Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat(eos_cli_config_gen): Added support for IP locking enforcement disabled and address family IPv4/IPv6 #4803

Merged
merged 6 commits into from
Dec 18, 2024
Merged

Feat(eos_cli_config_gen): Added support for IP locking enforcement disabled and address family IPv4/IPv6 #4803

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
d80a136
added support for Disable enforcement for IPv4 locked addresses
Dec 10, 2024
caad771
updated ethernet template
Dec 10, 2024
ce1236e
updated the schema
Dec 11, 2024
b7f3db4
updated the schema for description
Dec 12, 2024
f521c3a
updated the schema and j2 logic
Dec 17, 2024
1baca30
Merge branch 'devel' into issue-4624
gmuloc Dec 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions ...llections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/host1.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3184,10 +3184,17 @@ vlan internal order ascending range 10 40
!
vlan 110
name PR01-DMZ
!
address locking
address-family ipv4
address-family ipv6
!
vlan 111
name PRIVATE_VLAN_COMMUNITY
private-vlan community primary vlan 110
!
address locking
locked-address ipv4 enforcement disabled
!
vlan 112
name PRIVATE_VLAN_ISOLATED
Expand Down Expand Up @@ -3948,6 +3955,10 @@ interface Ethernet4
mtu 9100
no switchport
snmp trap link-change
!
address locking
address-family ipv4
address-family ipv6
ipv6 enable
ipv6 address 2020::2020/64
ipv6 address FE80:FEA::AB65/64 link-local
Expand All @@ -3971,6 +3982,10 @@ interface Ethernet5
mtu 9100
switchport access vlan 220
no switchport
!
address locking
address-family ipv4 disabled
address-family ipv6 disabled
ip ospf cost 99
ip ospf network point-to-point
ip ospf authentication message-digest
Expand Down Expand Up @@ -4001,6 +4016,11 @@ interface Ethernet6
switchport trunk allowed vlan 110-111,210-211
switchport mode trunk
switchport
!
address locking
address-family ipv6
address-family ipv4 disabled
locked-address ipv4 enforcement disabled
no lldp transmit
ptp enable
ptp announce interval 3
Expand Down
20 changes: 20 additions & 0 deletions ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/host1.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1059,10 +1059,17 @@ clock timezone GMT
!
vlan 110
name PR01-DMZ
!
address locking
address-family ipv4
address-family ipv6
!
vlan 111
name PRIVATE_VLAN_COMMUNITY
private-vlan community primary vlan 110
!
address locking
locked-address ipv4 enforcement disabled
!
vlan 112
name PRIVATE_VLAN_ISOLATED
Expand Down Expand Up @@ -2390,6 +2397,10 @@ interface Ethernet4
mtu 9100
no switchport
snmp trap link-change
!
address locking
address-family ipv4
address-family ipv6
ipv6 enable
ipv6 address 2020::2020/64
ipv6 address FE80:FEA::AB65/64 link-local
Expand All @@ -2413,6 +2424,10 @@ interface Ethernet5
mtu 9100
switchport access vlan 220
no switchport
!
address locking
address-family ipv4 disabled
address-family ipv6 disabled
gmuloc marked this conversation as resolved.
Show resolved Hide resolved
ip ospf cost 99
ip ospf network point-to-point
ip ospf authentication message-digest
Expand Down Expand Up @@ -2443,6 +2458,11 @@ interface Ethernet6
switchport trunk allowed vlan 110-111,210-211
switchport mode trunk
switchport
!
address locking
address-family ipv6
address-family ipv4 disabled
locked-address ipv4 enforcement disabled
no lldp transmit
ptp enable
ptp announce interval 3
Expand Down
13 changes: 13 additions & 0 deletions .../arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/host1/ethernet-interfaces.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -317,6 +317,10 @@ ethernet_interfaces:
port_security:
violation:
mode: protect
address_locking:
address_family:
ipv4: true
ipv6: true

- name: Ethernet5
description: Molecule Routing
Expand Down Expand Up @@ -355,6 +359,10 @@ ethernet_interfaces:
access_vlan: 220
sync_e:
enable: true
address_locking:
address_family:
ipv4: false
ipv6: false

- name: Ethernet6
logging:
Expand Down Expand Up @@ -404,6 +412,11 @@ ethernet_interfaces:
sync_e:
enable: true
priority: disabled
address_locking:
ipv4_enforcement_disabled: true
address_family:
ipv4: false
ipv6: true

- name: Ethernet7
description: Molecule L2
Expand Down
6 changes: 6 additions & 0 deletions ...le_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/host1/vlans.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,18 @@ vlans:
- id: 110
tenant: Tenant_A
name: PR01-DMZ
address_locking:
address_family:
ipv4: true
ipv6: true
- id: 111
tenant: Tenant_A
name: PRIVATE_VLAN_COMMUNITY
private_vlan:
type: community
primary_vlan: 110
address_locking:
ipv4_enforcement_disabled: true
- id: 112
tenant: Tenant_A
name: PRIVATE_VLAN_ISOLATED
Expand Down
24 changes: 22 additions & 2 deletions ...lections/arista/avd/roles/eos_cli_config_gen/docs/tables/ethernet-interfaces.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

16 changes: 16 additions & 0 deletions ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/vlans.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

20 changes: 19 additions & 1 deletion python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/ethernet-interfaces.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -358,7 +358,25 @@ interface {{ ethernet_interface.name }}
{% elif ethernet_interface.snmp_trap_link_change is arista.avd.defined(true) %}
snmp trap link-change
{% endif %}
{% if ethernet_interface.address_locking.ipv4 is arista.avd.defined(true) or ethernet_interface.address_locking.ipv6 is arista.avd.defined(true) %}
{% if ethernet_interface.address_locking.address_family.ipv4 is arista.avd.defined or ethernet_interface.address_locking.address_family.ipv6 is arista.avd.defined or ethernet_interface.address_locking.ipv4_enforcement_disabled is arista.avd.defined(true) %}
!
address locking
{% if ethernet_interface.address_locking.address_family.ipv4 is arista.avd.defined(true) %}
address-family ipv4
{% endif %}
{% if ethernet_interface.address_locking.address_family.ipv6 is arista.avd.defined(true) %}
address-family ipv6
{% endif %}
{% if ethernet_interface.address_locking.address_family.ipv4 is arista.avd.defined(false) %}
address-family ipv4 disabled
{% endif %}
{% if ethernet_interface.address_locking.address_family.ipv6 is arista.avd.defined(false) %}
address-family ipv6 disabled
{% endif %}
{% if ethernet_interface.address_locking.ipv4_enforcement_disabled is arista.avd.defined(true) %}
locked-address ipv4 enforcement disabled
{% endif %}
{% elif ethernet_interface.address_locking.ipv4 is arista.avd.defined(true) or ethernet_interface.address_locking.ipv6 is arista.avd.defined(true) %}
Vibhu-gslab marked this conversation as resolved.
Show resolved Hide resolved
{% set address_locking_cli = "address locking" %}
{% if ethernet_interface.address_locking.ipv4 is arista.avd.defined(true) %}
{% set address_locking_cli = address_locking_cli + " ipv4" %}
Expand Down
13 changes: 13 additions & 0 deletions python-avd/pyavd/_eos_cli_config_gen/j2templates/eos/vlans.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,17 @@ vlan {{ vlan.id }}
vlan.private_vlan.primary_vlan is arista.avd.defined %}
private-vlan {{ vlan.private_vlan.type }} primary vlan {{ vlan.private_vlan.primary_vlan }}
{% endif %}
{% if vlan.address_locking.address_family.ipv4 is arista.avd.defined or vlan.address_locking.address_family.ipv6 is arista.avd.defined or vlan.address_locking.ipv4_enforcement_disabled is arista.avd.defined(true) %}
!
address locking
{% if vlan.address_locking.address_family.ipv4 is arista.avd.defined(true) %}
address-family ipv4
{% endif %}
{% if vlan.address_locking.address_family.ipv6 is arista.avd.defined(true) %}
address-family ipv6
{% endif %}
{% if vlan.address_locking.ipv4_enforcement_disabled is arista.avd.defined(true) %}
locked-address ipv4 enforcement disabled
{% endif %}
{% endif %}
{% endfor %}
Loading
Loading