merge pull request #22 from Telecominfraproject/OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml 
[OLS-229] generate json file for capabilities/connect.capabilities.yml
 2024-08-08 13:31:31 -04:00
Mike Hansen
7e839b0681 Merge pull request #21 from Telecominfraproject/OLS-228-delta_counters 
[OLS-228] Schema -- adding delta_counters
 2024-08-08 13:30:53 -04:00
Mike Hansen
b98f8a2b46 [OLS-229] generate json file for capabilities/connect.capabilities.yml 
Signed-off-by: Mike Hansen <mike.hansen@netexperience.com>
 2024-08-06 14:03:43 -04:00
Mike Hansen
1de6cad7e8 [OLS-228] Schema 
Add delta_counters to

state/interface.yml

state/link-state.yml

Signed-off-by: Mike Hansen <mike.hansen@netexperience.com>
 2024-08-06 13:58:37 -04:00
Olexandr, Mazur
0f9f4489d2 Merge pull request #17 from Telecominfraproject/secure_http_server 
add whether enabled & port number support for https
 2024-08-06 12:49:01 +03:00
jacky_chang
5dc634f78e support link aggregation 2024-08-06 13:29:06 +08:00
jacky_chang
4d03a432c1 support jumbo frmaes 2024-08-06 11:08:10 +08:00
jacky_chang
ee945311e1 support LACP 2024-08-06 10:38:40 +08:00
jacky_chang
4336be981b Use generate.sh to generate related json files to make settings consistent. 2024-08-05 10:38:57 +08:00
Olexandr, Mazur
747ccb4993 Merge pull request #16 from Telecominfraproject/fix/capabilities_add_missing_field 
Schema: capabilities: add missed <compatible> field
 2024-06-05 17:25:31 +03:00
Oleksandr Mazur
a0fac0b3d7 Schema: capabilities: add missed <compatible> field 
Connect message is required to have compatible field,
as it defines device's <family> of devices and compatible
counterparts.

Add this - originally missed - field to the schema, to make
sure cloud infrastructure has enough information to deduce
device type / compatible devices (for cfg generation etc).

Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2024-06-05 11:30:47 +03:00
jacky_chang
1e33d3fa0a add whether enabled & port number support for https 2024-05-10 16:27:03 +08:00
Olexandr, Mazur
dc754dc519 Merge pull request #15 from Telecominfraproject/feat/connect_capabilities 
Schema: formalize connect.capabilities message format
 2024-04-12 12:21:15 +03:00
Oleksandr Mazur
b3374bb60b Schema: formalize connect.capabilities message format 
Capabilities message is unregulated as of now;
Formalize the layout by introducing yml file.

Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2024-04-11 10:18:27 +03:00
Olexandr, Mazur
0ef7362930 Merge pull request #14 from Telecominfraproject/feat/global_igmp_querier_floodcontrol 
Add flood-control and querier-enable fields to unit.yml
 2024-04-02 15:30:51 +03:00
Serhiy Boiko
b9762df2cf Add flood-control and querier-enable fields to unit.yml 
These fields are used to specify the global fc and querier
configuration.

Signed-off-by: Serhiy Boiko <serhiy.boiko@plvision.eu>
 2024-04-02 12:58:10 +03:00
Olexandr, Mazur
0983abe2bf Merge pull request #13 from Telecominfraproject/revert_public_ip_lookup 
Revert public ip lookup
 2024-03-27 11:09:20 +02:00
Oleksandr Mazur
719fd97705 Fixup generated schema after fdeb2b8 revert 
Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu>
 2024-03-26 11:25:07 +02:00
Oleksandr Mazur
777e2b26a8 Revert "revert "public_ip_lookup" patch" 
This reverts commit fdeb2b8b85.
 2024-03-26 11:24:35 +02:00
Olexandr, Mazur
ab43179a83 Merge pull request #12 from Telecominfraproject/fix_port_isolation 
Move port-isolation schema from ethernet.yml to switch.yml
 2024-03-19 20:08:28 +02:00
Serhiy Boiko
3a41591f85 Move port-isolation schema from ethernet.yml to switch.yml 
port-isolation is a global configuration and should be described in
switch.yml, not in ethernet.yml
No changes were made to any of the fields.

Signed-off-by: Serhiy Boiko <serhiy.boiko@plvision.eu>
 2024-03-19 12:44:31 +02:00
tip-admin
7fa4d15f5e Create LICENSE 2024-02-29 08:53:54 -08:00
Olexandr, Mazur
d105fe165e Merge pull request #11 from Telecominfraproject/fix_loop_detection_schema_instances_indentation 
Correct indentation of instances block in switch.yml
 2024-02-27 10:50:30 +02:00
26 changed files with 3676 additions and 302 deletions
Expand all files Collapse all files

28
LICENSE Normal file
View File

@@ -0,0 +1,28 @@
BSD 3-Clause License
Copyright (c) 2024, Telecom Infra Project
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

205
capabilities/connect.capabilities.yml Normal file
View File

@@ -0,0 +1,205 @@
description:
uCentral protocol (OpenLan) device and features capabilities schema
type: object
properties:
serial:
type: string
examples:
- aabbccddeeff
firmware:
type: string
description:
Platform revision
examples:
- Rel 1.6 build 5
platform:
type: string
enum:
- Switch
- AP
model:
type: string
description:
Device model
hw-sku:
type: string
description:
Stock keeping unit
compatible:
type: string
description:
Compatibility string, that defines the family of the device
base-mac:
type: string
description:
Switch MAC address
format: uc-mac
examples:
- aa:bb:cc:dd:ee:ff
port-list:
type: array
description:
The list of physical network devices
items:
type: object
properties:
name:
type: string
description:
The logical name of the port that is used by the OS
examples:
- Ethernet0
- Ethernet1
- Ethernet76
front-panel-number:
type: integer
description:
The identification number of the port as can be seen on the front-panel of the device
port-capabilities:
type: object
description:
Description of physical ports and their form-factors
properties:
form-factors:
type: array
items:
type: string
enum:
- RJ45
- SFP
- SFP+
- SFP28
- SFP-DD
- QSFP
- QSFP+
- QSFP28
- QSFP-DD
ports-list:
type: array
items:
type: object
properties:
type:
type: string
examples:
- RJ45
ports:
type: array
items:
type: string
examples:
- Ethernet1
poe-capabilities:
type: object
description:
Description of physical ports and their PoE capabilities
properties:
supported-standards:
type: array
items:
type: string
enum:
- .3AF-POE
- .3AT-POE+
- .3BT-PoE++
- PreStandard-Passive
power-budget:
type: integer
examples:
- 2000
poe-ports:
type: array
items:
type: object
properties:
type:
type: string
examples:
- .3AF-POE
budget-capacity:
type: integer
ports:
type: array
items:
type: string
examples:
- Ethernet1
supported-features:
type: array
description:
List of all features supported by the device
items:
type: string
enum:
# L2
- VLAN
- Jumbo-Frames
- Link-Aggregation-LACP
- Link-Aggregation-Static
- Port-Isolation
- Spanning-Tree
- Spanning-Tree-Rapid
- Spanning-Tree-Per-VLAN
- Spanning-Tree-Per-VLAN-Rapid
- Spanning-Tree-MSTP
# L3
- SVI-StaticIPv4
- SVI-StaticIPv6
- Interface-StaticIPv4
- Interface-StaticIPv6
- Routing-VRF
- Routing-IPv4-Route-Blackhole
- Routing-IPv4-Route-Unreachable
- Routing-IPv4-Nexthop
- Routing-IPv4-Broadcast
- Routing-IPv4-Multicast-IGMP-Snooping
- Routing-IPv4-Multicast-IGMP-Querier
- Routing-IPv4-Multicast-IGMP-Static
- Routing-IPv4-DHCP-Server
- Routing-IPv4-DHCP-Relay
- Routing-IPv4-DHCP-Snooping
- Routing-IPv4-Port-Forward
- Routing-IPv6-DHCP-Relay
- Routing-IPv6-DHCP-Stateful
- Routing-IPv6-DHCP-Stateless
- Routing-IPv6-Port-Forward
- Multicast-VLAN-Registration
# PoE
- PoE-Reset
# .1X
- Port-Access-Control
- PAC-Dynamic-Auth
# System
- System-PasswordChange
- System-SwUpdate
- System-SwUpdate-Partial
- Port-Mirroring
# Security
- MAC-ACL
- Guest-VLAN
# Services
- Service-SSH
- Service-RSSH
- Service-Telnet
- Service-LLDP
- Service-HTTP
- Service-HTTPS
- Service-GPS
- Service-IGMP
- Service-NTP
- Service-NTP-Client
- Service-MDNS
- Service-QoS
- Service-Syslog
- Service-PAC
- Service-Wireguard-Overlay
- Service-Radius-Proxy
- Service-Online-Check
- Service-CaptivePortal
- Service-PublicIpCheck
# Tunneling
- Tunneling-VxLAN
- Tunneling-GRE
- Tunneling-GRE6
- Tunneling-L2TP
- Tunneling-Mesh

3
generate.sh
View File

@@ -7,7 +7,8 @@ set -x
./merge-schema.py schema schema ucentral.yml ucentral.schema.pretty.json 0 1
./merge-schema.py schema schema ucentral.yml ucentral.schema.full.json 0 0
./merge-schema.py state state state.yml ucentral.state.pretty.json 0 1
./generate-reader.uc > schemareader.uc
./merge-schema.py capabilities capabilities connect.capabilities.yml ucentral.capabilities.pretty.json 0 1
#./generate-reader.uc > schemareader.uc
#./generate-example.uc > input.json
mkdir -p docs
which generate-schema-doc > /dev/null

104
schema/ethernet.yml
View File

@@ -18,6 +18,13 @@ properties:
- LAN*
- WAN*
- "*"
name:
description:
This is a free text field, stating the administrative name of the
port. It may contain spaces and special characters, not exceeding 64 characters.
type: string
examples:
- cloud_uplink_port
speed:
description:
The link speed that shall be forced.
@@ -161,42 +168,69 @@ properties:
type: integer
minimum: 1
maximum: 4094
port-isolation:
trunk-group:
description: Associates this port to a trunk or a port-channel.
type: integer
minimum: 1
maximum: 64
lacp-config:
description:
This section describes the per-port specific port-isolation matrix (to which ports selected port can forward traffic to) configuration.
Omitting this configuration completely fully disables any port-isolation configuration on this given port.
This section describes the 802.3ad Link Aggregation Control Protocol (LACP) configuration for the current interface.
type: object
properties:
sessions:
lacp-enable:
description:
Allow selected port to forward traffic in the provided session-based format.
type: array
items:
type: object
properties:
id:
description:
Session id to configure.
type: integer
uplink:
description:
Configuration object for uplink interface(s)
type: object
properties:
interface-list:
description:
List of interfaces (either physical or trunk ports)
type: array
items:
type: string
downlink:
description:
Configuration object for downlink interface(s)
type: object
properties:
interface-list:
description:
List of interfaces (either physical or trunk ports)
type: array
items:
type: string
Enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface.
type: boolean
default: false
lacp-role:
description:
Configures the port LACP role as actor or partner.
type: string
enum:
- actor
- partner
default: actor
lacp-mode:
description:
Configures the LACP negotiation activity mode as active or passive.
type: string
enum:
- active
- passive
default: passive
lacp-port-admin-key:
description:
Configures the port's LACP administration key.
type: integer
minimum: 1
maximum: 65535
default: 1
lacp-port-priority:
description:
Configures the LACP port priority.
type: integer
minimum: 1
maximum: 65535
default: 32768
lacp-system-priority:
description:
Configures the LACP System priority.
type: integer
minimum: 1
maximum: 65535
default: 32768
lacp-pchan-admin-key:
description:
Configures the port channel's LACP administration key (optional).
type: integer
minimum: 1
maximum: 65535
lacp-timeout:
description:
Configures the timeout to wait for the next LACP data unit.
type: string
enum:
- short
- long
default: long

33
schema/interface.acl.yml Normal file
View File

@@ -0,0 +1,33 @@
description: A collection of access control entries that define the rules for filtering traffic through a network interface.
type: array
items:
type: object
properties:
acl-inf-policy-preference:
description: Determines the priority of multiple ACL policies when more than one is applied to an interface, if any.
type: integer
minimum: 1
maximum: 64
default: 1
acl-inf-policy-ingress:
description: Specifies the ACL policy that is applied to incoming traffic on an interface.
type: string
maxLength: 32
minLength: 1
examples:
- blacklisted-macs
acl-inf-counters-ingress:
description: Tracks the number and type of packets that match the ingress ACL rules on an interface.
type: boolean
default: false
acl-inf-policy-egress:
description: Specifies the ACL policy that is applied to outgoing traffic from an interface.
type: string
maxLength: 32
minLength: 1
examples:
- blacklisted-macs
acl-inf-counters-egress:
description: Tracks the number and type of packets that match the egress ACL rules on an interface.
type: boolean
default: false

16
schema/interface.dhcp-snoop-port.yml Normal file
View File

@@ -0,0 +1,16 @@
description: "Configuration for DHCP Snooping on a port level on a switch"
type: object
properties:
dhcp-snoop-port-trust:
description: "This parameter designates a switch port as trusted for DHCP messages, meaning it can forward DHCP offers and acknowledgments, which is essential for connecting to legitimate DHCP servers"
type: boolean
default: false
dhcp-snoop-port-client-limit:
description: "It sets a limit on the number of DHCP clients that can be associated with a single port, helping to prevent a single port from exhausting the networks IP address pool"
type: integer
minimum: 1
dhcp-snoop-port-circuit-id:
description: "Specifies DHCP Option 82 circuit ID suboption information. Often including information like the interface number and VLAN ID, this can be useful for network management and troubleshooting"
type: string
minLength: 1
maxLength: 32

32
schema/interface.ipv4.yml
View File

@@ -150,6 +150,34 @@ properties:
format: ipv4
examples:
- 225.0.0.1
mvr:
type: object
description: MVR attributes on a given interface
properties:
mvr-intf-mvr-role:
type: string
description: Configure an interface as an MVR receiver or source port. A port which is not configured as an MVR receiver or source port can use IGMP snooping to join or leave multicast groups using the standard rules for multicast filtering.
enum:
- none
- source
- receiver
mvr-intf-immed-leave:
type: string
description: Switch to immediately remove an interface from a multicast stream as soon as it receives a leave message for that group. Applies to only receiver role ports.
enum:
- none
- by-host-ip
- by-group
default: by-group
mvr-intf-assoc-domain:
type: integer
description: Map the port to a specific domain.
maximum: 10
minimum: 1
required:
- mvr-intf-mvr-role
- mvr-intf-immed-leave
- mvr-intf-assoc-domain
send-hostname:
description:
include the devices hostname inside DHCP requests
@@ -168,6 +196,10 @@ properties:
examples:
- 8.8.8.8
- 4.4.4.4
dhcp-snoop-vlan-enable:
description: "Enables DHCP Snooping on a VLAN"
type: boolean
default: false
dhcp:
$ref: "https://ucentral.io/schema/v1/interface/ipv4/dhcp/"
dhcp-leases:

4
schema/interface.yml
View File

@@ -68,6 +68,10 @@ properties:
$ref: "https://ucentral.io/schema/v1/interface/ipv4/"
ipv6:
$ref: "https://ucentral.io/schema/v1/interface/ipv6/"
acl:
$ref: "https://ucentral.io/schema/v1/interface/acl/"
dhcp-snooop-port:
$ref: "https://ucentral.io/schema/v1/interface/dhcp-snoop-port/"
broad-band:
$ref: "https://ucentral.io/schema/v1/interface/broad-band/"
ssids:

15
schema/service.https.yml Normal file
View File

@@ -0,0 +1,15 @@
description:
Enable the webserver with the on-boarding webui
type: object
properties:
https-port:
description:
The port that the secure HTTP server should run on.
type: integer
maximum: 65535
minimum: 1
default: 443
enable:
description:
This option whether secure http server should be enabled or disabled.
type: boolean

2
schema/service.yml
View File

@@ -49,3 +49,5 @@ properties:
$ref: 'https://ucentral.io/schema/v1/service/rrm/'
telnet:
$ref: "https://ucentral.io/schema/v1/service/telnet/"
https:
$ref: "https://ucentral.io/schema/v1/service/https/"

348
schema/switch.yml
View File

@@ -5,18 +5,20 @@ properties:
port-mirror:
description:
Enable mirror of traffic from multiple minotor ports to a single analysis port.
type: object
properties:
monitor-ports:
description:
The list of ports that we want to mirror.
type: array
items:
type: array
items:
type: object
properties:
monitor-ports:
description:
The list of ports that we want to mirror.
type: array
items:
type: string
analysis-port:
description:
The port that mirror'ed packets should be sent to.
type: string
analysis-port:
description:
The port that mirror'ed packets should be sent to.
type: string
loop-detection:
description:
Enable loop detection on the L2 switches/bridge.
@@ -184,3 +186,327 @@ properties:
description:
Sets the shared secret to verify client COA requests for this server.
type: string
port-isolation:
description:
This section describes the per-port specific port-isolation matrix (to which ports selected port can forward traffic to) configuration.
Omitting this configuration completely fully disables any port-isolation configuration on this given port.
type: object
properties:
sessions:
description:
Allow selected port to forward traffic in the provided session-based format.
type: array
items:
type: object
properties:
id:
description:
Session id to configure.
type: integer
uplink:
description:
Configuration object for uplink interface(s)
type: object
properties:
interface-list:
description:
List of interfaces (either physical or trunk ports)
type: array
items:
type: string
downlink:
description:
Configuration object for downlink interface(s)
type: object
properties:
interface-list:
description:
List of interfaces (either physical or trunk ports)
type: array
items:
type: string
trunk-balance-method:
description:
Sets the load-distribution method among ports in aggregated links for both static and LACP based trunks.
type: string
enum:
- dst-ip
- dst-mac
- src-dst-ip
- src-dst-mac
- src-ip
- src-mac
default: src-dst-mac
jumbo-frames:
description:
Enables Jumbo frames
type: boolean
default: false
dhcp-snooping:
description: DHCP Snooping configuration parameters
type: object
properties:
dhcp-snoop-enable:
description: "Enables DHCP Snooping on the network switch, which is a security feature that prevents unauthorized DHCP servers from offering IP addresses"
type: boolean
default: false
dhcp-snoop-rate-limit:
description: "Sets a limit on the number of DHCP packets per second that can be received on an untrusted interface to prevent DHCP flooding attacks"
type: integer
minimum: 1
maximum: 2048
dhcp-snoop-mac-verify:
description: "This option ensures that the MAC address in a DHCP request matches the source MAC address of the packet, providing an additional layer of security"
type: boolean
default: false
dhcp-snoop-inf-opt-82:
description: "This refers to the insertion of information option 82 in DHCP packets, which adds more details about the clients location and network information for tracking and control purposes"
type: boolean
default: false
dhcp-snoop-inf-opt-encode-subopt:
description: "This parameter allows for the encoding of sub-options within option 82 to further specify client information"
type: boolean
default: false
dhcp-snoop-inf-opt-remoteid:
description: "It specifies the remote ID sub-option in option 82, which typically includes information like the circuit ID or remote host identifier"
type: string
maxLength: 32
minLength: 1
dhcp-snoop-inf-opt-policy:
description: "This defines the policy for handling packets with option 82, determining whether they should be forwarded or dropped based on the configuration"
type: string
enum:
- drop
- keep
- replace
acl:
description: Contains all the access control rule definitions
type: array
items:
type: object
properties:
acl-type:
description: Type of the access control list
type: string
enum:
- ipv4
- ipv6
- ipv4Ext
- ipv6Ext
- mac
- arp
acl-name:
description: The identifier or name for the Access Control List
type: string
maxLength: 32
minLength: 1
acl-rule-action:
description: Defines whether to permit or deny traffic matching the rule
type: string
enum:
- permit
- deny
acl-source-macaddress:
description: Specifies the source MAC address to filter on
type: string
format: uc-mac
acl-source-macbitmask:
description: The mask applied to the source MAC address
type: string
format: uc-mac
acl-dest-macaddress:
description: Specifies the destination MAC address for the filter
type: string
format: uc-mac
acl-dest-macbitmask:
description: The mask applied to the destination MAC address
type: string
format: uc-mac
acl-packet-format:
description: Identifies the protocol encapsulated in the Ethernet frame by its EtherType
type: string
enum:
- any
- untagged-eth2
- untagged-802.3
- tagged-eth2
- tagged-802.3
acl-vlanid:
description: Specifies a VLAN ID to filter traffic from a specific VLAN
type: integer
minimum: 1
maximum: 4094
acl-vid-bitmask:
description: The mask applied to the VLAN ID
type: integer
minimum: 1
maximum: 4095
acl-ethertype:
description: Filters packets based on the custom EtherType field (HEX) in the Ethernet frame
type: string
default: "800"
acl-ethertype-bitmask:
description: The mask applied to the EtherType field
type: string
default: "FFFF"
acl-cos:
description: Filters based on the Class of Service (CoS) field in the frame
type: integer
minimum: 0
maximum: 7
acl-cos-bitmask:
description: The mask applied to the CoS field
type: integer
minimum: 0
maximum: 7
acl-ip-type:
description: Filters traffic based on the IP protocol type (none, IPv4, or IPv6)
type: string
enum:
- none
- ipv4
- ipv6
acl-ipv4-source-address:
description: The IPv4 address of the source to filter on
type: string
format: ipv4
acl-ipv4-source-subnetmask:
description: The subnet mask applied to the source IPv4 address
type: string
format: ipv4
acl-ipv4-dest-address:
description: The IPv4 address of the destination to filter on
type: string
format: ipv4
acl-ipv4-dest-subnetmask:
description: The subnet mask applied to the destination IPv4 address
type: string
format: ipv4
acl-ip-proto:
description: Filters based on the IP protocol number
type: integer
minimum: 0
maximum: 255
acl-ip-source-port:
description: Specifies the source port number for filtering
type: integer
minimum: 1
maximum: 65535
acl-ip-source-port-bitmask:
description: The mask applied to the source port number
type: integer
minimum: 0
maximum: 65535
acl-ip-dest-port:
description: Specifies the destination port number for filtering
type: integer
minimum: 1
maximum: 65535
acl-ip-dest-port-bitmask:
description: The mask applied to the destination port number
type: integer
minimum: 0
maximum: 65535
mvr-config:
description: This section defines the Multicast VLAN Registration (MVR) general configuration.
type: object
properties:
mvr-enable:
description: Enable/Disable MVR globally on the switch.
type: boolean
default: false
mvr-proxy-query-intvl:
description:
This command configures the interval (in seconds) at which the receiver port sends out general queries.
The maximum value is determined based on 12 hours as maximum interval, and minimum as 1 second as allowed value.
type: integer
default: 125
maximum: 43200
minimum: 1
mvr-proxy-switching:
description:
Enable the MVR proxy switching mode, where the source port acts as a host, and the receiver port
acts as an MVR router with querier service enabled.
type: boolean
default: false
mvr-robustness-val:
description:
Configure the expected packet loss, and thereby the number of times to generate report
and group-specific queries when changes are learned about downstream groups,
and the number of times group-specific queries are sent to downstream receiver ports.
Right configuration ensures that multicast group memberships are correctly maintained
even if some control messages are lost due to network issues.
type: integer
default: 2
maximum: 255
minimum: 1
mvr-source-port-mode:
description:
Configure the switch to forward only multicast streams that a source port has dynamically
joined or to forward all multicast groups.
type: string
default: forward
enum:
- dynamic
- forward
mvr-domain-config:
description: Configure the Multicast VLAN Registration (MVR) domains.
type: array
items:
type: object
properties:
mvr-domain-id:
description: Unique identifier for a Multicast Domain defined under the MVR.
type: integer
minimum: 1
maximum: 10
default: 1
mvr-domain-enable:
description: Enable/disable Multicast VLAN Registration (MVR) for a specific domain.
type: boolean
default: false
mvr-domain-vlan-id:
description:
Per domain Level Multicast VLAN ID. Specifies the VLAN through which MVR multicast data is received.
This is the VLAN to which all source ports must be assigned.
type: integer
minimum: 1
maximum: 4094
default: 1
mvr-domain-upstream-sip:
description: Configures the source IP address assigned to all MVR control packets sent upstream on all domains or on a specified domain.
type: string
format: ipv4
examples:
- 192.168.0.5
mvr-group-config:
type: array
description: List of MVR groups (or profiles) configuration.
items:
type: object
properties:
mvr-group-name:
type: string
description: The name of a MVR group that consists of one or more MVR group addresses
maxLength: 16
minLength: 1
mvr-group-range-start:
type: string
format: ipv4
description: Start IP address on the range of MVR group addresses that maps to a profile/MVR group
mvr-group-range-end:
type: string
format: ipv4
description: Statically configure all multicast group addresses that will join an MVR VLAN. Map a range of MVR group addresses to a profile
mvr-group-assoc-domain:
descpription: Map the MVR Group to a secific domain. There can be many profiles under a single domain
type: array
items:
type: integer
maximum: 10
minimum: 1
required:
- mvr-group-name
- mvr-group-range-start
- mvr-group-range-end
- mvr-group-assoc-domain

5
schema/ucentral.yml
View File

@@ -12,6 +12,11 @@ properties:
description:
The unique ID of the configuration. This is the unix timestamp of when the config was created.
type: integer
public_ip_lookup:
description:
The fqdn to retrieve public ip of internet connection.
type: string
format: uc-fqdn
unit:
$ref: "https://ucentral.io/schema/v1/unit/"
globals:

10
schema/unit.yml
View File

@@ -100,3 +100,13 @@ properties:
Global config for controlling whether MLD snooping is enabled. If this global setting is disabled, all VLANs are treated as disabled, whether they are enabled or not.
type: boolean
default: true
unknown-multicast-flood-control:
description:
Global config for the unknown multicast flood control feature. This enables the system to forward unknown multicast packets only to a multicast router (mrouter).
type: boolean
default: false
querier-enable:
description:
Global IGMP querier config. This enables all Vlan interfaces to act as a querier.
type: boolean
default: false

