Management Settings¶
Common Settings¶
- Common Settings should be applied to all devices within the fabric and can be shared with other infrastructure elements.
Variables and Options¶
# Clock timezone | Optional
timezone: < timezone >
# Dictionary of local users | Required
local_users:
< username_1 >:
privilege: < (1-15) Initial privilege level with local EXEC authorization >
role: < Specify a role for the user >
no_password: < true | do not configure a password for given username. sha512_password MUST not be defined for this user. >
sha512_password: "< SHA512 ENCRYPTED password >"
ssh_key: "< ssh_key_string >"
# If "disabled" is true, the user will be removed and all other settings are ignored.
# Useful for removing the default "admin" user.
disabled: < true | false >
< username_2 >:
privilege: < (1-15) Initial privilege level with local EXEC authorization >
role: < Specify a role for the user >
sha512_password: "< SHA512 ENCRYPTED password >"
# Management eAPI | Optional
# Default is https management eAPI enabled
# The vrf is set to < mgmt_interface_vrf >
management_eapi:
enable_http: < boolean | default -> false >
enable_https: < boolean | default -> true >
default_services: < boolean >
# CloudVision - Telemetry Agent (TerminAttr) configuration | Optional
# You can either provide a list of IPs to target on-premise CloudVision cluster or
# use DNS name for your CloudVision as a Service instance. If you have both on-prem and
# CVaaS defined, only on-prem is going to be configured.
cvp_instance_ip: < IPv4 address >
# or
cvp_instance_ips:
- < IPv4 address >
- < IPv4 address >
- < IPv4 address >
- < CV as a Service hostname >
# cvp_ingestauth_key is required for on-prem CVP
cvp_ingestauth_key: < CloudVision Ingest Authentication key >
# cvp_token_file is only applicable to CV as a Service
cvp_token_file: < 'path_to_token_file_on_switch' | default -> '/tmp/cv-onboarding-token' >
terminattr_ingestgrpcurl_port: < port_number | default -> 9910 >
terminattr_smashexcludes: "< smash excludes | default -> ale,flexCounter,hardware,kni,pulse,strata >"
terminattr_ingestexclude: "< ingest excludes | default -> /Sysdb/cell/1/agent,/Sysdb/cell/2/agent >"
terminattr_disable_aaa: "< boolean | default -> false >"
# Management interface configuration | Optional
mgmt_vrf_routing: < boolean | default -> false >
mgmt_interface: < mgmt_interface | default -> Management1 >
mgmt_interface_vrf: < vrf_name | default -> MGMT >
mgmt_gateway: < IPv4 address >
# OOB mgmt interface destination networks - override default route
mgmt_destination_networks:
- < IPv4_network/Mask >
- < IPv4_network/Mask >
# list of DNS servers | Optional
name_servers:
- < IPv4_address_1 >
- < IPv4_address_2 >
# System Mac Address | Optional
# Set to the same MAC address as available in "show version" on the device.
# "system_mac_address" can also be set under "Fabric Topology".
# If both are set, the setting under "Fabric Topology" takes precedence.
system_mac_address: < "xx:xx:xx:xx:xx:xx" >
# Set SNMP settings | Optional
snmp_settings:
contact: < contact_info >
location: < boolean | default -> false > # Formatted as: {{ fabric_name }} {{ dc_name }} {{ pod_name }} {{ switch_rack }} {{ inventory_hostname }}
# Generate a local engineId for SNMP using the compute_local_engineid_source method
compute_local_engineid: < boolean | default -> false >
# `compute_local_engineid_source` supports:
# * 'hostname_and_ip': Generate a local engineId for SNMP by hashing via SHA1
# the string generated via the concatenation of the hostname plus the management IP.
# {{ inventory_hostname }} + {{ switch.mgmt_ip }}
# * `system_mac`: Generate the switch default engine id for AVD usage
# To use this, `system_mac_address` MUST be set for the device
# The formula is f5717f + system_mac_address + 00
# default is `hostname_and_ip`
compute_local_engineid_source: < hostname_and_ip | system_mac | default -> hostanme_and_ip >
# Requires compute_local_engineid to be `true` if enabled, the SNMPv3
# passphrases for auth and priv are transfromed using RFC 2574,
# matching the value they would take in EOS cli the algorithm requires
# a local engineId which is unknown to AVD hence the necessity to generate
# one beforehand.
compute_v3_user_localized_key: < boolean | default -> false >
users:
- name: < username >
group: < group >
version: < v1 | v2c | v3 >
auth: < md5 | sha | sha256 | sha384 | sha512 > # optional
auth_passphrase: < clear_passphrase > # requires auth, recommended to use vault
priv: < des | aes | aes192 | aes256 > # optional
priv_passphrase: < clear_pasphrase > # requires priv, recommended to use vault
Event Handlers¶
Gives ability to monitor and react to Syslog messages provides a powerful and flexible tool that can be used to apply self-healing actions, customize the system behavior, and implement workarounds to problems discovered in the field.
Variables and Options¶
event_handlers:
< event_handler_name >:
action_type: < bash, increment >
action: < Command to run when handler is triggered >
delay: < int / delay in sec between 2 triggers >
trigger: < on-logging >
regex: < string to trigger handler >
asynchronous: < true, false >
Example for EVPN blacklist recovery¶
event_handlers:
evpn-blacklist-recovery:
action_type: bash
action: FastCli -p 15 -c "clear bgp evpn host-flap"
delay: 300
trigger: on-logging
regex: EVPN-3-BLACKLISTED_DUPLICATE_MAC
asynchronous: true
Last update:
December 12, 2022