Appendix A: Schema Reference

This page is a reference for the objects you can use in your Declarations for Declarative Onboarding. For more information on BIG-IP objects and terminology, see the BIG-IP documentation at https://support.f5.com/csp/home.

Analytics

Global analytics properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
class (string)
“Analytics” Indicates that this property contains global analytics configuration
debugEnabled (boolean) false true, false Enable debug mode. If debug mode is disabled, internal statistics are collected only if interval is set to the default value (300 seconds)
interval (integer) 300 [20, 300] Analytics data collection interval in seconds. If this interval is different from the default value (300 seconds), internal statistics are not collected unless debugEnabled is set to true. Minimum interval is 20 seconds, maximum interval is 300 seconds.
offboxEnabled (boolean) false true, false Enables all communication with the offbox application on the global level
offboxProtocol (string)
“https”, “tcp” Protocol for communication with offbox analytics application
offboxTcpAddresses (array<string>)
Server IP addresses used only if the ‘tcp/https’ protocol is chosen
offboxTcpPort (number)
Server TCP port for the server IP addresses used only if the ‘tcp’ protocol is chosen
sourceId (string)
Unique value to signify the source of data
tenantId (string)
Unique id for the tenant using the analytics backend system

Authentication

Authentication properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
class (string)
“Authentication” Indicates that this property contains authentication configuration.
enabledSourceType (string) “local” “radius”, “local”, “tacacs”, “ldap”, “activeDirectory” Type of remote authentication source to enable for the system.
fallback (boolean) false true, false Specifies that the system uses the Local authentication method if the remote authentication method is not available.
ldap (Authentication_ldap)
Remote LDAP authentication info
radius (Authentication_radius)
Remote RADIUS authentication info.
remoteUsersDefaults (Authentication_remoteUsersDefaults)
The default values that the BIG-IP system applies to any user account that is not part of a remotely-stored user group.
tacacs (Authentication_tacacs)
TACACS+ authentication info

Authentication_ldap

Authentication ldap possible properties

Properties:

Name (Type) Default Values Description
bindDn (string)
Distinguished name of the server account. If server is a Microsoft Windows Active Directory server, the name must be an email address
bindPassword (string)
Password for the server account
bindTimeout (integer) 30 [0, 4294967295] Timeout limit in seconds to bind to remote authentication server
checkBindPassword (boolean) false true, false Confirms the password for the server account
checkRemoteRole (boolean) false true, false Verifies a user’s group membership based on the remote-role definition, formatted as *member*of=”group-dn”
filter (string)
Filter used for authorizing client traffic
groupDn (string)
Group distinguished name for authorizing client traffic
groupMemberAttribute (string)
Group member attribute for authorizing client traffic
idleTimeout (integer) 3600 [0, 4294967295] Connection timeout limit in seconds
ignoreAuthInfoUnavailable (boolean) false true, false Ignores authentication information if not available
ignoreUnknownUser (boolean) false true, false Ignores a user that is unknown
loginAttribute (string)
Logon attribute. If server is a Microsoft Windows Active Directory server, the value must be the account name “samaccountname”
port (integer) 389 [0, 65535] Port number for the LDAP service
searchBaseDn (string)
Search base distinguished name
searchScope (string) “sub” “base”, “one”, “sub” Level of remote server’s directory to search for user authentication, either base object, one level, or subtree
searchTimeout (integer) 30 [0, 4294967295] Search timeout limit in seconds
servers (array<string>)
IP addresses or hostnames of the remote authentication servers.
userTemplate (string)
Specifies a user template for the LDAP application to use for authentication.
version (integer) 3 [2, 3] Specifies the version number of the LDAP application.

Authentication_radius

Authentication radius possible properties

Properties:

Name (Type) Default Values Description
servers (reference)
RADIUS servers settings
serviceType (string) “default” “administrative”, “authenticate-only”, “call-check”, “callback-administrative”, “callback-framed”, “callback-login”, “callback-nas-prompt”, “default”, “framed”, “login”, “nas-prompt”, “outbound” Type of service used for the RADIUS server.

Authentication_remoteUsersDefaults

Authentication remoteUsersDefaults possible properties

Properties:

Name (Type) Default Values Description
partitionAccess (string) “all” “Common”, “all” Default accessible partitions for remote users.
role (string) “no-access” “acceleration-policy-editor”, “admin”, “application-editor”, “auditor”, “certificate-manager”, “firewall-manager”, “fraud-protection-manager”, “guest”, “irule-manager”, “manager”, “no-access”, “operator”, “resource-admin”, “user-manager”, “web-application-security-administrator”, “web-application-security-editor” Role for the remote users.
terminalAccess (string) “disabled” “tmsh”, “disabled” Default terminal access for remote users.

Authentication_tacacs

Authentication tacacs possible properties

Properties:

Name (Type) Default Values Description
accounting (string) “send-to-first-server” “send-to-all-servers”, “send-to-first-server” Specifies how the system returns accounting information, such as which services users access and how much network resources they consume, to the TACACS+ server. The default setting is Send to first available server.
authentication (string) “use-first-server” “use-all-servers”, “use-first-server” Specifies the process the system employs when sending authentication requests. The default is Authenticate to first server.
debug (boolean) false true, false Specifies whether to log Syslog debugging information at the LOG_DEBUG level. We do not recommend enabling this setting for normal use. The default is Disabled.
encryption (boolean) true true, false Specifies whether to use encryption of TACACS+ packets. The default is Enabled.
protocol (string)
“lcp”, “ip”, “ipx”, “atalk”, “vines”, “lat”, “xremote”, “tn3270”, “telnet”, “rlogin”, “pad”, “vpdn”, “ftp”, “http”, “deccp”, “osicp”, “unknown” Specifies the protocol associated with the value specified in Service Name, which is a subset of the associated service being used for client authorization or system accounting. You can use following values: lcp, ip, ipx, atalk, vines, lat, xremote, tn3270, telnet, rlogin, pad, vpdn, ftp, http, deccp, osicp, and unknown. Note that the majority of TACACS+ implementations are of protocol type ip, so try that first.
secret (string)
Type the secret key used to encrypt and decrypt packets sent or received from the server. Do not use the pound sign ( # ) in the secret for TACACS+ servers.
servers (array<string>)
Specifies a list of the IPv4 addresses for servers using the Terminal Access Controller Access System (TACACS)+ protocol with which the system communicates to obtain authorization data. For each address, an alternate TCP port number may be optionally specified by entering the address in the format address:port. If no port number is specified, the default port 49 is used.
service (string)
“slip”, “ppp”, “arap”, “shell”, “tty-daemon”, “connection”, “system”, “firewall” Specifies the name of the service that the user is requesting to be authorized to use. Identifying what the user is asking to be authorized for, enables the TACACS+ server to behave differently for different types of authorization requests. You can use following values: slip, ppp, arap, shell, tty-daemon, connection, system, and firewall. Specifying this setting is required. Note that the majority of TACACS+ implementations are of service type ppp, so try that first.

ConfigSync

Clustering properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
class (string)
“ConfigSync” Indicates that this property contains config sync IP configuration.
configsyncIp (string)
ConfigSync IP

DagGlobals

Network properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
class (string)
“DagGlobals” Indicates that this property contains DAG Globals configuration.
icmpHash (string) “icmp” “icmp”, “ipicmp” Specifies ICMP hash for ICMP echo request and ICMP echo reply in SW DAG.
ipv6PrefixLength (integer) 128 [0, 128] Specifies whether SPDAG or IPv6 prefix DAG should be used to disaggregate IPv6 traffic when vlan cmp hash is set to src-ip or dst-ip.
roundRobinMode (string) “global” “global”, “local” Specifies whether the round robin disaggregator (DAG) on a blade can disaggregate packets to all the TMMs in the system or only to the TMMs local to the blade.

DbVariables

System properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
class (string)
“DbVariables” Indicates that this property contains global db variable configuration.

Device

Top level schema for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
$schema (string)
format: uri URL of schema against which to validate. Used by validation in your local environment only (via Visual Studio Code, for example)
async (boolean) false true, false Tells the API to return a 202 HTTP status before processing is complete. User must then poll for status.
class (string)
“Device” Indicates this JSON document is a Device declaration
Common (Device_Common)
Special tenant Common holds objects other tenants can share
Credentials (array<Device_Credentials>)
-, - Credentials which can be referenced from other parts of the declaration or the remote wrapper.
label (string)
result (Device_result)
Status of current request. This is set by the system.
schemaVersion (string)
“1.7.0”, “1.6.1”, “1.6.0”, “1.5.1”, “1.5.0”, “1.4.1”, “1.4.0”, “1.3.0”, “1.2.0”, “1.1.0”, “1.0.0” Version of Declarative Onboarding schema this declaration uses.
webhook (string)
format: uri URL to post results to

Device_Common

Device Common possible properties

Properties:

Name (Type) Default Values Description
class (string)
“Tenant”
hostname (string)
format: hostname Hostname to set for device.

