From 1746335251ed8f21002620117bca01cb9d1b6f92 Mon Sep 17 00:00:00 2001 From: Mahesh Kumar Date: Wed, 8 May 2024 04:48:35 -0700 Subject: [PATCH] fixed ACL for l2leaf and description --- .../intended/configs/DC1-CL1A.cfg | 7 ---- .../intended/configs/DC1-CL1B.cfg | 7 ---- .../intended/configs/DC1-L2LEAF1A.cfg | 7 ---- .../intended/configs/DC1-L2LEAF1B.cfg | 7 ---- .../intended/configs/DC1-L2LEAF2A.cfg | 7 ---- .../intended/configs/DC1-L2LEAF2B.cfg | 7 ---- .../intended/configs/DC1-L2LEAF3A.cfg | 7 ---- .../intended/configs/DC1-L2LEAF4A.cfg | 7 ---- .../intended/configs/DC1.L2LEAF5A.cfg | 7 ---- .../intended/configs/DC1.L2LEAF5B.cfg | 7 ---- .../configs/evpn_services_l2_only_true.cfg | 7 ---- .../configs/mgmt_interface_default.cfg | 7 ---- .../configs/mgmt_interface_fabric.cfg | 7 ---- .../intended/configs/mgmt_interface_host.cfg | 7 ---- .../configs/mgmt_interface_platform.cfg | 7 ---- .../intended/structured_configs/DC1-CL1A.yml | 15 ------- .../intended/structured_configs/DC1-CL1B.yml | 15 ------- .../structured_configs/DC1-L2LEAF1A.yml | 15 ------- .../structured_configs/DC1-L2LEAF1B.yml | 15 ------- .../structured_configs/DC1-L2LEAF2A.yml | 15 ------- .../structured_configs/DC1-L2LEAF2B.yml | 15 ------- .../structured_configs/DC1-L2LEAF3A.yml | 15 ------- .../structured_configs/DC1-L2LEAF4A.yml | 15 ------- .../structured_configs/DC1.L2LEAF5A.yml | 15 ------- .../structured_configs/DC1.L2LEAF5B.yml | 15 ------- .../evpn_services_l2_only_true.yml | 15 ------- .../mgmt_interface_default.yml | 15 ------- .../mgmt_interface_fabric.yml | 15 ------- .../mgmt_interface_host.yml | 15 ------- .../mgmt_interface_platform.yml | 15 ------- .../eos_designs/docs/tables/ipv4-acls.md | 8 ++-- .../network-services-vrfs-svis-settings.md | 16 ++++---- .../node-type-l3-interfaces-configuration.md | 40 +++++++++---------- .../eos_designs/docs/tables/svi-profiles.md | 16 ++++---- .../python_modules/network_services/utils.py | 2 + .../schemas/eos_designs.jsonschema.json | 16 ++++---- .../schemas/eos_designs.schema.yml | 16 +++++--- .../defs_node_type_l3_interfaces.schema.yml | 4 +- .../defs_svi_settings.schema.yml | 4 +- .../schema_fragments/ipv4_acls.schema.yml | 4 +- 40 files changed, 66 insertions(+), 390 deletions(-) diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-CL1A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-CL1A.cfg index e9907df1ea6..b87f1d4c95f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-CL1A.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-CL1A.cfg @@ -208,13 +208,6 @@ interface Vxlan1 vxlan vlan 311 vni 30311 vxlan vlan 350 vni 30350 ! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - 15 deny ip any host 10.1.10.1 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - remark Some remark will not require source and destination fields. - permit ip host 10.1.10.1 any -! ip routing no ip routing vrf MGMT ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-CL1B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-CL1B.cfg index 8c64545a256..3e2568b4617 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-CL1B.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-CL1B.cfg @@ -208,13 +208,6 @@ interface Vxlan1 vxlan vlan 311 vni 30311 vxlan vlan 350 vni 30350 ! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - 15 deny ip any host 10.1.10.1 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - remark Some remark will not require source and destination fields. - permit ip host 10.1.10.1 any -! ip routing no ip routing vrf MGMT ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF1A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF1A.cfg index 19bfacd967f..a287ae07a8c 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF1A.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF1A.cfg @@ -122,13 +122,6 @@ interface Vlan4091 mtu 1500 no autostate ip address 10.255.252.14/31 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - 15 deny ip any host 10.1.10.1 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - remark Some remark will not require source and destination fields. - permit ip host 10.1.10.1 any no ip routing vrf MGMT ! mlag configuration diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF1B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF1B.cfg index 4e37bd7ad5c..8cfd112809f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF1B.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF1B.cfg @@ -122,13 +122,6 @@ interface Vlan4091 mtu 1500 no autostate ip address 10.255.252.15/31 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - 15 deny ip any host 10.1.10.1 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - remark Some remark will not require source and destination fields. - permit ip host 10.1.10.1 any no ip routing vrf MGMT ! mlag configuration diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF2A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF2A.cfg index e2d31d0bf3e..0d11936d6ab 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF2A.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF2A.cfg @@ -147,13 +147,6 @@ interface Vlan4091 mtu 1500 no autostate ip address 10.255.252.16/31 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - 15 deny ip any host 10.1.10.1 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - remark Some remark will not require source and destination fields. - permit ip host 10.1.10.1 any no ip routing vrf MGMT ! mlag configuration diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF2B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF2B.cfg index 7225e8e0651..c79fad5fa34 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF2B.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF2B.cfg @@ -147,13 +147,6 @@ interface Vlan4091 mtu 1500 no autostate ip address 10.255.252.17/31 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - 15 deny ip any host 10.1.10.1 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - remark Some remark will not require source and destination fields. - permit ip host 10.1.10.1 any no ip routing vrf MGMT ! mlag configuration diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF3A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF3A.cfg index 88f0f9dcf1a..8ea8adf26ec 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF3A.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF3A.cfg @@ -88,13 +88,6 @@ interface Management1 no shutdown vrf MGMT ip address 192.168.200.116/24 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - 15 deny ip any host 10.1.10.1 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - remark Some remark will not require source and destination fields. - permit ip host 10.1.10.1 any no ip routing vrf MGMT ! ip route vrf MGMT 0.0.0.0/0 192.168.200.5 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF4A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF4A.cfg index 89abf59300a..dc50cf1a693 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF4A.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1-L2LEAF4A.cfg @@ -88,13 +88,6 @@ interface Management1 no shutdown vrf MGMT ip address 192.168.200.119/24 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - 15 deny ip any host 10.1.10.1 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - remark Some remark will not require source and destination fields. - permit ip host 10.1.10.1 any no ip routing vrf MGMT ! ip route vrf MGMT 0.0.0.0/0 192.168.200.5 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1.L2LEAF5A.