aristanetworks · Vibhu-gslab · Sep 17, 2024 · Sep 19, 2024 · Oct 17, 2024 · Oct 21, 2024
@@ -7,6 +7,7 @@
   - [Management Interfaces](#management-interfaces)
   - [IP Domain-list](#ip-domain-list)
   - [Clock Settings](#clock-settings)
+  - [System Control-Plane](#system-control-plane)
 - [CVX](#cvx)
   - [CVX Services](#cvx-services)
   - [CVX Device Configuration](#cvx-device-configuration)
@@ -51,6 +52,9 @@
 - [VRF Instances](#vrf-instances)
   - [VRF Instances Summary](#vrf-instances-summary)
   - [VRF Instances Device Configuration](#vrf-instances-device-configuration)
+- [System L1](#system-l1)
+  - [Unsupported Interface Configurations](#unsupported-interface-configurations)
+  - [System L1 Device Configuration](#system-l1-device-configuration)
 - [Application Traffic Recognition](#application-traffic-recognition)
   - [Applications](#applications)
   - [Application Profiles](#application-profiles)
@@ -153,6 +157,52 @@ Clock Timezone is set to **GMT**.
 clock timezone GMT
 ```
 
+### System Control-Plane
+
+#### TCP MSS Ceiling
+
+| Protocol | Segment Size |
+| -------- | -------------|
+| IPv4 | 1344 |
+| IPv6 | 1366 |
+
+#### Control-Plane Access-Groups
+
+| Protocol | VRF | Access-list | Ingress-default |
+| -------- | --- | ------------| --------------- |
+| IPv4 | default | acl4_1 | False |
+| IPv4 | - | acl4_2 | True |
+| IPv4 | default | acl4_3 | False |
+| IPv4 | red_2 | acl4_4 | False |
+| IPv4 | red_5 | acl4_4 | False |
+| IPv4 | red_3 | acl4_5 | False |
+| IPv4 | red_4 | ingress | False |
+| IPv6 | default | acl6_1 | False |
+| IPv6 | blue | acl6_2 | False |
+| IPv6 | blue_1 | acl6_2 | False |
+| IPv6 | default | acl6_3 | False |
+| IPv6 | - | acl6_4 | True |
+| IPv6 | blue_2 | ingress | False |
+
+#### System Control-Plane Device Configuration
+
+```eos
+!
+system control-plane
+   tcp mss ceiling ipv4 1344 ipv6 1366
+   ip access-group ingress default acl4_2
+   ip access-group acl4_3 in
+   ip access-group acl4_4 vrf red_2 in
+   ip access-group acl4_5 vrf red_3 in
+   ip access-group ingress vrf red_4 in
+   ip access-group acl4_4 vrf red_5 in
+   ip access-group ingress default acl6_4
+   ip access-group acl6_3 in
+   ip access-group acl6_2 vrf blue in
+   ip access-group acl6_2 vrf blue_1 in
+   ip access-group ingress vrf blue_2 in
+```
+
 ## CVX
 
 | Peer Hosts |
@@ -1125,6 +1175,24 @@ vrf instance TENANT_A_PROJECT01
 vrf instance TENANT_A_PROJECT02
 ```
 
+## System L1
+
+### Unsupported Interface Configurations
+
+| Unsupported Configuration | action |
+| ---------------- | -------|
+| Speed | warn |
+| Error correction | error |
+
+### System L1 Device Configuration
+
+```eos
+!
+system l1
+   unsupported speed action warn
+   unsupported error-correction action error
+```
+
 ## Application Traffic Recognition
 
 ### Applications

@@ -182,6 +182,10 @@ aaa group server ldap LDAP1
    server 192.168.10.157 vrf mgt
    server 10.10.10.248
 !
+system l1
+   unsupported speed action warn
+   unsupported error-correction action error
+!
 clock timezone GMT
 !
 vrf instance BLAH
@@ -577,6 +581,20 @@ ip extcommunity-list regexp TEST1 deny .*
 !
 ip extcommunity-list regexp TEST2 deny 6500[0-1]:650[0-9][0-9]
 !
+system control-plane
+   tcp mss ceiling ipv4 1344 ipv6 1366
+   ip access-group ingress default acl4_2
+   ip access-group acl4_3 in
+   ip access-group acl4_4 vrf red_2 in
+   ip access-group acl4_5 vrf red_3 in
+   ip access-group ingress vrf red_4 in
+   ip access-group acl4_4 vrf red_5 in
+   ip access-group ingress default acl6_4
+   ip access-group acl6_3 in
+   ip access-group acl6_2 vrf blue in
+   ip access-group acl6_2 vrf blue_1 in
+   ip access-group ingress vrf blue_2 in
+!
 arp persistent refresh-delay 700
 arp aging timeout default 300
 arp vrf BLAH 42.42.42.42 DEAD.BEEF.CAFE arpa

@@ -5,12 +5,19 @@ system:
       ipv6: 1366
     ipv4_access_groups:
       - acl_name: "acl4_1"
-      - acl_name: "acl4_2"
-        vrf: red
-      - acl_name: "acl4_2"
-        vrf: red_1
+      - acl_name: "acl4_4"
+        vrf: red_2
       - acl_name: "acl4_3"
         vrf: default
+      - acl_name: "acl4_2"
+        ingress_default: true
+      - acl_name: "acl4_5"
+        vrf: red_3
+        ingress_default: false
+      - acl_name: "ingress"
+        vrf: red_4
+      - acl_name: "acl4_4"
+        vrf: red_5
     ipv6_access_groups:
       - acl_name: "acl6_1"
       - acl_name: "acl6_2"
@@ -19,6 +26,10 @@ system:
         vrf: blue_1
       - acl_name: "acl6_3"
         vrf: default
+      - acl_name: "acl6_4"
+        ingress_default: true
+      - acl_name: "ingress"
+        vrf: blue_2
   l1:
     unsupported_speed_action: warn
     unsupported_error_correction_action: error
@@ -153,7 +153,6 @@ test_hosts:
     sync-e:
     tcam-profile:
     static-routes:
-    system:
     tap-aggregation:
     terminal:
     terminattr-cloud:

@@ -24,15 +24,17 @@
 
 #### Control-Plane Access-Groups
 
-| Protocol | VRF | Access-list |
-| -------- | --- | ------------|
+| Protocol | VRF | Access-list | Ingress-default |
+| -------- | --- | ------------| --------------- |
 {#         IPv4 Access-groups #}
 {%         for acl_set in system.control_plane.ipv4_access_groups | arista.avd.natural_sort %}
-| IPv4 | {{ acl_set.vrf | arista.avd.default('default') }} | {{ acl_set.acl_name }} |
+{%             set vrf = '-' if acl_set.ingress_default is arista.avd.defined(true) else acl_set.vrf | arista.avd.default('default') %}
+| IPv4 | {{ vrf }} | {{ acl_set.acl_name }} | {{ acl_set.ingress_default | arista.avd.default('False') }} |
 {%         endfor %}
 {#         IPv6 Access-groups #}
 {%         for acl_set in system.control_plane.ipv6_access_groups | arista.avd.natural_sort %}
-| IPv6 | {{ acl_set.vrf | arista.avd.default('default') }} | {{ acl_set.acl_name }} |
+{%             set vrf = '-' if acl_set.ingress_default is arista.avd.defined(true) else acl_set.vrf | arista.avd.default('default') %}
+| IPv6 | {{ vrf }} | {{ acl_set.acl_name }} | {{ acl_set.ingress_default | arista.avd.default('False') }} |
 {%         endfor %}
 {%     endif %}