diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md index 4e8ebb2ff1d..93e1dfe8d6a 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md @@ -8,6 +8,7 @@ - [IP Domain-list](#ip-domain-list) - [Clock Settings](#clock-settings) - [NTP](#ntp) + - [System Control-Plane](#system-control-plane) - [Management SSH](#management-ssh) - [Management Tech-Support](#management-tech-support) - [CVX](#cvx) @@ -150,6 +151,9 @@ - [VRF Instances](#vrf-instances) - [VRF Instances Summary](#vrf-instances-summary) - [VRF Instances Device Configuration](#vrf-instances-device-configuration) +- [System L1](#system-l1) + - [Unsupported Interface Configurations](#unsupported-interface-configurations) + - [System L1 Device Configuration](#system-l1-device-configuration) - [Application Traffic Recognition](#application-traffic-recognition) - [Applications](#applications) - [Application Profiles](#application-profiles) @@ -328,6 +332,48 @@ ntp server 20.20.20.1 key ntp server ie.pool.ntp.org iburst key ``` +### System Control-Plane + +#### TCP MSS Ceiling + +| Protocol | Segment Size | +| -------- | -------------| +| IPv4 | 1344 | +| IPv6 | 1366 | + +#### Control-Plane Access-Groups + +| Protocol | VRF | Access-list | +| -------- | --- | ------------| +| IPv4 Ingress default | All | ingress_ipv4_acl | +| IPv6 Ingress default | All | ingress_ipv6_acl | +| IPv4 | default | acl4_1 | +| IPv4 | red | acl4_2 | +| IPv4 | red_1 | acl4_2 | +| IPv4 | default | acl4_3 | +| IPv6 | default | acl6_1 | +| IPv6 | blue | acl6_2 | +| IPv6 | blue_1 | acl6_2 | +| IPv6 | default | acl6_3 | + +#### System Control-Plane Device Configuration + +```eos +! +system control-plane + tcp mss ceiling ipv4 1344 ipv6 1366 + ip access-group ingress default ingress_ipv4_acl + ip access-group acl4_1 in + ip access-group acl4_3 vrf default in + ip access-group acl4_2 vrf red in + ip access-group acl4_2 vrf red_1 in + ipv6 access-group ingress default ingress_ipv6_acl + ipv6 access-group acl6_1 in + ipv6 access-group acl6_3 vrf default in + ipv6 access-group acl6_2 vrf blue in + ipv6 access-group acl6_2 vrf blue_1 in +``` + ### Management SSH #### Authentication Settings @@ -6098,6 +6144,24 @@ vrf instance TENANT_A_PROJECT01 vrf instance TENANT_A_PROJECT02 ``` +## System L1 + +### Unsupported Interface Configurations + +| Unsupported Configuration | action | +| ---------------- | -------| +| Speed | warn | +| Error correction | error | + +### System L1 Device Configuration + +```eos +! +system l1 + unsupported speed action warn + unsupported error-correction action error +``` + ## Application Traffic Recognition ### Applications diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/system.md b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/system.md deleted file mode 100644 index b09a9142548..00000000000 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/system.md +++ /dev/null @@ -1,94 +0,0 @@ -# system - -## Table of Contents - -- [Management](#management) - - [Management Interfaces](#management-interfaces) - - [System Control-Plane](#system-control-plane) -- [System L1](#system-l1) - - [Unsupported Interface Configurations](#unsupported-interface-configurations) - - [System L1 Device Configuration](#system-l1-device-configuration) - -## Management - -### Management Interfaces - -#### Management Interfaces Summary - -##### IPv4 - -| Management Interface | Description | Type | VRF | IP Address | Gateway | -| -------------------- | ----------- | ---- | --- | ---------- | ------- | -| Management1 | OOB_MANAGEMENT | oob | MGMT | 10.73.255.122/24 | 10.73.255.2 | - -##### IPv6 - -| Management Interface | Description | Type | VRF | IPv6 Address | IPv6 Gateway | -| -------------------- | ----------- | ---- | --- | ------------ | ------------ | -| Management1 | OOB_MANAGEMENT | oob | MGMT | - | - | - -#### Management Interfaces