Input variables for eos_cli_config_gen

This document describes the supported input variables for the role arista.avd.eos_cli_config_gen.

Since several data models have changed between AVD versions 3.x and 4.x, it is recommended to study the Porting Guide for AVD 4.x.x for existing deployments.

The input variables are documented below in tables and YAML.

All values are optional.

Note

All input variables are validated by a schema. If additional custom keys are desired, a key starting with an underscore _, will be ignored.

Warning

Available features and variables may vary by platforms, refer to documentation on arista.com for specifics.

Authentication

AAA accounting

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aaa_accounting	Dictionary
exec	Dictionary
console	Dictionary
type	String			Valid Values: - none - start-stop - stop-only
group	String				Group Name
logging	Boolean
default	Dictionary
type	String			Valid Values: - none - start-stop - stop-only
group	String				Group Name
logging	Boolean
system	Dictionary
default	Dictionary
type	String			Valid Values: - none - start-stop - stop-only
group	String				Group Name
dot1x	Dictionary
default	Dictionary
type	String			Valid Values: - start-stop - stop-only
group	String				Group Name
commands	Dictionary
console	List, items: Dictionary
- commands	String				Privelege level ‘all’ or 0-15
type	String			Valid Values: - none - start-stop - stop-only
group	String				Group Name
logging	Boolean
default	List, items: Dictionary
- commands	String				Privelege level ‘all’ or 0-15
type	String			Valid Values: - none - start-stop - stop-only
group	String				Group Name
logging	Boolean

aaa_accounting:
  exec:
    console:
      type: <str>
      group: <str>
      logging: <bool>
    default:
      type: <str>
      group: <str>
      logging: <bool>
  system:
    default:
      type: <str>
      group: <str>
  dot1x:
    default:
      type: <str>
      group: <str>
  commands:
    console:
      - commands: <str>
        type: <str>
        group: <str>
        logging: <bool>
    default:
      - commands: <str>
        type: <str>
        group: <str>
        logging: <bool>

AAA authentication

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aaa_authentication	Dictionary
login	Dictionary
default	String				Login authentication method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local”
console	String				Console authentication method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local”
enable	Dictionary
default	String				Enable authentication method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local”
dot1x	Dictionary
default	String				802.1x authentication method(s) as a string. Examples: - “group radius” - “group MYGROUP group radius”
policies	Dictionary
on_failure_log	Boolean
on_success_log	Boolean
local	Dictionary
allow_nopassword	Boolean
lockout	Dictionary
failure	Integer			Min: 1 Max: 255
duration	Integer			Min: 1 Max: 4294967295
window	Integer			Min: 1 Max: 4294967295

aaa_authentication:
  login:
    default: <str>
    console: <str>
  enable:
    default: <str>
  dot1x:
    default: <str>
  policies:
    on_failure_log: <bool>
    on_success_log: <bool>
    local:
      allow_nopassword: <bool>
    lockout:
      failure: <int>
      duration: <int>
      window: <int>

AAA authorization

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aaa_authorization	Dictionary
policy	Dictionary
local_default_role	String
exec	Dictionary
default	String				Exec authorization method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group radius group MYGROUP local”
config_commands	Boolean
serial_console	Boolean
dynamic	Dictionary
dot1x_additional_groups	List, items: String			Min Length: 1
- <str>	String
commands	Dictionary
all_default	String				Command authorization method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group tacacs+ group MYGROUP local
privilege	List, items: Dictionary
- level	String				Privilege level(s) 0-15
default	String				Command authorization method(s) as a string. Examples: - “group tacacs+ local” - “group MYGROUP none” - “group tacacs+ group MYGROUP local”

aaa_authorization:
  policy:
    local_default_role: <str>
  exec:
    default: <str>
  config_commands: <bool>
  serial_console: <bool>
  dynamic:
    dot1x_additional_groups:
      - <str>
  commands:
    all_default: <str>
    privilege:
      - level: <str>
        default: <str>

AAA root

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aaa_root	Dictionary
secret	Dictionary
sha512_password	String

aaa_root:
  secret:
    sha512_password: <str>

AAA server groups

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aaa_server_groups	List, items: Dictionary
- name	String				Group name
type	String			Valid Values: - tacacs+ - radius - ldap
servers	List, items: Dictionary
- server	String				Hostname or IP address
vrf	String				VRF name

aaa_server_groups:
  - name: <str>
    type: <str>
    servers:
      - server: <str>
        vrf: <str>

Enable password

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
enable_password	Dictionary
hash_algorithm	String			Valid Values: - md5 - sha512
key	String				Must be the hash of the password using the specified algorithm. By default EOS salts the password, so the simplest is to generate the hash on an EOS device.

enable_password:
  hash_algorithm: <str>
  key: <str>

IP radius source-interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_radius_source_interfaces	List, items: Dictionary
- name	String				Interface Name
vrf	String				VRF Name

ip_radius_source_interfaces:
  - name: <str>
    vrf: <str>

IP tacacs source-interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_tacacs_source_interfaces	List, items: Dictionary
- name	String				Interface name
vrf	String

ip_tacacs_source_interfaces:
  - name: <str>
    vrf: <str>

Local users

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
local_users	List, items: Dictionary
- name	String	Required, Unique			Username
disabled	Boolean				If true, the user will be removed and all other settings are ignored. Useful for removing the default “admin” user.
privilege	Integer			Min: 0 Max: 15	Initial privilege level with local EXEC authorization.
role	String				EOS RBAC Role to be assigned to the user such as “network-admin” or “network-operator”
sha512_password	String				SHA512 Hash of Password Must be the hash of the password. By default EOS salts the password with the username, so the simplest is to generate the hash on an EOS device using the same username.
no_password	Boolean				If set a password will not be configured for this user. “sha512_password” MUST not be defined for this user.
ssh_key	String
shell	String			Valid Values: - /bin/bash - /bin/sh - /sbin/nologin	Specify shell for the user

local_users:
  - name: <str>
    disabled: <bool>
    privilege: <int>
    role: <str>
    sha512_password: <str>
    no_password: <bool>
    ssh_key: <str>
    shell: <str>

Radius server

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
radius_server	Dictionary
attribute_32_include_in_access_req	Dictionary
hostname	Boolean
format	String				Specify the format of the NAS-Identifier. If ‘hostname’ is set, this is ignored.
dynamic_authorization	Dictionary
port	Integer			Min: 0 Max: 65535	TCP Port
tls_ssl_profile	String				Name of TLS profile
hosts	List, items: Dictionary
- host	String	Required, Unique			Host IP address or name
vrf	String
timeout	Integer			Min: 1 Max: 1000
retransmit	Integer			Min: 0 Max: 100
key	String				Encrypted key

radius_server:
  attribute_32_include_in_access_req:
    hostname: <bool>
    format: <str>
  dynamic_authorization:
    port: <int>
    tls_ssl_profile: <str>
  hosts:
    - host: <str>
      vrf: <str>
      timeout: <int>
      retransmit: <int>
      key: <str>

Radius servers

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
radius_servers deprecated	List, items: Dictionary				This key is deprecated. Support will be removed in AVD version v5.0.0. Use radius_server.hosts instead.
- host	String				Host IP address or name
vrf	String
key	String				Encrypted key

radius_servers:
  - host: <str>
    vrf: <str>
    key: <str>

Roles

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
roles	List, items: Dictionary
- name	String				Role name
sequence_numbers	List, items: Dictionary
- sequence	Integer				Sequence number
action	String			Valid Values: - permit - deny
mode	String				“config”, “config-all”, “exec” or mode key as string
command	String				Command as string

roles:
  - name: <str>
    sequence_numbers:
      - sequence: <int>
        action: <str>
        mode: <str>
        command: <str>

Tacacs servers

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
tacacs_servers	Dictionary
hosts	List, items: Dictionary
- host	String				Host IP address or name
vrf	String
key	String				Encrypted key
key_type	String		7	Valid Values: - 0 - 7 - 8a
single_connection	Boolean
timeout	Integer
policy_unknown_mandatory_attribute_ignore	Boolean

tacacs_servers:
  hosts:
    - host: <str>
      vrf: <str>
      key: <str>
      key_type: <str>
      single_connection: <bool>
      timeout: <int>
  policy_unknown_mandatory_attribute_ignore: <bool>

ACLs

IP Extended access-lists

AVD currently supports two different data models for extended ACLs:

• The legacy access_lists data model, for compatibility with existing deployments
• The improved ip_access_lists data model, for access to more EOS features

Both data models can coexists without conflicts, as different keys are used: access_lists vs ip_access_lists. Access list names must be unique.

The legacy data model supports simplified ACL definition with sequence to action mapping:

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
access_lists	List, items: Dictionary
- name	String	Required, Unique			Access-list Name
counters_per_entry	Boolean
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID
action	String	Required			Action as string Example: “deny ip any any”

access_lists:
  - name: <str>
    counters_per_entry: <bool>
    sequence_numbers:
      - sequence: <int>
        action: <str>

The improved data model has a more sophisticated design documented below:

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_access_lists	List, items: Dictionary
- name	String	Required, Unique			Access-list Name
counters_per_entry	Boolean
entries	List, items: Dictionary				ACL Entries
- sequence	Integer				ACL entry sequence number.
remark	String				Comment up to 100 characters. If remark is defined, other keys in acl entry will be ignored.
action	String			Valid Values: - permit - deny	ACL action. Required for standard entry.
protocol	String				ip, tcp, udp, icmp or other protocol name or number. Required for standard entry.
source	String				any, A.B.C.D/E or A.B.C.D. A.B.C.D without a mask means host. Required for standard entry.
source_ports_match	String		eq	Valid Values: - eq - gt - lt - neq - range
source_ports	List, items: String
- <str>	String				TCP/UDP source port name or number.
destination	String				any, A.B.C.D/E or A.B.C.D. A.B.C.D without a mask means host. Required for standard entry.
destination_ports_match	String		eq	Valid Values: - eq - gt - lt - neq - range
destination_ports	List, items: String
- <str>	String				TCP/UDP destination port name or number.
tcp_flags	List, items: String
- <str>	String				TCP Flag Name
fragments	Boolean				Match non-head fragment packets.
log	Boolean				Log matches against this rule.
ttl	Integer			Min: 0 Max: 254	TTL value
ttl_match	String		eq	Valid Values: - eq - gt - lt - neq
icmp_type	String				Message type name/number for ICMP packets.
icmp_code	String				Message code for ICMP packets.
nexthop_group	String				nexthop-group name.
tracked	Boolean				Match packets in existing ICMP/UDP/TCP connections.
dscp	String				DSCP value or name.
vlan_number	Integer
vlan_inner	Boolean		False
vlan_mask	String				0x000-0xFFF VLAN mask.

ip_access_lists:
  - name: <str>
    counters_per_entry: <bool>
    entries:
      - sequence: <int>
        remark: <str>
        action: <str>
        protocol: <str>
        source: <str>
        source_ports_match: <str>
        source_ports:
          - <str>
        destination: <str>
        destination_ports_match: <str>
        destination_ports:
          - <str>
        tcp_flags:
          - <str>
        fragments: <bool>
        log: <bool>
        ttl: <int>
        ttl_match: <str>
        icmp_type: <str>
        icmp_code: <str>
        nexthop_group: <str>
        tracked: <bool>
        dscp: <str>
        vlan_number: <int>
        vlan_inner: <bool>
        vlan_mask: <str>

The improved data model allows to limit the number of ACL entries that AVD is allowed to generate by defining ip_access_lists_max_entries. Only normal entries under ip_access_lists will be counted, remarks will be ignored. If the number is above the limit, the playbook will fail. This provides a simplified control over hardware utilization. The numbers must be based on the hardware tests and AVD does not provide any guidance. Note that other EOS features may use the same hardware resources and affect the supported scale.

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_access_lists_max_entries	Integer				Limit ACL entries defined under the ip_access_lists.

ip_access_lists_max_entries: <int>

IPv6 access-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_access_lists	List, items: Dictionary
- name	String	Required, Unique			IPv6 Access-list Name
counters_per_entry	Boolean
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID
action	String	Required			Action as string Example: “deny ipv6 any any”

ipv6_access_lists:
  - name: <str>
    counters_per_entry: <bool>
    sequence_numbers:
      - sequence: <int>
        action: <str>

IPv6 standard access-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_standard_access_lists	List, items: Dictionary
- name	String	Required, Unique			Access-list Name
counters_per_entry	Boolean
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID
action	String	Required			Action as string Example: “deny ipv6 any any”

ipv6_standard_access_lists:
  - name: <str>
    counters_per_entry: <bool>
    sequence_numbers:
      - sequence: <int>
        action: <str>

MAC access-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
mac_access_lists	List, items: Dictionary
- name	String	Required, Unique			MAC Access-list Name
counters_per_entry	Boolean
entries	List, items: Dictionary
- sequence	Integer
action	String

mac_access_lists:
  - name: <str>
    counters_per_entry: <bool>
    entries:
      - sequence: <int>
        action: <str>

Standard access-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
standard_access_lists	List, items: Dictionary
- name	String	Required, Unique			Access-list Name
counters_per_entry	Boolean
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID
action	String	Required			Action as string Example: “deny ip any any”

standard_access_lists:
  - name: <str>
    counters_per_entry: <bool>
    sequence_numbers:
      - sequence: <int>
        action: <str>

Endpoint Security

Address-locking

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
address_locking	Dictionary
dhcp_servers_ipv4	List, items: String
- <str>	String				DHCP server IPv4 address
disabled	Boolean				Disable IP locking on configured ports
leases	List, items: Dictionary
- ip	String	Required			IP address
mac	String	Required			MAC address (hhhh.hhhh.hhhh or hh:hh:hh:hh:hh:hh)
local_interface	String
locked_address	Dictionary
expiration_mac_disabled	Boolean				Configure deauthorizing locked addresses upon MAC aging out
ipv4_enforcement_disabled	Boolean				Configure enforcement for locked IPv4 addresses
ipv6_enforcement_disabled	Boolean				Configure enforcement for locked IPv6 addresses

address_locking:
  dhcp_servers_ipv4:
    - <str>
  disabled: <bool>
  leases:
    - ip: <str>
      mac: <str>
  local_interface: <str>
  locked_address:
    expiration_mac_disabled: <bool>
    ipv4_enforcement_disabled: <bool>
    ipv6_enforcement_disabled: <bool>

Dot1x

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
dot1x	Dictionary
system_auth_control	Boolean
protocol_lldp_bypass	Boolean
dynamic_authorization	Boolean
mac_based_authentication	Dictionary
delay	Integer			Min: 0 Max: 300
hold_period	Integer			Min: 1 Max: 300
radius_av_pair	Dictionary
service_type	Boolean
framed_mtu	Integer			Min: 68 Max: 9236

dot1x:
  system_auth_control: <bool>
  protocol_lldp_bypass: <bool>
  dynamic_authorization: <bool>
  mac_based_authentication:
    delay: <int>
    hold_period: <int>
  radius_av_pair:
    service_type: <bool>
    framed_mtu: <int>

MAC security

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
mac_security	Dictionary
license	Dictionary	Required
license_name	String	Required
license_key	String	Required
fips_restrictions	Boolean	Required
profiles	List, items: Dictionary
- name	String	Required, Unique			Profile-Name
cipher	String			Valid Values: - aes128-gcm - aes128-gcm-xpn - aes256-gcm - aes256-gcm-xpn
connection_keys	List, items: Dictionary
- id	String	Required, Unique
encrypted_key	String
fallback	Boolean
mka	Dictionary
key_server_priority	Integer			Min: 0 Max: 255
session	Dictionary
rekey_period	Integer			Min: 30 Max: 100000	Rekey period in seconds
sci	Boolean
l2_protocols	Dictionary
ethernet_flow_control	Dictionary
mode	String	Required		Valid Values: - encrypt - bypass
lldp	Dictionary
mode	String	Required		Valid Values: - bypass - bypass unauthorized

mac_security:
  license:
    license_name: <str>
    license_key: <str>
  fips_restrictions: <bool>
  profiles:
    - name: <str>
      cipher: <str>
      connection_keys:
        - id: <str>
          encrypted_key: <str>
          fallback: <bool>
      mka:
        key_server_priority: <int>
        session:
          rekey_period: <int>
      sci: <bool>
      l2_protocols:
        ethernet_flow_control:
          mode: <str>
        lldp:
          mode: <str>

Filters and policies

AS path

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
as_path	Dictionary
regex_mode	String			Valid Values: - asn - string
access_lists	List, items: Dictionary
- name	String				Access List Name
entries	List, items: Dictionary
- type	String			Valid Values: - permit - deny
match	String				Regex To Match
origin	String		any	Valid Values: - any - egp - igp - incomplete

as_path:
  regex_mode: <str>
  access_lists:
    - name: <str>
      entries:
        - type: <str>
          match: <str>
          origin: <str>

Class-maps

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
class_maps	Dictionary
pbr	List, items: Dictionary
- name	String	Required, Unique			Class-Map Name
ip	Dictionary
access_group	String				Standard Access-List Name
qos	List, items: Dictionary
- name	String	Required, Unique			Class-Map Name
vlan	Integer				VLAN value(s) or range(s) of VLAN values
cos	Integer				CoS value(s) or range(s) of CoS values
ip	Dictionary
access_group	String				IPv4 Access-List Name
ipv6	Dictionary
access_group	String				IPv6 Access-List Name

class_maps:
  pbr:
    - name: <str>
      ip:
        access_group: <str>
  qos:
    - name: <str>
      vlan: <int>
      cos: <int>
      ip:
        access_group: <str>
      ipv6:
        access_group: <str>

Dynamic prefix lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
dynamic_prefix_lists	List, items: Dictionary
- name	String				Dynamic prefix-list name
match_map	String				Route-map name
prefix_list	Dictionary
ipv4	String				Prefix-list name
ipv6	String				Prefix-list name

dynamic_prefix_lists:
  - name: <str>
    match_map: <str>
    prefix_list:
      ipv4: <str>
      ipv6: <str>

IP community lists

AVD currently supports two different data models for community lists:

• The legacy community_lists data model that can be used for compatibility with the existing deployments.
• The improved ip_community_lists data model.

Both data models can coexist without conflicts, as different keys are used: community_lists vs ip_community_lists. Community list names must be unique.

The legacy data model supports simplified community list definition that only allows a single action to be defined as string:

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
community_lists	List, items: Dictionary
- name	String	Required, Unique			Community-list Name
action	String	Required			Action as string Example: “permit GSHUT 65123:123”

community_lists:
  - name: <str>
    action: <str>

The improved data model has a better design documented below:

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_community_lists	List, items: Dictionary				Communities and regexp entries MUST not be configured in the same community-list
- name	String	Required, Unique			IP Community-list Name
entries	List, items: Dictionary	Required
- action	String	Required		Valid Values: - permit - deny
communities	List, items: String				If defined, a standard community-list will be configured. Supported community strings (case insensitive): - GSHUT - internet - local-as - no-advertise - no-export - <1-4294967040> - aa:nn
- <str>	String
regexp	String				Regular Expression If defined, a regex community-list will be configured

ip_community_lists:
  - name: <str>
    entries:
      - action: <str>
        communities:
          - <str>
        regexp: <str>

IP extcommunity-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_extcommunity_lists	List, items: Dictionary
- name	String	Required, Unique			Community-list Name
entries	List, items: Dictionary	Required
- type	String	Required		Valid Values: - permit - deny
extcommunities	String	Required			Communities as string Example: “65000:65000”

ip_extcommunity_lists:
  - name: <str>
    entries:
      - type: <str>
        extcommunities: <str>

IP extcommunity-lists-regexp

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_extcommunity_lists_regexp	List, items: Dictionary
- name	String	Required, Unique			Community-list Name
entries	List, items: Dictionary	Required
- type	String	Required		Valid Values: - permit - deny
regexp	String	Required			Regular Expression

ip_extcommunity_lists_regexp:
  - name: <str>
    entries:
      - type: <str>
        regexp: <str>

IPv6 prefix-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ipv6_prefix_lists	List, items: Dictionary
- name	String	Required, Unique			Prefix-list Name
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID
action	String	Required			Action as string Example: “permit 1b11:3a00:22b0:0082::/64 eq 128”

ipv6_prefix_lists:
  - name: <str>
    sequence_numbers:
      - sequence: <int>
        action: <str>

Match list input

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
match_list_input	Dictionary
string	List, items: Dictionary
- name	String	Required, Unique			Match-list Name
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID
match_regex	String	Required			Regular Expression

match_list_input:
  string:
    - name: <str>
      sequence_numbers:
        - sequence: <int>
          match_regex: <str>

Peer-filters

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
peer_filters	List, items: Dictionary
- name	String	Required, Unique			Peer-filter Name
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID
match	String	Required			Match as string Example: “as-range 1-100 result accept”

peer_filters:
  - name: <str>
    sequence_numbers:
      - sequence: <int>
        match: <str>

Policy-maps

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
policy_maps	Dictionary
pbr	List, items: Dictionary				PBR Policy-Maps
- name	String	Required, Unique			Policy-Map Name
classes	List, items: Dictionary
- name	String	Required, Unique			Class Name
index	Integer
drop	Boolean				‘drop’ and ‘set’ are mutually exclusive
set	Dictionary				Set Nexthop ‘drop’ and ‘set’ are mutually exclusive
nexthop	Dictionary
ip_address	String				IPv4 or IPv6 Address
recursive	Boolean
qos	List, items: Dictionary				QOS Policy-Maps
- name	String	Required, Unique			Policy-Map Name
classes	List, items: Dictionary
- name	String	Required, Unique			Class Name
set	Dictionary
cos	Integer
dscp	String
traffic_class	Integer
drop_precedence	Integer

policy_maps:
  pbr:
    - name: <str>
      classes:
        - name: <str>
          index: <int>
          drop: <bool>
          set:
            nexthop:
              ip_address: <str>
              recursive: <bool>
  qos:
    - name: <str>
      classes:
        - name: <str>
          set:
            cos: <int>
            dscp: <str>
            traffic_class: <int>
            drop_precedence: <int>

Prefix-lists

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
prefix_lists	List, items: Dictionary
- name	String	Required, Unique			Prefix-list Name
sequence_numbers	List, items: Dictionary
- sequence	Integer	Required, Unique			Sequence ID
action	String	Required			Action as string Example: “permit 10.255.0.0/27 eq 32”

prefix_lists:
  - name: <str>
    sequence_numbers:
      - sequence: <int>
        action: <str>

Route-maps

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
route_maps	List, items: Dictionary
- name	String	Required, Unique			Route-map Name
sequence_numbers	List, items: Dictionary	Required
- sequence	Integer	Required, Unique			Sequence ID
type	String	Required		Valid Values: - permit - deny
description	String
match	List, items: String				List of “match” statements
- <str>	String				Match as string Example: “ip address prefix-list PL-LOOPBACKS-EVPN-OVERLAY”
set	List, items: String				List of “set” statements
- <str>	String				Set as string Example: “origin incomplete”
sub_route_map	String				Name of Sub-Route-map
continue	Dictionary
enabled	Boolean
sequence_number	Integer

route_maps:
  - name: <str>
    sequence_numbers:
      - sequence: <int>
        type: <str>
        description: <str>
        match:
          - <str>
        set:
          - <str>
        sub_route_map: <str>
        continue:
          enabled: <bool>
          sequence_number: <int>

Trackers

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
trackers	List, items: Dictionary
- name	String	Required, Unique			Name of tracker object
interface	String	Required			Name of tracked interface
tracked_property	String		line-protocol		Property to track

trackers:
  - name: <str>
    interface: <str>
    tracked_property: <str>

Traffic policies

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
traffic_policies	Dictionary
options	Dictionary
counter_per_interface	Boolean
field_sets	Dictionary
ipv4	List, items: Dictionary
- name	String	Required, Unique			IPv4 Prefix Field Set Name
prefixes	List, items: String
- <str>	String				IPv4 Prefix
ipv6	List, items: Dictionary
- name	String	Required, Unique			IPv6 Prefix Field Set Name
prefixes	List, items: String
- <str>	String				IPv6 Prefix
ports	List, items: Dictionary
- name	String	Required, Unique			L4 Port Field Set Name
port_range	String				Example: ‘10,20,80,440-450’
policies	List, items: Dictionary
- name	String	Required, Unique			Traffic Policy Name
matches	List, items: Dictionary
- name	String	Required, Unique			Traffic Policy Item
type	String			Valid Values: - ipv4 - ipv6
source	Dictionary
prefixes	List, items: String
- <str>	String				IP address or prefix
prefix_lists	List, items: String				Field-set prefix lists
- <str>	String
destination	Dictionary
prefixes	List, items: String
- <str>	String				IP address or prefix
prefix_lists	List, items: String				Field-set prefix lists
- <str>	String
ttl	String				TTL range
fragment	Dictionary				The ‘fragment’ command is not supported when ‘source port’ or ‘destination port’ command is configured
offset	String				Fragment offset range
protocols	List, items: Dictionary
- protocol	String	Required, Unique
src_port	String				Port range
dst_port	String				Port range
src_field	String				L4 port range field set
dst_field	String				L4 port range field set
flags	List, items: String
- <str>	String			Valid Values: - established - initial
icmp_type	List, items: String
- <str>	String
actions	Dictionary
dscp	Integer
traffic_class	Integer				Traffic class ID
count	String				Counter name
drop	Boolean
log	Boolean				Only supported when action is set to drop
default_actions	Dictionary
ipv4	Dictionary
dscp	Integer
traffic_class	Integer				Traffic class ID
count	String				Counter name
drop	Boolean
log	Boolean				Only supported when action is set to drop
ipv6	Dictionary
dscp	Integer
traffic_class	Integer				Traffic class ID
count	String				Counter name
drop	Boolean
log	Boolean				Only supported when action is set to drop

traffic_policies:
  options:
    counter_per_interface: <bool>
  field_sets:
    ipv4:
      - name: <str>
        prefixes:
          - <str>
    ipv6:
      - name: <str>
        prefixes:
          - <str>
    ports:
      - name: <str>
        port_range: <str>
  policies:
    - name: <str>
      matches:
        - name: <str>
          type: <str>
          source:
            prefixes:
              - <str>
            prefix_lists:
              - <str>
          destination:
            prefixes:
              - <str>
            prefix_lists:
              - <str>
          ttl: <str>
          fragment:
            offset: <str>
          protocols:
            - protocol: <str>
              src_port: <str>
              dst_port: <str>
              src_field: <str>
              dst_field: <str>
              flags:
                - <str>
              icmp_type:
                - <str>
          actions:
            dscp: <int>
            traffic_class: <int>
            count: <str>
            drop: <bool>
            log: <bool>
      default_actions:
        ipv4:
          dscp: <int>
          traffic_class: <int>
          count: <str>
          drop: <bool>
          log: <bool>
        ipv6:
          dscp: <int>
          traffic_class: <int>
          count: <str>
          drop: <bool>
          log: <bool>

Interfaces

Errdisable

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
errdisable	Dictionary
detect	Dictionary
causes	List, items: String
- <str>	String			Valid Values: - acl - arp-inspection - dot1x - link-change - tapagg - xcvr-misconfigured - xcvr-overheat - xcvr-power-unsupported
recovery	Dictionary
causes	List, items: String
- <str>	String			Valid Values: - arp-inspection - bpduguard - dot1x - hitless-reload-down - lacp-rate-limit - link-flap - no-internal-vlan - portchannelguard - portsec - speed-misconfigured - tap-port-init - tapagg - uplink-failure-detection - xcvr-misconfigured - xcvr-overheat - xcvr-power-unsupported - xcvr-unsupported
interval	Integer		300	Min: 30 Max: 86400	Interval in seconds

errdisable:
  detect:
    causes:
      - <str>
  recovery:
    causes:
      - <str>
    interval: <int>

Ethernet interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ethernet_interfaces	List, items: Dictionary
- name	String	Required, Unique
description	String
shutdown	Boolean
load_interval	Integer			Min: 0 Max: 600	Interval in seconds for updating interface counters”
speed	String				Speed can be interface_speed or forced interface_speed or auto interface_speed
mtu	Integer
l2_mtu	Integer				“l2_mtu” should only be defined for platforms supporting the “l2 mtu” CLI
vlans	String				List of switchport vlans as string For a trunk port this would be a range like “1-200,300” For an access port this would be a single vlan “123”
native_vlan	Integer
native_vlan_tag	Boolean				If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence
mode	String			Valid Values: - access - dot1q-tunnel - trunk - trunk phone
phone	Dictionary
trunk	String			Valid Values: - tagged - tagged phone - untagged - untagged phone
vlan	Integer			Min: 1 Max: 4094
l2_protocol	Dictionary
encapsulation_dot1q_vlan	Integer				Vlan tag to configure on sub-interface
forwarding_profile	String				L2 protocol forwarding profile
trunk_groups	List, items: String
- <str>	String
type	String			Valid Values: - routed - switched - l3dot1q - l2dot1q - port-channel-member	l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed. Interface will not be listed in device documentation, unless “type” is set.
snmp_trap_link_change	Boolean
address_locking	Dictionary
ipv4	Boolean				Enable address locking for IPv4
ipv6	Boolean				Enable address locking for IPv6
flowcontrol	Dictionary
received	String			Valid Values: - desired - on - off
vrf	String				VRF name
flow_tracker	Dictionary
sampled	String				Flow tracker name
error_correction_encoding	Dictionary
enabled	Boolean		True
fire_code	Boolean
reed_solomon	Boolean
link_tracking_groups	List, items: Dictionary
- name	String	Required, Unique			Group name
direction	String			Valid Values: - upstream - downstream
evpn_ethernet_segment	Dictionary
identifier	String				EVPN Ethernet Segment Identifier (Type 1 format)
redundancy	String			Valid Values: - all-active - single-active
designated_forwarder_election	Dictionary
algorithm	String			Valid Values: - modulus - preference
preference_value	Integer			Min: 0 Max: 65535	Preference_value is only used when “algorithm” is “preference”
dont_preempt	Boolean				Dont_preempt is only used when “algorithm” is “preference”
hold_time	Integer
subsequent_hold_time	Integer
candidate_reachability_required	Boolean
mpls	Dictionary
shared_index	Integer			Min: 1 Max: 1024
tunnel_flood_filter_time	Integer
route_target	String				EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx
encapsulation_dot1q_vlan	Integer				VLAN tag to configure on sub-interface
encapsulation_vlan	Dictionary
client	Dictionary
dot1q	Dictionary
vlan	Integer				Client VLAN ID
outer	Integer				Client Outer VLAN ID
inner	Integer				Client Inner VLAN ID
unmatched	Boolean
network	Dictionary				Network encapsulations are all optional and skipped if using client unmatched
dot1q	Dictionary
vlan	Integer				Network VLAN ID
outer	Integer				Network outer VLAN ID
inner	Integer				Network inner VLAN ID
client	Boolean
vlan_id	Integer			Min: 1 Max: 4094
ip_address	String				IPv4 address/mask
ip_address_secondaries	List, items: String
- <str>	String
ip_helpers	List, items: Dictionary
- ip_helper	String	Required, Unique
source_interface	String				Source interface name
vrf	String				VRF name
ip_nat	Dictionary
destination	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
pool_name	String	Required
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive
original_ip	String	Required, Unique			IPv4 address
original_port	Integer			Min: 1 Max: 65535
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’
source	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
nat_type	String	Required		Valid Values: - overload - pool - pool-address-only - pool-full-cone
pool_name	String				required if ‘nat_type’ is pool, pool-address-only or pool-full-cone ignored if ‘nat_type’ is overload
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive
original_ip	String	Required, Unique			IPv4 address
original_port	Integer			Min: 1 Max: 65535
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’
ipv6_enable	Boolean
ipv6_address	String
ipv6_address_link_local	String				Link local IPv6 address/mask
ipv6_nd_ra_disabled	Boolean
ipv6_nd_managed_config_flag	Boolean
ipv6_nd_prefixes	List, items: Dictionary
- ipv6_prefix	String	Required, Unique
valid_lifetime	String				Infinite or lifetime in seconds
preferred_lifetime	String				Infinite or lifetime in seconds
no_autoconfig_flag	Boolean
ipv6_dhcp_relay_destinations	List, items: Dictionary
- address	String	Required, Unique			DHCP server’s IPv6 address
vrf	String
local_interface	String				Local interface to communicate with DHCP server - mutually exclusive to source_address
source_address	String				Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface
link_address	String				Override the default link address specified in the relayed DHCP packet
access_group_in	String				Access list name
access_group_out	String				Access list name
ipv6_access_group_in	String				IPv6 access list name
ipv6_access_group_out	String				IPv6 access list name
mac_access_group_in	String				MAC access list name
mac_access_group_out	String				MAC access list name
multicast	Dictionary				Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both
ipv4	Dictionary
boundaries	List, items: Dictionary
- boundary	String				ACL name or multicast IP subnet
out	Boolean
static	Boolean
ipv6	Dictionary
boundaries	List, items: Dictionary
- boundary	String				ACL name or multicast IP subnet
static	Boolean
ospf_network_point_to_point	Boolean
ospf_area	String
ospf_cost	Integer
ospf_authentication	String			Valid Values: - none - simple - message-digest
ospf_authentication_key	String				Encrypted password - only type 7 supported
ospf_message_digest_keys	List, items: Dictionary
- id	Integer	Required, Unique
hash_algorithm	String			Valid Values: - md5 - sha1 - sha256 - sha384 - sha512
key	String				Encrypted password - only type 7 supported
pim	Dictionary
ipv4	Dictionary
dr_priority	Integer			Min: 0 Max: 429467295
sparse_mode	Boolean
mac_security	Dictionary
profile	String
channel_group	Dictionary
id	Integer
mode	String			Valid Values: - on - active - passive
isis_enable	String				ISIS instance
isis_passive	Boolean
isis_metric	Integer
isis_network_point_to_point	Boolean
isis_circuit_type	String			Valid Values: - level-1-2 - level-1 - level-2
isis_hello_padding	Boolean
isis_authentication_mode	String			Valid Values: - text - md5
isis_authentication_key	String				Type-7 encrypted password
poe	Dictionary
disabled	Boolean		False		Disable PoE on a POE capable port. PoE is enabled on all ports that support it by default in EOS.
priority	String			Valid Values: - critical - high - medium - low	Prioritize a port’s power in the event that one of the switch’s power supplies loses power
reboot	Dictionary				Set the PoE power behavior for a PoE port when the system is rebooted
action	String			Valid Values: - maintain - power-off	PoE action for interface
link_down	Dictionary				Set the PoE power behavior for a PoE port when the port goes down
action	String			Valid Values: - maintain - power-off	PoE action for interface
power_off_delay	Integer			Min: 1 Max: 86400	Number of seconds to delay shutting the power off after a link down event occurs. Default value is 5 seconds in EOS.
shutdown	Dictionary				Set the PoE power behavior for a PoE port when the port is admin down
action	String			Valid Values: - maintain - power-off	PoE action for interface
limit	Dictionary				Override the hardware-negotiated power limit using either wattage or a power class. Note that if using a power class, AVD will automatically convert the class value to the wattage value corresponding to that power class.
class	Integer			Min: 0 Max: 8
watts	String
fixed	Boolean				Set to ignore hardware classification
negotiation_lldp	Boolean				Disable to prevent port from negotiating power with powered devices over LLDP. Enabled by default in EOS.
legacy_detect	Boolean				Allow a subset of legacy devices to work with the PoE switch. Disabled by default in EOS because it can cause false positive detections.
ptp	Dictionary
enable	Boolean
announce	Dictionary
interval	Integer
timeout	Integer
delay_req	Integer
delay_mechanism	String			Valid Values: - e2e - p2p
sync_message	Dictionary
interval	Integer
role	String			Valid Values: - master - dynamic
vlan	String				VLAN can be ‘all’ or list of vlans as string
transport	String			Valid Values: - ipv4 - ipv6 - layer2
profile	String				Interface profile
storm_control	Dictionary
all	Dictionary
level	String				Configure maximum storm-control level
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependant
broadcast	Dictionary
level	String				Configure maximum storm-control level
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependant
multicast	Dictionary
level	String				Configure maximum storm-control level
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependant
unknown_unicast	Dictionary
level	String				Configure maximum storm-control level
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependant
logging	Dictionary
event	Dictionary
link_status	Boolean
congestion_drops	Boolean
spanning_tree	Boolean
storm_control	Boolean
lldp	Dictionary
transmit	Boolean
receive	Boolean
ztp_vlan	Integer				ZTP vlan number
trunk_private_vlan_secondary	Boolean
pvlan_mapping	String				List of vlans as string
vlan_translations	List, items: Dictionary
- from	String				List of vlans as string (only one vlan if direction is “both”)
to	Integer				VLAN ID
direction	String		both	Valid Values: - in - out - both
dot1x	Dictionary
port_control	String			Valid Values: - auto - force-authorized - force-unauthorized
port_control_force_authorized_phone	Boolean
reauthentication	Boolean
pae	Dictionary
mode	String			Valid Values: - authenticator
authentication_failure	Dictionary
action	String			Valid Values: - allow - drop
allow_vlan	Integer			Min: 1 Max: 4094
host_mode	Dictionary
mode	String			Valid Values: - multi-host - single-host
multi_host_authenticated	Boolean
mac_based_authentication	Dictionary
enabled	Boolean
always	Boolean
host_mode_common	Boolean
timeout	Dictionary
idle_host	Integer			Min: 10 Max: 65535
quiet_period	Integer			Min: 1 Max: 65535
reauth_period	String				Value can be 60-4294967295 or ‘server’
reauth_timeout_ignore	Boolean
tx_period	Integer			Min: 1 Max: 65535
reauthorization_request_limit	Integer			Min: 1 Max: 10
unauthorized	Dictionary
access_vlan_membership_egress	Boolean
native_vlan_membership_egress	Boolean
eapol	Dictionary
disabled	Boolean
authentication_failure_fallback_mba	Dictionary
enabled	Boolean
timeout	Integer			Min: 0 Max: 65535
service_profile	String				QOS profile
shape	Dictionary
rate	String				Rate in kbps, pps or percent Supported options are platform dependent Examples: - “5000 kbps” - “1000 pps” - “20 percent”
qos	Dictionary
trust	String			Valid Values: - dscp - cos - disabled
dscp	Integer				DSCP value
cos	Integer				COS value
spanning_tree_bpdufilter	String			Valid Values: - enabled - disabled - True - False - true - false
spanning_tree_bpduguard	String			Valid Values: - enabled - disabled - True - False - true - false
spanning_tree_guard	String			Valid Values: - loop - root - disabled
spanning_tree_portfast	String			Valid Values: - edge - network
vmtracer	Boolean
priority_flow_control	Dictionary
enabled	Boolean
priorities	List, items: Dictionary
- priority	Integer	Required, Unique		Min: 0 Max: 7
no_drop	Boolean
bfd	Dictionary
echo	Boolean
interval	Integer				Interval in milliseconds
min_rx	Integer				Rate in milliseconds
multiplier	Integer			Min: 3 Max: 50
service_policy	Dictionary
pbr	Dictionary
input	String				Policy Based Routing Policy-map name
qos	Dictionary
input	String	Required			Quality of Service Policy-map name
mpls	Dictionary
ip	Boolean
ldp	Dictionary
interface	Boolean
igp_sync	Boolean
lacp_timer	Dictionary
mode	String			Valid Values: - fast - normal
multiplier	Integer			Min: 3 Max: 3000
lacp_port_priority	Integer			Min: 0 Max: 65535
transceiver	Dictionary
media	Dictionary
override	String				Transceiver type
ip_proxy_arp	Boolean
traffic_policy	Dictionary
input	String				Ingress traffic policy
output	String				Egress traffic policy
bgp	Dictionary
session_tracker	String				Name of session tracker
peer	String				Key only used for documentation or validation purposes
peer_interface	String				Key only used for documentation or validation purposes
peer_type	String				Key only used for documentation or validation purposes
sflow	Dictionary
enable	Boolean
egress	Dictionary
enable	Boolean
unmodified_enable	Boolean
port_profile	String				Key only used for documentation or validation purposes
eos_cli	String				Multiline EOS CLI rendered directly on the ethernet interface in the final EOS configuration

ethernet_interfaces:
  - name: <str>
    description: <str>
    shutdown: <bool>
    load_interval: <int>
    speed: <str>
    mtu: <int>
    l2_mtu: <int>
    vlans: <str>
    native_vlan: <int>
    native_vlan_tag: <bool>
    mode: <str>
    phone:
      trunk: <str>
      vlan: <int>
    l2_protocol:
      encapsulation_dot1q_vlan: <int>
      forwarding_profile: <str>
    trunk_groups:
      - <str>
    type: <str>
    snmp_trap_link_change: <bool>
    address_locking:
      ipv4: <bool>
      ipv6: <bool>
    flowcontrol:
      received: <str>
    vrf: <str>
    flow_tracker:
      sampled: <str>
    error_correction_encoding:
      enabled: <bool>
      fire_code: <bool>
      reed_solomon: <bool>
    link_tracking_groups:
      - name: <str>
        direction: <str>
    evpn_ethernet_segment:
      identifier: <str>
      redundancy: <str>
      designated_forwarder_election:
        algorithm: <str>
        preference_value: <int>
        dont_preempt: <bool>
        hold_time: <int>
        subsequent_hold_time: <int>
        candidate_reachability_required: <bool>
      mpls:
        shared_index: <int>
        tunnel_flood_filter_time: <int>
      route_target: <str>
    encapsulation_dot1q_vlan: <int>
    encapsulation_vlan:
      client:
        dot1q:
          vlan: <int>
          outer: <int>
          inner: <int>
        unmatched: <bool>
      network:
        dot1q:
          vlan: <int>
          outer: <int>
          inner: <int>
        client: <bool>
    vlan_id: <int>
    ip_address: <str>
    ip_address_secondaries:
      - <str>
    ip_helpers:
      - ip_helper: <str>
        source_interface: <str>
        vrf: <str>
    ip_nat:
      destination:
        dynamic:
          - access_list: <str>
            comment: <str>
            pool_name: <str>
            priority: <int>
        static:
          - access_list: <str>
            comment: <str>
            direction: <str>
            group: <int>
            original_ip: <str>
            original_port: <int>
            priority: <int>
            protocol: <str>
            translated_ip: <str>
            translated_port: <int>
      source:
        dynamic:
          - access_list: <str>
            comment: <str>
            nat_type: <str>
            pool_name: <str>
            priority: <int>
        static:
          - access_list: <str>
            comment: <str>
            direction: <str>
            group: <int>
            original_ip: <str>
            original_port: <int>
            priority: <int>
            protocol: <str>
            translated_ip: <str>
            translated_port: <int>
    ipv6_enable: <bool>
    ipv6_address: <str>
    ipv6_address_link_local: <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>
    ipv6_nd_prefixes:
      - ipv6_prefix: <str>
        valid_lifetime: <str>
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>
    ipv6_dhcp_relay_destinations:
      - address: <str>
        vrf: <str>
        local_interface: <str>
        source_address: <str>
        link_address: <str>
    access_group_in: <str>
    access_group_out: <str>
    ipv6_access_group_in: <str>
    ipv6_access_group_out: <str>
    mac_access_group_in: <str>
    mac_access_group_out: <str>
    multicast:
      ipv4:
        boundaries:
          - boundary: <str>
            out: <bool>
        static: <bool>
      ipv6:
        boundaries:
          - boundary: <str>
        static: <bool>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str>
    ospf_authentication_key: <str>
    ospf_message_digest_keys:
      - id: <int>
        hash_algorithm: <str>
        key: <str>
    pim:
      ipv4:
        dr_priority: <int>
        sparse_mode: <bool>
    mac_security:
      profile: <str>
    channel_group:
      id: <int>
      mode: <str>
    isis_enable: <str>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    isis_circuit_type: <str>
    isis_hello_padding: <bool>
    isis_authentication_mode: <str>
    isis_authentication_key: <str>
    poe:
      disabled: <bool>
      priority: <str>
      reboot:
        action: <str>
      link_down:
        action: <str>
        power_off_delay: <int>
      shutdown:
        action: <str>
      limit:
        class: <int>
        watts: <str>
        fixed: <bool>
      negotiation_lldp: <bool>
      legacy_detect: <bool>
    ptp:
      enable: <bool>
      announce:
        interval: <int>
        timeout: <int>
      delay_req: <int>
      delay_mechanism: <str>
      sync_message:
        interval: <int>
      role: <str>
      vlan: <str>
      transport: <str>
    profile: <str>
    storm_control:
      all:
        level: <str>
        unit: <str>
      broadcast:
        level: <str>
        unit: <str>
      multicast:
        level: <str>
        unit: <str>
      unknown_unicast:
        level: <str>
        unit: <str>
    logging:
      event:
        link_status: <bool>
        congestion_drops: <bool>
        spanning_tree: <bool>
        storm_control: <bool>
    lldp:
      transmit: <bool>
      receive: <bool>
      ztp_vlan: <int>
    trunk_private_vlan_secondary: <bool>
    pvlan_mapping: <str>
    vlan_translations:
      - from: <str>
        to: <int>
        direction: <str>
    dot1x:
      port_control: <str>
      port_control_force_authorized_phone: <bool>
      reauthentication: <bool>
      pae:
        mode: <str>
      authentication_failure:
        action: <str>
        allow_vlan: <int>
      host_mode:
        mode: <str>
        multi_host_authenticated: <bool>
      mac_based_authentication:
        enabled: <bool>
        always: <bool>
        host_mode_common: <bool>
      timeout:
        idle_host: <int>
        quiet_period: <int>
        reauth_period: <str>
        reauth_timeout_ignore: <bool>
        tx_period: <int>
      reauthorization_request_limit: <int>
      unauthorized:
        access_vlan_membership_egress: <bool>
        native_vlan_membership_egress: <bool>
      eapol:
        disabled: <bool>
        authentication_failure_fallback_mba:
          enabled: <bool>
          timeout: <int>
    service_profile: <str>
    shape:
      rate: <str>
    qos:
      trust: <str>
      dscp: <int>
      cos: <int>
    spanning_tree_bpdufilter: <str>
    spanning_tree_bpduguard: <str>
    spanning_tree_guard: <str>
    spanning_tree_portfast: <str>
    vmtracer: <bool>
    priority_flow_control:
      enabled: <bool>
      priorities:
        - priority: <int>
          no_drop: <bool>
    bfd:
      echo: <bool>
      interval: <int>
      min_rx: <int>
      multiplier: <int>
    service_policy:
      pbr:
        input: <str>
      qos:
        input: <str>
    mpls:
      ip: <bool>
      ldp:
        interface: <bool>
        igp_sync: <bool>
    lacp_timer:
      mode: <str>
      multiplier: <int>
    lacp_port_priority: <int>
    transceiver:
      media:
        override: <str>
    ip_proxy_arp: <bool>
    traffic_policy:
      input: <str>
      output: <str>
    bgp:
      session_tracker: <str>
    peer: <str>
    peer_interface: <str>
    peer_type: <str>
    sflow:
      enable: <bool>
      egress:
        enable: <bool>
        unmodified_enable: <bool>
    port_profile: <str>
    eos_cli: <str>

Interface defaults

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
interface_defaults	Dictionary
ethernet	Dictionary
shutdown	Boolean
mtu	Integer

interface_defaults:
  ethernet:
    shutdown: <bool>
  mtu: <int>

Interface profiles

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
interface_profiles	List, items: Dictionary
- name	String	Required, Unique			Interface-Profile Name
commands	List, items: String	Required
- <str>	String				EOS CLI interface command Example: “switchport mode access”

interface_profiles:
  - name: <str>
    commands:
      - <str>

LACP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
lacp	Dictionary				Set Link Aggregation Control Protocol (LACP) parameters.
port_id	Dictionary				LACP port-ID range configuration.
range	Dictionary
begin	Integer				Minimum LACP port-ID range.
end	Integer				Maximum LACP port-ID range.
rate_limit	Dictionary				Set LACPDU rate limit options.
default	Boolean				Enable LACPDU rate limiting by default on all ports.
system_priority	Integer			Min: 0 Max: 65535	Set local system LACP priority.

lacp:
  port_id:
    range:
      begin: <int>
      end: <int>
  rate_limit:
    default: <bool>
  system_priority: <int>

Link tracking groups

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
link_tracking_groups	List, items: Dictionary
- name	String	Required, Unique
links_minimum	Integer			Min: 1 Max: 100000
recovery_delay	Integer			Min: 0 Max: 3600

link_tracking_groups:
  - name: <str>
    links_minimum: <int>
    recovery_delay: <int>

LLDP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
lldp	Dictionary
timer	Integer
timer_reinitialization	String
holdtime	Integer
management_address	String
vrf	String
receive_packet_tagged_drop	String
tlvs	List, items: Dictionary
- name	String	Required, Unique		Valid Values: - link-aggregation - management-address - max-frame-size - med - port-description - port-vlan - power-via-mdi - system-capabilities - system-description - system-name - vlan-name
transmit	Boolean
run	Boolean

lldp:
  timer: <int>
  timer_reinitialization: <str>
  holdtime: <int>
  management_address: <str>
  vrf: <str>
  receive_packet_tagged_drop: <str>
  tlvs:
    - name: <str>
      transmit: <bool>
  run: <bool>

Loopback interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
loopback_interfaces	List, items: Dictionary
- name	String	Required, Unique			Loopback interface name e.g. “Loopback0”
description	String
shutdown	Boolean
vrf	String				VRF name
ip_address	String				IPv4_address/Mask
ip_address_secondaries	List, items: String
- <str>	String				IPv4_address/Mask
ipv6_enable	Boolean
ipv6_address	String				IPv6_address/Mask
ip_proxy_arp	Boolean
ospf_area	String
mpls	Dictionary
ldp	Dictionary
interface	Boolean
isis_enable	String				ISIS instance name
isis_passive	Boolean
isis_metric	Integer
isis_network_point_to_point	Boolean
node_segment	Dictionary
ipv4_index	Integer
ipv6_index	Integer
eos_cli	String				EOS CLI rendered directly on the loopback interface in the final EOS configuration

loopback_interfaces:
  - name: <str>
    description: <str>
    shutdown: <bool>
    vrf: <str>
    ip_address: <str>
    ip_address_secondaries:
      - <str>
    ipv6_enable: <bool>
    ipv6_address: <str>
    ip_proxy_arp: <bool>
    ospf_area: <str>
    mpls:
      ldp:
        interface: <bool>
    isis_enable: <str>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    node_segment:
      ipv4_index: <int>
      ipv6_index: <int>
    eos_cli: <str>

Management interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_interfaces	List, items: Dictionary
- name	String	Required, Unique			Management Interface Name
description	String
shutdown	Boolean
mtu	Integer
vrf	String				VRF Name
ip_address	String				IPv4_address/Mask
ipv6_enable	Boolean
ipv6_address	String				IPv6_address/Mask
type	String		oob	Valid Values: - oob - inband	For documentation purposes only
gateway	String				IPv4 address of default gateway in management VRF
ipv6_gateway	String				IPv6 address of default gateway in management VRF
mac_address	String				MAC address
eos_cli	String				Multiline EOS CLI rendered directly on the management interface in the final EOS configuration

management_interfaces:
  - name: <str>
    description: <str>
    shutdown: <bool>
    mtu: <int>
    vrf: <str>
    ip_address: <str>
    ipv6_enable: <bool>
    ipv6_address: <str>
    type: <str>
    gateway: <str>
    ipv6_gateway: <str>
    mac_address: <str>
    eos_cli: <str>

Patch panel

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
patch_panel	Dictionary
patches	List, items: Dictionary
- name	String	Required, Unique
enabled	Boolean
connectors	List, items: Dictionary			Min Length: 2 Max Length: 2	Must have exactly two connectors to a patch of which at least one must be of type “interface”
- id	String	Required, Unique
type	String	Required		Valid Values: - interface - pseudowire
endpoint	String	Required			String with relevant endpoint depending on type. Examples: - “Ethernet1” - “Ethernet1 dot1q vlan 123” - “bgp vpws TENANT_A pseudowire VPWS_PW_1” - “ldp LDP_PW_1”

patch_panel:
  patches:
    - name: <str>
      enabled: <bool>
      connectors:
        - id: <str>
          type: <str>
          endpoint: <str>

Port-channel interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
port_channel_interfaces	List, items: Dictionary
- name	String	Required, Unique
description	String
logging	Dictionary
event	Dictionary
link_status	Boolean
shutdown	Boolean
l2_mtu	Integer				“l2_mtu” should only be defined for platforms supporting the “l2 mtu” CLI
vlans	String				List of switchport vlans as string For a trunk port this would be a range like “1-200,300” For an access port this would be a single vlan “123”
snmp_trap_link_change	Boolean
type	String			Valid Values: - routed - switched - l3dot1q - l2dot1q	l3dot1q and l2dot1q are used for sub-interfaces. The parent interface should be defined as routed. Interface will not be listed in device documentation, unless “type” is set.
encapsulation_dot1q_vlan	Integer				VLAN tag to configure on sub-interface
vrf	String				VRF name
encapsulation_vlan	Dictionary
client	Dictionary
dot1q	Dictionary
vlan	Integer				Client VLAN ID
outer	Integer				Client Outer VLAN ID
inner	Integer				Client Inner VLAN ID
unmatched	Boolean
network	Dictionary				Network encapsulation are all optional, and skipped if using client unmatched
dot1q	Dictionary
vlan	Integer				Network VLAN ID
outer	Integer				Network Outer VLAN ID
inner	Integer				Network Inner VLAN ID
client	Boolean
vlan_id	Integer			Min: 1 Max: 4094
mode	String			Valid Values: - access - dot1q-tunnel - trunk - trunk phone
native_vlan	Integer				If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence
native_vlan_tag	Boolean		False		If setting both native_vlan and native_vlan_tag, native_vlan_tag takes precedence
link_tracking_groups	List, items: Dictionary
- name	String	Required, Unique			Group name
direction	String			Valid Values: - upstream - downstream
phone	Dictionary
trunk	String			Valid Values: - tagged - untagged
vlan	Integer			Min: 1 Max: 4094
l2_protocol	Dictionary
encapsulation_dot1q_vlan	Integer				Vlan tag to configure on sub-interface
forwarding_profile	String				L2 protocol forwarding profile
mtu	Integer
mlag	Integer			Min: 1 Max: 2000	MLAG ID
trunk_groups	List, items: String
- <str>	String
lacp_fallback_timeout	Integer		90	Min: 0 Max: 300	Timeout in seconds
lacp_fallback_mode	String			Valid Values: - individual - static
qos	Dictionary
trust	String			Valid Values: - dscp - cos - disabled
dscp	Integer				DSCP value
cos	Integer				COS value
bfd	Dictionary
echo	Boolean
interval	Integer				Interval in milliseconds
min_rx	Integer				Rate in milliseconds
multiplier	Integer			Min: 3 Max: 50
service_policy	Dictionary
pbr	Dictionary
input	String				Policy Based Routing Policy-map name
qos	Dictionary
input	String	Required			Quality of Service Policy-map name
mpls	Dictionary
ip	Boolean
ldp	Dictionary
interface	Boolean
igp_sync	Boolean
trunk_private_vlan_secondary	Boolean
pvlan_mapping	String				List of vlans as string
vlan_translations	List, items: Dictionary
- from	String				List of vlans as string (only one vlan if direction is “both”)
to	Integer				VLAN ID
direction	String		both	Valid Values: - in - out - both
shape	Dictionary
rate	String				Rate in kbps, pps or percent Supported options are platform dependent Examples: - “5000 kbps” - “1000 pps” - “20 percent”
storm_control	Dictionary
all	Dictionary
level	String				Configure maximum storm-control level
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependant
broadcast	Dictionary
level	String				Configure maximum storm-control level
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependant
multicast	Dictionary
level	String				Configure maximum storm-control level
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependant
unknown_unicast	Dictionary
level	String				Configure maximum storm-control level
unit	String		percent	Valid Values: - percent - pps	Optional field and is hardware dependant
ip_proxy_arp	Boolean
isis_enable	String				ISIS instance
isis_passive	Boolean
isis_metric	Integer
isis_network_point_to_point	Boolean
isis_circuit_type	String			Valid Values: - level-1-2 - level-1 - level-2
isis_hello_padding	Boolean
isis_authentication_mode	String			Valid Values: - text - md5
isis_authentication_key	String				Type-7 encrypted password
traffic_policy	Dictionary
input	String				Ingress traffic policy
output	String				Egress traffic policy
evpn_ethernet_segment	Dictionary
identifier	String				EVPN Ethernet Segment Identifier (Type 1 format)
redundancy	String			Valid Values: - all-active - single-active
designated_forwarder_election	Dictionary
algorithm	String			Valid Values: - modulus - preference
preference_value	Integer			Min: 0 Max: 65535	Preference_value is only used when “algorithm” is “preference”
dont_preempt	Boolean		False		Dont_preempt is only used when “algorithm” is “preference”
hold_time	Integer
subsequent_hold_time	Integer
candidate_reachability_required	Boolean
mpls	Dictionary
shared_index	Integer			Min: 1 Max: 1024
tunnel_flood_filter_time	Integer
route_target	String				EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx
esi deprecated	String				EVPN Ethernet Segment Identifier (Type 1 format) If both “esi” and “evpn_ethernet_segment.identifier” are defined, the new variable takes precedence This key is deprecated. Support will be removed in AVD version 5.0.0. Use evpn_ethernet_segment.identifier instead.
rt deprecated	String				EVPN Route Target for ESI with format xx:xx:xx:xx:xx:xx If both “rt” and “evpn_ethernet_segment.route_target” are defined, the new variable takes precedence This key is deprecated. Support will be removed in AVD version 5.0.0. Use evpn_ethernet_segment.route_target instead.
lacp_id	String				LACP ID with format xxxx.xxxx.xxxx
spanning_tree_bpdufilter	String			Valid Values: - enabled - disabled - True - False - true - false
spanning_tree_bpduguard	String			Valid Values: - enabled - disabled - True - False - true - false
spanning_tree_guard	String			Valid Values: - loop - root - disabled
spanning_tree_portfast	String			Valid Values: - edge - network
vmtracer	Boolean
ptp	Dictionary
enable	Boolean
announce	Dictionary
interval	Integer
timeout	Integer
delay_req	Integer
delay_mechanism	String			Valid Values: - e2e - p2p
sync_message	Dictionary
interval	Integer
role	String			Valid Values: - master - dynamic
vlan	String				VLAN can be ‘all’ or list of vlans as string
transport	String			Valid Values: - ipv4 - ipv6 - layer2
ip_address	String				IPv4 address/mask
ip_nat	Dictionary
destination	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
pool_name	String	Required
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive
original_ip	String	Required, Unique			IPv4 address
original_port	Integer			Min: 1 Max: 65535
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’
source	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
nat_type	String	Required		Valid Values: - overload - pool - pool-address-only - pool-full-cone
pool_name	String				required if ‘nat_type’ is pool, pool-address-only or pool-full-cone ignored if ‘nat_type’ is overload
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive
original_ip	String	Required, Unique			IPv4 address
original_port	Integer			Min: 1 Max: 65535
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’
ipv6_enable	Boolean
ipv6_address	String				IPv6 address/mask
ipv6_address_link_local	String				Link local IPv6 address/mask
ipv6_nd_ra_disabled	Boolean
ipv6_nd_managed_config_flag	Boolean
ipv6_nd_prefixes	List, items: Dictionary
- ipv6_prefix	String	Required, Unique
valid_lifetime	String				Infinite or lifetime in seconds
preferred_lifetime	String				Infinite or lifetime in seconds
no_autoconfig_flag	Boolean
access_group_in	String				Access list name
access_group_out	String				Access list name
ipv6_access_group_in	String				IPv6 access list name
ipv6_access_group_out	String				IPv6 access list name
mac_access_group_in	String				MAC access list name
mac_access_group_out	String				MAC access list name
pim	Dictionary
ipv4	Dictionary
dr_priority	Integer			Min: 0 Max: 429467295
sparse_mode	Boolean
service_profile	String				QOS profile
ospf_network_point_to_point	Boolean
ospf_area	String
ospf_cost	Integer
ospf_authentication	String			Valid Values: - none - simple - message-digest
ospf_authentication_key	String				Encrypted password
ospf_message_digest_keys	List, items: Dictionary
- id	Integer	Required, Unique
hash_algorithm	String			Valid Values: - md5 - sha1 - sha256 - sha384 - sha512
key	String				Encrypted password
flow_tracker	Dictionary
sampled	String				Flow tracker name
bgp	Dictionary
session_tracker	String				Name of session tracker
peer	String				Key only used for documentation or validation purposes
peer_interface	String				Key only used for documentation or validation purposes
peer_type	String				Key only used for documentation or validation purposes
sflow	Dictionary
enable	Boolean
egress	Dictionary
enable	Boolean
unmodified_enable	Boolean
eos_cli	String				Multiline EOS CLI rendered directly on the port-channel interface in the final EOS configuration

port_channel_interfaces:
  - name: <str>
    description: <str>
    logging:
      event:
        link_status: <bool>
    shutdown: <bool>
    l2_mtu: <int>
    vlans: <str>
    snmp_trap_link_change: <bool>
    type: <str>
    encapsulation_dot1q_vlan: <int>
    vrf: <str>
    encapsulation_vlan:
      client:
        dot1q:
          vlan: <int>
          outer: <int>
          inner: <int>
        unmatched: <bool>
      network:
        dot1q:
          vlan: <int>
          outer: <int>
          inner: <int>
        client: <bool>
    vlan_id: <int>
    mode: <str>
    native_vlan: <int>
    native_vlan_tag: <bool>
    link_tracking_groups:
      - name: <str>
        direction: <str>
    phone:
      trunk: <str>
      vlan: <int>
    l2_protocol:
      encapsulation_dot1q_vlan: <int>
      forwarding_profile: <str>
    mtu: <int>
    mlag: <int>
    trunk_groups:
      - <str>
    lacp_fallback_timeout: <int>
    lacp_fallback_mode: <str>
    qos:
      trust: <str>
      dscp: <int>
      cos: <int>
    bfd:
      echo: <bool>
      interval: <int>
      min_rx: <int>
      multiplier: <int>
    service_policy:
      pbr:
        input: <str>
      qos:
        input: <str>
    mpls:
      ip: <bool>
      ldp:
        interface: <bool>
        igp_sync: <bool>
    trunk_private_vlan_secondary: <bool>
    pvlan_mapping: <str>
    vlan_translations:
      - from: <str>
        to: <int>
        direction: <str>
    shape:
      rate: <str>
    storm_control:
      all:
        level: <str>
        unit: <str>
      broadcast:
        level: <str>
        unit: <str>
      multicast:
        level: <str>
        unit: <str>
      unknown_unicast:
        level: <str>
        unit: <str>
    ip_proxy_arp: <bool>
    isis_enable: <str>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    isis_circuit_type: <str>
    isis_hello_padding: <bool>
    isis_authentication_mode: <str>
    isis_authentication_key: <str>
    traffic_policy:
      input: <str>
      output: <str>
    evpn_ethernet_segment:
      identifier: <str>
      redundancy: <str>
      designated_forwarder_election:
        algorithm: <str>
        preference_value: <int>
        dont_preempt: <bool>
        hold_time: <int>
        subsequent_hold_time: <int>
        candidate_reachability_required: <bool>
      mpls:
        shared_index: <int>
        tunnel_flood_filter_time: <int>
      route_target: <str>
    esi: <str>
    rt: <str>
    lacp_id: <str>
    spanning_tree_bpdufilter: <str>
    spanning_tree_bpduguard: <str>
    spanning_tree_guard: <str>
    spanning_tree_portfast: <str>
    vmtracer: <bool>
    ptp:
      enable: <bool>
      announce:
        interval: <int>
        timeout: <int>
      delay_req: <int>
      delay_mechanism: <str>
      sync_message:
        interval: <int>
      role: <str>
      vlan: <str>
      transport: <str>
    ip_address: <str>
    ip_nat:
      destination:
        dynamic:
          - access_list: <str>
            comment: <str>
            pool_name: <str>
            priority: <int>
        static:
          - access_list: <str>
            comment: <str>
            direction: <str>
            group: <int>
            original_ip: <str>
            original_port: <int>
            priority: <int>
            protocol: <str>
            translated_ip: <str>
            translated_port: <int>
      source:
        dynamic:
          - access_list: <str>
            comment: <str>
            nat_type: <str>
            pool_name: <str>
            priority: <int>
        static:
          - access_list: <str>
            comment: <str>
            direction: <str>
            group: <int>
            original_ip: <str>
            original_port: <int>
            priority: <int>
            protocol: <str>
            translated_ip: <str>
            translated_port: <int>
    ipv6_enable: <bool>
    ipv6_address: <str>
    ipv6_address_link_local: <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>
    ipv6_nd_prefixes:
      - ipv6_prefix: <str>
        valid_lifetime: <str>
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>
    access_group_in: <str>
    access_group_out: <str>
    ipv6_access_group_in: <str>
    ipv6_access_group_out: <str>
    mac_access_group_in: <str>
    mac_access_group_out: <str>
    pim:
      ipv4:
        dr_priority: <int>
        sparse_mode: <bool>
    service_profile: <str>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str>
    ospf_authentication_key: <str>
    ospf_message_digest_keys:
      - id: <int>
        hash_algorithm: <str>
        key: <str>
    flow_tracker:
      sampled: <str>
    bgp:
      session_tracker: <str>
    peer: <str>
    peer_interface: <str>
    peer_type: <str>
    sflow:
      enable: <bool>
      egress:
        enable: <bool>
        unmodified_enable: <bool>
    eos_cli: <str>

