Junos vmhost configuration module
Version: 2019-01-01
module junos-nfx-conf-vmhost { yang-version 1; namespace "http://yang.juniper.net/junos-nfx/conf/vmhost"; prefix jc-vmhost; import junos-common-ddl-extensions { prefix junos; revision-date "2019-01-01"; } import junos-common-types { prefix jt; revision-date "2019-01-01"; } import junos-nfx-conf-root { prefix jc; revision-date "2019-01-01"; } organization "Juniper Networks, Inc."; contact "yang-support@juniper.net"; description "Junos vmhost configuration module"; revision "2019-01-01" { description "Junos: 21.3R1.9"; } augment /jc:configuration { uses vmhost-group; } augment /jc:configuration/jc:groups { uses vmhost-group; } grouping vmhost-group { container vmhost { description "Vmhost configuration"; uses apply-advanced; leaf no-auto-recovery { type empty; description "Disable Guest auto recovery by the host"; } container management-if { presence "enable management-if"; description "Configuration for the host's side management interface"; uses apply-advanced; leaf link-mode { type enumeration { enum "automatic" { junos:must "("vmhost management-if speed automatic")"; junos:must-message "speed should be configured as auto"; value 0; description "Automatically negotiate duplex"; } enum "half-duplex" { junos:must "(("vmhost management-if speed 10m" || "vmhost management-if speed 100m"))"; junos:must-message "speed should be 10Mbps or 100Mbps"; value 1; description "Half-duplex operation"; } enum "full-duplex" { junos:must "(("vmhost management-if speed 10m" || ("vmhost management-if speed 100m" || "vmhost management-if speed 1g")))"; junos:must-message "speed should be 10Mbps, 100Mbps or 1Gbps"; value 2; description "Full-duplex operation"; } } default "automatic"; description "Link operational mode"; } leaf speed { type enumeration { enum "automatic" { junos:must "("vmhost management-if link-mode automatic")"; junos:must-message "link-mode should be configured as auto"; value 0; description "Automatically negotiate speed"; } enum "10m" { junos:must "(("vmhost management-if link-mode half-duplex" || "vmhost management-if link-mode full-duplex"))"; junos:must-message "link-mode should be half or full-duplex"; value 1; description "10Mbps operation"; } enum "100m" { junos:must "(("vmhost management-if link-mode half-duplex" || "vmhost management-if link-mode full-duplex"))"; junos:must-message "link-mode should be half or full-duplex"; value 2; description "100Mbps operation"; } enum "1g" { junos:must "("vmhost management-if link-mode full-duplex")"; junos:must-message "link-mode should be configured as full"; value 3; description "1Gbps operation"; } } default "automatic"; description "Link speed"; } leaf disable { type empty; description "Administratively disable the management port"; } } // container management-if container resize { junos:must "("system commit synchronize")"; junos:must-message "[system commit synchronize] has to be configured"; description "Resize the resource allocation of guest VM"; uses apply-advanced; container vjunos { description "Vjunos/adminjunos VM"; uses apply-advanced; leaf compact { type empty; description "Reduce the resource allocation of vjunos VM"; } } // container vjunos } // container resize list interfaces { key "name"; ordered-by user; description "Interface configuration"; leaf name { type enumeration { enum "management-if0" { value 0; description "Configuration for the host's side management interface0"; } enum "management-if1" { value 1; description "Configuration for the host's side management interface1"; } } } uses apply-advanced; container family { description "Protocol family"; container inet { presence "enable inet"; description "IPv4 parameters"; uses apply-advanced; list address { key "name"; ordered-by user; description "Interface address/destination prefix"; leaf name { type jt:ipv4prefix; description "Interface address/destination prefix"; } uses apply-advanced; leaf master-only { type empty; description "Master management IP address for host"; } } // list address leaf gateway { type jt:ipv4addr; description "Gateway IP address"; } } // container inet container inet6 { presence "enable inet6"; description "IPv6 parameters"; uses apply-advanced; list address { key "name"; ordered-by user; description "Interface address/destination prefix"; leaf name { type jt:ipv6prefix; description "Interface address/destination prefix"; } uses apply-advanced; leaf master-only { type empty; description "Master management IP address for host"; } } // list address leaf gateway { type jt:ipv6addr; description "Gateway IP address"; } } // container inet6 } // container family list interface { key "name"; uses interfaces_type_ri; } // list interface } // list interfaces container syslog { presence "enable syslog"; description "VMhost logging facility"; uses apply-advanced; list file { key "name"; description "File in which to log data"; leaf name { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to log data"; } uses apply-advanced; list vmhost-syslog-object { key "facility level"; leaf facility { type enumeration { enum "any" { value 0; description "All facilities"; } enum "authorization" { value 1; description "Authorization system"; } enum "privileged" { value 2; description "Privileged authorization events"; } enum "cron" { value 3; description "Cron daemon"; } enum "daemon" { value 4; description "Various system processes"; } enum "kernel" { value 5; description "Kernel"; } enum "lpr" { value 6; description "Line printer spooling system"; } enum "mail" { value 7; description "Mail system"; } enum "mark" { value 8; } enum "news" { value 9; description "Network news system"; } enum "syslog" { value 10; } enum "user" { value 11; description "User processes"; } enum "uucp" { value 12; description "UUCP system"; } enum "local0" { value 13; description "Local logging option number 0"; } enum "local1" { value 14; description "Local logging option number 1"; } enum "local2" { value 15; description "Local logging option number 2"; } enum "local3" { value 16; description "Local logging option number 3"; } enum "local4" { value 17; description "Local logging option number 4"; } enum "local5" { value 18; description "Local logging option number 5"; } enum "local6" { value 19; description "Local logging option number 6"; } enum "local7" { value 20; description "Local logging option number 7"; } } description "Facility type"; } leaf level { type enumeration { enum "any" { value 0; description "All levels"; } enum "emergency" { value 1; description "Panic conditions"; } enum "alert" { value 2; description "Conditions that should be corrected immediately"; } enum "critical" { value 3; description "Critical conditions"; } enum "error" { value 4; description "Error conditions"; } enum "warning" { value 5; description "Warning messages"; } enum "notice" { value 6; description "Conditions that should be handled specially"; } enum "info" { value 7; description "Informational messages"; } enum "none" { value 8; description "No messages"; } } description "Level name"; } } // list vmhost-syslog-object } // list file list host { key "name"; ordered-by user; description "Host to be notified"; leaf name { type string { junos:posix-pattern "^[[:alnum:]._:-]+$"; junos:pattern-message "Must be a string of alphanumericals, dashes or underscores, or a valid IP address"; } description "Host to be notified"; } uses apply-advanced; list vmhost-syslog-object { key "facility level"; leaf facility { type enumeration { enum "any" { value 0; description "All facilities"; } enum "authorization" { value 1; description "Authorization system"; } enum "privileged" { value 2; description "Privileged authorization events"; } enum "cron" { value 3; description "Cron daemon"; } enum "daemon" { value 4; description "Various system processes"; } enum "kernel" { value 5; description "Kernel"; } enum "lpr" { value 6; description "Line printer spooling system"; } enum "mail" { value 7; description "Mail system"; } enum "mark" { value 8; } enum "news" { value 9; description "Network news system"; } enum "syslog" { value 10; } enum "user" { value 11; description "User processes"; } enum "uucp" { value 12; description "UUCP system"; } enum "local0" { value 13; description "Local logging option number 0"; } enum "local1" { value 14; description "Local logging option number 1"; } enum "local2" { value 15; description "Local logging option number 2"; } enum "local3" { value 16; description "Local logging option number 3"; } enum "local4" { value 17; description "Local logging option number 4"; } enum "local5" { value 18; description "Local logging option number 5"; } enum "local6" { value 19; description "Local logging option number 6"; } enum "local7" { value 20; description "Local logging option number 7"; } } description "Facility type"; } leaf level { type enumeration { enum "any" { value 0; description "All levels"; } enum "emergency" { value 1; description "Panic conditions"; } enum "alert" { value 2; description "Conditions that should be corrected immediately"; } enum "critical" { value 3; description "Critical conditions"; } enum "error" { value 4; description "Error conditions"; } enum "warning" { value 5; description "Warning messages"; } enum "notice" { value 6; description "Conditions that should be handled specially"; } enum "info" { value 7; description "Informational messages"; } enum "none" { value 8; description "No messages"; } } description "Level name"; } } // list vmhost-syslog-object leaf transport { type enumeration { enum "tcp" { value 0; description "TCP as transport of syslog"; } enum "udp" { value 1; description "UDP as transport of syslog"; } } default "udp"; description "Transport type"; } } // list host } // container syslog container services { presence "enable services"; description "System services"; uses apply-advanced; container ssh { presence "enable ssh"; description "Allow ssh access"; uses apply-advanced; leaf root-login { type enumeration { enum "allow" { value 0; description "Allow root access via ssh"; } enum "deny" { value 1; description "Do not allow root access via ssh"; } } description "Configure vmhost root access via ssh"; } } // container ssh } // container services leaf internal-ip-network { type jt:ipv4prefix; description "Internal Liveliness Bridge Interface address/destination prefix"; } container virtualization-options { description "Virtualization options configuration"; uses apply-advanced; list interfaces { key "name"; ordered-by user; description "Virtual interfaces configuration"; leaf name { type string { junos:posix-pattern "^(ge-([0|7])/0/([0-9]|(1[0-3]?)))$|^((ge-([1|8])/0/([1-9]|1[0-5])))$"; junos:pattern-message "virtual interface name not allowed"; } description "Virtual Interface name"; } uses apply-advanced; container mapping { description "Peer configuration"; uses apply-advanced; choice mapping-choice { leaf interface { type string { junos:posix-pattern "^(heth-[0-1]-([0-9]))$|^hsxe[0-3]$"; junos:pattern-message "invalid virtual heth/hsxe interface name"; } description "Set heth peer interface"; } leaf vlan { junos:must "("vmhost vlans $$ vlan-id none")"; junos:must-message "Custom vlan must be configured under vmhost vlans stanza"; type string; description "Name of custom vlan"; } } // choice mapping-choice } // container mapping } // list interfaces } // container virtualization-options container vlans { description "VLAN configuration"; uses apply-advanced; list vlan { key "name"; description "Virtual LAN"; uses vlan-types; } // list vlan } // container vlans container mode { description "Configure custom mode"; uses apply-advanced; list custom { key "name"; description "Configure custom mode"; leaf name { type string { junos:posix-pattern "^[[:alnum:]_-]+$"; junos:pattern-message "Mode name must be a string of alphanumericals, dashes or underscores"; length "1 .. 32"; } description "Mode name"; } uses apply-advanced; container layer-3-infrastructure { description "Configure layer-3 infrastructure resources"; uses apply-advanced; container cpu { description "Configure layer-3 infrastructure CPU count"; uses apply-advanced; leaf count { type string; description "CPU count"; } } // container cpu container memory { description "Configure layer-3 infrastructure memory size in GB"; uses apply-advanced; leaf size { type string; description "Memory size in GB"; } } // container memory } // container layer-3-infrastructure container nfv-back-plane { description "Configure nfv-back-plane resources"; uses apply-advanced; container cpu { description "Configure nfv-back-plane CPU count"; uses apply-advanced; leaf count { type string; description "CPU count"; } } // container cpu container memory { description "Configure nfv-back-plane memory size in GB"; uses apply-advanced; leaf size { type string; description "Memory size in GB"; } } // container memory } // container nfv-back-plane } // list custom } // container mode container forwarding-options { description "Configure options to control packet forwarding"; uses apply-advanced; list analyzer { key "name"; description "Analyzer options"; leaf name { type string; description "Analyzer name"; } uses apply-advanced; container input { junos:must "(".. output")"; junos:must-message "output port must be specified"; description "Port to monitor"; uses apply-advanced; container ingress { description "Ports to monitor incoming traffic"; uses analyzer-input-port-type; } // container ingress container egress { description "Ports to monitor outgoing traffic"; uses analyzer-input-port-type; } // container egress } // container input container output { junos:must "(".. input")"; junos:must-message "input port must be specified"; description "Outgoing port for mirrored packets"; uses analyzer-output-port-type; } // container output } // list analyzer } // container forwarding-options container cross-connect { description "Cross connect configuration"; uses apply-advanced; list pcc { key "name"; uses cross-connect-type; } // list pcc } // container cross-connect container snmp { description "Simple Network Management Protocol configuration"; uses apply-advanced; container v2c { description "SNMPv2c configuration information"; uses vmhost-snmp-community; } // container v2c container v3 { presence "enable v3"; description "SNMPv3 configuration information"; uses apply-advanced; list user { key "name"; ordered-by user; description "SNMPv3 user information"; leaf name { type string { length "1 .. 32"; } description "User name"; } uses apply-advanced; choice authentication { container authentication-sha { description "Configure SHA authentication"; uses vmhost-authentication-object; } // container authentication-sha } // choice authentication choice privacy { container privacy-aes128 { description "Configure AES128 privacy"; uses vmhost-privacy-object; } // container privacy-aes128 } // choice privacy } // list user } // container v3 } // container snmp } // container vmhost } // grouping vmhost-group grouping analyzer-input-port-type { uses apply-advanced; list virtual-network-function { key "name"; ordered-by user; description "Virtual network function"; leaf name { junos:must "("virtual-network-functions $$")"; junos:must-message "Specified VNF doesn't exist"; junos:must "(".. interface")"; junos:must-message "vnf interface name must be specified"; type string; description "Virtual network function name"; } uses apply-advanced; list interface { key "name"; ordered-by user; description "Virtual network function interface"; leaf name { type string { junos:posix-pattern "^eth[0-9]$"; junos:pattern-message "Only eth0 to eth9 interface is supported"; } description "Virtual network function interface name"; } uses apply-advanced; } // list interface } // list virtual-network-function } // grouping analyzer-input-port-type grouping analyzer-output-port-type { uses apply-advanced; leaf virtual-network-function { junos:must "("virtual-network-functions $$")"; junos:must-message "Specified VNF doesn't exist"; junos:must "(".. interface")"; junos:must-message "vnf interface name must be specified"; type string; description "Virtual network function name"; } leaf interface { junos:must "(".. virtual-network-function")"; junos:must-message "virtual-network-function must be specified"; type string { junos:posix-pattern "^eth[0-9]$"; junos:pattern-message "Only eth0 to eth9 interface is supported"; } description "Virtual network function interface name"; } } // grouping analyzer-output-port-type grouping apply-advanced { description "Apply advanced configuration logic"; leaf-list apply-groups { type string; ordered-by user; description "Groups from which to inherit configuration data"; } leaf-list apply-groups-except { type string; ordered-by user; description "Don't inherit configuration data from these groups"; } list apply-macro { key "name"; ordered-by user; description "Macro and parameters for commit script expansion"; uses apply-macro-type; } // list apply-macro } // grouping apply-advanced grouping apply-macro-type { description "Macro data for commit-script expansion"; leaf name { type string; description "Name of the macro to be expanded"; } list data { key "name"; uses macro-data-type; } // list data } // grouping apply-macro-type grouping cross-connect-type { description "Bidirectional switch between interfaces"; leaf name { type string; description "Name of interface switch"; } uses apply-advanced; container from { description "Cross-connect from vnf or physical interface"; uses apply-advanced; list virtual-interface { key "name"; ordered-by user; description "Set virtual interface as switch port"; leaf name { type string { junos:posix-pattern "^hsxe[0-3]$|^((ge-1/0/([0-9]|1[0-5])))$"; junos:pattern-message "Only valid hsxe and ge-1/0/* interfaces are allowed"; } description "Virtual interface name"; } uses apply-advanced; leaf vlan-id { type string; description "IEEE 802.1q VLAN identifier for VLAN"; } } // list virtual-interface list virtual-network-function { key "name"; ordered-by user; description "Set virtual interface as switch port"; leaf name { junos:must "(".. interface")"; junos:must-message "interface name must be specified for this vnf"; type string; description "Virtual network function name"; } uses apply-advanced; leaf interface { type string; description "Virtual network function interfaces"; } leaf vlan-id { type string; description "IEEE 802.1q VLAN identifier for VLAN"; } } // list virtual-network-function } // container from container to { description "Cross-connect to vnf or physical interface"; uses apply-advanced; list virtual-interface { key "name"; ordered-by user; description "Set virtual interface as switch port"; leaf name { type string { junos:posix-pattern "^hsxe[0-3]$|^((ge-1/0/([0-9]|1[0-5])))$"; junos:pattern-message "Only valid hsxe and ge-1/0/* interfaces are allowed"; } description "Virtual interface name"; } uses apply-advanced; leaf vlan-id { type string; description "IEEE 802.1q VLAN identifier for VLAN"; } } // list virtual-interface list virtual-network-function { key "name"; ordered-by user; description "Set virtual interface as switch port"; leaf name { junos:must "(".. interface")"; junos:must-message "interface name must be specified for this vnf"; type string; description "Virtual network function name"; } uses apply-advanced; leaf interface { type string; description "Virtual network function interfaces"; } leaf vlan-id { type string; description "IEEE 802.1q VLAN identifier for VLAN"; } } // list virtual-network-function } // container to list virtual-interface { key "name"; ordered-by user; description "Set virtual interface as switch port"; leaf name { type string { junos:posix-pattern "^hsxe[0-3]$|^((ge-1/0/([0-9]|1[0-5])))$"; junos:pattern-message "Only valid hsxe and ge-1/0/* interfaces are allowed"; } description "Virtual interface name"; } uses apply-advanced; leaf vlan-id { type string; description "IEEE 802.1q VLAN identifier for VLAN"; } } // list virtual-interface list virtual-network-function { key "name"; ordered-by user; description "Set virtual interface as switch port"; leaf name { junos:must "(".. interface")"; junos:must-message "interface name must be specified for this vnf"; type string; description "Virtual network function name"; } uses apply-advanced; leaf interface { type string; description "Virtual network function interfaces"; } leaf vlan-id { type string; description "IEEE 802.1q VLAN identifier for VLAN"; } } // list virtual-network-function } // grouping cross-connect-type grouping interfaces_type_ri { description "Physical interface"; leaf name { type string; } uses apply-advanced; container ether-options { description "Ethernet interface-specific options"; uses apply-advanced; choice auto-negotiation-choice { leaf auto-negotiation { type empty; description "Enable auto-negotiation"; } leaf no-auto-negotiation { type empty; description "Don't enable auto-negotiation"; } } // choice auto-negotiation-choice choice flow-control-choice { leaf flow-control { type empty; description "Enable flow control"; } leaf no-flow-control { type empty; description "Don't enable flow control"; } } // choice flow-control-choice leaf link-mode { type enumeration { enum "automatic" { junos:must "(".. auto-negotiation")"; junos:must-message "auto-negotiation must be configured to enable link-mode auto-negotiation"; value 0; description "Automatic negotiate duplex "; } enum "half-duplex" { junos:must "((".. auto-negotiation" || ".. speed"))"; junos:must-message "link-mode and speed must be configured if auto-negotiation is not enabled"; value 1; description "Half-duplex operation"; } enum "full-duplex" { junos:must "((".. auto-negotiation" || ".. speed"))"; junos:must-message "link-mode and speed must be configured if auto-negotiation is not enabled"; value 2; description "Full-duplex operation"; } } description "Link duplex"; } container speed { description "Specify speed"; choice automatic { container auto-negotiation { junos:must "(".. .. auto-negotiation")"; junos:must-message "auto-negotiation must be configured to enable speed auto-negotiation"; presence "enable auto-negotiation"; description "Enable auto-negotiation"; leaf auto-negotiate-10-100 { type empty; description "Limits the auto-negotiation to 10m/100m only"; } } // container auto-negotiation leaf ethernet-10m { junos:must "((".. .. auto-negotiation" || ".. .. link-mode"))"; junos:must-message "link-mode and speed must be configured if auto-negotiation is not enabled"; type empty; description "10Mbps"; } leaf ethernet-100m { junos:must "((".. .. auto-negotiation" || ".. .. link-mode"))"; junos:must-message "link-mode and speed must be configured if auto-negotiation is not enabled"; type empty; description "100Mbps"; } leaf ethernet-1g { junos:must "((".. .. auto-negotiation" || ".. .. link-mode"))"; junos:must-message "link-mode and speed must be configured if auto-negotiation is not enabled"; type empty; description "1Gbps"; } } // choice automatic } // container speed } // container ether-options container dsl-sfp-options { description "DSL SFP options"; uses apply-advanced; container adsl-options { description "ADSL options"; uses apply-advanced; leaf vpi { junos:must "(".. vci")"; junos:must-message "vci must be specified"; type union { type string { pattern "<.