mirror of
https://github.com/Telecominfraproject/ols-ucentral-schema.git
synced 2025-10-29 01:02:20 +00:00
561 lines
22 KiB
YAML
561 lines
22 KiB
YAML
description:
|
||
This section defines the switch fabric specific features of a physical switch.
|
||
type: object
|
||
properties:
|
||
port-mirror:
|
||
description:
|
||
Enable mirror of traffic from multiple minotor ports to a single analysis port.
|
||
type: array
|
||
items:
|
||
type: object
|
||
properties:
|
||
monitor-ports:
|
||
description:
|
||
The list of ports that we want to mirror.
|
||
type: array
|
||
items:
|
||
type: string
|
||
analysis-port:
|
||
description:
|
||
The port that mirror'ed packets should be sent to.
|
||
type: string
|
||
loop-detection:
|
||
description:
|
||
Enable loop detection on the L2 switches/bridge.
|
||
type: object
|
||
properties:
|
||
protocol:
|
||
description:
|
||
Define which protocol shall be used for loop detection.
|
||
type: string
|
||
enum:
|
||
- none
|
||
- stp
|
||
- rstp
|
||
- mstp
|
||
- pvstp
|
||
- rpvstp
|
||
default: rstp
|
||
roles:
|
||
description:
|
||
Define on which logical switches/bridges we want to provide loop-detection.
|
||
type: array
|
||
items:
|
||
type: string
|
||
enum:
|
||
- upstream
|
||
- downstream
|
||
instances:
|
||
description:
|
||
Define a list of configuration for each STP instance.
|
||
Meaning of this field depends on current
|
||
STP protocol (switch.loop-detection.protocol)
|
||
type: array
|
||
items:
|
||
type: object
|
||
properties:
|
||
id:
|
||
description:
|
||
Indicates instance to configure.
|
||
Depends on current STP protocol
|
||
If RPVSTP/PVSTP - vlan id
|
||
If MSTP - instance id
|
||
type: integer
|
||
enabled:
|
||
description:
|
||
Enable STP on this instance.
|
||
type: boolean
|
||
default: true
|
||
priority:
|
||
description:
|
||
Bridge priority.
|
||
type: integer
|
||
default: 32768
|
||
forward_delay:
|
||
description:
|
||
Defines the amount of time a switch port stays in the Listening
|
||
and Learning states before transitioning to the Forwarding state.
|
||
type: integer
|
||
default: 15
|
||
hello_time:
|
||
description:
|
||
Determines how often switches send BPDU.
|
||
type: integer
|
||
default: 2
|
||
max_age:
|
||
description:
|
||
Specifies the maximum time that a switch port should wait to
|
||
receive a BPDU from its neighbor before
|
||
considering the link as failed or disconnected.
|
||
type: integer
|
||
default: 20
|
||
ieee8021x:
|
||
description:
|
||
This section describes the global 802.1X (port access control) configuration.
|
||
type: object
|
||
properties:
|
||
auth-control-enable:
|
||
description:
|
||
Enabled processing of PAE frames on ports that have .1X configured.
|
||
type: boolean
|
||
default: false
|
||
radius:
|
||
description:
|
||
Define a list of RADIUS server to forward auth requests to.
|
||
type: array
|
||
items:
|
||
type: object
|
||
properties:
|
||
server-host:
|
||
description:
|
||
Remote radius server address (IP or hostname).
|
||
type: string
|
||
examples:
|
||
- 192.168.1.1
|
||
- somehost.com
|
||
server-authentication-port:
|
||
description:
|
||
The port that the RADIUS authentication agent is running on.
|
||
type: integer
|
||
maximum: 65535
|
||
minimum: 1
|
||
server-key:
|
||
description:
|
||
Secret key text that is shared between a RADIUS server and the switch.
|
||
type: string
|
||
examples:
|
||
- somepassword
|
||
server-priority:
|
||
description:
|
||
The server's priority (used when multiple servers are present. Bigger prio value = higher priority).
|
||
type: integer
|
||
maximum: 64
|
||
minimum: 1
|
||
dynamic-authorization:
|
||
description:
|
||
Additional dynamic authorization (RFC 5176 compliant) - configure option for DAS that enable RM and CoA processing.
|
||
type: object
|
||
properties:
|
||
auth-type:
|
||
description:
|
||
Sets the accepted authorization types for dynamic RADIUS clients.
|
||
all - Selects all COA client authentication types. All authentication attributes must match for the authentication to succeed.
|
||
any - Selects any COA client authentication type. Any authentication attribute may match for the authentication to succeed.
|
||
session-key - Indicates that the session-key must match for authentication to succeed.
|
||
type: string
|
||
enum:
|
||
- all
|
||
- any
|
||
- session-key
|
||
bounce-port-ignore:
|
||
description:
|
||
Sets the switch to ignore bounce-port requests from dynamic authorization clients.
|
||
type: boolean
|
||
default: false
|
||
disable-port-ignore:
|
||
description:
|
||
Sets the switch to ignore requests from dynamic authorization clients.
|
||
type: boolean
|
||
default: false
|
||
ignore-server-key:
|
||
description:
|
||
Do not attmept to authenticate with the server key.
|
||
type: boolean
|
||
default: false
|
||
ignore-session-key:
|
||
description:
|
||
Do not attmept to authenticate with the session key.
|
||
type: boolean
|
||
default: false
|
||
server-key:
|
||
description:
|
||
Sets the shared secret to verify client COA requests for this server.
|
||
type: string
|
||
client:
|
||
description:
|
||
Configure DAC.
|
||
type: array
|
||
items:
|
||
type: object
|
||
properties:
|
||
address:
|
||
description:
|
||
A valid IP address or hostname of a DAC.
|
||
type: string
|
||
server-key:
|
||
description:
|
||
Sets the shared secret to verify client COA requests for this server.
|
||
type: string
|
||
port-isolation:
|
||
description:
|
||
This section describes the per-port specific port-isolation matrix (to which ports selected port can forward traffic to) configuration.
|
||
Omitting this configuration completely fully disables any port-isolation configuration on this given port.
|
||
type: object
|
||
properties:
|
||
sessions:
|
||
description:
|
||
Allow selected port to forward traffic in the provided session-based format.
|
||
type: array
|
||
items:
|
||
type: object
|
||
properties:
|
||
id:
|
||
description:
|
||
Session id to configure.
|
||
type: integer
|
||
uplink:
|
||
description:
|
||
Configuration object for uplink interface(s)
|
||
type: object
|
||
properties:
|
||
interface-list:
|
||
description:
|
||
List of interfaces (either physical or trunk ports)
|
||
type: array
|
||
items:
|
||
type: string
|
||
downlink:
|
||
description:
|
||
Configuration object for downlink interface(s)
|
||
type: object
|
||
properties:
|
||
interface-list:
|
||
description:
|
||
List of interfaces (either physical or trunk ports)
|
||
type: array
|
||
items:
|
||
type: string
|
||
trunk-balance-method:
|
||
description:
|
||
Sets the load-distribution method among ports in aggregated links for both static and LACP based trunks.
|
||
type: string
|
||
enum:
|
||
- dst-ip
|
||
- dst-mac
|
||
- src-dst-ip
|
||
- src-dst-mac
|
||
- src-ip
|
||
- src-mac
|
||
default: src-dst-mac
|
||
jumbo-frames:
|
||
description:
|
||
Enables Jumbo frames
|
||
type: boolean
|
||
default: false
|
||
dhcp-snooping:
|
||
description: DHCP Snooping configuration parameters
|
||
type: object
|
||
properties:
|
||
dhcp-snoop-enable:
|
||
description: "Enables DHCP Snooping on the network switch, which is a security feature that prevents unauthorized DHCP servers from offering IP addresses"
|
||
type: boolean
|
||
default: false
|
||
dhcp-snoop-rate-limit:
|
||
description: "Sets a limit on the number of DHCP packets per second that can be received on an untrusted interface to prevent DHCP flooding attacks"
|
||
type: integer
|
||
minimum: 1
|
||
maximum: 2048
|
||
dhcp-snoop-mac-verify:
|
||
description: "This option ensures that the MAC address in a DHCP request matches the source MAC address of the packet, providing an additional layer of security"
|
||
type: boolean
|
||
default: false
|
||
dhcp-snoop-inf-opt-82:
|
||
description: "This refers to the insertion of information option 82 in DHCP packets, which adds more details about the client’s location and network information for tracking and control purposes"
|
||
type: boolean
|
||
default: false
|
||
dhcp-snoop-inf-opt-encode-subopt:
|
||
description: "This parameter allows for the encoding of sub-options within option 82 to further specify client information"
|
||
type: boolean
|
||
default: false
|
||
dhcp-snoop-inf-opt-remoteid:
|
||
description: "It specifies the remote ID sub-option in option 82, which typically includes information like the circuit ID or remote host identifier"
|
||
type: string
|
||
maxLength: 32
|
||
minLength: 1
|
||
dhcp-snoop-inf-opt-policy:
|
||
description: "This defines the policy for handling packets with option 82, determining whether they should be forwarded or dropped based on the configuration"
|
||
type: string
|
||
enum:
|
||
- drop
|
||
- keep
|
||
- replace
|
||
mvr-config:
|
||
description: This section defines the Multicast VLAN Registration (MVR) general configuration.
|
||
type: object
|
||
properties:
|
||
mvr-enable:
|
||
description: Enable/Disable MVR globally on the switch.
|
||
type: boolean
|
||
default: false
|
||
mvr-proxy-query-intvl:
|
||
description:
|
||
This command configures the interval (in seconds) at which the receiver port sends out general queries.
|
||
The maximum value is determined based on 12 hours as maximum interval, and minimum as 1 second as allowed value.
|
||
type: integer
|
||
default: 125
|
||
maximum: 43200
|
||
minimum: 1
|
||
mvr-proxy-switching:
|
||
description:
|
||
Enable the MVR proxy switching mode, where the source port acts as a host, and the receiver port
|
||
acts as an MVR router with querier service enabled.
|
||
type: boolean
|
||
default: false
|
||
mvr-robustness-val:
|
||
description:
|
||
Configure the expected packet loss, and thereby the number of times to generate report
|
||
and group-specific queries when changes are learned about downstream groups,
|
||
and the number of times group-specific queries are sent to downstream receiver ports.
|
||
Right configuration ensures that multicast group memberships are correctly maintained
|
||
even if some control messages are lost due to network issues.
|
||
type: integer
|
||
default: 2
|
||
maximum: 255
|
||
minimum: 1
|
||
mvr-source-port-mode:
|
||
description:
|
||
Configure the switch to forward only multicast streams that a source port has dynamically
|
||
joined or to forward all multicast groups.
|
||
type: string
|
||
default: forward
|
||
enum:
|
||
- dynamic
|
||
- forward
|
||
mvr-domain-config:
|
||
description: Configure the Multicast VLAN Registration (MVR) domains.
|
||
type: array
|
||
items:
|
||
type: object
|
||
properties:
|
||
mvr-domain-id:
|
||
description: Unique identifier for a Multicast Domain defined under the MVR.
|
||
type: integer
|
||
minimum: 1
|
||
maximum: 10
|
||
default: 1
|
||
mvr-domain-enable:
|
||
description: Enable/disable Multicast VLAN Registration (MVR) for a specific domain.
|
||
type: boolean
|
||
default: false
|
||
mvr-domain-vlan-id:
|
||
description:
|
||
Per domain Level Multicast VLAN ID. Specifies the VLAN through which MVR multicast data is received.
|
||
This is the VLAN to which all source ports must be assigned.
|
||
type: integer
|
||
minimum: 1
|
||
maximum: 4094
|
||
default: 1
|
||
mvr-domain-upstream-sip:
|
||
description: Configures the source IP address assigned to all MVR control packets sent upstream on all domains or on a specified domain.
|
||
type: string
|
||
format: ipv4
|
||
examples:
|
||
- 192.168.0.5
|
||
mvr-group-config:
|
||
type: array
|
||
description: List of MVR groups (or profiles) configuration.
