arista/anta
1
0
Fork 0
Code Activity
anta/examples/tests.yaml
Daniel Baumann afeccccd6a
Merging upstream version 1.2.0. 
Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-02-05 11:55:22 +01:00

845 lines
28 KiB
YAML
Raw Blame History

---
anta.tests.aaa:
- VerifyAcctConsoleMethods:
# Verifies the AAA accounting console method lists for different accounting types (system, exec, commands, dot1x).
methods:
- local
- none
- logging
types:
- system
- exec
- commands
- dot1x
- VerifyAcctDefaultMethods:
# Verifies the AAA accounting default method lists for different accounting types (system, exec, commands, dot1x).
methods:
- local
- none
- logging
types:
- system
- exec
- commands
- dot1x
- VerifyAuthenMethods:
# Verifies the AAA authentication method lists for different authentication types (login, enable, dot1x).
methods:
- local
- none
- logging
types:
- login
- enable
- dot1x
- VerifyAuthzMethods:
# Verifies the AAA authorization method lists for different authorization types (commands, exec).
methods:
- local
- none
- logging
types:
- commands
- exec
- VerifyTacacsServerGroups:
# Verifies if the provided TACACS server group(s) are configured.
groups:
- TACACS-GROUP1
- TACACS-GROUP2
- VerifyTacacsServers:
# Verifies TACACS servers are configured for a specified VRF.
servers:
- 10.10.10.21
- 10.10.10.22
vrf: MGMT
- VerifyTacacsSourceIntf:
# Verifies TACACS source-interface for a specified VRF.
intf: Management0
vrf: MGMT
anta.tests.avt:
- VerifyAVTPathHealth:
# Verifies the status of all AVT paths for all VRFs.
- VerifyAVTRole:
# Verifies the AVT role of a device.
role: edge
- VerifyAVTSpecificPath:
# Verifies the Adaptive Virtual Topology (AVT) path.
avt_paths:
- avt_name: CONTROL-PLANE-PROFILE
vrf: default
destination: 10.101.255.2
next_hop: 10.101.255.1
path_type: direct
anta.tests.bfd:
- VerifyBFDPeersHealth:
# Verifies the health of IPv4 BFD peers across all VRFs.
down_threshold: 2
- VerifyBFDPeersIntervals:
# Verifies the timers of IPv4 BFD peer sessions.
bfd_peers:
- peer_address: 192.0.255.8
vrf: default
tx_interval: 1200
rx_interval: 1200
multiplier: 3
- peer_address: 192.0.255.7
vrf: default
tx_interval: 1200
rx_interval: 1200
multiplier: 3
- VerifyBFDPeersRegProtocols:
# Verifies the registered routing protocol of IPv4 BFD peer sessions.
bfd_peers:
- peer_address: 192.0.255.7
vrf: default
protocols:
- bgp
- VerifyBFDSpecificPeers:
# Verifies the state of IPv4 BFD peer sessions.
bfd_peers:
- peer_address: 192.0.255.8
vrf: default
- peer_address: 192.0.255.7
vrf: default
anta.tests.configuration:
- VerifyRunningConfigDiffs:
# Verifies there is no difference between the running-config and the startup-config.
- VerifyRunningConfigLines:
# Search the Running-Config for the given RegEx patterns.
regex_patterns:
- "^enable password.*$"
- "bla bla"
- VerifyZeroTouch:
# Verifies ZeroTouch is disabled.
anta.tests.connectivity:
- VerifyLLDPNeighbors:
# Verifies the connection status of the specified LLDP (Link Layer Discovery Protocol) neighbors.
neighbors:
- port: Ethernet1
neighbor_device: DC1-SPINE1
neighbor_port: Ethernet1
- port: Ethernet2
neighbor_device: DC1-SPINE2
neighbor_port: Ethernet1
- VerifyReachability:
# Test network reachability to one or many destination IP(s).
hosts:
- source: Management0
destination: 1.1.1.1
vrf: MGMT
df_bit: True
size: 100
- source: Management0
destination: 8.8.8.8
vrf: MGMT
df_bit: True
size: 100
anta.tests.cvx:
- VerifyActiveCVXConnections:
# Verifies the number of active CVX Connections.
connections_count: 100
- VerifyCVXClusterStatus:
# Verifies the CVX Server Cluster status.
role: Master
peer_status:
- peer_name : cvx-red-2
registration_state: Registration complete
- peer_name: cvx-red-3
registration_state: Registration error
- VerifyManagementCVX:
# Verifies the management CVX global status.
enabled: true
- VerifyMcsClientMounts:
# Verify if all MCS client mounts are in mountStateMountComplete.
- VerifyMcsServerMounts:
# Verify if all MCS server mounts are in a MountComplete state.
connections_count: 100
anta.tests.field_notices:
- VerifyFieldNotice44Resolution:
# Verifies that the device is using the correct Aboot version per FN0044.
- VerifyFieldNotice72Resolution:
# Verifies if the device is exposed to FN0072, and if the issue has been mitigated.
anta.tests.flow_tracking:
- VerifyHardwareFlowTrackerStatus:
# Verifies if hardware flow tracking is running and an input tracker is active. Optionally verifies the tracker interval/timeout and exporter configuration.
trackers:
- name: FLOW-TRACKER
record_export:
on_inactive_timeout: 70000
on_interval: 300000
exporters:
- name: CV-TELEMETRY
local_interface: Loopback0
template_interval: 3600000
anta.tests.greent:
- VerifyGreenT:
# Verifies if a GreenT policy other than the default is created.
- VerifyGreenTCounters:
# Verifies if the GreenT counters are incremented.
anta.tests.hardware:
- VerifyAdverseDrops:
# Verifies there are no adverse drops on DCS-7280 and DCS-7500 family switches.
- VerifyEnvironmentCooling:
# Verifies the status of power supply fans and all fan trays.
states:
- ok
- VerifyEnvironmentPower:
# Verifies the power supplies status.
states:
- ok
- VerifyEnvironmentSystemCooling:
# Verifies the device's system cooling status.
- VerifyTemperature:
# Verifies if the device temperature is within acceptable limits.
- VerifyTransceiversManufacturers:
# Verifies if all the transceivers come from approved manufacturers.
manufacturers:
- Not Present
- Arista Networks
- Arastra, Inc.
- VerifyTransceiversTemperature:
# Verifies if all the transceivers are operating at an acceptable temperature.
anta.tests.interfaces:
- VerifyIPProxyARP:
# Verifies if Proxy ARP is enabled.
interfaces:
- Ethernet1
- Ethernet2
- VerifyIllegalLACP:
# Verifies there are no illegal LACP packets in all port channels.
- VerifyInterfaceDiscards:
# Verifies that the interfaces packet discard counters are equal to zero.
- VerifyInterfaceErrDisabled:
# Verifies there are no interfaces in the errdisabled state.
- VerifyInterfaceErrors:
# Verifies that the interfaces error counters are equal to zero.
- VerifyInterfaceIPv4:
# Verifies the interface IPv4 addresses.
interfaces:
- name: Ethernet2
primary_ip: 172.30.11.1/31
secondary_ips:
- 10.10.10.1/31
- 10.10.10.10/31
- VerifyInterfaceUtilization:
# Verifies that the utilization of interfaces is below a certain threshold.
threshold: 70.0
- VerifyInterfacesSpeed:
# Verifies the speed, lanes, auto-negotiation status, and mode as full duplex for interfaces.
interfaces:
- name: Ethernet2
auto: False
speed: 10
- name: Eth3
auto: True
speed: 100
lanes: 1
- name: Eth2
auto: False
speed: 2.5
- VerifyInterfacesStatus:
# Verifies the operational states of specified interfaces to ensure they match expected configurations.
interfaces:
- name: Ethernet1
status: up
- name: Port-Channel100
status: down
line_protocol_status: lowerLayerDown
- name: Ethernet49/1
status: adminDown
line_protocol_status: notPresent
- VerifyIpVirtualRouterMac:
# Verifies the IP virtual router MAC address.
mac_address: 00:1c:73:00:dc:01
- VerifyL2MTU:
# Verifies the global L2 MTU of all L2 interfaces.
mtu: 1500
ignored_interfaces:
- Management1
- Vxlan1
specific_mtu:
- Ethernet1/1: 1500
- VerifyL3MTU:
# Verifies the global L3 MTU of all L3 interfaces.
mtu: 1500
ignored_interfaces:
- Vxlan1
specific_mtu:
- Ethernet1: 2500
- VerifyLACPInterfacesStatus:
# Verifies the Link Aggregation Control Protocol (LACP) status of the interface.
interfaces:
- name: Ethernet1
portchannel: Port-Channel100
- VerifyLoopbackCount:
# Verifies the number of loopback interfaces and their status.
number: 3
- VerifyPortChannels:
# Verifies there are no inactive ports in all port channels.
- VerifySVI:
# Verifies the status of all SVIs.
- VerifyStormControlDrops:
# Verifies there are no interface storm-control drop counters.
anta.tests.lanz:
- VerifyLANZ:
# Verifies if LANZ is enabled.
anta.tests.logging:
- VerifyLoggingAccounting:
# Verifies if AAA accounting logs are generated.
- VerifyLoggingErrors:
# Verifies there are no syslog messages with a severity of ERRORS or higher.
- VerifyLoggingHostname:
# Verifies if logs are generated with the device FQDN.
- VerifyLoggingHosts:
# Verifies logging hosts (syslog servers) for a specified VRF.
hosts:
- 1.1.1.1
- 2.2.2.2
vrf: default
- VerifyLoggingLogsGeneration:
# Verifies if logs are generated.
- VerifyLoggingPersistent:
# Verifies if logging persistent is enabled and logs are saved in flash.
- VerifyLoggingSourceIntf:
# Verifies logging source-interface for a specified VRF.
interface: Management0
vrf: default
- VerifyLoggingTimestamp:
# Verifies if logs are generated with the appropriate timestamp.
anta.tests.mlag:
- VerifyMlagConfigSanity:
# Verifies there are no MLAG config-sanity inconsistencies.
- VerifyMlagDualPrimary:
# Verifies the MLAG dual-primary detection parameters.
detection_delay: 200
errdisabled: True
recovery_delay: 60
recovery_delay_non_mlag: 0
- VerifyMlagInterfaces:
# Verifies there are no inactive or active-partial MLAG ports.
- VerifyMlagPrimaryPriority:
# Verifies the configuration of the MLAG primary priority.
primary_priority: 3276
- VerifyMlagReloadDelay:
# Verifies the reload-delay parameters of the MLAG configuration.
reload_delay: 300
reload_delay_non_mlag: 330
- VerifyMlagStatus:
# Verifies the health status of the MLAG configuration.
anta.tests.multicast:
- VerifyIGMPSnoopingGlobal:
# Verifies the IGMP snooping global status.
enabled: True
- VerifyIGMPSnoopingVlans:
# Verifies the IGMP snooping status for the provided VLANs.
vlans:
10: False
12: False
anta.tests.path_selection:
- VerifyPathsHealth:
# Verifies the path and telemetry state of all paths under router path-selection.
- VerifySpecificPath:
# Verifies the path and telemetry state of a specific path for an IPv4 peer under router path-selection.
paths:
- peer: 10.255.0.1
path_group: internet
source_address: 100.64.3.2
destination_address: 100.64.1.2
anta.tests.profiles:
- VerifyTcamProfile:
# Verifies the device TCAM profile.
profile: vxlan-routing
- VerifyUnifiedForwardingTableMode:
# Verifies the device is using the expected UFT mode.
mode: 3
anta.tests.ptp:
- VerifyPtpGMStatus:
# Verifies that the device is locked to a valid PTP Grandmaster.
gmid: 0xec:46:70:ff:fe:00:ff:a9
- VerifyPtpLockStatus:
# Verifies that the device was locked to the upstream PTP GM in the last minute.
- VerifyPtpModeStatus:
# Verifies that the device is configured as a PTP Boundary Clock.
- VerifyPtpOffset:
# Verifies that the PTP timing offset is within +/- 1000ns from the master clock.
- VerifyPtpPortModeStatus:
# Verifies the PTP interfaces state.
anta.tests.routing.bgp:
- VerifyBGPAdvCommunities:
# Verifies that advertised communities are standard, extended and large for BGP peers.
bgp_peers:
- peer_address: 172.30.11.17
vrf: default
- peer_address: 172.30.11.21
vrf: default
- VerifyBGPExchangedRoutes:
# Verifies the advertised and received routes of BGP peers.
bgp_peers:
- peer_address: 172.30.255.5
vrf: default
advertised_routes:
- 192.0.254.5/32
received_routes:
- 192.0.255.4/32
- peer_address: 172.30.255.1
vrf: default
advertised_routes:
- 192.0.255.1/32
- 192.0.254.5/32
received_routes:
- 192.0.254.3/32
- VerifyBGPPeerASNCap:
# Verifies the four octet ASN capability of BGP peers.
bgp_peers:
- peer_address: 172.30.11.1
vrf: default
- VerifyBGPPeerCount:
# Verifies the count of BGP peers for given address families.
address_families:
- afi: "evpn"
num_peers: 2
- afi: "ipv4"
safi: "unicast"
vrf: "PROD"
num_peers: 2
- afi: "ipv4"
safi: "unicast"
vrf: "default"
num_peers: 3
- afi: "ipv4"
safi: "multicast"
vrf: "DEV"
num_peers: 3
- VerifyBGPPeerDropStats:
# Verifies BGP NLRI drop statistics for the provided BGP IPv4 peer(s).
bgp_peers:
- peer_address: 172.30.11.1
vrf: default
drop_stats:
- inDropAsloop
- prefixEvpnDroppedUnsupportedRouteType
- VerifyBGPPeerMD5Auth:
# Verifies the MD5 authentication and state of IPv4 BGP peers in a specified VRF.
bgp_peers:
- peer_address: 172.30.11.1
vrf: default
- peer_address: 172.30.11.5
vrf: default
- VerifyBGPPeerMPCaps:
# Verifies the multiprotocol capabilities of BGP peers.
bgp_peers:
- peer_address: 172.30.11.1
vrf: default
strict: False
capabilities:
- ipv4Unicast
- VerifyBGPPeerRouteLimit:
# Verifies maximum routes and outbound route-maps of BGP IPv4 peer(s).
bgp_peers:
- peer_address: 172.30.11.1
vrf: default
maximum_routes: 12000
warning_limit: 10000
- VerifyBGPPeerRouteRefreshCap:
# Verifies the route refresh capabilities of a BGP peer in a specified VRF.
bgp_peers:
- peer_address: 172.30.11.1
vrf: default
- VerifyBGPPeerUpdateErrors:
# Verifies BGP update error counters for the provided BGP IPv4 peer(s).
bgp_peers:
- peer_address: 172.30.11.1
vrf: default
update_errors:
- inUpdErrWithdraw
- VerifyBGPPeersHealth:
# Verifies the health of BGP peers for given address families.
address_families:
- afi: "evpn"
- afi: "ipv4"
safi: "unicast"
vrf: "default"
- afi: "ipv6"
safi: "unicast"
vrf: "DEV"
check_tcp_queues: false
- VerifyBGPSpecificPeers:
# Verifies the health of specific BGP peer(s) for given address families.
address_families:
- afi: "evpn"
peers:
- 10.1.0.1
- 10.1.0.2
- afi: "ipv4"
safi: "unicast"
peers:
- 10.1.254.1
- 10.1.255.0
- 10.1.255.2
- 10.1.255.4
- VerifyBGPTimers:
# Verifies the timers of BGP peers.
bgp_peers:
- peer_address: 172.30.11.1
vrf: default
hold_time: 180
keep_alive_time: 60
- peer_address: 172.30.11.5
vrf: default
hold_time: 180
keep_alive_time: 60
- VerifyBgpRouteMaps:
# Verifies BGP inbound and outbound route-maps of BGP IPv4 peer(s).
bgp_peers:
- peer_address: 172.30.11.1
vrf: default
inbound_route_map: RM-MLAG-PEER-IN
outbound_route_map: RM-MLAG-PEER-OUT
- VerifyEVPNType2Route:
# Verifies the EVPN Type-2 routes for a given IPv4 or MAC address and VNI.
vxlan_endpoints:
- address: 192.168.20.102
vni: 10020
- address: aac1.ab5d.b41e
vni: 10010
anta.tests.routing.generic:
- VerifyIPv4RouteType:
# Verifies the route-type of the IPv4 prefixes.
routes_entries:
- prefix: 10.10.0.1/32
vrf: default
route_type: eBGP
- prefix: 10.100.0.12/31
vrf: default
route_type: connected
- prefix: 10.100.1.5/32
vrf: default
route_type: iBGP
- VerifyRoutingProtocolModel:
# Verifies the configured routing protocol model.
model: multi-agent
- VerifyRoutingTableEntry:
# Verifies that the provided routes are present in the routing table of a specified VRF.
vrf: default
routes:
- 10.1.0.1
- 10.1.0.2
- VerifyRoutingTableSize:
# Verifies the size of the IP routing table of the default VRF.
minimum: 2
maximum: 20
anta.tests.routing.isis:
- VerifyISISInterfaceMode:
# Verifies interface mode for IS-IS
interfaces:
- name: Loopback0
mode: passive
# vrf is set to default by default
- name: Ethernet2
mode: passive
level: 2
# vrf is set to default by default
- name: Ethernet1
mode: point-to-point
vrf: default
# level is set to 2 by default
- VerifyISISNeighborCount:
# Verifies number of IS-IS neighbors per level and per interface.
interfaces:
- name: Ethernet1
level: 1
count: 2
- name: Ethernet2
level: 2
count: 1
- name: Ethernet3
count: 2
# level is set to 2 by default
- VerifyISISNeighborState:
# Verifies all IS-IS neighbors are in UP state.
- VerifyISISSegmentRoutingAdjacencySegments:
# Verify that all expected Adjacency segments are correctly visible for each interface.
instances:
- name: CORE-ISIS
vrf: default
segments:
- interface: Ethernet2
address: 10.0.1.3
sid_origin: dynamic
- VerifyISISSegmentRoutingDataplane:
# Verify dataplane of a list of ISIS-SR instances.
instances:
- name: CORE-ISIS
vrf: default
dataplane: MPLS
- VerifyISISSegmentRoutingTunnels:
# Verify ISIS-SR tunnels computed by device.
entries:
# Check only endpoint
- endpoint: 1.0.0.122/32
# Check endpoint and via TI-LFA
- endpoint: 1.0.0.13/32
vias:
- type: tunnel
tunnel_id: ti-lfa
# Check endpoint and via IP routers
- endpoint: 1.0.0.14/32
vias:
- type: ip
nexthop: 1.1.1.1
anta.tests.routing.ospf:
- VerifyOSPFMaxLSA:
# Verifies all OSPF instances did not cross the maximum LSA threshold.
- VerifyOSPFNeighborCount:
# Verifies the number of OSPF neighbors in FULL state is the one we expect.
number: 3
- VerifyOSPFNeighborState:
# Verifies all OSPF neighbors are in FULL state.
anta.tests.security:
- VerifyAPIHttpStatus:
# Verifies if eAPI HTTP server is disabled globally.
- VerifyAPIHttpsSSL:
# Verifies if the eAPI has a valid SSL profile.
profile: default
- VerifyAPIIPv4Acl:
# Verifies if eAPI has the right number IPv4 ACL(s) configured for a specified VRF.
number: 3
vrf: default
- VerifyAPIIPv6Acl:
# Verifies if eAPI has the right number IPv6 ACL(s) configured for a specified VRF.
number: 3
vrf: default
- VerifyAPISSLCertificate:
# Verifies the eAPI SSL certificate expiry, common subject name, encryption algorithm and key size.
certificates:
- certificate_name: ARISTA_SIGNING_CA.crt
expiry_threshold: 30
common_name: AristaIT-ICA ECDSA Issuing Cert Authority
encryption_algorithm: ECDSA
key_size: 256
- certificate_name: ARISTA_ROOT_CA.crt
expiry_threshold: 30
common_name: Arista Networks Internal IT Root Cert Authority
encryption_algorithm: RSA
key_size: 4096
- VerifyBannerLogin:
# Verifies the login banner of a device.
login_banner: |
# Copyright (c) 2023-2024 Arista Networks, Inc.
# Use of this source code is governed by the Apache License 2.0
# that can be found in the LICENSE file.
- VerifyBannerMotd:
# Verifies the motd banner of a device.
motd_banner: |
# Copyright (c) 2023-2024 Arista Networks, Inc.
# Use of this source code is governed by the Apache License 2.0
# that can be found in the LICENSE file.
- VerifyHardwareEntropy:
# Verifies hardware entropy generation is enabled on device.
- VerifyIPSecConnHealth:
# Verifies all IPv4 security connections.
- VerifyIPv4ACL:
# Verifies the configuration of IPv4 ACLs.
ipv4_access_lists:
- name: default-control-plane-acl
entries:
- sequence: 10
action: permit icmp any any
- sequence: 20
action: permit ip any any tracked
- sequence: 30
action: permit udp any any eq bfd ttl eq 255
- name: LabTest
entries:
- sequence: 10
action: permit icmp any any
- sequence: 20
action: permit tcp any any range 5900 5910
- VerifySSHIPv4Acl:
# Verifies if the SSHD agent has IPv4 ACL(s) configured.
number: 3
vrf: default
- VerifySSHIPv6Acl:
# Verifies if the SSHD agent has IPv6 ACL(s) configured.
number: 3
vrf: default
- VerifySSHStatus:
# Verifies if the SSHD agent is disabled in the default VRF.
- VerifySpecificIPSecConn:
# Verifies the IPv4 security connections.
ip_security_connections:
- peer: 10.255.0.1
- peer: 10.255.0.2
vrf: default
connections:
- source_address: 100.64.3.2
destination_address: 100.64.2.2
- source_address: 172.18.3.2
destination_address: 172.18.2.2
- VerifyTelnetStatus:
# Verifies if Telnet is disabled in the default VRF.
anta.tests.services:
- VerifyDNSLookup:
# Verifies the DNS name to IP address resolution.
domain_names:
- arista.com
- www.google.com
- arista.ca
- VerifyDNSServers:
# Verifies if the DNS (Domain Name Service) servers are correctly configured.
dns_servers:
- server_address: 10.14.0.1
vrf: default
priority: 1
- server_address: 10.14.0.11
vrf: MGMT
priority: 0
- VerifyErrdisableRecovery:
# Verifies the errdisable recovery reason, status, and interval.
reasons:
- reason: acl
interval: 30
- reason: bpduguard
interval: 30
- VerifyHostname:
# Verifies the hostname of a device.
hostname: s1-spine1
anta.tests.snmp:
- VerifySnmpContact:
# Verifies the SNMP contact of a device.
contact: Jon@example.com
- VerifySnmpErrorCounters:
# Verifies the SNMP error counters.
error_counters:
- inVersionErrs
- VerifySnmpIPv4Acl:
# Verifies if the SNMP agent has IPv4 ACL(s) configured.
number: 3
vrf: default
- VerifySnmpIPv6Acl:
# Verifies if the SNMP agent has IPv6 ACL(s) configured.
number: 3
vrf: default
- VerifySnmpLocation:
# Verifies the SNMP location of a device.
location: New York
- VerifySnmpPDUCounters:
# Verifies the SNMP PDU counters.
pdus:
- outTrapPdus
- inGetNextPdus
- VerifySnmpStatus:
# Verifies if the SNMP agent is enabled.
vrf: default
anta.tests.software:
- VerifyEOSExtensions:
# Verifies that all EOS extensions installed on the device are enabled for boot persistence.
- VerifyEOSVersion:
# Verifies the EOS version of the device.
versions:
- 4.25.4M
- 4.26.1F
- VerifyTerminAttrVersion:
# Verifies the TerminAttr version of the device.
versions:
- v1.13.6
- v1.8.0
anta.tests.stp:
- VerifySTPBlockedPorts:
# Verifies there is no STP blocked ports.
- VerifySTPCounters:
# Verifies there is no errors in STP BPDU packets.
- VerifySTPForwardingPorts:
# Verifies that all interfaces are forwarding for a provided list of VLAN(s).
vlans:
- 10
- 20
- VerifySTPMode:
# Verifies the configured STP mode for a provided list of VLAN(s).
mode: rapidPvst
vlans:
- 10
- 20
- VerifySTPRootPriority:
# Verifies the STP root priority for a provided list of VLAN or MST instance ID(s).
priority: 32768
instances:
- 10
- 20
- VerifyStpTopologyChanges:
# Verifies the number of changes across all interfaces in the Spanning Tree Protocol (STP) topology is below a threshold.
threshold: 10
anta.tests.stun:
- VerifyStunClient:
# (Deprecated) Verifies the translation for a source address on a STUN client.
stun_clients:
- source_address: 172.18.3.2
public_address: 172.18.3.21
source_port: 4500
public_port: 6006
- VerifyStunClientTranslation:
# Verifies the translation for a source address on a STUN client.
stun_clients:
- source_address: 172.18.3.2
public_address: 172.18.3.21
source_port: 4500
public_port: 6006
- source_address: 100.64.3.2
public_address: 100.64.3.21
source_port: 4500
public_port: 6006
- VerifyStunServer:
# Verifies the STUN server status is enabled and running.
anta.tests.system:
- VerifyAgentLogs:
# Verifies there are no agent crash reports.
- VerifyCPUUtilization:
# Verifies whether the CPU utilization is below 75%.
- VerifyCoredump:
# Verifies there are no core dump files.
- VerifyFileSystemUtilization:
# Verifies that no partition is utilizing more than 75% of its disk space.
- VerifyMemoryUtilization:
# Verifies whether the memory utilization is below 75%.
- VerifyNTP:
# Verifies if NTP is synchronised.
- VerifyNTPAssociations:
# Verifies the Network Time Protocol (NTP) associations.
ntp_servers:
- server_address: 1.1.1.1
preferred: True
stratum: 1
- server_address: 2.2.2.2
stratum: 2
- server_address: 3.3.3.3
stratum: 2
- VerifyReloadCause:
# Verifies the last reload cause of the device.
- VerifyUptime:
# Verifies the device uptime.
minimum: 86400
anta.tests.vlan:
- VerifyVlanInternalPolicy:
# Verifies the VLAN internal allocation policy and the range of VLANs.
policy: ascending
start_vlan_id: 1006
end_vlan_id: 4094
anta.tests.vxlan:
- VerifyVxlan1ConnSettings:
# Verifies the interface vxlan1 source interface and UDP port.
source_interface: Loopback1
udp_port: 4789
- VerifyVxlan1Interface:
# Verifies the Vxlan1 interface status.
- VerifyVxlanConfigSanity:
# Verifies there are no VXLAN config-sanity inconsistencies.
- VerifyVxlanVniBinding:
# Verifies the VNI-VLAN bindings of the Vxlan1 interface.
bindings:
10010: 10
10020: 20
- VerifyVxlanVtep:
# Verifies the VTEP peers of the Vxlan1 interface.
vteps:
- 10.1.1.5
- 10.1.1.6
View git blame Copy permalink