*>|$.*"; } type int32 { range "0 .. 255"; } } description "Virtual path identifier"; } leaf vci { junos:must "(".. vpi")"; junos:must-message "vpi must be specified"; type union { type string { pattern "<.*>|$.*"; } type int32 { range "32 .. 65535"; } } description "Virtual circuit identifier"; } leaf encap { junos:must "((".. vci" && ".. vpi"))"; junos:must-message "vci and vpi must be specified"; type enumeration { enum "llcsnap-bridged-802.1q" { value 0; description "LLCSNAP bridged 802.1q"; } enum "vc-mux-bridged" { value 1; description "VC MUX bridged"; } } description "Encapsulation"; } leaf annex { junos:must "((".. vci" && ".. vpi"))"; junos:must-message "vci and vpi must be specified"; type enumeration { enum "auto" { value 0; description "Annex type auto"; } enum "annexj-off" { value 1; description "Annex type annexj turn off"; } } description "Annex type"; } } // container adsl-options container vdsl-options { description "VDSL options"; uses apply-advanced; leaf profile { type enumeration { enum "auto" { value 0; description "Automatic"; } enum "8a" { value 1; description "Profile 8a"; } enum "8b" { value 2; description "Profile 8b"; } enum "8c" { value 3; description "Profile 8c"; } enum "8d" { value 4; description "Profile 8d"; } enum "12a" { value 5; description "Profile 12a"; } enum "12b" { value 6; description "Profile 12b"; } enum "17a" { value 7; description "Profile 17a"; } enum "30a" { value 8; description "Profile 30a"; } } description "VDSL profile"; } leaf carrier { type enumeration { enum "auto" { value 0; description "Automatic"; } enum "a43" { value 1; description "Carrier A43"; } enum "b43" { value 2; description "Carrier B43"; } } description "Carrier setting"; } } // container vdsl-options container gfast-options { description "G.fast options"; uses apply-advanced; leaf carrier { type enumeration { enum "a43" { value 0; description "Carrier A43"; } enum "a43c" { value 1; description "Carrier A43C"; } enum "b43" { value 2; description "Carrier B43"; } enum "b43c" { value 3; description "Carrier B43C"; } } description "Carrier setting"; } } // container gfast-options } // container dsl-sfp-options choice vlan_tag_mode { leaf vlan-tagging { junos:must "((!(".. unit") || all ".. unit <*> vlan-id"))"; junos:must-message "All units under this ifd must be configured with vlan-id "; junos:must "(!(".. unit $$={0} family ethernet-switching"))"; junos:must-message "vlan-tagging cannot be specified for an interface with family ethernet-switching"; type empty; description "802.1q VLAN tagging support"; } leaf flexible-vlan-tagging { junos:must "((!(".. unit") || all ".. unit <*> vlan-id"))"; junos:must-message "All units under this ifd must be configured with vlan-id "; junos:must "(!(".. unit $$={0} family ethernet-switching"))"; junos:must-message "flexible-vlan-tagging cannot be specified for an interface with family ethernet-switching"; type empty; description "Support for no tagging, or single VLAN tagging"; } } // choice vlan_tag_mode leaf native-vlan-id { junos:must "((".. flexible-vlan-tagging" || ".. unit $$={0} family ethernet-switching interface-mode trunk"))"; junos:must-message "native-vlan-id can be specified with flexible-vlan-tagging mode or with interface-mode trunk"; type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 4094"; } } description "Virtual LAN identifier for untagged frames"; } leaf mtu { type union { type uint32; type string { pattern "<.*>|$.*"; } } description "Transmit packet size "; } leaf mac { type jt:mac-unicast; description "Hardware MAC address"; } list unit { key "name"; description "Logical interface"; leaf name { junos:must "((!(".. .. .. .. interfaces $$={irb} unit $$={${unit}}") || any "vmhost vlans <*> l3-interface irb.${unit}"))"; junos:must-message "irb logical units must be associated with vlans"; type string; } uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable this logical interface"; } } // choice enable-disable leaf vlan-id { junos:must "((".. .. vlan-tagging" || ".. .. flexible-vlan-tagging"))"; junos:must-message "vlan-id can only be specified on tagged interfaces"; junos:must "(unique ".. .. unit <*> vlan-id $$")"; junos:must-message "vlan-id has to be unique for different ifls"; type string; description "Virtual LAN identifier value for 802.1q VLAN tags"; } container family { description "Protocol family"; container inet { presence "enable inet"; description "IPv4 parameters"; uses apply-advanced; container dhcp { junos:must "(!("system autoinstallation"))"; junos:must-message "Incompatible with 'system autoinstallation'"; junos:must "(!(".. address"))"; junos:must-message "Incompatible with interface assigned with address"; presence "enable dhcp"; description "Dynamic Host Configuration Protocol client configuration"; uses dhcp-client-type; } // container dhcp list address { key "name"; max-elements 1; ordered-by user; description "Interface address/destination prefix"; leaf name { type jt:ipv4prefix; description "Interface address/destination prefix"; } uses apply-advanced; } // list address } // container inet container inet6 { presence "enable inet6"; description "IPv6 protocol parameters"; uses apply-advanced; list address { junos:must "(!(".. unnumbered-address"))"; junos:must-message "ipv6 unnumbered-address and ipv6 address must not be defined simultaneously"; key "name"; max-elements 1; ordered-by user; description "Interface address or destination prefix"; leaf name { type jt:ipv6prefix; description "Interface address or destination prefix"; } uses apply-advanced; } // list address container dhcp { junos:must "(!("system autoinstallation"))"; junos:must-message "Incompatible with 'system autoinstallation'"; junos:must "(!(".. address"))"; junos:must-message "Incompatible with interface assigned with address"; presence "enable dhcp"; description "Dynamic Host Configuration Protocol client configuration"; uses dhcp-client-type; } // container dhcp } // container inet6 container ethernet-switching { junos:must "(!(".. .. .. .. .. interfaces $$={irb} unit $$={0} family ethernet-switching"))"; junos:must-message "Family ethernet-switching cannot be configured on irb interfaces"; junos:must "((!(".. inet") && !(".. inet6")))"; junos:must-message "Family ethernet-switching and rest of the families are mutually exclusive"; junos:must "(".. .. .. unit $$={0}")"; junos:must-message "Family ethernet-switching can be configured only on unit 0"; presence "enable ethernet-switching"; description "Ethernet switching parameters"; uses jdm-ethernet-switching-type; } // container ethernet-switching } // container family } // list unit } // grouping interfaces_type_ri grouping dhcp-client-type { description "Dynamic Host Configuration Protocol client configuration"; uses apply-advanced; container client-identifier { description "DHCP server identifies a client by client-identifier value "; uses apply-advanced; choice client-identifier-choice { leaf ascii { type string; description "Client identifier as an ASCII string"; } leaf hexadecimal { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; } description "Client identifier as a hexadecimal string"; } } // choice client-identifier-choice container user-id { description "Add user id to client-id option "; choice user-id-choice { leaf ascii { type string; description "Client identifier as an ASCII string"; } leaf hexadecimal { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; } description "Client identifier as a hexadecimal string"; } } // choice user-id-choice } // container user-id container prefix { description "Add prefix to client-id option"; uses apply-advanced; leaf host-name { type empty; description "Add router host name to client-id option"; } leaf logical-system-name { type empty; description "Add logical system name to client-id option"; } leaf routing-instance-name { type empty; description "Add routing instance name to client-id option"; } } // container prefix leaf use-interface-description { type enumeration { enum "logical" { value 0; description "Use the logical interface description"; } enum "device" { value 1; description "Use the device interface description"; } } description "Use the interface description"; } leaf hardware-type { type union { type string { pattern "<.*>|$.*"; } type uint8 { range "0 .. 255"; } } default "0"; description "Hardware type"; } } // container client-identifier container no-dns-install { presence "enable no-dns-install"; description "Do not install DNS information learned from DHCP server"; } // container no-dns-install leaf lease-time { type string; units "seconds"; description "Lease time in seconds requested in DHCP client protocol packet"; } leaf retransmission-attempt { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 50000"; } } default "4"; description "Number of attempts to retransmit the DHCP client protocol packet"; } leaf retransmission-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "4 .. 64"; } } units "seconds"; default "4"; description "Number of seconds between successive retransmission"; } leaf metric { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 255"; } } default "0"; description "Client initiated default-route metric"; } leaf server-address { type jt:ipv4addr; description "DHCP Server-address"; } leaf update-server { type empty; description "Propagate TCP/IP settings to DHCP server"; } leaf vendor-id { type string { length "1 .. 60"; } description "Vendor class id for the DHCP Client"; } leaf force-discover { type empty; description "Send DHCPDISCOVER after DHCPREQUEST retransmission failure"; } container options { description "DHCP options"; uses apply-advanced; list number { key "name"; description "DHCP option code"; leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 254"; } } description "DHCP option identifier code"; } choice option-type-choice { leaf hex-string { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "1 .. 510"; } description "Hexadecimal string"; } } // choice option-type-choice } // list number leaf no-hostname { type empty; description "Do not carry hostname (RFC option code is 12) in packet"; } } // container options list requested-options { key "name"; description "DHCP options"; leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 254"; } } description "DHCP option identifier code"; } } // list requested-options } // grouping dhcp-client-type grouping jdm-ethernet-switching-type { description "Ethernet switching family"; uses apply-advanced; leaf interface-mode { type enumeration { enum "access" { value 0; description "Interface mode is access"; } enum "trunk" { junos:must "(".. vlan members")"; junos:must-message "For trunk interface, please ensure vlan members is configured"; value 1; description "Interface mode is trunk"; } } default "access"; description "Type of interface mode"; } container vlan { description "Virtual LAN parameters"; uses apply-advanced; leaf-list members { type string; ordered-by user; description "Membership for this interface"; } } // container vlan } // grouping jdm-ethernet-switching-type grouping macro-data-type { leaf name { type string; description "Keyword part of the keyword-value pair"; } leaf value { type string; description "Value part of the keyword-value pair"; } } // grouping macro-data-type grouping vlan-types { description "Virtual LAN"; leaf name { junos:must "((".. vlan-id" || ".. vlan-id-list"))"; junos:must-message "vlan-id/vlan-id-list must be configure"; junos:must "(((!("vlans ${vlan} isolated-vlan") && (!("vlans ${vlan} community-vlans") && !("vlans ${vlan} private-vlan"))) || !("vlans ${vlan} forwarding-options filter output")))"; junos:must-message "Configuring Egress VACL is not supported on PVLAN"; type string { length "2 .. 64"; } description "VLAN name"; } uses apply-advanced; leaf vlan-id { type string; description "IEEE 802.1q VLAN identifier for VLAN"; } leaf-list vlan-id-list { junos:must "(!(".. vlan-id"))"; junos:must-message "vlan-id and vlan-id-list cannot be configured together"; junos:must "(!(("routing-instances ${instance} instance-type mac-vrf" && " .. vxlan")))"; junos:must-message "vxlan can not be specified under vlan-id-list for mac-vrf instance"; junos:must "((!(".. isolated-vlan") && !(".. community-vlans")))"; junos:must-message "PVLAN related configuration cannot be specified with vlan-id-list"; junos:must "(!(" .. multicast-snooping-options"))"; junos:must-message "multicast-snooping-options can not be specified under vlan-id-list"; junos:must "(!(" .. domain-type"))"; junos:must-message "domain-type can not be specified under vlan-id-list"; junos:must "(!(".. interface"))"; junos:must-message "interface can not be specified under vlan-id-list"; junos:must "(!(any ".. switch-options interface <*> static-mac"))"; junos:must-message "static mac can not be specified under vlan-id-list"; type jt:vlan-range; description "Create VLAN for each of the vlan-id specified in the vlan-id-list"; } leaf l3-interface { junos:must "(".. vlan-id none")"; junos:must-message "l3-interface can be configured only under vlans with 'vlan-id none'"; junos:must "(unique "vmhost vlans <*> l3-interface $$")"; junos:must-message "Same l3-interface cannot be attached to more than one vlan"; junos:must "(!((".. .. .. protocols evpn mclag" && !(".. no-arp-suppression"))))"; junos:must-message "no-arp-suppression needs to be configured, when evpn is configured with mclag."; junos:must "(!((".. mcae-mac-synchronize" && "interfaces $$-IFL mac")))"; junos:must-message "irb-ifl mac and vlan mcae-mac-synchronize cannot coexist"; junos:must "((!("interfaces $$-IFL family mpls") || !(("routing-instances ${instance} instance-type virtual-switch" && ("routing-instances ${instance} protocols vpls" && "routing-instances ${instance} route-distinguisher")))))"; junos:must-message "routing-interface with family MPLS cannot be added to virtual-switch with protocol VPLS"; junos:must "((!(".. vlan-tags") || !("interfaces $$-IFL family mpls")))"; junos:must-message "routing-interface with family MPLS cannot be added to bridge-domain with 'vlan-tags'"; junos:must "(!("routing-instances ${instance} service-type vlan-bundle"))"; junos:must-message "routing-interface not valid for vlan-bundle service type"; junos:must "((!(".. vlan-id all") && !(".. vlan-id inner-all")))"; junos:must-message "l3-interface cannot be configured under vlans with 'vlan-id all' or 'vlan-id inner-all'"; junos:must "((".. vlan-id" || ".. vlan-tags"))"; junos:must-message "l3-interface can be configured only under vlans with 'vlan-id'/'vlan-tags'"; junos:must "("interfaces $$-IFL")"; junos:must-message "Interface must already be defined under [edit interfaces]"; type union { type jt:interface-unit; type string { pattern "<.*>|$.*"; } } description "L3 interface name for this vlans"; } leaf description { type string { junos:posix-pattern "^.{1,255}$"; junos:pattern-message "Must be a string of 255 characters or less"; } description "Text description of VLANs"; } choice vlan-identifier-choice { container vlan-tags { presence "enable vlan-tags"; description "IEEE 802.1q VLAN tags for VLANs"; leaf outer { type string { junos:posix-pattern "^(0[Xx][0-9A-Fa-f]{4}.([0-9]{1,3}|1[0-9]{3}|2[0-9]{3}|3[0-9]{3}|40[0-8][0-9]|409[0-4]))$|^([0-9]{1,3}|1[0-9]{3}|2[0-9]{3}|3[0-9]{3}|40[0-8][0-9]|409[0-4])$"; junos:pattern-message "vlan-id in vlan-tag (0xNNNN.vlan-id) must be 0 to 4094"; } description "[tpid.]vlan-id, tpid format is 0xNNNN and is optional"; } leaf inner { type string { junos:posix-pattern "^(0[Xx][0-9A-Fa-f]{4}.([0-9]{1,3}|1[0-9]{3}|2[0-9]{3}|3[0-9]{3}|40[0-8][0-9]|409[0-4]))$|^([0-9]{1,3}|1[0-9]{3}|2[0-9]{3}|3[0-9]{3}|40[0-8][0-9]|409[0-4])$"; junos:pattern-message "vlan-id in vlan-tag (0xNNNN.vlan-id) must be 0 to 4094"; } description "[tpid.]vlan-id, tpid format is 0xNNNN and is optional"; } } // container vlan-tags } // choice vlan-identifier-choice list interface { key "name"; ordered-by user; description "Interface name for this VLAN"; leaf name { junos:must "(!("interfaces $$-IFL encapsulation ethernet"))"; junos:must-message "encapsulation ethernet is not allowed on l2 interface"; junos:must "(!((("interfaces $$-IFL vlan-id-list" || "interfaces $$-IFL vlan-id-range") && (".. .. .. .. instance-type mac-vrf" && (".. .. .. .. service-type vlan-aware" || ".. .. .. .. service-type vlan-based")))))"; junos:must-message "Interface with vlan-id-list/vlan-id-range cannot be added to vlan under mac-vrf routing-instance with vlan-based/vlan-aware service-type"; junos:must "((!("interfaces $$-IFL family") || "interfaces $$-IFL family ethernet-switching"))"; junos:must-message "only family ethernet-switching can be configured on this interface"; junos:must "((!(("interfaces $$ vlan-id-list" || "interfaces $$ vlan-tags inner-list")) || (!((".. .. vlan-id" || ".. .. vlan-tags")) || (".. .. no-normalization" || ".. .. switch-options no-normalization"))))"; junos:must-message "interface with vlan-id-list/inner-list cannot be added to a vlan with a vlan-id/vlan-tags configured"; junos:must "(!(("interfaces $$-IFL family ethernet-switching interface-mode" || "interfaces $$-IFL family ethernet-switching vlan members")))"; junos:must-message "Interface with 'interface-mode' config is not allowed under vlans"; junos:must "(!(".. .. .. interfaces $$"))"; junos:must-message "This interface is already defined at the routing-instance level"; junos:must "(("interfaces $$-IFL" || !(".. .. .. .. protocols evpn encapsulation")))"; junos:must-message "Interface not defined; Interface must be defined for configuring under VLAN for protocols evpn"; junos:must "(((".. .. vlan-id all" && "interfaces $$-IFL input-vlan-map pop") || ((".. .. vlan-id inner-all" && "interfaces $$-IFL input-vlan-map") || (!((".. .. vlan-id" || ".. .. vlan-tags")) || (!(("interfaces $$-IFL input-vlan-map" || "interfaces $$-IFL output-vlan-map")) || (".. .. no-normalization" || ".. .. switch-options no-normalization"))))))"; junos:must-message "interface with input/output vlan-maps cannot be added to a routing-instance with a vlan-id/vlan-tags configured"; junos:must "((!("interfaces $$-IFL vlan-tags inner-range") || ((".. .. vlan-id all" || ".. .. vlan-id inner-all") || (".. .. no-normalization" || ".. .. switch-options no-normalization"))))"; junos:must-message "vlan-tags inner-range is specified for this logical interface; 'vlan-id all' or 'vlan-id inner-all' should also be enabled"; junos:must "(((!("interfaces $$-IFL vlan-id-range") || ".. .. vlan-id all") || (".. .. no-normalization" || ".. .. switch-options no-normalization")))"; junos:must-message "vlan-id-range is specified for this logical interface; 'vlan-id all' should also be enabled"; junos:must "(!(".. .. switch-options interface $$ interface-mac-limit"))"; junos:must-message "Interface mac limit should not be configured at VLAN level for sub interfaces"; junos:must "((!("interfaces $$-IFL vlan-id-list") || !(("interfaces $$-IFL input-vlan-map swap" || "interfaces $$-IFL input-vlan-map pop"))))"; junos:must-message "interface with vlan-id-list and input-vlan-map swap/pop is not supported"; junos:must "((!("interfaces $$-IFL vlan-id") || !((".. .. vlan-tags" || ".. .. vlan-id-list"))))"; junos:must-message "interface with vlan-id cannot be added to vlan with vlan-tags/vlan-id-list configured"; junos:must "((!("interfaces $$-IFL vlan-id-list") || !((".. .. vlan-id" || (".. .. vlan-tags" || ".. .. vlan-id-list")))))"; junos:must-message "interface with vlan-id-list cannot be added to a vlan with a vlan-id/vlan-tags/vlan-id-list configured"; type string; } uses apply-advanced; } // list interface leaf no-local-switching { type empty; description "Disable local switching within CE-facing interfaces"; } container forwarding-options { description "Forwarding options configuration"; uses juniper-ethernet-switching-forwarding-options; } // container forwarding-options container multicast-snooping-options { junos:must "(".. .. .. protocols igmp-snooping vlan ${vlan}")"; junos:must-message "multicast-snooping-options can be configured only if snooping is enabled on the vlan"; description "Multicast snooping option configuration"; uses juniper-multicast-snooping-options; } // container multicast-snooping-options container switch-options { description "VLANs switch-options configuration"; uses juniper-protocols-vlan; } // container switch-options leaf domain-type { type enumeration { enum "bridge" { value 0; description "Forwarding instance"; } } description "Type of VLANs SVLAN/DVLAN"; } leaf no-irb-layer-2-copy { junos:must "(".. l3-interface")"; junos:must-message "l3-interface must be configured to configure this feature"; type empty; description "Disable transmission of layer-2 copy of packets of IRB routing-interface"; } leaf service-id { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 65535"; } } description "Service id required if VLAN is of type MC-AE, and vlan-id all or vlan-id none or vlan-tags is configured"; } leaf domain-id { junos:must "(".. .. .. protocols evpn encapsulation vxlan")"; junos:must-message "domain-id is allowed for EVPN instances only"; type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 15"; } } description "Domain-id for auto derived Route Target"; } leaf mcae-mac-synchronize { junos:must "(".. l3-interface")"; junos:must-message "Layer 3 interface for this VLAN is not configured"; type empty; description "Enable IRB MAC synchronization in this VLAN"; } container proxy-mac { junos:must "(".. .. .. instance-type virtual-switch")"; junos:must-message "Applicable to instance-type evpn only"; description "Proxy MAC settings"; uses apply-advanced; leaf irb { junos:must "(!(".. .. no-arp-suppression"))"; junos:must-message "Proxy MAC is not supported with no-arp-supression"; junos:must "((".. .. l3-interface" && !(".. proxy-mac-address")))"; junos:must-message "Proxy MAC in IRB mode should have routing-interface configured"; type empty; description "Reply with virtual-gateway MAC or IRB MAC"; } leaf proxy-mac-address { junos:must "(!(".. .. no-arp-suppression"))"; junos:must-message "Proxy MAC is not supported with no-arp-supression"; junos:must "((!(".. .. l3-interface") && !(".. irb")))"; junos:must-message "Proxy MAC with specified MAC should not have routing-interface configured"; type jt:mac-unicast; description "Reply with configured MAC for all requests"; } } // container proxy-mac leaf mcae-mac-flush { type empty; description "Enable IRB MAC flush in a/s mode for this VLAN on MCAE link up"; } leaf private-vlan { junos:must "(!((".. isolated-vlan" || ".. community-vlans")))"; junos:must-message "This vlan is already configured as primary vlan"; junos:must "(!(".. l3-interface"))"; junos:must-message "l3-interface cannot be configured on a secondary vlan"; type enumeration { enum "isolated" { value 0; description "Isolated vlan"; } enum "community" { value 1; description "Community vlan"; } } description "Type of secondary vlan for private vlan"; } leaf isolated-vlan { junos:must "(!(".. private-vlan"))"; junos:must-message "This vlan is already configured as secondary vlan"; type string; description "VLAN id or name"; } leaf-list community-vlans { junos:must "(!(".. private-vlan"))"; junos:must-message "This vlan is already configured as secondary vlan"; type string; ordered-by user; description "List of VLAN id or name"; } container vxlan { junos:must "((". riot-loopback" || (!(". riot-loopback") && (((". ovsdb-managed" || ".. .. .. switch-options ovsdb-managed") && (!((". ingress-node-replication" || ".. .. .. protocols evpn encapsulation vxlan")) && !(". multicast-group"))) || ((!((". ovsdb-managed" || ".. .. .. switch-options ovsdb-managed")) && ((". ingress-node-replication" || ".. .. .. protocols evpn encapsulation vxlan") && !(". multicast-group"))) || (!((". ovsdb-managed" || ".. .. .. switch-options ovsdb-managed")) && (!((". ingress-node-replication" || ".. .. .. protocols evpn encapsulation vxlan")) && ". multicast-group")))))))"; junos:must-message "ovsdb, multicast-group, ingress-node-replication cannot be configured together. ingress-node-replication must be configured when remote-vtep-list is configured"; junos:must "((". ovsdb-managed" || (".. .. .. switch-options ovsdb-managed" || (". multicast-group" || ("routing-instances ${instance} remote-vtep-list" || (".. .. .. switch-options remote-vtep-list" || (". ingress-node-replication" || (".. .. .. protocols evpn encapsulation vxlan" || ". riot-loopback"))))))))"; junos:must-message "One of multicast-group or ovsdb-managed or ingress-node-replication or protocols evpn encapsulation vxlan or remote-vtep-list or riot-loopback should be enabled"; junos:must "((!(".. vlan-id all") && !(".. vlan-id all")))"; junos:must-message "vxlan does not support bridge domain with 'vlan-id all' or 'vlan-id inner-all'"; junos:must "((". riot-loopback" || (!(". riot-loopback") && ("routing-instances ${instance} vtep-source-interface" || ".. .. .. switch-options vtep-source-interface"))))"; junos:must-message "vtep-source-interface is required for VXLAN configuration"; uses apply-advanced; leaf ovsdb-managed { junos:must "(!(("routing-instances ${instance} remote-vtep-list" || (".. .. .. .. switch-options remote-vtep-list" || (".. multicast-group" || ".. .. .. .. protocols evpn encapsulation vxlan")))))"; junos:must-message "ovsdb-managed not valid with remote-vtep-list or multicast-group or protocol evpn encapsulation vxlan"; type empty; description "Bridge-domain is managed remotely via VXLAN OVSDB Controller"; } leaf vni { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 16777214"; } } description "VXLAN identifier"; } leaf translation-vni { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 16777214"; } } description "Translated VXLAN identifier"; } leaf multicast-group { junos:must "(!(("routing-instances ${instance} remote-vtep-list" || (".. .. .. switch-options remote-vtep-list" || (".. ovsdb-managed" || ("routing-instances ${instance} switch-options ovsdb-managed" || ".. .. .. .. protocols evpn encapsulation vxlan"))))))"; junos:must-message "multicast-group not valid with remote-vtep-list or ovsdb-managed or evpn configuration"; type jt:ipv4addr; description "Multicast group registered for VXLAN segment"; } leaf encapsulate-inner-vlan { type empty; description "Retain inner VLAN in the packet"; } leaf decapsulate-accept-inner-vlan { type empty; description "Accept VXLAN packets with inner VLAN"; } leaf unreachable-vtep-aging-timer { type union { type string { pattern "<.*>|$.*"; } type uint16 { range "300 .. 1800"; } } units "seconds"; description "Unreachable VXLAN tunnel endpoint removal timer"; } leaf ingress-node-replication { junos:must "(!(".. .. .. .. protocols evpn assisted-replication"))"; junos:must-message "ingress-node-replication cannot be configured with assisted-replication"; junos:must "((".. ovsdb-managed" || (".. .. .. .. switch-options ovsdb-managed" || ("routing-instances ${instance} remote-vtep-list" || (".. .. .. .. switch-options remote-vtep-list" || ".. .. .. .. protocols evpn encapsulation vxlan")))))"; junos:must-message "Valid for ovsdb-managed instance or with remote-vtep-list or with protocols evpn encapsulation vxlan"; type empty; description "Enable ingress node replication"; } leaf-list static-remote-vtep-list { type jt:ipaddr; max-elements 1024; description "Configure vlan specific static remote VXLAN tunnel endpoints"; } leaf riot-loopback { type empty; description "Enable loopback on RIOT platform"; } } // container vxlan } // grouping vlan-types grouping juniper-ethernet-switching-forwarding-options { uses apply-advanced; container filter { description "Filtering for ethernet switching forwarding table"; uses apply-advanced; leaf input { type string; description "Name of input filter to apply for forwarded packets"; } leaf output { junos:must "(!(any "firewall family ethernet-switching filter $$ term <*> from traffic-type-except"))"; junos:must-message "Vacl with term as 'from traffic-type-except' not supported on the egress side"; junos:must "(!(any "firewall family ethernet-switching filter $$ term <*> from traffic-type"))"; junos:must-message "Vacl with term as 'from traffic-type' not supported on the egress side"; type string; description "Name of output filter to apply for forwarded packets"; } } // container filter container flood { description "Filtering for ethernet switching flood table"; uses apply-advanced; leaf input { type string; description "Name of input filter to apply for ethernet switching flood packets"; } } // container flood container dhcp-relay { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'dhcp-relay' statement cannot be included along with 'forwarding-options helpers bootp' statement"; status deprecated; description "Dynamic Host Configuration Protocol relay configuration"; uses jdhcp-relay-type; } // container dhcp-relay container dhcp-security { presence "enable dhcp-security"; description "DHCP access security configuration"; uses jdhcp-security-type; } // container dhcp-security container fip-security { presence "enable fip-security"; description "FCoE Initiation Protocol security configuration"; uses fip-security-type; } // container fip-security } // grouping juniper-ethernet-switching-forwarding-options grouping fip-security-type { uses apply-advanced; list interface { key "name"; description "Configure access port security for this interface"; leaf name { junos:must "(!(any "vlans <*> interface $$ egress"))"; junos:must-message "Fip security options cannot be configured on egress members of a vlan"; type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } } uses apply-advanced; choice fcoe-trusted-choice { leaf fcoe-trusted { type empty; description "Make this interface trusted for FCoE"; } leaf no-fcoe-trusted { type empty; description "Don't make this interface trusted for FCoE"; } } // choice fcoe-trusted-choice } // list interface leaf fc-map { type string { junos:posix-pattern "^0x0EF[CD][abcdefABCDEF0123456789]{2}$"; junos:pattern-message "Must be hexadecimal bit pattern of 0x0EFCHH or 0x0EFDHH"; } description "FCoE MAC address prefix"; } container examine-vn2vf { junos:must "(!(".. examine-vn2vn"))"; junos:must-message "examine-vn2vf cannot be used with examine-vn2vn"; presence "enable examine-vn2vf"; description "Enable FIP snooping on this VLAN"; uses apply-advanced; leaf satellite { type empty; description "FIP snooping enabled for extended port"; } } // container examine-vn2vf container examine-vn2vn { junos:must "(!(".. examine-vn2vf"))"; junos:must-message "examine-vn2vn cannot be used with examine-vn2vf"; presence "enable examine-vn2vn"; description "Enable VN2VN FIP snooping on this VLAN"; uses apply-advanced; leaf beacon-period { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "250 .. 90000"; } } units "milliseconds"; default "8000"; description "FCoE VN2VN beacon period"; } } // container examine-vn2vn } // grouping fip-security-type grouping jdhcp-relay-type { description "Dynamic Host Configuration Protocol relay configuration"; uses apply-advanced; container traceoptions { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "Incompatible with 'forwarding-options helpers bootp'"; junos:must "(!("system services dhcp"))"; junos:must-message "Incompatible with 'set system services dhcp'"; status deprecated; description "DHCP relay trace options"; uses jdhcp-traceoptions-type; } // container traceoptions container persistent-storage { description "Trigger to enable flat file storage"; leaf automatic { type empty; description "Trigger automatically"; } } // container persistent-storage leaf duplicate-clients-on-interface { type empty; status deprecated; description "Allow duplicate clients on different interfaces in a subnet"; } container duplicate-clients-in-subnet { junos:must "(!(".. duplicate-clients-on-interface"))"; junos:must-message "Cannot specify duplicate-clients-in-subnet with duplicate-clients-on-interface"; description "Allow duplicate clients in a subnet"; uses jdhcp-duplicate-clients-in-subnet-type; } // container duplicate-clients-in-subnet container interface-traceoptions { status deprecated; description "DHCP relay interface trace options"; uses jdhcp-interface-traceoptions-type; } // container interface-traceoptions container dhcpv6 { description "DHCPv6 configuration"; uses dhcpv6-relay-type; } // container dhcpv6 leaf arp-inspection { type empty; description "Enable Dynamic ARP Inspection"; } container forward-snooped-clients { junos:must "((!(".. forward-only") && (!(".. forward-only-replies") && !(any ".. group <*> forward-only"))))"; junos:must-message "forward-only and forward-only-replies cannot be configured when forward-snooped-clients is configured"; description "Forward snooped (unicast) packets"; choice interface-type { leaf configured-interfaces { type empty; description "Forward snooped (unicast) packets on configured interfaces"; } leaf non-configured-interfaces { type empty; description "Forward snooped (unicast) packets on non-configured interfaces"; } leaf all-interfaces { type empty; description "Forward snooped (unicast) packets on configured and non-configured interfaces"; } } // choice interface-type } // container forward-snooped-clients container authentication { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'authentication' statement cannot be included along with 'forwarding-options helpers bootp' statement"; description "DHCP authentication"; uses authentication-type; } // container authentication container liveness-detection { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'liveness-detection' statement cannot be included along with 'forwarding-options helpers bootp' statement"; description "DHCP client liveness detection processing"; uses dhcp-liveness-detection-type; } // container liveness-detection container dynamic-profile { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'dynamic-profile' statement cannot be included along with 'forwarding-options helpers bootp' statement"; description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'access-profile' statement cannot be included along with 'forwarding-options helpers bootp' statement"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection container overrides { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'overrides' statement cannot be included along with 'forwarding-options helpers bootp' statement"; presence "enable overrides"; description "DHCP override processing"; uses override-type; } // container overrides container relay-option { junos:must "((!(".. relay-option-60") && !(any ".. group <*> relay-option-60")))"; junos:must-message "Cannot specify relay-option-60 with relay-option"; presence "enable relay-option"; description "DHCP option processing"; uses dhcp-generic-v4-option; } // container relay-option container server-match { description "Server match processing"; uses apply-advanced; container default-action { presence "enable default-action"; description "Server match default action"; uses server-match-action-choice; } // container default-action list address { key "name"; ordered-by user; description "Server address"; leaf name { type jt:ipv4prefix; description "Server address for matching"; } uses apply-advanced; choice server-match-action-choice { leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } leaf create-relay-entry { type empty; description "Create relay entry and allow subscriber services"; } } // choice server-match-action-choice } // list address } // container server-match container relay-option-60 { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'relay-option-60' statement cannot be included along with 'forwarding-options helpers bootp' statement"; junos:must "((!(".. relay-option") && !(any ".. group <*> relay-option")))"; junos:must-message "Cannot specify relay-option with relay-option-60 "; presence "enable relay-option-60"; status deprecated; description "DHCP option-60 processing"; uses relay-option-60-type-top; } // container relay-option-60 container relay-option-82 { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'relay-option-82' statement cannot be included along with 'forwarding-options helpers bootp' statement"; presence "enable relay-option-82"; description "DHCP option-82 processing"; uses relay-option-82-type; } // container relay-option-82 container forward-only { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'forward-only' statement cannot be included along with 'forwarding-options helpers bootp' statement"; presence "enable forward-only"; description "Forward DHCP packets without creating binding"; uses forward-only-to-rc-type; } // container forward-only leaf description { type string; description "Text description of servers"; } leaf maximum-hop-count { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 16"; } } description "Maximum number of hops per packet"; } leaf minimum-wait-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 30000"; } } description "Minimum number of seconds before requests are forwarded"; } leaf client-response-ttl { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } description "IP time-to-live value to set in responses to client"; } leaf source-ip-change { type empty; description "Use address of egress interface as source ip"; } leaf forward-only-replies { type empty; description "Forward-only replies from server to appropriate logical-system:routing-instance based on options"; } container server-group { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'server-group' statement cannot be included along with 'forwarding-options helpers bootp' statement"; description "Define a DHCP server group"; uses server-group-type; } // container server-group container active-server-group { description "Name of DHCP server group"; uses dhcpv4-gbl-active-sg-type; } // container active-server-group container route-suppression { junos:must "(!(".. liveness-detection method layer2-liveness-detection"))"; junos:must-message "Cannot specify route-suppression with liveness-detection method layer2-liveness-detection"; junos:must "(!(".. overrides no-arp"))"; junos:must-message "Cannot specify route-suppression with overrides no-arp"; description "Suppress access-internal and/or destination route addition"; uses dhcp-route-suppression-type; } // container route-suppression list group { junos:must "(!("forwarding-options helpers bootp"))"; junos:must-message "'group' statement cannot be included along with 'forwarding-options helpers bootp' statement"; key "name"; ordered-by user; description "Define a DHCP group"; uses dhcp-group; } // list group list dual-stack-group { key "name"; description "Define a DHCP dual stack group"; uses dhcp-dual-stack-group; } // list dual-stack-group leaf no-snoop { junos:must "(!("legacy-snooping"))"; junos:must-message "'no-snoop' statement cannot be included along with 'legacy-snooping' statement"; type empty; description "Do not snoop DHCP packets"; } leaf server-response-time { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Number of seconds in a period of activity between the last server response and an unaswered request"; } container lease-time-validation { presence "enable lease-time-validation"; description "Configure lease time violation validation"; uses apply-advanced; leaf lease-time-threshold { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 2147483647"; } } units "seconds"; description "Threshold for lease time violation in seconds"; } container violation-action { description "Lease time validation violation action"; leaf drop { type empty; description "Drop dhcpv4 offer and ack packets"; } } // container violation-action } // container lease-time-validation container leasequery { junos:must "(".. overrides always-write-option-82")"; junos:must-message "Must configure [overrides always-write-option-82] to overwrite circuit-id"; junos:must "((".. relay-option-82 circuit-id" && (!(".. relay-option-82 circuit-id use-interface-description") && !(".. relay-option-82 circuit-id require-interface-description"))))"; junos:must-message "Must configure [relay-option-82 circuit-id] without description to insert circuit-id"; presence "enable leasequery"; description "DHCP leasequery configuration"; uses relay-leasequery-type; } // container leasequery container bulk-leasequery { presence "enable bulk-leasequery"; description "DHCP bulk leasequery configuration"; uses relay-bulk-leasequery-v4-type; } // container bulk-leasequery container active-leasequery { junos:must "(".. bulk-leasequery")"; junos:must-message "Must configure bulk-leasequery"; presence "enable active-leasequery"; description "DHCPv4 active leasequery configuration"; uses relay-active-leasequery-v4-type; } // container active-leasequery container remote-id-mismatch { presence "enable remote-id-mismatch"; description "DHCP client remote-id mismatch"; uses dhcp-remote-id-mismatch-type; } // container remote-id-mismatch } // grouping jdhcp-relay-type grouping authentication-type { description "DHCP authentication"; uses apply-advanced; leaf password { type string { length "1 .. 64"; } description "Username password to use"; } container username-include { description "Add username options"; uses apply-advanced; leaf delimiter { type string { length "1"; } description "Change delimiter/separator character"; } leaf domain-name { type string { length "1 .. 64"; } description "Add domain name"; } leaf user-prefix { type string { length "1 .. 64"; } description "Add user defined prefix"; } leaf mac-address { type empty; description "Include MAC address"; } container option-82 { presence "enable option-82"; description "Include option 82"; leaf circuit-id { type empty; description "Include option 82 circuit-id (sub option 1)"; } leaf remote-id { type empty; description "Include option 82 remote-id (sub option 2)"; } } // container option-82 leaf logical-system-name { type empty; description "Include logical system name"; } leaf routing-instance-name { type empty; description "Include routing instance name"; } container client-id { presence "enable client-id"; description "Include client ID"; leaf exclude-headers { type empty; description "Exclude all the headers"; } leaf use-automatic-ascii-hex-encoding { type empty; description "Use automatic ascii hex username encoding"; } } // container client-id leaf option-60 { type empty; description "Include option 60"; } leaf circuit-type { type empty; description "Include circuit type"; } leaf interface-name { type empty; description "Include interface name"; } leaf interface-description { type enumeration { enum "device" { value 0; description "Add the device interface description"; } enum "logical" { value 1; description "Add the logical interface description"; } } description "Include interface description"; } leaf vlan-tags { type empty; description "Include the vlan tag(s)"; } } // container username-include } // grouping authentication-type grouping dhcp-dual-stack-group { description "DHCP dual stack groups"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; length "1 .. 64"; } description "Dual stack group name"; } uses apply-advanced; container authentication { description "DHCP authentication"; uses dual-stack-authentication-type; } // container authentication leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf access-profile { type string { length "1 .. 128"; } description "Access profile to be used for jdhcpd"; } container dynamic-profile { description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile container liveness-detection { description "DHCP client liveness detection processing"; uses dhcp-liveness-detection-dualstack-type; } // container liveness-detection container relay-agent-interface-id { presence "enable relay-agent-interface-id"; description "Interface-id option processing"; uses v6-relay-option-interface-id-type; } // container relay-agent-interface-id container relay-agent-remote-id { presence "enable relay-agent-remote-id"; description "Remote-id option processing"; uses v6-relay-option-remote-id-type; } // container relay-agent-remote-id container classification-key { junos:must "(".. dynamic-profile")"; junos:must-message "dynamic profile configuration in dual-stack-group is must for configuring classification-type"; description "Classification key for identifying dual stack household"; uses classification-types; } // container classification-key leaf dual-stack-interface-client-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 500000"; } } description "Limit the number of client allowed on an interface"; } container protocol-master { description "Select family as protocol master"; uses jdhcp-dual-stack-protocol-mstr-type; } // container protocol-master container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection } // grouping dhcp-dual-stack-group grouping classification-types { description "Different mechanisms to identify a single household"; uses apply-advanced; leaf mac-address { type empty; description "MAC address of client"; } leaf circuit-id { type empty; description "Circuit-id as key"; } leaf remote-id { type empty; description "Remote-id as key"; } } // grouping classification-types grouping dhcp-generic-v4-option { description "Generic DHCP options processing"; uses apply-advanced; leaf option-number { type enumeration { enum "60" { value 0; status deprecated; description "Option 60"; } enum "77" { value 1; status deprecated; description "Option 77"; } } status deprecated; description "Option number"; } container equals { status deprecated; description "Generic option equals"; uses relay-v4-option-ascii-hex; } // container equals container default-action { status deprecated; description "Generic option default action"; uses dhcp-v4-option-default-action; } // container default-action container starts-with { status deprecated; description "Generic option starts with"; uses relay-v4-option-ascii-hex; } // container starts-with container option-60 { junos:must "(!("option-number"))"; junos:must-message "Cannot specify option-60 with option-number"; presence "enable option-60"; description "Add option 60 processing"; uses dhcp-generic-v4-option-type; } // container option-60 container option-77 { junos:must "(!("option-number"))"; junos:must-message "Cannot specify option-77 with option-number"; presence "enable option-77"; description "Add option 77 processing"; uses dhcp-generic-v4-option-type; } // container option-77 list option-order { junos:must "(!("option-number"))"; junos:must-message "Cannot specify option-order with option-number"; key "name"; ordered-by user; description "Options precedence order"; leaf name { type enumeration { enum "60" { value 0; description "Option 60"; } enum "77" { value 1; description "Option 77"; } } description "Option number"; } uses apply-advanced; } // list option-order } // grouping dhcp-generic-v4-option grouping dhcp-generic-v4-option-type { uses apply-advanced; container equals { description "Generic option equals"; uses relay-v4-option-ascii-hex; } // container equals container default-action { description "Generic option default action"; uses dhcp-v4-option-default-action; } // container default-action container starts-with { description "Generic option starts with"; uses relay-v4-option-ascii-hex; } // container starts-with } // grouping dhcp-generic-v4-option-type grouping dhcp-group { description "DHCP groups"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; length "1 .. 64"; } description "Group name"; } uses apply-advanced; container active-server-group { description "Name of DHCP server group"; uses dhcpv4-gp-active-sg-type; } // container active-server-group container authentication { description "DHCP authentication"; uses authentication-type; } // container authentication container liveness-detection { description "DHCP client liveness detection processing"; uses dhcp-liveness-detection-type; } // container liveness-detection container dynamic-profile { description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container overrides { presence "enable overrides"; description "DHCP override processing"; uses override-type; } // container overrides container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection container server-match { description "Server match processing"; uses apply-advanced; container default-action { presence "enable default-action"; description "Server match default action"; uses server-match-action-choice; } // container default-action list address { key "name"; ordered-by user; description "Server address"; leaf name { type jt:ipv4prefix; description "Server address for matching"; } uses apply-advanced; choice server-match-action-choice { leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } leaf create-relay-entry { type empty; description "Create relay entry and allow subscriber services"; } } // choice server-match-action-choice } // list address } // container server-match container relay-option { junos:must "((!(".. relay-option-60") && !(".. .. relay-option-60")))"; junos:must-message "Cannot specify relay-option-60 with relay-option"; presence "enable relay-option"; description "DHCP option processing"; uses dhcp-generic-v4-option; } // container relay-option container relay-option-60 { junos:must "((!(".. relay-option") && !(".. .. relay-option")))"; junos:must-message "Cannot specify relay-option with relay-option-60"; presence "enable relay-option-60"; status deprecated; description "DHCP option-60 processing"; uses relay-option-60-type-group; } // container relay-option-60 container relay-option-82 { presence "enable relay-option-82"; description "DHCP option-82 processing"; uses relay-option-82-type; } // container relay-option-82 container forward-only { presence "enable forward-only"; description "Forward DHCP packets without creating binding"; uses forward-only-to-rc-type; } // container forward-only container route-suppression { junos:must "(!(".. liveness-detection method layer2-liveness-detection"))"; junos:must-message "Cannot specify route-suppression with liveness-detection method layer2-liveness-detection"; junos:must "((!(".. overrides no-arp") && !(".. .. overrides no-arp")))"; junos:must-message "Cannot specify route-suppression with overrides no-arp"; description "Suppress access-internal and/or destination route addition"; uses dhcp-route-suppression-type; } // container route-suppression leaf description { type string; description "Text description of servers"; } leaf maximum-hop-count { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 16"; } } description "Maximum number of hops per packet"; } leaf minimum-wait-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 30000"; } } description "Minimum number of seconds before requests are forwarded"; } leaf client-response-ttl { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } description "IP time-to-live value to set in responses to client"; } leaf source-ip-change { type empty; description "Use address of egress interface as source ip"; } list interface { key "name"; description "One or more interfaces"; leaf name { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface name"; } uses apply-advanced; leaf upto { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface up to"; } leaf exclude { type empty; description "Exclude this interface range"; } leaf trace { junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify tracing with exclude"; type empty; description "Enable tracing for this interface"; } container overrides { junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify overrides with exclude"; description "DHCP override processing"; uses override-type; } // container overrides container dynamic-profile { junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify overrides with exclude"; description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify overrides with exclude"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection } // list interface container remote-id-mismatch { presence "enable remote-id-mismatch"; description "DHCP client remote-id mismatch"; uses dhcp-remote-id-mismatch-type; } // container remote-id-mismatch container lease-time-validation { presence "enable lease-time-validation"; description "Configure lease time violation validation"; uses apply-advanced; leaf lease-time-threshold { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 2147483647"; } } units "seconds"; description "Threshold for lease time violation in seconds"; } container violation-action { description "Lease time validation violation action"; leaf drop { type empty; description "Drop dhcpv4 offer and ack packets"; } } // container violation-action } // container lease-time-validation } // grouping dhcp-group grouping dhcp-liveness-detection-dualstack-type { description "DHCP client liveness detection processing"; uses apply-advanced; container failure-action { description "Liveness detection failure action options"; uses dhcp-liveness-detection-failure-action-type; } // container failure-action container method { description "Liveness detection method options"; uses apply-advanced; choice method-choice { container layer2-liveness-detection { junos:must "((!(".. .. route-suppression") && (!(".. .. .. route-suppression") && !(".. .. .. .. route-suppression"))))"; junos:must-message "Method not allowed with route-suppression enabled"; description "Address resolution options"; uses dhcp-arp-nud-liveness-detection-type; } // container layer2-liveness-detection } // choice method-choice } // container method } // grouping dhcp-liveness-detection-dualstack-type grouping dhcp-arp-nud-liveness-detection-type { description "Address Resolution detection options"; uses apply-advanced; leaf transmit-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "300 .. 1800"; } } units "seconds"; default "300"; description "Transmit interval for address resolution"; } leaf max-consecutive-retries { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "3 .. 6"; } } default "3"; description "Retry attempts"; } } // grouping dhcp-arp-nud-liveness-detection-type grouping dhcp-liveness-detection-failure-action-type { description "Liveness detection failure action options"; uses apply-advanced; choice failure-action-type { leaf clear-binding { type empty; description "Clear the client binding"; } leaf clear-binding-if-interface-up { type empty; description "Clear the client binding only if the incoming interface is up"; } leaf log-only { type empty; description "Maintain the client binding and log the failure event"; } } // choice failure-action-type } // grouping dhcp-liveness-detection-failure-action-type grouping dhcp-liveness-detection-type { description "DHCP client liveness detection processing"; uses apply-advanced; container failure-action { description "Liveness detection failure action options"; uses dhcp-liveness-detection-failure-action-type; } // container failure-action container method { description "Liveness detection method options"; uses apply-advanced; choice method-choice { container bfd { description "Bidirectional Forwarding Detection (BFD) options"; uses dhcp-bfd-liveness-detection-type; } // container bfd container layer2-liveness-detection { junos:must "((!(".. .. route-suppression") && (!(".. .. .. route-suppression") && !(".. .. .. .. route-suppression"))))"; junos:must-message "Method not allowed with route-suppression enabled"; description "Address resolution options"; uses dhcp-arp-nud-liveness-detection-type; } // container layer2-liveness-detection } // choice method-choice } // container method } // grouping dhcp-liveness-detection-type grouping dhcp-bfd-liveness-detection-type { description "Bidirectional Forwarding Detection (BFD) options"; uses apply-advanced; leaf version { type enumeration { enum "0" { value 0; description "BFD version 0 (deprecated)"; } enum "1" { value 1; description "BFD version 1"; } enum "automatic" { value 2; description "Choose BFD version automatically"; } } default "automatic"; description "BFD protocol version number"; } leaf minimum-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "30000 .. 255000"; } } units "milliseconds"; description "Minimum transmit and receive interval"; } leaf minimum-transmit-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "30000 .. 255000"; } } units "milliseconds"; status deprecated; description "Minimum transmit interval"; } leaf minimum-receive-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "30000 .. 255000"; } } units "milliseconds"; description "Minimum receive interval"; } leaf multiplier { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 255"; } } default "3"; description "Detection time multiplier"; } choice adaptation-choice { leaf no-adaptation { type empty; description "Disable adaptation"; } } // choice adaptation-choice container transmit-interval { description "Transmit-interval options"; uses apply-advanced; leaf minimum-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "30000 .. 255000"; } } units "milliseconds"; description "Minimum transmit interval"; } leaf threshold { type union { type uint32; type string { pattern "<.*>|$.*"; } } units "milliseconds"; description "High transmit interval triggering a trap"; } } // container transmit-interval container detection-time { description "Detection-time options"; uses apply-advanced; leaf threshold { type union { type uint32; type string { pattern "<.*>|$.*"; } } units "milliseconds"; description "High detection-time triggering a trap"; } } // container detection-time leaf session-mode { type enumeration { enum "automatic" { value 0; description "Choose session-mode automatically"; } enum "single-hop" { value 1; description "Use single-hop"; } enum "multihop" { value 2; description "Use multihop"; } } default "automatic"; description "BFD single-hop or multihop session-mode"; } leaf holddown-interval { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 255000"; } } units "milliseconds"; default "0"; description "Time to hold the session-UP notification to the client"; } } // grouping dhcp-bfd-liveness-detection-type grouping dhcp-remote-id-mismatch-type { description "DHCP client remote-id-mismatch processing"; uses apply-advanced; leaf disconnect { type empty; description "Disconnect session on remote-id mismatch"; } } // grouping dhcp-remote-id-mismatch-type grouping dhcp-route-suppression-type { uses apply-advanced; choice dhcp-route-suppression-choice { leaf access-internal { type empty; description "Suppress access-internal and destination route addition"; } leaf destination { type empty; description "Suppress destination route addition"; } } // choice dhcp-route-suppression-choice } // grouping dhcp-route-suppression-type grouping dhcp-v4-option-default-action { description "Default action"; uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))"; junos:must-message "Referenced group must be defined under [edit forwarding dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf local-server-group { junos:must "((".. .. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. system services dhcp-local-server group $$" || ".. .. .. .. .. system services dhcp-local-server group $$"))))"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // grouping dhcp-v4-option-default-action grouping dhcpv4-gbl-active-sg-type { leaf active-server-group { junos:must "(".. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP server group"; } leaf allow-server-change { type empty; description "Accept DHCP-ACK from any server in this group"; } } // grouping dhcpv4-gbl-active-sg-type grouping dhcpv4-gp-active-sg-type { leaf active-server-group { junos:must "(".. .. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP server group"; } leaf allow-server-change { type empty; description "Accept DHCP-ACK from any server in this group"; } } // grouping dhcpv4-gp-active-sg-type grouping dhcpv6-relay-type { description "DHCPv6 relay configuration"; uses apply-advanced; container authentication { description "DHCPv6 authentication"; uses dhcpv6-authentication-type; } // container authentication container persistent-storage { description "Trigger to enable flat file storage"; leaf automatic { type empty; description "Trigger automatically"; } } // container persistent-storage container liveness-detection { description "DHCPv6 client liveness detection processing"; uses dhcpv6-liveness-detection-type; } // container liveness-detection container dynamic-profile { description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection container overrides { presence "enable overrides"; description "DHCPv6 override processing"; uses dhcpv6-override-relay-type; } // container overrides container relay-option { presence "enable relay-option"; description "DHCPv6 option processing"; uses dhcp-generic-v6-option; } // container relay-option leaf exclude-relay-agent-identifier { type empty; description "Exclude relay agent identifier from packets to server"; } container server-match { description "Server match processing"; uses apply-advanced; container default-action { description "Server match default action"; uses server-match-action-choice; } // container default-action container duid { description "Match duid processing"; uses apply-advanced; container equals { description "Duid equals"; uses server-match-v6-ascii-hex; } // container equals container starts-with { description "Duid starts with"; uses server-match-v6-ascii-hex; } // container starts-with } // container duid list address { key "name"; ordered-by user; description "Server ipv6 address"; leaf name { type jt:ipv6prefix; description "Server ipv6 address for matching"; } uses apply-advanced; choice server-match-action-choice { leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } leaf create-relay-entry { type empty; description "Create relay entry and allow subscriber services"; } } // choice server-match-action-choice } // list address } // container server-match leaf relay-agent-option-79 { type empty; description "Add the client MAC address to the Relay Forward header."; } container vendor-specific-information { description "DHCPv6 option 17 vendor-specific processing"; uses jdhcp-vendor-specific-type; } // container vendor-specific-information container forward-only { presence "enable forward-only"; description "Forward DHCPv6 packets without creating binding"; uses forward-only-to-rc-type; } // container forward-only leaf forward-only-replies { type empty; description "Forward-only replies from server to appropriate logical-system:routing-instance based on options"; } container forward-snooped-clients { junos:must "((!(".. forward-only") && (!(".. forward-only-replies") && !(any ".. group <*> forward-only"))))"; junos:must-message "forward-only and forward-only-replies cannot be configured when forward-snooped-clients is configured"; description "Forward snooped (unicast) packets"; choice interface-type { leaf configured-interfaces { type empty; description "Forward snooped (unicast) packets on configured interfaces"; } leaf non-configured-interfaces { type empty; description "Forward snooped (unicast) packets on non-configured interfaces"; } leaf all-interfaces { type empty; description "Forward snooped (unicast) packets on configured and non-configured interfaces"; } } // choice interface-type } // container forward-snooped-clients container route-suppression { description "Suppress access-internal and/or access route addition"; uses dhcpv6-route-suppression-type; } // container route-suppression list group { key "name"; ordered-by user; description "Define a DHCPv6 relay group"; uses dhcpv6-relay-group; } // list group container relay-agent-interface-id { presence "enable relay-agent-interface-id"; description "DHCPv6 interface-id option processing"; uses v6-relay-option-interface-id-type; } // container relay-agent-interface-id container relay-agent-remote-id { presence "enable relay-agent-remote-id"; description "DHCPv6 remote-id option processing"; uses v6-relay-option-remote-id-type; } // container relay-agent-remote-id container server-group { description "Define a DHCPv6 server group"; uses v6-server-group-type; } // container server-group container active-server-group { description "Name of DHCPv6 server group"; uses dhcpv6-gbl-active-sg-type; } // container active-server-group leaf server-response-time { type union { type uint32; type string { pattern "<.*>|$.*"; } } default "0"; description "Number of seconds in a period of activity between the last server response and an unaswered request"; } container lease-time-validation { presence "enable lease-time-validation"; description "Configure lease time violation validation"; uses apply-advanced; leaf lease-time-threshold { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 2147483647"; } } units "seconds"; description "Threshold for lease time violation in seconds"; } container violation-action { description "Lease time validation violation action"; leaf drop { type empty; description "Drop dhcpv6 advertise and reply packets"; } } // container violation-action } // container lease-time-validation leaf no-snoop { junos:must "(!("legacy-snooping"))"; junos:must-message "'no-snoop' statement cannot be included along with 'legacy-snooping' statement"; type empty; description "Do not snoop DHCPV6 packets"; } container leasequery { junos:must "(".. relay-agent-interface-id")"; junos:must-message "Must configure [relay-agent-interface-id] to insert interface-id"; presence "enable leasequery"; description "DHCPv6 leasequery configuration"; uses relay-leasequery-type; } // container leasequery container bulk-leasequery { junos:must "(".. relay-agent-interface-id")"; junos:must-message "Must configure [relay-agent-interface-id] to insert interface-id"; presence "enable bulk-leasequery"; description "DHCPv6 bulk leasequery configuration"; uses relay-bulk-leasequery-v6-type; } // container bulk-leasequery container active-leasequery { junos:must "(".. bulk-leasequery")"; junos:must-message "Must configure bulk-leasequery"; presence "enable active-leasequery"; description "DHCPv6 active leasequery configuration"; uses relay-active-leasequery-v6-type; } // container active-leasequery container remote-id-mismatch { presence "enable remote-id-mismatch"; description "DHCP client remote-id mismatch"; uses dhcp-remote-id-mismatch-type; } // container remote-id-mismatch container duplicate-clients { description "Allow duplicate clients"; uses dhcpv6-duplicate-clients-type; } // container duplicate-clients } // grouping dhcpv6-relay-type grouping dhcp-generic-v6-option { description "Generic DHCPv6 options processing"; uses apply-advanced; leaf option-number { type enumeration { enum "15" { value 0; status deprecated; description "Option 15"; } enum "16" { value 1; status deprecated; description "Option 16"; } } status deprecated; description "Option number"; } container equals { status deprecated; description "Generic option equals"; uses relay-v6-option-ascii-hex; } // container equals container default-action { status deprecated; description "Generic option default action"; uses dhcp-v6-option-default-action; } // container default-action container starts-with { status deprecated; description "Generic option starts with"; uses relay-v6-option-ascii-hex; } // container starts-with container option-15 { junos:must "(!("option-number"))"; junos:must-message "Cannot specify option-15 with option-number"; presence "enable option-15"; description "Add option 15 processing"; uses dhcp-generic-v6-option-type; } // container option-15 container option-16 { junos:must "(!("option-number"))"; junos:must-message "Cannot specify option-16 with option-number"; presence "enable option-16"; description "Add option 16 processing"; uses dhcp-generic-v6-option-type; } // container option-16 list option-order { junos:must "(!("option-number"))"; junos:must-message "Cannot specify option-order with option-number"; key "name"; ordered-by user; description "Options precedence order"; leaf name { type enumeration { enum "15" { value 0; description "Option 15"; } enum "16" { value 1; description "Option 16"; } } description "Option number"; } uses apply-advanced; } // list option-order } // grouping dhcp-generic-v6-option grouping dhcp-generic-v6-option-type { uses apply-advanced; container equals { description "Generic option equals"; uses relay-v6-option-ascii-hex; } // container equals container default-action { description "Generic option default action"; uses dhcp-v6-option-default-action; } // container default-action container starts-with { description "Generic option starts with"; uses relay-v6-option-ascii-hex; } // container starts-with } // grouping dhcp-generic-v6-option-type grouping dhcp-v6-option-default-action { description "Default action"; uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))"; junos:must-message "Referenced group must be defined under [edit forwarding options dhcp-relay dhcpv6 server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // grouping dhcp-v6-option-default-action grouping dhcpv6-authentication-type { description "DHCPv6 authentication"; uses apply-advanced; leaf password { type string { length "1 .. 64"; } description "Username password to use"; } container username-include { description "Add username options"; uses apply-advanced; leaf delimiter { type string { length "1"; } description "Change delimiter/separator character"; } leaf domain-name { type string { length "1 .. 64"; } description "Add domain name"; } leaf user-prefix { type string { length "1 .. 64"; } description "Add user defined prefix"; } leaf mac-address { type empty; description "Include MAC address"; } container client-id { presence "enable client-id"; description "Include client ID"; leaf exclude-headers { type empty; description "Exclude all the headers"; } leaf use-automatic-ascii-hex-encoding { type empty; description "Use automatic ascii hex username encoding"; } } // container client-id container relay-agent-remote-id { presence "enable relay-agent-remote-id"; description "Include the relay agent remote ID"; uses apply-advanced; choice relay-agent-remote-id-choice { leaf enterprise-id { type empty; status deprecated; description "Only use enterprise-id portion of option-37"; } leaf remote-id { type empty; status deprecated; description "Only use remote-id portion of option-37"; } } // choice relay-agent-remote-id-choice } // container relay-agent-remote-id leaf logical-system-name { type empty; description "Include logical system name"; } leaf routing-instance-name { type empty; description "Include routing instance name"; } leaf relay-agent-subscriber-id { type empty; description "Include the relay agent subscriber ID"; } leaf relay-agent-interface-id { type empty; description "Include the relay agent interface ID"; } leaf circuit-type { type empty; description "Include circuit type"; } leaf interface-name { type empty; description "Include interface name"; } leaf interface-description { type enumeration { enum "device" { value 0; description "Add the device interface description"; } enum "logical" { value 1; description "Add the logical interface description"; } } description "Include interface description"; } leaf vlan-tags { type empty; description "Include the vlan tag(s)"; } } // container username-include } // grouping dhcpv6-authentication-type grouping dhcpv6-duplicate-clients-type { description "Allow duplicate clients"; choice distinguish-with { leaf incoming-interface { type empty; description "Allow duplicate clients on different underlying interfaces"; } } // choice distinguish-with } // grouping dhcpv6-duplicate-clients-type grouping dhcpv6-gbl-active-sg-type { uses apply-advanced; leaf active-server-group { junos:must "(".. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay dhcpv6 server-group]"; type string { length "1 .. 64"; } description "Name of DHCPv6 server group"; } } // grouping dhcpv6-gbl-active-sg-type grouping dhcpv6-liveness-detection-type { description "DHCPv6 client liveness detection processing"; uses apply-advanced; container failure-action { description "Liveness detection failure action options"; uses dhcp-liveness-detection-failure-action-type; } // container failure-action container method { description "Liveness detection method options"; uses apply-advanced; choice method-choice { container bfd { description "Bidirectional Forwarding Detection (BFD) options"; uses dhcp-bfd-liveness-detection-type; } // container bfd container layer2-liveness-detection { description "Neighbor discovery options"; uses dhcp-arp-nud-liveness-detection-type; } // container layer2-liveness-detection } // choice method-choice } // container method } // grouping dhcpv6-liveness-detection-type grouping dhcpv6-override-relay-type { description "DHCPv6 relay override processing"; uses apply-advanced; choice allow-snooped-clients-choice { leaf allow-snooped-clients { type empty; description "Allow client creation from snooped PDUs"; } leaf no-allow-snooped-clients { type empty; description "Don't allow client creation from snooped PDUs"; } } // choice allow-snooped-clients-choice leaf delay-authentication { type empty; description "Delay subscriber authentication in DHCP protocol processing until request packet"; } leaf interface-client-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 500000"; } } description "Limit the number of clients allowed on an interface"; } leaf dual-stack { type string { length "1 .. 64"; } description "Dual stack group to use."; } leaf no-bind-on-request { type empty; description "Do not bind if stray DHCPv6 RENEW, REBIND is received"; } container client-negotiation-match { description "Use secondary match criteria for SOLICIT PDU"; choice match-with { leaf incoming-interface { type empty; description "Use incoming interface"; } } // choice match-with } // container client-negotiation-match leaf send-release-on-delete { type empty; description "Always send RELEASE to the server when a binding is deleted"; } leaf always-process-option-request-option { type empty; description "Always process option even after address allocation failure"; } leaf relay-source { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface for relay source"; } leaf delete-binding-on-renegotiation { type empty; description "Delete binding on renegotiation"; } leaf asymmetric-lease-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "600 .. 86400"; } } units "seconds"; description "Use a reduced lease time for the client. In seconds"; } leaf asymmetric-prefix-lease-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "600 .. 86400"; } } units "seconds"; description "Use a reduced prefix lease time for the client. In seconds"; } } // grouping dhcpv6-override-relay-type grouping dhcpv6-relay-group { description "DHCPv6 groups"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; length "1 .. 64"; } description "Group name"; } uses apply-advanced; container active-server-group { description "Name of DHCPv6 server group"; uses dhcpv6-gp-active-sg-type; } // container active-server-group list dual-stack-group { key "name"; description "Define a DHCP dual stack group"; uses dhcp-dual-stack-group; } // list dual-stack-group container authentication { description "DHCPv6 authentication"; uses dhcpv6-authentication-type; } // container authentication container liveness-detection { description "DHCPv6 client liveness detection processing"; uses dhcpv6-liveness-detection-type; } // container liveness-detection container dynamic-profile { description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection container overrides { presence "enable overrides"; description "DHCPv6 override processing"; uses dhcpv6-override-relay-type; } // container overrides container relay-option { presence "enable relay-option"; description "DHCPv6 option processing"; uses dhcp-generic-v6-option; } // container relay-option container vendor-specific-information { description "DHCPv6 option 17 vendor-specific processing"; uses jdhcp-vendor-specific-type; } // container vendor-specific-information container forward-only { presence "enable forward-only"; description "Forward DHCPv6 packets without creating binding"; uses forward-only-to-rc-type; } // container forward-only container relay-agent-interface-id { presence "enable relay-agent-interface-id"; description "DHCPv6 interface-id option processing"; uses v6-relay-option-interface-id-type; } // container relay-agent-interface-id container relay-agent-remote-id { presence "enable relay-agent-remote-id"; description "DHCPv6 remote-id option processing"; uses v6-relay-option-remote-id-type; } // container relay-agent-remote-id container route-suppression { description "Suppress access-internal and/or access route addition"; uses dhcpv6-route-suppression-type; } // container route-suppression leaf relay-agent-option-79 { type empty; description "Add the client MAC address to the Relay Forward header."; } list interface { key "name"; description "One or more interfaces"; leaf name { junos:must "((unique "forwarding-options dhcp-relay dhcpv6 group <*> interface $$" && !(any "system services dhcp-local-server dhcpv6 group <*> interface $$")))"; junos:must-message "Interface used in other relay or server group"; type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface name"; } uses apply-advanced; leaf upto { junos:must "(!(".. .. interface $$"))"; junos:must-message "Range end point must not equal start"; type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface up to"; } leaf exclude { type empty; description "Exclude this interface range"; } leaf trace { junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify tracing with exclude"; type empty; description "Enable tracing for this interface"; } container overrides { junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify overrides with exclude"; description "DHCPv6 override processing"; uses dhcpv6-override-relay-type; } // container overrides container dynamic-profile { junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify dynamic-profile with exclude"; description "Dynamic profile to use"; uses dynamic-profile-type; } // container dynamic-profile leaf service-profile { type string { length "1 .. 128"; } description "Dynamic profile to use for default service activation"; } leaf access-profile { junos:must "("access profile $$")"; junos:must-message "Matching access profile must be defined"; junos:must "(!(".. exclude"))"; junos:must-message "Cannot specify overrides with exclude"; type string { length "1 .. 128"; } description "Access profile to use for AAA services"; } container short-cycle-protection { description "Short cycle lockout configuration"; leaf lockout-min-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } leaf lockout-max-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 86400"; } } description "Short cycle lockout time in seconds"; } } // container short-cycle-protection } // list interface container lease-time-validation { presence "enable lease-time-validation"; description "Configure lease time violation validation"; uses apply-advanced; leaf lease-time-threshold { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "60 .. 2147483647"; } } units "seconds"; description "Threshold for lease time violation in seconds"; } container violation-action { description "Lease time validation violation action"; leaf drop { type empty; description "Drop dhcpv6 advertise and reply packets"; } } // container violation-action } // container lease-time-validation container remote-id-mismatch { presence "enable remote-id-mismatch"; description "DHCP client remote-id mismatch"; uses dhcp-remote-id-mismatch-type; } // container remote-id-mismatch container server-match { description "Server match processing"; uses apply-advanced; container default-action { description "Server match default action"; uses server-match-action-choice; } // container default-action container duid { description "Match duid processing"; uses apply-advanced; container equals { description "Duid equals"; uses server-match-v6-ascii-hex; } // container equals container starts-with { description "Duid starts with"; uses server-match-v6-ascii-hex; } // container starts-with } // container duid list address { key "name"; ordered-by user; description "Server ipv6 address"; leaf name { type jt:ipv6prefix; description "Server ipv6 address for matching"; } uses apply-advanced; choice server-match-action-choice { leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } leaf create-relay-entry { type empty; description "Create relay entry and allow subscriber services"; } } // choice server-match-action-choice } // list address } // container server-match } // grouping dhcpv6-relay-group grouping dhcpv6-gp-active-sg-type { uses apply-advanced; leaf active-server-group { junos:must "(".. .. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay dhcpv6 server-group]"; type string { length "1 .. 64"; } description "Name of DHCPv6 server group"; } } // grouping dhcpv6-gp-active-sg-type grouping dhcpv6-route-suppression-type { description "Suppress access-internal and/or access route addition"; leaf access { type empty; description "Suppress access route addition"; } leaf access-internal { type empty; description "Suppress access-internal route addition"; } } // grouping dhcpv6-route-suppression-type grouping dual-stack-authentication-type { description "DHCP dual stack authentication"; uses apply-advanced; leaf password { type string { length "1 .. 64"; } description "Username password to use"; } container username-include { description "Add username options"; uses apply-advanced; leaf delimiter { type string { length "1"; } description "Change delimiter/separator character"; } leaf domain-name { type string { length "1 .. 64"; } description "Add domain name"; } leaf user-prefix { type string { length "1 .. 64"; } description "Add user defined prefix"; } leaf mac-address { type empty; description "Include MAC address"; } container client-id { presence "enable client-id"; description "Include client ID"; leaf exclude-headers { type empty; description "Exclude all the headers"; } leaf use-automatic-ascii-hex-encoding { type empty; description "Use automatic ascii hex username encoding"; } } // container client-id leaf relay-agent-remote-id { type empty; description "Include the relay agent remote ID"; } leaf logical-system-name { type empty; description "Include logical system name"; } leaf routing-instance-name { type empty; description "Include routing instance name"; } leaf relay-agent-interface-id { type empty; description "Include the relay agent interface ID"; } leaf interface-name { type empty; description "Include interface name"; } leaf interface-description { type enumeration { enum "device" { value 0; description "Add the device interface description"; } enum "logical" { value 1; description "Add the logical interface description"; } } description "Include interface description"; } leaf circuit-type { type empty; description "Include circuit type"; } leaf vlan-tags { type empty; description "Include the vlan tag(s)"; } } // container username-include } // grouping dual-stack-authentication-type grouping dynamic-profile-type { description "Dynamic profile to use"; uses apply-advanced; leaf dynamic-profile { junos:must "("dynamic-profiles $$")"; junos:must-message "Dynamic profile must be defined"; type string { length "1 .. 80"; } description "Dynamic profile to use"; } choice dynamic-profile-type-choice { leaf use-primary { junos:must "("dynamic-profiles $$")"; junos:must-message "Dynamic profile must be defined"; type string { length "1 .. 80"; } description "Dynamic profile to use on the primary interface"; } container aggregate-clients { presence "enable aggregate-clients"; description "Aggregate client profiles"; uses apply-advanced; choice aggregate-type { leaf merge { type empty; description "Merge the client dynamic profiles"; } leaf replace { type empty; description "Replace client dynamic profiles"; } } // choice aggregate-type } // container aggregate-clients } // choice dynamic-profile-type-choice } // grouping dynamic-profile-type grouping forward-only-to-rc-type { description "Forward DHCP packets without creating binding"; uses apply-advanced; leaf logical-system { type string; default "current"; } leaf routing-instance { type string; default "current"; } } // grouping forward-only-to-rc-type grouping jdhcp-dual-stack-protocol-mstr-type { description "Select family as protocol master"; choice addr-fam { leaf inet { type empty; description "INET family has protocol master behavior"; } leaf inet6 { type empty; description "INET6 family has protocol master behavior"; } } // choice addr-fam } // grouping jdhcp-dual-stack-protocol-mstr-type grouping jdhcp-duplicate-clients-in-subnet-type { description "Allow duplicate clients in a subnet"; choice distinguish-with { leaf incoming-interface { type empty; description "Allow duplicate clients on different interfaces in a subnet"; } leaf option-82 { type empty; description "Allow duplicate clients using different option-82 options in a subnet"; } } // choice distinguish-with } // grouping jdhcp-duplicate-clients-in-subnet-type grouping jdhcp-interface-traceoptions-type { description "Interface trace options for DHCP"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "Interface trace categories"; leaf name { type enumeration { enum "state" { value 0; description "State-transition operations"; } enum "packet" { value 1; description "Packet-decoding operations"; } enum "flow" { value 2; description "Flow-decoding operations"; } enum "packet-option" { value 3; description "DHCP option-decoding operations"; } enum "dhcpv6-state" { value 4; description "State-transition operations for dhcpv6"; } enum "dhcpv6-packet" { value 5; description "Packet-decoding operations for dhcpv6"; } enum "dhcpv6-packet-option" { value 6; description "DHCP option-decoding operations for dhcpv6"; } enum "all" { value 7; description "All operations"; } } } } // list flag } // grouping jdhcp-interface-traceoptions-type grouping jdhcp-security-type { description "DHCP access security configuration"; uses apply-advanced; leaf no-dhcp-snooping { junos:must "(!("switch-options no-arp-trap "))"; junos:must-message "Cannot enable ARP inspection with no-arp-trap"; type empty; description "Disable dhcp snooping"; } leaf arp-inspection { type empty; description "Enable dynamic ARP inspection"; } leaf ip-source-guard { junos:must "(!(any ".. group <*> overrides untrusted"))"; junos:must-message "Ip-source-guard and dhcp-security overrides untrusted cannot be configured together"; type empty; description "Enable IP source guard"; } leaf no-dhcpv6-snooping { type empty; description "Disable DHCPv6 snooping"; } leaf neighbor-discovery-inspection { type empty; description "Enable neighbor discovery inspection"; } leaf ipv6-source-guard { junos:must "(!(any ".. group <*> overrides untrusted"))"; junos:must-message "Ipv6-source-guard and dhcp-security overrides untrusted cannot be configured together"; type empty; description "Enable IPv6 source guard"; } leaf light-weight-dhcpv6-relay { type empty; description "Enable light weight dhcpv6 relay"; } list group { key "name"; ordered-by user; description "Define a DHCP security group for overriding defaults"; uses ds-group; } // list group container option-82 { presence "enable option-82"; description "DHCP option-82 processing for snooped packets"; uses security-option-82-type; } // container option-82 container dhcpv6-options { presence "enable dhcpv6-options"; description "DHCPv6 option processing for snooped packets"; uses security-dhcpv6-options-type; } // container dhcpv6-options } // grouping jdhcp-security-type grouping ds-group { description "DHCP security groups"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; length "1 .. 64"; } description "Group name"; } uses apply-advanced; container overrides { presence "enable overrides"; description "DHCP override processing"; uses ds-override-type; } // container overrides list interface { key "name"; description "One or more interfaces"; leaf name { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface name"; } uses apply-advanced; list static-ip { key "name"; ordered-by user; description "Static IP address configuration"; uses ip-mac-static; } // list static-ip list static-ipv6 { key "name"; ordered-by user; description "Static IPv6 address configuration"; uses ipv6-mac-static; } // list static-ipv6 } // list interface } // grouping ds-group grouping ds-override-type { description "Dynamic ARP Inspection override processing"; uses apply-advanced; leaf trusted { junos:must "(!(".. untrusted"))"; junos:must-message "Trusted and untrusted cannot be configured together"; type empty; description "Make this trusted group of interfaces"; } leaf untrusted { junos:must "(!(".. trusted"))"; junos:must-message "Trusted and untrusted cannot be configured together"; type empty; description "Make this untrusted group of interfaces"; } leaf no-option82 { type empty; description "Make this group of interfaces not to add option82"; } leaf no-option37 { type empty; description "Make this group of interfaces not to add option37"; } leaf no-option18 { type empty; description "Make this group of interfaces not to add option18"; } leaf no-option16 { type empty; description "Make this group of interfaces not to add option16"; } leaf no-option79 { type empty; description "Make this group of interfaces not to add option79"; } leaf no-dhcpv6-options { type empty; description "Make this group of interfaces not to add any DHCPv6 options"; } } // grouping ds-override-type grouping ip-mac-static { leaf name { type jt:ipaddr; description "IP address"; } leaf mac { type jt:mac-addr; description "MAC address"; } } // grouping ip-mac-static grouping ipv6-mac-static { leaf name { type jt:ipv6addr; description "IP address"; } leaf mac { type jt:mac-addr; description "MAC address"; } } // grouping ipv6-mac-static grouping jdhcp-traceoptions-type { description "Trace options for DHCP"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file list flag { key "name"; ordered-by user; description "DHCP operations to include in debugging trace"; leaf name { type enumeration { enum "state" { value 0; description "State-transition operations"; } enum "packet" { value 1; description "Packet-decoding operations"; } enum "flow" { value 2; description "Flow-decoding operations"; } enum "packet-option" { value 3; description "DHCP option-decoding operations"; } enum "dhcpv6-state" { value 4; description "State-transition operations for dhcpv6"; } enum "dhcpv6-packet" { value 5; description "Packet-decoding operations for dhcpv6"; } enum "dhcpv6-packet-option" { value 6; description "DHCP option-decoding operations for dhcpv6"; } enum "all" { value 7; description "All operations"; } enum "database" { value 8; description "Database operations"; } enum "persistent" { value 9; description "Persitent file operations"; } enum "lockout-db" { value 10; description "Lockout database operations"; } enum "interface" { value 11; description "Interface operations"; } enum "rtsock" { value 12; description "Routing socket operations"; } enum "flow-notify" { value 13; description "Flow notification operations"; } enum "io" { value 14; description "I/O operations"; } enum "ha" { value 15; description "High Availability-related operations"; } enum "ui" { value 16; description "User Interface operations"; } enum "general" { value 17; description "Miscellaneous operations"; } enum "fwd" { value 18; description "Firewall process operations"; } enum "rpd" { value 19; description "Routing Protocol process operations"; } enum "auth" { value 20; description "Authentication operations"; } enum "profile" { value 21; description "Profile operations"; } enum "session-db" { value 22; description "Session database operations"; } enum "performance" { value 23; description "Performance measurement operations"; } enum "statistics" { value 24; description "Baseline statistics operations"; } enum "dhcpv6-io" { value 25; description "I/O operations for dhcpv6"; } enum "dhcpv6-rpd" { value 26; description "Routing Protocol process operations for dhcpv6"; } enum "dhcpv6-session-db" { value 27; description "Session database operations for dhcpv6"; } enum "dhcpv6-general" { value 28; description "Miscellaneous operations for dhcpv6"; } enum "liveness-detection" { value 29; description "Liveness detection operations"; } enum "security-persistence" { value 30; description "Liveness detection operations"; } enum "mclag" { value 31; description "Multichassis LAG"; } enum "ra-guard" { value 32; description "DHCP RA guard option for dhcpv6"; } } } } // list flag } // grouping jdhcp-traceoptions-type grouping jdhcp-vendor-specific-type { description "Add vendor-specific option processing"; uses apply-advanced; leaf host-name { type empty; description "Add router host name"; } leaf location { type empty; description "Add location information expressed as interface name format"; } } // grouping jdhcp-vendor-specific-type grouping juniper-multicast-snooping-options { uses apply-advanced; container options { description "Miscellaneous options"; uses apply-advanced; container syslog { description "Set system logging level"; uses apply-advanced; container level { description "Logging level"; leaf emergency { type empty; description "Emergency level"; } leaf alert { type empty; description "Alert level"; } leaf critical { type empty; description "Critical level"; } leaf error { type empty; description "Error level"; } leaf warning { type empty; description "Warning level"; } leaf notice { type empty; description "Notice level"; } leaf info { type empty; description "Informational level"; } leaf debug { type empty; description "Debugging level"; } } // container level leaf upto { type enumeration { enum "emergency" { value 0; description "Emergency level"; } enum "alert" { value 1; description "Alert level"; } enum "critical" { value 2; description "Critical level"; } enum "error" { value 3; description "Error level"; } enum "warning" { value 4; description "Warning level"; } enum "notice" { value 5; description "Notice level"; } enum "info" { value 6; description "Informational level"; } enum "debug" { value 7; description "Debugging level"; } } description "Log up to a particular logging level"; } leaf mark { type union { type int32; type string { pattern "<.*>|$.*"; } } units "seconds"; description "Periodically mark the trace file"; } } // container syslog } // container options container traceoptions { description "Multicast snooping trace options"; uses apply-advanced; container file { description "Trace file options"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf replace { type empty; status deprecated; description "Replace trace file rather than appending to it"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "10"; description "Maximum number of trace files"; } leaf no-stamp { type empty; status deprecated; description "Do not timestamp trace file"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice } // container file list flag { key "name"; ordered-by user; description "Tracing parameters"; leaf name { type enumeration { enum "parse" { value 0; description "Trace configuration parsing"; } enum "config-internal" { value 1; description "Trace configuration internals"; } enum "route" { value 2; description "Trace routing information"; } enum "normal" { value 3; description "Trace normal events"; } enum "general" { value 4; description "Trace general events"; } enum "state" { value 5; description "Trace state transitions"; } enum "policy" { value 6; description "Trace policy processing"; } enum "task" { value 7; description "Trace routing protocol task processing"; } enum "timer" { value 8; description "Trace routing protocol timer processing"; } enum "all" { value 9; description "Trace everything"; } } } leaf disable { type empty; description "Disable this trace flag"; } } // list flag } // container traceoptions container forwarding-cache { description "Multicast forwarding cache"; uses apply-advanced; container threshold { description "Threshold"; uses apply-advanced; leaf suppress { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 200000"; } } description "Suppress threshold"; } leaf reuse { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 200000"; } } description "Reuse threshold"; } } // container threshold } // container forwarding-cache leaf-list flood-groups { type jt:ipaddr; ordered-by user; description "Groups for which the traffic will be flooded"; } container host-outbound-traffic { description "Host generated protocol packets"; uses apply-advanced; leaf forwarding-class { type string { junos:posix-pattern "^.{1,64}$"; junos:pattern-message "Must be string of 64 characters or less"; } description "Forwarding class name"; } leaf dot1p { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 7"; } } description "Dot1p bits"; } } // container host-outbound-traffic container graceful-restart { description "Configure graceful restart attributes"; uses apply-advanced; choice enable-disable { leaf disable { type empty; description "Disable graceful restart"; } } // choice enable-disable leaf restart-duration { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 300"; } } units "seconds"; default "180"; description "Maximum time for graceful restart to finish"; } } // container graceful-restart leaf ignore-stp-topology-change { type empty; description "Don't process stp topology change"; } container multichassis-lag-replicate-state { presence "enable multichassis-lag-replicate-state"; description "Enable multichassis lag replication"; uses apply-advanced; leaf suppress-report { type empty; description "Enable mclag report suppression"; } } // container multichassis-lag-replicate-state container oism { description "Optimized inter subnet multicast options"; uses apply-advanced; leaf install-star-g-routes { type empty; description "Install (*,G) multicast routes in data plane"; } } // container oism leaf nexthop-hold-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 1000"; } } units "milliseconds"; description "Nexthop hold time in milliseconds"; } } // grouping juniper-multicast-snooping-options grouping juniper-protocols-vlan { description "VLANs switch-options configuration"; uses apply-advanced; container mac-table-size { junos:must "(!((".. .. .. protocols vpls" && ".. .. .. instance-type virtual-switch")))"; junos:must-message "mac-table-size needs to be specified under switch-options for a virtual-switch instance"; junos:must "(!(".. .. .. .. vlans ${vlan} private-vlan"))"; junos:must-message "Switch-options configuration is not allowed on secondary VLANs"; description "Size of MAC address forwarding table"; uses apply-advanced; leaf limit { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum number of MAC addresses"; } leaf packet-action { type enumeration { enum "none" { value 0; description "Forward the packet"; } enum "drop" { value 1; description "Drop packets and do not learn. Default is forward"; } } description "Action when MAC limit is reached"; } } // container mac-table-size container mac-ip-table-size { junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. .. instance-type virtual-switch")))"; junos:must-message "mac-ip-table-size needs to be specified under switch-options for a virtual-switch instance"; description "Size of MAC+IP bindings table"; uses apply-advanced; leaf limit { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum number of MAC+IP bindings"; } } // container mac-ip-table-size container interface-mac-limit { junos:must "(!((".. .. .. protocols vpls" && ".. .. .. instance-type virtual-switch")))"; junos:must-message "interface-mac-limit needs to be specified under switch-options for a virtual-switch instance"; junos:must "(!(".. .. .. .. vlans ${vlan} private-vlan"))"; junos:must-message "Switch-options configuration is not allowed on secondary VLANs"; description "Maximum MAC address learned per interface"; uses apply-advanced; leaf limit { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum number of MAC addresses per interface"; } leaf packet-action { type enumeration { enum "none" { value 0; description "Forward the packet"; } enum "drop" { value 1; description "Drop packets and do not learn. Default is forward"; } enum "log" { value 2; description "Do not drop the packet but generate an alarm, an SNMP trap or a system log entry"; } enum "shutdown" { value 3; description "Disable the interface and generate an alarm, an SNMP trap or a system log entry"; } enum "drop-and-log" { value 4; description "Drop the packet and generate an alarm, an SNMP trap or a system log entry"; } } description "Action when MAC limit is reached"; } } // container interface-mac-limit container interface-mac-ip-limit { description "Maximum number of MAC+IP bindings learned on the interface"; uses apply-advanced; leaf limit { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum number of MAC+IP bindings per interface"; } } // container interface-mac-ip-limit container mac-move-limit { junos:must "(!(".. .. .. .. vlans ${vlan} private-vlan"))"; junos:must-message "Switch-options configuration is not allowed on secondary VLANs"; presence "enable mac-move-limit"; description "Number of MAC movements allowed on this VLAN"; uses apply-advanced; leaf limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 4294967295"; } } description "Number of MAC movements allowed on this VLAN"; } leaf packet-action { type enumeration { enum "none" { value 0; description "Take no action"; } enum "drop" { value 1; description "Drop the packet and do not generate an alarm"; } enum "log" { value 2; description "Do not drop the packet but generate an alarm, an SNMP trap, or a system log entry."; } enum "shutdown" { value 3; description "Disable the interface and generate an alarm, an SNMP trap, or a system log entry."; } enum "drop-and-log" { value 4; description "Drop the packet and generate an alarm, an SNMP trap, or a system log entry."; } enum "vlan-member-shutdown" { value 5; description "Disable the interface of this VLAN"; } } default "drop"; description "Action to be taken in case the MAC movement limit is exceeded"; } list interface { key "name"; ordered-by user; description "Interface that connect this site to the VPN"; leaf name { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface name"; } uses apply-advanced; leaf action-priority { junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))"; junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs"; type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 7"; } } description "Blocking priority of this interface on mac move detection"; } } // list interface } // container mac-move-limit leaf mac-table-aging-time { type union { type string { pattern "<.*>|$.*"; } type uint32; } units "seconds"; description "Delay for discarding MAC address if no updates are received"; } leaf no-mac-learning { junos:must "(!((".. .. .. protocols vpls" && ".. .. .. instance-type virtual-switch")))"; junos:must-message "no-mac-learning needs to be specified under switch-options for a virtual-switch instance"; junos:must "(!(".. .. .. .. vlans ${vlan} private-vlan"))"; junos:must-message "Switch-options configuration is not allowed on secondary VLANs"; type empty; description "Disable dynamic MAC address learning"; } leaf no-normalization { type empty; description "Disable vlan id normalization for interfaces"; } leaf mac-statistics { junos:must "(!((".. .. .. protocols vpls" && ".. .. .. instance-type virtual-switch")))"; junos:must-message "mac-statistics needs to be specified under switch-options for a virtual-switch instance"; junos:must "(!(".. .. .. .. vlans ${vlan} private-vlan"))"; junos:must-message "Switch-options configuration is not allowed on secondary VLANs"; type empty; description "Enable MAC address statistics"; } container static-rvtep-mac { description "Configure Static MAC and remote VxLAN tunnel endpoint entries"; uses apply-advanced; list mac { key "mac_addr remote-vtep"; description "Unicast MAC address"; leaf mac_addr { type jt:mac-unicast; } leaf remote-vtep { type jt:ipaddr; description "Configure static remote VXLAN tunnel endpoints"; } } // list mac } // container static-rvtep-mac list interface { junos:must "(!((".. .. .. protocols vpls" && ".. .. .. instance-type virtual-switch")))"; junos:must-message "interface needs to be specified under switch-options for a virtual-switch instance"; key "name"; ordered-by user; description "Interface that connect this site to the VPN"; leaf name { junos:must "(((".. .. .. interface $$" || (".. .. .. .. .. interface $$" || "interfaces $$-IFL family ethernet-switching vlan")) || "interfaces $$-IFL family ethernet-switching"))"; junos:must-message "Interface must be part of this routing instance"; junos:must "((".. .. .. interface $$" || (".. .. .. .. .. interface $$" || (".. .. .. .. interface $$" || "interfaces $$-IFL family ethernet-switching"))))"; junos:must-message "Interface must be part of this routing instance"; type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface name"; } uses apply-advanced; container interface-mac-limit { junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))"; junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs"; description "Maximum number of MAC addresses learned on the interface"; uses apply-advanced; leaf limit { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum number of MAC addresses per interface"; } leaf disable { type empty; description "Disable interface for interface-mac-limit"; } leaf packet-action { type enumeration { enum "none" { value 0; description "Forward the packet"; } enum "drop" { value 1; description "Drop packets and do not learn. Default is forward"; } enum "log" { value 2; description "Do not drop the packet but generate an alarm, an SNMP trap or a system log entry"; } enum "shutdown" { value 3; description "Disable the interface and generate an alarm, an SNMP trap or a system log entry"; } enum "drop-and-log" { value 4; description "Drop the packet and generate an alarm, an SNMP trap or a system log entry"; } } description "Action when MAC limit is reached"; } } // container interface-mac-limit leaf action-priority { junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))"; junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs"; type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 8"; } } description "Blocking priority of this interface on mac move detection"; } list static-mac { junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))"; junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs"; key "name"; ordered-by user; description "Static MAC addresses assigned to this interface"; leaf name { junos:must "((!(".. .. .. .. vlan-id all") || all ".. vlan-id <*>"))"; junos:must-message " Specify vlan-id for qualified learning "; type jt:mac-addr; description "MAC address"; } uses apply-advanced; list vlan-id { junos:must "(".. .. .. .. vlan-id all")"; junos:must-message "'vlan-id all' has to be configured for the bridging domain"; key "name"; ordered-by user; description "VLAN ID of learning VLAN"; leaf name { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "0 .. 4094"; } } description "Learning VLAN"; } uses apply-advanced; } // list vlan-id } // list static-mac container interface-mac-ip-limit { description "Maximum number of MAC+IP bindings learned on the interface"; uses apply-advanced; leaf limit { type union { type string { pattern "<.*>|$.*"; } type uint32; } description "Maximum number of MAC+IP bindings per interface"; } } // container interface-mac-ip-limit leaf no-mac-learning { junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))"; junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs"; type empty; description "Disable dynamic MAC address learning"; } leaf mac-pinning { type empty; description "Enable MAC pinning"; } leaf persistent-learning { junos:must "(!("switch-options mac-table-aging-time "))"; junos:must-message "Persistent learning can not co-exist with mac-table-aging-time"; type empty; description "Enable persistent MAC learning on this interface"; } } // list interface container traceoptions { description "Trace options for this bridge domain"; uses apply-advanced; leaf no-remote-trace { junos:must "("system tracing")"; junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured"; type empty; description "Disable remote tracing"; } container file { description "Trace file information"; leaf filename { type string { junos:posix-pattern "![/ %]"; junos:pattern-message "Must not contain '/', % or a space"; length "1 .. 1024"; } description "Name of file in which to write trace information"; } leaf size { type string; description "Maximum trace file size"; } leaf files { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "2 .. 1000"; } } default "3"; description "Maximum number of trace files"; } choice world-readable-choice { leaf world-readable { type empty; description "Allow any user to read the log file"; } leaf no-world-readable { type empty; description "Don't allow any user to read the log file"; } } // choice world-readable-choice leaf match { type jt:regular-expression; description "Regular expression for lines to be logged"; } } // container file leaf level { type enumeration { enum "error" { value 0; description "Match error conditions"; } enum "warning" { value 1; description "Match warning messages"; } enum "notice" { value 2; description "Match conditions that should be handled specially"; } enum "info" { value 3; description "Match informational messages"; } enum "verbose" { value 4; description "Match verbose messages"; } enum "all" { value 5; description "Match all levels"; } } default "error"; description "Level of debugging output"; } list flag { key "name"; ordered-by user; description "Type of operation or event to include in trace"; leaf name { type enumeration { enum "configuration" { value 0; description "Configuration operations"; } enum "routing-socket" { value 1; description "Routing socket operations"; } enum "interface-device" { value 2; description "Interface device operations"; } enum "interface-logical" { value 3; description "Logical interface operations"; } enum "interface-family" { value 4; description "Interface family operations"; } enum "learning-domain" { value 5; description "Learning domain operations"; } enum "ipc" { value 6; description "Inter-process communications operations"; } enum "mac-learning" { value 7; description "MAC address learning operations"; } enum "initialization" { value 8; description "Initialization operations"; } enum "flood-next-hop" { value 9; description "Flood next hop operations"; } enum "storm-control" { value 10; description "Storm-control"; } enum "unknown-unicast-forwarding" { value 11; description "Trace unknown unicast forwarding events"; } enum "all" { value 12; description "All operations"; } } } } // list flag } // container traceoptions } // grouping juniper-protocols-vlan grouping override-type { description "DHCP override processing"; uses apply-advanced; leaf no-unicast-replies { junos:must "(!(".. layer2-unicast-replies"))"; junos:must-message "no-unicast-replies cannot be configured with layer2-unicast-replies"; type empty; description "Overwrite unicast bit in incoming packet, when present"; } choice allow-snooped-clients-choice { leaf allow-snooped-clients { type empty; description "Allow client creation from snooped PDUs"; } leaf no-allow-snooped-clients { type empty; description "Don't allow client creation from snooped PDUs"; } } // choice allow-snooped-clients-choice leaf allow-no-end-option { type empty; description "Allow packets without end-of-option"; } leaf always-write-giaddr { type empty; description "Overwrite existing 'giaddr' field, when present"; } container always-write-option-82 { presence "enable always-write-option-82"; description "Overwrite existing value of option 82, when present"; uses write-option-82-type; } // container always-write-option-82 leaf user-defined-option-82 { type string { length "1 .. 252"; } description "Set user defined description for option-82"; } leaf layer2-unicast-replies { junos:must "(!(".. no-unicast-replies"))"; junos:must-message "layer2-unicast-replies cannot be configured with no-unicast-replies"; type empty; description "Do not broadcast client responses"; } leaf trust-option-82 { type empty; description "Trust options-82 option"; } leaf delay-authentication { type empty; description "Delay subscriber authentication in DHCP protocol processing until request packet"; } leaf disable-relay { type empty; description "Disable DHCP relay processing"; } leaf no-bind-on-request { type empty; description "Do not bind if stray DHCP request is received"; } leaf interface-client-limit { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 500000"; } } description "Limit the number of client allowed on an interface"; } leaf no-arp { junos:must "((!(".. route-suppression destination") && !(".. route-suppression access-internal")))"; junos:must-message "Cannot specify route-suppression with overrides no-arp"; type empty; status deprecated; description "Disable DHCP ARP table population"; } leaf bootp-support { type empty; description "Allows relay of bootp req and reply"; } leaf dual-stack { type string { length "1 .. 64"; } description "Dual stack group to use."; } container client-discover-match { presence "enable client-discover-match"; description "Use secondary match criteria for DISCOVER PDU"; choice match-with { leaf option60-and-option82 { type empty; description "Use option 60 and option 82"; } leaf incoming-interface { type empty; description "Use incoming interface"; } } // choice match-with } // container client-discover-match container proxy-mode { presence "enable proxy-mode"; description "Put the relay in proxy mode"; } // container proxy-mode leaf asymmetric-lease-time { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "600 .. 86400"; } } units "seconds"; description "Use a reduced lease time for the client. In seconds"; } container replace-ip-source-with { description "Replace IP source address in request and release packets"; choice replacement-type { leaf giaddr { type empty; description "Replace IP source address with giaddr"; } } // choice replacement-type } // container replace-ip-source-with leaf send-release-on-delete { type empty; description "Always send RELEASE to the server when a binding is deleted"; } leaf apply-secondary-as-giaddr { type empty; description "Enable DHCP relay to use secondary gateway ip for relay interfaces"; } leaf relay-source { type union { type jt:interface-name; type string { pattern "<.*>|$.*"; } } description "Interface for relay source"; } leaf delete-binding-on-renegotiation { type empty; description "Delete binding on rengotiation"; } } // grouping override-type grouping relay-active-leasequery-v4-type { description "Configure active leasequery"; uses apply-advanced; leaf topology-discover { junos:must "(".. peer-address")"; junos:must-message "Must configure [peer-address] to configure topology-discover"; type empty; description "Topology discovery"; } list peer-address { key "name"; ordered-by user; description "Server ip address"; leaf name { type jt:ipaddr; description "Peer ip address"; } uses apply-advanced; } // list peer-address leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "10 .. 3600"; } } units "seconds"; default "120"; description "Read/write timeout in seconds"; } leaf idle-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "10 .. 3600"; } } units "seconds"; default "60"; description "Idle timeout in seconds"; } } // grouping relay-active-leasequery-v4-type grouping relay-active-leasequery-v6-type { description "Configure active leasequery"; uses apply-advanced; leaf topology-discover { junos:must "(".. peer-address")"; junos:must-message "Must configure [peer-address] to configure topology-discover"; type empty; description "Topology discovery"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "10 .. 3600"; } } units "seconds"; default "120"; description "Read/write timeout in seconds"; } leaf idle-timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "10 .. 3600"; } } units "seconds"; default "60"; description "Idle timeout in seconds"; } list peer-address { key "name"; ordered-by user; description "Peer ipv6 address"; leaf name { type jt:ipv6addr; description "Peer ipv6 address"; } uses apply-advanced; } // list peer-address } // grouping relay-active-leasequery-v6-type grouping relay-bulk-leasequery-v4-type { junos:must "(".. overrides always-write-option-82")"; junos:must-message "Must configure [overrides always-write-option-82] to overwrite circuit-id for bulk-leasequery"; junos:must "((".. relay-option-82 circuit-id" && !((".. relay-option-82 circuit-id use-interface-description" || ".. relay-option-82 circuit-id require-interface-description"))))"; junos:must-message "Must configure [relay-option-82 circuit-id] without description to insert circuit-id for bulk-leasequery"; description "Configure bulk leasequery"; uses apply-advanced; leaf attempts { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 720"; } } default "360"; description "Number of retry attempts"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 10"; } } units "seconds"; default "10"; description "Number of seconds"; } } // grouping relay-bulk-leasequery-v4-type grouping relay-bulk-leasequery-v6-type { junos:must "(".. relay-agent-interface-id")"; junos:must-message "Must configure [relay-agent-interface-id] to insert interface-id for bulk-leasequery"; description "Configure bulk leasequery"; uses apply-advanced; leaf attempts { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 10"; } } default "6"; description "Number of retry attempts"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 10"; } } units "seconds"; default "10"; description "Number of seconds"; } container trigger { description "Trigger for bulk leasequery"; leaf automatic { type empty; description "Trigger automatically"; } } // container trigger } // grouping relay-bulk-leasequery-v6-type grouping relay-leasequery-type { description "Configure leasequery"; uses apply-advanced; leaf attempts { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 10"; } } default "6"; description "Number of retry attempts"; } leaf timeout { type union { type string { pattern "<.*>|$.*"; } type uint32 { range "1 .. 10"; } } units "seconds"; default "10"; description "Number of seconds"; } } // grouping relay-leasequery-type grouping relay-option-60-type-group { description "DHCP option-60 processing"; uses apply-advanced; container vendor-option { description "Add vendor option"; uses apply-advanced; container equals { description "Option 60 equals"; uses relay-option-60-match-group; } // container equals container not-equals { status deprecated; description "Option 60 does not equal"; uses relay-option-60-match-group; } // container not-equals container starts-with { description "Option 60 starts with"; uses relay-option-60-match-group; } // container starts-with choice server-group-choice { leaf default-relay-server-group { junos:must "(".. .. .. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is not made"; } leaf default-local-server-group { junos:must "(".. .. .. .. .. .. system services dhcp-local-server group $$")"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is not made"; } leaf drop { type empty; description "Discard when a match is not made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is not made"; } } // choice server-group-choice } // container vendor-option } // grouping relay-option-60-type-group grouping relay-option-60-match-group { uses apply-advanced; list ascii { key "name"; description "ASCII string"; leaf name { type string { length "1 .. 256"; } description "ASCII string"; } uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "(".. .. .. .. .. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit forwarding options dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf local-server-group { junos:must "(".. .. .. .. .. .. .. .. system services dhcp-local-server group $$")"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // list ascii list hexadecimal { key "name"; description "Hexadecimal string"; leaf name { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "1 .. 512"; } description "Hexadecimal string"; } uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "(".. .. .. .. .. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf local-server-group { junos:must "(".. .. .. .. .. .. .. .. system services dhcp-local-server group $$")"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // list hexadecimal } // grouping relay-option-60-match-group grouping relay-option-60-type-top { description "DHCP option-60 processing"; uses apply-advanced; container vendor-option { description "Add vendor option"; uses apply-advanced; container equals { description "Option 60 equals"; uses relay-option-60-match-top; } // container equals container not-equals { status deprecated; description "Option 60 does not equal"; uses relay-option-60-match-top; } // container not-equals container starts-with { description "Option 60 starts with"; uses relay-option-60-match-top; } // container starts-with choice server-group-choice { leaf default-relay-server-group { junos:must "(".. .. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is not made"; } leaf default-local-server-group { junos:must "(".. .. .. .. .. system services dhcp-local-server group $$")"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is not made"; } leaf drop { type empty; description "Discard when a match is not made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is not made"; } } // choice server-group-choice } // container vendor-option } // grouping relay-option-60-type-top grouping relay-option-60-match-top { uses apply-advanced; list ascii { key "name"; description "ASCII string"; leaf name { type string { length "1 .. 256"; } description "ASCII string"; } uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "(".. .. .. .. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit forwarding options dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf local-server-group { junos:must "(".. .. .. .. .. .. .. system services dhcp-local-server group $$")"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // list ascii list hexadecimal { key "name"; description "Hexadecimal string"; leaf name { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "1 .. 512"; } description "Hexadecimal string"; } uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "(".. .. .. .. .. server-group $$")"; junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf local-server-group { junos:must "(".. .. .. .. .. .. .. system services dhcp-local-server group $$")"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // list hexadecimal } // grouping relay-option-60-match-top grouping relay-option-82-type { description "DHCP option-82 processing"; uses apply-advanced; container circuit-id { presence "enable circuit-id"; description "Add circuit identifier"; uses apply-advanced; container prefix { description "Add prefix to circuit/interface-id or remote-id"; uses apply-advanced; leaf host-name { type empty; description "Add router host name to circuit / interface-id or remote-id"; } leaf logical-system-name { type empty; description "Add logical system name to circuit / interface-id or remote-id"; } leaf routing-instance-name { type empty; description "Add routing instance name to circuit / interface-id or remote-id"; } } // container prefix leaf use-interface-description { junos:must "(!(".. require-interface-description"))"; junos:must-message "use-interface-description may not be set with require-interface-desciption"; type enumeration { enum "logical" { value 0; description "Use the logical interface description"; } enum "device" { value 1; description "Use the device interface description"; } } description "Use interface description instead of circuit identifier"; } leaf use-vlan-id { junos:must "((!(".. no-vlan-interface-name") && (!(".. use-interface-description") && !(".. require-interface-description"))))"; junos:must-message "Vlan-tag cannot be added as no-vlan-interface-name or interface-description is configured"; type empty; description "Use VLAN id instead of name"; } container vlan-id-only { junos:must "(!