scottk/ols-ucentral-schema
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/ols-ucentral-schema.git synced 2025-10-30 01:32:26 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Compare commits

base: scottk:v3.2.7
Branches Tags
scottk:main scottk:OLS-849-add-xSTP-parameters scottk:OLS-848-Schema-Intrusion-detection scottk:OLS-838-Update-OLS-Schema-version-to-4.2.0 scottk:correct-storm-control-indentation scottk:ols-821-mclag-schema-correction scottk:fix/fix_invalid_schema scottk:ols-688-bpdu-guard scottk:ols-822-lldp-peers-statemessage-enhancements scottk:OLS_UpdateSchemaVersion_410 scottk:ols-659-simplify-vlan-config scottk:staging-OLS-644-global-dns scottk:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release scottk:Sprint-8-OLS-ARP-Inspect-Schema scottk:Sprint-8-OLS---Rate-Limiting-schema scottk:OLS-556-Sprint-8-IPSourceGuard scottk:OLS-556-Sprint-8-SubcribeRTEvents scottk:OLS-550_Schema_Corrections_Pre4p0_Features scottk:OLS-562-Add-schema-version-to-ols-ucentral-schema scottk:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema scottk:OLS-538_port_speed_enum_fix_40g scottk:OLS-425_sprint6_schema scottk:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities scottk:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities scottk:OLS_319_sprint4_schema scottk:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames scottk:link_aggregation scottk:change_port_mirror_type_to_array scottk:lacp scottk:jumbo_frames scottk:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml scottk:OLS-228-delta_counters scottk:secure_http_server scottk:fix_loop_detection_schema_instances_indentation scottk:change_vrf_id_to_integer scottk:schema_fixes_and_updates scottk:default-values-for-schema/ethernet.yml-speed-and-duplex scottk:next scottk:1-incorrect-indentation-for-statelink-stateyml
scottk:v4.1.0-rc1 scottk:v4.0.0 scottk:v4.0.0-rc1 scottk:v3.2.7
...
compare: scottk:v4.0.0-rc1
Branches Tags
scottk:OLS-849-add-xSTP-parameters scottk:OLS-848-Schema-Intrusion-detection scottk:OLS-838-Update-OLS-Schema-version-to-4.2.0 scottk:main scottk:correct-storm-control-indentation scottk:ols-821-mclag-schema-correction scottk:fix/fix_invalid_schema scottk:ols-688-bpdu-guard scottk:ols-822-lldp-peers-statemessage-enhancements scottk:OLS_UpdateSchemaVersion_410 scottk:ols-659-simplify-vlan-config scottk:staging-OLS-644-global-dns scottk:OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release scottk:Sprint-8-OLS-ARP-Inspect-Schema scottk:Sprint-8-OLS---Rate-Limiting-schema scottk:OLS-556-Sprint-8-IPSourceGuard scottk:OLS-556-Sprint-8-SubcribeRTEvents scottk:OLS-550_Schema_Corrections_Pre4p0_Features scottk:OLS-562-Add-schema-version-to-ols-ucentral-schema scottk:OLS-545-Removal-of-AP-specific-schema-elements-from-ols-ucentral-schema scottk:OLS-538_port_speed_enum_fix_40g scottk:OLS-425_sprint6_schema scottk:OLS_390_Move_uplink_interface_definition_to_state.yml_Add_version_connect.capabilities scottk:OLS-390-Move-uplink_interface-definition-to-state.yml-add-version-to-connect.capabilities scottk:OLS_319_sprint4_schema scottk:OLS-295_capabilities_add_lacp_linkAggregation_jumboFrames scottk:link_aggregation scottk:change_port_mirror_type_to_array scottk:lacp scottk:jumbo_frames scottk:OLS-229-generate-json-file-for-capabilities-connect.capabilities.yml scottk:OLS-228-delta_counters scottk:secure_http_server scottk:fix_loop_detection_schema_instances_indentation scottk:change_vrf_id_to_integer scottk:schema_fixes_and_updates scottk:default-values-for-schema/ethernet.yml-speed-and-duplex scottk:next scottk:1-incorrect-indentation-for-statelink-stateyml
scottk:v4.1.0-rc1 scottk:v4.0.0 scottk:v4.0.0-rc1 scottk:v3.2.7

18 Commits
v3.2.7 ... v4.0.0-rc1

Author SHA1 Message Date
Mike Hansen
f394cb4019 Merge pull request #38 from Telecominfraproject/OLS-578-Tag-ols-ucentral-client-and-ols-ucentral-schema-4.0.0-pre-release 
[OLS-578] Tag ols-ucentral-client and ols-ucentral-schema 4.0.0 pre-r…
 2025-02-05 08:16:49 -05:00
Mike Hansen
5e345b22a3 [OLS-578] Tag ols-ucentral-client and ols-ucentral-schema 4.0.0 pre-release 
Update to 4.0.0

Signed-off-by: Mike Hansen <mike.hansen@netexperience.com>
 2025-02-04 12:21:40 -05:00
Mike Hansen
dcd935359c Merge pull request #36 from Telecominfraproject/Sprint-8-OLS-ARP-Inspect-Schema 
ols-556-sprint8-arp-inspect-schema-draft
 2025-02-04 12:09:05 -05:00
Mike Hansen
362e03a363 Resolving merge issues 2025-02-04 12:08:04 -05:00
Mike Hansen
51c5b1b9f4 Merge pull request #34 from Telecominfraproject/Sprint-8-OLS---Rate-Limiting-schema 
Sprint-8 OLS Rate Limiting Schema change
 2025-02-04 11:54:02 -05:00
Mike Hansen
5d50740f98 Resolving merge issues 2025-02-04 11:52:13 -05:00
Mike Hansen
01d4c80824 Merge pull request #33 from Telecominfraproject/OLS-556-Sprint-8-IPSourceGuard 
Sprint-8 OLS - IP Source Guard schema
 2025-02-04 11:42:40 -05:00
Mike Hansen
76cc0646e0 Resolving merge issues 2025-02-04 11:41:06 -05:00
Mike Hansen
ffe61ea929 Merge pull request #32 from Telecominfraproject/OLS-556-Sprint-8-SubcribeRTEvents 
RT event subscription Sprint-8 OLS
 2025-02-04 11:32:19 -05:00
Mike Hansen
078c2021eb Resolving merge issues 2025-02-04 11:31:29 -05:00
Binny
6bc313b440 corrected attribute names and moved ipsg config at switch level to separate file 2025-01-29 18:32:40 +00:00
Binny
1d052a18c2 created new files, and accomodated review comments 2025-01-29 15:36:13 +00:00
Binny
69bc3a60b7 changes to make rtevent a new file, and property names. 2025-01-29 14:46:01 +00:00
Binny
cb0069a356 correcting property names to align with review comments 2025-01-29 14:29:20 +00:00
Binny
59ad89be0f ols-556-sprint8-arp-inspect-schema-draft 2025-01-22 14:48:04 +00:00
Binny
548b76a948 Sprint-8 OLS Rate Limiting Schema change 2025-01-15 14:40:44 +00:00
Binny
4f2a23741b Sprint-8 OLS - IP Source Guard schema 2025-01-15 14:31:51 +00:00
Binny
44c07718e3 Changes for RT event subscription 2025-01-15 14:10:01 +00:00
16 changed files with 1484 additions and 12 deletions
Expand all files Collapse all files

8
docs/ucentral-schema.html
View File

File diff suppressed because one or more lines are too long

2
docs/ucentral-state.html
View File

File diff suppressed because one or more lines are too long

2
docs/ucentral.capabilities.html
View File

File diff suppressed because one or more lines are too long

6
schema.json
View File

@@ -1,5 +1,5 @@
{
"major": 3,
"minor": 2,
"patch": 7
"major": 4,
"minor": 0,
"patch": 0
}

53
schema/ethernet.yml
View File

@@ -368,6 +368,57 @@ properties:
type: boolean
description: Enables the transmission of SNMP trap notifications about LLDP changes.
default: false
ip-arp-inspect-port:
type: object
description: Configuration for ARP Inspection on specific interfaces or ports in the switch.
properties:
rate-limit-pps:
type: integer
description: Sets a rate limit (packets per second) for the ARP packets received on a port. Ensures that the port does not process ARP packets beyond the configured limit.
minimum: 0
maximum: 65535
trusted:
type: boolean
description: Configures the port as trusted, exempting it from ARP Inspection. Trusted ports bypass ARP validation checks.
rate-limit-port:
type: object
description: Configuration for ingress and egress rate limiting on a specific port (in kbps)
properties:
ingress-kbps:
type: integer
description: Sets the maximum allowed ingress (input) traffic rate for the port, in kilobits per second (kbps).
minimum: 64
maximum: 1000000000
egress-kbps:
type: integer
description: Sets the maximum allowed egress (output) traffic rate for the port, in kilobits per second (kbps).
minimum: 64
maximum: 1000000000
ip-source-guard-port:
type: object
description: Configuration of IP Source Guard (IPSG) on a physical interface in a Layer 2 switch.
properties:
rule:
type: string
description: Configures the switch to filter inbound traffic based on source IP address only,
or source IP address and corresponding MAC address combined.
enum:
- sip
- sip-mac
mode:
type: string
description: Specifies the learning mode to use for validation, either MAC address table or ACL table.
The system searches for source addresses in the specified table.
enum:
- mac
- acl
max-binding:
type: integer
description: Sets the maximum number of address entries that can be mapped to an interface
in the binding table. Includes both static entries and dynamically learned entries
via DHCP Snooping.
minimum: 1
maximum: 65535
acl:
description: A collection of access control entries that define the rules for filtering traffic through a network port.
type: array
@@ -447,4 +498,4 @@ properties:
description: Specifies DHCP Option 82 circuit ID suboption information. Often including information like the interface number and VLAN ID, this can be useful for network management and troubleshooting
type: string
minLength: 1
maxLength: 32
maxLength: 32

14
schema/interface.ipv4.arp-inspect.yml Normal file
View File

@@ -0,0 +1,14 @@
type: object
description: Configuration for ARP Inspection on specific VLANs in the switch.
properties:
vlan-enable:
type: boolean
description: Enable or disable ARP Inspection for a specified VLAN.
vlan-acl-rule:
type: string
description: Specifies an ARP ACL to apply to one or more VLANs.
maxLength: 32
minLength: 1
vlan-acl-nodhcp-bindings:
type: boolean
description: Validate ARP packets against only the specified ACL without checking address bindings in the DHCP snooping database.

2
schema/interface.ipv4.yml
View File

@@ -200,6 +200,8 @@ properties:
description: "Enables DHCP Snooping on a VLAN"
type: boolean
default: false
ip-arp-inspect-vlan:
$ref: "https://ucentral.io/schema/v1/interface/ipv4/arp-inspect/"
dhcp:
$ref: "https://ucentral.io/schema/v1/interface/ipv4/dhcp/"
dhcp-leases:

19
schema/switch.arp-inspect.yml Normal file
View File

@@ -0,0 +1,19 @@
type: object
description: Global configuration for ARP Inspection on the switch.
properties:
ip-arp-inspect:
type: boolean
description: Enable or disable ARP Inspection globally.
default: false
validate-dst-mac:
type: boolean
description: Validate that the destination MAC address in the Ethernet header matches the target MAC address in the ARP body for ARP responses.
validate-ip:
type: boolean
description: Validate ARP packets for unexpected or invalid IP addresses, such as 0.0.0.0, 255.255.255.255, and IP multicast addresses.
validate-allow-zeros:
type: boolean
description: Allow ARP packets where the sender IP address is 0.0.0.0.
validate-src-mac:
type: boolean
description: Validate that the source MAC address in the Ethernet header matches the sender MAC address in the ARP body for both ARP requests and responses.

29
schema/switch.ip-source-guard.yml Normal file
View File

@@ -0,0 +1,29 @@
type: object
description: Configuration for IP Source Guard global static bindings in a Layer 2 switch.
properties:
bindings:
type: array
description: List of static bindings for IP Source Guard.
items:
type: object
properties:
binding-mode:
type: string
description: Specifies the mode for adding a static address to the Source Guard ACL or MAC address binding table. It determines whether the binding is based on MAC addresses or ACLs.
enum:
- mac
- acl
binding-mac:
type: string
format: uc-mac
description: A valid unicast MAC address for binding to the Source Guard filtering table.
binding-vlans:
type: integer
description: The VLAN ID associated with the static binding for Source Guard filtering. Must be a valid, configured VLAN on the switch.
binding-ip:
type: string
format: ipv4
description: A valid unicast IPv4 address to associate with the Source Guard filtering table.
binding-port:
type: string
description: The physical interface (e.g., ethernet0, ethernet1) where the Source Guard binding applies.

162
schema/switch.rtevent.yml Normal file
View File

@@ -0,0 +1,162 @@
description: Configuration for enabling or disabling specific event categories and their sub-events.
type: object
properties:
port-status:
description: Enable/Disable Port Status events.
type: object
properties:
enabled:
description: Enable/Disable Port Status category.
type: boolean
default: false
sub-events:
type: object
properties:
wired.carrier-down:
type: boolean
description: Enable/Disable carrier down event.
default: false
wired.carrier-up:
type: boolean
description: Enable/Disable carrier up event.
default: false
module:
description: Enable/Disable Module events.
type: object
properties:
enabled:
type: boolean
description: Enable/Disable Module category.
default: false
sub-events:
type: object
properties:
module.plugout:
type: boolean
description: Enable/Disable module plugout event.
default: false
module.plugin:
type: boolean
description: Enable/Disable module plugin event.
default: false
stp:
description: Enable/Disable STP events.
type: object
properties:
enabled:
type: boolean
description: Enable/Disable STP category.
default: false
sub-events:
type: object
properties:
stp.loop-detected:
type: boolean
description: Enable/Disable loop detected event.
default: false
stp.loop-cleared:
type: boolean
description: Enable/Disable loop cleared event.
default: false
stp.state-change:
type: boolean
description: Enable/Disable state change event.
default: false
rstp:
description: Enable/Disable RSTP events.
type: object
properties:
enabled:
type: boolean
description: Enable/Disable RSTP category.
default: false
sub-events:
type: object
properties:
rstp.loop-detected:
type: boolean
description: Enable/Disable loop detected event.
default: false
rstp.loop-cleared:
type: boolean
description: Enable/Disable loop cleared event.
default: false
rstp.state-change:
type: boolean
description: Enable/Disable state change event.
default: false
fw-upgrade:
description: Enable/Disable Firmware Upgrade events.
type: object
properties:
enabled:
type: boolean
description: Enable/Disable Firmware Upgrade category.
default: false
sub-events:
type: object
properties:
upg.download-start:
type: boolean
description: Enable/Disable download start event.
default: false
upg.download-in-progress:
type: boolean
description: Enable/Disable download in progress event.
default: false
upg.download-failed:
type: boolean
description: Enable/Disable download failed event.
default: false
upg.validation-start:
type: boolean
description: Enable/Disable validation start event.
default: false
upg.validation-success:
type: boolean
description: Enable/Disable validation success event.
default: false
upg.validation-failed:
type: boolean
description: Enable/Disable validation failed event.
default: false
upg.backup-current-firmware:
type: boolean
description: Enable/Disable firmware backup event.
default: false
upg.install-start:
type: boolean
description: Enable/Disable install start event.
default: false
upg.install-failed:
type: boolean
description: Enable/Disable install failed event.
default: false
upg.reboot-start:
type: boolean
description: Enable/Disable reboot start event.
default: false
upg.success:
type: boolean
description: Enable/Disable upgrade success event.
default: false
dhcp-snooping:
description: Enable/Disable DHCP Snooping events.
type: object
properties:
enabled:
type: boolean
description: Enable/Disable DHCP Snooping category.
default: false
sub-events:
type: object
properties:
dhcp-snooping.violation-detected:
type: boolean
description: Enable/Disable DHCP Snooping violation detected event.
default: false
dhcp-snooping.violation-cleared:
type: boolean
description: Enable/Disable DHCP Snooping violation cleared event.
default: false
# Continue similarly for ARP Inspection, IPSG, PoE Status, PoE Fault, and Device Events.

10
schema/switch.yml
View File

@@ -1,4 +1,4 @@
description:
description:
This section defines the switch fabric specific features of a physical switch.
type: object
properties:
@@ -537,5 +537,11 @@ properties:
minLength: 1
examples:
- "A VoIP Phone"
arp-inspect:
$ref: "https://ucentral.io/schema/v1/switch/arp-inspect/"
ip-source-guard:
$ref: "https://ucentral.io/schema/v1/switch/ip-source-guard/"
rt-events:
$ref: "https://ucentral.io/schema/v1/switch/rtevent/"
acl:
$ref: "https://ucentral.io/schema/v1/switch/acl/"
$ref: "https://ucentral.io/schema/v1/switch/acl/"

54
state/state.yml
View File

@@ -60,3 +60,57 @@ properties:
type: string
description:
Current interface that serves as the Uplink. Example Ethernet2.
arp-inspect-stats:
type: object
description: Statistics related to ARP Inspection activity in the switch.
properties:
arp-pkt-rcvd:
type: integer
description: Total number of ARP packets received.
arp-pkt-dropped-rate-limit:
type: integer
description: Number of ARP packets dropped due to rate limiting.
arp-pkt-processed:
type: integer
description: Total number of ARP packets processed by ARP Inspection.
arp-pkt-dropped-src-mac:
type: integer
description: Number of ARP packets dropped due to source MAC address validation failures.
arp-pkt-dropped-dst-mac:
type: integer
description: Number of ARP packets dropped due to destination MAC address validation failures.
arp-pkt-dropped-ip:
type: integer
description: Number of ARP packets dropped due to IP address validation failures."
arp-pkt-dropped-acl:
type: integer
description: Number of ARP packets dropped due to ARP ACL rules.
arp-pkt-dropped-dhcp:
type: integer
description: Number of ARP packets dropped due to DHCP snooping validation failures.
ip-source-guard:
type: object
description: Represents the configuration and state of IP Source Guard.
properties:
blocked-entries:
type: array
description: Displays a list of entries that are currently blocked by IP Source Guard (IPSG).
items:
type: object
properties:
blocked-mac:
type: string
description: The MAC address that has been blocked by IP Source Guard.
format: "mac-address"
blocked-ip:
type: string
description: The IP address that has been blocked by IP Source Guard.
format: "ipv4"
blocked-vlan:
type: integer
description: The VLAN ID associated with the blocked IP/MAC entry.
minimum: 1
maximum: 4095
blocked-interface:
type: string
description: The interface (e.g., port) where the blocked entry was detected.

367
ucentral.schema.full.json
View File

@@ -589,6 +589,68 @@
}
}
},
"ip-arp-inspect-port": {
"type": "object",
"description": "Configuration for ARP Inspection on specific interfaces or ports in the switch.",
"properties": {
"rate-limit-pps": {
"type": "integer",
"description": "Sets a rate limit (packets per second) for the ARP packets received on a port. Ensures that the port does not process ARP packets beyond the configured limit.",
"minimum": 0,
"maximum": 65535
},
"trusted": {
"type": "boolean",
"description": "Configures the port as trusted, exempting it from ARP Inspection. Trusted ports bypass ARP validation checks."
}
}
},
"rate-limit-port": {
"type": "object",
"description": "Configuration for ingress and egress rate limiting on a specific port (in kbps)",
"properties": {
"ingress-kbps": {
"type": "integer",
"description": "Sets the maximum allowed ingress (input) traffic rate for the port, in kilobits per second (kbps).",
"minimum": 64,
"maximum": 1000000000
},
"egress-kbps": {
"type": "integer",
"description": "Sets the maximum allowed egress (output) traffic rate for the port, in kilobits per second (kbps).",
"minimum": 64,
"maximum": 1000000000
}
}
},
"ip-source-guard-port": {
"type": "object",
"description": "Configuration of IP Source Guard (IPSG) on a physical interface in a Layer 2 switch.",
"properties": {
"rule": {
"type": "string",
"description": "Configures the switch to filter inbound traffic based on source IP address only, or source IP address and corresponding MAC address combined.",
"enum": [
"sip",
"sip-mac"
]
},
"mode": {
"type": "string",
"description": "Specifies the learning mode to use for validation, either MAC address table or ACL table. The system searches for source addresses in the specified table.",
"enum": [
"mac",
"acl"
]
},
"max-binding": {
"type": "integer",
"description": "Sets the maximum number of address entries that can be mapped to an interface in the binding table. Includes both static entries and dynamically learned entries via DHCP Snooping.",
"minimum": 1,
"maximum": 65535
}
}
},
"acl": {
"description": "A collection of access control entries that define the rules for filtering traffic through a network port.",
"type": "array",
@@ -1317,6 +1379,291 @@
}
}
},
"arp-inspect": {
"type": "object",
"description": "Global configuration for ARP Inspection on the switch.",
"properties": {
"ip-arp-inspect": {
"type": "boolean",
"description": "Enable or disable ARP Inspection globally.",
"default": false
},
"validate-dst-mac": {
"type": "boolean",
"description": "Validate that the destination MAC address in the Ethernet header matches the target MAC address in the ARP body for ARP responses."
},
"validate-ip": {
"type": "boolean",
"description": "Validate ARP packets for unexpected or invalid IP addresses, such as 0.0.0.0, 255.255.255.255, and IP multicast addresses."
},
"validate-allow-zeros": {
"type": "boolean",
"description": "Allow ARP packets where the sender IP address is 0.0.0.0."
},
"validate-src-mac": {
"type": "boolean",
"description": "Validate that the source MAC address in the Ethernet header matches the sender MAC address in the ARP body for both ARP requests and responses."
}
}
},
"ip-source-guard": {
"type": "object",
"description": "Configuration for IP Source Guard global static bindings in a Layer 2 switch.",
"properties": {
"bindings": {
"type": "array",
"description": "List of static bindings for IP Source Guard.",
"items": {
"type": "object",
"properties": {
"binding-mode": {
"type": "string",
"description": "Specifies the mode for adding a static address to the Source Guard ACL or MAC address binding table. It determines whether the binding is based on MAC addresses or ACLs.",
"enum": [
"mac",
"acl"
]
},
"binding-mac": {
"type": "string",
"format": "uc-mac",
"description": "A valid unicast MAC address for binding to the Source Guard filtering table."
},
"binding-vlans": {
"type": "integer",
"description": "The VLAN ID associated with the static binding for Source Guard filtering. Must be a valid, configured VLAN on the switch."
},
"binding-ip": {
"type": "string",
"format": "ipv4",
"description": "A valid unicast IPv4 address to associate with the Source Guard filtering table."
},
"binding-port": {
"type": "string",
"description": "The physical interface (e.g., ethernet0, ethernet1) where the Source Guard binding applies."
}
}
}
}
}
},
"rt-events": {
"description": "Configuration for enabling or disabling specific event categories and their sub-events.",
"type": "object",
"properties": {
"port-status": {
"description": "Enable/Disable Port Status events.",
"type": "object",
"properties": {
"enabled": {
"description": "Enable/Disable Port Status category.",
"type": "boolean",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"wired.carrier-down": {
"type": "boolean",
"description": "Enable/Disable carrier down event.",
"default": false
},
"wired.carrier-up": {
"type": "boolean",
"description": "Enable/Disable carrier up event.",
"default": false
}
}
}
}
},
"module": {
"description": "Enable/Disable Module events.",
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable/Disable Module category.",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"module.plugout": {
"type": "boolean",
"description": "Enable/Disable module plugout event.",
"default": false
},
"module.plugin": {
"type": "boolean",
"description": "Enable/Disable module plugin event.",
"default": false
}
}
}
}
},
"stp": {
"description": "Enable/Disable STP events.",
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable/Disable STP category.",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"stp.loop-detected": {
"type": "boolean",
"description": "Enable/Disable loop detected event.",
"default": false
},
"stp.loop-cleared": {
"type": "boolean",
"description": "Enable/Disable loop cleared event.",
"default": false
},
"stp.state-change": {
"type": "boolean",
"description": "Enable/Disable state change event.",
"default": false
}
}
}
}
},
"rstp": {
"description": "Enable/Disable RSTP events.",
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable/Disable RSTP category.",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"rstp.loop-detected": {
"type": "boolean",
"description": "Enable/Disable loop detected event.",
"default": false
},
"rstp.loop-cleared": {
"type": "boolean",
"description": "Enable/Disable loop cleared event.",
"default": false
},
"rstp.state-change": {
"type": "boolean",
"description": "Enable/Disable state change event.",
"default": false
}
}
}
}
},
"fw-upgrade": {
"description": "Enable/Disable Firmware Upgrade events.",
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable/Disable Firmware Upgrade category.",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"upg.download-start": {
"type": "boolean",
"description": "Enable/Disable download start event.",
"default": false
},
"upg.download-in-progress": {
"type": "boolean",
"description": "Enable/Disable download in progress event.",
"default": false
},
"upg.download-failed": {
"type": "boolean",
"description": "Enable/Disable download failed event.",
"default": false
},
"upg.validation-start": {
"type": "boolean",
"description": "Enable/Disable validation start event.",
"default": false
},
"upg.validation-success": {
"type": "boolean",
"description": "Enable/Disable validation success event.",
"default": false
},
"upg.validation-failed": {
"type": "boolean",
"description": "Enable/Disable validation failed event.",
"default": false
},
"upg.backup-current-firmware": {
"type": "boolean",
"description": "Enable/Disable firmware backup event.",
"default": false
},
"upg.install-start": {
"type": "boolean",
"description": "Enable/Disable install start event.",
"default": false
},
"upg.install-failed": {
"type": "boolean",
"description": "Enable/Disable install failed event.",
"default": false
},
"upg.reboot-start": {
"type": "boolean",
"description": "Enable/Disable reboot start event.",
"default": false
},
"upg.success": {
"type": "boolean",
"description": "Enable/Disable upgrade success event.",
"default": false
}
}
}
}
},
"dhcp-snooping": {
"description": "Enable/Disable DHCP Snooping events.",
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable/Disable DHCP Snooping category.",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"dhcp-snooping.violation-detected": {
"type": "boolean",
"description": "Enable/Disable DHCP Snooping violation detected event.",
"default": false
},
"dhcp-snooping.violation-cleared": {
"type": "boolean",
"description": "Enable/Disable DHCP Snooping violation cleared event.",
"default": false
}
}
}
}
}
}
},
"acl": {
"description": "Contains all the access control rule definitions",
"type": "array",
@@ -1864,6 +2211,26 @@
"type": "boolean",
"default": false
},
"ip-arp-inspect-vlan": {
"type": "object",
"description": "Configuration for ARP Inspection on specific VLANs in the switch.",
"properties": {
"vlan-enable": {
"type": "boolean",
"description": "Enable or disable ARP Inspection for a specified VLAN."
},
"vlan-acl-rule": {
"type": "string",
"description": "Specifies an ARP ACL to apply to one or more VLANs.",
"maxLength": 32,
"minLength": 1
},
"vlan-acl-nodhcp-bindings": {
"type": "boolean",
"description": "Validate ARP packets against only the specified ACL without checking address bindings in the DHCP snooping database."
}
}
},
"dhcp": {
"description": "This section describes the DHCP server configuration",
"type": "object",

316
ucentral.schema.json
View File

@@ -529,6 +529,58 @@
}
}
},
"ip-arp-inspect-port": {
"type": "object",
"properties": {
"rate-limit-pps": {
"type": "integer",
"minimum": 0,
"maximum": 65535
},
"trusted": {
"type": "boolean"
}
}
},
"rate-limit-port": {
"type": "object",
"properties": {
"ingress-kbps": {
"type": "integer",
"minimum": 64,
"maximum": 1000000000
},
"egress-kbps": {
"type": "integer",
"minimum": 64,
"maximum": 1000000000
}
}
},
"ip-source-guard-port": {
"type": "object",
"properties": {
"rule": {
"type": "string",
"enum": [
"sip",
"sip-mac"
]
},
"mode": {
"type": "string",
"enum": [
"mac",
"acl"
]
},
"max-binding": {
"type": "integer",
"minimum": 1,
"maximum": 65535
}
}
},
"acl": {
"type": "array",
"items": {
@@ -619,6 +671,242 @@
}
}
},
"switch.arp-inspect": {
"type": "object",
"properties": {
"ip-arp-inspect": {
"type": "boolean",
"default": false
},
"validate-dst-mac": {
"type": "boolean"
},
"validate-ip": {
"type": "boolean"
},
"validate-allow-zeros": {
"type": "boolean"
},
"validate-src-mac": {
"type": "boolean"
}
}
},
"switch.ip-source-guard": {
"type": "object",
"properties": {
"bindings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"binding-mode": {
"type": "string",
"enum": [
"mac",
"acl"
]
},
"binding-mac": {
"type": "string",
"format": "uc-mac"
},
"binding-vlans": {
"type": "integer"
},
"binding-ip": {
"type": "string",
"format": "ipv4"
},
"binding-port": {
"type": "string"
}
}
}
}
}
},
"switch.rtevent": {
"type": "object",
"properties": {
"port-status": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"wired.carrier-down": {
"type": "boolean",
"default": false
},
"wired.carrier-up": {
"type": "boolean",
"default": false
}
}
}
}
},
"module": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"module.plugout": {
"type": "boolean",
"default": false
},
"module.plugin": {
"type": "boolean",
"default": false
}
}
}
}
},
"stp": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"stp.loop-detected": {
"type": "boolean",
"default": false
},
"stp.loop-cleared": {
"type": "boolean",
"default": false
},
"stp.state-change": {
"type": "boolean",
"default": false
}
}
}
}
},
"rstp": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"rstp.loop-detected": {
"type": "boolean",
"default": false
},
"rstp.loop-cleared": {
"type": "boolean",
"default": false
},
"rstp.state-change": {
"type": "boolean",
"default": false
}
}
}
}
},
"fw-upgrade": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"upg.download-start": {
"type": "boolean",
"default": false
},
"upg.download-in-progress": {
"type": "boolean",
"default": false
},
"upg.download-failed": {
"type": "boolean",
"default": false
},
"upg.validation-start": {
"type": "boolean",
"default": false
},
"upg.validation-success": {
"type": "boolean",
"default": false
},
"upg.validation-failed": {
"type": "boolean",
"default": false
},
"upg.backup-current-firmware": {
"type": "boolean",
"default": false
},
"upg.install-start": {
"type": "boolean",
"default": false
},
"upg.install-failed": {
"type": "boolean",
"default": false
},
"upg.reboot-start": {
"type": "boolean",
"default": false
},
"upg.success": {
"type": "boolean",
"default": false
}
}
}
}
},
"dhcp-snooping": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"dhcp-snooping.violation-detected": {
"type": "boolean",
"default": false
},
"dhcp-snooping.violation-cleared": {
"type": "boolean",
"default": false
}
}
}
}
}
}
},
"switch.acl": {
"type": "array",
"uniqueItems": true,
@@ -1265,6 +1553,15 @@
}
}
},
"arp-inspect": {
"$ref": "#/$defs/switch.arp-inspect"
},
"ip-source-guard": {
"$ref": "#/$defs/switch.ip-source-guard"
},
"rt-events": {
"$ref": "#/$defs/switch.rtevent"
},
"acl": {
"$ref": "#/$defs/switch.acl"
}
@@ -1364,6 +1661,22 @@
}
}
},
"interface.ipv4.arp-inspect": {
"type": "object",
"properties": {
"vlan-enable": {
"type": "boolean"
},
"vlan-acl-rule": {
"type": "string",
"maxLength": 32,
"minLength": 1
},
"vlan-acl-nodhcp-bindings": {
"type": "boolean"
}
}
},
"interface.ipv4.dhcp": {
"type": "object",
"properties": {
@@ -1668,6 +1981,9 @@
"type": "boolean",
"default": false
},
"ip-arp-inspect-vlan": {
"$ref": "#/$defs/interface.ipv4.arp-inspect"
},
"dhcp": {
"$ref": "#/$defs/interface.ipv4.dhcp"
},

379
ucentral.schema.pretty.json
View File

@@ -623,6 +623,68 @@
}
}
},
"ip-arp-inspect-port": {
"type": "object",
"description": "Configuration for ARP Inspection on specific interfaces or ports in the switch.",
"properties": {
"rate-limit-pps": {
"type": "integer",
"description": "Sets a rate limit (packets per second) for the ARP packets received on a port. Ensures that the port does not process ARP packets beyond the configured limit.",
"minimum": 0,
"maximum": 65535
},
"trusted": {
"type": "boolean",
"description": "Configures the port as trusted, exempting it from ARP Inspection. Trusted ports bypass ARP validation checks."
}
}
},
"rate-limit-port": {
"type": "object",
"description": "Configuration for ingress and egress rate limiting on a specific port (in kbps)",
"properties": {
"ingress-kbps": {
"type": "integer",
"description": "Sets the maximum allowed ingress (input) traffic rate for the port, in kilobits per second (kbps).",
"minimum": 64,
"maximum": 1000000000
},
"egress-kbps": {
"type": "integer",
"description": "Sets the maximum allowed egress (output) traffic rate for the port, in kilobits per second (kbps).",
"minimum": 64,
"maximum": 1000000000
}
}
},
"ip-source-guard-port": {
"type": "object",
"description": "Configuration of IP Source Guard (IPSG) on a physical interface in a Layer 2 switch.",
"properties": {
"rule": {
"type": "string",
"description": "Configures the switch to filter inbound traffic based on source IP address only, or source IP address and corresponding MAC address combined.",
"enum": [
"sip",
"sip-mac"
]
},
"mode": {
"type": "string",
"description": "Specifies the learning mode to use for validation, either MAC address table or ACL table. The system searches for source addresses in the specified table.",
"enum": [
"mac",
"acl"
]
},
"max-binding": {
"type": "integer",
"description": "Sets the maximum number of address entries that can be mapped to an interface in the binding table. Includes both static entries and dynamically learned entries via DHCP Snooping.",
"minimum": 1,
"maximum": 65535
}
}
},
"acl": {
"description": "A collection of access control entries that define the rules for filtering traffic through a network port.",
"type": "array",
@@ -728,6 +790,291 @@
}
}
},
"switch.arp-inspect": {
"type": "object",
"description": "Global configuration for ARP Inspection on the switch.",
"properties": {
"ip-arp-inspect": {
"type": "boolean",
"description": "Enable or disable ARP Inspection globally.",
"default": false
},
"validate-dst-mac": {
"type": "boolean",
"description": "Validate that the destination MAC address in the Ethernet header matches the target MAC address in the ARP body for ARP responses."
},
"validate-ip": {
"type": "boolean",
"description": "Validate ARP packets for unexpected or invalid IP addresses, such as 0.0.0.0, 255.255.255.255, and IP multicast addresses."
},
"validate-allow-zeros": {
"type": "boolean",
"description": "Allow ARP packets where the sender IP address is 0.0.0.0."
},
"validate-src-mac": {
"type": "boolean",
"description": "Validate that the source MAC address in the Ethernet header matches the sender MAC address in the ARP body for both ARP requests and responses."
}
}
},
"switch.ip-source-guard": {
"type": "object",
"description": "Configuration for IP Source Guard global static bindings in a Layer 2 switch.",
"properties": {
"bindings": {
"type": "array",
"description": "List of static bindings for IP Source Guard.",
"items": {
"type": "object",
"properties": {
"binding-mode": {
"type": "string",
"description": "Specifies the mode for adding a static address to the Source Guard ACL or MAC address binding table. It determines whether the binding is based on MAC addresses or ACLs.",
"enum": [
"mac",
"acl"
]
},
"binding-mac": {
"type": "string",
"format": "uc-mac",
"description": "A valid unicast MAC address for binding to the Source Guard filtering table."
},
"binding-vlans": {
"type": "integer",
"description": "The VLAN ID associated with the static binding for Source Guard filtering. Must be a valid, configured VLAN on the switch."
},
"binding-ip": {
"type": "string",
"format": "ipv4",
"description": "A valid unicast IPv4 address to associate with the Source Guard filtering table."
},
"binding-port": {
"type": "string",
"description": "The physical interface (e.g., ethernet0, ethernet1) where the Source Guard binding applies."
}
}
}
}
}
},
"switch.rtevent": {
"description": "Configuration for enabling or disabling specific event categories and their sub-events.",
"type": "object",
"properties": {
"port-status": {
"description": "Enable/Disable Port Status events.",
"type": "object",
"properties": {
"enabled": {
"description": "Enable/Disable Port Status category.",
"type": "boolean",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"wired.carrier-down": {
"type": "boolean",
"description": "Enable/Disable carrier down event.",
"default": false
},
"wired.carrier-up": {
"type": "boolean",
"description": "Enable/Disable carrier up event.",
"default": false
}
}
}
}
},
"module": {
"description": "Enable/Disable Module events.",
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable/Disable Module category.",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"module.plugout": {
"type": "boolean",
"description": "Enable/Disable module plugout event.",
"default": false
},
"module.plugin": {
"type": "boolean",
"description": "Enable/Disable module plugin event.",
"default": false
}
}
}
}
},
"stp": {
"description": "Enable/Disable STP events.",
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable/Disable STP category.",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"stp.loop-detected": {
"type": "boolean",
"description": "Enable/Disable loop detected event.",
"default": false
},
"stp.loop-cleared": {
"type": "boolean",
"description": "Enable/Disable loop cleared event.",
"default": false
},
"stp.state-change": {
"type": "boolean",
"description": "Enable/Disable state change event.",
"default": false
}
}
}
}
},
"rstp": {
"description": "Enable/Disable RSTP events.",
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable/Disable RSTP category.",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"rstp.loop-detected": {
"type": "boolean",
"description": "Enable/Disable loop detected event.",
"default": false
},
"rstp.loop-cleared": {
"type": "boolean",
"description": "Enable/Disable loop cleared event.",
"default": false
},
"rstp.state-change": {
"type": "boolean",
"description": "Enable/Disable state change event.",
"default": false
}
}
}
}
},
"fw-upgrade": {
"description": "Enable/Disable Firmware Upgrade events.",
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable/Disable Firmware Upgrade category.",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"upg.download-start": {
"type": "boolean",
"description": "Enable/Disable download start event.",
"default": false
},
"upg.download-in-progress": {
"type": "boolean",
"description": "Enable/Disable download in progress event.",
"default": false
},
"upg.download-failed": {
"type": "boolean",
"description": "Enable/Disable download failed event.",
"default": false
},
"upg.validation-start": {
"type": "boolean",
"description": "Enable/Disable validation start event.",
"default": false
},
"upg.validation-success": {
"type": "boolean",
"description": "Enable/Disable validation success event.",
"default": false
},
"upg.validation-failed": {
"type": "boolean",
"description": "Enable/Disable validation failed event.",
"default": false
},
"upg.backup-current-firmware": {
"type": "boolean",
"description": "Enable/Disable firmware backup event.",
"default": false
},
"upg.install-start": {
"type": "boolean",
"description": "Enable/Disable install start event.",
"default": false
},
"upg.install-failed": {
"type": "boolean",
"description": "Enable/Disable install failed event.",
"default": false
},
"upg.reboot-start": {
"type": "boolean",
"description": "Enable/Disable reboot start event.",
"default": false
},
"upg.success": {
"type": "boolean",
"description": "Enable/Disable upgrade success event.",
"default": false
}
}
}
}
},
"dhcp-snooping": {
"description": "Enable/Disable DHCP Snooping events.",
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable/Disable DHCP Snooping category.",
"default": false
},
"sub-events": {
"type": "object",
"properties": {
"dhcp-snooping.violation-detected": {
"type": "boolean",
"description": "Enable/Disable DHCP Snooping violation detected event.",
"default": false
},
"dhcp-snooping.violation-cleared": {
"type": "boolean",
"description": "Enable/Disable DHCP Snooping violation cleared event.",
"default": false
}
}
}
}
}
}
},
"switch.acl": {
"description": "Contains all the access control rule definitions",
"type": "array",
@@ -1490,6 +1837,15 @@
}
}
},
"arp-inspect": {
"$ref": "#/$defs/switch.arp-inspect"
},
"ip-source-guard": {
"$ref": "#/$defs/switch.ip-source-guard"
},
"rt-events": {
"$ref": "#/$defs/switch.rtevent"
},
"acl": {
"$ref": "#/$defs/switch.acl"
}
@@ -1603,6 +1959,26 @@
}
}
},
"interface.ipv4.arp-inspect": {
"type": "object",
"description": "Configuration for ARP Inspection on specific VLANs in the switch.",
"properties": {
"vlan-enable": {
"type": "boolean",
"description": "Enable or disable ARP Inspection for a specified VLAN."
},
"vlan-acl-rule": {
"type": "string",
"description": "Specifies an ARP ACL to apply to one or more VLANs.",
"maxLength": 32,
"minLength": 1
},
"vlan-acl-nodhcp-bindings": {
"type": "boolean",
"description": "Validate ARP packets against only the specified ACL without checking address bindings in the DHCP snooping database."
}
}
},
"interface.ipv4.dhcp": {
"description": "This section describes the DHCP server configuration",
"type": "object",
@@ -1954,6 +2330,9 @@
"type": "boolean",
"default": false
},
"ip-arp-inspect-vlan": {
"$ref": "#/$defs/interface.ipv4.arp-inspect"
},
"dhcp": {
"$ref": "#/$defs/interface.ipv4.dhcp"
},

73
ucentral.state.pretty.json
View File

@@ -85,6 +85,79 @@
"uplink_interface": {
"type": "string",
"description": "Current interface that serves as the Uplink. Example Ethernet2."
},
"arp-inspect-stats": {
"type": "object",
"description": "Statistics related to ARP Inspection activity in the switch.",
"properties": {
"arp-pkt-rcvd": {
"type": "integer",
"description": "Total number of ARP packets received."
},
"arp-pkt-dropped-rate-limit": {
"type": "integer",
"description": "Number of ARP packets dropped due to rate limiting."
},
"arp-pkt-processed": {
"type": "integer",
"description": "Total number of ARP packets processed by ARP Inspection."
},
"arp-pkt-dropped-src-mac": {
"type": "integer",
"description": "Number of ARP packets dropped due to source MAC address validation failures."
},
"arp-pkt-dropped-dst-mac": {
"type": "integer",
"description": "Number of ARP packets dropped due to destination MAC address validation failures."
},
"arp-pkt-dropped-ip": {
"type": "integer",
"description": "Number of ARP packets dropped due to IP address validation failures.\""
},
"arp-pkt-dropped-acl": {
"type": "integer",
"description": "Number of ARP packets dropped due to ARP ACL rules."
},
"arp-pkt-dropped-dhcp": {
"type": "integer",
"description": "Number of ARP packets dropped due to DHCP snooping validation failures."
}
}
},
"ip-source-guard": {
"type": "object",
"description": "Represents the configuration and state of IP Source Guard.",
"properties": {
"blocked-entries": {
"type": "array",
"description": "Displays a list of entries that are currently blocked by IP Source Guard (IPSG).",
"items": {
"type": "object",
"properties": {
"blocked-mac": {
"type": "string",
"description": "The MAC address that has been blocked by IP Source Guard.",
"format": "mac-address"
},
"blocked-ip": {
"type": "string",
"description": "The IP address that has been blocked by IP Source Guard.",
"format": "ipv4"
},
"blocked-vlan": {
"type": "integer",
"description": "The VLAN ID associated with the blocked IP/MAC entry.",
"minimum": 1,
"maximum": 4095
},
"blocked-interface": {
"type": "string",
"description": "The interface (e.g., port) where the blocked entry was detected."
}
}
}
}
}
}
},
"$defs": {