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1.L2LEAF5A.cfg index 37d1ebda8f2..a674967a3ea 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1.L2LEAF5A.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1.L2LEAF5A.cfg @@ -118,13 +118,6 @@ interface Vlan4091 mtu 1500 no autostate ip address 10.255.252.26/31 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - 15 deny ip any host 10.1.10.1 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - remark Some remark will not require source and destination fields. - permit ip host 10.1.10.1 any no ip routing vrf MGMT ! mlag configuration diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1.L2LEAF5B.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1.L2LEAF5B.cfg index 8455a23f8f5..5c41f4680fa 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1.L2LEAF5B.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/DC1.L2LEAF5B.cfg @@ -118,13 +118,6 @@ interface Vlan4091 mtu 1500 no autostate ip address 10.255.252.27/31 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - 15 deny ip any host 10.1.10.1 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - remark Some remark will not require source and destination fields. - permit ip host 10.1.10.1 any no ip routing vrf MGMT ! mlag configuration diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/evpn_services_l2_only_true.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/evpn_services_l2_only_true.cfg index aabc065b08d..917d49430b7 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/evpn_services_l2_only_true.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/evpn_services_l2_only_true.cfg @@ -185,13 +185,6 @@ interface Vxlan1 vxlan vlan 451 vni 40451 vxlan vlan 452 vni 40452 ! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - 15 deny ip any host 10.1.10.1 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - remark Some remark will not require source and destination fields. - permit ip host 10.1.10.1 any -! ip routing no ip routing vrf MGMT ! diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_default.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_default.cfg index 1a885fa5d16..45ddc420080 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_default.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_default.cfg @@ -137,13 +137,6 @@ interface Management1 no shutdown vrf MGMT ip address 1.1.1.2 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - 15 deny ip any host 10.1.10.1 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - remark Some remark will not require source and destination fields. - permit ip host 10.1.10.1 any no ip routing vrf MGMT ! ip route vrf MGMT 0.0.0.0/0 1.1.1.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_fabric.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_fabric.cfg index 46de1ac4578..964bff62ef1 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_fabric.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_fabric.cfg @@ -137,13 +137,6 @@ interface MY_INTERFACE_FABRIC no shutdown vrf MGMT ip address 1.1.1.2 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - 15 deny ip any host 10.1.10.1 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - remark Some remark will not require source and destination fields. - permit ip host 10.1.10.1 any no ip routing vrf MGMT ! ip route vrf MGMT 0.0.0.0/0 1.1.1.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_host.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_host.cfg index 138ccbdbd7b..eeeb228ef0a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_host.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_host.cfg @@ -142,13 +142,6 @@ interface MY_INTERFACE_HOST ! hardware tcam system profile vxlan-routing -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - 15 deny ip any host 10.1.10.1 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - remark Some remark will not require source and destination fields. - permit ip host 10.1.10.1 any no ip routing vrf MGMT ! ip route vrf MGMT 0.0.0.0/0 1.1.1.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_platform.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_platform.cfg index 62c7cda4049..0150c5aff2f 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_platform.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/mgmt_interface_platform.cfg @@ -142,13 +142,6 @@ interface Management0 ! hardware tcam system profile vxlan-routing -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - 15 deny ip any host 10.1.10.1 -! -ip access-list TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - remark Some remark will not require source and destination fields. - permit ip host 10.1.10.1 any no ip routing vrf MGMT ! ip route vrf MGMT 0.0.0.0/0 1.1.1.1 diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1A.yml index 1485478c391..31681a09a84 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1A.yml @@ -454,21 +454,6 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - sequence: 15 - action: deny - protocol: ip - source: any - destination: 10.1.10.1 -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - action: permit - protocol: ip - source: 10.1.10.1 - destination: any ip_igmp_snooping: globally_enabled: true vlans: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1B.yml index 1e60cb4a9ee..32cdf24d313 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-CL1B.yml @@ -462,21 +462,6 @@ router_bfd: interval: 1200 min_rx: 1200 multiplier: 3 -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - sequence: 15 - action: deny - protocol: ip - source: any - destination: 10.1.10.1 -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - action: permit - protocol: ip - source: 10.1.10.1 - destination: any ip_igmp_snooping: globally_enabled: true vlans: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1A.yml index 03b0a30c11a..a1c1d3ed3d4 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1A.yml @@ -183,21 +183,6 @@ mlag_configuration: peer_link: Port-Channel3 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - sequence: 15 - action: deny - protocol: ip - source: any - destination: 10.1.10.1 -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - action: permit - protocol: ip - source: 10.1.10.1 - destination: any ip_igmp_snooping: globally_enabled: true vlans: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1B.yml index 38a23acc606..4d89543b36a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF1B.yml @@ -183,21 +183,6 @@ mlag_configuration: peer_link: Port-Channel3 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - sequence: 15 - action: deny - protocol: ip - source: any - destination: 10.1.10.1 -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - action: permit - protocol: ip - source: 10.1.10.1 - destination: any ip_igmp_snooping: globally_enabled: true vlans: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2A.yml index 439787a9721..480ddeebf88 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2A.yml @@ -212,21 +212,6 @@ mlag_configuration: peer_ip: 192.168.200.114 vrf: MGMT dual_primary_detection_delay: 5 -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - sequence: 15 - action: deny - protocol: ip - source: any - destination: 10.1.10.1 -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - action: permit - protocol: ip - source: 10.1.10.1 - destination: any ip_igmp_snooping: globally_enabled: true vlans: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2B.yml index 841f98d1ba8..5f99cd8abba 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF2B.yml @@ -212,21 +212,6 @@ mlag_configuration: peer_ip: 192.168.200.113 vrf: MGMT dual_primary_detection_delay: 5 -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - sequence: 15 - action: deny - protocol: ip - source: any - destination: 10.1.10.1 -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - action: permit - protocol: ip - source: 10.1.10.1 - destination: any ip_igmp_snooping: globally_enabled: true vlans: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF3A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF3A.yml index 0c4690ac464..a06c70b92db 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF3A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF3A.yml @@ -131,21 +131,6 @@ vlans: - id: 161 name: Tenant_A_NFS tenant: Tenant_A -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - sequence: 15 - action: deny - protocol: ip - source: any - destination: 10.1.10.1 -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - action: permit - protocol: ip - source: 10.1.10.1 - destination: any ip_igmp_snooping: globally_enabled: true vlans: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF4A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF4A.yml index 8208cd04c1e..9bb634e0aae 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF4A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1-L2LEAF4A.yml @@ -131,21 +131,6 @@ vlans: - id: 161 name: Tenant_A_NFS tenant: Tenant_A -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - sequence: 15 - action: deny - protocol: ip - source: any - destination: 10.1.10.1 -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - action: permit - protocol: ip - source: 10.1.10.1 - destination: any ip_igmp_snooping: globally_enabled: true vlans: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5A.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5A.yml index de8af59ffe7..07148c86169 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5A.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5A.yml @@ -179,21 +179,6 @@ mlag_configuration: peer_link: Port-Channel3 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - sequence: 15 - action: deny - protocol: ip - source: any - destination: 10.1.10.1 -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - action: permit - protocol: ip - source: 10.1.10.1 - destination: any ip_igmp_snooping: globally_enabled: true vlans: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5B.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5B.yml index 85616fd0194..12cb0c07faf 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5B.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/DC1.L2LEAF5B.yml @@ -179,21 +179,6 @@ mlag_configuration: peer_link: Port-Channel3 reload_delay_mlag: '300' reload_delay_non_mlag: '330' -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - sequence: 15 - action: deny - protocol: ip - source: any - destination: 10.1.10.1 -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - action: permit - protocol: ip - source: 10.1.10.1 - destination: any ip_igmp_snooping: globally_enabled: true vlans: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_services_l2_only_true.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_services_l2_only_true.yml index c1804cdb645..16eede8162a 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_services_l2_only_true.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/evpn_services_l2_only_true.yml @@ -364,21 +364,6 @@ vlans: - id: 413 name: Tenant_D_v6_OP_Zone_3 tenant: Tenant_D -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - sequence: 15 - action: deny - protocol: ip - source: any - destination: 10.1.10.1 -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - action: permit - protocol: ip - source: 10.1.10.1 - destination: any ip_igmp_snooping: globally_enabled: true vlans: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_default.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_default.yml index 465ec5678be..c325d27dee6 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_default.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_default.yml @@ -167,21 +167,6 @@ vlans: - id: 413 name: Tenant_D_v6_OP_Zone_3 tenant: Tenant_D -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - sequence: 15 - action: deny - protocol: ip - source: any - destination: 10.1.10.1 -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - action: permit - protocol: ip - source: 10.1.10.1 - destination: any ip_igmp_snooping: globally_enabled: true vlans: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_fabric.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_fabric.yml index f265a927558..903198ccff5 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_fabric.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_fabric.yml @@ -167,21 +167,6 @@ vlans: - id: 413 name: Tenant_D_v6_OP_Zone_3 tenant: Tenant_D -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - sequence: 15 - action: deny - protocol: ip - source: any - destination: 10.1.10.1 -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - action: permit - protocol: ip - source: 10.1.10.1 - destination: any ip_igmp_snooping: globally_enabled: true vlans: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_host.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_host.yml index 764083829b8..e2e49444ff9 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_host.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_host.yml @@ -173,21 +173,6 @@ vlans: - id: 413 name: Tenant_D_v6_OP_Zone_3 tenant: Tenant_D -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - sequence: 15 - action: deny - protocol: ip - source: any - destination: 10.1.10.1 -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - action: permit - protocol: ip - source: 10.1.10.1 - destination: any ip_igmp_snooping: globally_enabled: true vlans: diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_platform.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_platform.yml index 76c80ed2209..7d131da1770 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_platform.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/mgmt_interface_platform.yml @@ -173,21 +173,6 @@ vlans: - id: 413 name: Tenant_D_v6_OP_Zone_3 tenant: Tenant_D -ip_access_lists: -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-IN_Vlan110 - entries: - - sequence: 15 - action: deny - protocol: ip - source: any - destination: 10.1.10.1 -- name: TEST-IPV4-ACL-WITH-IP-FIELDS-OUT_Vlan110 - entries: - - remark: Some remark will not require source and destination fields. - - action: permit - protocol: ip - source: 10.1.10.1 - destination: any ip_igmp_snooping: globally_enabled: true vlans: diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/ipv4-acls.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/ipv4-acls.md index e6751fc71dc..ac7ac350e85 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/ipv4-acls.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/ipv4-acls.md @@ -10,8 +10,8 @@ | [ipv4_acls](## "ipv4_acls") | List, items: Dictionary | | | | IPv4 extended access-lists supporting substitution on certain fields.
These access-lists can be referenced under node settings `l3_interfaces`, and will only be configured on devices where they are in use.

The substitution is useful when assigning the same access-list on multiple interfaces,
but where certain fields require unique values like the "interface_ip" or "peer_ip".
When using substitution, the interface name will be appended to the ACL name. | | [  - name](## "ipv4_acls.[].name") | String | Required, Unique | | | Access-list name.
When using substitution for any fields, the interface name will be appended to the ACL name. | | [    entries](## "ipv4_acls.[].entries") | List, items: Dictionary | Required | | | ACL Entries. | - | [      - source](## "ipv4_acls.[].entries.[].source") | String | | | | This field supports substitution of the fields "interface_ip" and "peer_ip".
Alternatively it can be set with a static value of "any", "/" or "".
"" without a mask means host.
Required except for remarks. | - | [        destination](## "ipv4_acls.[].entries.[].destination") | String | | | | This field supports substitution of the fields "interface_ip" and "peer_ip".
Alternatively it can be set with a static value of "any", "/" or "".
"" without a mask means host.
Required except for remarks. | + | [      - source](## "ipv4_acls.[].entries.[].source") | String | | | | This field supports substitution of the fields "interface_ip" for SVIs and both "interface_ip" and "peer_ip" for Layer 3 interfaces.
Alternatively it can be set with a static value of "any", "/" or "".
"" without a mask means host.
Required except for remarks. | + | [        destination](## "ipv4_acls.[].entries.[].destination") | String | | | | This field supports substitution of the fields "interface_ip" for SVIs and both "interface_ip" and "peer_ip" for Layer 3 interfaces.
Alternatively it can be set with a static value of "any", "/" or "".
"" without a mask means host.
Required except for remarks. | | [        sequence](## "ipv4_acls.[].entries.[].sequence") | Integer | | | | ACL entry sequence number. | | [        remark](## "ipv4_acls.[].entries.[].remark") | String | | | | Comment up to 100 characters.
If remark is defined, other keys in the ACL entry will be ignored. | | [        action](## "ipv4_acls.[].entries.[].action") | String | | | Valid Values:
- permit
- deny | ACL action.
Required except for remarks. | @@ -56,13 +56,13 @@ # ACL Entries. entries: # required - # This field supports substitution of the fields "interface_ip" and "peer_ip". + # This field supports substitution of the fields "interface_ip" for SVIs and both "interface_ip" and "peer_ip" for Layer 3 interfaces. # Alternatively it can be set with a static value of "any", "/" or "". # "" without a mask means host. # Required except for remarks. - source: - # This field supports substitution of the fields "interface_ip" and "peer_ip". + # This field supports substitution of the fields "interface_ip" for SVIs and both "interface_ip" and "peer_ip" for Layer 3 interfaces. # Alternatively it can be set with a static value of "any", "/" or "". # "" without a mask means host. # Required except for remarks. diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-services-vrfs-svis-settings.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-services-vrfs-svis-settings.md index 0db7ad27056..5e9d9428f3d 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-services-vrfs-svis-settings.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/network-services-vrfs-svis-settings.md @@ -38,8 +38,8 @@ | [                  - <str>](## ".[].vrfs.[].svis.[].nodes.[].ip_virtual_router_addresses.[]") | String | | | | IPv4_address/Mask or IPv4_address.
IPv4_address/Mask will also configure a static route to the SVI per best practice.
| | [                ipv6_virtual_router_addresses](## ".[].vrfs.[].svis.[].nodes.[].ipv6_virtual_router_addresses") | List, items: String | | | | IPv6 VARP addresses.
Requires an IPv6 address to be configured on the SVI.
If ipv6_address_virtuals is also set, ipv6_virtual_router_addresses will take precedence
_if_ there is an ipv6_address configured for the node.
| | [                  - <str>](## ".[].vrfs.[].svis.[].nodes.[].ipv6_virtual_router_addresses.[]") | String | | | | IPv6_address. | - | [                ipv4_acl_in](## ".[].vrfs.[].svis.[].nodes.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`. | - | [                ipv4_acl_out](## ".[].vrfs.[].svis.[].nodes.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. | + | [                ipv4_acl_in](## ".[].vrfs.[].svis.[].nodes.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". | + | [                ipv4_acl_out](## ".[].vrfs.[].svis.[].nodes.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". | | [                ip_helpers](## ".[].vrfs.[].svis.[].nodes.[].ip_helpers") | List, items: Dictionary | | | | IP helper for DHCP relay. | | [                  - ip_helper](## ".[].vrfs.[].svis.[].nodes.[].ip_helpers.[].ip_helper") | String | Required, Unique | | | IPv4 DHCP server IP. | | [                    source_interface](## ".[].vrfs.[].svis.[].nodes.[].ip_helpers.[].source_interface") | String | | | | Interface name to originate DHCP relay packets to DHCP server. | @@ -72,8 +72,8 @@ | [              - <str>](## ".[].vrfs.[].svis.[].ip_virtual_router_addresses.[]") | String | | | | IPv4_address/Mask or IPv4_address.
IPv4_address/Mask will also configure a static route to the SVI per best practice.
| | [            ipv6_virtual_router_addresses](## ".[].vrfs.[].svis.[].ipv6_virtual_router_addresses") | List, items: String | | | | IPv6 VARP addresses.
Requires an IPv6 address to be configured on the SVI.
If ipv6_address_virtuals is also set, ipv6_virtual_router_addresses will take precedence
_if_ there is an ipv6_address configured for the node.
| | [              - <str>](## ".[].vrfs.[].svis.[].ipv6_virtual_router_addresses.[]") | String | | | | IPv6_address. | - | [            ipv4_acl_in](## ".[].vrfs.[].svis.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`. | - | [            ipv4_acl_out](## ".[].vrfs.[].svis.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. | + | [            ipv4_acl_in](## ".[].vrfs.[].svis.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". | + | [            ipv4_acl_out](## ".[].vrfs.[].svis.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". | | [            ip_helpers](## ".[].vrfs.[].svis.[].ip_helpers") | List, items: Dictionary | | | | IP helper for DHCP relay. | | [              - ip_helper](## ".[].vrfs.[].svis.[].ip_helpers.[].ip_helper") | String | Required, Unique | | | IPv4 DHCP server IP. | | [                source_interface](## ".[].vrfs.[].svis.[].ip_helpers.[].source_interface") | String | | | | Interface name to originate DHCP relay packets to DHCP server. | @@ -218,11 +218,11 @@ - # Name of the IPv4 access-list to be assigned in the ingress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". ipv4_acl_in: # Name of the IPv4 Access-list to be assigned in the egress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". ipv4_acl_out: # IP helper for DHCP relay. @@ -349,11 +349,11 @@ - # Name of the IPv4 access-list to be assigned in the ingress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". ipv4_acl_in: # Name of the IPv4 Access-list to be assigned in the egress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". ipv4_acl_out: # IP helper for DHCP relay. diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-interfaces-configuration.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-interfaces-configuration.md index 6cd268add13..49254813718 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-interfaces-configuration.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/node-type-l3-interfaces-configuration.md @@ -23,8 +23,8 @@ | [        peer](## ".defaults.l3_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation. | | [        peer_interface](## ".defaults.l3_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. | | [        peer_ip](## ".defaults.l3_interfaces.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | - | [        ipv4_acl_in](## ".defaults.l3_interfaces.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`.
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | - | [        ipv4_acl_out](## ".defaults.l3_interfaces.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. | + | [        ipv4_acl_in](## ".defaults.l3_interfaces.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | + | [        ipv4_acl_out](## ".defaults.l3_interfaces.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". | | [        static_routes](## ".defaults.l3_interfaces.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. | | [          - prefix](## ".defaults.l3_interfaces.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. | | [        qos_profile](## ".defaults.l3_interfaces.[].qos_profile") | String | | | | QOS service profile. | @@ -58,8 +58,8 @@ | [              peer](## ".node_groups.[].nodes.[].l3_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation. | | [              peer_interface](## ".node_groups.[].nodes.[].l3_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. | | [              peer_ip](## ".node_groups.[].nodes.[].l3_interfaces.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | - | [              ipv4_acl_in](## ".node_groups.[].nodes.[].l3_interfaces.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`.
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | - | [              ipv4_acl_out](## ".node_groups.[].nodes.[].l3_interfaces.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. | + | [              ipv4_acl_in](## ".node_groups.[].nodes.[].l3_interfaces.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | + | [              ipv4_acl_out](## ".node_groups.[].nodes.[].l3_interfaces.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". | | [              static_routes](## ".node_groups.[].nodes.[].l3_interfaces.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. | | [                - prefix](## ".node_groups.[].nodes.[].l3_interfaces.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. | | [              qos_profile](## ".node_groups.[].nodes.[].l3_interfaces.[].qos_profile") | String | | | | QOS service profile. | @@ -89,8 +89,8 @@ | [          peer](## ".node_groups.[].l3_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation. | | [          peer_interface](## ".node_groups.[].l3_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. | | [          peer_ip](## ".node_groups.[].l3_interfaces.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | - | [          ipv4_acl_in](## ".node_groups.[].l3_interfaces.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`.
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | - | [          ipv4_acl_out](## ".node_groups.[].l3_interfaces.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. | + | [          ipv4_acl_in](## ".node_groups.[].l3_interfaces.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | + | [          ipv4_acl_out](## ".node_groups.[].l3_interfaces.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". | | [          static_routes](## ".node_groups.[].l3_interfaces.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. | | [            - prefix](## ".node_groups.[].l3_interfaces.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. | | [          qos_profile](## ".node_groups.[].l3_interfaces.[].qos_profile") | String | | | | QOS service profile. | @@ -122,8 +122,8 @@ | [          peer](## ".nodes.[].l3_interfaces.[].peer") | String | | | | The peer device name. Used for description and documentation. | | [          peer_interface](## ".nodes.[].l3_interfaces.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. | | [          peer_ip](## ".nodes.[].l3_interfaces.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | - | [          ipv4_acl_in](## ".nodes.[].l3_interfaces.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`.
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | - | [          ipv4_acl_out](## ".nodes.[].l3_interfaces.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. | + | [          ipv4_acl_in](## ".nodes.[].l3_interfaces.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | + | [          ipv4_acl_out](## ".nodes.[].l3_interfaces.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". | | [          static_routes](## ".nodes.[].l3_interfaces.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. | | [            - prefix](## ".nodes.[].l3_interfaces.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. | | [          qos_profile](## ".nodes.[].l3_interfaces.[].qos_profile") | String | | | | QOS service profile. | @@ -153,8 +153,8 @@ | [    peer](## "l3_interface_profiles.[].peer") | String | | | | The peer device name. Used for description and documentation. | | [    peer_interface](## "l3_interface_profiles.[].peer_interface") | String | | | | The peer device interface. Used for description and documentation. | | [    peer_ip](## "l3_interface_profiles.[].peer_ip") | String | | | | The peer device IPv4 address (no mask). Used as default route gateway if `set_default_route` is true and `ip` is an IP address. | - | [    ipv4_acl_in](## "l3_interface_profiles.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`.
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | - | [    ipv4_acl_out](## "l3_interface_profiles.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. | + | [    ipv4_acl_in](## "l3_interface_profiles.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip".
Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. | + | [    ipv4_acl_out](## "l3_interface_profiles.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". | | [    static_routes](## "l3_interface_profiles.[].static_routes") | List, items: Dictionary | | | Min Length: 1 | Configure IPv4 static routes pointing to `peer_ip`. | | [      - prefix](## "l3_interface_profiles.[].static_routes.[].prefix") | String | Required | | | IPv4_network/Mask. | | [    qos_profile](## "l3_interface_profiles.[].qos_profile") | String | | | | QOS service profile. | @@ -237,12 +237,12 @@ peer_ip: # Name of the IPv4 access-list to be assigned in the ingress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". # Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. ipv4_acl_in: # Name of the IPv4 Access-list to be assigned in the egress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". ipv4_acl_out: # Configure IPv4 static routes pointing to `peer_ip`. @@ -363,12 +363,12 @@ peer_ip: # Name of the IPv4 access-list to be assigned in the ingress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". # Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. ipv4_acl_in: # Name of the IPv4 Access-list to be assigned in the egress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". ipv4_acl_out: # Configure IPv4 static routes pointing to `peer_ip`. @@ -476,12 +476,12 @@ peer_ip: # Name of the IPv4 access-list to be assigned in the ingress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". # Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. ipv4_acl_in: # Name of the IPv4 Access-list to be assigned in the egress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". ipv4_acl_out: # Configure IPv4 static routes pointing to `peer_ip`. @@ -595,12 +595,12 @@ peer_ip: # Name of the IPv4 access-list to be assigned in the ingress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". # Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. ipv4_acl_in: # Name of the IPv4 Access-list to be assigned in the egress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". ipv4_acl_out: # Configure IPv4 static routes pointing to `peer_ip`. @@ -708,12 +708,12 @@ peer_ip: # Name of the IPv4 access-list to be assigned in the ingress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". # Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. ipv4_acl_in: # Name of the IPv4 Access-list to be assigned in the egress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". ipv4_acl_out: # Configure IPv4 static routes pointing to `peer_ip`. diff --git a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/svi-profiles.md b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/svi-profiles.md index a0a20c84722..7f1ce01b825 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/docs/tables/svi-profiles.md +++ b/ansible_collections/arista/avd/roles/eos_designs/docs/tables/svi-profiles.md @@ -28,8 +28,8 @@ | [          - <str>](## "svi_profiles.[].nodes.[].ip_virtual_router_addresses.[]") | String | | | | IPv4_address/Mask or IPv4_address.
IPv4_address/Mask will also configure a static route to the SVI per best practice.
| | [        ipv6_virtual_router_addresses](## "svi_profiles.[].nodes.[].ipv6_virtual_router_addresses") | List, items: String | | | | IPv6 VARP addresses.
Requires an IPv6 address to be configured on the SVI.
If ipv6_address_virtuals is also set, ipv6_virtual_router_addresses will take precedence
_if_ there is an ipv6_address configured for the node.
| | [          - <str>](## "svi_profiles.[].nodes.[].ipv6_virtual_router_addresses.[]") | String | | | | IPv6_address. | - | [        ipv4_acl_in](## "svi_profiles.[].nodes.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`. | - | [        ipv4_acl_out](## "svi_profiles.[].nodes.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. | + | [        ipv4_acl_in](## "svi_profiles.[].nodes.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". | + | [        ipv4_acl_out](## "svi_profiles.[].nodes.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". | | [        ip_helpers](## "svi_profiles.[].nodes.[].ip_helpers") | List, items: Dictionary | | | | IP helper for DHCP relay. | | [          - ip_helper](## "svi_profiles.[].nodes.[].ip_helpers.[].ip_helper") | String | Required, Unique | | | IPv4 DHCP server IP. | | [            source_interface](## "svi_profiles.[].nodes.[].ip_helpers.[].source_interface") | String | | | | Interface name to originate DHCP relay packets to DHCP server. | @@ -63,8 +63,8 @@ | [      - <str>](## "svi_profiles.[].ip_virtual_router_addresses.[]") | String | | | | IPv4_address/Mask or IPv4_address.
IPv4_address/Mask will also configure a static route to the SVI per best practice.
| | [    ipv6_virtual_router_addresses](## "svi_profiles.[].ipv6_virtual_router_addresses") | List, items: String | | | | IPv6 VARP addresses.
Requires an IPv6 address to be configured on the SVI.
If ipv6_address_virtuals is also set, ipv6_virtual_router_addresses will take precedence
_if_ there is an ipv6_address configured for the node.
| | [      - <str>](## "svi_profiles.[].ipv6_virtual_router_addresses.[]") | String | | | | IPv6_address. | - | [    ipv4_acl_in](## "svi_profiles.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls`. | - | [    ipv4_acl_out](## "svi_profiles.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls`. | + | [    ipv4_acl_in](## "svi_profiles.[].ipv4_acl_in") | String | | | | Name of the IPv4 access-list to be assigned in the ingress direction.
The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". | + | [    ipv4_acl_out](## "svi_profiles.[].ipv4_acl_out") | String | | | | Name of the IPv4 Access-list to be assigned in the egress direction.
The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". | | [    ip_helpers](## "svi_profiles.[].ip_helpers") | List, items: Dictionary | | | | IP helper for DHCP relay. | | [      - ip_helper](## "svi_profiles.[].ip_helpers.[].ip_helper") | String | Required, Unique | | | IPv4 DHCP server IP. | | [        source_interface](## "svi_profiles.[].ip_helpers.[].source_interface") | String | | | | Interface name to originate DHCP relay packets to DHCP server. | @@ -175,11 +175,11 @@ - # Name of the IPv4 access-list to be assigned in the ingress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". ipv4_acl_in: # Name of the IPv4 Access-list to be assigned in the egress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". ipv4_acl_out: # IP helper for DHCP relay. @@ -309,11 +309,11 @@ - # Name of the IPv4 access-list to be assigned in the ingress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". ipv4_acl_in: # Name of the IPv4 Access-list to be assigned in the egress direction. - # The access-list must be defined under `ipv4_acls`. + # The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". ipv4_acl_out: # IP helper for DHCP relay. diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py index 542c3cb64c4..a1199e42d8f 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/network_services/utils.py @@ -602,6 +602,8 @@ def _svi_acls(self) -> dict[str, dict[str, dict]]: Only contains interfaces with ACLs and only the ACLs that are set, so use `get(self._svi_acls, f"{interface_name}.ipv4_acl_in")` to get the value. """ + if not self.shared_utils.network_services_l3: + return None svi_acls = {} for tenant in self.shared_utils.filtered_tenants: diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json index 43480864e03..0775f8596c0 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.jsonschema.json @@ -6224,12 +6224,12 @@ "properties": { "source": { "type": "string", - "description": "This field supports substitution of the fields \"interface_ip\" and \"peer_ip\".\nAlternatively it can be set with a static value of \"any\", \"/\" or \"\".\n\"\" without a mask means host.\nRequired except for remarks.", + "description": "This field supports substitution of the fields \"interface_ip\" for SVIs and both \"interface_ip\" and \"peer_ip\" for Layer 3 interfaces.\nAlternatively it can be set with a static value of \"any\", \"/\" or \"\".\n\"\" without a mask means host.\nRequired except for remarks.", "title": "Source" }, "destination": { "type": "string", - "description": "This field supports substitution of the fields \"interface_ip\" and \"peer_ip\".\nAlternatively it can be set with a static value of \"any\", \"/\" or \"\".\n\"\" without a mask means host.\nRequired except for remarks.", + "description": "This field supports substitution of the fields \"interface_ip\" for SVIs and both \"interface_ip\" and \"peer_ip\" for Layer 3 interfaces.\nAlternatively it can be set with a static value of \"any\", \"/\" or \"\".\n\"\" without a mask means host.\nRequired except for remarks.", "title": "Destination" }, "sequence": { @@ -7167,12 +7167,12 @@ "title": "Peer IP" }, "ipv4_acl_in": { - "description": "Name of the IPv4 access-list to be assigned in the ingress direction.\nThe access-list must be defined under `ipv4_acls`.\nRequired for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`.", + "description": "Name of the IPv4 access-list to be assigned in the ingress direction.\nThe access-list must be defined under `ipv4_acls` and supports field substitution for \"interface_ip\" and \"peer_ip\".\nRequired for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`.", "type": "string", "title": "IPv4 Acl In" }, "ipv4_acl_out": { - "description": "Name of the IPv4 Access-list to be assigned in the egress direction.\nThe access-list must be defined under `ipv4_acls`.", + "description": "Name of the IPv4 Access-list to be assigned in the egress direction.\nThe access-list must be defined under `ipv4_acls` and supports field substitution for \"interface_ip\" and \"peer_ip\".", "type": "string", "title": "IPv4 Acl Out" }, @@ -52525,12 +52525,12 @@ "title": "IPv6 Virtual Router Addresses" }, "ipv4_acl_in": { - "description": "Name of the IPv4 access-list to be assigned in the ingress direction.\nThe access-list must be defined under `ipv4_acls`.", + "description": "Name of the IPv4 access-list to be assigned in the ingress direction.\nThe access-list must be defined under `ipv4_acls` and supports substitution of the field \"interface_ip\".", "type": "string", "title": "IPv4 Acl In" }, "ipv4_acl_out": { - "description": "Name of the IPv4 Access-list to be assigned in the egress direction.\nThe access-list must be defined under `ipv4_acls`.", + "description": "Name of the IPv4 Access-list to be assigned in the egress direction.\nThe access-list must be defined under `ipv4_acls` and supports substitution of the field \"interface_ip\".", "type": "string", "title": "IPv4 Acl Out" }, @@ -54383,12 +54383,12 @@ "title": "IPv6 Virtual Router Addresses" }, "ipv4_acl_in": { - "description": "Name of the IPv4 access-list to be assigned in the ingress direction.\nThe access-list must be defined under `ipv4_acls`.", + "description": "Name of the IPv4 access-list to be assigned in the ingress direction.\nThe access-list must be defined under `ipv4_acls` and supports substitution of the field \"interface_ip\".", "type": "string", "title": "IPv4 Acl In" }, "ipv4_acl_out": { - "description": "Name of the IPv4 Access-list to be assigned in the egress direction.\nThe access-list must be defined under `ipv4_acls`.", + "description": "Name of the IPv4 Access-list to be assigned in the egress direction.\nThe access-list must be defined under `ipv4_acls` and supports substitution of the field \"interface_ip\".", "type": "string", "title": "IPv4 Acl Out" }, diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml index a594ee841c8..400e44505d6 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/eos_designs.schema.yml @@ -1698,7 +1698,7 @@ keys: source: type: str description: 'This field supports substitution of the fields "interface_ip" - and "peer_ip". + for SVIs and both "interface_ip" and "peer_ip" for Layer 3 interfaces. Alternatively it can be set with a static value of "any", "/" or "". @@ -1709,7 +1709,7 @@ keys: destination: type: str description: 'This field supports substitution of the fields "interface_ip" - and "peer_ip". + for SVIs and both "interface_ip" and "peer_ip" for Layer 3 interfaces. Alternatively it can be set with a static value of "any", "/" or "". @@ -8699,7 +8699,8 @@ $defs: description: 'Name of the IPv4 access-list to be assigned in the ingress direction. - The access-list must be defined under `ipv4_acls`. + The access-list must be defined under `ipv4_acls` and supports field substitution + for "interface_ip" and "peer_ip". Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as ''trusted'' under `wan_carriers`.' @@ -8710,7 +8711,8 @@ $defs: description: 'Name of the IPv4 Access-list to be assigned in the egress direction. - The access-list must be defined under `ipv4_acls`.' + The access-list must be defined under `ipv4_acls` and supports field substitution + for "interface_ip" and "peer_ip".' type: str convert_types: - int @@ -9105,14 +9107,16 @@ $defs: ipv4_acl_in: description: 'Name of the IPv4 access-list to be assigned in the ingress direction. - The access-list must be defined under `ipv4_acls`.' + The access-list must be defined under `ipv4_acls` and supports substitution + of the field "interface_ip".' type: str convert_types: - int ipv4_acl_out: description: 'Name of the IPv4 Access-list to be assigned in the egress direction. - The access-list must be defined under `ipv4_acls`.' + The access-list must be defined under `ipv4_acls` and supports substitution + of the field "interface_ip".' type: str convert_types: - int diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type_l3_interfaces.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type_l3_interfaces.schema.yml index 280447a3c7f..a16663c89c3 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type_l3_interfaces.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_node_type_l3_interfaces.schema.yml @@ -80,7 +80,7 @@ $defs: ipv4_acl_in: description: |- Name of the IPv4 access-list to be assigned in the ingress direction. - The access-list must be defined under `ipv4_acls`. + The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". Required for all WAN interfaces (`wan_carrier` is set) unless the carrier is marked as 'trusted' under `wan_carriers`. type: str convert_types: @@ -88,7 +88,7 @@ $defs: ipv4_acl_out: description: |- Name of the IPv4 Access-list to be assigned in the egress direction. - The access-list must be defined under `ipv4_acls`. + The access-list must be defined under `ipv4_acls` and supports field substitution for "interface_ip" and "peer_ip". type: str convert_types: - int diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_svi_settings.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_svi_settings.schema.yml index 777411f555e..1270e2bfb71 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_svi_settings.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/defs_svi_settings.schema.yml @@ -83,14 +83,14 @@ $defs: ipv4_acl_in: description: |- Name of the IPv4 access-list to be assigned in the ingress direction. - The access-list must be defined under `ipv4_acls`. + The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". type: str convert_types: - int ipv4_acl_out: description: |- Name of the IPv4 Access-list to be assigned in the egress direction. - The access-list must be defined under `ipv4_acls`. + The access-list must be defined under `ipv4_acls` and supports substitution of the field "interface_ip". type: str convert_types: - int diff --git a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/ipv4_acls.schema.yml b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/ipv4_acls.schema.yml index 8a60ce479cb..76a4d8deeb5 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/ipv4_acls.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_designs/schemas/schema_fragments/ipv4_acls.schema.yml @@ -34,14 +34,14 @@ keys: source: type: str description: |- - This field supports substitution of the fields "interface_ip" and "peer_ip". + This field supports substitution of the fields "interface_ip" for SVIs and both "interface_ip" and "peer_ip" for Layer 3 interfaces. Alternatively it can be set with a static value of "any", "/" or "". "" without a mask means host. Required except for remarks. destination: type: str description: |- - This field supports substitution of the fields "interface_ip" and "peer_ip". + This field supports substitution of the fields "interface_ip" for SVIs and both "interface_ip" and "peer_ip" for Layer 3 interfaces. Alternatively it can be set with a static value of "any", "/" or "". "" without a mask means host. Required except for remarks.