Switchport default

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
switchport_default	Dictionary
mode	String			Valid Values: - routed - access
phone	Dictionary
cos	Integer			Min: 0 Max: 7
trunk	String			Valid Values: - tagged - untagged
vlan	Integer			Min: 1 Max: 4094	VLAN ID

switchport_default:
  mode: <str>
  phone:
    cos: <int>
    trunk: <str>
    vlan: <int>

Tunnel interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
tunnel_interfaces	List, items: Dictionary
- name	String	Required, Unique			Tunnel Interface Name
description	String
shutdown	Boolean
mtu	Integer			Min: 68 Max: 65535
vrf	String				VRF Name
ip_address	String			Format: ipv4_cidr	IPv4_address/Mask
ipv6_enable	Boolean
ipv6_address	String			Format: ipv6_cidr	IPv6_address/Mask
access_group_in	String				IPv4 ACL Name for ingress
access_group_out	String				IPv4 ACL Name for egress
ipv6_access_group_in	String				IPv6 ACL Name for ingress
ipv6_access_group_out	String				IPv6 ACL Name for egress
tcp_mss_ceiling	Dictionary
ipv4	Integer			Min: 64 Max: 65495	Segment Size for IPv4
ipv6	Integer			Min: 64 Max: 65475	Segment Size for IPv6
direction	String			Valid Values: - ingress - egress	Optional direction (‘ingress’, ‘egress’) for tcp mss ceiling
source_interface	String				Tunnel Source Interface Name
destination	String				IPv4 or IPv6 Address Tunnel Destination
path_mtu_discovery	Boolean				Enable Path MTU Discovery On Tunnel
eos_cli	String				Multiline String with EOS CLI rendered directly on the Tunnel interface in the final EOS configuration.

tunnel_interfaces:
  - name: <str>
    description: <str>
    shutdown: <bool>
    mtu: <int>
    vrf: <str>
    ip_address: <str>
    ipv6_enable: <bool>
    ipv6_address: <str>
    access_group_in: <str>
    access_group_out: <str>
    ipv6_access_group_in: <str>
    ipv6_access_group_out: <str>
    tcp_mss_ceiling:
      ipv4: <int>
      ipv6: <int>
      direction: <str>
    source_interface: <str>
    destination: <str>
    path_mtu_discovery: <bool>
    eos_cli: <str>

VLAN interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
vlan_interfaces	List, items: Dictionary
- name	String	Required, Unique			VLAN interface name like “Vlan123”
description	String
shutdown	Boolean
vrf	String				VRF name
arp_aging_timeout	Integer			Min: 1 Max: 65535	In seconds
arp_cache_dynamic_capacity	Integer			Min: 0 Max: 4294967295
arp_gratuitous_accept	Boolean
arp_monitor_mac_address	Boolean
ip_proxy_arp	Boolean
ip_directed_broadcast	Boolean
ip_address	String				IPv4_address/Mask
ip_address_secondaries	List, items: String
- <str>	String				IPv4_address/Mask
ip_virtual_router_addresses	List, items: String
- <str>	String				IPv4 address or IPv4_address/Mask
ip_address_virtual	String				IPv4_address/Mask
ip_address_virtual_secondaries	List, items: String
- <str>	String				IPv4_address/Mask
ip_igmp	Boolean
ip_igmp_version	Integer			Min: 1 Max: 3
ip_helpers	List, items: Dictionary				List of DHCP servers
- ip_helper	String	Required, Unique			IP address or hostname of DHCP server
source_interface	String				Interface used as source for forwarded DHCP packets
vrf	String				VRF where DHCP server can be reached
ip_nat	Dictionary
destination	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
pool_name	String	Required
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive
original_ip	String	Required, Unique			IPv4 address
original_port	Integer			Min: 1 Max: 65535
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’
source	Dictionary
dynamic	List, items: Dictionary
- access_list	String	Required, Unique
comment	String
nat_type	String	Required		Valid Values: - overload - pool - pool-address-only - pool-full-cone
pool_name	String				required if ‘nat_type’ is pool, pool-address-only or pool-full-cone ignored if ‘nat_type’ is overload
priority	Integer			Min: 0 Max: 4294967295
static	List, items: Dictionary
- access_list	String				‘access_list’ and ‘group’ are mutual exclusive
comment	String
direction	String			Valid Values: - egress - ingress	Egress or ingress can be the default. This depends on source/destination, EOS version, and hardware platform. EOS might remove this keyword in the configuration. So, check the configuration on targeted HW/SW.
group	Integer			Min: 1 Max: 65535	‘access_list’ and ‘group’ are mutual exclusive
original_ip	String	Required, Unique			IPv4 address
original_port	Integer			Min: 1 Max: 65535
priority	Integer			Min: 0 Max: 4294967295
protocol	String			Valid Values: - udp - tcp
translated_ip	String	Required			IPv4 address
translated_port	Integer			Min: 1 Max: 65535	requires ‘original_port’
ipv6_enable	Boolean
ipv6_address	String				IPv6_address/Mask
ipv6_address_virtual deprecated	String				IPv6_address/Mask If both “ipv6_address_virtual” and “ipv6_address_virtuals” are set, all addresses will be configured This key is deprecated. Support will be removed in AVD version 5.0.0. Use ipv6_address_virtuals instead.
ipv6_address_virtuals	List, items: String				The new “ipv6_address_virtuals” key support multiple virtual ipv6 addresses.
- <str>	String				IPv6_address/Mask
ipv6_address_link_local	String				IPv6_address/Mask
ipv6_virtual_router_address deprecated	String				“ipv6_virtual_router_address” should not be mixed with the new “ipv6_virtual_router_addresses” key below to avoid conflicts. This key is deprecated. Support will be removed in AVD version 5.0.0. Use ipv6_virtual_router_addresses instead.
ipv6_virtual_router_addresses	List, items: String				Improved “VARPv6” data model to support multiple VARPv6 addresses.
- <str>	String				IPv6 address or IPv6_address/Mask
ipv6_nd_ra_disabled	Boolean
ipv6_nd_managed_config_flag	Boolean
ipv6_nd_prefixes	List, items: Dictionary
- ipv6_prefix	String	Required, Unique			IPv6_address/Mask
valid_lifetime	String				In seconds <0-4294967295> or infinite
preferred_lifetime	String				In seconds <0-4294967295> or infinite
no_autoconfig_flag	Boolean
ipv6_dhcp_relay_destinations	List, items: Dictionary
- address	String	Required, Unique			DHCP server’s IPv6 address
vrf	String
local_interface	String				Local interface to communicate with DHCP server - mutually exclusive to source_address
source_address	String				Source IPv6 address to communicate with DHCP server - mutually exclusive to local_interface
link_address	String				Override the default link address specified in the relayed DHCP packet
access_group_in	String				IPv4 access-list name
access_group_out	String				IPv4 access-list name
ipv6_access_group_in	String				IPv6 access-list name
ipv6_access_group_out	String				IPv6 access-list name
multicast	Dictionary
ipv4	Dictionary
boundaries	List, items: Dictionary				Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both
- boundary	String	Required, Unique			IPv4 access-list name or IPv4 multicast group prefix with mask
out	Boolean
source_route_export	Dictionary
enabled	Boolean	Required
administrative_distance	Integer			Min: 1 Max: 255
static	Boolean
ipv6	Dictionary
boundaries	List, items: Dictionary				Boundaries can be either 1 ACL or a list of multicast IP address_range(s)/prefix but not combination of both
- boundary	String	Required, Unique			IPv6 access-list name or IPv6 multicast group prefix with mask
source_route_export	Dictionary
enabled	Boolean	Required
administrative_distance	Integer			Min: 1 Max: 255
static	Boolean
ospf_network_point_to_point	Boolean
ospf_area	String
ospf_cost	Integer
ospf_authentication	String			Valid Values: - none - simple - message-digest
ospf_authentication_key	String				Encrypted password used for simple authentication
ospf_message_digest_keys	List, items: Dictionary				Keys used for message-digest authentication
- id	Integer	Required, Unique
hash_algorithm	String			Valid Values: - md5 - sha1 - sha256 - sha384 - sha512
key	String				Encrypted password
pim	Dictionary
ipv4	Dictionary
dr_priority	Integer			Min: 0 Max: 429467295
sparse_mode	Boolean
local_interface	String
isis_enable	String				ISIS instance name
isis_passive	Boolean
isis_metric	Integer
isis_network_point_to_point	Boolean
mtu	Integer
no_autostate	Boolean
vrrp_ids	List, items: Dictionary				Improved “vrrp” data model to support multiple VRRP IDs
- id	Integer	Required, Unique			VRID
priority_level	Integer				Instance priority
advertisement	Dictionary
interval	Integer				Interval in seconds
preempt	Dictionary
enabled	Boolean	Required
delay	Dictionary
minimum	Integer				Minimum preempt delay in seconds
reload	Integer				Reload preempt delay in seconds
timers	Dictionary
delay	Dictionary
reload	Integer				Delay after reload in seconds.
tracked_object	List, items: Dictionary
- name	String	Required, Unique			Tracked object name
decrement	Integer			Min: 1 Max: 254	Decrement VRRP priority by 1-254
shutdown	Boolean
ipv4	Dictionary
address	String	Required			Virtual IPv4 address
version	Integer			Valid Values: - 2 - 3
ipv6	Dictionary
address	String	Required			Virtual IPv6 address
vrrp deprecated	Dictionary				“vrrp” should not be mixed with the new “vrrp_ids” key above to avoid conflicts. This key is deprecated. Support will be removed in AVD version 5.0.0. Use vrrp_ids instead.
virtual_router	String				Virtual Router ID
priority	Integer				Instance priority
advertisement_interval	Integer
preempt_delay_minimum	Integer
ipv4	String				Virtual IPv4 address
ipv6	String				Virtual IPv6 address
ip_attached_host_route_export	Dictionary
enabled	Boolean	Required
distance	Integer			Min: 1 Max: 255
bfd	Dictionary
echo	Boolean
interval	Integer				Rate in milliseconds
min_rx	Integer				Minimum RX hold time in milliseconds
multiplier	Integer			Min: 3 Max: 50
service_policy	Dictionary
pbr	Dictionary
input	String				Name of policy-map used for policy based routing
pvlan_mapping	String				List of VLANs as string
tenant	String				Key only used for documentation or validation purposes
tags	List, items: String				Key only used for documentation or validation purposes
- <str>	String
type	String				Key only used for documentation or validation purposes
eos_cli	String				Multiline EOS CLI rendered directly on the VLAN interface in the final EOS configuration

vlan_interfaces:
  - name: <str>
    description: <str>
    shutdown: <bool>
    vrf: <str>
    arp_aging_timeout: <int>
    arp_cache_dynamic_capacity: <int>
    arp_gratuitous_accept: <bool>
    arp_monitor_mac_address: <bool>
    ip_proxy_arp: <bool>
    ip_directed_broadcast: <bool>
    ip_address: <str>
    ip_address_secondaries:
      - <str>
    ip_virtual_router_addresses:
      - <str>
    ip_address_virtual: <str>
    ip_address_virtual_secondaries:
      - <str>
    ip_igmp: <bool>
    ip_igmp_version: <int>
    ip_helpers:
      - ip_helper: <str>
        source_interface: <str>
        vrf: <str>
    ip_nat:
      destination:
        dynamic:
          - access_list: <str>
            comment: <str>
            pool_name: <str>
            priority: <int>
        static:
          - access_list: <str>
            comment: <str>
            direction: <str>
            group: <int>
            original_ip: <str>
            original_port: <int>
            priority: <int>
            protocol: <str>
            translated_ip: <str>
            translated_port: <int>
      source:
        dynamic:
          - access_list: <str>
            comment: <str>
            nat_type: <str>
            pool_name: <str>
            priority: <int>
        static:
          - access_list: <str>
            comment: <str>
            direction: <str>
            group: <int>
            original_ip: <str>
            original_port: <int>
            priority: <int>
            protocol: <str>
            translated_ip: <str>
            translated_port: <int>
    ipv6_enable: <bool>
    ipv6_address: <str>
    ipv6_address_virtual: <str>
    ipv6_address_virtuals:
      - <str>
    ipv6_address_link_local: <str>
    ipv6_virtual_router_address: <str>
    ipv6_virtual_router_addresses:
      - <str>
    ipv6_nd_ra_disabled: <bool>
    ipv6_nd_managed_config_flag: <bool>
    ipv6_nd_prefixes:
      - ipv6_prefix: <str>
        valid_lifetime: <str>
        preferred_lifetime: <str>
        no_autoconfig_flag: <bool>
    ipv6_dhcp_relay_destinations:
      - address: <str>
        vrf: <str>
        local_interface: <str>
        source_address: <str>
        link_address: <str>
    access_group_in: <str>
    access_group_out: <str>
    ipv6_access_group_in: <str>
    ipv6_access_group_out: <str>
    multicast:
      ipv4:
        boundaries:
          - boundary: <str>
            out: <bool>
        source_route_export:
          enabled: <bool>
          administrative_distance: <int>
        static: <bool>
      ipv6:
        boundaries:
          - boundary: <str>
        source_route_export:
          enabled: <bool>
          administrative_distance: <int>
        static: <bool>
    ospf_network_point_to_point: <bool>
    ospf_area: <str>
    ospf_cost: <int>
    ospf_authentication: <str>
    ospf_authentication_key: <str>
    ospf_message_digest_keys:
      - id: <int>
        hash_algorithm: <str>
        key: <str>
    pim:
      ipv4:
        dr_priority: <int>
        sparse_mode: <bool>
        local_interface: <str>
    isis_enable: <str>
    isis_passive: <bool>
    isis_metric: <int>
    isis_network_point_to_point: <bool>
    mtu: <int>
    no_autostate: <bool>
    vrrp_ids:
      - id: <int>
        priority_level: <int>
        advertisement:
          interval: <int>
        preempt:
          enabled: <bool>
          delay:
            minimum: <int>
            reload: <int>
        timers:
          delay:
            reload: <int>
        tracked_object:
          - name: <str>
            decrement: <int>
            shutdown: <bool>
        ipv4:
          address: <str>
          version: <int>
        ipv6:
          address: <str>
    vrrp:
      virtual_router: <str>
      priority: <int>
      advertisement_interval: <int>
      preempt_delay_minimum: <int>
      ipv4: <str>
      ipv6: <str>
    ip_attached_host_route_export:
      enabled: <bool>
      distance: <int>
    bfd:
      echo: <bool>
      interval: <int>
      min_rx: <int>
      multiplier: <int>
    service_policy:
      pbr:
        input: <str>
    pvlan_mapping: <str>
    tenant: <str>
    tags:
      - <str>
    type: <str>
    eos_cli: <str>

VXLAN interface

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
vxlan_interface	Dictionary
Vxlan1	Dictionary
description	String
vxlan	Dictionary
source_interface	String				Source Interface Name
controller_client	Dictionary				Client to CVX Controllers
enabled	Boolean
mlag_source_interface	String
udp_port	Integer
virtual_router_encapsulation_mac_address	String				“mlag-system-id” or ethernet_address (H.H.H)
bfd_vtep_evpn	Dictionary
interval	Integer
min_rx	Integer
multiplier	Integer			Min: 3 Max: 50
prefix_list	String
qos	Dictionary				For the Traffic Class to be derived based on the outer DSCP field of the incoming VxLan packet, the core ports must be in “DSCP Trust” mode. !!!Warning, only few hardware types with software version >= 4.26.0 support the below knobs to configure Vxlan DSCP mapping.
dscp_propagation_encapsulation	Boolean
ecn_propagation	Boolean				Enable copying the ECN marking to/from encapsulated packets.
map_dscp_to_traffic_class_decapsulation	Boolean
vlans	List, items: Dictionary
- id	Integer	Required, Unique			VLAN ID
vni	Integer
multicast_group	String				IP Multicast Group Address
flood_vteps	List, items: String
- <str>	String				Remote VTEP IP Address
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF Name
vni	Integer
multicast_group	String				IP Multicast Group Address
flood_vteps	List, items: String
- <str>	String				Remote VTEP IP Address
flood_vtep_learned_data_plane	Boolean
eos_cli	String				Multiline String with EOS CLI rendered directly on the Vxlan interface in the final EOS configuration.

vxlan_interface:
  Vxlan1:
    description: <str>
    vxlan:
      source_interface: <str>
      controller_client:
        enabled: <bool>
      mlag_source_interface: <str>
      udp_port: <int>
      virtual_router_encapsulation_mac_address: <str>
      bfd_vtep_evpn:
        interval: <int>
        min_rx: <int>
        multiplier: <int>
        prefix_list: <str>
      qos:
        dscp_propagation_encapsulation: <bool>
        ecn_propagation: <bool>
        map_dscp_to_traffic_class_decapsulation: <bool>
      vlans:
        - id: <int>
          vni: <int>
          multicast_group: <str>
          flood_vteps:
            - <str>
      vrfs:
        - name: <str>
          vni: <int>
          multicast_group: <str>
      flood_vteps:
        - <str>
      flood_vtep_learned_data_plane: <bool>
    eos_cli: <str>

Maintenance Mode

BGP groups

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
bgp_groups	List, items: Dictionary
- name	String	Required, Unique			Group Name
vrf	String
neighbors	List, items: String
- <str>	String
bgp_maintenance_profiles	List, items: String
- <str>	String				Profile Name

bgp_groups:
  - name: <str>
    vrf: <str>
    neighbors:
      - <str>
    bgp_maintenance_profiles:
      - <str>

Interface groups

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
interface_groups	List, items: Dictionary
- name	String	Required, Unique			Interface-Group name
interfaces	List, items: String
- <str>	String				Interface Name
bgp_maintenance_profiles	List, items: String
- <str>	String				Name of BGP Maintenance Profile
interface_maintenance_profiles	List, items: String
- <str>	String				Name of Interface Maintenance Profile

interface_groups:
  - name: <str>
    interfaces:
      - <str>
    bgp_maintenance_profiles:
      - <str>
    interface_maintenance_profiles:
      - <str>

Maintenance

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
maintenance	Dictionary
default_interface_profile	String				Name of default Interface Profile
default_bgp_profile	String				Name of default BGP Profile
default_unit_profile	String				Name of default Unit Profile
interface_profiles	List, items: Dictionary
- name	String	Required, Unique
rate_monitoring	Dictionary
load_interval	Integer				Load Interval in Seconds
threshold	Integer				Threshold in kbps
shutdown	Dictionary
max_delay	Integer				Max delay in seconds
bgp_profiles	List, items: Dictionary
- name	String	Required, Unique			BGP Profile Name
initiator	Dictionary
route_map_inout	String				Route Map
unit_profiles	List, items: Dictionary
- name	String	Required, Unique			Unit Profile Name
on_boot	Dictionary
duration	Integer			Min: 300 Max: 3600	On-boot in seconds
units	List, items: Dictionary
- name	String	Required, Unique			Unit Name
quiesce	Boolean
profile	String				Name of Unit Profile
groups	Dictionary
bgp_groups	List, items: String
- <str>	String				Name of BGP Group
interface_groups	List, items: String
- <str>	String				Name of Interface Group

maintenance:
  default_interface_profile: <str>
  default_bgp_profile: <str>
  default_unit_profile: <str>
  interface_profiles:
    - name: <str>
      rate_monitoring:
        load_interval: <int>
        threshold: <int>
      shutdown:
        max_delay: <int>
  bgp_profiles:
    - name: <str>
      initiator:
        route_map_inout: <str>
  unit_profiles:
    - name: <str>
      on_boot:
        duration: <int>
  units:
    - name: <str>
      quiesce: <bool>
      profile: <str>
      groups:
        bgp_groups:
          - <str>
        interface_groups:
          - <str>

Management

Aliases

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
aliases	String				Multi-line string with one or more alias commands. Example: yaml<br>aliases: |<br> alias wr copy running-config startup-config<br> alias siib show ip interface brief<br>

aliases: <str>

Banners

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
banners	Dictionary
login	String				Multiline string ending with EOF on the last line
motd	String				Multiline string ending with EOF on the last line

banners:
  login: <str>
  motd: <str>

Boot

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
boot	Dictionary				Set the Aboot password
secret	Dictionary
hash_algorithm	String		sha512	Valid Values: - md5 - sha512
key	String				Hashed Password

boot:
  secret:
    hash_algorithm: <str>
    key: <str>

Clock

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
clock	Dictionary
timezone	String

clock:
  timezone: <str>

DNS domain

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
dns_domain	String				Domain Name

dns_domain: <str>

Domain-list

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
domain_list	List, items: String				Search list of DNS domains
- <str>	String				Domain name

domain_list:
  - <str>

IP domain lookup

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_domain_lookup	Dictionary
source_interfaces	List, items: Dictionary
- name	String	Required, Unique			Source Interface
vrf	String

ip_domain_lookup:
  source_interfaces:
    - name: <str>
      vrf: <str>

IP HTTP client source-interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_http_client_source_interfaces	List, items: Dictionary
- name	String				Interface Name
vrf	String

ip_http_client_source_interfaces:
  - name: <str>
    vrf: <str>

IP name servers

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_name_servers	List, items: Dictionary
- ip_address	String				IPv4 or IPv6 address for DNS server
vrf	String				VRF Name
priority	Integer			Min: 0 Max: 4	Priority value (lower is first)

ip_name_servers:
  - ip_address: <str>
    vrf: <str>
    priority: <int>

IP SSH client source-interfaces

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_ssh_client_source_interfaces	List, items: Dictionary
- name	String				Interface Name
vrf	String		default

ip_ssh_client_source_interfaces:
  - name: <str>
    vrf: <str>

Management accounts

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_accounts	Dictionary
password	Dictionary
policy	String

management_accounts:
  password:
    policy: <str>

Management API HTTP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_api_http	Dictionary
enable_http	Boolean
enable_https	Boolean
https_ssl_profile	String				SSL Profile Name
default_services	Boolean				Enable default services: capi-doc and tapagg
enable_vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF Name
access_group	String				Standard IPv4 ACL name
ipv6_access_group	String				Standard IPv6 ACL name
protocol_https_certificate	Dictionary
certificate	String				Name of certificate; private key must also be specified
private_key	String				Name of private key; certificate must also be specified

management_api_http:
  enable_http: <bool>
  enable_https: <bool>
  https_ssl_profile: <str>
  default_services: <bool>
  enable_vrfs:
    - name: <str>
      access_group: <str>
      ipv6_access_group: <str>
  protocol_https_certificate:
    certificate: <str>
    private_key: <str>

Management API models

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_api_models	Dictionary
providers	List, items: Dictionary
- name	String			Valid Values: - sysdb - smash
paths	List, items: Dictionary
- path	String
disabled	Boolean		False

management_api_models:
  providers:
    - name: <str>
      paths:
        - path: <str>
          disabled: <bool>

Management console

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_console	Dictionary
idle_timeout	Integer			Min: 0 Max: 86400

management_console:
  idle_timeout: <int>

Management defaults

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_defaults	Dictionary
secret	Dictionary
hash	String			Valid Values: - md5 - sha512

management_defaults:
  secret:
    hash: <str>

Management security

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_security	Dictionary
entropy_source	String
password	Dictionary
minimum_length	Integer			Min: 1 Max: 32
encryption_key_common	Boolean
encryption_reversible	String
policies	List, items: Dictionary
- name	String	Required, Unique
minimum	Dictionary
digits	Integer			Min: 1 Max: 65535
length	Integer			Min: 1 Max: 65535
lower	Integer			Min: 1 Max: 65535
special	Integer			Min: 1 Max: 65535
upper	Integer			Min: 1 Max: 65535
maximum	Dictionary
repetitive	Integer			Min: 1 Max: 65535
sequential	Integer			Min: 1 Max: 65535
ssl_profiles	List, items: Dictionary
- name	String
tls_versions	String				List of allowed TLS versions as string Examples: - “1.0” - “1.0 1.1”
cipher_list	String				cipher_list syntax follows the openssl cipher strings format. Colon (:) separated list of allowed ciphers as a string
trust_certificate	Dictionary
certificates	List, items: String				List of trust certificate names Examples: - test1.crt - test2.crt
- <str>	String
requirement	Dictionary
basic_constraint_ca	Boolean
hostname_fqdn	Boolean				Enforce hostname to be FQDN without wildcard.
policy_expiry_date_ignore	Boolean
system	Boolean				Use system-supplied trust certificates.
chain_certificate	Dictionary
certificates	List, items: String				List of chain certificate names Examples: - chain1.crt - chain2.crt
- <str>	String
requirement	Dictionary
basic_constraint_ca	Boolean
include_root_ca	Boolean
certificate	Dictionary
file	String
key	String

management_security:
  entropy_source: <str>
  password:
    minimum_length: <int>
    encryption_key_common: <bool>
    encryption_reversible: <str>
    policies:
      - name: <str>
        minimum:
          digits: <int>
          length: <int>
          lower: <int>
          special: <int>
          upper: <int>
        maximum:
          repetitive: <int>
          sequential: <int>
  ssl_profiles:
    - name: <str>
      tls_versions: <str>
      cipher_list: <str>
      trust_certificate:
        certificates:
          - <str>
        requirement:
          basic_constraint_ca: <bool>
          hostname_fqdn: <bool>
        policy_expiry_date_ignore: <bool>
        system: <bool>
      chain_certificate:
        certificates:
          - <str>
        requirement:
          basic_constraint_ca: <bool>
          include_root_ca: <bool>
      certificate:
        file: <str>
        key: <str>

Management SSH

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_ssh	Dictionary
access_groups	List, items: Dictionary
- name	String				Standard ACL Name
vrf	String				VRF Name
ipv6_access_groups	List, items: Dictionary
- name	String				Standard ACL Name
vrf	String				VRF Name
idle_timeout	Integer			Min: 0 Max: 86400	Idle timeout in minutes
cipher	List, items: String				Cryptographic ciphers for SSH to use
- <str>	String
key_exchange	List, items: String				Cryptographic key exchange methods for SSH to use
- <str>	String
mac	List, items: String				Cryptographic MAC algorithms for SSH to use
- <str>	String
hostkey	Dictionary
server	List, items: String				SSH host key settings
- <str>	String
enable	Boolean				Enable SSH daemon
connection	Dictionary
limit	Integer			Min: 1 Max: 100	Maximum total number of SSH sessions to device
per_host	Integer			Min: 1 Max: 20	Maximum number of SSH sessions to device from a single host
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF Name
enable	Boolean				Enable SSH in VRF
log_level	String				SSH daemon log level

management_ssh:
  access_groups:
    - name: <str>
      vrf: <str>
  ipv6_access_groups:
    - name: <str>
      vrf: <str>
  idle_timeout: <int>
  cipher:
    - <str>
  key_exchange:
    - <str>
  mac:
    - <str>
  hostkey:
    server:
      - <str>
  enable: <bool>
  connection:
    limit: <int>
    per_host: <int>
  vrfs:
    - name: <str>
      enable: <bool>
  log_level: <str>

Management tech-support

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_tech_support	Dictionary
policy_show_tech_support	Dictionary
exclude_commands	List, items: Dictionary
- command	String				Command to exclude from tech-support
type	String		text	Valid Values: - text - json	The supported values for type are platform dependent.
include_commands	List, items: Dictionary
- command	String				Command to include in tech-support

management_tech_support:
  policy_show_tech_support:
    exclude_commands:
      - command: <str>
        type: <str>
    include_commands:
      - command: <str>

Name server

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
name_server deprecated	Dictionary				This key is deprecated. Support will be removed in AVD version v5.0.0. Use ip_name_servers instead.
source	Dictionary
vrf	String				VRF Name
nodes	List, items: String
- <str>	String

name_server:
  source:
    vrf: <str>
  nodes:
    - <str>

NTP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ntp	Dictionary
local_interface	Dictionary
name	String				Source interface
vrf	String				VRF name
servers	List, items: Dictionary
- name	String				IP or hostname e.g., 2.2.2.55, ie.pool.ntp.org
burst	Boolean
iburst	Boolean
key	Integer			Min: 1 Max: 65535
local_interface	String				Source interface
maxpoll	Integer			Min: 3 Max: 17	Value of maxpoll between 3 - 17 (Logarithmic)
minpoll	Integer			Min: 3 Max: 17	Value of minpoll between 3 - 17 (Logarithmic)
preferred	Boolean
version	Integer			Min: 1 Max: 4
vrf	String				VRF name
authenticate	Boolean
authenticate_servers_only	Boolean
authentication_keys	List, items: Dictionary
- id	Integer	Required, Unique		Min: 1 Max: 65534	Key identifier
hash_algorithm	String			Valid Values: - md5 - sha1
key	String				Obfuscated key
key_type	String			Valid Values: - 0 - 7 - 8a
trusted_keys	String				List of trusted-keys as string ex. 10-12,15

ntp:
  local_interface:
    name: <str>
    vrf: <str>
  servers:
    - name: <str>
      burst: <bool>
      iburst: <bool>
      key: <int>
      local_interface: <str>
      maxpoll: <int>
      minpoll: <int>
      preferred: <bool>
      version: <int>
      vrf: <str>
  authenticate: <bool>
  authenticate_servers_only: <bool>
  authentication_keys:
    - id: <int>
      hash_algorithm: <str>
      key: <str>
      key_type: <str>
  trusted_keys: <str>

Prompt

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
prompt	String

prompt: <str>

Terminal

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
terminal	Dictionary
length	Integer			Min: 0 Max: 32767
width	Integer			Min: 10 Max: 32767

terminal:
  length: <int>
  width: <int>

Virtual source NAT VRFs

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
virtual_source_nat_vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF Name
ip_address	String				IPv4 Address

virtual_source_nat_vrfs:
  - name: <str>
    ip_address: <str>

Miscellaneous

CVX

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
cvx	Dictionary				CVX server features are not supported on physical switches. See management_cvx for client configurations.
shutdown	Boolean
peer_hosts	List, items: String
- <str>	String				IP address or hostname
services	Dictionary
mcs	Dictionary
redis	Dictionary
password	String				Hashed password using the password_type
password_type	String		7	Valid Values: - 0 - 7 - 8a
shutdown	Boolean
vxlan	Dictionary				VXLAN Controller service
shutdown	Boolean
vtep_mac_learning	String			Valid Values: - control-plane - data-plane

cvx:
  shutdown: <bool>
  peer_hosts:
    - <str>
  services:
    mcs:
      redis:
        password: <str>
        password_type: <str>
      shutdown: <bool>
    vxlan:
      shutdown: <bool>
      vtep_mac_learning: <str>

