Ethernet

Version:

Ethernet interfaces provide the fundamental physical and logical connectivity for network devices, supporting various speeds from Fast Ethernet (100 Mbps) to multi-gigabit rates (1G, 2.5G, 5G, 10G, 25G, 40G, 100G) with comprehensive Layer 2 switching and Layer 3 routing capabilities. They offer extensive configuration options including switchport modes (access, trunk), VLAN assignments, spanning tree parameters, quality of service policies, security features, and advanced protocols such as OSPF, BFD, and IPv6. Ethernet interfaces serve as the backbone of modern networks, enabling both access layer connectivity for end devices and high-performance trunk links between network infrastructure components while supporting features like port channels, network access control, and comprehensive monitoring capabilities.

Diagram

Classes

interfaces (iosxe.devices.configuration)

Name	Type	Constraint	Mandatory	Default Value
ethernets	List	`[ethernets]`	No

ethernets (iosxe.devices.configuration.interfaces)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`GigabitEthernet`, `FastEthernet`, `Ethernet`, `Port-channel`, `FiveGigabitEthernet`, `TenGigabitEthernet`, `TwentyFiveGigE`, `FortyGigabitEthernet`, `HundredGigE`, `TwoHundredGigE`, `FourHundredGigE`	Yes
id	String		Yes
managed	Boolean	`true`, `false`	No	`true`
interface_groups	List	String	No
media_type	Choice	`auto-select`, `rj45`, `sfp`	No
bandwidth	Integer	min: `1`, max: `200000000`	No
mtu	Integer	min: `64`, max: `18000`	No
description	String		No
shutdown	Boolean	`true`, `false`	No
vrf_forwarding	String		No
ipv4	Class	`[ipv4]`	No
ipv6	Class	`[ipv6]`	No
bfd	Class	`[bfd]`	No
spanning_tree	Class	`[spanning_tree]`	No
speed	Choice	`100`, `1000`, `2500`, `5000`, `10000`, `25000`, `40000`, `100000`, `auto`	No
speed_nonegotiate	Boolean	`true`, `false`	No
port_channel_id	Integer	min: `1`, max: `512`	No
port_channel_mode	Choice	`active`, `auto`, `desirable`, `on`, `passive`	No
source_templates	List	`[source_templates]`	No
arp_timeout	Integer	min: `0`, max: `2147483`	No
negotiation_auto	Boolean	`true`, `false`	No
service_policy_input	String		No
service_policy_output	String		No
load_interval	Integer	min: `30`, max: `600`	No
snmp_trap_link_status	Boolean	`true`, `false`	No
logging_event_link_status	Boolean	`true`, `false`	No
device_tracking	Boolean	`true`, `false`	No
device_tracking_attached_policies	List	String	No
encapsulation_dot1q_vlan_id	Integer	min: `1`, max: `4094`	No
nbar_protocol_discovery	Boolean	`true`, `false`	No
mpls	Class	`[mpls]`	No
ospf	Class	`[ospf]`	No
ospfv3	Class	`[ospfv3]`	No
pim	Class	`[pim]`	No
igmp	Class	`[igmp]`	No
switchport	Class	`[switchport]`	No
network_access_control	Class	`[network_access_control]`	No
auto_qos	Class	`[auto_qos]`	No
cdp	Boolean	`true`, `false`	No
cdp_tlv_app	Boolean	`true`, `false`	No
cdp_tlv_location	Boolean	`true`, `false`	No
cdp_tlv_server_location	Boolean	`true`, `false`	No

ipv4 (iosxe.devices.configuration.interfaces.ethernets)

Name	Type	Constraint	Mandatory
address	IP		No
address_mask	IP		No
proxy_arp	Boolean	`true`, `false`	No
arp_inspection_trust	Boolean	`true`, `false`	No
arp_inspection_limit_rate	Integer	min: `0`, max: `4294967295`	No
dhcp_snooping_trust	Boolean	`true`, `false`	No
dhcp_relay_source_interface_type	Choice	`Loopback`, `Vlan`, `GigabitEthernet`, `FiveGigabitEthernet`, `TenGigabitEthernet`, `FortyGigabitEthernet`, `HundredGigabitEthernet`, `PortChannel`	No
dhcp_relay_source_interface_id	Any	String or Integer[min: `0`]	No
helper_addresses	List	`[helper_addresses]`	No
access_group_in	String		No
access_group_out	String		No
flow_monitors	List	`[flow_monitors]`	No
redirects	Boolean	`true`, `false`	No
unreachables	Boolean	`true`, `false`	No
unnumbered_interface_type	Choice	`Loopback`, `Vlan`, `GigabitEthernet`, `FiveGigabitEthernet`, `TenGigabitEthernet`, `FortyGigabitEthernet`, `HundredGigabitEthernet`, `PortChannel`	No
unnumbered_interface_id	Any	String or Integer[min: `0`]	No
nat_inside	Boolean	`true`, `false`	No
nat_outside	Boolean	`true`, `false`	No

ipv6 (iosxe.devices.configuration.interfaces.ethernets)

Name	Type	Constraint	Mandatory
enable	Boolean	`true`, `false`	No
addresses	List	`[addresses]`	No
link_local_addresses	List	IP	No
address_autoconfig_default	Boolean	`true`, `false`	No
address_dhcp	Boolean	`true`, `false`	No
mtu	Integer	min: `1280`, max: `9976`	No
nd_ra_suppress_all	Boolean	`true`, `false`	No
flow_monitors	List	`[flow_monitors]`	No
pim	Class	`[pim]`	No

bfd (iosxe.devices.configuration.interfaces.ethernets)

Name	Type	Constraint	Mandatory
template	String		No
enable	Boolean	`true`, `false`	No
local_address	String		No
interval	Integer	min: `50`, max: `9999`	No
interval_min_rx	Integer	min: `50`, max: `9999`	No
interval_multiplier	Integer	min: `3`, max: `50`	No
echo	Boolean	`true`, `false`	No

spanning_tree (iosxe.devices.configuration.interfaces.ethernets)

Name	Type	Constraint	Mandatory
portfast	Boolean	`true`, `false`	No
portfast_disable	Boolean	`true`, `false`	No
bpduguard	Boolean	`true`, `false`	No
bpduguard_disable	Boolean	`true`, `false`	No
guard	Choice	`loop`, `none`, `root`	No
link_type	Choice	`shared`, `point-to-point`	No
portfast_trunk	Boolean	`true`, `false`	No
portfast_edge	Boolean	`true`, `false`	No

source_templates (iosxe.devices.configuration.interfaces.ethernets)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
merge	Boolean	`true`, `false`	No

mpls (iosxe.devices.configuration.interfaces.ethernets)

Name	Type	Constraint	Mandatory	Default Value
ip	Boolean	`true`, `false`	No
mtu	Integer		No

ospf (iosxe.devices.configuration.interfaces.ethernets)

Name	Type	Constraint	Mandatory
cost	Integer	min: `1`, max: `65535`	No
dead_interval	Integer	min: `1`, max: `65535`	No
hello_interval	Integer	min: `1`, max: `65535`	No
mtu_ignore	Boolean	`true`, `false`	No
network_type	Choice	`broadcast`, `non-broadcast`, `point-to-multipoint`, `point-to-point`	No
priority	Integer	min: `0`, max: `255`	No
ttl_security_hops	Integer	min: `1`, max: `254`	No
process_ids	List	`[process_ids]`	No
message_digest_keys	List	`[message_digest_keys]`	No

ospfv3 (iosxe.devices.configuration.interfaces.ethernets)

Name	Type	Constraint	Mandatory	Default Value
network_type	Choice	`broadcast`, `non-broadcast`, `point-to-multipoint`, `point-to-point`	No
cost	Integer	min: `1`, max: `65535`	No

pim (iosxe.devices.configuration.interfaces.ethernets)

Name	Type	Constraint	Mandatory
passive	Boolean	`true`, `false`	No
dense_mode	Boolean	`true`, `false`	No
sparse_mode	Boolean	`true`, `false`	No
sparse_dense_mode	Boolean	`true`, `false`	No
bfd	Boolean	`true`, `false`	No
border	Boolean	`true`, `false`	No
bsr_border	Boolean	`true`, `false`	No
dr_priority	Integer	min: `0`, max: `4294967294`	No

igmp (iosxe.devices.configuration.interfaces.ethernets)

Name	Type	Constraint	Mandatory	Default Value
version	Integer	min: `1`, max: `3`	No

switchport (iosxe.devices.configuration.interfaces.ethernets)

Name	Type	Constraint	Mandatory
enable	Boolean	`true`, `false`	No
mode	Choice	`access`, `dot1q-tunnel`, `private-vlan-trunk`, `private-vlan-host`, `private-vlan-promiscuous`, `trunk`	No
nonegotiate	Boolean	`true`, `false`	No
access_vlan	Integer	min: `1`, max: `4094`	No
trunk_allowed_vlans	Class	`[trunk_allowed_vlans]`	No
trunk_native_vlan_tag	Boolean	`true`, `false`	No
trunk_native_vlan_id	Integer	min: `1`, max: `4094`	No
host	Boolean	`true`, `false`	No

network_access_control (iosxe.devices.configuration.interfaces.ethernets)

Name	Type	Constraint	Mandatory
authentication_periodic	Boolean	`true`, `false`	No
authentication_timer_reauthenticate	Integer	min: `1`, max: `1073741823`	No
authentication_timer_reauthenticate_server	Boolean	`true`, `false`	No
mab	Boolean	`true`, `false`	No
mab_eap	Boolean	`true`, `false`	No
dot1x_pae	Choice	`authenticator`, `supplicant`, `both`	No
dot1x_timeout_auth_period	Integer	min: `1`, max: `65535`	No
dot1x_timeout_held_period	Integer	min: `1`, max: `65535`	No
dot1x_timeout_quiet_period	Integer	min: `1`, max: `65535`	No
dot1x_timeout_ratelimit_period	Integer	min: `1`, max: `65535`	No
dot1x_timeout_server_timeout	Integer	min: `1`, max: `65535`	No
dot1x_timeout_start_period	Integer	min: `1`, max: `65535`	No
dot1x_timeout_supp_timeout	Integer	min: `1`, max: `65535`	No
dot1x_timeout_tx_period	Integer	min: `1`, max: `65535`	No
dot1x_max_req	Integer	min: `1`, max: `10`	No
dot1x_max_reauth_req	Integer	min: `1`, max: `10`	No

auto_qos (iosxe.devices.configuration.interfaces.ethernets)

Name	Type	Constraint	Mandatory
classify	Boolean	`true`, `false`	No
classify_police	Boolean	`true`, `false`	No
trust	Boolean	`true`, `false`	No
trust_cos	Boolean	`true`, `false`	No
trust_dscp	Boolean	`true`, `false`	No
video_cts	Boolean	`true`, `false`	No
video_ip_camera	Boolean	`true`, `false`	No
video_media_player	Boolean	`true`, `false`	No
voip	Boolean	`true`, `false`	No
voip_cisco_phone	Boolean	`true`, `false`	No
voip_cisco_softphone	Boolean	`true`, `false`	No
voip_trust	Boolean	`true`, `false`	No
trust_device	Choice	`cisco-phone`, `cts`, `ip-camera`, `media-player`	No

helper_addresses (iosxe.devices.configuration.interfaces.ethernets.ipv4)

Name	Type	Constraint	Mandatory
address	IP		Yes
global	Boolean	`true`, `false`	No
vrf	String		No

flow_monitors (iosxe.devices.configuration.interfaces.ethernets.ipv4)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
direction	Choice	`input`, `output`	Yes

addresses (iosxe.devices.configuration.interfaces.ethernets.ipv6)

Name	Type	Constraint	Mandatory	Default Value
prefix	IP		Yes
eui_64	Boolean	`true`, `false`	No

pim (iosxe.devices.configuration.interfaces.ethernets.ipv6)

Name	Type	Constraint	Mandatory
pim	Boolean	`true`, `false`	No
bfd	Boolean	`true`, `false`	No
bsr_border	Boolean	`true`, `false`	No
dr_priority	Integer	min: `0`, max: `4294967295`	No

process_ids (iosxe.devices.configuration.interfaces.ethernets.ospf)

Name	Type	Constraint	Mandatory	Default Value
id	Integer	min: `1`, max: `65535`	No
areas	List	Any[String or Integer[min: `0`]]	No

message_digest_keys (iosxe.devices.configuration.interfaces.ethernets.ospf)

Name	Type	Constraint	Mandatory
id	Integer	min: `1`, max: `255`	Yes
md5_auth_key	String		No
md5_auth_type	Choice	`0`, `7`	No

trunk_allowed_vlans (iosxe.devices.configuration.interfaces.ethernets.switchport)

Name	Type	Constraint	Mandatory	Default Value
ids	List	Integer[min: `1`, max: `4094`]	No
ranges	List	`[ranges]`	No

ranges (iosxe.devices.configuration.interfaces.ethernets.switchport.trunk_allowed_vlans)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `1`, max: `4094`	Yes
to	Integer	min: `1`, max: `4094`	Yes

Guidelines and Limitations

Managed vs Unmanaged Interfaces

managed attribute: Controls whether Terraform continuously manages the interface configuration. When set to false, Terraform will push the initial configuration but will not continuously read it, detect drift, or reconcile changes. This is useful for:
- Interfaces whose configuration changes dynamically due to authorization policies
- Interfaces modified by local scripts or automation
- Interfaces where configuration drift should be allowed and not corrected
- Default: true (Terraform fully manages the interface and reconciles drift)

Usage example:

interfaces:
  ethernets:
    - id: 1/0/1
      type: GigabitEthernet
      description: Dynamic interface
      managed: false  # Terraform pushes initial config but ignores subsequent changes

Spanning Tree Portfast Configuration

spanning_tree_portfast_edge attribute limitation: The spanning_tree_portfast_edge attribute uses a deprecated YANG model path (spanning-tree/portfast/edge) that does not translate to valid CLI commands on Catalyst switch platforms. While the YANG model accepts this configuration for backward compatibility with routers or older platforms, modern Catalyst switches (including Catalyst 9000 series) do not support the spanning-tree portfast edge CLI command. Attempting to configure this attribute on Catalyst switches will result in device configuration rejection errors (“inconsistent value: Device refused one or more commands”).
Recommended alternatives for Catalyst switches:
- For access ports: Use spanning_tree_portfast: true (translates to spanning-tree portfast)
- For trunk ports: Use spanning_tree_portfast_trunk: true (translates to spanning-tree portfast trunk)
- Both options provide the same portfast functionality and are fully supported on Catalyst platforms
Portfast and guard mutual exclusivity: The spanning-tree portfast variants (portfast, portfast_disable, portfast_trunk) and guard options (loop, root, none) serve different purposes:
- Portfast enables immediate forwarding for edge ports connecting to end devices
- Guard protects against topology loops (loop) or unauthorized root bridges (root)
- These can be configured together on the same interface for comprehensive protection
BPDU guard configuration: BPDU guard (bpduguard: true or bpduguard_disable: true) can be configured alongside any portfast variant to protect against unauthorized switches. When global BPDU guard is enabled (spanning-tree portfast bpduguard default), use bpduguard_disable: true to selectively disable it on specific interfaces.

Examples

iosxe:
  devices:
    - name: Device1
      configuration:
        interfaces:
          ethernets:
            - id: 1/1
              type: GigabitEthernet
              description: Server 1 Interface
              speed: 1000
              port_channel_id: 10
              port_channel_mode: active
              switchport:
                mode: access
                access_vlan: 100
              spanning_tree:
                guard: loop

iosxe:
  devices:
    - name: Device1
      configuration:
        interfaces:
          ethernets:
            - type: GigabitEthernet
              id: 1/0/2
              description: L3 interface
              vrf_forwarding: "VRF-PROD"
              speed: 10000
              arp_timeout: 300
              load_interval: 90
              snmp_trap_link_status: false
              logging_event_link_status: false
              ipv4:
                arp_inspection_limit_rate: 40
                arp_inspection_trust: true
                address: 192.168.100.1
                address_mask: 255.255.255.0
                proxy_arp: true
                dhcp_relay_source_interface: Gig1/0/1
                helper_addresses:
                  - address: 10.1.1.1
                access_group_in: ACL-IN
                access_group_out: ACL-OUT
                redirects: false
                unreachables: false
                flow_monitors:
                  - name: FLOW1
                    direction: input
              ipv6:
                enable: true
                addresses:
                  - prefix: 2001::1
                    prefix_length: 64
                    eui64: true
                link_local_addresses:
                  - fe80::1
                mtu: 1450
                nd_ra_suppress_all: true
              bfd:
                enable: true
                local_address: 172.16.1.1
                interval: 100
                interval_multiplier: 3
                interval_min_rx: 101
                echo: false
              ospf:
                cost: 10
                dead_interval: 40
                hello_interval: 11
                mtu_ignore: false
                network_type: point-to-point
                priority: 1
                ttl_security_hops: 2
                process_ids:
                  - id: 1
                    areas:
                      - "0"
                message_digest_keys:
                  - id: 1
                    md5_auth_key: "cisco"
                    md5_auth_type: "0"
              ospfv3:
                cost: 10
                network_type: point-to-point
              igmp:
                version: 2

# Example 1: Standard access port with portfast and bpduguard
iosxe:
  devices:
    - name: Device1
      configuration:
        interfaces:
          ethernets:
            - type: GigabitEthernet
              id: 1/0/1
              description: Access port with portfast
              spanning_tree:
                portfast: true
                bpduguard: true
                guard: root
              switchport:
                enable: true
                mode: access

# Example 2: Trunk port with portfast_trunk
iosxe:
  devices:
    - name: Device1
      configuration:
        interfaces:
          ethernets:
            - type: GigabitEthernet
              id: 1/0/2
              description: Trunk port with portfast
              speed: 2500
              speed_nonegotiate: false
              spanning_tree:
                portfast_trunk: true
                bpduguard: true
                link_type: shared
              switchport:
                mode: trunk
                trunk_allowed_vlans:
                  ids: [30, 32]
                  ranges:
                    - from: 10
                      to: 20
                trunk_native_vlan_id: 5

# Example 3: Port with portfast and loop guard
iosxe:
  devices:
    - name: Device1
      configuration:
        interfaces:
          ethernets:
            - type: GigabitEthernet
              id: 1/0/3
              description: Port with portfast and loop guard
              spanning_tree:
                portfast: true
                guard: loop
              switchport:
                enable: true
                mode: access

# Example 4: Explicitly disable portfast (useful when global portfast is enabled)
iosxe:
  devices:
    - name: Device1
      configuration:
        interfaces:
          ethernets:
            - type: GigabitEthernet
              id: 1/0/4
              description: Port with portfast disabled
              spanning_tree:
                portfast_disable: true
                guard: loop
              switchport:
                enable: true
                mode: access

# Example 5: Port with bpduguard_disable (useful when global bpduguard is enabled)
iosxe:
  devices:
    - name: Device1
      configuration:
        interfaces:
          ethernets:
            - type: GigabitEthernet
              id: 1/0/5
              description: Port with bpduguard disabled
              spanning_tree:
                bpduguard_disable: true
                link_type: point-to-point
              switchport:
                enable: true
                mode: access