((".. include-irb-and-l2" || (".. keep-incoming-circuit-id" || (".. user-defined" || (".. no-vlan-interface-name" || (".. use-interface-description" || (".. use-vlan-id" || (".. prefix" || ".. require-interface-description")))))))))"; junos:must-message "Vlan-id-only cannot be clubbed along with any other option-82 knob"; presence "enable vlan-id-only"; description "Use only VLAN id"; uses apply-advanced; } // container vlan-id-only leaf no-vlan-interface-name { type empty; description "Not include vlan or interface name"; } leaf include-irb-and-l2 { type empty; description "Include IRB and L2 interface name"; } leaf user-defined { junos:must "(!((".. include-irb-and-l2" || (".. keep-incoming-circuit-id" || (".. no-vlan-interface-name" || (".. use-interface-description" || (".. use-vlan-id" || (".. prefix" || ".. require-interface-description"))))))))"; junos:must-message "The user defined description for option 82 must be defined in order to see the usage and doesnt coexist with prefix"; type empty; description "Include user defined string"; } leaf keep-incoming-circuit-id { type empty; description "Keep incoming circuit identifier"; } } // container circuit-id container remote-id { presence "enable remote-id"; description "Add remote identifier"; uses apply-advanced; container prefix { description "Add prefix to circuit/interface-id or remote-id"; uses apply-advanced; leaf host-name { type empty; description "Add router host name to circuit / interface-id or remote-id"; } leaf logical-system-name { type empty; description "Add logical system name to circuit / interface-id or remote-id"; } leaf routing-instance-name { type empty; description "Add routing instance name to circuit / interface-id or remote-id"; } } // container prefix leaf use-interface-description { junos:must "(!(".. require-interface-description"))"; junos:must-message "use-interface-description may not be set with require-interface-desciption"; type enumeration { enum "logical" { value 0; description "Use the logical interface description"; } enum "device" { value 1; description "Use the device interface description"; } } description "Use interface description instead of circuit identifier"; } leaf use-vlan-id { junos:must "((!(".. no-vlan-interface-name") && (!(".. use-interface-description") && !(".. require-interface-description"))))"; junos:must-message "Vlan-tag cannot be added as no-vlan-interface-name or interface-description is configured"; type empty; description "Use VLAN id instead of name"; } leaf no-vlan-interface-name { type empty; description "Not include vlan or interface name"; } leaf include-irb-and-l2 { type empty; description "Include IRB and L2 interface name"; } container hostname-only { junos:must "(!((".. include-irb-and-l2" || (".. keep-incoming-remote-id" || (".. no-vlan-interface-name" || (".. use-interface-description" || (".. use-vlan-id" || (".. prefix" || ".. use-string"))))))))"; junos:must-message "Hostname-only cannot be clubbed with any other sub-option"; presence "enable hostname-only"; description "Include hostname only"; uses apply-advanced; } // container hostname-only leaf keep-incoming-remote-id { type empty; description "Keep incoming remote identifier"; } leaf use-string { junos:must "(!((".. use-interface-description" || (".. require-interface-description" || (".. include-irb-and-l2" || (".. keep-incoming-circuit-id" || (".. no-vlan-interface-name" || ".. use-vlan-id")))))))"; junos:must-message "use-string can only coexist with prefix"; type string; description "Use raw string instead of the default remote id"; } } // container remote-id leaf server-id-override { junos:must "(!(".. link-selection"))"; junos:must-message "server-id-override cannot be configured with link-selection"; type empty; description "Add link-selection and server-id sub-options on packets to server"; } leaf link-selection { junos:must "(!(".. server-id-override"))"; junos:must-message "link-selection cannot be configured with server-id-override"; type empty; description "Add link-selection suboption on packets to server"; } leaf exclude-relay-agent-identifier { type empty; description "Exclude relay agent identifier from packets to server"; } container vendor-specific { description "Add vendor-specific information"; uses jdhcp-vendor-specific-type; } // container vendor-specific } // grouping relay-option-82-type grouping relay-v4-option-ascii-hex { uses apply-advanced; list ascii { key "name"; description "ASCII string"; leaf name { type string { length "1 .. 256"; } description "ASCII string"; } uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))"; junos:must-message "Referenced group must be defined under [edit forwarding dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf local-server-group { junos:must "((".. .. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. system services dhcp-local-server group $$" || ".. .. .. .. .. system services dhcp-local-server group $$"))))"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // list ascii list hexadecimal { key "name"; description "Hexadecimal string"; leaf name { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "1 .. 512"; } description "Hexadecimal string"; } uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))"; junos:must-message "Referenced group must be defined under [edit forwarding dhcp-relay server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf local-server-group { junos:must "((".. .. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. system services dhcp-local-server group $$" || ".. .. .. .. .. system services dhcp-local-server group $$"))))"; junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]"; type string { length "1 .. 64"; } description "Name of DHCP local server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // list hexadecimal } // grouping relay-v4-option-ascii-hex grouping relay-v6-option-ascii-hex { uses apply-advanced; list ascii { key "name"; description "ASCII string"; leaf name { type string { length "1 .. 256"; } description "ASCII string"; } uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))"; junos:must-message "Referenced group must be defined under [edit forwarding options dhcp-relay dhcpv6 server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // list ascii list hexadecimal { key "name"; description "Hexadecimal string"; leaf name { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "1 .. 512"; } description "Hexadecimal string"; } uses apply-advanced; choice server-group-choice { leaf relay-server-group { junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))"; junos:must-message "Referenced group must be defined under [edit forwarding options dhcp-relay dhcpv6 server-group]"; type string { length "1 .. 64"; } description "Name of DHCP relay server group when match is made"; } leaf drop { type empty; description "Discard when a match is made"; } leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } } // choice server-group-choice } // list hexadecimal } // grouping relay-v6-option-ascii-hex grouping security-dhcpv6-options-type { description "Configure DHCPv6 options"; uses apply-advanced; container option-37 { presence "enable option-37"; description "Configure DHCPv6 remote identifier option"; uses apply-advanced; container prefix { description "Configure DHCPv6 remote identifier prefix"; uses apply-advanced; leaf host-name { type empty; description "Prefix router host name to DHCPv6 remote identifier"; } leaf logical-system-name { type empty; description "Prefix logical system name to DHCPv6 remote identifier"; } leaf routing-instance-name { type empty; description "Prefix routing instance name to DHCPv6 remote identifier"; } leaf vlan-name { type empty; description "Prefix vlan name to DHCPv6 remote identifier"; } leaf vlan-id { type empty; description "Prefix vlan tag to DHCPv6 remote identifier"; } } // container prefix leaf use-interface-mac { type empty; description "Add incoming interface's MAC address to DHCPv6 remote identifier"; } leaf use-interface-index { type enumeration { enum "logical" { value 0; description "Use the logical interface index"; } enum "device" { value 1; description "Use the device interface index"; } } description "Add interface index to DHCPv6 remote identifier"; } leaf use-interface-name { type enumeration { enum "logical" { value 0; description "Use the logical interface name"; } enum "device" { value 1; description "Use the device interface name"; } } description "Add interface name to DHCPv6 remote identifier"; } leaf use-interface-description { type enumeration { enum "logical" { value 0; description "Use the logical interface description"; } enum "device" { value 1; description "Use the device interface description"; } } description "Add interface description to DHCPv6 remote identifier"; } leaf use-string { junos:must "(!(".. use-interface-description"))"; junos:must-message "use-string and use-interface-description cannot be configured together"; type string; description "Add custom string to DHCPv6 remote identifier"; } } // container option-37 container option-18 { presence "enable option-18"; description "Configure DHCPv6 interface identifier option"; uses apply-advanced; container prefix { description "Configure DHCPv6 interface identifier prefix"; uses apply-advanced; leaf host-name { type empty; description "Prefix router host name to DHCPv6 interface identifier"; } leaf logical-system-name { type empty; description "Prefix logical system name to DHCPv6 interface identifier"; } leaf routing-instance-name { type empty; description "Prefix routing instance name to DHCPv6 interface identifier"; } leaf vlan-name { type empty; description "Prefix vlan name to DHCPv6 interface identifier"; } leaf vlan-id { type empty; description "Prefix vlan tag to DHCPv6 interface identifier"; } } // container prefix leaf use-interface-mac { type empty; description "Add incoming interface's MAC address to DHCPv6 circuit identifier"; } leaf use-interface-index { type enumeration { enum "logical" { value 0; description "Use the logical interface index"; } enum "device" { value 1; description "Use the device interface index"; } } description "Add interface index to DHCPv6 interface identifier"; } leaf use-interface-name { type enumeration { enum "logical" { value 0; description "Use the logical interface name"; } enum "device" { value 1; description "Use the device interface name"; } } description "Add interface name to DHCPv6 remote identifier"; } leaf use-interface-description { type enumeration { enum "logical" { value 0; description "Use the logical interface description"; } enum "device" { value 1; description "Use the device interface description"; } } description "Add interface description to DHCPv6 interface identifier"; } leaf use-string { junos:must "(!(".. use-interface-description"))"; junos:must-message "use-string and use-interface-description cannot be configured together"; type string; description "Add custom string to DHCPv6 interface identifier"; } } // container option-18 container option-16 { presence "enable option-16"; description "Configure DHCPv6 vendor class identifier option. Overwrite if exists"; uses apply-advanced; leaf use-string { type string; description "Add custom string to DHCPv6 vendor identifier"; } } // container option-16 leaf option-79 { junos:must "(".. .. light-weight-dhcpv6-relay")"; junos:must-message "Option-79 can be configured only on LDRAs"; type empty; description "Configure DHCPv6 client link layer address option"; } } // grouping security-dhcpv6-options-type grouping security-option-82-type { description "DHCP option-82 processing"; uses apply-advanced; container circuit-id { presence "enable circuit-id"; description "Configure DHCP option 82 circuit id"; uses apply-advanced; container prefix { description "Configure DHCP option 82 circuit id prefix"; uses apply-advanced; leaf host-name { type empty; description "Add router host name to DHCP option-82 circuit id"; } leaf logical-system-name { type empty; description "Add logical system name to DHCP option-82 circuit id"; } leaf routing-instance-name { type empty; description "Add routing instance name to DHCP option-82 circuit id"; } } // container prefix leaf use-interface-description { type enumeration { enum "logical" { value 0; description "Use the logical interface description"; } enum "device" { value 1; description "Use the device interface description"; } } description "Use interface description instead of circuit identifier"; } leaf use-vlan-id { type empty; description "Use VLAN id instead of name"; } } // container circuit-id container remote-id { presence "enable remote-id"; description "Configure DHCP option 82 remote id"; uses apply-advanced; leaf host-name { type empty; description "Add router host name to DHCP option-82 remote id"; } leaf use-interface-description { type enumeration { enum "logical" { value 0; description "Use the logical interface description"; } enum "device" { value 1; description "Use the device interface description"; } } description "Use interface description instead of interface name"; } leaf use-string { junos:must "(!(".. use-interface-description"))"; junos:must-message "use-string and use-interface-description cannot be configured together"; type string; description "Use raw string instead of the default remote id"; } leaf mac { type empty; description "Add chassis MAC Address to DHCP option-82 remote id"; } } // container remote-id container vendor-id { presence "enable vendor-id"; description "Configure DHCP option 82 vendor id"; uses apply-advanced; leaf use-string { type string; default "Juniper Networks"; description "Use raw string instead of the default vendor id"; } } // container vendor-id } // grouping security-option-82-type grouping server-group-type { uses apply-advanced; list server-group { key "name"; ordered-by user; description "One or more server groups"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; length "1 .. 64"; } description "Server group name"; } uses apply-advanced; list address { key "name"; max-elements 32; ordered-by user; description "IP Address of one or more DHCP servers"; leaf name { type jt:ipaddr; description "IP Address of DHCP server"; } uses apply-advanced; } // list address } // list server-group } // grouping server-group-type grouping server-match-action-choice { uses apply-advanced; choice v4-action-choice { leaf forward-only { type empty; description "Forward without subscriber services"; } leaf create-relay-entry { type empty; description "Create relay entry and allow subscriber services"; } } // choice v4-action-choice } // grouping server-match-action-choice grouping server-match-v6-ascii-hex { uses apply-advanced; list ascii { key "name"; description "ASCII string"; leaf name { type string { length "1 .. 256"; } description "ASCII string"; } uses apply-advanced; choice server-match-action-choice { leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } leaf create-relay-entry { type empty; description "Create relay entry and allow subscriber services"; } } // choice server-match-action-choice } // list ascii list hexadecimal { key "name"; description "Hexadecimal string"; leaf name { type string { junos:posix-pattern "^[[:xdigit:]]+$"; junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)"; length "1 .. 512"; } description "Hexadecimal string"; } uses apply-advanced; choice server-match-action-choice { leaf forward-only { type empty; description "Forward without subscriber services when a match is made"; } leaf create-relay-entry { type empty; description "Create relay entry and allow subscriber services"; } } // choice server-match-action-choice } // list hexadecimal } // grouping server-match-v6-ascii-hex grouping v6-relay-option-interface-id-type { description "Interface ID processing"; uses apply-advanced; container prefix { description "Add prefix to circuit/interface-id or remote-id"; uses apply-advanced; leaf host-name { type empty; description "Add router host name to circuit / interface-id or remote-id"; } leaf logical-system-name { type empty; description "Add logical system name to circuit / interface-id or remote-id"; } leaf routing-instance-name { type empty; description "Add routing instance name to circuit / interface-id or remote-id"; } } // container prefix leaf use-interface-description { junos:must "(!(".. require-interface-description"))"; junos:must-message "use-interface-description may not be set with require-interface-desciption"; type enumeration { enum "logical" { value 0; description "Use the logical interface description"; } enum "device" { value 1; description "Use the device interface description"; } } description "Use interface description instead of circuit identifier"; } leaf use-vlan-id { junos:must "((!(".. no-vlan-interface-name") && (!(".. use-interface-description") && !(".. require-interface-description"))))"; junos:must-message "Vlan-tag cannot be added as no-vlan-interface-name or interface-description is configured"; type empty; description "Use VLAN id instead of name"; } leaf no-vlan-interface-name { type empty; description "Not include vlan or interface name"; } leaf include-irb-and-l2 { type empty; description "Include IRB and L2 interface name"; } container use-option-82 { presence "enable use-option-82"; description "Use option-82 circuit-id for interface-id"; uses v6-relay-option-cid-rid-action; } // container use-option-82 container keep-incoming-interface-id { presence "enable keep-incoming-interface-id"; description "Keep incoming interface identifier"; uses v6-relay-option-cid-rid-action; } // container keep-incoming-interface-id } // grouping v6-relay-option-interface-id-type grouping v6-relay-option-cid-rid-action { uses apply-advanced; leaf strict { type empty; description "Drop packet if id not present"; } } // grouping v6-relay-option-cid-rid-action grouping v6-relay-option-remote-id-type { description "Remote ID processing"; uses apply-advanced; container prefix { description "Add prefix to circuit/interface-id or remote-id"; uses apply-advanced; leaf host-name { type empty; description "Add router host name to circuit / interface-id or remote-id"; } leaf logical-system-name { type empty; description "Add logical system name to circuit / interface-id or remote-id"; } leaf routing-instance-name { type empty; description "Add routing instance name to circuit / interface-id or remote-id"; } } // container prefix leaf use-interface-description { junos:must "(!(".. require-interface-description"))"; junos:must-message "use-interface-description may not be set with require-interface-desciption"; type enumeration { enum "logical" { value 0; description "Use the logical interface description"; } enum "device" { value 1; description "Use the device interface description"; } } description "Use interface description instead of circuit identifier"; } leaf use-vlan-id { junos:must "((!(".. no-vlan-interface-name") && (!(".. use-interface-description") && !(".. require-interface-description"))))"; junos:must-message "Vlan-tag cannot be added as no-vlan-interface-name or interface-description is configured"; type empty; description "Use VLAN id instead of name"; } leaf no-vlan-interface-name { type empty; description "Not include vlan or interface name"; } leaf include-irb-and-l2 { type empty; description "Include IRB and L2 interface name"; } container use-option-82 { presence "enable use-option-82"; description "Use option-82 remote-id for v6 remote-id"; uses v6-relay-option-cid-rid-action; } // container use-option-82 leaf keep-incoming-remote-id { type empty; description "Keep incoming remote identifier"; } } // grouping v6-relay-option-remote-id-type grouping v6-server-group-type { uses apply-advanced; list server-group { key "name"; ordered-by user; description "One or more server groups"; leaf name { type string { junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$"; junos:pattern-message "Must be a non-reserved string of 64 characters or less"; length "1 .. 64"; } description "DHCPv6 Server group name"; } uses apply-advanced; list address { key "name"; max-elements 32; ordered-by user; description "IP Address of one or more DHCP servers"; leaf name { type jt:ipaddr; description "IP Address of DHCP server"; } uses apply-advanced; } // list address } // list server-group } // grouping v6-server-group-type grouping vmhost-authentication-object { description "Authentication parameters"; uses apply-advanced; leaf authentication-password { type string { length "8 .. 1024"; } description "User's authentication password"; } } // grouping vmhost-authentication-object grouping vmhost-privacy-object { description "Privacy parameters"; uses apply-advanced; leaf privacy-password { type string { length "8 .. 1024"; } description "User's privacy password"; } } // grouping vmhost-privacy-object grouping vmhost-snmp-community { description "SNMPv2c user configuration"; uses apply-advanced; list community { key "name"; ordered-by user; description "Configure a community string"; leaf name { type string { length "1 .. 128"; } description "Community name"; } uses apply-advanced; } // list community } // grouping vmhost-snmp-community grouping write-option-82-type { uses apply-advanced; } // grouping write-option-82-type } // module junos-nfx-conf-vmhost
© 2023 YumaWorks, Inc. All rights reserved.