Device Configuration - -```eos -! -interface Management1 - description OOB_MANAGEMENT - vrf MGMT - ip address 10.73.255.122/24 -``` - -### System Control-Plane - -#### TCP MSS Ceiling - -| Protocol | Segment Size | -| -------- | -------------| -| IPv4 | 1344 | -| IPv6 | 1366 | - -#### Control-Plane Access-Groups - -| Protocol | VRF | Access-list | -| -------- | --- | ------------| -| IPv4 | default | acl4_1 | -| IPv4 | red | acl4_2 | -| IPv4 | red_1 | acl4_2 | -| IPv4 | default | acl4_3 | -| IPv6 | default | acl6_1 | -| IPv6 | blue | acl6_2 | -| IPv6 | blue_1 | acl6_2 | -| IPv6 | default | acl6_3 | - -#### System Control-Plane Device Configuration - -```eos -! -system control-plane - tcp mss ceiling ipv4 1344 ipv6 1366 - ip access-group acl4_1 in - ip access-group acl4_3 vrf default in - ip access-group acl4_2 vrf red in - ip access-group acl4_2 vrf red_1 in - ipv6 access-group acl6_1 in - ipv6 access-group acl6_3 vrf default in - ipv6 access-group acl6_2 vrf blue in - ipv6 access-group acl6_2 vrf blue_1 in -``` - -## System L1 - -### Unsupported Interface Configurations - -| Unsupported Configuration | action | -| ---------------- | -------| -| Speed | warn | -| Error correction | error | - -### System L1 Device Configuration - -```eos -! -system l1 - unsupported speed action warn - unsupported error-correction action error -``` diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host1.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host1.cfg index 1e1915189a4..2c5ed9c0634 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host1.cfg @@ -500,6 +500,10 @@ no sflow hardware acceleration module Linecard3 ! service unsupported-transceiver test dsafDSFfvadskjh3424 ! +system l1 + unsupported speed action warn + unsupported error-correction action error +! tap aggregation mode exclusive profile tap-aggregation-extended encapsulation dot1br strip @@ -3065,6 +3069,19 @@ mac access-list TEST4 permit any 02:00:00:12:34:56 00:00:00:00:00:00 deny any 02:00:00:ab:cd:ef 00:00:00:00:00:00 ! +system control-plane + tcp mss ceiling ipv4 1344 ipv6 1366 + ip access-group ingress default ingress_ipv4_acl + ip access-group acl4_1 in + ip access-group acl4_3 vrf default in + ip access-group acl4_2 vrf red in + ip access-group acl4_2 vrf red_1 in + ipv6 access-group ingress default ingress_ipv6_acl + ipv6 access-group acl6_1 in + ipv6 access-group acl6_3 vrf default in + ipv6 access-group acl6_2 vrf blue in + ipv6 access-group acl6_2 vrf blue_1 in +! mac address-table notification host-flap logging mac address-table notification host-flap detection window 10 mac address-table notification host-flap detection moves 2 diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/system.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/system.cfg deleted file mode 100644 index d246010a90b..00000000000 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/system.cfg +++ /dev/null @@ -1,20 +0,0 @@ -! -system l1 - unsupported speed action warn - unsupported error-correction action error -! -interface Management1 - description OOB_MANAGEMENT - vrf MGMT - ip address 10.73.255.122/24 -! -system control-plane - tcp mss ceiling ipv4 1344 ipv6 1366 - ip access-group acl4_1 in - ip access-group acl4_3 vrf default in - ip access-group acl4_2 vrf red in - ip access-group acl4_2 vrf red_1 in - ipv6 access-group acl6_1 in - ipv6 access-group acl6_3 vrf default in - ipv6 access-group acl6_2 vrf blue in - ipv6 access-group acl6_2 vrf blue_1 in diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/system.