546
schemareader.uc
View File

@@ -295,6 +295,34 @@ function instantiateUnit(location, value, errors) {
obj.mld_snooping_enable = true;
}
function parseUnknownMulticastFloodControl(location, value, errors) {
if (type(value) != "bool")
push(errors, [ location, "must be of type boolean" ]);
return value;
}
if (exists(value, "unknown-multicast-flood-control")) {
obj.unknown_multicast_flood_control = parseUnknownMulticastFloodControl(location + "/unknown-multicast-flood-control", value["unknown-multicast-flood-control"], errors);
}
else {
obj.unknown_multicast_flood_control = false;
}
function parseQuerierEnable(location, value, errors) {
if (type(value) != "bool")
push(errors, [ location, "must be of type boolean" ]);
return value;
}
if (exists(value, "querier-enable")) {
obj.querier_enable = parseQuerierEnable(location + "/querier-enable", value["querier-enable"], errors);
}
else {
obj.querier_enable = false;
}
return obj;
}
@@ -1016,125 +1044,162 @@ function instantiateEthernet(location, value, errors) {
obj.ieee8021x = parseIeee8021x(location + "/ieee8021x", value["ieee8021x"], errors);
}
function parsePortIsolation(location, value, errors) {
function parseLacpConfig(location, value, errors) {
if (type(value) == "object") {
let obj = {};
function parseSessions(location, value, errors) {
if (type(value) == "array") {
function parseItem(location, value, errors) {
if (type(value) == "object") {
let obj = {};
function parseId(location, value, errors) {
if (type(value) != "int")
push(errors, [ location, "must be of type integer" ]);
return value;
}
if (exists(value, "id")) {
obj.id = parseId(location + "/id", value["id"], errors);
}
function parseUplink(location, value, errors) {
if (type(value) == "object") {
let obj = {};
function parseInterfaceList(location, value, errors) {
if (type(value) == "array") {
function parseItem(location, value, errors) {
if (type(value) != "string")
push(errors, [ location, "must be of type string" ]);
return value;
}
return map(value, (item, i) => parseItem(location + "/" + i, item, errors));
}
if (type(value) != "array")
push(errors, [ location, "must be of type array" ]);
return value;
}
if (exists(value, "interface-list")) {
obj.interface_list = parseInterfaceList(location + "/interface-list", value["interface-list"], errors);
}
return obj;
}
if (type(value) != "object")
push(errors, [ location, "must be of type object" ]);
return value;
}
if (exists(value, "uplink")) {
obj.uplink = parseUplink(location + "/uplink", value["uplink"], errors);
}
function parseDownlink(location, value, errors) {
if (type(value) == "object") {
let obj = {};
function parseInterfaceList(location, value, errors) {
if (type(value) == "array") {
function parseItem(location, value, errors) {
if (type(value) != "string")
push(errors, [ location, "must be of type string" ]);
return value;
}
return map(value, (item, i) => parseItem(location + "/" + i, item, errors));
}
if (type(value) != "array")
push(errors, [ location, "must be of type array" ]);
return value;
}
if (exists(value, "interface-list")) {
obj.interface_list = parseInterfaceList(location + "/interface-list", value["interface-list"], errors);
}
return obj;
}
if (type(value) != "object")
push(errors, [ location, "must be of type object" ]);
return value;
}
if (exists(value, "downlink")) {
obj.downlink = parseDownlink(location + "/downlink", value["downlink"], errors);
}
return obj;
}
if (type(value) != "object")
push(errors, [ location, "must be of type object" ]);
return value;
}
return map(value, (item, i) => parseItem(location + "/" + i, item, errors));
}
if (type(value) != "array")
push(errors, [ location, "must be of type array" ]);
function parseLacpEnable(location, value, errors) {
if (type(value) != "bool")
push(errors, [ location, "must be of type boolean" ]);
return value;
}
if (exists(value, "sessions")) {
obj.sessions = parseSessions(location + "/sessions", value["sessions"], errors);
if (exists(value, "lacp-enable")) {
obj.lacp_enable = parseLacpEnable(location + "/lacp-enable", value["lacp-enable"], errors);
}
else {
obj.lacp_enable = false;
}
function parseLacpRole(location, value, errors) {
if (type(value) != "string")
push(errors, [ location, "must be of type string" ]);
if (!(value in [ "actor", "partner" ]))
push(errors, [ location, "must be one of \"actor\" or \"partner\"" ]);
return value;
}
if (exists(value, "lacp-role")) {
obj.lacp_role = parseLacpRole(location + "/lacp-role", value["lacp-role"], errors);
}
else {
obj.lacp_role = "actor";
}
function parseLacpMode(location, value, errors) {
if (type(value) != "string")
push(errors, [ location, "must be of type string" ]);
if (!(value in [ "active", "passive" ]))
push(errors, [ location, "must be one of \"active\" or \"passive\"" ]);
return value;
}
if (exists(value, "lacp-mode")) {
obj.lacp_mode = parseLacpMode(location + "/lacp-mode", value["lacp-mode"], errors);
}
else {
obj.lacp_mode = "passive";
}
function parseLacpPortAdminKey(location, value, errors) {
if (type(value) in [ "int", "double" ]) {
if (value > 65535)
push(errors, [ location, "must be lower than or equal to 65535" ]);
if (value < 1)
push(errors, [ location, "must be bigger than or equal to 1" ]);
}
if (type(value) != "int")
push(errors, [ location, "must be of type integer" ]);
return value;
}
if (exists(value, "lacp-port-admin-key")) {
obj.lacp_port_admin_key = parseLacpPortAdminKey(location + "/lacp-port-admin-key", value["lacp-port-admin-key"], errors);
}
else {
obj.lacp_port_admin_key = 1;
}
function parseLacpPortPriority(location, value, errors) {
if (type(value) in [ "int", "double" ]) {
if (value > 65535)
push(errors, [ location, "must be lower than or equal to 65535" ]);
if (value < 1)
push(errors, [ location, "must be bigger than or equal to 1" ]);
}
if (type(value) != "int")
push(errors, [ location, "must be of type integer" ]);
return value;
}
if (exists(value, "lacp-port-priority")) {
obj.lacp_port_priority = parseLacpPortPriority(location + "/lacp-port-priority", value["lacp-port-priority"], errors);
}
else {
obj.lacp_port_priority = 32768;
}
function parseLacpSystemPriority(location, value, errors) {
if (type(value) in [ "int", "double" ]) {
if (value > 65535)
push(errors, [ location, "must be lower than or equal to 65535" ]);
if (value < 1)
push(errors, [ location, "must be bigger than or equal to 1" ]);
}
if (type(value) != "int")
push(errors, [ location, "must be of type integer" ]);
return value;
}
if (exists(value, "lacp-system-priority")) {
obj.lacp_system_priority = parseLacpSystemPriority(location + "/lacp-system-priority", value["lacp-system-priority"], errors);
}
else {
obj.lacp_system_priority = 32768;
}
function parseLacpPchanAdminKey(location, value, errors) {
if (type(value) in [ "int", "double" ]) {
if (value > 65535)
push(errors, [ location, "must be lower than or equal to 65535" ]);
if (value < 1)
push(errors, [ location, "must be bigger than or equal to 1" ]);
}
if (type(value) != "int")
push(errors, [ location, "must be of type integer" ]);
return value;
}
if (exists(value, "lacp-pchan-admin-key")) {
obj.lacp_pchan_admin_key = parseLacpPchanAdminKey(location + "/lacp-pchan-admin-key", value["lacp-pchan-admin-key"], errors);
}
function parseLacpTimeout(location, value, errors) {
if (type(value) != "string")
push(errors, [ location, "must be of type string" ]);
if (!(value in [ "short", "long" ]))
push(errors, [ location, "must be one of \"short\" or \"long\"" ]);
return value;
}
if (exists(value, "lacp-timeout")) {
obj.lacp_timeout = parseLacpTimeout(location + "/lacp-timeout", value["lacp-timeout"], errors);
}
else {
obj.lacp_timeout = "long";
}
return obj;
@@ -1146,8 +1211,28 @@ function instantiateEthernet(location, value, errors) {
return value;
}
if (exists(value, "port-isolation")) {
obj.port_isolation = parsePortIsolation(location + "/port-isolation", value["port-isolation"], errors);
if (exists(value, "lacp-config")) {
obj.lacp_config = parseLacpConfig(location + "/lacp-config", value["lacp-config"], errors);
}
function parseTrunkGroup(location, value, errors) {
if (type(value) in [ "int", "double" ]) {
if (value > 64)
push(errors, [ location, "must be lower than or equal to 64" ]);
if (value < 1)
push(errors, [ location, "must be bigger than or equal to 1" ]);
}
if (type(value) != "int")
push(errors, [ location, "must be of type integer" ]);
return value;
}
if (exists(value, "trunk-group")) {
obj.trunk_group = parseTrunkGroup(location + "/trunk-group", value["trunk-group"], errors);
}
return obj;
@@ -1650,6 +1735,171 @@ function instantiateSwitch(location, value, errors) {
obj.ieee8021x = parseIeee8021x(location + "/ieee8021x", value["ieee8021x"], errors);
}
function parsePortIsolation(location, value, errors) {
if (type(value) == "object") {
let obj = {};
function parseSessions(location, value, errors) {
if (type(value) == "array") {
function parseItem(location, value, errors) {
if (type(value) == "object") {
let obj = {};
function parseId(location, value, errors) {
if (type(value) != "int")
push(errors, [ location, "must be of type integer" ]);
return value;
}
if (exists(value, "id")) {
obj.id = parseId(location + "/id", value["id"], errors);
}
function parseUplink(location, value, errors) {
if (type(value) == "object") {
let obj = {};
function parseInterfaceList(location, value, errors) {
if (type(value) == "array") {
function parseItem(location, value, errors) {
if (type(value) != "string")
push(errors, [ location, "must be of type string" ]);
return value;
}
return map(value, (item, i) => parseItem(location + "/" + i, item, errors));
}
if (type(value) != "array")
push(errors, [ location, "must be of type array" ]);
return value;
}
if (exists(value, "interface-list")) {
obj.interface_list = parseInterfaceList(location + "/interface-list", value["interface-list"], errors);
}
return obj;
}
if (type(value) != "object")
push(errors, [ location, "must be of type object" ]);
return value;
}
if (exists(value, "uplink")) {
obj.uplink = parseUplink(location + "/uplink", value["uplink"], errors);
}
function parseDownlink(location, value, errors) {
if (type(value) == "object") {
let obj = {};
function parseInterfaceList(location, value, errors) {
if (type(value) == "array") {
function parseItem(location, value, errors) {
if (type(value) != "string")
push(errors, [ location, "must be of type string" ]);
return value;
}
return map(value, (item, i) => parseItem(location + "/" + i, item, errors));
}
if (type(value) != "array")
push(errors, [ location, "must be of type array" ]);
return value;
}
if (exists(value, "interface-list")) {
obj.interface_list = parseInterfaceList(location + "/interface-list", value["interface-list"], errors);
}
return obj;
}
if (type(value) != "object")
push(errors, [ location, "must be of type object" ]);
return value;
}
if (exists(value, "downlink")) {
obj.downlink = parseDownlink(location + "/downlink", value["downlink"], errors);
}
return obj;
}
if (type(value) != "object")
push(errors, [ location, "must be of type object" ]);
return value;
}
return map(value, (item, i) => parseItem(location + "/" + i, item, errors));
}
if (type(value) != "array")
push(errors, [ location, "must be of type array" ]);
return value;
}
if (exists(value, "sessions")) {
obj.sessions = parseSessions(location + "/sessions", value["sessions"], errors);
}
return obj;
}
if (type(value) != "object")
push(errors, [ location, "must be of type object" ]);
return value;
}
if (exists(value, "port-isolation")) {
obj.port_isolation = parsePortIsolation(location + "/port-isolation", value["port-isolation"], errors);
}
function parseJumboFrames(location, value, errors) {
if (type(value) != "bool")
push(errors, [ location, "must be of type boolean" ]);
return value;
}
if (exists(value, "jumbo-frames")) {
obj.jumbo_frames = parseJumboFrames(location + "/jumbo-frames", value["jumbo-frames"], errors);
}
else {
obj.jumbo_frames = false;
}
function parseTrunkBalanceMethod(location, value, errors) {
if (type(value) != "string")
push(errors, [ location, "must be of type string" ]);
if (!(value in [ "dst-ip", "dst-mac", "src-dst-ip", "src-dst-mac", "src-ip", "src-mac" ]))
push(errors, [ location, "must be one of \"dst-ip\", \"dst-mac\", \"src-dst-ip\", \"src-dst-mac\", \"src-ip\" or \"src-mac\"" ]);
return value;
}
if (exists(value, "trunk-balance-method")) {
obj.trunk_balance_method = parseTrunkBalanceMethod(location + "/trunk-balance-method", value["trunk-balance-method"], errors);
}
else {
obj.trunk_balance_method = "src-dst-mac";
}
return obj;
}
@@ -10241,6 +10491,53 @@ function instantiateServiceTelnet(location, value, errors) {
return value;
}
function instantiateServiceHttps(location, value, errors) {
if (type(value) == "object") {
let obj = {};
function parseHttpsPort(location, value, errors) {
if (type(value) in [ "int", "double" ]) {
if (value > 65535)
push(errors, [ location, "must be lower than or equal to 65535" ]);
if (value < 1)
push(errors, [ location, "must be bigger than or equal to 1" ]);
}
if (type(value) != "int")
push(errors, [ location, "must be of type integer" ]);
return value;
}
if (exists(value, "https-port")) {
obj.https_port = parseHttpsPort(location + "/https-port", value["https-port"], errors);
}
else {
obj.https_port = 443;
}
function parseEnable(location, value, errors) {
if (type(value) != "bool")
push(errors, [ location, "must be of type boolean" ]);
return value;
}
if (exists(value, "enable")) {
obj.enable = parseEnable(location + "/enable", value["enable"], errors);
}
return obj;
}
if (type(value) != "object")
push(errors, [ location, "must be of type object" ]);
return value;
}
function instantiateService(location, value, errors) {
if (type(value) == "object") {
let obj = {};
@@ -10337,6 +10634,10 @@ function instantiateService(location, value, errors) {
obj.telnet = instantiateServiceTelnet(location + "/telnet", value["telnet"], errors);
}
if (exists(value, "https")) {
obj.https = instantiateServiceHttps(location + "/https", value["https"], errors);
}
return obj;
}
@@ -10809,6 +11110,23 @@ function newUCentralState(location, value, errors) {
obj.uuid = parseUuid(location + "/uuid", value["uuid"], errors);
}
function parsePublic_ip_lookup(location, value, errors) {
if (type(value) == "string") {
if (!matchUcFqdn(value))
push(errors, [ location, "must be a valid fully qualified domain name" ]);
}
if (type(value) != "string")
push(errors, [ location, "must be of type string" ]);
return value;
}
if (exists(value, "public_ip_lookup")) {
obj.public_ip_lookup = parsePublic_ip_lookup(location + "/public_ip_lookup", value["public_ip_lookup"], errors);
}
if (exists(value, "unit")) {
obj.unit = instantiateUnit(location + "/unit", value["unit"], errors);
}

8
state/interface.ipv4.yml
View File

@@ -8,6 +8,14 @@ properties:
type: string
description:
An IPv4 addreess.
public_ip:
type: string
description:
The public IP address of internet connection.
uplink_interface:
type: string
description:
Current interface that serves as the Uplink. Example Ethernet2.
leasetime:
type: number
description:

117
state/interface.yml
View File

@@ -38,6 +38,8 @@ items:
$ref: "https://ucentral.io/state/v1/interface/clients/"
counters:
$ref: "https://ucentral.io/state/v1/interface/counter/"
delta_counters:
$ref: "https://ucentral.io/state/v1/interface/counter/"
mesh-path:
$ref: "https://ucentral.io/state/v1/interface/mesh-path/"
ssids:
@@ -72,3 +74,118 @@ items:
type: array
items:
type: string
mvr:
type: object
description: MVR statistics on interface
properties:
mvr-intf-fwd-status:
description: Shows if MVR traffic is being forwarded or discarded.
type: boolean
mvr-intf-igmp-count-reports:
description: The number of IGMP membership reports received on this interface.
type: integer
mvr-intf-igmp-count-leave:
description: The number of leave messages received on this interface.
type: integer
mvr-intf-igmp-count-gquery:
description: The number of general query messages received on this interface.
type: integer
mvr-intf-igmp-count-gssquery:
description: The number of group specific or group-and-source specific query messages received on this interface.
type: integer
mvr-intf-igmp-count-drop:
description: The number of times a report, leave, or query was dropped.
type: integer
mvr-intf-igmp-count-joinsucc:
description: The number of times a multicast group was successfully joined.
type: integer
mvr-intf-igmp-count-actgroups:
description: The number of MVR groups active on this interface.
type: integer
acl-stats:
description: "Represents the overall statistics for ACLs on the OLS device."
type: object
properties:
acl-intf-stats:
description: "A list of ACL-related statistics, each corresponding to a specific interface or port."
type: array
items:
type: object
properties:
acl-intf-id:
description: "The identifier for the interface or port to which the ACL statistics apply."
type: string
acl-type:
description: "Type of the access control list."
type: string
enum:
- none
- ipv4
- ipv6
- ipv4Ext
- ipv6Ext
- mac
- arp
acl-rule-action:
description: "Indicates the action (permit or deny) taken when an ACL rule is matched."
type: string
enum:
- permit
- deny
acl-hit-count:
description: "The number of times an ACL rule has been matched by traffic."
type: number
acl-rule-resource-util:
description: "Shows the percentage of this user-configured ACL rule as a percentage of total ACL rules."
type: integer
minimum: 0
maximum: 100
acl-resource-stats:
description: "Represents the overall resource utilization statistics for ACLs."
type: object
properties:
acl-total-resource-util:
description: "Percentage of total ACL consumed resources amongst the resources available."
type: integer
minimum: 0
maximum: 100
dhcp-snoop-binding:
description: State message entry to show the binding table for DHCP Snooping
type: object
properties:
entries:
description: List of DHCP Snooping binding entries
type: array
items:
type: object
properties:
dhcp-snoop-bind-mac-address:
description: MAC address of the DHCP client in the DHCP Snooping binding table
type: string
format: uc-mac
dhcp-snoop-bind-ip-address:
description: IP address assigned to the MAC address in the DHCP Snooping binding table
type: string
format: ipv4
dhcp-snoop-bind-lease-seconds:
description: This indicates the lease time in seconds for the IP address assigned to the DHCP client, after which the IP address may be reassigned
type: integer
dhcp-snoop-bind-type:
description: Specifies the type of binding entry, such as dynamic or static, indicating how the IP address was assigned to the client
type: string
enum:
- dynamic
- static
dhcp-snoop-bind-vlan:
description: VLAN ID associated with the DHCP clients IP address, which helps in managing network segments
type: integer
minimum: 1
maximum: 4094
dhcp-snoop-bind-interf:
description: Identifies the interface through which the DHCP client is connected, aiding in network topology management
type: string
examples:
- "Ethernet1"
- "Unit-1/Port-2"
- "1-2"
- "Trunk 1"

67
state/lacp-trunks.yml Normal file
View File

@@ -0,0 +1,67 @@
type: array
items:
type: object
description:
List of dynamically created trunks.
properties:
trunk-identifier:
type: integer
description:
Logical identifier for the trunk.
minimum: 1
maximum: 64
member-port:
type: string
description: List of member ports under this trunk.
system-priority:
type: number
description:
LACP System priority.
port-priority:
type: number
description:
LACP port priority.
port-state:
type: string
description:
Port state.
lacpdu-sent:
type: number
description:
Number of LACP Data Units (PDUs) sent.
lacpdu-recv:
type: number
description:
Number of LACP Data Units (PDUs) received.
markerpdu-sent:
type: number
description:
Number of Marker PDUs sent.
markerpdu-recv:
type: number
description:
Number of Marker PDUs received.
unknownpkt-recv:
type: number
description:
Number of unknown packets received.
illegalpkt-recv:
type: number
description:
Number of illegal packets received.
port-oper-key:
type: number
description:
Operational key for the port.
partner-oper-key:
type: number
description:
Operational key for the partner.
oper-state:
type: string
description:
Operational state.
partner-oper-state:
type: string
description:
Operational state of the partner.

2
state/link-state.yml
View File

@@ -19,6 +19,8 @@ properties:
- half
counters:
$ref: "https://ucentral.io/state/v1/interface/counter/"
delta_counters:
$ref: "https://ucentral.io/state/v1/interface/counter/"
poe:
description:
This section describes the ethernet poe-port link-state object (statistics + PD info).

4
state/state.yml
View File

@@ -54,3 +54,7 @@ properties:
$ref: "https://ucentral.io/state/v1/link-state/"
mac-address-list:
$ref: "https://ucentral.io/state/v1/mac-address-list/"
static-trunks:
$ref: "https://ucentral.io/state/v1/static-trunks/"
lacp-trunks:
$ref: "https://ucentral.io/state/v1/lacp-trunks/"

18
state/static-trunks.yml Normal file
View File

@@ -0,0 +1,18 @@
type: array
items:
type: object
description:
List of statically created trunks.
properties:
trunk-identifier:
type: integer
description:
Logical identifier for the trunk.
minimum: 1
maximum: 64
member-ports:
type: array
description:
List of member ports under this static trunk.
items:
type: string

12
system/state.uc
View File

@@ -79,6 +79,16 @@ let delta = 1;
if (telemetry)
delta = 0;
let public_ip_file = "/tmp/public_ip";
let public_ip = "";
if (cfg.public_ip_lookup) {
if (!fs.access(public_ip_file))
system(sprintf("/usr/bin/curl -m 3 %s -o %s", cfg.public_ip_lookup, public_ip_file));
let online_file = fs.open(public_ip_file);
public_ip = online_file.read("all") || '';
online_file.close();
}
global.tid_stats = (index(stats.types, 'tid-stats') > 0);
/* load state data */
@@ -412,6 +422,8 @@ cursor.foreach("network", "interface", function(d) {
push(ipv4, sprintf("%s/%d", a.address, a.mask));
iface.ipv4.addresses = ipv4;
if( cfg.public_ip_lookup && length(public_ip))
iface.ipv4.public_ip = public_ip;
}
if (length(status["ipv6-address"])) {

238
ucentral.capabilities.pretty.json Normal file
View File

@@ -0,0 +1,238 @@
{
"description": "uCentral protocol (OpenLan) device and features capabilities schema",
"type": "object",
"properties": {
"serial": {
"type": "string",
"examples": [
"aabbccddeeff"
]
},
"firmware": {
"type": "string",
"description": "Platform revision",
"examples": [
"Rel 1.6 build 5"
]
},
"platform": {
"type": "string",
"enum": [
"Switch",
"AP"
]
},
"model": {
"type": "string",
"description": "Device model"
},
"hw-sku": {
"type": "string",
"description": "Stock keeping unit"
},
"compatible": {
"type": "string",
"description": "Compatibility string, that defines the family of the device"
},
"base-mac": {
"type": "string",
"description": "Switch MAC address",
"format": "uc-mac",
"examples": [
"aa:bb:cc:dd:ee:ff"
]
},
"port-list": {
"type": "array",
"description": "The list of physical network devices",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "The logical name of the port that is used by the OS",
"examples": [
"Ethernet0",
"Ethernet1",
"Ethernet76"
]
},
"front-panel-number": {
"type": "integer",
"description": "The identification number of the port as can be seen on the front-panel of the device"
}
}
}
},
"port-capabilities": {
"type": "object",
"description": "Description of physical ports and their form-factors",
"properties": {
"form-factors": {
"type": "array",
"items": {
"type": "string",
"enum": [
"RJ45",
"SFP",
"SFP+",
"SFP28",
"SFP-DD",
"QSFP",
"QSFP+",
"QSFP28",
"QSFP-DD"
]
}
},
"ports-list": {
"type": "array",
"items": {
"type": "object",
"properties": {
"type": {
"type": "string",
"examples": [
"RJ45"
]
},
"ports": {
"type": "array",
"items": {
"type": "string",
"examples": [
"Ethernet1"
]
}
}
}
}
}
}
},
"poe-capabilities": {
"type": "object",
"description": "Description of physical ports and their PoE capabilities",
"properties": {
"supported-standards": {
"type": "array",
"items": {
"type": "string",
"enum": [
".3AF-POE",
".3AT-POE+",
".3BT-PoE++",
"PreStandard-Passive"
]
}
},
"power-budget": {
"type": "integer",
"examples": [
2000
]
},
"poe-ports": {
"type": "array",
"items": {
"type": "object",
"properties": {
"type": {
"type": "string",
"examples": [
".3AF-POE"
]
},
"budget-capacity": {
"type": "integer"
},
"ports": {
"type": "array",
"items": {
"type": "string",
"examples": [
"Ethernet1"
]
}
}
}
}
}
}
},
"supported-features": {
"type": "array",
"description": "List of all features supported by the device",
"items": {
"type": "string",
"enum": [
"VLAN",
"Jumbo-Frames",
"Link-Aggregation-LACP",
"Link-Aggregation-Static",
"Port-Isolation",
"Spanning-Tree",
"Spanning-Tree-Rapid",
"Spanning-Tree-Per-VLAN",
"Spanning-Tree-Per-VLAN-Rapid",
"Spanning-Tree-MSTP",
"SVI-StaticIPv4",
"SVI-StaticIPv6",
"Interface-StaticIPv4",
"Interface-StaticIPv6",
"Routing-VRF",
"Routing-IPv4-Route-Blackhole",
"Routing-IPv4-Route-Unreachable",
"Routing-IPv4-Nexthop",
"Routing-IPv4-Broadcast",
"Routing-IPv4-Multicast-IGMP-Snooping",
"Routing-IPv4-Multicast-IGMP-Querier",
"Routing-IPv4-Multicast-IGMP-Static",
"Routing-IPv4-DHCP-Server",
"Routing-IPv4-DHCP-Relay",
"Routing-IPv4-DHCP-Snooping",
"Routing-IPv4-Port-Forward",
"Routing-IPv6-DHCP-Relay",
"Routing-IPv6-DHCP-Stateful",
"Routing-IPv6-DHCP-Stateless",
"Routing-IPv6-Port-Forward",
"Multicast-VLAN-Registration",
"PoE-Reset",
"Port-Access-Control",
"PAC-Dynamic-Auth",
"System-PasswordChange",
"System-SwUpdate",
"System-SwUpdate-Partial",
"Port-Mirroring",
"MAC-ACL",
"Guest-VLAN",
"Service-SSH",
"Service-RSSH",
"Service-Telnet",
"Service-LLDP",
"Service-HTTP",
"Service-HTTPS",
"Service-GPS",
"Service-IGMP",
"Service-NTP",
"Service-NTP-Client",
"Service-MDNS",
"Service-QoS",
"Service-Syslog",
"Service-PAC",
"Service-Wireguard-Overlay",
"Service-Radius-Proxy",
"Service-Online-Check",
"Service-CaptivePortal",
"Service-PublicIpCheck",
"Tunneling-VxLAN",
"Tunneling-GRE",
"Tunneling-GRE6",
"Tunneling-L2TP",
"Tunneling-Mesh"
]
}
}
},
"$defs": {}
}