|
||
items:
|
||
type: object
|
||
properties:
|
||
mvr-group-name:
|
||
type: string
|
||
description: The name of a MVR group that consists of one or more MVR group addresses
|
||
maxLength: 16
|
||
minLength: 1
|
||
mvr-group-range-start:
|
||
type: string
|
||
format: ipv4
|
||
description: Start IP address on the range of MVR group addresses that maps to a profile/MVR group
|
||
mvr-group-range-end:
|
||
type: string
|
||
format: ipv4
|
||
description: Statically configure all multicast group addresses that will join an MVR VLAN. Map a range of MVR group addresses to a profile
|
||
mvr-group-assoc-domain:
|
||
descpription: Map the MVR Group to a secific domain. There can be many profiles under a single domain
|
||
type: array
|
||
items:
|
||
type: integer
|
||
maximum: 10
|
||
minimum: 1
|
||
required:
|
||
- mvr-group-name
|
||
- mvr-group-range-start
|
||
- mvr-group-range-end
|
||
- mvr-group-assoc-domain
|
||
lldp-global-config:
|
||
type: object
|
||
description: Configuration options for LLDP on a global level in a OLS switch.
|
||
properties:
|
||
lldp-enable:
|
||
type: boolean
|
||
default: true
|
||
description: Enables or disables LLDP globally at a switch level.
|
||
lldp-holdtime-multiplier:
|
||
type: integer
|
||
description: Configures the time-to-live (TTL) value sent in LLDP advertisements. The TTL tells the receiving LLDP agent how long to retain all information from the sending LLDP agent if it does not transmit updates in a timely manner.
|
||
default: 4
|
||
lldp-med-fast-start-count:
|
||
type: integer
|
||
description: Configures how many medFastStart packets are transmitted during the activation process of the LLDP-MED Fast Start mechanism.
|
||
default: 4
|
||
lldp-refresh-interval:
|
||
type: integer
|
||
description: Configures the periodic transmit interval for LLDP advertisements (in seconds).
|
||
default: 30
|
||
lldp-reinit-delay:
|
||
type: integer
|
||
description: Configures the delay (in seconds) before reinitializing after LLDP ports are disabled or the link goes down.
|
||
default: 2
|
||
lldp-tx-delay:
|
||
type: integer
|
||
description: Configures a delay (in seconds) between successive transmissions of advertisements initiated by a change in local LLDP state.
|
||
maximum: 8192
|
||
minimum: 1
|
||
lldp-notification-interval:
|
||
type: integer
|
||
description: Configures the interval (in seconds) for sending SNMP notifications about LLDP changes.
|
||
default: 5
|
||
mc-lag:
|
||
type: boolean
|
||
description: Enables MC-LAG or disables it.
|
||
default: false
|
||
mclag-config:
|
||
description: This section defines the MC-LAG configuration parameters for the switch.
|
||
type: object
|
||
properties:
|
||
mclag-domains:
|
||
description: List of MC-LAG domain configurations for the switch.
|
||
type: array
|
||
items:
|
||
type: object
|
||
properties:
|
||
mclag-domain:
|
||
description: Specifies the MC-LAG domain ID to identify the grouping of peer switches.
|
||
type: integer
|
||
minimum: 1
|
||
maximum: 1024
|
||
default: 1
|
||
peer-link:
|
||
description: Configures the peer-link, which could be a physical port or a trunk group that connects the two MC-LAG peer switches.
|
||
type: object
|
||
properties:
|
||
link-type:
|
||
description: Defines the type of peer-link, either 'port' or 'trunk-group'
|
||
type: string
|
||
enum:
|
||
- port
|
||
- trunk-group
|
||
default: trunk-group
|
||
port-id:
|
||
description: Specifies the physical port name used as peer-link (only valid if type = port).
|
||
type: string
|
||
examples:
|
||
- "Ethernet1"
|
||
- "Ethernet2"
|
||
trunk-id:
|
||
description: Specifies the trunk group ID used as peer-link (only valid if type = trunk-group).
|
||
type: integer
|
||
minimum: 1
|
||
maximum: 64
|
||
mclag-group:
|
||
description: Configures the MC-LAG group(s), which binds the interfaces into a multi-chassis LAG.
