mirror of
https://github.com/Telecominfraproject/ols-ucentral-schema.git
synced 2025-10-29 01:02:20 +00:00
540 lines
21 KiB
YAML
540 lines
21 KiB
YAML
description:
|
||
This section defines the linkk speed and duplex mode of the physical copper/fiber
|
||
ports of the device.
|
||
type: object
|
||
properties:
|
||
select-ports:
|
||
description:
|
||
The list of physical network devices that shall be configured.
|
||
The names are logical ones and wildcardable.
|
||
type: array
|
||
items:
|
||
type: string
|
||
examples:
|
||
- LAN1
|
||
- LAN2
|
||
- LAN3
|
||
- LAN4
|
||
- LAN*
|
||
- WAN*
|
||
- "*"
|
||
name:
|
||
description:
|
||
This is a free text field, stating the administrative name of the
|
||
port. It may contain spaces and special characters, not exceeding 64 characters.
|
||
type: string
|
||
examples:
|
||
- cloud_uplink_port
|
||
speed:
|
||
description:
|
||
The link speed that shall be forced.
|
||
type: integer
|
||
enum:
|
||
- 10
|
||
- 100
|
||
- 1000
|
||
- 2500
|
||
- 5000
|
||
- 10000
|
||
- 25000
|
||
- 40000
|
||
- 50000
|
||
- 100000
|
||
- 200000
|
||
default: 1000
|
||
duplex:
|
||
description:
|
||
The duplex mode that shall be forced.
|
||
type: string
|
||
enum:
|
||
- half
|
||
- full
|
||
default: full
|
||
enabled:
|
||
description:
|
||
This allows forcing the port to down state by default.
|
||
type: boolean
|
||
default: true
|
||
services:
|
||
description:
|
||
The services that shall be offered on this L2 interface.
|
||
type: array
|
||
items:
|
||
type: string
|
||
examples:
|
||
- quality-of-service
|
||
poe:
|
||
description:
|
||
This section describes the ethernet poe-port configuration object.
|
||
type: object
|
||
properties:
|
||
admin-mode:
|
||
description:
|
||
Option to force admin state over selected port.
|
||
Setting to <false> immediately shuts down power.
|
||
Setting to <true> starts PoE hanshake
|
||
(Power sourcing equipment < - > Powered Device) sequence and
|
||
in case of success, power is being delivered to Powered Device.
|
||
type: boolean
|
||
default: false
|
||
do-reset:
|
||
description:
|
||
Option to force device's PSE (Power sourcing equipment)
|
||
to invoke a PoE port reset sequence.
|
||
This option can be used to reset PoE port without flickering
|
||
it via <admin-mode> down/up sequence.
|
||
type: boolean
|
||
detection:
|
||
description:
|
||
The detection mode is used to set the type of devices that are allowed for powering up.
|
||
The PoE controller can be configured to detect only IEEE standard devices
|
||
or pre-IEEE legacy devices (which were pre-standard - non-IEEE 802.3af compliant).
|
||
For example, if "dot3af" is used (PoE, max up to 15.4 W), and Powered Device drains >15.4W,
|
||
Power sourcing equipment won't allow this port to drain power.
|
||
type: string
|
||
examples:
|
||
- "2pt-dot3af"
|
||
- "2pt-dot3af+legacy"
|
||
- "4pt-dot3af"
|
||
- "4pt-dot3af+legacy"
|
||
- "dot3bt"
|
||
- "dot3bt+legacy"
|
||
- "legacy"
|
||
default: dot3bt
|
||
power-limit:
|
||
description:
|
||
Option to configure user defined absolute power limit PoE port can dain (in milliwatts, mW).
|
||
type: integer
|
||
default: 99900
|
||
priority:
|
||
description:
|
||
Option to set priority to each PoE port. When the PoE switch has less power available
|
||
and more ports are required to supply power, higher priority ports are receive power
|
||
in preference to lower priority ports.
|
||
type: string
|
||
default: low
|
||
examples:
|
||
- "critical"
|
||
- "high"
|
||
- "medium"
|
||
- "low"
|
||
ieee8021x:
|
||
description:
|
||
This section describes the per-port specific 802.1X (port access control) configuration.
|
||
type: object
|
||
properties:
|
||
is-authenticator:
|
||
description:
|
||
Configure PAE processing on port, as well as select this port as an Authenticator (configure PAC role to authenticator).
|
||
False configures the switch to not process PAC
|
||
type: boolean
|
||
default: false
|
||
authentication-mode:
|
||
description:
|
||
Configure PAE processing on port, as well as select this port as an Authenticator (configure PAC role to authenticator).
|
||
force-authorized - Disables IEEE 802.1X authentication and causes the port to change to the authorized state without any authentication exchange required.
|
||
The port sends and receives normal traffic without IEEE 802.1X-based authentication of the client.
|
||
force-unauthorized - Causes the port to remain in the unauthorized state, ignoring all attempts by the supplicant to authenticate.
|
||
The Device cannot provide authentication services to the supplicant through the port.
|
||
auto - Enables IEEE 802.1X authentication and causes the port to begin in the unauthorized state, allowing only EAPOL frames to be sent and received through the port.
|
||
The authentication process begins when the link state of the port changes from down to up or when an EAPOL-start frame is received. The Device requests the identity of the
|
||
supplicant and begins relaying authentication messages between the supplicant and the authentication server.
|
||
Each supplicant attempting to access the network is uniquely identified by the Device by using the supplicant MAC address.
|
||
type: string
|
||
enum:
|
||
- force-authorized
|
||
- force-unauthorized
|
||
- auto
|
||
default: force-authorized
|
||
host-mode:
|
||
description: |
|
||
Multi-auth - While in this mode, multiple devices are allowed to independently authenticate through the same port.
|
||
Multi-domain - While in this mode, the authenticator will allow one host from the data domain and one from the voice domain.
|
||
Multi-host - While in this mode, the first device to authenticate will open to the switchport so that all other devices can use the port. These other devices are not required to be authenticated independently.
|
||
Single-host - While in this mode, the switchport will only allow a single host to be authenticated and to pass traffic at a time.
|
||
type: string
|
||
enum:
|
||
- multi-auth
|
||
- multi-domain
|
||
- multi-host
|
||
- single-host
|
||
default: multi-auth
|
||
guest-vlan:
|
||
description:
|
||
Configure a VLAN as a guest VLAN on an interface if the switch receives no response in an authentication event.
|
||
type: integer
|
||
minimum: 1
|
||
maximum: 4094
|
||
unauthenticated-vlan:
|
||
description:
|
||
Configure the unauthenticated VLAN to use when the AAA server fails to recognize the client credentials
|
||
type: integer
|
||
minimum: 1
|
||
maximum: 4094
|
||
mac-address-bypass:
|
||
description: Enables bypass when a device does not support 802.1X authentication (e.g., printers, IP phones)
|
||
type: boolean
|
||
mac-address-bypass-timeout-minutes:
|
||
description: Defines the time period (in minutes) for which a MAC address is allowed access to the network without requiring reauthentication, after being authenticated or allowed via MAC Authentication Bypass (MAB).
|
||
type: integer
|
||
trunk-group:
|
||
description: Associates this port to a trunk or a port-channel.
|
||
type: integer
|
||
minimum: 1
|
||
maximum: 64
|
||
lacp-config:
|
||
description:
|
||
This section describes the 802.3ad Link Aggregation Control Protocol (LACP) configuration for the current interface.
|
||
type: object
|
||
properties:
|
||
lacp-enable:
|
||
description:
|
||
Enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface.
|
||
type: boolean
|
||
default: false
|
||
lacp-role:
|
||
description:
|
||
Configures the port LACP role as actor or partner.
|
||
type: string
|
||
enum:
|
||
- actor
|
||
- partner
|
||
default: actor
|
||
lacp-mode:
|
||
description:
|
||
Configures the LACP negotiation activity mode as active or passive.
|
||
type: string
|
||
enum:
|
||
- active
|
||
- passive
|
||
default: passive
|
||
lacp-port-admin-key:
|
||
description:
|
||
Configures the port's LACP administration key.
|
||
type: integer
|
||
minimum: 1
|
||
maximum: 65535
|
||
default: 1
|
||
lacp-port-priority:
|
||
description:
|
||
Configures the LACP port priority.
|
||
type: integer
|
||
minimum: 1
|
||
maximum: 65535
|
||
default: 32768
|
||
lacp-system-priority:
|
||
description:
|
||
Configures the LACP System priority.
|
||
type: integer
|
||
minimum: 1
|
||
maximum: 65535
|
||
default: 32768
|
||
lacp-pchan-admin-key:
|
||
description:
|
||
Configures the port channel's LACP administration key (optional).
|
||
type: integer
|
||
minimum: 1
|
||
maximum: 65535
|
||
lacp-timeout:
|
||
description:
|
||
Configures the timeout to wait for the next LACP data unit.
|
||
type: string
|
||
enum:
|
||
- short
|
||
- long
|
||
default: long
|
||
lldp-interface-config:
|
||
type: object
|
||
description: Configurations of LLDP on a specified interface.
|
||
properties:
|
||
lldp-admin-status:
|
||
type: string
|
||
description: Enables LLDP transmit, receive, or transmit and receive mode on the specified port.
|
||
enum:
|
||
- rx
|
||
- tx
|
||
- rx-tx
|
||
lldp-basic-tlv-mgmt-ip-v4:
|
||
type: boolean
|
||
description: Configures an LLDP-enabled port to advertise the management address for this device.
|
||
default: true
|
||
lldp-basic-tlv-mgmt-ip-v6:
|
||
type: boolean
|
||
description: Configures an LLDP-enabled port to advertise the management IPv6 address for this device, if available.
|
||
default: false
|
||
lldp-basic-tlv-port-descr:
|
||
type: boolean
|
||
description: Configures an LLDP-enabled port to advertise its port description.
|
||
default: true
|
||
lldp-basic-tlv-sys-capab:
|
||
type: boolean
|
||
description: Configures an LLDP-enabled port to advertise its system capabilities.
|
||
default: true
|
||
lldp-basic-tlv-sys-descr:
|
||
type: boolean
|
||
description: Configures an LLDP-enabled port to advertise the system description.
|
||
default: true
|
||
lldp-basic-tlv-sys-name:
|
||
type: boolean
|
||
description: Configures an LLDP-enabled port to advertise its system name.
|
||
default: true
|
||
lldp-dot1-tlv-proto-ident:
|
||
type: boolean
|
||
description: Configures an LLDP-enabled port to advertise the supported protocols.
|
||
default: true
|
||
lldp-dot1-tlv-proto-vid:
|
||
type: boolean
|
||
description: Configures an LLDP-enabled port to advertise port-based protocol-related VLAN information.
|
||
default: true
|
||
lldp-dot1-tlv-pvid:
|
||
type: boolean
|
||
description: Configures an LLDP-enabled port to advertise its default Native VLAN ID (PVID).
|
||
default: true
|
||
lldp-dot1-tlv-vlan-name:
|
||
type: boolean
|
||
description: Configures an LLDP-enabled port to advertise its VLAN name.
|
||
default: true
|
||
lldp-dot3-tlv-link-agg:
|
||
type: boolean
|
||
description: Configures an LLDP-enabled port to advertise its link aggregation capabilities.
|
||
default: true
|
||
lldp-dot3-tlv-mac-phy:
|
||
type: boolean
|
||
description: Configures an LLDP-enabled port to advertise its MAC and physical layer specifications.
|
||
default: true
|
||
lldp-dot3-tlv-max-frame:
|
||
type: boolean
|
||
description: Configures an LLDP-enabled port to advertise its maximum frame size.
|
||
default: true
|
||
lldp-dot3-tlv-poe:
|
||
type: boolean
|
||
description: Configures an LLDP-enabled port to advertise its Power-over-Ethernet capabilities.
|
||
default: true
|
||
lldp-med-location-civic-addr:
|
||
type: object
|
||
description: Configures an LLDP-MED-enabled port to advertise its location identification details.
|
||
properties:
|
||
lldp-med-location-civic-addr-admin-status:
|
||
type: boolean
|
||
description: Enables or disables the advertisement of this TLV.
|
||
default: false
|
||
lldp-med-location-civic-country-code:
|
||
type: string
|
||
description: Configure the two-letter ISO 3166 country code in capital ASCII letters.
|
||
lldp-med-location-civic-device-type:
|
||
type: integer
|
||
description: The type of device to which the location applies.
|
||
lldp-med-location-civic-ca:
|
||
description: The list of LLDP MED Location CA Types to advertise the physical location of the device, that is the city, street number, building and room information.
|
||
type: array
|
||
items:
|
||
type: object
|
||
properties:
|
||
lldp-med-location-civic-ca-type:
|
||
type: integer
|
||
description: A one-octet descriptor of the data civic address value.
|
||
maximum: 255
|
||
minimum: 0
|
||
lldp-med-location-civic-ca-value:
|
||
type: string
|
||
description: Description of a location.
|
||
maxLength: 32
|
||
minLength: 1
|
||
lldp-med-notification:
|
||
type: boolean
|
||
description: Enables the transmission of SNMP trap notifications about LLDP-MED changes.
|
||
default: false
|
||
lldp-med-tlv-ext-poe:
|
||
type: boolean
|
||
description: Configures an LLDP-MED-enabled port to advertise its extended Power over Ethernet configuration and usage information.
|
||
default: true
|
||
lldp-med-tlv-inventory:
|
||
type: boolean
|
||
description: Configures an LLDP-MED-enabled port to advertise its inventory identification details.
|
||
default: true
|
||
lldp-med-tlv-location:
|
||
type: boolean
|
||
description: Configures an LLDP-MED-enabled port to advertise its location identification details.
|
||
default: true
|
||
lldp-med-tlv-med-cap:
|
||
type: boolean
|
||
description: Configures an LLDP-MED-enabled port to advertise its Media Endpoint Device capabilities.
|
||
default: true
|
||
lldp-med-tlv-network-policy:
|
||
type: boolean
|
||
description: Configures an LLDP-MED-enabled port to advertise its network policy configuration.
|
||
default: true
|
||
lldp-notification:
|
||
type: boolean
|
||
description: Enables the transmission of SNMP trap notifications about LLDP changes.
|
||
default: false
|
||
ip-arp-inspect-port:
|
||
type: object
|
||
description: Configuration for ARP Inspection on specific interfaces or ports in the switch.
|
||
properties:
|
||
rate-limit-pps:
|
||
type: integer
|
||
description: Sets a rate limit (packets per second) for the ARP packets received on a port. Ensures that the port does not process ARP packets beyond the configured limit.
|
||
minimum: 0
|
||
maximum: 65535
|
||
trusted:
|
||
type: boolean
|
||
description: Configures the port as trusted, exempting it from ARP Inspection. Trusted ports bypass ARP validation checks.
|
||
rate-limit-port:
|
||
type: object
|
||
description: Configuration for ingress and egress rate limiting on a specific port (in kbps)
|
||
properties:
|
||
ingress-kbps:
|
||
type: integer
|
||
description: Sets the maximum allowed ingress (input) traffic rate for the port, in kilobits per second (kbps).
|
||
minimum: 64
|
||
maximum: 1000000000
|
||
egress-kbps:
|
||
type: integer
|
||
description: Sets the maximum allowed egress (output) traffic rate for the port, in kilobits per second (kbps).
|
||
minimum: 64
|
||
maximum: 1000000000
|
||
ip-source-guard-port:
|
||
type: object
|
||
description: Configuration of IP Source Guard (IPSG) on a physical interface in a Layer 2 switch.
|
||
properties:
|
||
rule:
|
||
type: string
|
||
description: Configures the switch to filter inbound traffic based on source IP address only,
|
||
or source IP address and corresponding MAC address combined.
|
||
enum:
|
||
- sip
|
||
- sip-mac
|
||
mode:
|
||
type: string
|
||
description: Specifies the learning mode to use for validation, either MAC address table or ACL table.
|
||
The system searches for source addresses in the specified table.
|
||
enum:
|
||
- mac
|
||
- acl
|
||
max-binding:
|
||
type: integer
|
||
description: Sets the maximum number of address entries that can be mapped to an interface
|
||
in the binding table. Includes both static entries and dynamically learned entries
|
||
via DHCP Snooping.
|
||
minimum: 1
|
||
maximum: 65535
|
||
acl:
|
||
description: A collection of access control entries that define the rules for filtering traffic through a network port.
|
||
type: array
|
||
items:
|
||
type: object
|
||
properties:
|
||
acl-inf-policy-preference:
|
||
description: Determines the priority of multiple ACL policies when more than one is applied to an interface, if any.
|
||
type: integer
|
||
minimum: 1
|
||
maximum: 64
|
||
default: 1
|
||
acl-inf-policy-ingress:
|
||
description: Specifies the ACL policy that is applied to incoming traffic on an interface.
|
||
type: string
|
||
maxLength: 32
|
||
minLength: 1
|
||
examples:
|
||
- blacklisted-macs
|
||
acl-inf-counters-ingress:
|
||
description: Tracks the number and type of packets that match the ingress ACL rules on an interface.
|
||
type: boolean
|
||
default: false
|
||
acl-inf-policy-egress:
|
||
description: Specifies the ACL policy that is applied to outgoing traffic from an interface.
|
||
type: string
|
||
maxLength: 32
|
||
minLength: 1
|
||
examples:
|
||
- blacklisted-macs
|
||
acl-inf-counters-egress:
|
||
description: Tracks the number and type of packets that match the egress ACL rules on an interface.
|
||
type: boolean
|
||
default: false
|
||
voice-vlan-intf-config:
|
||
description: Configure the Voice VLAN feature at the interface level, allowing for VoIP traffic to be prioritized on this specific port.
|
||
type: object
|
||
properties:
|
||
voice-vlan-intf-mode:
|
||
description: Specify the mode of placing this port on the voice VLAN.
|
||
type: string
|
||
default: "auto"
|
||
enum:
|
||
- none
|
||
- manual
|
||
- auto
|
||
voice-vlan-intf-priority:
|
||
description: Define the Class of Service (CoS) priority for VoIP traffic passing through this port, ensuring higher priority over other traffic types.
|
||
type: integer
|
||
default: 6
|
||
minimum: 0
|
||
maximum: 6
|
||
voice-vlan-intf-detect-voice:
|
||
description: Select the detection method for identifying VoIP traffic on this port, such as OUI-based detection or traffic pattern recognition.
|
||
type: string
|
||
default: "oui"
|
||
enum:
|
||
- oui
|
||
- lldp
|
||
voice-vlan-intf-security:
|
||
description: Enable or configure security filtering for VoIP traffic on the interface to protect against unauthorized devices.
|
||
type: boolean
|
||
default: false
|
||
dhcp-snoop-port:
|
||
description: Configuration for DHCP Snooping on a port level on a switch
|
||
type: object
|
||
properties:
|
||
dhcp-snoop-port-trust:
|
||
description: This parameter designates a switch port as ‘trusted’ for DHCP messages, meaning it can forward DHCP offers and acknowledgments, which is essential for connecting to legitimate DHCP servers
|
||
type: boolean
|
||
default: false
|
||
dhcp-snoop-port-client-limit:
|
||
description: It sets a limit on the number of DHCP clients that can be associated with a single port, helping to prevent a single port from exhausting the network’s IP address pool
|
||
type: integer
|
||
minimum: 1
|
||
dhcp-snoop-port-circuit-id:
|
||
description: Specifies DHCP Option 82 circuit ID suboption information. Often including information like the interface number and VLAN ID, this can be useful for network management and troubleshooting
|
||
type: string
|
||
minLength: 1
|
||
maxLength: 32
|
||
bpdu-guard:
|
||
description: BPDU Guard configuration block. Enables protection against unexpected BPDUs
|
||
on edge ports to prevent loops and rogue switch connections.
|
||
type: object
|
||
properties:
|
||
enabled:
|
||
description: When true, the port will be placed into an error-disabled state if any BPDU is received.
|
||
type: boolean
|
||
auto-recovery-secs:
|
||
description: Time in 'seconds' after which a port that was err-disabled due to BPDU Guard
|
||
violation will be automatically re-enabled.
|
||
type: integer
|
||
default: 300
|
||
edge-port:
|
||
description: When true, the port behaves as an STP Edge Port. When false, the port
|
||
participates fully in STP and is treated as a normal switch port.
|
||
type: boolean
|
||
default: false
|
||
storm-control:
|
||
description: Storm Control configuration per storm type. Allows enabling or disabling traffic storm control for broadcast, multicast, and unknown unicast packets,
|
||
with independent packet-per-second (pps) thresholds. A limit-pps value of 0 implies the control is disabled for that traffic type.
|
||
type: object
|
||
properties:
|
||
broadcast-pps:
|
||
type: integer
|
||
minimum: 0
|
||
default: 0
|
||
description: Maximum allowed broadcast packets per second. 0 disables broadcast storm control.
|
||
multicast-pps:
|
||
type: integer
|
||
minimum: 0
|
||
default: 0
|
||
description: Maximum allowed multicast packets per second. 0 disables multicast storm control.
|
||
unknown-unicast-pps:
|
||
type: integer
|
||
minimum: 0
|
||
default: 0
|
||
description: Maximum allowed unknown unicast packets per second. 0 disables unknown unicast storm control.
|