EOS cli

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
eos_cli	String				Multiline string with EOS CLI rendered directly on the root level of the final EOS configuration

eos_cli: <str>

Management CVX

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_cvx	Dictionary
shutdown	Boolean
server_hosts	List, items: String
- <str>	String				IP or hostname
source_interface	String				Interface name
vrf	String				VRF Name

management_cvx:
  shutdown: <bool>
  server_hosts:
    - <str>
  source_interface: <str>
  vrf: <str>

MCS client

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
mcs_client	Dictionary
shutdown	Boolean
cvx_secondary	Dictionary
name	String
shutdown	Boolean
server_hosts	List, items: String
- <str>	String				IP or hostname

mcs_client:
  shutdown: <bool>
  cvx_secondary:
    name: <str>
    shutdown: <bool>
    server_hosts:
      - <str>

Monitoring

Daemons

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
daemons	List, items: Dictionary				This will add a daemon to the eos configuration that is most useful when trying to run OpenConfig clients like ocprometheus.
- name	String	Required, Unique			Daemon Name
exec	String	Required			command to run as a daemon
enabled	Boolean		True

daemons:
  - name: <str>
    exec: <str>
    enabled: <bool>

Daemon terminattr

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
daemon_terminattr	Dictionary				You can either provide a list of IPs/FQDNs to target on-premise Cloudvision cluster or use DNS name for your Cloudvision as a Service instance. Streaming to multiple clusters both on-prem and cloud service is supported. !!! note For TerminAttr version recommendation and EOS compatibility matrix, please refer to the latest TerminAttr Release Notes which always contain the latest recommended versions and minimum required versions per EOS release.
cvaddrs	List, items: String				Streaming address(es) for CloudVision single cluster - TCP 9910 is used for CV on-prem - TCP 443 is used for CV as a Service
- <str>	String				Server address in the format <ip/fqdn>:<port>
clusters	List, items: Dictionary				Multiple CloudVision clusters
- name	String	Required, Unique			Cluster Name
cvaddrs	List, items: String				Streaming address(es) for CloudVision cluster - TCP 9910 is used for CV on-prem - TCP 443 is used for CV as a Service
- <str>	String				Server address in the format <ip/fqdn>:<port>
cvauth	Dictionary				Authentication scheme used to connect to CloudVision
method	String			Valid Values: - token - token-secure - key - certs
key	String
token_file	String				Token file path e.g. “/tmp/token”
cert_file	String				Client certificate file path e.g. “/persist/secure/ssl/terminattr/primary/certs/client.crt”
ca_file	String				CA certificate file path (on-prem only) e.g. “/persist/secure/ssl/terminattr/primary/certs/ca.crt”
key_file	String				Client certificate key file path e.g. “/persist/secure/ssl/terminattr/primary/keys/client.key”
cvobscurekeyfile	Boolean				Encrypt the private key used for authentication to CloudVision
cvproxy	String				Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud. The expected form is http://[user:password@]ip:port, e.g.: http://arista:arista@10.83.12.78:3128. Available as of TerminAttr v1.13.0
cvsourceip	String				Set source IP address in case of in-band managament
cvsourceintf	String				Set source interface in case of in-band managament. Available as of TerminAttr v1.23.0
cvvrf	String				The VRF to use to connect to CloudVision
cvauth	Dictionary				Authentication scheme used to connect to CloudVision
method	String			Valid Values: - token - token-secure - key - certs
key	String
token_file	String				Token file path e.g. “/tmp/token”
cert_file	String				Client certificate file path e.g. “/persist/secure/ssl/terminattr/primary/certs/client.crt”
ca_file	String				CA certificate file path (on-prem only) e.g. “/persist/secure/ssl/terminattr/primary/certs/ca.crt”
key_file	String				Client certificate key file path e.g. “/persist/secure/ssl/terminattr/primary/keys/client.key”
cvobscurekeyfile	Boolean				Encrypt the private key used for authentication to CloudVision
cvproxy	String				Proxy server through which CloudVision is reachable. Useful when the CloudVision server is hosted in the cloud. The expected form is http://[user:password@]ip:port, e.g.: http://arista:arista@10.83.12.78:3128. Available as of TerminAttr v1.13.0
cvsourceip	String				Set source IP address in case of in-band managament
cvsourceintf	String				Set source interface in case of in-band managament
cvvrf	String				The VRF to use to connect to CloudVision
cvgnmi	Boolean				Stream states from EOS gNMI servers (Openconfig) to CloudVision. Available as of TerminAttr v1.13.1
disable_aaa	Boolean				Disable AAA authorization and accounting. When setting this flag, all commands pushed from CloudVision are applied directly to the CLI without authorization
grpcaddr	String				Set the gRPC server address, the default is 127.0.0.1:6042 e.g. “MGMT/0.0.0.0:6042”
grpcreadonly	Boolean				gNMI read-only mode - Disable gnmi.Set()
ingestexclude	String				Exclude paths from Sysdb on the ingest side. e.g. “/Sysdb/cell/1/agent,/Sysdb/cell/2/agent”
smashexcludes	String				Exclude paths from the shared memory table. e.g. “ale,flexCounter,hardware,kni,pulse,strata”
taillogs	String				Enable log file collection; /var/log/messages is streamed by default if no path is set. e.g. “/var/log/messages”
ecodhcpaddr	String				ECO DHCP Collector address or ECO DHCP Fingerprint listening address in standalone mode (default “127.0.0.1:67”)
ipfix	Boolean				Enable IPFIX provider (TerminAttr default is true). This flag is enabled by default and does not have to be added to the daemon configuration.
ipfixaddr	String				ECO IPFIX Collector address to listen on to receive IPFIX packets (TerminAttr default “127.0.0.1:4739”).
sflow	Boolean				Enable sFlow provider (TerminAttr default is true).
sflowaddr	String				ECO sFlow Collector address to listen on to receive sFlow packets (TerminAttr default “127.0.0.1:6343”).
cvconfig	Boolean				Subscribe to dynamic device configuration from CloudVision (TerminAttr default is false).
cvcompression	String				The default compression scheme when streaming to CloudVision is gzip since TerminAttr 1.6.1 and CVP 2019.1.0. There is no need to change the compression scheme.

daemon_terminattr:
  cvaddrs:
    - <str>
  clusters:
    - name: <str>
      cvaddrs:
        - <str>
      cvauth:
        method: <str>
        key: <str>
        token_file: <str>
        cert_file: <str>
        ca_file: <str>
        key_file: <str>
      cvobscurekeyfile: <bool>
      cvproxy: <str>
      cvsourceip: <str>
      cvsourceintf: <str>
      cvvrf: <str>
  cvauth:
    method: <str>
    key: <str>
    token_file: <str>
    cert_file: <str>
    ca_file: <str>
    key_file: <str>
  cvobscurekeyfile: <bool>
  cvproxy: <str>
  cvsourceip: <str>
  cvsourceintf: <str>
  cvvrf: <str>
  cvgnmi: <bool>
  disable_aaa: <bool>
  grpcaddr: <str>
  grpcreadonly: <bool>
  ingestexclude: <str>
  smashexcludes: <str>
  taillogs: <str>
  ecodhcpaddr: <str>
  ipfix: <bool>
  ipfixaddr: <str>
  sflow: <bool>
  sflowaddr: <str>
  cvconfig: <bool>
  cvcompression: <str>

Event handlers

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
event_handlers	List, items: Dictionary				Gives the ability to monitor and react to Syslog messages. Event Handlers provide a powerful and flexible tool that can be used to apply self-healing actions, customize the system behavior, and implement workarounds to problems discovered in the field.
- name	String	Required, Unique			Event Handler Name
action_type	String			Valid Values: - bash - increment - log
action	String				Command to execute
delay	Integer				Event-handler delay in seconds
trigger	String			Valid Values: - on-logging - on-startup-config	Configure event trigger condition.
regex	String				Regular expression to use for searching log messages. Required for on-logging trigger
asynchronous	Boolean		False		Set the action to be non-blocking.

event_handlers:
  - name: <str>
    action_type: <str>
    action: <str>
    delay: <int>
    trigger: <str>
    regex: <str>
    asynchronous: <bool>

Event monitor

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
event_monitor	Dictionary
enabled	Boolean

event_monitor:
  enabled: <bool>

Flow tracking

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
flow_trackings	List, items: Dictionary
- type	String	Required, Unique		Valid Values: - sampled	Flow Tracking Type - only ‘sampled’ supported for now
sample	Integer			Min: 1 Max: 4294967295
trackers	List, items: Dictionary
- name	String	Required, Unique			Tracker Name
record_export	Dictionary
on_inactive_timeout	Integer			Min: 3000 Max: 900000	Flow record inactive export timeout in milliseconds
on_interval	Integer			Min: 1000 Max: 36000000	Flow record export interval in milliseconds
mpls	Boolean				Export MPLS forwarding information
exporters	List, items: Dictionary
- name	String	Required, Unique			Exporter Name
collector	Dictionary
host	String				Collector IPv4 address or IPv6 address or fully qualified domain name
port	Integer			Min: 1 Max: 65535	Collector Port Number
format	Dictionary
ipfix_version	Integer
local_interface	String				Local Source Interface
template_interval	Integer			Min: 5000 Max: 3600000	Template interval in milliseconds
table_size	Integer			Min: 1 Max: 614400	Maximum number of entries in flow table.
shutdown	Boolean		False

flow_trackings:
  - type: <str>
    sample: <int>
    trackers:
      - name: <str>
        record_export:
          on_inactive_timeout: <int>
          on_interval: <int>
          mpls: <bool>
        exporters:
          - name: <str>
            collector:
              host: <str>
              port: <int>
            format:
              ipfix_version: <int>
            local_interface: <str>
            template_interval: <int>
        table_size: <int>
    shutdown: <bool>

Load interval

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
load_interval	Dictionary
default	Integer				Default load interval in seconds

load_interval:
  default: <int>

Logging

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
logging	Dictionary
console	String			Valid Values: - debugging - informational - notifications - warnings - errors - critical - alerts - emergencies - disabled	Console logging severity level
monitor	String			Valid Values: - debugging - informational - notifications - warnings - errors - critical - alerts - emergencies - disabled	Monitor logging severity level
buffered	Dictionary
size	Integer			Min: 10 Max: 2147483647
level	String			Valid Values: - alerts - critical - debugging - emergencies - errors - informational - notifications - warnings - disabled	Buffer logging severity level
trap	String			Valid Values: - alerts - critical - debugging - emergencies - errors - informational - notifications - system - warnings - disabled	Trap logging severity level
synchronous	Dictionary
level	String		critical	Valid Values: - alerts - all - critical - debugging - emergencies - errors - informational - notifications - warnings - disabled	Synchronous logging severity level
format	Dictionary
timestamp	String			Valid Values: - high-resolution - traditional - traditional timezone - traditional year - traditional timezone year - traditional year timezone	Timestamp format
hostname	String			Valid Values: - fqdn - ipv4	Hostname format
sequence_numbers	Boolean				Add sequence numbers to log messages
facility	String			Valid Values: - auth - cron - daemon - kern - local0 - local1 - local2 - local3 - local4 - local5 - local6 - local7 - lpr - mail - news - sys9 - sys10 - sys11 - sys12 - sys13 - sys14 - syslog - user - uucp
source_interface	String				Source Interface Name
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF name
source_interface	String				Source interface name
hosts	List, items: Dictionary
- name	String	Required, Unique			Syslog server name
protocol	String		udp	Valid Values: - tcp - udp
ports	List, items: Integer
- <int>	Integer
policy	Dictionary
match	Dictionary
match_lists	List, items: Dictionary
- name	String	Required, Unique			Match list
action	String			Valid Values: - discard
event	Dictionary
storm_control	Dictionary
discards	Dictionary
global	Boolean
interval	Integer			Min: 10 Max: 65535	Logging interval in seconds

logging:
  console: <str>
  monitor: <str>
  buffered:
    size: <int>
    level: <str>
  trap: <str>
  synchronous:
    level: <str>
  format:
    timestamp: <str>
    hostname: <str>
    sequence_numbers: <bool>
  facility: <str>
  source_interface: <str>
  vrfs:
    - name: <str>
      source_interface: <str>
      hosts:
        - name: <str>
          protocol: <str>
          ports:
            - <int>
  policy:
    match:
      match_lists:
        - name: <str>
          action: <str>
  event:
    storm_control:
      discards:
        global: <bool>
        interval: <int>

Management API gNMI

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
management_api_gnmi	Dictionary
provider	String		eos-native
transport	Dictionary
grpc	List, items: Dictionary
- name	String				Transport name
ssl_profile	String				SSL profile name
vrf	String				VRF name is optional
notification_timestamp	String			Valid Values: - send-time - last-change-time	Per the gNMI specification, the default timestamp field of a notification message is set to be the time at which the value of the underlying data source changes or when the reported event takes place. In order to facilitate integration in legacy environments oriented around polling style operations, an option to support overriding the timestamp field to the send-time is available from EOS 4.27.0F.
ip_access_group	String				ACL name
grpc_tunnels	List, items: Dictionary
- name	String	Required, Unique			Transport name
shutdown	Boolean				Operational status of the gRPC tunnel
tunnel_ssl_profile	String				Tunnel SSL profile name
gnmi_ssl_profile	String				gNMI SSL profile name
vrf	String				VRF name
destination	Dictionary
address	String	Required			IP address or hostname
port	Integer	Required		Min: 1 Max: 65535	TCP Port
local_interface	Dictionary
name	String	Required			Interface name
port	Integer	Required		Min: 1 Max: 65535	TCP Port
target	Dictionary
use_serial_number	Boolean				Use serial number as the Target ID
target_ids	List, items: String				Target IDs as a list.
- <str>	String
enable_vrfs deprecated	List, items: Dictionary				These should not be mixed with the new keys above. This key is deprecated. Support will be removed in AVD version 5.0.0. Use transport.grpc instead.
- name	String	Required, Unique			VRF name
access_group	String				Standard IPv4 ACL name
octa deprecated	Dictionary				These should not be mixed with the new keys above. Octa activates eos-native provider and it is the only provider currently supported by EOS.This key is deprecated. Support will be removed in AVD version 5.0.0. Use provider instead.

management_api_gnmi:
  provider: <str>
  transport:
    grpc:
      - name: <str>
        ssl_profile: <str>
        vrf: <str>
        notification_timestamp: <str>
        ip_access_group: <str>
    grpc_tunnels:
      - name: <str>
        shutdown: <bool>
        tunnel_ssl_profile: <str>
        gnmi_ssl_profile: <str>
        vrf: <str>
        destination:
          address: <str>
          port: <int>
        local_interface:
          name: <str>
          port: <int>
        target:
          use_serial_number: <bool>
          target_ids:
            - <str>
  enable_vrfs:
    - name: <str>
      access_group: <str>
  octa: <dict>

Monitor connectivity

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
monitor_connectivity	Dictionary
shutdown	Boolean
interval	Integer
interface_sets	List, items: Dictionary
- name	String
interfaces	String				Interface range(s) should be of same type, Ethernet, Loopback, Management etc. Multiple interface ranges can be specified separated by “,”
local_interfaces	String
hosts	List, items: Dictionary
- name	String				Host Name
description	String
ip	String
local_interfaces	String
url	String
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF Name
description	String
interface_sets	List, items: Dictionary
- name	String
interfaces	String
local_interfaces	String
hosts	List, items: Dictionary
- name	String				Host name
description	String
ip	String
local_interfaces	String
url	String

monitor_connectivity:
  shutdown: <bool>
  interval: <int>
  interface_sets:
    - name: <str>
      interfaces: <str>
  local_interfaces: <str>
  hosts:
    - name: <str>
      description: <str>
      ip: <str>
      local_interfaces: <str>
      url: <str>
  vrfs:
    - name: <str>
      description: <str>
      interface_sets:
        - name: <str>
          interfaces: <str>
      local_interfaces: <str>
      hosts:
        - name: <str>
          description: <str>
          ip: <str>
          local_interfaces: <str>
          url: <str>

Monitor sessions

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
monitor_sessions	List, items: Dictionary
- name	String	Required			Session Name
sources	List, items: Dictionary
- name	String				Interface name, range or comma separated list
direction	String			Valid Values: - rx - tx - both
access_group	Dictionary
type	String			Valid Values: - ip - ipv6 - mac
name	String				ACL Name
priority	Integer
destinations	List, items: String
- <str>	String				‘cpu’ or interface name, range or comma separated list
encapsulation_gre_metadata_tx	Boolean
header_remove_size	Integer				Number of bytes to remove from header
access_group	Dictionary
type	String			Valid Values: - ip - ipv6 - mac
name	String				ACL Name
rate_limit_per_ingress_chip	String				Ratelimit and unit as string. Examples: “100000 bps” “100 kbps” “10 mbps”
rate_limit_per_egress_chip	String				Ratelimit and unit as string. Examples: “100000 bps” “100 kbps” “10 mbps”
sample	Integer
truncate	Dictionary
enabled	Boolean
size	Integer				Size in bytes

monitor_sessions:
  - name: <str>
    sources:
      - name: <str>
        direction: <str>
        access_group:
          type: <str>
          name: <str>
          priority: <int>
    destinations:
      - <str>
    encapsulation_gre_metadata_tx: <bool>
    header_remove_size: <int>
    access_group:
      type: <str>
      name: <str>
    rate_limit_per_ingress_chip: <str>
    rate_limit_per_egress_chip: <str>
    sample: <int>
    truncate:
      enabled: <bool>
      size: <int>

SFLOW

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
sflow	Dictionary
sample	Integer
dangerous	Boolean
polling_interval	Integer				Polling interval in seconds
vrfs	List, items: Dictionary
- name	String	Required, Unique
destinations	List, items: Dictionary
- destination	String	Required, Unique			Sflow Destination IP Address
port	Integer				Port Number
source	String				Source IP Address. “source” and “source_interface” are mutually exclusive. If both are defined, “source_interface” takes precedence.
source_interface	String				Source Interface
destinations	List, items: Dictionary
- destination	String	Required, Unique			Sflow Destination IP Address
port	Integer				Port Number
source	String				Source IP Address. “source” and “source_interface” are mutually exclusive. If both are defined, “source_interface” takes precedence.
source_interface	String				Source Interface
extensions	List, items: Dictionary
- name	String	Required, Unique			Extension Name
enabled	Boolean	Required			Enable or Disable Extension
interface	Dictionary
disable	Dictionary
default	Boolean
egress	Dictionary
enable_default	Boolean				Enable egress sFlow by default.
unmodified	Boolean				Enable egress sFlow unmodified. Platform dependent feature.
run	Boolean
hardware_acceleration	Dictionary
enabled	Boolean
sample	Integer
modules	List, items: Dictionary
- name	String	Required, Unique
enabled	Boolean		True

sflow:
  sample: <int>
  dangerous: <bool>
  polling_interval: <int>
  vrfs:
    - name: <str>
      destinations:
        - destination: <str>
          port: <int>
      source: <str>
      source_interface: <str>
  destinations:
    - destination: <str>
      port: <int>
  source: <str>
  source_interface: <str>
  extensions:
    - name: <str>
      enabled: <bool>
  interface:
    disable:
      default: <bool>
    egress:
      enable_default: <bool>
      unmodified: <bool>
  run: <bool>
  hardware_acceleration:
    enabled: <bool>
    sample: <int>
    modules:
      - name: <str>
        enabled: <bool>

SNMP server

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
snmp_server	Dictionary				SNMP settings
engine_ids	Dictionary
local	String				Engine ID in hexadecimal
remotes	List, items: Dictionary
- id	String				Remote engine ID in hexadecimal
address	String				Hostname or IP of remote engine
udp_port	Integer
contact	String				SNMP contact
location	String				SNMP location
communities	List, items: Dictionary
- name	String	Required, Unique			Community name
access	String			Valid Values: - ro - rw
access_list_ipv4	Dictionary
name	String				IPv4 access list name
access_list_ipv6	Dictionary
name	String				IPv6 access list name
view	String
ipv4_acls	List, items: Dictionary
- name	String				IPv4 access list name
vrf	String
ipv6_acls	List, items: Dictionary
- name	String				IPv6 access list name
vrf	String
local_interfaces	List, items: Dictionary
- name	String	Required, Unique			Interface name
vrf	String
views	List, items: Dictionary
- name	String				SNMP view name
mib_family_name	String
included	Boolean
MIB_family_name deprecated	String				This key is deprecated. Support will be removed in AVD version 5.0.0. Use mib_family_name instead.
groups	List, items: Dictionary
- name	String				Group name
version	String			Valid Values: - v1 - v2c - v3
authentication	String			Valid Values: - auth - noauth - priv
read	String				Read view
write	String				Write view
notify	String				Notify view
users	List, items: Dictionary
- name	String				Username
group	String				Group name
remote_address	String				Hostname or ip of remote engine The remote_address and udp_port are used for remote users
udp_port	Integer				udp_port will not be used if no remote_address is configured
version	String			Valid Values: - v1 - v2c - v3
localized	String				Engine ID in hexadecimal for localizing auth and/or priv
auth	String				Hash algorithm
auth_passphrase	String				Hashed authentication passphrase if localized is used else cleartext authentication passphrase
priv	String				Encryption algorithm
priv_passphrase	String				Hashed privacy passphrase if localized is used else cleartext privacy passphrase
hosts	List, items: Dictionary
- host	String				Host IP address or name
vrf	String
version	String			Valid Values: - 1 - 2c - 3
community	String				Community name
users	List, items: Dictionary
- username	String
authentication_level	String			Valid Values: - auth - noauth - priv
traps	Dictionary
enable	Boolean		False		Enable or disable all snmp-traps
snmp_traps	List, items: Dictionary
- name	String				Enable or disable specific snmp-traps and their sub_traps Examples: - “bgp” - “bgp established”
enabled	Boolean		True
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF name
enable	Boolean

snmp_server:
  engine_ids:
    local: <str>
    remotes:
      - id: <str>
        address: <str>
        udp_port: <int>
  contact: <str>
  location: <str>
  communities:
    - name: <str>
      access: <str>
      access_list_ipv4:
        name: <str>
      access_list_ipv6:
        name: <str>
      view: <str>
  ipv4_acls:
    - name: <str>
      vrf: <str>
  ipv6_acls:
    - name: <str>
      vrf: <str>
  local_interfaces:
    - name: <str>
      vrf: <str>
  views:
    - name: <str>
      mib_family_name: <str>
      included: <bool>
      MIB_family_name: <str>
  groups:
    - name: <str>
      version: <str>
      authentication: <str>
      read: <str>
      write: <str>
      notify: <str>
  users:
    - name: <str>
      group: <str>
      remote_address: <str>
      udp_port: <int>
      version: <str>
      localized: <str>
      auth: <str>
      auth_passphrase: <str>
      priv: <str>
      priv_passphrase: <str>
  hosts:
    - host: <str>
      vrf: <str>
      version: <str>
      community: <str>
      users:
        - username: <str>
          authentication_level: <str>
  traps:
    enable: <bool>
    snmp_traps:
      - name: <str>
        enabled: <bool>
  vrfs:
    - name: <str>
      enable: <bool>

Tap aggregation

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
tap_aggregation	Dictionary
mode	Dictionary
exclusive	Dictionary
enabled	Boolean
profile	String				Profile Name
no_errdisable	List, items: String
- <str>	String				Interface name e.g Ethernet1, Port-Channel1
encapsulation_dot1br_strip	Boolean
encapsulation_vn_tag_strip	Boolean
protocol_lldp_trap	Boolean
truncation_size	Integer				Allowed truncation_size values vary depending on the platform
mac	Dictionary
timestamp	Dictionary				mac.timestamp.replace_source_mac and mac.timestamp.header.format are mutually exclsuive. If both are defined, replace_source_mac takes precedence
replace_source_mac	Boolean
header	Dictionary
format	String			Valid Values: - 48-bit - 64-bit
eth_type	Integer				EtherType
fcs_append	Boolean				mac.fcs_append and mac.fcs_error are mutually exclusive. If both are defined, mac.fcs_append takes precedence
fcs_error	String			Valid Values: - correct - discard - pass-through

tap_aggregation:
  mode:
    exclusive:
      enabled: <bool>
      profile: <str>
      no_errdisable:
        - <str>
  encapsulation_dot1br_strip: <bool>
  encapsulation_vn_tag_strip: <bool>
  protocol_lldp_trap: <bool>
  truncation_size: <int>
  mac:
    timestamp:
      replace_source_mac: <bool>
      header:
        format: <str>
        eth_type: <int>
    fcs_append: <bool>
    fcs_error: <str>

VM tracer-sessions

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
vmtracer_sessions	List, items: Dictionary
- name	String	Required, Unique			Vmtracer Session Name
url	String
username	String
password	String				Type 7 Password Hash
autovlan_disable	Boolean
source_interface	String

vmtracer_sessions:
  - name: <str>
    url: <str>
    username: <str>
    password: <str>
    autovlan_disable: <bool>
    source_interface: <str>

Multicast

IP IGMP snooping

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
ip_igmp_snooping	Dictionary
globally_enabled	Boolean		True		Activate or deactivate IGMP snooping for all vlans where vlans allows user to activate / deactivate IGMP snooping per vlan.
robustness_variable	Integer
restart_query_interval	Integer
interface_restart_query	Integer
fast_leave	Boolean
querier	Dictionary
enabled	Boolean
address	String				IP Address
query_interval	Integer
max_response_time	Integer
last_member_query_interval	Integer
last_member_query_count	Integer
startup_query_interval	Integer
startup_query_count	Integer
version	Integer
proxy	Boolean
vlans	List, items: Dictionary
- id	Integer	Required, Unique			VLAN ID
enabled	Boolean
querier	Dictionary
enabled	Boolean
address	String				IP Address
query_interval	Integer
max_response_time	Integer
last_member_query_interval	Integer
last_member_query_count	Integer
startup_query_interval	Integer
startup_query_count	Integer
version	Integer
max_groups	Integer
fast_leave	Boolean
proxy	Boolean				Global proxy settings should be enabled before enabling per-vlan

ip_igmp_snooping:
  globally_enabled: <bool>
  robustness_variable: <int>
  restart_query_interval: <int>
  interface_restart_query: <int>
  fast_leave: <bool>
  querier:
    enabled: <bool>
    address: <str>
    query_interval: <int>
    max_response_time: <int>
    last_member_query_interval: <int>
    last_member_query_count: <int>
    startup_query_interval: <int>
    startup_query_count: <int>
    version: <int>
  proxy: <bool>
  vlans:
    - id: <int>
      enabled: <bool>
      querier:
        enabled: <bool>
        address: <str>
        query_interval: <int>
        max_response_time: <int>
        last_member_query_interval: <int>
        last_member_query_count: <int>
        startup_query_interval: <int>
        startup_query_count: <int>
        version: <int>
      max_groups: <int>
      fast_leave: <bool>
      proxy: <bool>

Router IGMP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_igmp	Dictionary
ssm_aware	Boolean

router_igmp:
  ssm_aware: <bool>

Router MSDP

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_msdp	Dictionary
originator_id_local_interface	String				Interface to use for originator ID
rejected_limit	Integer			Min: 0 Max: 40000	Maximum number of rejected SA messages allowed in cache
forward_register_packets	Boolean
connection_retry_interval	Integer			Min: 1 Max: 65535
group_limits	List, items: Dictionary
- source_prefix	String	Required, Unique			Source address prefix
limit	Integer	Required		Min: 0 Max: 40000	Limit for SAs matching the source address prefix
peers	List, items: Dictionary
- ipv4_address	String	Required, Unique			Peer IP Address
default_peer	Dictionary
enabled	Boolean
prefix_list	String				Prefix list to filter source of SA messages
local_interface	String
description	String
disabled	Boolean				Disable the MSDP peer
sa_limit	Integer			Min: 0 Max: 40000	Maximum number of SA messages allowed in cache
mesh_groups	List, items: Dictionary
- name	String	Required, Unique			Mesh group name
keepalive	Dictionary
keepalive_timer	Integer	Required		Min: 1 Max: 65535
hold_timer	Integer	Required		Min: 1 Max: 65535	Must be greater than keepalive timer
sa_filter	Dictionary
in_list	String				ACL to filter inbound SA messages
out_list	String				ACL to filter outbound SA messages
vrfs	List, items: Dictionary
- name	String	Required, Unique			VRF name
originator_id_local_interface	String				Interface to use for originator ID
rejected_limit	Integer			Min: 0 Max: 40000	Maximum number of rejected SA messages allowed in cache
forward_register_packets	Boolean
connection_retry_interval	Integer			Min: 1 Max: 65535
group_limits	List, items: Dictionary
- source_prefix	String	Required, Unique			Source address prefix
limit	Integer	Required		Min: 0 Max: 40000	Limit for SAs matching the source address prefix
peers	List, items: Dictionary
- ipv4_address	String	Required, Unique			Peer IP Address
default_peer	Dictionary
enabled	Boolean
prefix_list	String				Prefix list to filter source of SA messages
local_interface	String
description	String
disabled	Boolean				Disable the MSDP peer
sa_limit	Integer			Min: 0 Max: 40000	Maximum number of SA messages allowed in cache
mesh_groups	List, items: Dictionary
- name	String	Required, Unique			Mesh group name
keepalive	Dictionary
keepalive_timer	Integer	Required		Min: 1 Max: 65535
hold_timer	Integer	Required		Min: 1 Max: 65535	Must be greater than keepalive timer
sa_filter	Dictionary
in_list	String				ACL to filter inbound SA messages
out_list	String				ACL to filter outbound SA messages

router_msdp:
  originator_id_local_interface: <str>
  rejected_limit: <int>
  forward_register_packets: <bool>
  connection_retry_interval: <int>
  group_limits:
    - source_prefix: <str>
      limit: <int>
  peers:
    - ipv4_address: <str>
      default_peer:
        enabled: <bool>
        prefix_list: <str>
      local_interface: <str>
      description: <str>
      disabled: <bool>
      sa_limit: <int>
      mesh_groups:
        - name: <str>
      keepalive:
        keepalive_timer: <int>
        hold_timer: <int>
      sa_filter:
        in_list: <str>
        out_list: <str>
  vrfs:
    - name: <str>
      originator_id_local_interface: <str>
      rejected_limit: <int>
      forward_register_packets: <bool>
      connection_retry_interval: <int>
      group_limits:
        - source_prefix: <str>
          limit: <int>
      peers:
        - ipv4_address: <str>
          default_peer:
            enabled: <bool>
            prefix_list: <str>
          local_interface: <str>
          description: <str>
          disabled: <bool>
          sa_limit: <int>
          mesh_groups:
            - name: <str>
          keepalive:
            keepalive_timer: <int>
            hold_timer: <int>
          sa_filter:
            in_list: <str>
            out_list: <str>

Router multicast

TableYAML

Variable	Type	Required	Default	Value Restrictions	Description
router_multicast	Dictionary
ipv4	Dictionary
counters	Dictionary
rate_period_decay	Integer			Min: 0 Max: 600	Rate in seconds
routing	Boolean
multipath	String			Valid Values: - none - deterministic - deterministic color - deterministic router-id
software_forwarding	String			Valid Values: - kernel - sfe
rpf	Dictionary
routes	List, items: Dictionary
- source_prefix	String	Required			Source address A.B.C.D or Source prefix A.B.C.D/E
destinations	List, items: Dictionary	Required
- nexthop	String	Required			Next-hop IP address or interface name
distance	Integer			Min: 1 Max: 255	Administrative distance for this route
vrfs	List, items: Dictionary
- name	String	Required, Unique
ipv4	Dictionary
routing	Boolean

router_multicast:
  ipv4:
    counters:
      rate_period_decay: <int>
    routing: <bool>
    multipath: <str>
    software_forwarding: <str>
    rpf:
      routes:
        - source_prefix: <str>
          destinations:
            - nexthop: <str>
              distance: <int>
  vrfs:
    - name: <str>
      ipv4: