diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-CL1A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-CL1A.cfg
index e9907df1ea6..b87f1d4c95f 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-CL1A.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-CL1A.cfg
@@ -208,13 +208,6 @@ interface Vxlan1
vxlan vlan 311 vni 30311
vxlan vlan 350 vni 30350
!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- 15 deny ip any host 10.1.10.1
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- remark Some remark will not require source and destination fields.
- permit ip host 10.1.10.1 any
-!
ip routing
no ip routing vrf MGMT
!
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-CL1B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-CL1B.cfg
index 8c64545a256..3e2568b4617 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-CL1B.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-CL1B.cfg
@@ -208,13 +208,6 @@ interface Vxlan1
vxlan vlan 311 vni 30311
vxlan vlan 350 vni 30350
!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- 15 deny ip any host 10.1.10.1
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- remark Some remark will not require source and destination fields.
- permit ip host 10.1.10.1 any
-!
ip routing
no ip routing vrf MGMT
!
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF1A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF1A.cfg
index 19bfacd967f..a287ae07a8c 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF1A.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF1A.cfg
@@ -122,13 +122,6 @@ interface Vlan4091
mtu 1500
no autostate
ip address 10.255.252.14/31
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- 15 deny ip any host 10.1.10.1
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- remark Some remark will not require source and destination fields.
- permit ip host 10.1.10.1 any
no ip routing vrf MGMT
!
mlag configuration
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF1B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF1B.cfg
index 4e37bd7ad5c..8cfd112809f 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF1B.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF1B.cfg
@@ -122,13 +122,6 @@ interface Vlan4091
mtu 1500
no autostate
ip address 10.255.252.15/31
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- 15 deny ip any host 10.1.10.1
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- remark Some remark will not require source and destination fields.
- permit ip host 10.1.10.1 any
no ip routing vrf MGMT
!
mlag configuration
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF2A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF2A.cfg
index e2d31d0bf3e..0d11936d6ab 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF2A.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF2A.cfg
@@ -147,13 +147,6 @@ interface Vlan4091
mtu 1500
no autostate
ip address 10.255.252.16/31
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- 15 deny ip any host 10.1.10.1
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- remark Some remark will not require source and destination fields.
- permit ip host 10.1.10.1 any
no ip routing vrf MGMT
!
mlag configuration
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF2B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF2B.cfg
index 7225e8e0651..c79fad5fa34 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF2B.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF2B.cfg
@@ -147,13 +147,6 @@ interface Vlan4091
mtu 1500
no autostate
ip address 10.255.252.17/31
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- 15 deny ip any host 10.1.10.1
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- remark Some remark will not require source and destination fields.
- permit ip host 10.1.10.1 any
no ip routing vrf MGMT
!
mlag configuration
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF3A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF3A.cfg
index 88f0f9dcf1a..8ea8adf26ec 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF3A.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF3A.cfg
@@ -88,13 +88,6 @@ interface Management1
no shutdown
vrf MGMT
ip address 192.168.200.116/24
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- 15 deny ip any host 10.1.10.1
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- remark Some remark will not require source and destination fields.
- permit ip host 10.1.10.1 any
no ip routing vrf MGMT
!
ip route vrf MGMT 0.0.0.0/0 192.168.200.5
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF4A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF4A.cfg
index 89abf59300a..dc50cf1a693 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF4A.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF4A.cfg
@@ -88,13 +88,6 @@ interface Management1
no shutdown
vrf MGMT
ip address 192.168.200.119/24
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- 15 deny ip any host 10.1.10.1
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- remark Some remark will not require source and destination fields.
- permit ip host 10.1.10.1 any
no ip routing vrf MGMT
!
ip route vrf MGMT 0.0.0.0/0 192.168.200.5
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1.L2LEAF5A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1.L2LEAF5A.cfg
index 37d1ebda8f2..a674967a3ea 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1.L2LEAF5A.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1.L2LEAF5A.cfg
@@ -118,13 +118,6 @@ interface Vlan4091
mtu 1500
no autostate
ip address 10.255.252.26/31
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- 15 deny ip any host 10.1.10.1
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- remark Some remark will not require source and destination fields.
- permit ip host 10.1.10.1 any
no ip routing vrf MGMT
!
mlag configuration
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1.L2LEAF5B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1.L2LEAF5B.cfg
index 8455a23f8f5..5c41f4680fa 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1.L2LEAF5B.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1.L2LEAF5B.cfg
@@ -118,13 +118,6 @@ interface Vlan4091
mtu 1500
no autostate
ip address 10.255.252.27/31
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- 15 deny ip any host 10.1.10.1
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- remark Some remark will not require source and destination fields.
- permit ip host 10.1.10.1 any
no ip routing vrf MGMT
!
mlag configuration
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/evpn_services_l2_only_true.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/evpn_services_l2_only_true.cfg
index aabc065b08d..917d49430b7 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/evpn_services_l2_only_true.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/evpn_services_l2_only_true.cfg
@@ -185,13 +185,6 @@ interface Vxlan1
vxlan vlan 451 vni 40451
vxlan vlan 452 vni 40452
!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- 15 deny ip any host 10.1.10.1
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- remark Some remark will not require source and destination fields.
- permit ip host 10.1.10.1 any
-!
ip routing
no ip routing vrf MGMT
!
