Skip to content
Network as Code

Template

Interface templates are reusable configuration containers that define a standardized set of interface-level settings including switchport configuration, security policies, authentication parameters, QoS policies, and network access control attributes that can be consistently applied across multiple physical interfaces. They streamline network deployment and maintenance by enabling centralized definition of interface behaviors such as 802.1X authentication, MAB (MAC Authentication Bypass), port security, spanning tree settings, storm control, and device tracking policies. Interface templates are essential for maintaining configuration consistency, reducing deployment errors, and simplifying network operations in large-scale environments where standardized interface policies need to be applied across hundreds or thousands of switch ports.

Diagram

Diagram

Classes

configuration (iosxe.devices)

NameTypeConstraintMandatoryDefault Value
templatesList[templates]No

templates (iosxe.devices.configuration)

NameTypeConstraintMandatoryDefault Value
nameStringYes
service_policy_type_control_subscriberStringNo
service_policy_inputStringNo
service_policy_outputStringNo
source_templateStringNo
switchportClass[switchport]No
spanning_treeClass[spanning_tree]No
storm_controlClass[storm_control]No
load_intervalIntegermin: 30, max: 600No
ipv4Class[ipv4]No
subscriber_aging_inactivity_timer_valueIntegermin: 1, max: 65535No
subscriber_aging_inactivity_timer_probeBooleantrue, falseNo
subscriber_aging_probeBooleantrue, falseNo
device_trackingBooleantrue, falseNo
device_tracking_attached_policiesList[device_tracking_attached_policies]No
device_tracking_vlan_rangeStringNo
network_access_controlClass[network_access_control]No

switchport (iosxe.devices.configuration.templates)

NameTypeConstraintMandatoryDefault Value
modeChoiceaccess, trunkNo
nonegotiateBooleantrue, falseNo
block_unicastBooleantrue, falseNo
port_securityBooleantrue, falseNo
port_security_aging_staticBooleantrue, falseNo
port_security_aging_timeIntegermin: 1, max: 1440No
port_security_aging_typeBooleantrue, falseNo
port_security_aging_type_inactivityBooleantrue, falseNo
port_security_maximum_rangesList[port_security_maximum_ranges]No
port_security_violation_protectBooleantrue, falseNo
port_security_violation_restrictBooleantrue, falseNo
port_security_violation_shutdownBooleantrue, falseNo
access_vlanIntegermin: 1, max: 4094No
voice_vlanIntegermin: 1, max: 4094No
private_vlan_host_association_primary_rangeAnyInteger[min: 2, max: 1001] or Integer[min: 1006, max: 4094] or String[Regex: ^.*[\$\%]\{.*$]No
private_vlan_host_association_secondary_rangeAnyInteger[min: 2, max: 1001] or Integer[min: 1006, max: 4094] or String[Regex: ^.*[\$\%]\{.*$]No
trunk_allowed_vlansIntegermin: 1, max: 4094No
trunk_allowed_vlans_noneBooleantrue, falseNo
trunk_allowed_vlans_allBooleantrue, falseNo
trunk_native_vlan_tagBooleantrue, falseNo
trunk_native_vlan_idIntegermin: 1, max: 4094No

spanning_tree (iosxe.devices.configuration.templates)

NameTypeConstraintMandatoryDefault Value
bpduguardBooleantrue, falseNo
service_policyBooleantrue, falseNo
portfastBooleantrue, falseNo
portfast_disableBooleantrue, falseNo
portfast_edgeBooleantrue, falseNo
portfast_networkBooleantrue, falseNo

storm_control (iosxe.devices.configuration.templates)

NameTypeConstraintMandatoryDefault Value
broadcast_level_pps_thresholdStringNo
broadcast_level_bps_thresholdNumbermin: 0, max: 100000000000.0No
broadcast_level_thresholdNumbermin: 0, max: 10000No
multicast_level_pps_thresholdStringNo
multicast_level_bps_thresholdNumbermin: 0, max: 100000000000.0No
multicast_level_thresholdNumbermin: 0, max: 10000No
action_shutdownBooleantrue, falseNo
action_trapBooleantrue, falseNo

ipv4 (iosxe.devices.configuration.templates)

NameTypeConstraintMandatoryDefault Value
dhcp_snooping_limit_rateIntegermin: 1, max: 2048No
dhcp_snooping_trustBooleantrue, falseNo
access_group_inStringNo
access_group_outStringNo

device_tracking_attached_policies (iosxe.devices.configuration.templates)

NameTypeConstraintMandatoryDefault Value
nameStringNo
vlan_rangeStringYes

network_access_control (iosxe.devices.configuration.templates)

NameTypeConstraintMandatoryDefault Value
dot1x_paeChoiceauthenticator, both, supplicantNo
dot1x_max_reauth_reqIntegermin: 1, max: 10No
dot1x_max_reqIntegermin: 1, max: 10No
dot1x_timeout_tx_periodIntegermin: 1, max: 65535No
mabBooleantrue, falseNo
mab_eapBooleantrue, falseNo
access_session_closedBooleantrue, falseNo
access_session_monitorBooleantrue, falseNo
access_session_port_controlChoiceauto, force-authorized, force-unauthorizedNo
access_session_control_directionChoiceboth, inNo
access_session_host_modeChoicemulti-auth, multi-domain, multi-host, single-hostNo
access_session_interface_template_stickyBooleantrue, falseNo
access_session_interface_template_sticky_timerIntegermin: 1, max: 65535No
authentication_periodicBooleantrue, falseNo
authentication_timer_reauthenticate_serverBooleantrue, falseNo
authentication_timer_reauthenticate_rangeIntegermin: 1, max: 65535No
cts_manualBooleantrue, falseNo
cts_manual_policy_static_sgtIntegermin: 2, max: 65519No
cts_manual_policy_static_trustedBooleantrue, falseNo
cts_manual_propagate_sgtBooleantrue, falseNo
cts_role_based_enforcementBooleantrue, falseNo

port_security_maximum_ranges (iosxe.devices.configuration.templates.switchport)

NameTypeConstraintMandatoryDefault Value
rangeIntegermin: 1, max: 3072Yes
vlanBooleantrue, falseNo
vlan_accessBooleantrue, falseNo

Examples

iosxe:
  devices:
    - name: Device1
      configuration:
        templates:
          - name: TEMPLATE1
            service_policy_input: input
            service_policy_output: output
            load_interval: 90
            subscriber_aging_inactivity_timer_value: 600
            device_tracking: true
            switchport:
              mode: trunk
              trunk_native_vlan_id: 100
              trunk_allowed_vlans: "10-20,30"
              nonegotiate: true
              block_unicast: true
              port_security: true
              port_security_aging_static: true
              port_security_aging_time: 600
              port_security_aging_type_inactivity: true
              port_security_maximum_ranges:
                - range: 10
                  vlan: true
                  vlan_access: true
                - range: 20
                  vlan: true
                - range: 30
              port_security_violation_protect: true
              voice_vlan: 11
            network_access_control:
              dot1x_pae: supplicant
              dot1x_max_reauth_req: 3
              dot1x_max_req: 5
              dot1x_timeout_tx_period: 600
              mab: true
              mab_eap: true
              access_session_closed: true
              access_session_monitor: false
              access_session_port_control: force-authorized
              access_session_control_direction: in
              access_session_host_mode: multi-domain
              access_session_interface_template_sticky: true
              access_session_interface_template_sticky_timer: 600
              authentication_periodic: true
              authentication_timer_reauthenticate_range: 600
              cts_manual: true
              cts_manual_policy_static_sgt: 100
              cts_manual_policy_static_trusted: true
              cts_manual_propagate_sgt: true
              cts_role_based_enforcement: true
            spanning_tree:
              bpduguard: true
              portfast: true
              portfast_disable: false
            storm_control:
              broadcast_level_threshold: 80
              multicast_level_threshold: 70
              action_shutdown: true
              action_trap: true
            ipv4:
              dhcp_snooping_limit_rate: 1024
              dhcp_snooping_trust: true
              access_group_in: ACL_IN
              access_group_out: ACL_OUT