Device_Credentials

Device Credentials possible properties when object type

Properties:

Name (Type) Default Values Description
password (string)
regex: ^.{0,254}$ Password for username account. This is generally not required to configure ‘localhost’ and is not required when you populate tokens
tokens (object)
One or more HTTP headers (each a property, like ‘X-F5-Auth-Token’: ‘MF6APSRUYKTMSDBEOOEWLCNSO2’) you want to send with queries to the device management service as authentication/authorization tokens
username (string)
regex: ^[^:]{0,254}$ Username of principal authorized to modify configuration of device (may not include the character ‘:’). NOTE: this is generally not required to configure ‘localhost’ because client authentication and authorization precede invocation of DO. It is also not required for any host if you populate tokens

Device_result

Device result possible properties

Properties:

Name (Type) Default Values Description
class (string)
“Result”
code (string)
“OK”, “ERROR” Status code.
message (string)
Further detail about the status.

DeviceGroup

Clustering properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
asmSync (boolean) false true, false Whether or not the device group should sync ASM properties
autoSync (boolean) false true, false Whether or not the device group should auto sync
class (string)
“DeviceGroup” Indicates that this property contains device group configuration.
fullLoadOnSync (boolean) false true, false Whether or not the device group should do a full load on sync
members (array<string>)
format: hostname Members to add to the device group if they are already in the trust domain
networkFailover (boolean) false true, false Whether or not the device group supports network failover
owner (string)
Owning device. Config will be pushed from this device. If this is present, device group will only be created if the current device is the owner. If not present, device group will be created if it does not exist
saveOnAutoSync (boolean) false true, false Whether or not the device group should save on auto sync
type (string)
“sync-failover”, “sync-only” Type of the device group

DeviceTrust

Clustering properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
class (string)
“DeviceTrust” Indicates that this property contains device trust configuration.
localPassword (string)
The password for the localUsername
localUsername (string)
The username for the local device
remoteHost (string)
The remote hostname or IP address
remotePassword (string)
Password for the remote user in remoteUsername
remoteUsername (string)
An admin user on the remote host

DNS

System properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
class (string)
“DNS” Indicates that this property contains DNS configuration.
nameServers (array<string>)
IP addresses of name servers to use for DNS.
search (array<string>)
format: hostname Search domain to use for DNS.

FailoverUnicast

Clustering properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
address (string)
IP address to listen on for failover heartbeats
class (string)
“FailoverUnicast” Indicates that this property contains failover unicast address configuration.
port (number) 1026
Port to listen on for failover heartbeats

License

System properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
licenseType (reference)
unitOfMeasure (reference) “monthly”

ManagementRoute

System properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
class (string)
“ManagementRoute” Indicates this property contains management route configuration
gw (string)
Gateway for the management route.
mtu (integer)
[0, 65535] MTU for the management route.
network (string) “default”
IP address/netmask for the management route
type (string)
“interface”, “blackhole” Type of the management route

NTP

System properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
class (string)
“NTP” Indicates that this property contains NTP configuration.
servers (array<string>)
IP addresses of servers to use for NTP.
timezone (string)
The timezone to set.

Provision

System properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
class (string)
“Provision” Indicates that this property contains module provisioning configuration.

RemoteAuthRole

Authentication properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
attribute (string)
Specifies an attribute-value pair that an authentication server supplies to the BIG-IP system to match against entries in /config/bigip/auth/remoterole. The specified pair typically identifies users with access rights in common. This option is required.
class (string)
“RemoteAuthRole” Indicates that this property contains RemoteAuthRole configuration.
console (string) “disabled” “disabled”, “tmsh” Specifes if the remotely-authenticated users have tmsh console access or not. Accepted values are ‘disabled’ and ‘tmsh’.
lineOrder (integer)
[0, 4294967295] Specifies the number of the first populated line in the file, /config/bigip/auth/remoterole. The LDAP, Active Directory, RADIUS, and TACACS+ servers read this file line by line. The order of the information is important; therefore, F5 Networks recommends that you set the first line at 1000. This allows you, in the future, to insert lines before the first line. This option is required.
remoteAccess (boolean) false true, false Enables the specified group of remotely-authenticated users, remote access.
role (string) “no-access” “admin”, “fraud-protection-manager”, “application-editor”, “certificate-manager”, “firewall-manager”, “guest”, “manager”, “no-access”, “operator”, “resource-admin”, “web-application-security-administrator”, “web-application-security-editor”, “user-manager” Specifies the role that you want to grant to the specified group of remotely-authenticated users.
userPartition (string) “Common” “all”, “Common” Specifies the BIG-IP partition to which you are assigning access to the specified group of remotely-authenticated users. The default value is Common. This option is required.

Route

Network properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
class (string)
“Route” Indicates that this property contains Route configuration.
gw (string)
Gateway for the route.
mtu (integer)
[0, 9198] MTU for the route.
network (string) “default”
IP address/netmask for route

RouteDomain

Network properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
bandWidthControllerPolicy (string)
Specifies the bandwidth controller policy for the route domain.
class (string)
“RouteDomain” Indicates that this property contains Route Domain configuration.
connectionLimit (integer) 0 [0, 4294967295] The connection limit for the route domain.
enforcedFirewallPolicy (string)
Specifies an enforced firewall policy on the route domain.
flowEvictionPolicy (string)
Specifies a flow eviction policy for the route domain to use.
id (integer)
[0, 65534] Specifies a unique numeric identifier for the route domain.
ipIntelligencePolicy (string)
Specifies an IP intelligence policy for the route domain to use.
routingProtocols (array<string>)
“BFD”, “BGP”, “IS-IS”, “OSPFv2”, “OSPFv3”, “PIM”, “RIP”, “RIPng” Specifies routing protocols for the system to use in the route domain.
securityNatPolicy (string)
Specifies the security NAT policy for the route domain.
servicePolicy (string)
Specifies the service policy for the route domain.
stagedFirewallPolicy (string)
Specifies a staged firewall policy on the route domain.
strict (boolean) true true, false Determines whether a connection can span route domains.
vlans (array<string>)
Specifies VLANS for the system to use in the route domain.

SelfIp

Network properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
address (string)
format: f5ip IP address.
allowService (string | array<string>) “default”
Which services (ports) to allow on the self IP. Value should be ‘all’, ‘none’, ‘default’, or array of ‘<service:port>
class (string)
“SelfIp” Indicates that this property contains Self IP configuration.
trafficGroup (string) “traffic-group-local-only” “traffic-group-local-only”, “traffic-group-1” Traffic group for the Self IP.
vlan (string)
VLAN for the self IP.

SnmpAgent

System properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
allowList (array<string>)
format: f5ip Allowed client IP addresses.
class (string)
“SnmpAgent” Indicates that this property contains basic SNMP agent configuration.
contact (string)
The name of the person who administers the SNMP service for this system.
location (string)
The description of this system’s physical location.

SnmpCommunity

System properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
access (string) “ro” “ro”, “rw” Whether the user’s access level to the MIB is readOnly.
class (string)
“SnmpCommunity” Indicates that this property contains SNMP v1 or v2c community configuration.
ipv6 (boolean) false true, false Specifies whether the record applies to IPv6 addresses.
name (string)
Overrides using the object name as the community name. Use this if you want special characters in the community name.
oid (string)
Specifies the current object identifier (OID) for the record.
source (string)
Specifies the source address for access to the MIB.

SnmpTrapDestination

System properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
authentication (SnmpTrapDestination_authentication)
Specifies the user’s authentication method and password.
class (string)
“SnmpTrapDestination” Indicates that this property contains SNMP trap configuration.
community (string)
Specifies the community name for the trap destination. — Note: This property is available only when version is NOT ‘3’
destination (string)
Specifies the address for the trap destination.
engineId (string)
Specifies the unique identifier (snmpEngineID) of the remote SNMP protocol engine.
network (string)
“management”, “other” Specifies the trap network. The system sends the SNMP trap out the specified network. ‘management’ specifies that the system sends the trap out of the management IP address. ‘other’ specifies that the system sends the trap out of the interface based on the routing tables.
port (integer)
[0, 65535] Specifies the port for the trap destination.
privacy (SnmpTrapDestination_privacy)
Specifies the privacy protcol to use to deliver authentication information for this user.
securityName (string)
Specifies the user name the system uses to handle SNMP v3 traps.
version (string)
“1”, “2c”, “3” Specifies to which Simple Network Management Protocol (SNMP) version the trap destination applies.

SnmpTrapDestination_authentication

SnmpTrapDestination authentication possible properties

Properties:

Name (Type) Default Values Description
password (string)
Specifies the password for the user.
protocol (string)
“sha”, “md5” Authentication protocol.

SnmpTrapDestination_privacy

SnmpTrapDestination privacy possible properties

Properties:

Name (Type) Default Values Description
password (string)
Specifies the password for the user.
protocol (string)
“aes”, “des” Specifies the encryption protocol.

SnmpTrapEvents

System properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
agentStartStop (boolean) true true, false Indicates whether to send a trap when the SNMP agent starts/stops.
authentication (boolean) false true, false Indicates whether to send authentication warning traps.
class (string)
“SnmpTrapEvents” Indicates that this property contains SNMP trap configuration.
device (boolean) true true, false Indicates whether to send device warning traps.

SnmpUser

System properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
access (string) “ro” “ro”, “rw” Whether the user’s access level to the MIB is readOnly.
authentication (SnmpUser_authentication)
Specifies the user’s authentication method and password.
class (string)
“SnmpUser” Indicates that this property contains SNMP v3 user configuration.
name (string)
Overrides using the object name as the username. Use this if you want special characters in the username.
oid (string) “.1”
Specifies the current object identifier (OID) for the record.
privacy (SnmpUser_privacy)
Specifies the privacy protcol to use to deliver authentication information for this user.

SnmpUser_authentication

SnmpUser authentication possible properties

Properties:

Name (Type) Default Values Description
password (string)
Specifies the password for the user.
protocol (string) “sha” “sha”, “md5” Authentication protocol.

SnmpUser_privacy

SnmpUser privacy possible properties

Properties:

Name (Type) Default Values Description
password (string)
Specifies the password for the user.
protocol (string) “aes” “aes”, “des” Specifies the encryption protocol.

SyslogRemoteServer

System properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
class (string)
“SyslogRemoteServer” Indicates that this property contains Syslog Remote Server Information
host (string)
Specifies the IP address of a remote server to which syslog sends messages.
localIp (string)
Specifies the IP address of the interface syslog binds with in order to log messages to a remote host.
remotePort (integer) 514 [0, 65535] Specifies the port to which the syslog sends messages.

TrafficControl

System properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
acceptIpOptions (boolean) false true, false Specifies whether the system accepts IPv4 packets with IP Options.
acceptIpSourceRoute (boolean) false true, false Specifies whether the system accepts IPv4 packets with IP source route options that are destined for TMM. To enable this option, you must also enable the acceptIpOptions option.
allowIpSourceRoute (boolean) false true, false Specifies whether the system allows IPv4 packets with IP source route options enabled to be routed through TMM. To enable this option, you must also enable the acceptIpOptions option.
class (string)
“TrafficControl” Indicates this property contains traffic control configuration
continueMatching (boolean) false true, false Specifies whether the system matches against a less-specific virtual server when the more-specific one is disabled or rejects / drops the packets depending on the value of rejectUnmatched.
maxIcmpRate (integer) 100 [0, 2147483647] Specifies the maximum rate per second at which the system issues ICMP errors.
maxPortFindLinear (integer) 16 [0, 61439] Specifies the maximum of ports to linearly search for outbound connections
maxPortFindRandom (integer) 16 [0, 1024] Specifies the maximum of ports to randomly search for outbound connections
maxRejectRate (integer) 250 [1, 1000] Specifies the maximum rate per second at which the system issues reject packets (TCP RST or ICMP port unreach).
maxRejectRateTimeout (integer) 30 [0, 300] Specifies the time in seconds which the system ignores ICMP port unreach and TCP RST ratelimits on becoming active after a failover.
minPathMtu (reference) 296
Specifies the minimum packet size that can traverse the path without suffering fragmentation
pathMtuDiscovery (boolean) true true, false Specifies that the system discovers the MTU that it can send over a path without fragmenting TCP packets
portFindThresholdTimeout (integer) 30 [0, 300] Specifies the threshold warning’s timeout which is the time in seconds since the last trigger value was hit and will drop the tuple if not hit.
portFindThresholdTrigger (integer) 8 [1, 12] Specifies the threshold warning’s trigger which is the value of random port attempts when attempting to find an unused outbound port for a connection.
portFindThresholdWarning (boolean) true true, false Specifies if the ephemeral port-exhaustion threshold warning is to be monitored.
rejectUnmatched (boolean) true true, false Specifies, when enabled, that the system returns a TCP RST or ICMP port unreach packet if no virtual servers on the system match the destination address of the incoming packet. When disabled, the system silently drops the unmatched packet.

Trunk

Network properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
class (string)
“Trunk” Indicates that this property contains Trunk configuration.
distributionHash (string) “dst-mac” “dst-mac”, “src-dst-ipport”, “src-dst-mac” Specifies the basis for the hash that the system uses as the frame distribution algorithm. Choices are ‘dst-mac’ (use the destination MAC addresses), ‘src-dist-mac’ (use the source, destination, and MAC addresses), or ‘src-dst-ipport’ (use the source and destination IP addresses and ports).
interfaces (array<string>)  
Interfaces for the Trunk. The number of interfaces used is recommended to be a power of 2 (for example 2, 4, or 8). Interfaces must be untagged.
lacpEnabled (boolean) false true, false Specifies, when true, that the system supports the link aggregation control protocol (LACP), which monitors the trunk by exchanging control packets over the member links to determine the health of the links.
lacpMode (string) “active” “active”, “passive” Specifies the operation mode for LACP if the lacp option is enabled for the trunk. The values are ‘active’ (specifies the system periodically transmits LACP packets, regardless of the control value of the peer system) and ‘passive’ (specifies the system periodically transmits LACP packets, unless the control value of the peer system is active).
lacpTimeout (string) “long” “long”, “short” Specifies the rate at which the system sends the LACP control packets.
linkSelectPolicy (string) “auto” “auto”, “maximum-bandwidth” Sets the LACP policy that the trunk uses to determine which member link (interface) can handle new traffic.
qinqEthertype (string) “0x8100” regex: ^0x[a-fA-F0-9]{4}$ Specifies the ether-type value used for the packets handled on this trunk when it is a member in a QinQ vlan.
spanningTreeEnabled (boolean) true true, false Enables the spanning tree protocols (STP).

User

System properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
class (string)
“User” Indicates that this property contains user configuration. — Note: This property is available only when userType is NOT ‘root’
keys (array<string>)  
An array of public keys for the user. These will overwrite the /home/username/.ssh/authorized_keys if not root. — Note: This property is available only when userType is NOT ‘root’
newPassword (string)
Password to set for the root user.
oldPassword (string)
Old password for the root user.
partitionAccess (User_partitionAccess)
Access control configuration. — Note: This property is available only when userType is NOT ‘root’
password (string)
Password for the user. — Note: This property is available only when userType is NOT ‘root’
shell (string) “tmsh” “bash”, “tmsh”, “none” Shell for the user. — Note: This property is available only when userType is NOT ‘root’
userType (string)
“regular” The type of user. — Note: This property is available only when userType is NOT ‘root’

User_partitionAccess

User partitionAccess possible properties

Properties:

Name (Type) Default Values Description
all-partitions (partitionAccess)
Common (partitionAccess)

VLAN

Network properties for onboarding a BIG-IP.

Properties:

Name (Type) Default Values Description
class (string)
“VLAN” Indicates that this property contains VLAN configuration.
cmpHash (string) “default” “default”, “dst-ip”, “src-ip” Specifies how the traffic on the VLAN will be disaggregated.
interfaces (array<VLAN_interfaces>)
Interfaces for the VLAN.
mtu (integer) 1500 [576, 9198] MTU for the VLAN.
tag (integer)
[1, 4094] Tag for the VLAN.

VLAN_interfaces

VLAN interfaces possible properties when object type

Properties:

Name (Type) Default Values Description
name (string)
Name of the interface.
tagged (boolean)
true, false Whether or not the interface is tagged. Default is true if a VLAN tag is provided, otherwise false.