659
ucentral.schema.full.json
View File

@@ -13,6 +13,11 @@
"description": "The unique ID of the configuration. This is the unix timestamp of when the config was created.",
"type": "integer"
},
"public_ip_lookup": {
"description": "The fqdn to retrieve public ip of internet connection.",
"type": "string",
"format": "uc-fqdn"
},
"unit": {
"description": "A device has certain properties that describe its identity and location. These properties are described inside this object.",
"type": "object",
@@ -106,6 +111,16 @@
"description": "Global config for controlling whether MLD snooping is enabled. If this global setting is disabled, all VLANs are treated as disabled, whether they are enabled or not.",
"type": "boolean",
"default": true
},
"unknown-multicast-flood-control": {
"description": "Global config for the unknown multicast flood control feature. This enables the system to forward unknown multicast packets only to a multicast router (mrouter).",
"type": "boolean",
"default": false
},
"querier-enable": {
"description": "Global IGMP querier config. This enables all Vlan interfaces to act as a querier.",
"type": "boolean",
"default": false
}
}
}
@@ -543,6 +558,13 @@
]
}
},
"name": {
"description": "This is a free text field, stating the administrative name of the port. It may contain spaces and special characters, not exceeding 64 characters.",
"type": "string",
"examples": [
"cloud_uplink_port"
]
},
"speed": {
"description": "The link speed that shall be forced.",
"type": "integer",
@@ -671,48 +693,74 @@
}
}
},
"port-isolation": {
"description": "This section describes the per-port specific port-isolation matrix (to which ports selected port can forward traffic to) configuration. Omitting this configuration completely fully disables any port-isolation configuration on this given port.",
"trunk-group": {
"description": "Associates this port to a trunk or a port-channel.",
"type": "integer",
"minimum": 1,
"maximum": 64
},
"lacp-config": {
"description": "This section describes the 802.3ad Link Aggregation Control Protocol (LACP) configuration for the current interface.",
"type": "object",
"properties": {
"sessions": {
"description": "Allow selected port to forward traffic in the provided session-based format.",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"description": "Session id to configure.",
"type": "integer"
},
"uplink": {
"description": "Configuration object for uplink interface(s)",
"type": "object",
"properties": {
"interface-list": {
"description": "List of interfaces (either physical or trunk ports)",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"downlink": {
"description": "Configuration object for downlink interface(s)",
"type": "object",
"properties": {
"interface-list": {
"description": "List of interfaces (either physical or trunk ports)",
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
}
"lacp-enable": {
"description": "Enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface.",
"type": "boolean",
"default": false
},
"lacp-role": {
"description": "Configures the port LACP role as actor or partner.",
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-mode": {
"description": "Configures the LACP negotiation activity mode as active or passive.",
"type": "string",
"enum": [
"active",
"passive"
],
"default": "passive"
},
"lacp-port-admin-key": {
"description": "Configures the port's LACP administration key.",
"type": "integer",
"minimum": 1,
"maximum": 65535,
"default": 1
},
"lacp-port-priority": {
"description": "Configures the LACP port priority.",
"type": "integer",
"minimum": 1,
"maximum": 65535,
"default": 32768
},
"lacp-system-priority": {
"description": "Configures the LACP System priority.",
"type": "integer",
"minimum": 1,
"maximum": 65535,
"default": 32768
},
"lacp-pchan-admin-key": {
"description": "Configures the port channel's LACP administration key (optional).",
"type": "integer",
"minimum": 1,
"maximum": 65535
},
"lacp-timeout": {
"description": "Configures the timeout to wait for the next LACP data unit.",
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
}
}
}
@@ -725,18 +773,21 @@
"properties": {
"port-mirror": {
"description": "Enable mirror of traffic from multiple minotor ports to a single analysis port.",
"type": "object",
"properties": {
"monitor-ports": {
"description": "The list of ports that we want to mirror.",
"type": "array",
"items": {
"type": "array",
"items": {
"type": "object",
"properties": {
"monitor-ports": {
"description": "The list of ports that we want to mirror.",
"type": "array",
"items": {
"type": "string"
}
},
"analysis-port": {
"description": "The port that mirror'ed packets should be sent to.",
"type": "string"
}
},
"analysis-port": {
"description": "The port that mirror'ed packets should be sent to.",
"type": "string"
}
}
},
@@ -910,6 +961,390 @@
}
}
}
},
"port-isolation": {
"description": "This section describes the per-port specific port-isolation matrix (to which ports selected port can forward traffic to) configuration. Omitting this configuration completely fully disables any port-isolation configuration on this given port.",
"type": "object",
"properties": {
"sessions": {
"description": "Allow selected port to forward traffic in the provided session-based format.",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"description": "Session id to configure.",
"type": "integer"
},
"uplink": {
"description": "Configuration object for uplink interface(s)",
"type": "object",
"properties": {
"interface-list": {
"description": "List of interfaces (either physical or trunk ports)",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"downlink": {
"description": "Configuration object for downlink interface(s)",
"type": "object",
"properties": {
"interface-list": {
"description": "List of interfaces (either physical or trunk ports)",
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
}
}
}
},
"trunk-balance-method": {
"description": "Sets the load-distribution method among ports in aggregated links for both static and LACP based trunks.",
"type": "string",
"enum": [
"dst-ip",
"dst-mac",
"src-dst-ip",
"src-dst-mac",
"src-ip",
"src-mac"
],
"default": "src-dst-mac"
},
"jumbo-frames": {
"description": "Enables Jumbo frames",
"type": "boolean",
"default": false
},
"dhcp-snooping": {
"description": "DHCP Snooping configuration parameters",
"type": "object",
"properties": {
"dhcp-snoop-enable": {
"description": "Enables DHCP Snooping on the network switch, which is a security feature that prevents unauthorized DHCP servers from offering IP addresses",
"type": "boolean",
"default": false
},
"dhcp-snoop-rate-limit": {
"description": "Sets a limit on the number of DHCP packets per second that can be received on an untrusted interface to prevent DHCP flooding attacks",
"type": "integer",
"minimum": 1,
"maximum": 2048
},
"dhcp-snoop-mac-verify": {
"description": "This option ensures that the MAC address in a DHCP request matches the source MAC address of the packet, providing an additional layer of security",
"type": "boolean",
"default": false
},
"dhcp-snoop-inf-opt-82": {
"description": "This refers to the insertion of information option 82 in DHCP packets, which adds more details about the client\u2019s location and network information for tracking and control purposes",
"type": "boolean",
"default": false
},
"dhcp-snoop-inf-opt-encode-subopt": {
"description": "This parameter allows for the encoding of sub-options within option 82 to further specify client information",
"type": "boolean",
"default": false
},
"dhcp-snoop-inf-opt-remoteid": {
"description": "It specifies the remote ID sub-option in option 82, which typically includes information like the circuit ID or remote host identifier",
"type": "string",
"maxLength": 32,
"minLength": 1
},
"dhcp-snoop-inf-opt-policy": {
"description": "This defines the policy for handling packets with option 82, determining whether they should be forwarded or dropped based on the configuration",
"type": "string",
"enum": [
"drop",
"keep",
"replace"
]
}
}
},
"acl": {
"description": "Contains all the access control rule definitions",
"type": "array",
"items": {
"type": "object",
"properties": {
"acl-type": {
"description": "Type of the access control list",
"type": "string",
"enum": [
"ipv4",
"ipv6",
"ipv4Ext",
"ipv6Ext",
"mac",
"arp"
]
},
"acl-name": {
"description": "The identifier or name for the Access Control List",
"type": "string",
"maxLength": 32,
"minLength": 1
},
"acl-rule-action": {
"description": "Defines whether to permit or deny traffic matching the rule",
"type": "string",
"enum": [
"permit",
"deny"
]
},
"acl-source-macaddress": {
"description": "Specifies the source MAC address to filter on",
"type": "string",
"format": "uc-mac"
},
"acl-source-macbitmask": {
"description": "The mask applied to the source MAC address",
"type": "string",
"format": "uc-mac"
},
"acl-dest-macaddress": {
"description": "Specifies the destination MAC address for the filter",
"type": "string",
"format": "uc-mac"
},
"acl-dest-macbitmask": {
"description": "The mask applied to the destination MAC address",
"type": "string",
"format": "uc-mac"
},
"acl-packet-format": {
"description": "Identifies the protocol encapsulated in the Ethernet frame by its EtherType",
"type": "string",
"enum": [
"any",
"untagged-eth2",
"untagged-802.3",
"tagged-eth2",
"tagged-802.3"
]
},
"acl-vlanid": {
"description": "Specifies a VLAN ID to filter traffic from a specific VLAN",
"type": "integer",
"minimum": 1,
"maximum": 4094
},
"acl-vid-bitmask": {
"description": "The mask applied to the VLAN ID",
"type": "integer",
"minimum": 1,
"maximum": 4095
},
"acl-ethertype": {
"description": "Filters packets based on the custom EtherType field (HEX) in the Ethernet frame",
"type": "string",
"default": "800"
},
"acl-ethertype-bitmask": {
"description": "The mask applied to the EtherType field",
"type": "string",
"default": "FFFF"
},
"acl-cos": {
"description": "Filters based on the Class of Service (CoS) field in the frame",
"type": "integer",
"minimum": 0,
"maximum": 7
},
"acl-cos-bitmask": {
"description": "The mask applied to the CoS field",
"type": "integer",
"minimum": 0,
"maximum": 7
},
"acl-ip-type": {
"description": "Filters traffic based on the IP protocol type (none, IPv4, or IPv6)",
"type": "string",
"enum": [
"none",
"ipv4",
"ipv6"
]
},
"acl-ipv4-source-address": {
"description": "The IPv4 address of the source to filter on",
"type": "string",
"format": "ipv4"
},
"acl-ipv4-source-subnetmask": {
"description": "The subnet mask applied to the source IPv4 address",
"type": "string",
"format": "ipv4"
},
"acl-ipv4-dest-address": {
"description": "The IPv4 address of the destination to filter on",
"type": "string",
"format": "ipv4"
},
"acl-ipv4-dest-subnetmask": {
"description": "The subnet mask applied to the destination IPv4 address",
"type": "string",
"format": "ipv4"
},
"acl-ip-proto": {
"description": "Filters based on the IP protocol number",
"type": "integer",
"minimum": 0,
"maximum": 255
},
"acl-ip-source-port": {
"description": "Specifies the source port number for filtering",
"type": "integer",
"minimum": 1,
"maximum": 65535
},
"acl-ip-source-port-bitmask": {
"description": "The mask applied to the source port number",
"type": "integer",
"minimum": 0,
"maximum": 65535
},
"acl-ip-dest-port": {
"description": "Specifies the destination port number for filtering",
"type": "integer",
"minimum": 1,
"maximum": 65535
},
"acl-ip-dest-port-bitmask": {
"description": "The mask applied to the destination port number",
"type": "integer",
"minimum": 0,
"maximum": 65535
}
}
}
},
"mvr-config": {
"description": "This section defines the Multicast VLAN Registration (MVR) general configuration.",
"type": "object",
"properties": {
"mvr-enable": {
"description": "Enable/Disable MVR globally on the switch.",
"type": "boolean",
"default": false
},
"mvr-proxy-query-intvl": {
"description": "This command configures the interval (in seconds) at which the receiver port sends out general queries. The maximum value is determined based on 12 hours as maximum interval, and minimum as 1 second as allowed value.",
"type": "integer",
"default": 125,
"maximum": 43200,
"minimum": 1
},
"mvr-proxy-switching": {
"description": "Enable the MVR proxy switching mode, where the source port acts as a host, and the receiver port acts as an MVR router with querier service enabled.",
"type": "boolean",
"default": false
},
"mvr-robustness-val": {
"description": "Configure the expected packet loss, and thereby the number of times to generate report and group-specific queries when changes are learned about downstream groups, and the number of times group-specific queries are sent to downstream receiver ports. Right configuration ensures that multicast group memberships are correctly maintained even if some control messages are lost due to network issues.",
"type": "integer",
"default": 2,
"maximum": 255,
"minimum": 1
},
"mvr-source-port-mode": {
"description": "Configure the switch to forward only multicast streams that a source port has dynamically joined or to forward all multicast groups.",
"type": "string",
"default": "forward",
"enum": [
"dynamic",
"forward"
]
}
}
},
"mvr-domain-config": {
"description": "Configure the Multicast VLAN Registration (MVR) domains.",
"type": "array",
"items": {
"type": "object",
"properties": {
"mvr-domain-id": {
"description": "Unique identifier for a Multicast Domain defined under the MVR.",
"type": "integer",
"minimum": 1,
"maximum": 10,
"default": 1
},
"mvr-domain-enable": {
"description": "Enable/disable Multicast VLAN Registration (MVR) for a specific domain.",
"type": "boolean",
"default": false
},
"mvr-domain-vlan-id": {
"description": "Per domain Level Multicast VLAN ID. Specifies the VLAN through which MVR multicast data is received. This is the VLAN to which all source ports must be assigned.",
"type": "integer",
"minimum": 1,
"maximum": 4094,
"default": 1
},
"mvr-domain-upstream-sip": {
"description": "Configures the source IP address assigned to all MVR control packets sent upstream on all domains or on a specified domain.",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
}
}
}
},
"mvr-group-config": {
"type": "array",
"description": "List of MVR groups (or profiles) configuration.",
"items": {
"type": "object",
"properties": {
"mvr-group-name": {
"type": "string",
"description": "The name of a MVR group that consists of one or more MVR group addresses",
"maxLength": 16,
"minLength": 1
},
"mvr-group-range-start": {
"type": "string",
"format": "ipv4",
"description": "Start IP address on the range of MVR group addresses that maps to a profile/MVR group"
},
"mvr-group-range-end": {
"type": "string",
"format": "ipv4",
"description": "Statically configure all multicast group addresses that will join an MVR VLAN. Map a range of MVR group addresses to a profile"
},
"mvr-group-assoc-domain": {
"descpription": "Map the MVR Group to a secific domain. There can be many profiles under a single domain",
"type": "array",
"items": {
"type": "integer",
"maximum": 10,
"minimum": 1
}
}
},
"required": [
"mvr-group-name",
"mvr-group-range-start",
"mvr-group-range-end",
"mvr-group-assoc-domain"
]
}
}
}
},
@@ -1478,6 +1913,42 @@
}
}
}
},
"mvr": {
"type": "object",
"description": "MVR attributes on a given interface",
"properties": {
"mvr-intf-mvr-role": {
"type": "string",
"description": "Configure an interface as an MVR receiver or source port. A port which is not configured as an MVR receiver or source port can use IGMP snooping to join or leave multicast groups using the standard rules for multicast filtering.",
"enum": [
"none",
"source",
"receiver"
]
},
"mvr-intf-immed-leave": {
"type": "string",
"description": "Switch to immediately remove an interface from a multicast stream as soon as it receives a leave message for that group. Applies to only receiver role ports.",
"enum": [
"none",
"by-host-ip",
"by-group"
],
"default": "by-group"
},
"mvr-intf-assoc-domain": {
"type": "integer",
"description": "Map the port to a specific domain.",
"maximum": 10,
"minimum": 1
}
},
"required": [
"mvr-intf-mvr-role",
"mvr-intf-immed-leave",
"mvr-intf-assoc-domain"
]
}
}
},
@@ -1501,6 +1972,11 @@
]
}
},
"dhcp-snoop-vlan-enable": {
"description": "Enables DHCP Snooping on a VLAN",
"type": "boolean",
"default": false
},
"dhcp": {
"description": "This section describes the DHCP server configuration",
"type": "object",
@@ -1799,6 +2275,72 @@
}
}
},
"acl": {
"description": "A collection of access control entries that define the rules for filtering traffic through a network interface.",
"type": "array",
"items": {
"type": "object",
"properties": {
"acl-inf-policy-preference": {
"description": "Determines the priority of multiple ACL policies when more than one is applied to an interface, if any.",
"type": "integer",
"minimum": 1,
"maximum": 64,
"default": 1
},
"acl-inf-policy-ingress": {
"description": "Specifies the ACL policy that is applied to incoming traffic on an interface.",
"type": "string",
"maxLength": 32,
"minLength": 1,
"examples": [
"blacklisted-macs"
]
},
"acl-inf-counters-ingress": {
"description": "Tracks the number and type of packets that match the ingress ACL rules on an interface.",
"type": "boolean",
"default": false
},
"acl-inf-policy-egress": {
"description": "Specifies the ACL policy that is applied to outgoing traffic from an interface.",
"type": "string",
"maxLength": 32,
"minLength": 1,
"examples": [
"blacklisted-macs"
]
},
"acl-inf-counters-egress": {
"description": "Tracks the number and type of packets that match the egress ACL rules on an interface.",
"type": "boolean",
"default": false
}
}
}
},
"dhcp-snooop-port": {
"description": "Configuration for DHCP Snooping on a port level on a switch",
"type": "object",
"properties": {
"dhcp-snoop-port-trust": {
"description": "This parameter designates a switch port as \u2018trusted\u2019 for DHCP messages, meaning it can forward DHCP offers and acknowledgments, which is essential for connecting to legitimate DHCP servers",
"type": "boolean",
"default": false
},
"dhcp-snoop-port-client-limit": {
"description": "It sets a limit on the number of DHCP clients that can be associated with a single port, helping to prevent a single port from exhausting the network\u2019s IP address pool",
"type": "integer",
"minimum": 1
},
"dhcp-snoop-port-circuit-id": {
"description": "Specifies DHCP Option 82 circuit ID suboption information. Often including information like the interface number and VLAN ID, this can be useful for network management and troubleshooting",
"type": "string",
"minLength": 1,
"maxLength": 32
}
}
},
"broad-band": {
"oneOf": [
{
@@ -4728,6 +5270,23 @@
"type": "boolean"
}
}
},
"https": {
"description": "Enable the webserver with the on-boarding webui",
"type": "object",
"properties": {
"https-port": {
"description": "The port that the secure HTTP server should run on.",
"type": "integer",
"maximum": 65535,
"minimum": 1,
"default": 443
},
"enable": {
"description": "This option whether secure http server should be enabled or disabled.",
"type": "boolean"
}
}
}
}
},

568
ucentral.schema.json
View File

@@ -10,6 +10,10 @@
"uuid": {
"type": "integer"
},
"public_ip_lookup": {
"type": "string",
"format": "uc-fqdn"
},
"unit": {
"$ref": "#/$defs/unit"
},
@@ -130,6 +134,14 @@
"mld-snooping-enable": {
"type": "boolean",
"default": true
},
"unknown-multicast-flood-control": {
"type": "boolean",
"default": false
},
"querier-enable": {
"type": "boolean",
"default": false
}
}
}
@@ -354,6 +366,12 @@
]
}
},
"name": {
"type": "string",
"examples": [
"cloud_uplink_port"
]
},
"speed": {
"type": "integer",
"enum": [
@@ -466,41 +484,64 @@
}
}
},
"port-isolation": {
"trunk-group": {
"type": "integer",
"minimum": 1,
"maximum": 64
},
"lacp-config": {
"type": "object",
"properties": {
"sessions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "integer"
},
"uplink": {
"type": "object",
"properties": {
"interface-list": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"downlink": {
"type": "object",
"properties": {
"interface-list": {
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
}
"lacp-enable": {
"type": "boolean",
"default": false
},
"lacp-role": {
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-mode": {
"type": "string",
"enum": [
"active",
"passive"
],
"default": "passive"
},
"lacp-port-admin-key": {
"type": "integer",
"minimum": 1,
"maximum": 65535,
"default": 1
},
"lacp-port-priority": {
"type": "integer",
"minimum": 1,
"maximum": 65535,
"default": 32768
},
"lacp-system-priority": {
"type": "integer",
"minimum": 1,
"maximum": 65535,
"default": 32768
},
"lacp-pchan-admin-key": {
"type": "integer",
"minimum": 1,
"maximum": 65535
},
"lacp-timeout": {
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
}
}
}
@@ -510,16 +551,19 @@
"type": "object",
"properties": {
"port-mirror": {
"type": "object",
"properties": {
"monitor-ports": {
"type": "array",
"items": {
"type": "array",
"items": {
"type": "object",
"properties": {
"monitor-ports": {
"type": "array",
"items": {
"type": "string"
}
},
"analysis-port": {
"type": "string"
}
},
"analysis-port": {
"type": "string"
}
}
},
@@ -666,6 +710,333 @@
}
}
}
},
"port-isolation": {
"type": "object",
"properties": {
"sessions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "integer"
},
"uplink": {
"type": "object",
"properties": {
"interface-list": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"downlink": {
"type": "object",
"properties": {
"interface-list": {
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
}
}
}
},
"trunk-balance-method": {
"type": "string",
"enum": [
"dst-ip",
"dst-mac",
"src-dst-ip",
"src-dst-mac",
"src-ip",
"src-mac"
],
"default": "src-dst-mac"
},
"jumbo-frames": {
"type": "boolean",
"default": false
},
"dhcp-snooping": {
"type": "object",
"properties": {
"dhcp-snoop-enable": {
"type": "boolean",
"default": false
},
"dhcp-snoop-rate-limit": {
"type": "integer",
"minimum": 1,
"maximum": 2048
},
"dhcp-snoop-mac-verify": {
"type": "boolean",
"default": false
},
"dhcp-snoop-inf-opt-82": {
"type": "boolean",
"default": false
},
"dhcp-snoop-inf-opt-encode-subopt": {
"type": "boolean",
"default": false
},
"dhcp-snoop-inf-opt-remoteid": {
"type": "string",
"maxLength": 32,
"minLength": 1
},
"dhcp-snoop-inf-opt-policy": {
"type": "string",
"enum": [
"drop",
"keep",
"replace"
]
}
}
},
"acl": {
"type": "array",
"items": {
"type": "object",
"properties": {
"acl-type": {
"type": "string",
"enum": [
"ipv4",
"ipv6",
"ipv4Ext",
"ipv6Ext",
"mac",
"arp"
]
},
"acl-name": {
"type": "string",
"maxLength": 32,
"minLength": 1
},
"acl-rule-action": {
"type": "string",
"enum": [
"permit",
"deny"
]
},
"acl-source-macaddress": {
"type": "string",
"format": "uc-mac"
},
"acl-source-macbitmask": {
"type": "string",
"format": "uc-mac"
},
"acl-dest-macaddress": {
"type": "string",
"format": "uc-mac"
},
"acl-dest-macbitmask": {
"type": "string",
"format": "uc-mac"
},
"acl-packet-format": {
"type": "string",
"enum": [
"any",
"untagged-eth2",
"untagged-802.3",
"tagged-eth2",
"tagged-802.3"
]
},
"acl-vlanid": {
"type": "integer",
"minimum": 1,
"maximum": 4094
},
"acl-vid-bitmask": {
"type": "integer",
"minimum": 1,
"maximum": 4095
},
"acl-ethertype": {
"type": "string",
"default": "800"
},
"acl-ethertype-bitmask": {
"type": "string",
"default": "FFFF"
},
"acl-cos": {
"type": "integer",
"minimum": 0,
"maximum": 7
},
"acl-cos-bitmask": {
"type": "integer",
"minimum": 0,
"maximum": 7
},
"acl-ip-type": {
"type": "string",
"enum": [
"none",
"ipv4",
"ipv6"
]
},
"acl-ipv4-source-address": {
"type": "string",
"format": "ipv4"
},
"acl-ipv4-source-subnetmask": {
"type": "string",
"format": "ipv4"
},
"acl-ipv4-dest-address": {
"type": "string",
"format": "ipv4"
},
"acl-ipv4-dest-subnetmask": {
"type": "string",
"format": "ipv4"
},
"acl-ip-proto": {
"type": "integer",
"minimum": 0,
"maximum": 255
},
"acl-ip-source-port": {
"type": "integer",
"minimum": 1,
"maximum": 65535
},
"acl-ip-source-port-bitmask": {
"type": "integer",
"minimum": 0,
"maximum": 65535
},
"acl-ip-dest-port": {
"type": "integer",
"minimum": 1,
"maximum": 65535
},
"acl-ip-dest-port-bitmask": {
"type": "integer",
"minimum": 0,
"maximum": 65535
}
}
}
},
"mvr-config": {
"type": "object",
"properties": {
"mvr-enable": {
"type": "boolean",
"default": false
},
"mvr-proxy-query-intvl": {
"type": "integer",
"default": 125,
"maximum": 43200,
"minimum": 1
},
"mvr-proxy-switching": {
"type": "boolean",
"default": false
},
"mvr-robustness-val": {
"type": "integer",
"default": 2,
"maximum": 255,
"minimum": 1
},
"mvr-source-port-mode": {
"type": "string",
"default": "forward",
"enum": [
"dynamic",
"forward"
]
}
}
},
"mvr-domain-config": {
"type": "array",
"items": {
"type": "object",
"properties": {
"mvr-domain-id": {
"type": "integer",
"minimum": 1,
"maximum": 10,
"default": 1
},
"mvr-domain-enable": {
"type": "boolean",
"default": false
},
"mvr-domain-vlan-id": {
"type": "integer",
"minimum": 1,
"maximum": 4094,
"default": 1
},
"mvr-domain-upstream-sip": {
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
}
}
}
},
"mvr-group-config": {
"type": "array",
"items": {
"type": "object",
"properties": {
"mvr-group-name": {
"type": "string",
"maxLength": 16,
"minLength": 1
},
"mvr-group-range-start": {
"type": "string",
"format": "ipv4"
},
"mvr-group-range-end": {
"type": "string",
"format": "ipv4"
},
"mvr-group-assoc-domain": {
"descpription": "Map the MVR Group to a secific domain. There can be many profiles under a single domain",
"type": "array",
"items": {
"type": "integer",
"maximum": 10,
"minimum": 1
}
}
},
"required": [
"mvr-group-name",
"mvr-group-range-start",
"mvr-group-range-end",
"mvr-group-assoc-domain"
]
}
}
}
},
@@ -1213,6 +1584,38 @@
}
}
}
},
"mvr": {
"type": "object",
"properties": {
"mvr-intf-mvr-role": {
"type": "string",
"enum": [
"none",
"source",
"receiver"
]
},
"mvr-intf-immed-leave": {
"type": "string",
"enum": [
"none",
"by-host-ip",
"by-group"
],
"default": "by-group"
},
"mvr-intf-assoc-domain": {
"type": "integer",
"maximum": 10,
"minimum": 1
}
},
"required": [
"mvr-intf-mvr-role",
"mvr-intf-immed-leave",
"mvr-intf-assoc-domain"
]
}
}
},
@@ -1234,6 +1637,10 @@
]
}
},
"dhcp-snoop-vlan-enable": {
"type": "boolean",
"default": false
},
"dhcp": {
"$ref": "#/$defs/interface.ipv4.dhcp"
},
@@ -1413,6 +1820,62 @@
}
}
},
"interface.acl": {
"type": "array",
"items": {
"type": "object",
"properties": {
"acl-inf-policy-preference": {
"type": "integer",
"minimum": 1,
"maximum": 64,
"default": 1
},
"acl-inf-policy-ingress": {
"type": "string",
"maxLength": 32,
"minLength": 1,
"examples": [
"blacklisted-macs"
]
},
"acl-inf-counters-ingress": {
"type": "boolean",
"default": false
},
"acl-inf-policy-egress": {
"type": "string",
"maxLength": 32,
"minLength": 1,
"examples": [
"blacklisted-macs"
]
},
"acl-inf-counters-egress": {
"type": "boolean",
"default": false
}
}
}
},
"interface.dhcp-snoop-port": {
"type": "object",
"properties": {
"dhcp-snoop-port-trust": {
"type": "boolean",
"default": false
},
"dhcp-snoop-port-client-limit": {
"type": "integer",
"minimum": 1
},
"dhcp-snoop-port-circuit-id": {
"type": "string",
"minLength": 1,
"maxLength": 32
}
}
},
"interface.broad-band.wwan": {
"type": "object",
"properties": {
@@ -2703,6 +3166,12 @@
"ipv6": {
"$ref": "#/$defs/interface.ipv6"
},
"acl": {
"$ref": "#/$defs/interface.acl"
},
"dhcp-snooop-port": {
"$ref": "#/$defs/interface.dhcp-snoop-port"
},
"broad-band": {
"$ref": "#/$defs/interface.broad-band"
},
@@ -3622,6 +4091,20 @@
}
}
},
"service.https": {
"type": "object",
"properties": {
"https-port": {
"type": "integer",
"maximum": 65535,
"minimum": 1,
"default": 443
},
"enable": {
"type": "boolean"
}
}
},
"service": {
"type": "object",
"properties": {
@@ -3693,6 +4176,9 @@
},
"telnet": {
"$ref": "#/$defs/service.telnet"
},
"https": {
"$ref": "#/$defs/service.https"
}
}
},