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_default.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_default.cfg
index 1a885fa5d16..45ddc420080 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_default.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_default.cfg
@@ -137,13 +137,6 @@ interface Management1
no shutdown
vrf MGMT
ip address 1.1.1.2
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- 15 deny ip any host 10.1.10.1
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- remark Some remark will not require source and destination fields.
- permit ip host 10.1.10.1 any
no ip routing vrf MGMT
!
ip route vrf MGMT 0.0.0.0/0 1.1.1.1
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_fabric.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_fabric.cfg
index 46de1ac4578..964bff62ef1 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_fabric.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_fabric.cfg
@@ -137,13 +137,6 @@ interface MY_INTERFACE_FABRIC
no shutdown
vrf MGMT
ip address 1.1.1.2
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- 15 deny ip any host 10.1.10.1
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- remark Some remark will not require source and destination fields.
- permit ip host 10.1.10.1 any
no ip routing vrf MGMT
!
ip route vrf MGMT 0.0.0.0/0 1.1.1.1
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_host.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_host.cfg
index 138ccbdbd7b..eeeb228ef0a 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_host.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_host.cfg
@@ -142,13 +142,6 @@ interface MY_INTERFACE_HOST
!
hardware tcam
system profile vxlan-routing
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- 15 deny ip any host 10.1.10.1
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- remark Some remark will not require source and destination fields.
- permit ip host 10.1.10.1 any
no ip routing vrf MGMT
!
ip route vrf MGMT 0.0.0.0/0 1.1.1.1
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_platform.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_platform.cfg
index 62c7cda4049..0150c5aff2f 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_platform.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_platform.cfg
@@ -142,13 +142,6 @@ interface Management0
!
hardware tcam
system profile vxlan-routing
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- 15 deny ip any host 10.1.10.1
-!
-ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- remark Some remark will not require source and destination fields.
- permit ip host 10.1.10.1 any
no ip routing vrf MGMT
!
ip route vrf MGMT 0.0.0.0/0 1.1.1.1
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1A.yml
index 1485478c391..31681a09a84 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1A.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1A.yml
@@ -454,21 +454,6 @@ router_bfd:
interval: 1200
min_rx: 1200
multiplier: 3
-ip_access_lists:
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- entries:
- - sequence: 15
- action: deny
- protocol: ip
- source: any
- destination: 10.1.10.1
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- entries:
- - remark: Some remark will not require source and destination fields.
- - action: permit
- protocol: ip
- source: 10.1.10.1
- destination: any
ip_igmp_snooping:
globally_enabled: true
vlans:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1B.yml
index 1e60cb4a9ee..32cdf24d313 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1B.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1B.yml
@@ -462,21 +462,6 @@ router_bfd:
interval: 1200
min_rx: 1200
multiplier: 3
-ip_access_lists:
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- entries:
- - sequence: 15
- action: deny
- protocol: ip
- source: any
- destination: 10.1.10.1
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- entries:
- - remark: Some remark will not require source and destination fields.
- - action: permit
- protocol: ip
- source: 10.1.10.1
- destination: any
ip_igmp_snooping:
globally_enabled: true
vlans:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1A.yml
index 03b0a30c11a..a1c1d3ed3d4 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1A.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1A.yml
@@ -183,21 +183,6 @@ mlag_configuration:
peer_link: Port-Channel3
reload_delay_mlag: '300'
reload_delay_non_mlag: '330'
-ip_access_lists:
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- entries:
- - sequence: 15
- action: deny
- protocol: ip
- source: any
- destination: 10.1.10.1
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- entries:
- - remark: Some remark will not require source and destination fields.
- - action: permit
- protocol: ip
- source: 10.1.10.1
- destination: any
ip_igmp_snooping:
globally_enabled: true
vlans:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1B.yml
index 38a23acc606..4d89543b36a 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1B.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1B.yml
@@ -183,21 +183,6 @@ mlag_configuration:
peer_link: Port-Channel3
reload_delay_mlag: '300'
reload_delay_non_mlag: '330'
-ip_access_lists:
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- entries:
- - sequence: 15
- action: deny
- protocol: ip
- source: any
- destination: 10.1.10.1
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- entries:
- - remark: Some remark will not require source and destination fields.
- - action: permit
- protocol: ip
- source: 10.1.10.1
- destination: any
ip_igmp_snooping:
globally_enabled: true
vlans:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2A.yml
index 439787a9721..480ddeebf88 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2A.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2A.yml
@@ -212,21 +212,6 @@ mlag_configuration:
peer_ip: 192.168.200.114
vrf: MGMT
dual_primary_detection_delay: 5
-ip_access_lists:
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- entries:
- - sequence: 15
- action: deny
- protocol: ip
- source: any
- destination: 10.1.10.1
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- entries:
- - remark: Some remark will not require source and destination fields.
- - action: permit
- protocol: ip
- source: 10.1.10.1
- destination: any
ip_igmp_snooping:
globally_enabled: true
vlans:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2B.yml
index 841f98d1ba8..5f99cd8abba 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2B.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2B.yml
@@ -212,21 +212,6 @@ mlag_configuration:
peer_ip: 192.168.200.113
vrf: MGMT
dual_primary_detection_delay: 5
-ip_access_lists:
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- entries:
- - sequence: 15
- action: deny
- protocol: ip
- source: any
- destination: 10.1.10.1
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- entries:
- - remark: Some remark will not require source and destination fields.
- - action: permit
- protocol: ip
- source: 10.1.10.1
- destination: any
ip_igmp_snooping:
globally_enabled: true
vlans:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF3A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF3A.yml
index 0c4690ac464..a06c70b92db 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF3A.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF3A.yml
@@ -131,21 +131,6 @@ vlans:
- id: 161
name: Tenant_A_NFS
tenant: Tenant_A
-ip_access_lists:
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- entries:
- - sequence: 15
- action: deny
- protocol: ip
- source: any
- destination: 10.1.10.1
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- entries:
- - remark: Some remark will not require source and destination fields.
- - action: permit
- protocol: ip
- source: 10.1.10.1
- destination: any
ip_igmp_snooping:
globally_enabled: true
vlans:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF4A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF4A.yml
index 8208cd04c1e..9bb634e0aae 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF4A.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF4A.yml
@@ -131,21 +131,6 @@ vlans:
- id: 161
name: Tenant_A_NFS
tenant: Tenant_A
-ip_access_lists:
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- entries:
- - sequence: 15
- action: deny
- protocol: ip
- source: any
- destination: 10.1.10.1
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- entries:
- - remark: Some remark will not require source and destination fields.
- - action: permit
- protocol: ip
- source: 10.1.10.1
- destination: any
ip_igmp_snooping:
globally_enabled: true
vlans:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5A.yml
index de8af59ffe7..07148c86169 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5A.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5A.yml
@@ -179,21 +179,6 @@ mlag_configuration:
peer_link: Port-Channel3
reload_delay_mlag: '300'
reload_delay_non_mlag: '330'
-ip_access_lists:
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- entries:
- - sequence: 15
- action: deny
- protocol: ip
- source: any
- destination: 10.1.10.1
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- entries:
- - remark: Some remark will not require source and destination fields.
- - action: permit
- protocol: ip
- source: 10.1.10.1
- destination: any
ip_igmp_snooping:
globally_enabled: true
vlans:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5B.yml
index 85616fd0194..12cb0c07faf 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5B.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5B.yml
@@ -179,21 +179,6 @@ mlag_configuration:
peer_link: Port-Channel3
reload_delay_mlag: '300'
reload_delay_non_mlag: '330'
-ip_access_lists:
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- entries:
- - sequence: 15
- action: deny
- protocol: ip
- source: any
- destination: 10.1.10.1
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- entries:
- - remark: Some remark will not require source and destination fields.
- - action: permit
- protocol: ip
- source: 10.1.10.1
- destination: any
ip_igmp_snooping:
globally_enabled: true
vlans:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_services_l2_only_true.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_services_l2_only_true.yml
index c1804cdb645..16eede8162a 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_services_l2_only_true.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_services_l2_only_true.yml
@@ -364,21 +364,6 @@ vlans:
- id: 413
name: Tenant_D_v6_OP_Zone_3
tenant: Tenant_D
-ip_access_lists:
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- entries:
- - sequence: 15
- action: deny
- protocol: ip
- source: any
- destination: 10.1.10.1
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- entries:
- - remark: Some remark will not require source and destination fields.
- - action: permit
- protocol: ip
- source: 10.1.10.1
- destination: any
ip_igmp_snooping:
globally_enabled: true
vlans:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_default.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_default.yml
index 465ec5678be..c325d27dee6 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_default.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_default.yml
@@ -167,21 +167,6 @@ vlans:
- id: 413
name: Tenant_D_v6_OP_Zone_3
tenant: Tenant_D
-ip_access_lists:
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- entries:
- - sequence: 15
- action: deny
- protocol: ip
- source: any
- destination: 10.1.10.1
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- entries:
- - remark: Some remark will not require source and destination fields.
- - action: permit
- protocol: ip
- source: 10.1.10.1
- destination: any
ip_igmp_snooping:
globally_enabled: true
vlans:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_fabric.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_fabric.yml
index f265a927558..903198ccff5 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_fabric.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_fabric.yml
@@ -167,21 +167,6 @@ vlans:
- id: 413
name: Tenant_D_v6_OP_Zone_3
tenant: Tenant_D
-ip_access_lists:
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- entries:
- - sequence: 15
- action: deny
- protocol: ip
- source: any
- destination: 10.1.10.1
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- entries:
- - remark: Some remark will not require source and destination fields.
- - action: permit
- protocol: ip
- source: 10.1.10.1
- destination: any
ip_igmp_snooping:
globally_enabled: true
vlans:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_host.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_host.yml
index 764083829b8..e2e49444ff9 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_host.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_host.yml
@@ -173,21 +173,6 @@ vlans:
- id: 413
name: Tenant_D_v6_OP_Zone_3
tenant: Tenant_D
-ip_access_lists:
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- entries:
- - sequence: 15
- action: deny
- protocol: ip
- source: any
- destination: 10.1.10.1
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- entries:
- - remark: Some remark will not require source and destination fields.
- - action: permit
- protocol: ip
- source: 10.1.10.1
- destination: any
ip_igmp_snooping:
globally_enabled: true
vlans:
diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_platform.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_platform.yml
index 76c80ed2209..7d131da1770 100644
--- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_platform.yml
+++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_platform.yml
@@ -173,21 +173,6 @@ vlans:
- id: 413
name: Tenant_D_v6_OP_Zone_3
tenant: Tenant_D
-ip_access_lists:
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110
- entries:
- - sequence: 15
- action: deny
- protocol: ip
- source: any
- destination: 10.1.10.1
-- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110
- entries:
- - remark: Some remark will not require source and destination fields.
- - action: permit
- protocol: ip
- source: 10.1.10.1
- destination: any
ip_igmp_snooping:
globally_enabled: true
vlans:
diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/ipv4-acls.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/ipv4-acls.md
index e6751fc71dc..ac7ac350e85 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/ipv4-acls.md
+++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/ipv4-acls.md
@@ -10,8 +10,8 @@
| [ipv4_acls](## "ipv4_acls") | List, items: Dictionary | | | | IPv4 extended access-lists supporting substitution on certain fields.
These access-lists can be referenced under node settings `l3_interfaces`, and will only be configured on devices where they are in use.
The substitution is useful when assigning the same access-list on multiple interfaces,
but where certain fields require unique values like the "interface_ip" or "peer_ip".
When using substitution, the interface name will be appended to the ACL name. |
| [ - name](## "ipv4_acls.[].name") | String | Required, Unique | | | Access-list name.
When using substitution for any fields, the interface name will be appended to the ACL name. |
| [ entries](## "ipv4_acls.[].entries") | List, items: Dictionary | Required | | | ACL Entries. |
- | [ - source](## "ipv4_acls.[].entries.[].source") | String | | | | This field supports substitution of the fields "interface_ip" and "peer_ip".
Alternatively it can be set with a static value of "any", "/" or "".
"" without a mask means host.
Required except for remarks. |
- | [ destination](## "ipv4_acls.[].entries.[].destination") | String | | | | This field supports substitution of the fields "interface_ip" and "peer_ip".
Alternatively it can be set with a static value of "any", "/" or "".
"" without a mask means host.
Required except for remarks. |
+ | [ - source](## "ipv4_acls.[].entries.[].source") | String | | | | This field supports substitution of the fields "interface_ip" for SVIs and both "interface_ip" and "peer_ip" for Layer 3 interfaces.
Alternatively it can be set with a static value of "any", "/" or "".
"" without a mask means host.
Required except for remarks. |
+ | [ destination](## "ipv4_acls.[].entries.[].destination") | String | | | | This field supports substitution of the fields "interface_ip" for SVIs and both "interface_ip" and "peer_ip" for Layer 3 interfaces.
Alternatively it can be set with a static value of "any", "/" or "".
"" without a mask means host.
Required except for remarks. |
| [ sequence](## "ipv4_acls.[].entries.[].sequence") | Integer | | | | ACL entry sequence number. |
| [ remark](## "ipv4_acls.[].entries.[].remark") | String | | | | Comment up to 100 characters.
If remark is defined, other keys in the ACL entry will be ignored. |
| [ action](## "ipv4_acls.[].entries.[].action") | String | | | Valid Values:
- permit
- deny | ACL action.
Required except for remarks. |
@@ -56,13 +56,13 @@
# ACL Entries.
entries: # required
- # This field supports substitution of the fields "interface_ip" and "peer_ip".
+ # This field supports substitution of the fields "interface_ip" for SVIs and both "interface_ip" and "peer_ip" for Layer 3 interfaces.
# Alternatively it can be set with a static value of "any", "/" or "".
# "" without a mask means host.
# Required except for remarks.
- source:
- # This field supports substitution of the fields "interface_ip" and "peer_ip".
+ # This field supports substitution of the fields "interface_ip" for SVIs and both "interface_ip" and "peer_ip" for Layer 3 interfaces.
# Alternatively it can be set with a static value of "any", "/" or "".
# "" without a mask means host.
# Required except for remarks.
diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-services-vrfs-svis-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-services-vrfs-svis-settings.md
index 0db7ad27056..5e9d9428f3d 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-services-vrfs-svis-settings.md
+++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-services-vrfs-svis-settings.md
@@ -38,8 +38,8 @@
| [ - <str>](## ".[].vrfs.[].svis.[].nodes.[].ip_virtual_router_addresses.[]") | String | | | | IPv4_address/Mask or IPv4_address.
IPv4_address/Mask will also configure a static route to the SVI per best practice.
|
| [ ipv6_virtual_router_addresses](## ".[].vrfs.[].svis.[].nodes.[].ipv6_virtual_router_addresses") | List, items: String | | | | IPv6 VARP addresses.
Requires an IPv6 address to be configured on the SVI.
If ipv6_address_virtuals is also set, ipv6_virtual_router_addresses will take precedence
_if_ there is an ipv6_address configured for the node.
|
| [ - <str>](## ".[].vrfs.[].svis.[].nodes.[].ipv6_virtual_router_addresses.[]") | String | | | | IPv6_address. |
- | [ ipv4_acl_in](## ".[].vrfs.[].svis.[].nodes.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`. |
- | [ ipv4_acl_out](## ".[].vrfs.[].svis.[].nodes.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. |
+ | [ ipv4_acl_in](## ".[].vrfs.[].svis.[].nodes.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". |
+ | [ ipv4_acl_out](## ".[].vrfs.[].svis.[].nodes.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". |
| [ ip_helpers](## ".[].vrfs.[].svis.[].nodes.[].ip_helpers") | List, items: Dictionary | | | | IP helper for DHCP relay. |
| [ - ip_helper](## ".[].vrfs.[].svis.[].nodes.[].ip_helpers.[].ip_helper") | String | Required, Unique | | | IPv4 DHCP server IP. |
| [ source_interface](## ".[].vrfs.[].svis.[].nodes.[].ip_helpers.[].source_interface") | String | | | | Interface name to originate DHCP relay packets to DHCP server. |
@@ -72,8 +72,8 @@
| [ - <str>](## ".[].vrfs.[].svis.[].ip_virtual_router_addresses.[]") | String | | | | IPv4_address/Mask or IPv4_address.
IPv4_address/Mask will also configure a static route to the SVI per best practice.
|
| [ ipv6_virtual_router_addresses](## ".[].vrfs.[].svis.[].ipv6_virtual_router_addresses") | List, items: String | | | | IPv6 VARP addresses.
Requires an IPv6 address to be configured on the SVI.
If ipv6_address_virtuals is also set, ipv6_virtual_router_addresses will take precedence
_if_ there is an ipv6_address configured for the node.
|
| [ - <str>](## ".[].vrfs.[].svis.[].ipv6_virtual_router_addresses.[]") | String | | | | IPv6_address. |
- | [ ipv4_acl_in](## ".[].vrfs.[].svis.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`. |
- | [ ipv4_acl_out](## ".[].vrfs.[].svis.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. |
+ | [ ipv4_acl_in](## ".[].vrfs.[].svis.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". |
+ | [ ipv4_acl_out](## ".[].vrfs.[].svis.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". |
| [ ip_helpers](## ".[].vrfs.[].svis.[].ip_helpers") | List, items: Dictionary | | | | IP helper for DHCP relay. |
| [ - ip_helper](## ".[].vrfs.[].svis.[].ip_helpers.[].ip_helper") | String | Required, Unique | | | IPv4 DHCP server IP. |
| [ source_interface](## ".[].vrfs.[].svis.[].ip_helpers.[].source_interface") | String | | | | Interface name to originate DHCP relay packets to DHCP server. |
@@ -218,11 +218,11 @@
-
# Name of the IPv4 access-list to be assigned in the ingress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip".
ipv4_acl_in:
# Name of the IPv4 Access-list to be assigned in the egress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip".
ipv4_acl_out:
# IP helper for DHCP relay.
@@ -349,11 +349,11 @@
-
# Name of the IPv4 access-list to be assigned in the ingress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip".
ipv4_acl_in:
# Name of the IPv4 Access-list to be assigned in the egress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip".
ipv4_acl_out:
# IP helper for DHCP relay.
diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-interfaces-configuration.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-interfaces-configuration.md
index 6cd268add13..49254813718 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-interfaces-configuration.md
+++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-interfaces-configuration.md
@@ -23,8 +23,8 @@
| [ peer](## ".defaults.l3_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation. |
| [ peer_interface](## ".defaults.l3_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. |
| [ peer_ip](## ".defaults.l3_interfaces.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. |
- | [ ipv4_acl_in](## ".defaults.l3_interfaces.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`.
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. |
- | [ ipv4_acl_out](## ".defaults.l3_interfaces.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. |
+ | [ ipv4_acl_in](## ".defaults.l3_interfaces.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. |
+ | [ ipv4_acl_out](## ".defaults.l3_interfaces.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". |
| [ static_routes](## ".defaults.l3_interfaces.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. |
| [ - prefix](## ".defaults.l3_interfaces.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. |
| [ qos_profile](## ".defaults.l3_interfaces.[].qos_profile") | String | | | | QOS service profile. |
@@ -58,8 +58,8 @@
| [ peer](## ".node_groups.[].nodes.[].l3_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation. |
| [ peer_interface](## ".node_groups.[].nodes.[].l3_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. |
| [ peer_ip](## ".node_groups.[].nodes.[].l3_interfaces.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. |
- | [ ipv4_acl_in](## ".node_groups.[].nodes.[].l3_interfaces.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`.
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. |
- | [ ipv4_acl_out](## ".node_groups.[].nodes.[].l3_interfaces.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. |
+ | [ ipv4_acl_in](## ".node_groups.[].nodes.[].l3_interfaces.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. |
+ | [ ipv4_acl_out](## ".node_groups.[].nodes.[].l3_interfaces.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". |
| [ static_routes](## ".node_groups.[].nodes.[].l3_interfaces.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. |
| [ - prefix](## ".node_groups.[].nodes.[].l3_interfaces.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. |
| [ qos_profile](## ".node_groups.[].nodes.[].l3_interfaces.[].qos_profile") | String | | | | QOS service profile. |
@@ -89,8 +89,8 @@
| [ peer](## ".node_groups.[].l3_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation. |
| [ peer_interface](## ".node_groups.[].l3_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. |
| [ peer_ip](## ".node_groups.[].l3_interfaces.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. |
- | [ ipv4_acl_in](## ".node_groups.[].l3_interfaces.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`.
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. |
- | [ ipv4_acl_out](## ".node_groups.[].l3_interfaces.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. |
+ | [ ipv4_acl_in](## ".node_groups.[].l3_interfaces.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. |
+ | [ ipv4_acl_out](## ".node_groups.[].l3_interfaces.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". |
| [ static_routes](## ".node_groups.[].l3_interfaces.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. |
| [ - prefix](## ".node_groups.[].l3_interfaces.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. |
| [ qos_profile](## ".node_groups.[].l3_interfaces.[].qos_profile") | String | | | | QOS service profile. |
@@ -122,8 +122,8 @@
| [ peer](## ".nodes.[].l3_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation. |
| [ peer_interface](## ".nodes.[].l3_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. |
| [ peer_ip](## ".nodes.[].l3_interfaces.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. |
- | [ ipv4_acl_in](## ".nodes.[].l3_interfaces.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`.
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. |
- | [ ipv4_acl_out](## ".nodes.[].l3_interfaces.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. |
+ | [ ipv4_acl_in](## ".nodes.[].l3_interfaces.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. |
+ | [ ipv4_acl_out](## ".nodes.[].l3_interfaces.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". |
| [ static_routes](## ".nodes.[].l3_interfaces.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. |
| [ - prefix](## ".nodes.[].l3_interfaces.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. |
| [ qos_profile](## ".nodes.[].l3_interfaces.[].qos_profile") | String | | | | QOS service profile. |
@@ -153,8 +153,8 @@
| [ peer](## "l3_interface_profiles.[].peer") | String | | | | The peer device name. Used for description and documentation. |
| [ peer_interface](## "l3_interface_profiles.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. |
| [ peer_ip](## "l3_interface_profiles.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. |
- | [ ipv4_acl_in](## "l3_interface_profiles.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`.
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. |
- | [ ipv4_acl_out](## "l3_interface_profiles.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. |
+ | [ ipv4_acl_in](## "l3_interface_profiles.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. |
+ | [ ipv4_acl_out](## "l3_interface_profiles.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". |
| [ static_routes](## "l3_interface_profiles.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. |
| [ - prefix](## "l3_interface_profiles.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. |
| [ qos_profile](## "l3_interface_profiles.[].qos_profile") | String | | | | QOS service profile. |
@@ -237,12 +237,12 @@
peer_ip:
# Name of the IPv4 access-list to be assigned in the ingress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
# Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`.
ipv4_acl_in:
# Name of the IPv4 Access-list to be assigned in the egress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
ipv4_acl_out:
# Configure IPv4 static routes pointing to `peer_ip`.
@@ -363,12 +363,12 @@
peer_ip:
# Name of the IPv4 access-list to be assigned in the ingress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
# Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`.
ipv4_acl_in:
# Name of the IPv4 Access-list to be assigned in the egress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
ipv4_acl_out:
# Configure IPv4 static routes pointing to `peer_ip`.
@@ -476,12 +476,12 @@
peer_ip:
# Name of the IPv4 access-list to be assigned in the ingress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
# Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`.
ipv4_acl_in:
# Name of the IPv4 Access-list to be assigned in the egress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
ipv4_acl_out:
# Configure IPv4 static routes pointing to `peer_ip`.
@@ -595,12 +595,12 @@
peer_ip:
# Name of the IPv4 access-list to be assigned in the ingress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
# Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`.
ipv4_acl_in:
# Name of the IPv4 Access-list to be assigned in the egress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
ipv4_acl_out:
# Configure IPv4 static routes pointing to `peer_ip`.
@@ -708,12 +708,12 @@
peer_ip:
# Name of the IPv4 access-list to be assigned in the ingress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
# Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`.
ipv4_acl_in:
# Name of the IPv4 Access-list to be assigned in the egress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
ipv4_acl_out:
# Configure IPv4 static routes pointing to `peer_ip`.
diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/svi-profiles.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/svi-profiles.md
index a0a20c84722..7f1ce01b825 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/svi-profiles.md
+++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/svi-profiles.md
@@ -28,8 +28,8 @@
| [ - <str>](## "svi_profiles.[].nodes.[].ip_virtual_router_addresses.[]") | String | | | | IPv4_address/Mask or IPv4_address.
IPv4_address/Mask will also configure a static route to the SVI per best practice.
|
| [ ipv6_virtual_router_addresses](## "svi_profiles.[].nodes.[].ipv6_virtual_router_addresses") | List, items: String | | | | IPv6 VARP addresses.
Requires an IPv6 address to be configured on the SVI.
If ipv6_address_virtuals is also set, ipv6_virtual_router_addresses will take precedence
_if_ there is an ipv6_address configured for the node.
|
| [ - <str>](## "svi_profiles.[].nodes.[].ipv6_virtual_router_addresses.[]") | String | | | | IPv6_address. |
- | [ ipv4_acl_in](## "svi_profiles.[].nodes.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`. |
- | [ ipv4_acl_out](## "svi_profiles.[].nodes.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. |
+ | [ ipv4_acl_in](## "svi_profiles.[].nodes.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". |
+ | [ ipv4_acl_out](## "svi_profiles.[].nodes.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". |
| [ ip_helpers](## "svi_profiles.[].nodes.[].ip_helpers") | List, items: Dictionary | | | | IP helper for DHCP relay. |
| [ - ip_helper](## "svi_profiles.[].nodes.[].ip_helpers.[].ip_helper") | String | Required, Unique | | | IPv4 DHCP server IP. |
| [ source_interface](## "svi_profiles.[].nodes.[].ip_helpers.[].source_interface") | String | | | | Interface name to originate DHCP relay packets to DHCP server. |
@@ -63,8 +63,8 @@
| [ - <str>](## "svi_profiles.[].ip_virtual_router_addresses.[]") | String | | | | IPv4_address/Mask or IPv4_address.
IPv4_address/Mask will also configure a static route to the SVI per best practice.
|
| [ ipv6_virtual_router_addresses](## "svi_profiles.[].ipv6_virtual_router_addresses") | List, items: String | | | | IPv6 VARP addresses.
Requires an IPv6 address to be configured on the SVI.
If ipv6_address_virtuals is also set, ipv6_virtual_router_addresses will take precedence
_if_ there is an ipv6_address configured for the node.
|
| [ - <str>](## "svi_profiles.[].ipv6_virtual_router_addresses.[]") | String | | | | IPv6_address. |
- | [ ipv4_acl_in](## "svi_profiles.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`. |
- | [ ipv4_acl_out](## "svi_profiles.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. |
+ | [ ipv4_acl_in](## "svi_profiles.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". |
+ | [ ipv4_acl_out](## "svi_profiles.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". |
| [ ip_helpers](## "svi_profiles.[].ip_helpers") | List, items: Dictionary | | | | IP helper for DHCP relay. |
| [ - ip_helper](## "svi_profiles.[].ip_helpers.[].ip_helper") | String | Required, Unique | | | IPv4 DHCP server IP. |
| [ source_interface](## "svi_profiles.[].ip_helpers.[].source_interface") | String | | | | Interface name to originate DHCP relay packets to DHCP server. |
@@ -175,11 +175,11 @@
-
# Name of the IPv4 access-list to be assigned in the ingress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip".
ipv4_acl_in:
# Name of the IPv4 Access-list to be assigned in the egress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip".
ipv4_acl_out:
# IP helper for DHCP relay.
@@ -309,11 +309,11 @@
-
# Name of the IPv4 access-list to be assigned in the ingress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip".
ipv4_acl_in:
# Name of the IPv4 Access-list to be assigned in the egress direction.
- # The access-list must be defined under `ipv4_acls`.
+ # The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip".
ipv4_acl_out:
# IP helper for DHCP relay.
diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py
index 542c3cb64c4..a1199e42d8f 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py
+++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py
@@ -602,6 +602,8 @@ def _svi_acls(self) -> dict[str, dict[str, dict]]:
Only contains interfaces with ACLs and only the ACLs that are set,
so use `get(self._svi_acls, f"{interface_name}.ipv4_acl_in")` to get the value.
"""
+ if not self.shared_utils.network_services_l3:
+ return None
svi_acls = {}
for tenant in self.shared_utils.filtered_tenants:
diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json
index 43480864e03..0775f8596c0 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json
+++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json
@@ -6224,12 +6224,12 @@
"properties": {
"source": {
"type": "string",
- "description": "This field supports substitution of the fields \"interface_ip\" and \"peer_ip\".\nAlternatively it can be set with a static value of \"any\", \"/\" or \"\".\n\"\" without a mask means host.\nRequired except for remarks.",
+ "description": "This field supports substitution of the fields \"interface_ip\" for SVIs and both \"interface_ip\" and \"peer_ip\" for Layer 3 interfaces.\nAlternatively it can be set with a static value of \"any\", \"/\" or \"\".\n\"\" without a mask means host.\nRequired except for remarks.",
"title": "Source"
},
"destination": {
"type": "string",
- "description": "This field supports substitution of the fields \"interface_ip\" and \"peer_ip\".\nAlternatively it can be set with a static value of \"any\", \"/\" or \"\".\n\"\" without a mask means host.\nRequired except for remarks.",
+ "description": "This field supports substitution of the fields \"interface_ip\" for SVIs and both \"interface_ip\" and \"peer_ip\" for Layer 3 interfaces.\nAlternatively it can be set with a static value of \"any\", \"/\" or \"\".\n\"\" without a mask means host.\nRequired except for remarks.",
"title": "Destination"
},
"sequence": {
@@ -7167,12 +7167,12 @@
"title": "Peer IP"
},
"ipv4_acl_in": {
- "description": "Name of the IPv4 access-list to be assigned in the ingress direction.\nThe access-list must be defined under `ipv4_acls`.\nRequired for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`.",
+ "description": "Name of the IPv4 access-list to be assigned in the ingress direction.\nThe access-list must be defined under `ipv4_acls` and supports field substitution for \"interface_ip\" and \"peer_ip\".\nRequired for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`.",
"type": "string",
"title": "IPv4 Acl In"
},
"ipv4_acl_out": {
- "description": "Name of the IPv4 Access-list to be assigned in the egress direction.\nThe access-list must be defined under `ipv4_acls`.",
+ "description": "Name of the IPv4 Access-list to be assigned in the egress direction.\nThe access-list must be defined under `ipv4_acls` and supports field substitution for \"interface_ip\" and \"peer_ip\".",
"type": "string",
"title": "IPv4 Acl Out"
},
@@ -52525,12 +52525,12 @@
"title": "IPv6 Virtual Router Addresses"
},
"ipv4_acl_in": {
- "description": "Name of the IPv4 access-list to be assigned in the ingress direction.\nThe access-list must be defined under `ipv4_acls`.",
+ "description": "Name of the IPv4 access-list to be assigned in the ingress direction.\nThe access-list must be defined under `ipv4_acls` and supports substitution of the field \"interface_ip\".",
"type": "string",
"title": "IPv4 Acl In"
},
"ipv4_acl_out": {
- "description": "Name of the IPv4 Access-list to be assigned in the egress direction.\nThe access-list must be defined under `ipv4_acls`.",
+ "description": "Name of the IPv4 Access-list to be assigned in the egress direction.\nThe access-list must be defined under `ipv4_acls` and supports substitution of the field \"interface_ip\".",
"type": "string",
"title": "IPv4 Acl Out"
},
@@ -54383,12 +54383,12 @@
"title": "IPv6 Virtual Router Addresses"
},
"ipv4_acl_in": {
- "description": "Name of the IPv4 access-list to be assigned in the ingress direction.\nThe access-list must be defined under `ipv4_acls`.",
+ "description": "Name of the IPv4 access-list to be assigned in the ingress direction.\nThe access-list must be defined under `ipv4_acls` and supports substitution of the field \"interface_ip\".",
"type": "string",
"title": "IPv4 Acl In"
},
"ipv4_acl_out": {
- "description": "Name of the IPv4 Access-list to be assigned in the egress direction.\nThe access-list must be defined under `ipv4_acls`.",
+ "description": "Name of the IPv4 Access-list to be assigned in the egress direction.\nThe access-list must be defined under `ipv4_acls` and supports substitution of the field \"interface_ip\".",
"type": "string",
"title": "IPv4 Acl Out"
},
diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml
index a594ee841c8..400e44505d6 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml
@@ -1698,7 +1698,7 @@ keys:
source:
type: str
description: 'This field supports substitution of the fields "interface_ip"
- and "peer_ip".
+ for SVIs and both "interface_ip" and "peer_ip" for Layer 3 interfaces.
Alternatively it can be set with a static value of "any", "/"
or "".
@@ -1709,7 +1709,7 @@ keys:
destination:
type: str
description: 'This field supports substitution of the fields "interface_ip"
- and "peer_ip".
+ for SVIs and both "interface_ip" and "peer_ip" for Layer 3 interfaces.
Alternatively it can be set with a static value of "any", "/"
or "".
@@ -8699,7 +8699,8 @@ $defs:
description: 'Name of the IPv4 access-list to be assigned in the ingress
direction.
- The access-list must be defined under `ipv4_acls`.
+ The access-list must be defined under `ipv4_acls` and supports field substitution
+ for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier
is marked as ''trusted'' under `wan_carriers`.'
@@ -8710,7 +8711,8 @@ $defs:
description: 'Name of the IPv4 Access-list to be assigned in the egress
direction.
- The access-list must be defined under `ipv4_acls`.'
+ The access-list must be defined under `ipv4_acls` and supports field substitution
+ for "interface_ip" and "peer_ip".'
type: str
convert_types:
- int
@@ -9105,14 +9107,16 @@ $defs:
ipv4_acl_in:
description: 'Name of the IPv4 access-list to be assigned in the ingress direction.
- The access-list must be defined under `ipv4_acls`.'
+ The access-list must be defined under `ipv4_acls` and supports substitution
+ of the field "interface_ip".'
type: str
convert_types:
- int
ipv4_acl_out:
description: 'Name of the IPv4 Access-list to be assigned in the egress direction.
- The access-list must be defined under `ipv4_acls`.'
+ The access-list must be defined under `ipv4_acls` and supports substitution
+ of the field "interface_ip".'
type: str
convert_types:
- int
diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type_l3_interfaces.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type_l3_interfaces.schema.yml
index 280447a3c7f..a16663c89c3 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type_l3_interfaces.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type_l3_interfaces.schema.yml
@@ -80,7 +80,7 @@ $defs:
ipv4_acl_in:
description: |-
Name of the IPv4 access-list to be assigned in the ingress direction.
- The access-list must be defined under `ipv4_acls`.
+ The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`.
type: str
convert_types:
@@ -88,7 +88,7 @@ $defs:
ipv4_acl_out:
description: |-
Name of the IPv4 Access-list to be assigned in the egress direction.
- The access-list must be defined under `ipv4_acls`.
+ The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
type: str
convert_types:
- int
diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_svi_settings.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_svi_settings.schema.yml
index 777411f555e..1270e2bfb71 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_svi_settings.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_svi_settings.schema.yml
@@ -83,14 +83,14 @@ $defs:
ipv4_acl_in:
description: |-
Name of the IPv4 access-list to be assigned in the ingress direction.
- The access-list must be defined under `ipv4_acls`.
+ The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip".
type: str
convert_types:
- int
ipv4_acl_out:
description: |-
Name of the IPv4 Access-list to be assigned in the egress direction.
- The access-list must be defined under `ipv4_acls`.
+ The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip".
type: str
convert_types:
- int
diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/ipv4_acls.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/ipv4_acls.schema.yml
index 8a60ce479cb..76a4d8deeb5 100644
--- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/ipv4_acls.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/ipv4_acls.schema.yml
@@ -34,14 +34,14 @@ keys:
source:
type: str
description: |-
- This field supports substitution of the fields "interface_ip" and "peer_ip".
+ This field supports substitution of the fields "interface_ip" for SVIs and both "interface_ip" and "peer_ip" for Layer 3 interfaces.
Alternatively it can be set with a static value of "any", "/" or "".
"" without a mask means host.
Required except for remarks.
destination:
type: str
description: |-
- This field supports substitution of the fields "interface_ip" and "peer_ip".
+ This field supports substitution of the fields "interface_ip" for SVIs and both "interface_ip" and "peer_ip" for Layer 3 interfaces.
Alternatively it can be set with a static value of "any", "/" or "".
"" without a mask means host.
Required except for remarks.