Interface Group

Interface groups provide a powerful mechanism for applying consistent configurations to multiple interfaces across one or more devices. They enable you to define reusable interface configuration templates that can be applied to interfaces with similar roles or requirements, promoting standardization and reducing configuration complexity.

Interface groups are particularly valuable for:

Role-based interface configuration: Standardizing configurations for server ports, uplinks, access ports, etc.
Service deployment: Applying consistent security policies, QoS settings, or VLAN configurations
Operational consistency: Ensuring uniform interface behaviors across your network infrastructure
Configuration maintenance: Centralizing interface policies for easier updates and troubleshooting

Interface groups work by:

Defining a named configuration template with interface-specific settings
Referencing the interface group from individual interfaces via the interface_groups attribute
Supporting variables for dynamic configuration based on device or group context
Allowing multiple interface groups to be applied to a single interface (configurations are merged)

This approach separates interface policy definition from individual interface declarations, making your network configurations more modular and maintainable.

Diagram

Classes

iosxe

Name	Type	Constraint	Mandatory	Default Value
interface_groups	List	`[interface_groups]`	No

interface_groups (iosxe)

Name	Type	Constraint	Mandatory
name	String		Yes
variables	Map		No
configuration	Class	`[configuration]`	No

configuration (iosxe.interface_groups)

Name	Type	Constraint	Mandatory
media_type	Choice	`auto-select`, `rj45`, `sfp`	No
bandwidth	Integer	min: `1`, max: `200000000`	No
mtu	Integer	min: `64`, max: `18000`	No
description	String		No
shutdown	Boolean	`true`, `false`	No
vrf_forwarding	String		No
ipv4	Class	`[ipv4]`	No
ipv6	Class	`[ipv6]`	No
bfd	Class	`[bfd]`	No
spanning_tree	Class	`[spanning_tree]`	No
speed	Choice	`100`, `1000`, `2500`, `5000`, `10000`, `25000`, `40000`, `100000`, `auto`	No
speed_nonegotiate	Boolean	`true`, `false`	No
port_channel_id	Integer	min: `1`, max: `512`	No
port_channel_mode	Choice	`active`, `auto`, `desirable`, `on`, `passive`	No
source_templates	List	`[source_templates]`	No
arp_timeout	Integer	min: `0`, max: `2147483`	No
negotiation_auto	Boolean	`true`, `false`	No
service_policy_input	String		No
service_policy_output	String		No
load_interval	Integer	min: `30`, max: `600`	No
snmp_trap_link_status	Boolean	`true`, `false`	No
logging_event_link_status	Boolean	`true`, `false`	No
device_tracking	Boolean	`true`, `false`	No
device_tracking_attached_policies	List	String	No
encapsulation_dot1q_vlan_id	Integer	min: `1`, max: `4094`	No
nbar_protocol_discovery	Boolean	`true`, `false`	No
mpls	Class	`[mpls]`	No
ospf	Class	`[ospf]`	No
ospfv3	Class	`[ospfv3]`	No
pim	Class	`[pim]`	No
switchport	Class	`[switchport]`	No
network_access_control	Class	`[network_access_control]`	No
auto_qos	Class	`[auto_qos]`	No
autostate	Boolean	`true`, `false`	No

ipv4 (iosxe.interface_groups.configuration)

Name	Type	Constraint	Mandatory
address	IP		No
address_mask	IP		No
proxy_arp	Boolean	`true`, `false`	No
arp_inspection_trust	Boolean	`true`, `false`	No
arp_inspection_limit_rate	Integer	min: `0`, max: `4294967295`	No
dhcp_snooping_trust	Boolean	`true`, `false`	No
dhcp_relay_source_interface_type	Choice	`Loopback`, `Vlan`, `GigabitEthernet`, `FiveGigabitEthernet`, `TenGigabitEthernet`, `FortyGigabitEthernet`, `HundredGigabitEthernet`, `PortChannel`	No
dhcp_relay_source_interface_id	String		No
helper_addresses	List	`[helper_addresses]`	No
access_group_in	String		No
access_group_out	String		No
flow_monitors	List	`[flow_monitors]`	No
redirects	Boolean	`true`, `false`	No
unreachables	Boolean	`true`, `false`	No
unnumbered	String		No

ipv6 (iosxe.interface_groups.configuration)

Name	Type	Constraint	Mandatory
enable	Boolean	`true`, `false`	No
addresses	List	`[addresses]`	No
link_local_addresses	List	IP	No
address_autoconfig_default	Boolean	`true`, `false`	No
address_dhcp	Boolean	`true`, `false`	No
mtu	Integer	min: `1280`, max: `9976`	No
nd_ra_suppress_all	Boolean	`true`, `false`	No
flow_monitors	List	`[flow_monitors]`	No

bfd (iosxe.interface_groups.configuration)

Name	Type	Constraint	Mandatory
template	String		No
enable	Boolean	`true`, `false`	No
local_address	String		No
interval	Integer	min: `50`, max: `9999`	No
interval_min_rx	Integer	min: `50`, max: `9999`	No
interval_multiplier	Integer	min: `3`, max: `50`	No
echo	Boolean	`true`, `false`	No

spanning_tree (iosxe.interface_groups.configuration)

Name	Type	Constraint	Mandatory
guard	Choice	`loop`, `none`, `root`	No
link_type	Choice	`shared`, `point-to-point`	No
portfast_trunk	Boolean	`true`, `false`	No

source_templates (iosxe.interface_groups.configuration)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
merge	Boolean	`true`, `false`	No

mpls (iosxe.interface_groups.configuration)

Name	Type	Constraint	Mandatory	Default Value
ip	Boolean	`true`, `false`	No
mtu	Integer		No

ospf (iosxe.interface_groups.configuration)

Name	Type	Constraint	Mandatory
cost	Integer	min: `1`, max: `65535`	No
dead_interval	Integer	min: `1`, max: `65535`	No
hello_interval	Integer	min: `1`, max: `65535`	No
mtu_ignore	Boolean	`true`, `false`	No
network_type	Choice	`broadcast`, `non-broadcast`, `point-to-multipoint`, `point-to-point`	No
priority	Integer	min: `0`, max: `255`	No
ttl_security_hops	Integer	min: `1`, max: `254`	No
process_ids	List	`[process_ids]`	No
message_digest_keys	List	`[message_digest_keys]`	No

ospfv3 (iosxe.interface_groups.configuration)

Name	Type	Constraint	Mandatory	Default Value
network_type	Choice	`broadcast`, `non-broadcast`, `point-to-multipoint`, `point-to-point`	No
cost	Integer	min: `1`, max: `65535`	No

pim (iosxe.interface_groups.configuration)

Name	Type	Constraint	Mandatory
passive	Boolean	`true`, `false`	No
dense_mode	Boolean	`true`, `false`	No
sparse_mode	Boolean	`true`, `false`	No
sparse_dense_mode	Boolean	`true`, `false`	No
bfd	Boolean	`true`, `false`	No
border	Boolean	`true`, `false`	No
bsr_border	Boolean	`true`, `false`	No
dr_priority	Integer	min: `0`, max: `4294967294`	No

switchport (iosxe.interface_groups.configuration)

Name	Type	Constraint	Mandatory
mode	Choice	`access`, `dot1q-tunnel`, `private-vlan-trunk`, `private-vlan-host`, `private-vlan-promiscuous`, `trunk`	Yes
nonegotiate	Boolean	`true`, `false`	No
access_vlan	Integer	min: `1`, max: `4094`	No
trunk_allowed_vlans	String		No
trunk_allowed_vlans_none	Boolean	`true`, `false`	No
trunk_native_vlan_tag	Boolean	`true`, `false`	No
trunk_native_vlan_id	Integer	min: `1`, max: `4094`	No
host	Boolean	`true`, `false`	No

network_access_control (iosxe.interface_groups.configuration)

Name	Type	Constraint	Mandatory
authentication_periodic	Boolean	`true`, `false`	No
authentication_timer_reauthenticate	Integer	min: `1`, max: `1073741823`	No
authentication_timer_reauthenticate_server	Boolean	`true`, `false`	No
mab	Boolean	`true`, `false`	No
mab_eap	Boolean	`true`, `false`	No
dot1x_pae	Choice	`authenticator`, `supplicant`, `both`	No
dot1x_timeout_auth_period	Integer	min: `1`, max: `65535`	No
dot1x_timeout_held_period	Integer	min: `1`, max: `65535`	No
dot1x_timeout_quiet_period	Integer	min: `1`, max: `65535`	No
dot1x_timeout_ratelimit_period	Integer	min: `1`, max: `65535`	No
dot1x_timeout_server_timeout	Integer	min: `1`, max: `65535`	No
dot1x_timeout_start_period	Integer	min: `1`, max: `65535`	No
dot1x_timeout_supp_timeout	Integer	min: `1`, max: `65535`	No
dot1x_timeout_tx_period	Integer	min: `1`, max: `65535`	No
dot1x_max_req	Integer	min: `1`, max: `10`	No
dot1x_max_reauth_req	Integer	min: `1`, max: `10`	No

auto_qos (iosxe.interface_groups.configuration)

Name	Type	Constraint	Mandatory
classify	Boolean	`true`, `false`	No
classify_police	Boolean	`true`, `false`	No
trust	Boolean	`true`, `false`	No
trust_cos	Boolean	`true`, `false`	No
trust_dscp	Boolean	`true`, `false`	No
video_cts	Boolean	`true`, `false`	No
video_ip_camera	Boolean	`true`, `false`	No
video_media_player	Boolean	`true`, `false`	No
voip	Boolean	`true`, `false`	No
voip_cisco_phone	Boolean	`true`, `false`	No
voip_cisco_softphone	Boolean	`true`, `false`	No
voip_trust	Boolean	`true`, `false`	No
trust_device	Choice	`cisco-phone`, `cts`, `ip-camera`, `media-player`	No

helper_addresses (iosxe.interface_groups.configuration.ipv4)

Name	Type	Constraint	Mandatory
address	IP		Yes
global	Boolean	`true`, `false`	No
vrf	String		No

flow_monitors (iosxe.interface_groups.configuration.ipv4)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
direction	Choice	`input`, `output`	Yes

addresses (iosxe.interface_groups.configuration.ipv6)

Name	Type	Constraint	Mandatory	Default Value
prefix	IP		Yes
eui_64	Boolean	`true`, `false`	No

process_ids (iosxe.interface_groups.configuration.ospf)

Name	Type	Constraint	Mandatory	Default Value
id	Integer	min: `1`, max: `65535`	No
areas	List	String	No

message_digest_keys (iosxe.interface_groups.configuration.ospf)

Name	Type	Constraint	Mandatory
id	Integer	min: `1`, max: `255`	Yes
md5_auth_key	String		No
md5_auth_type	Choice	`0`, `7`	No

Examples

iosxe:
  interface_groups:
    # Server access port configuration
    - name: SERVER_ACCESS_PORT
      configuration:
        description: "Server Access Port"
        switchport:
          mode: access
          access_vlan: 100
          port_security: true
          port_security_maximum_ranges:
            - range: 2
        spanning_tree:
          portfast: true
          bpduguard: true
        auto_qos:
          trust_dscp: true

    # Trunk uplink configuration
    - name: TRUNK_UPLINK
      configuration:
        description: "Trunk Uplink to ${uplink_device}"
        switchport:
          mode: trunk
          nonegotiate: true
          trunk_allowed_vlans: "1-200,300-400"
        spanning_tree:
          link_type: point-to-point

    # Access port with dynamic VLAN
    - name: DYNAMIC_ACCESS_PORT
      variables:
        port_vlan: 10
      configuration:
        switchport:
          mode: access
          access_vlan: ${port_vlan}
        network_access_control:
          dot1x_pae: authenticator
          mab: true
          access_session_port_control: auto

    # Management interface configuration
    - name: MGMT_INTERFACE
      configuration:
        description: "Management Interface"
        ipv4:
          address: ${mgmt_ip}
          address_mask: "255.255.255.0"
        snmp_trap_link_status: true

  # Apply interface groups to devices
  devices:
    - name: Access-SW-01
      variables:
        uplink_device: "Core-SW-01"
        mgmt_ip: "192.168.1.10"
      configuration:
        interfaces:
          ethernets:
            # Server ports using SERVER_ACCESS_PORT group
            - type: GigabitEthernet
              id: "1/0/1"
              interface_groups: [SERVER_ACCESS_PORT]
            - type: GigabitEthernet
              id: "1/0/2"
              interface_groups: [SERVER_ACCESS_PORT]

            # Uplink using TRUNK_UPLINK group
            - type: GigabitEthernet
              id: "1/0/48"
              interface_groups: [TRUNK_UPLINK]

            # User ports with dynamic access and multiple groups
            - type: GigabitEthernet
              id: "1/0/10"
              interface_groups: [DYNAMIC_ACCESS_PORT]
              variables:
                port_vlan: 20

          vlans:
            # Management VLAN using MGMT_INTERFACE group
            - id: 100
              interface_groups: [MGMT_INTERFACE]