668
ucentral.schema.pretty.json
View File

@@ -13,6 +13,11 @@
"description": "The unique ID of the configuration. This is the unix timestamp of when the config was created.",
"type": "integer"
},
"public_ip_lookup": {
"description": "The fqdn to retrieve public ip of internet connection.",
"type": "string",
"format": "uc-fqdn"
},
"unit": {
"$ref": "#/$defs/unit"
},
@@ -151,6 +156,16 @@
"description": "Global config for controlling whether MLD snooping is enabled. If this global setting is disabled, all VLANs are treated as disabled, whether they are enabled or not.",
"type": "boolean",
"default": true
},
"unknown-multicast-flood-control": {
"description": "Global config for the unknown multicast flood control feature. This enables the system to forward unknown multicast packets only to a multicast router (mrouter).",
"type": "boolean",
"default": false
},
"querier-enable": {
"description": "Global IGMP querier config. This enables all Vlan interfaces to act as a querier.",
"type": "boolean",
"default": false
}
}
}
@@ -395,6 +410,13 @@
]
}
},
"name": {
"description": "This is a free text field, stating the administrative name of the port. It may contain spaces and special characters, not exceeding 64 characters.",
"type": "string",
"examples": [
"cloud_uplink_port"
]
},
"speed": {
"description": "The link speed that shall be forced.",
"type": "integer",
@@ -523,48 +545,74 @@
}
}
},
"port-isolation": {
"description": "This section describes the per-port specific port-isolation matrix (to which ports selected port can forward traffic to) configuration. Omitting this configuration completely fully disables any port-isolation configuration on this given port.",
"trunk-group": {
"description": "Associates this port to a trunk or a port-channel.",
"type": "integer",
"minimum": 1,
"maximum": 64
},
"lacp-config": {
"description": "This section describes the 802.3ad Link Aggregation Control Protocol (LACP) configuration for the current interface.",
"type": "object",
"properties": {
"sessions": {
"description": "Allow selected port to forward traffic in the provided session-based format.",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"description": "Session id to configure.",
"type": "integer"
},
"uplink": {
"description": "Configuration object for uplink interface(s)",
"type": "object",
"properties": {
"interface-list": {
"description": "List of interfaces (either physical or trunk ports)",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"downlink": {
"description": "Configuration object for downlink interface(s)",
"type": "object",
"properties": {
"interface-list": {
"description": "List of interfaces (either physical or trunk ports)",
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
}
"lacp-enable": {
"description": "Enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface.",
"type": "boolean",
"default": false
},
"lacp-role": {
"description": "Configures the port LACP role as actor or partner.",
"type": "string",
"enum": [
"actor",
"partner"
],
"default": "actor"
},
"lacp-mode": {
"description": "Configures the LACP negotiation activity mode as active or passive.",
"type": "string",
"enum": [
"active",
"passive"
],
"default": "passive"
},
"lacp-port-admin-key": {
"description": "Configures the port's LACP administration key.",
"type": "integer",
"minimum": 1,
"maximum": 65535,
"default": 1
},
"lacp-port-priority": {
"description": "Configures the LACP port priority.",
"type": "integer",
"minimum": 1,
"maximum": 65535,
"default": 32768
},
"lacp-system-priority": {
"description": "Configures the LACP System priority.",
"type": "integer",
"minimum": 1,
"maximum": 65535,
"default": 32768
},
"lacp-pchan-admin-key": {
"description": "Configures the port channel's LACP administration key (optional).",
"type": "integer",
"minimum": 1,
"maximum": 65535
},
"lacp-timeout": {
"description": "Configures the timeout to wait for the next LACP data unit.",
"type": "string",
"enum": [
"short",
"long"
],
"default": "long"
}
}
}
@@ -576,18 +624,21 @@
"properties": {
"port-mirror": {
"description": "Enable mirror of traffic from multiple minotor ports to a single analysis port.",
"type": "object",
"properties": {
"monitor-ports": {
"description": "The list of ports that we want to mirror.",
"type": "array",
"items": {
"type": "array",
"items": {
"type": "object",
"properties": {
"monitor-ports": {
"description": "The list of ports that we want to mirror.",
"type": "array",
"items": {
"type": "string"
}
},
"analysis-port": {
"description": "The port that mirror'ed packets should be sent to.",
"type": "string"
}
},
"analysis-port": {
"description": "The port that mirror'ed packets should be sent to.",
"type": "string"
}
}
},
@@ -761,6 +812,390 @@
}
}
}
},
"port-isolation": {
"description": "This section describes the per-port specific port-isolation matrix (to which ports selected port can forward traffic to) configuration. Omitting this configuration completely fully disables any port-isolation configuration on this given port.",
"type": "object",
"properties": {
"sessions": {
"description": "Allow selected port to forward traffic in the provided session-based format.",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"description": "Session id to configure.",
"type": "integer"
},
"uplink": {
"description": "Configuration object for uplink interface(s)",
"type": "object",
"properties": {
"interface-list": {
"description": "List of interfaces (either physical or trunk ports)",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"downlink": {
"description": "Configuration object for downlink interface(s)",
"type": "object",
"properties": {
"interface-list": {
"description": "List of interfaces (either physical or trunk ports)",
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
}
}
}
},
"trunk-balance-method": {
"description": "Sets the load-distribution method among ports in aggregated links for both static and LACP based trunks.",
"type": "string",
"enum": [
"dst-ip",
"dst-mac",
"src-dst-ip",
"src-dst-mac",
"src-ip",
"src-mac"
],
"default": "src-dst-mac"
},
"jumbo-frames": {
"description": "Enables Jumbo frames",
"type": "boolean",
"default": false
},
"dhcp-snooping": {
"description": "DHCP Snooping configuration parameters",
"type": "object",
"properties": {
"dhcp-snoop-enable": {
"description": "Enables DHCP Snooping on the network switch, which is a security feature that prevents unauthorized DHCP servers from offering IP addresses",
"type": "boolean",
"default": false
},
"dhcp-snoop-rate-limit": {
"description": "Sets a limit on the number of DHCP packets per second that can be received on an untrusted interface to prevent DHCP flooding attacks",
"type": "integer",
"minimum": 1,
"maximum": 2048
},
"dhcp-snoop-mac-verify": {
"description": "This option ensures that the MAC address in a DHCP request matches the source MAC address of the packet, providing an additional layer of security",
"type": "boolean",
"default": false
},
"dhcp-snoop-inf-opt-82": {
"description": "This refers to the insertion of information option 82 in DHCP packets, which adds more details about the client\u2019s location and network information for tracking and control purposes",
"type": "boolean",
"default": false
},
"dhcp-snoop-inf-opt-encode-subopt": {
"description": "This parameter allows for the encoding of sub-options within option 82 to further specify client information",
"type": "boolean",
"default": false
},
"dhcp-snoop-inf-opt-remoteid": {
"description": "It specifies the remote ID sub-option in option 82, which typically includes information like the circuit ID or remote host identifier",
"type": "string",
"maxLength": 32,
"minLength": 1
},
"dhcp-snoop-inf-opt-policy": {
"description": "This defines the policy for handling packets with option 82, determining whether they should be forwarded or dropped based on the configuration",
"type": "string",
"enum": [
"drop",
"keep",
"replace"
]
}
}
},
"acl": {
"description": "Contains all the access control rule definitions",
"type": "array",
"items": {
"type": "object",
"properties": {
"acl-type": {
"description": "Type of the access control list",
"type": "string",
"enum": [
"ipv4",
"ipv6",
"ipv4Ext",
"ipv6Ext",
"mac",
"arp"
]
},
"acl-name": {
"description": "The identifier or name for the Access Control List",
"type": "string",
"maxLength": 32,
"minLength": 1
},
"acl-rule-action": {
"description": "Defines whether to permit or deny traffic matching the rule",
"type": "string",
"enum": [
"permit",
"deny"
]
},
"acl-source-macaddress": {
"description": "Specifies the source MAC address to filter on",
"type": "string",
"format": "uc-mac"
},
"acl-source-macbitmask": {
"description": "The mask applied to the source MAC address",
"type": "string",
"format": "uc-mac"
},
"acl-dest-macaddress": {
"description": "Specifies the destination MAC address for the filter",
"type": "string",
"format": "uc-mac"
},
"acl-dest-macbitmask": {
"description": "The mask applied to the destination MAC address",
"type": "string",
"format": "uc-mac"
},
"acl-packet-format": {
"description": "Identifies the protocol encapsulated in the Ethernet frame by its EtherType",
"type": "string",
"enum": [
"any",
"untagged-eth2",
"untagged-802.3",
"tagged-eth2",
"tagged-802.3"
]
},
"acl-vlanid": {
"description": "Specifies a VLAN ID to filter traffic from a specific VLAN",
"type": "integer",
"minimum": 1,
"maximum": 4094
},
"acl-vid-bitmask": {
"description": "The mask applied to the VLAN ID",
"type": "integer",
"minimum": 1,
"maximum": 4095
},
"acl-ethertype": {
"description": "Filters packets based on the custom EtherType field (HEX) in the Ethernet frame",
"type": "string",
"default": "800"
},
"acl-ethertype-bitmask": {
"description": "The mask applied to the EtherType field",
"type": "string",
"default": "FFFF"
},
"acl-cos": {
"description": "Filters based on the Class of Service (CoS) field in the frame",
"type": "integer",
"minimum": 0,
"maximum": 7
},
"acl-cos-bitmask": {
"description": "The mask applied to the CoS field",
"type": "integer",
"minimum": 0,
"maximum": 7
},
"acl-ip-type": {
"description": "Filters traffic based on the IP protocol type (none, IPv4, or IPv6)",
"type": "string",
"enum": [
"none",
"ipv4",
"ipv6"
]
},
"acl-ipv4-source-address": {
"description": "The IPv4 address of the source to filter on",
"type": "string",
"format": "ipv4"
},
"acl-ipv4-source-subnetmask": {
"description": "The subnet mask applied to the source IPv4 address",
"type": "string",
"format": "ipv4"
},
"acl-ipv4-dest-address": {
"description": "The IPv4 address of the destination to filter on",
"type": "string",
"format": "ipv4"
},
"acl-ipv4-dest-subnetmask": {
"description": "The subnet mask applied to the destination IPv4 address",
"type": "string",
"format": "ipv4"
},
"acl-ip-proto": {
"description": "Filters based on the IP protocol number",
"type": "integer",
"minimum": 0,
"maximum": 255
},
"acl-ip-source-port": {
"description": "Specifies the source port number for filtering",
"type": "integer",
"minimum": 1,
"maximum": 65535
},
"acl-ip-source-port-bitmask": {
"description": "The mask applied to the source port number",
"type": "integer",
"minimum": 0,
"maximum": 65535
},
"acl-ip-dest-port": {
"description": "Specifies the destination port number for filtering",
"type": "integer",
"minimum": 1,
"maximum": 65535
},
"acl-ip-dest-port-bitmask": {
"description": "The mask applied to the destination port number",
"type": "integer",
"minimum": 0,
"maximum": 65535
}
}
}
},
"mvr-config": {
"description": "This section defines the Multicast VLAN Registration (MVR) general configuration.",
"type": "object",
"properties": {
"mvr-enable": {
"description": "Enable/Disable MVR globally on the switch.",
"type": "boolean",
"default": false
},
"mvr-proxy-query-intvl": {
"description": "This command configures the interval (in seconds) at which the receiver port sends out general queries. The maximum value is determined based on 12 hours as maximum interval, and minimum as 1 second as allowed value.",
"type": "integer",
"default": 125,
"maximum": 43200,
"minimum": 1
},
"mvr-proxy-switching": {
"description": "Enable the MVR proxy switching mode, where the source port acts as a host, and the receiver port acts as an MVR router with querier service enabled.",
"type": "boolean",
"default": false
},
"mvr-robustness-val": {
"description": "Configure the expected packet loss, and thereby the number of times to generate report and group-specific queries when changes are learned about downstream groups, and the number of times group-specific queries are sent to downstream receiver ports. Right configuration ensures that multicast group memberships are correctly maintained even if some control messages are lost due to network issues.",
"type": "integer",
"default": 2,
"maximum": 255,
"minimum": 1
},
"mvr-source-port-mode": {
"description": "Configure the switch to forward only multicast streams that a source port has dynamically joined or to forward all multicast groups.",
"type": "string",
"default": "forward",
"enum": [
"dynamic",
"forward"
]
}
}
},
"mvr-domain-config": {
"description": "Configure the Multicast VLAN Registration (MVR) domains.",
"type": "array",
"items": {
"type": "object",
"properties": {
"mvr-domain-id": {
"description": "Unique identifier for a Multicast Domain defined under the MVR.",
"type": "integer",
"minimum": 1,
"maximum": 10,
"default": 1
},
"mvr-domain-enable": {
"description": "Enable/disable Multicast VLAN Registration (MVR) for a specific domain.",
"type": "boolean",
"default": false
},
"mvr-domain-vlan-id": {
"description": "Per domain Level Multicast VLAN ID. Specifies the VLAN through which MVR multicast data is received. This is the VLAN to which all source ports must be assigned.",
"type": "integer",
"minimum": 1,
"maximum": 4094,
"default": 1
},
"mvr-domain-upstream-sip": {
"description": "Configures the source IP address assigned to all MVR control packets sent upstream on all domains or on a specified domain.",
"type": "string",
"format": "ipv4",
"examples": [
"192.168.0.5"
]
}
}
}
},
"mvr-group-config": {
"type": "array",
"description": "List of MVR groups (or profiles) configuration.",
"items": {
"type": "object",
"properties": {
"mvr-group-name": {
"type": "string",
"description": "The name of a MVR group that consists of one or more MVR group addresses",
"maxLength": 16,
"minLength": 1
},
"mvr-group-range-start": {
"type": "string",
"format": "ipv4",
"description": "Start IP address on the range of MVR group addresses that maps to a profile/MVR group"
},
"mvr-group-range-end": {
"type": "string",
"format": "ipv4",
"description": "Statically configure all multicast group addresses that will join an MVR VLAN. Map a range of MVR group addresses to a profile"
},
"mvr-group-assoc-domain": {
"descpription": "Map the MVR Group to a secific domain. There can be many profiles under a single domain",
"type": "array",
"items": {
"type": "integer",
"maximum": 10,
"minimum": 1
}
}
},
"required": [
"mvr-group-name",
"mvr-group-range-start",
"mvr-group-range-end",
"mvr-group-assoc-domain"
]
}
}
}
},
@@ -1386,6 +1821,42 @@
}
}
}
},
"mvr": {
"type": "object",
"description": "MVR attributes on a given interface",
"properties": {
"mvr-intf-mvr-role": {
"type": "string",
"description": "Configure an interface as an MVR receiver or source port. A port which is not configured as an MVR receiver or source port can use IGMP snooping to join or leave multicast groups using the standard rules for multicast filtering.",
"enum": [
"none",
"source",
"receiver"
]
},
"mvr-intf-immed-leave": {
"type": "string",
"description": "Switch to immediately remove an interface from a multicast stream as soon as it receives a leave message for that group. Applies to only receiver role ports.",
"enum": [
"none",
"by-host-ip",
"by-group"
],
"default": "by-group"
},
"mvr-intf-assoc-domain": {
"type": "integer",
"description": "Map the port to a specific domain.",
"maximum": 10,
"minimum": 1
}
},
"required": [
"mvr-intf-mvr-role",
"mvr-intf-immed-leave",
"mvr-intf-assoc-domain"
]
}
}
},
@@ -1409,6 +1880,11 @@
]
}
},
"dhcp-snoop-vlan-enable": {
"description": "Enables DHCP Snooping on a VLAN",
"type": "boolean",
"default": false
},
"dhcp": {
"$ref": "#/$defs/interface.ipv4.dhcp"
},
@@ -1608,6 +2084,72 @@
}
}
},
"interface.acl": {
"description": "A collection of access control entries that define the rules for filtering traffic through a network interface.",
"type": "array",
"items": {
"type": "object",
"properties": {
"acl-inf-policy-preference": {
"description": "Determines the priority of multiple ACL policies when more than one is applied to an interface, if any.",
"type": "integer",
"minimum": 1,
"maximum": 64,
"default": 1
},
"acl-inf-policy-ingress": {
"description": "Specifies the ACL policy that is applied to incoming traffic on an interface.",
"type": "string",
"maxLength": 32,
"minLength": 1,
"examples": [
"blacklisted-macs"
]
},
"acl-inf-counters-ingress": {
"description": "Tracks the number and type of packets that match the ingress ACL rules on an interface.",
"type": "boolean",
"default": false
},
"acl-inf-policy-egress": {
"description": "Specifies the ACL policy that is applied to outgoing traffic from an interface.",
"type": "string",
"maxLength": 32,
"minLength": 1,
"examples": [
"blacklisted-macs"
]
},
"acl-inf-counters-egress": {
"description": "Tracks the number and type of packets that match the egress ACL rules on an interface.",
"type": "boolean",
"default": false
}
}
}
},
"interface.dhcp-snoop-port": {
"description": "Configuration for DHCP Snooping on a port level on a switch",
"type": "object",
"properties": {
"dhcp-snoop-port-trust": {
"description": "This parameter designates a switch port as \u2018trusted\u2019 for DHCP messages, meaning it can forward DHCP offers and acknowledgments, which is essential for connecting to legitimate DHCP servers",
"type": "boolean",
"default": false
},
"dhcp-snoop-port-client-limit": {
"description": "It sets a limit on the number of DHCP clients that can be associated with a single port, helping to prevent a single port from exhausting the network\u2019s IP address pool",
"type": "integer",
"minimum": 1
},
"dhcp-snoop-port-circuit-id": {
"description": "Specifies DHCP Option 82 circuit ID suboption information. Often including information like the interface number and VLAN ID, this can be useful for network management and troubleshooting",
"type": "string",
"minLength": 1,
"maxLength": 32
}
}
},
"interface.broad-band.wwan": {
"description": "This Object defines the properties of a broad-band uplink.",
"type": "object",
@@ -3098,6 +3640,12 @@
"ipv6": {
"$ref": "#/$defs/interface.ipv6"
},
"acl": {
"$ref": "#/$defs/interface.acl"
},
"dhcp-snooop-port": {
"$ref": "#/$defs/interface.dhcp-snoop-port"
},
"broad-band": {
"$ref": "#/$defs/interface.broad-band"
},
@@ -4172,6 +4720,23 @@
}
}
},
"service.https": {
"description": "Enable the webserver with the on-boarding webui",
"type": "object",
"properties": {
"https-port": {
"description": "The port that the secure HTTP server should run on.",
"type": "integer",
"maximum": 65535,
"minimum": 1,
"default": 443
},
"enable": {
"description": "This option whether secure http server should be enabled or disabled.",
"type": "boolean"
}
}
},
"service": {
"description": "This section describes all of the services that may be present on the AP. Each service is then referenced via its name inside an interface, ssid, ...",
"type": "object",
@@ -4244,6 +4809,9 @@
},
"telnet": {
"$ref": "#/$defs/service.telnet"
},
"https": {
"$ref": "#/$defs/service.https"
}
}
},

