Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add the ability to add access-group membership in network services #3534

Closed
1 task done
theotherguy2175 opened this issue Jan 23, 2024 · 5 comments · Fixed by #4163
Closed
1 task done

Add the ability to add access-group membership in network services #3534

theotherguy2175 opened this issue Jan 23, 2024 · 5 comments · Fixed by #4163
Assignees
@laxmikantchintakindi
Labels
type: enhancement New feature or request

Comments

@theotherguy2175
Copy link

Enhancement summary

It would be nice when defining a L3 / SVI in network services to also be able to add an access group right there. That was the tags take care of only adding the L3/SVI as it already does but also only add the access group to the devices that need it.

Which component of AVD is impacted

eos_designs

Use case example

It would be nice when defining a L3 / SVI in network services to also be able to add an access group right there. That was the tags take care of only adding the L3/SVI as it already does but also only add the access group to the devices that need it. in-network

Describe the solution you would like

It would be nice when defining a L3 / SVI in network services to also be able to add an access group right there. That was the tags take care of only adding the L3/SVI as it already does but also only add the access group to the devices that need it. in-network

Describe alternatives you have considered

No response

Additional context

No response

Contributing Guide

  • I agree to follow this project's Code of Conduct
@theotherguy2175 theotherguy2175 added the type: enhancement New feature or request label Jan 23, 2024
@ClausHolbechArista
Copy link
Contributor

ClausHolbechArista commented Jan 24, 2024
edited
Loading

Thank you for a great idea! I think the simplest implementation would be to have a root-level key for defining the access-lists centrally and then adding them as needed to the devices. Similar to evpn_vlan_bundles.
At first we would have to ignore missing access lists, to be non-breaking, but in the next major release of AVD (5.0) we could error out if the access_group_in/out keys are pointing to a missing ACL.

@theotherguy2175
Copy link
Author

Yeah having it defined somewhere like network services and then the ability to tag would be great.

It would just be nice to have only the access list creation and application only be on the devices that are tagged that way

@github-actions GitHub Actions
Copy link

github-actions bot commented May 3, 2024

This issue is stale because it has been open 90 days with no activity. The issue will be reviewed by a maintainer and may be closed

@ClausHolbechArista
Copy link
Contributor

We have added ipv4_acl_in/ipv4_acl_out in #3791. The ACLs must be defined under the root key ipv4_acls.

So this issue will track the same for l3_interfaces under network services.

Merged
4 tasks
@gmuloc
Copy link
Contributor

gmuloc commented Jul 26, 2024

SVI was implemented in #4096

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@laxmikantchintakindi laxmikantchintakindi

Labels
type: enhancement New feature or request
Projects
None yet
Milestone
No milestone
4 participants
@gmuloc @theotherguy2175 @ClausHolbechArista @laxmikantchintakindi