|
||
type: array
|
||
items:
|
||
type: object
|
||
properties:
|
||
group-id:
|
||
description: Defines the unique MC-LAG group identifier.
|
||
type: integer
|
||
minimum: 1
|
||
maximum: 128
|
||
members:
|
||
description: List of interfaces that participate in the MC-LAG group.
|
||
type: array
|
||
items:
|
||
type: string
|
||
description: Interface names that are part of the MC-LAG group.
|
||
examples:
|
||
- Ethernet0
|
||
- Ethernet1
|
||
lacp-config:
|
||
description: LACP configuration settings for the MC-LAG group.
|
||
type: object
|
||
properties:
|
||
lacp-enable:
|
||
description: Enables or disables LACP for the MC-LAG group.
|
||
type: boolean
|
||
default: true
|
||
lacp-role:
|
||
description: Configures the LACP role as 'actor' or 'partner'
|
||
type: string
|
||
enum:
|
||
- actor
|
||
- partner
|
||
default: actor
|
||
lacp-timeout:
|
||
description: Sets the LACP timeout as either 'short' or 'long'.
|
||
type: string
|
||
enum:
|
||
- short
|
||
- long
|
||
default: long
|
||
system-priority:
|
||
description: Specifies the system priority used by the switch for LACP negotiations.
|
||
type: integer
|
||
minimum: 1
|
||
maximum: 65535
|
||
default: 32768
|
||
dual-active-detection:
|
||
description: Enables dual-active detection to prevent split-brain scenarios in MC-LAG.
|
||
type: boolean
|
||
default: true
|
||
voice-vlan-config:
|
||
description: This parameter enables or disables the overall configuration of the Voice VLAN feature on the switch. When enabled, it allows the system to classify and prioritize voice traffic.
|
||
type: object
|
||
properties:
|
||
voice-vlan-id:
|
||
description: Specifies the VLAN ID assigned to the Voice VLAN. This is the unique identifier for the VLAN that will be used for prioritizing voice traffic.
|
||
type: integer
|
||
minimum: 1
|
||
maximum: 4094
|
||
voice-vlan-ageing-time:
|
||
description: Defines the time, in minutes, that a dynamic Voice VLAN entry remains in the VLAN after voice traffic is no longer detected. It helps manage resources by removing inactive voice devices from the VLAN after this time elapses.
|
||
type: integer
|
||
minimum: 5
|
||
maximum: 43200
|
||
default: 1440
|
||
voice-vlan-oui-config:
|
||
description: Configures the Organizationally Unique Identifier (OUI) for identifying the voice devices (like IP phones).
|
||
type: array
|
||
items:
|
||
type: object
|
||
properties:
|
||
voice-vlan-oui-mac:
|
||
description: The specific MAC address pattern that corresponds to voice devices, as determined by the OUI. It is used for identifying and classifying voice traffic.
|
||
type: string
|
||
format: uc-mac
|
||
voice-vlan-oui-mask:
|
||
description: A mask applied to the MAC address to help match the OUI more precisely. It ensures that the correct portion of the MAC address is evaluated to identify a device as a voice device.
|
||
type: string
|
||
format: uc-mac
|
||
voice-vlan-oui-description:
|
||
description: A descriptive label or comment for the OUI configuration. This can help administrators keep track of which OUI belongs to which type of voice device or vendor.
|
||
type: string
|
||
maxLength: 32
|
||
minLength: 1
|
||
examples:
|
||
- "A VoIP Phone"
|
||
arp-inspect:
|
||
$ref: "https://ucentral.io/schema/v1/switch/arp-inspect/"
|
||
ip-source-guard:
|
||
$ref: "https://ucentral.io/schema/v1/switch/ip-source-guard/"
|
||
rt-events:
|
||
$ref: "https://ucentral.io/schema/v1/switch/rtevent/"
|
||
acl:
|
||
$ref: "https://ucentral.io/schema/v1/switch/acl/"
|
||
dns:
|
||
description: Define a global list of dns servers.
|
||
type: array
|
||
items:
|
||
type: string
|