266
ucentral.state.pretty.json
View File

@@ -78,6 +78,12 @@
},
"mac-address-list": {
"$ref": "#/$defs/mac-address-list"
},
"static-trunks": {
"$ref": "#/$defs/static-trunks"
},
"lacp-trunks": {
"$ref": "#/$defs/lacp-trunks"
}
},
"$defs": {
@@ -325,6 +331,14 @@
"description": "An IPv4 addreess."
}
},
"public_ip": {
"type": "string",
"description": "The public IP address of internet connection."
},
"uplink_interface": {
"type": "string",
"description": "Current interface that serves as the Uplink. Example Ethernet2."
},
"leasetime": {
"type": "number",
"description": "This is the leasetime if the IPv4 address of this logical interface was acquired via DHCPv4."
@@ -755,6 +769,9 @@
"counters": {
"$ref": "#/$defs/interface.counter"
},
"delta_counters": {
"$ref": "#/$defs/interface.counter"
},
"mesh-path": {
"$ref": "#/$defs/interface.mesh-path"
},
@@ -796,6 +813,159 @@
}
}
}
},
"mvr": {
"type": "object",
"description": "MVR statistics on interface",
"properties": {
"mvr-intf-fwd-status": {
"description": "Shows if MVR traffic is being forwarded or discarded.",
"type": "boolean"
},
"mvr-intf-igmp-count-reports": {
"description": "The number of IGMP membership reports received on this interface.",
"type": "integer"
},
"mvr-intf-igmp-count-leave": {
"description": "The number of leave messages received on this interface.",
"type": "integer"
},
"mvr-intf-igmp-count-gquery": {
"description": "The number of general query messages received on this interface.",
"type": "integer"
},
"mvr-intf-igmp-count-gssquery": {
"description": "The number of group specific or group-and-source specific query messages received on this interface.",
"type": "integer"
},
"mvr-intf-igmp-count-drop": {
"description": "The number of times a report, leave, or query was dropped.",
"type": "integer"
},
"mvr-intf-igmp-count-joinsucc": {
"description": "The number of times a multicast group was successfully joined.",
"type": "integer"
},
"mvr-intf-igmp-count-actgroups": {
"description": "The number of MVR groups active on this interface.",
"type": "integer"
}
}
},
"acl-stats": {
"description": "Represents the overall statistics for ACLs on the OLS device.",
"type": "object",
"properties": {
"acl-intf-stats": {
"description": "A list of ACL-related statistics, each corresponding to a specific interface or port.",
"type": "array",
"items": {
"type": "object",
"properties": {
"acl-intf-id": {
"description": "The identifier for the interface or port to which the ACL statistics apply.",
"type": "string"
},
"acl-type": {
"description": "Type of the access control list.",
"type": "string",
"enum": [
"none",
"ipv4",
"ipv6",
"ipv4Ext",
"ipv6Ext",
"mac",
"arp"
]
},
"acl-rule-action": {
"description": "Indicates the action (permit or deny) taken when an ACL rule is matched.",
"type": "string",
"enum": [
"permit",
"deny"
]
},
"acl-hit-count": {
"description": "The number of times an ACL rule has been matched by traffic.",
"type": "number"
},
"acl-rule-resource-util": {
"description": "Shows the percentage of this user-configured ACL rule as a percentage of total ACL rules.",
"type": "integer",
"minimum": 0,
"maximum": 100
}
}
}
}
}
},
"acl-resource-stats": {
"description": "Represents the overall resource utilization statistics for ACLs.",
"type": "object",
"properties": {
"acl-total-resource-util": {
"description": "Percentage of total ACL consumed resources amongst the resources available.",
"type": "integer",
"minimum": 0,
"maximum": 100
}
}
},
"dhcp-snoop-binding": {
"description": "State message entry to show the binding table for DHCP Snooping",
"type": "object",
"properties": {
"entries": {
"description": "List of DHCP Snooping binding entries",
"type": "array",
"items": {
"type": "object",
"properties": {
"dhcp-snoop-bind-mac-address": {
"description": "MAC address of the DHCP client in the DHCP Snooping binding table",
"type": "string",
"format": "uc-mac"
},
"dhcp-snoop-bind-ip-address": {
"description": "IP address assigned to the MAC address in the DHCP Snooping binding table",
"type": "string",
"format": "ipv4"
},
"dhcp-snoop-bind-lease-seconds": {
"description": "This indicates the lease time in seconds for the IP address assigned to the DHCP client, after which the IP address may be reassigned",
"type": "integer"
},
"dhcp-snoop-bind-type": {
"description": "Specifies the type of binding entry, such as dynamic or static, indicating how the IP address was assigned to the client",
"type": "string",
"enum": [
"dynamic",
"static"
]
},
"dhcp-snoop-bind-vlan": {
"description": "VLAN ID associated with the DHCP client\u2019s IP address, which helps in managing network segments",
"type": "integer",
"minimum": 1,
"maximum": 4094
},
"dhcp-snoop-bind-interf": {
"description": "Identifies the interface through which the DHCP client is connected, aiding in network topology management",
"type": "string",
"examples": [
"Ethernet1",
"Unit-1/Port-2",
"1-2",
"Trunk 1"
]
}
}
}
}
}
}
}
}
@@ -883,6 +1053,9 @@
"counters": {
"$ref": "#/$defs/interface.counter"
},
"delta_counters": {
"$ref": "#/$defs/interface.counter"
},
"poe": {
"description": "This section describes the ethernet poe-port link-state object (statistics + PD info). Present only in case if port has any Power sourcing capabilities.",
"type": "object",
@@ -1088,6 +1261,99 @@
}
}
]
},
"static-trunks": {
"type": "array",
"items": {
"type": "object",
"description": "List of statically created trunks.",
"properties": {
"trunk-identifier": {
"type": "integer",
"description": "Logical identifier for the trunk.",
"minimum": 1,
"maximum": 64
},
"member-ports": {
"type": "array",
"description": "List of member ports under this static trunk.",
"items": {
"type": "string"
}
}
}
}
},
"lacp-trunks": {
"type": "array",
"items": {
"type": "object",
"description": "List of dynamically created trunks.",
"properties": {
"trunk-identifier": {
"type": "integer",
"description": "Logical identifier for the trunk.",
"minimum": 1,
"maximum": 64
},
"member-port": {
"type": "string",
"description": "List of member ports under this trunk."
},
"system-priority": {
"type": "number",
"description": "LACP System priority."
},
"port-priority": {
"type": "number",
"description": "LACP port priority."
},
"port-state": {
"type": "string",
"description": "Port state."
},
"lacpdu-sent": {
"type": "number",
"description": "Number of LACP Data Units (PDUs) sent."
},
"lacpdu-recv": {
"type": "number",
"description": "Number of LACP Data Units (PDUs) received."
},
"markerpdu-sent": {
"type": "number",
"description": "Number of Marker PDUs sent."
},
"markerpdu-recv": {
"type": "number",
"description": "Number of Marker PDUs received."
},
"unknownpkt-recv": {
"type": "number",
"description": "Number of unknown packets received."
},
"illegalpkt-recv": {
"type": "number",
"description": "Number of illegal packets received."
},
"port-oper-key": {
"type": "number",
"description": "Operational key for the port."
},
"partner-oper-key": {
"type": "number",
"description": "Operational key for the partner."
},
"oper-state": {
"type": "string",
"description": "Operational state."
},
"partner-oper-state": {
"type": "string",
"description": "Operational state of the partner."
}
}
}
}
}
}