-
Notifications
You must be signed in to change notification settings - Fork 278
Feat(eos_designs): Add support for dot1x_settings.web_authentication.ipv4_standard_acl
#7209
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: devel
Are you sure you want to change the base?
Changes from all commits
356a5b7
ecd5ce2
93d3c18
b478cf4
0ebd2bd
2d8e852
dfa2e03
ef98444
fdc88f3
6b91491
c365004
13b9ec1
8219c47
df5df02
3c58b17
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -247,6 +247,11 @@ keys: | |
| SSL profile name, enabling HTTPS redirection on port 443. | ||
| Without this, only HTTP redirection is supported. | ||
| Can be used alone (when RADIUS provides the URL dynamically) or together with `url`. | ||
| ipv4_standard_acl: | ||
| type: str | ||
| description: |- | ||
| Standard IPv4 ACL name. | ||
| This ACL must be present in `ipv4_standard_acls` catalog. | ||
|
Comment on lines
+250
to
+254
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We reference "standard ACL" here due to the existing eos_cli_config_gen model and output of the EOS CLI helper which states that it expects a standard ACL: In reality this seems like an EOS CLI bug to me. EOS perfectly accepts references to either standard or extended ACL: but only extended ACL makes sense here. By default (when no ACL is provided via When ACL is explicitly specified by the user, those implicit redirects are not auto-configured and EOS instead applies what user asked (assuming ACL rules will cave When we try to apply standard ACL - my understanding is that this will break redirect to the portal and this ACL will simply be applied in the ingress direction on the port (filtering ingress traffic based on the source IP).
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. As we are now forcing the ACL referenced by captive-portal to be present in the standard IPv4 ACL catalogue - we may be forcing users to the incorrect configuration, as users now can not reference correct extended IPv4 ACL with correct
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Agreed with Alexey. It looks like a cosmetic bug in the CLI definition. An extended ACL is required for the redirection to work properly. We need to do the following: 1- Update eos_cli_config_gen 1 and 2 in the same PR is fine. |
||
| start_limit_infinite: | ||
| type: bool | ||
| description: |- | ||
|
|
||
Uh oh!
There was an error while loading. Please reload this page.