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/host1/system.yml similarity index 82% rename from ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/system.yml rename to ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/host1/system.yml index 4158907f7cd..5b8816533fa 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/system.yml +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/host1/system.yml @@ -3,6 +3,7 @@ system: tcp_mss: ipv4: 1344 ipv6: 1366 + ipv4_access_group_ingress_default: ingress_ipv4_acl ipv4_access_groups: - acl_name: "acl4_1" - acl_name: "acl4_2" @@ -11,6 +12,7 @@ system: vrf: red_1 - acl_name: "acl4_3" vrf: default + ipv6_access_group_ingress_default: ingress_ipv6_acl ipv6_access_groups: - acl_name: "acl6_1" - acl_name: "acl6_2" diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/hosts.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/hosts.yml index e6a586e9cdb..543677f8b5d 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/hosts.yml +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/hosts.yml @@ -85,7 +85,6 @@ test_hosts: spanning-tree-rapid-pvst: sync-e: tcam-profile: - system: terminattr-cloud: terminattr-extra-flags: terminattr-multi-cluster-certs: diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/system.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/system.md index 050f3ab4e68..a9d23e78899 100644 --- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/system.md +++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/system.md @@ -12,9 +12,11 @@ | [    tcp_mss](## "system.control_plane.tcp_mss") | Dictionary | | | | | | [      ipv4](## "system.control_plane.tcp_mss.ipv4") | Integer | | | | Segment size. | | [      ipv6](## "system.control_plane.tcp_mss.ipv6") | Integer | | | | Segment size. | + | [    ipv4_access_group_ingress_default](## "system.control_plane.ipv4_access_group_ingress_default") | String | | | | ACL name to be used as the default CP ACL for all VRFs. | | [    ipv4_access_groups](## "system.control_plane.ipv4_access_groups") | List, items: Dictionary | | | | | | [      - acl_name](## "system.control_plane.ipv4_access_groups.[].acl_name") | String | Required | | | | | [        vrf](## "system.control_plane.ipv4_access_groups.[].vrf") | String | | | | | + | [    ipv6_access_group_ingress_default](## "system.control_plane.ipv6_access_group_ingress_default") | String | | | | ACL name to be used as the default CP ACL for all VRFs. | | [    ipv6_access_groups](## "system.control_plane.ipv6_access_groups") | List, items: Dictionary | | | | | | [      - acl_name](## "system.control_plane.ipv6_access_groups.[].acl_name") | String | Required | | | | | [        vrf](## "system.control_plane.ipv6_access_groups.[].vrf") | String | | | | | @@ -34,9 +36,15 @@ # Segment size. ipv6: + + # ACL name to be used as the default CP ACL for all VRFs. + ipv4_access_group_ingress_default: ipv4_access_groups: - acl_name: vrf: + + # ACL name to be used as the default CP ACL for all VRFs. + ipv6_access_group_ingress_default: ipv6_access_groups: - acl_name: vrf: diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/system.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/system.j2 index 7a685f9db8f..d829ff21a07 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/system.j2 +++ b/python-avd/pyavd/_eos_cli_config_gen/j2templates/documentation/system.j2 @@ -20,12 +20,20 @@ | IPv6 | {{ system.control_plane.tcp_mss.ipv6 }} | {% endif %} {% endif %} -{% if system.control_plane.ipv4_access_groups is arista.avd.defined or system.control_plane.ipv6_access_groups is arista.avd.defined %} +{% if system.control_plane.ipv4_access_groups is arista.avd.defined or system.control_plane.ipv6_access_groups is arista.avd.defined or system.control_plane.ipv4_access_group_ingress_default is arista.avd.defined or system.control_plane.ipv6_access_group_ingress_default is arista.avd.defined %} #### Control-Plane Access-Groups | Protocol | VRF | Access-list | | -------- | --- | ------------| +{# IPv4 Access-groups Ingress Default #} +{% if system.control_plane.ipv4_access_group_ingress_default is arista.avd.defined %} +| IPv4 Ingress default | All | {{ system.control_plane.ipv4_access_group_ingress_default }} | +{% endif %} +{# IPv6 Access-groups Ingress Default #} +{% if system.control_plane.ipv6_access_group_ingress_default is arista.avd.defined %} +| IPv6 Ingress default | All | {{ system.control_plane.ipv6_access_group_ingress_default }} | +{% endif %} {# IPv4 Access-groups #} {% for acl_set in system.control_plane.ipv4_access_groups | arista.avd.natural_sort %} | IPv4 | {{ acl_set.vrf | arista.avd.default('default') }} | {{ acl_set.acl_name }} | diff --git a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/system.j2 b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/system.j2 index 913ebf3c154..652fb1236f0 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/system.j2 +++ b/python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/system.j2 @@ -19,6 +19,9 @@ system control-plane {{ cp_mss_cli }} {% endif %} {# control_plane access_groups ipv4 #} +{% if system.control_plane.ipv4_access_group_ingress_default is arista.avd.defined %} + ip access-group ingress default {{ system.control_plane.ipv4_access_group_ingress_default }} +{% endif %} {% if system.control_plane.ipv4_access_groups is arista.avd.defined %} {% set with_vrf_non_default = system.control_plane.ipv4_access_groups | selectattr('vrf', 'arista.avd.defined') | rejectattr('vrf', 'equalto', 'default') | arista.avd.natural_sort | arista.avd.natural_sort('vrf') %} {% set without_vrf = system.control_plane.ipv4_access_groups | rejectattr('vrf', 'arista.avd.defined') | arista.avd.natural_sort %} @@ -34,6 +37,9 @@ system control-plane {{ cp_ipv4_access_grp }} {% endfor %} {# control_plane access_groups ipv6 #} +{% if system.control_plane.ipv6_access_group_ingress_default is arista.avd.defined %} + ipv6 access-group ingress default {{ system.control_plane.ipv6_access_group_ingress_default }} +{% endif %} {% if system.control_plane.ipv6_access_groups is arista.avd.defined %} {% set with_vrf_non_default = system.control_plane.ipv6_access_groups | selectattr('vrf', 'arista.avd.defined') | rejectattr('vrf', 'equalto', 'default') | arista.avd.natural_sort | arista.avd.natural_sort('vrf') %} {% set without_vrf = system.control_plane.ipv6_access_groups | rejectattr('vrf', 'arista.avd.defined') | arista.avd.natural_sort %} diff --git a/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml b/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml index 3d096271e83..f13012ec9a2 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml +++ b/python-avd/pyavd/_eos_cli_config_gen/schema/eos_cli_config_gen.schema.yml @@ -20436,6 +20436,9 @@ keys: ipv6: type: int description: Segment size. + ipv4_access_group_ingress_default: + type: str + description: ACL name to be used as the default CP ACL for all VRFs. ipv4_access_groups: type: list unique_keys: @@ -20450,6 +20453,9 @@ keys: type: str convert_types: - int + ipv6_access_group_ingress_default: + type: str + description: ACL name to be used as the default CP ACL for all VRFs. ipv6_access_groups: type: list unique_keys: diff --git a/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/system.schema.yml b/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/system.schema.yml index c844c587a50..ff92974b1d1 100644 --- a/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/system.schema.yml +++ b/python-avd/pyavd/_eos_cli_config_gen/schema/schema_fragments/system.schema.yml @@ -22,6 +22,9 @@ keys: ipv6: type: int description: Segment size. + ipv4_access_group_ingress_default: + type: str + description: ACL name to be used as the default CP ACL for all VRFs. ipv4_access_groups: type: list unique_keys: @@ -36,6 +39,9 @@ keys: type: str convert_types: - int + ipv6_access_group_ingress_default: + type: str + description: ACL name to be used as the default CP ACL for all VRFs. ipv6_access_groups: type: list unique_keys: