aristanetworks
diff --git a/‎ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/documentation/devices/host1.md‎
Lines changed: 26 additions & 29 deletions b/‎ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/documentation/devices/host1.md‎
Lines changed: 26 additions & 29 deletions
diff --git a/‎ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/intended/configs/host1.cfg‎
Lines changed: 24 additions & 0 deletions b/‎ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/intended/configs/host1.cfg‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/inventory/host_vars/host1/ipv6-access-lists.yml‎
Lines changed: 149 additions & 15 deletions b/‎ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen/inventory/host_vars/host1/ipv6-access-lists.yml‎
Lines changed: 149 additions & 15 deletions
diff --git a/‎ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen_deprecated_vars/documentation/devices/host1.md‎
Lines changed: 64 additions & 0 deletions b/‎ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen_deprecated_vars/documentation/devices/host1.md‎
Lines changed: 64 additions & 0 deletions
diff --git a/‎ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen_deprecated_vars/intended/configs/host1.cfg‎
Lines changed: 19 additions & 0 deletions b/‎ansible_collections/arista/avd/extensions/molecule/eos_cli_config_gen_deprecated_vars/intended/configs/host1.cfg‎
Lines changed: 19 additions & 0 deletions
@@ -12164,45 +12164,42 @@ ipv6 access-list standard ipv6_test1
 
 #### IPv6 Extended Access-lists Summary
 
-##### acl_qos_tc0_v6
+##### ACL_SEQUENCE_AND_COUNTERS
 
-| Sequence | Action |
-| -------- | ------ |
-| 10 | permit ipv6 any any dscp cs1 |
-
-##### acl_qos_tc5_v6
-
-| Sequence | Action |
-| -------- | ------ |
-| 10 | permit ipv6 any 2001:db8::/48 |
-
-##### TEST1
-
-| Sequence | Action |
-| -------- | ------ |
-| 5 | deny ipv6 fe80::/64 any |
-| 10 | permit ipv6 fe90::/64 any |
+ACL has counting mode `counters per-entry` enabled!
 
 ##### TEST2
 
 ACL has counting mode `counters per-entry` enabled!
 
-| Sequence | Action |
-| -------- | ------ |
-| 5 | permit ipv6 2001:db8::/64 any |
-| 10 | deny ipv6 2001:db8::/32 any |
-
-##### TEST3
-
-| Sequence | Action |
-| -------- | ------ |
-| 5 | deny ipv6 2001:db8:1000::/64 any |
-| 10 | permit ipv6 2001:db8::/32 any |
-
 #### IPv6 Extended Access-lists Device Configuration
 
 ```eos
 !
+ipv6 access-list ACL_NO_SEQUENCE
+   remark test acl without sequence numbers
+   deny udp any any log
+   permit icmpv6 any any 3 4
+   permit icmpv6 any any unreachable
+   permit ipv6 any any dscp 46 3
+   permit ipv6 any any tracked hop-limit gt 3 dscp ef
+   permit ipv6 any any nexthop-group NH_TEST hop-limit eq 254
+   permit vlan 235 0x1FF inner 124 0x001 ipv6 any any
+   permit vlan inner 123 0x000 ipv6 any any
+   permit vlan 234 0xFFF ipv6 any any
+   permit icmpv6 any any
+!
+ipv6 access-list ACL_SEQUENCE_AND_COUNTERS
+   counters per-entry
+   10 remark test acl with sequence numbers
+   20 permit ipv6 host fe81::1 any
+   30 permit tcp fe82::/64 any established
+   40 permit tcp any gt 1023 host fe83::1 eq 22
+   50 permit tcp any range 1000 1100 any range 10 20
+   4294967295 deny ipv6 any any
+!
+ipv6 access-list ACL_WITHOUT_ENTRIES
+!
 ipv6 access-list TEST1
    5 deny ipv6 fe80::/64 any
    10 permit ipv6 fe90::/64 any
 
@@ -4988,6 +4988,30 @@ ip address virtual source-nat vrf TEST_04 address 1.1.1.3
 ipv6 address virtual source-nat vrf TEST_03 address 2001:db8:85a3::8a2e:370:7334
 ipv6 address virtual source-nat vrf TEST_04 address 2001:db8:85a3::8a2e:370:7335
 !
+ipv6 access-list ACL_NO_SEQUENCE
+   remark test acl without sequence numbers
+   deny udp any any log
+   permit icmpv6 any any 3 4
+   permit icmpv6 any any unreachable
+   permit ipv6 any any dscp 46 3
+   permit ipv6 any any tracked hop-limit gt 3 dscp ef
+   permit ipv6 any any nexthop-group NH_TEST hop-limit eq 254
+   permit vlan 235 0x1FF inner 124 0x001 ipv6 any any
+   permit vlan inner 123 0x000 ipv6 any any
+   permit vlan 234 0xFFF ipv6 any any
+   permit icmpv6 any any
+!
+ipv6 access-list ACL_SEQUENCE_AND_COUNTERS
+   counters per-entry
+   10 remark test acl with sequence numbers
+   20 permit ipv6 host fe81::1 any
+   30 permit tcp fe82::/64 any established
+   40 permit tcp any gt 1023 host fe83::1 eq 22
+   50 permit tcp any range 1000 1100 any range 10 20
+   4294967295 deny ipv6 any any
+!
+ipv6 access-list ACL_WITHOUT_ENTRIES
+!
 ipv6 access-list TEST1
    5 deny ipv6 fe80::/64 any
    10 permit ipv6 fe90::/64 any
 
@@ -1,31 +1,165 @@
 ---
-### IPv6 ACLs ###
+# eos - extended access-lists - improved data model, ipv6-access-lists.j2
 ipv6_access_lists:
   - name: acl_qos_tc0_v6
-    sequence_numbers:
+    entries:
       - sequence: 10
-        action: "permit ipv6 any any dscp cs1"
+        action: permit
+        protocol: ipv6
+        source: any
+        destination: any
+        dscp: cs1
   - name: acl_qos_tc5_v6
-    sequence_numbers:
+    entries:
       - sequence: 10
-        action: "permit ipv6 any 2001:db8::/48"
+        action: permit
+        protocol: ipv6
+        source: any
+        destination: 2001:db8::/48
   - name: TEST1
-    sequence_numbers:
-      - sequence: 10
-        action: "permit ipv6 fe90::/64 any"
+    entries:
       - sequence: 5
-        action: "deny ipv6 fe80::/64 any"
+        action: deny
+        protocol: ipv6
+        source: fe80::/64
+        destination: any
+      - sequence: 10
+        action: permit
+        protocol: ipv6
+        source: fe90::/64
+        destination: any
   - name: TEST2
     counters_per_entry: true
-    sequence_numbers:
+    entries:
       - sequence: 5
-        action: "permit ipv6 2001:db8::/64 any"
+        action: permit
+        protocol: ipv6
+        source: 2001:db8::/64
+        destination: any
       - sequence: 10
-        action: "deny ipv6 2001:db8::/32 any"
+        action: deny
+        protocol: ipv6
+        source: 2001:db8::/32
+        destination: any
   - name: TEST3
     counters_per_entry: false
-    sequence_numbers:
+    entries:
       - sequence: 5
-        action: "deny ipv6 2001:db8:1000::/64 any"
+        action: deny
+        protocol: ipv6
+        source: 2001:db8:1000::/64
+        destination: any
       - sequence: 10
-        action: "permit ipv6 2001:db8::/32 any"
+        action: permit
+        protocol: ipv6
+        source: 2001:db8::/32
+        destination: any
+  - name: ACL_SEQUENCE_AND_COUNTERS
+    counters_per_entry: true
+    entries:
+      - sequence: 10
+        remark: test acl with sequence numbers
+      - sequence: 20
+        action: permit
+        protocol: ipv6
+        source: fe81::1
+        destination: any
+      - sequence: 30
+        action: permit
+        protocol: tcp
+        source: fe82::/64
+        destination: any
+        tcp_flags: ["established"]
+      - sequence: 40
+        action: permit
+        protocol: tcp
+        source: any
+        source_ports_match: gt
+        source_ports: [1023]
+        destination: fe83::1
+        destination_ports: [22]
+      # test port range
+      - sequence: 50
+        action: permit
+        protocol: tcp
+        source: any
+        source_ports_match: range
+        source_ports: [1000, 1100]
+        destination: any
+        destination_ports_match: range
+        destination_ports: [10, 20]
+      # verify issue 4423 where a protocol was missing
+      # and an entry with only the sequence number was rendered.
+      - sequence: 60
+        source: any
+        destination: any
+      - sequence: 4294967295
+        action: deny
+        protocol: ipv6
+        source: any
+        destination: any
+  - name: ACL_NO_SEQUENCE
+    entries:
+      - remark: test acl without sequence numbers
+      - action: deny
+        protocol: udp
+        source: any
+        destination: any
+        log: true
+      - action: permit
+        protocol: icmpv6
+        source: any
+        destination: any
+        icmp_type: 3
+        icmp_code: 4
+      - action: permit
+        protocol: icmpv6
+        source: any
+        destination: any
+        icmp_type: unreachable
+      - action: permit
+        protocol: ipv6
+        source: any
+        destination: any
+        dscp: 46
+        dscp_mask: 3
+      - action: permit
+        protocol: ipv6
+        source: any
+        destination: any
+        tracked: true
+        dscp: ef
+        hop_limit: 3
+        hop_limit_match: gt
+      - action: permit
+        protocol: ipv6
+        source: any
+        destination: any
+        nexthop_group: NH_TEST
+        hop_limit: 254
+      - action: permit
+        inner_vlan_number: 124
+        inner_vlan_mask: "0x001"
+        vlan_number: 235
+        vlan_mask: "0x1FF"
+        protocol: ipv6
+        source: any
+        destination: any
+      - action: permit
+        inner_vlan_number: 123
+        inner_vlan_mask: "0x000"
+        protocol: ipv6
+        source: any
+        destination: any
+      - action: permit
+        vlan_number: 234
+        vlan_mask: "0xFFF"
+        protocol: ipv6
+        source: any
+        destination: any
+      - action: permit
+        protocol: icmpv6
+        source: any
+        destination: any
+  - name: ACL_WITHOUT_ENTRIES
+    counters_per_entry: false
@@ -17,6 +17,7 @@
 - [ACL](#acl)
   - [Standard Access-lists](#standard-access-lists)
   - [Extended Access-lists](#extended-access-lists)
+  - [IPv6 Extended Access-lists](#ipv6-extended-access-lists)
 
 ## Management
 
@@ -400,3 +401,66 @@ ip access-list acl_qos_tc0_v4
 ip access-list acl_qos_tc5_v4
    10 permit ip any any dscp ef
 ```
+
+### IPv6 Extended Access-lists
+
+#### IPv6 Extended Access-lists Summary
+
+##### acl_qos_tc0_v6
+
+| Sequence | Action |
+| -------- | ------ |
+| 10 | permit ipv6 any any dscp cs1 |
+
+##### acl_qos_tc5_v6
+
+| Sequence | Action |
+| -------- | ------ |
+| 10 | permit ipv6 any 2001:db8::/48 |
+
+##### TEST1
+
+| Sequence | Action |
+| -------- | ------ |
+| 5 | deny ipv6 fe80::/64 any |
+| 10 | permit ipv6 fe90::/64 any |
+
+##### TEST2
+
+ACL has counting mode `counters per-entry` enabled!
+
+| Sequence | Action |
+| -------- | ------ |
+| 5 | permit ipv6 2001:db8::/64 any |
+| 10 | deny ipv6 2001:db8::/32 any |
+
+##### TEST3
+
+| Sequence | Action |
+| -------- | ------ |
+| 5 | deny ipv6 2001:db8:1000::/64 any |
+| 10 | permit ipv6 2001:db8::/32 any |
+
+#### IPv6 Extended Access-lists Device Configuration
+
+```eos
+!
+ipv6 access-list TEST1
+   5 deny ipv6 fe80::/64 any
+   10 permit ipv6 fe90::/64 any
+!
+ipv6 access-list TEST2
+   counters per-entry
+   5 permit ipv6 2001:db8::/64 any
+   10 deny ipv6 2001:db8::/32 any
+!
+ipv6 access-list TEST3
+   5 deny ipv6 2001:db8:1000::/64 any
+   10 permit ipv6 2001:db8::/32 any
+!
+ipv6 access-list acl_qos_tc0_v6
+   10 permit ipv6 any any dscp cs1
+!
+ipv6 access-list acl_qos_tc5_v6
+   10 permit ipv6 any 2001:db8::/48
+```
@@ -43,6 +43,25 @@ interface VLAN20
    ipv6 nd other-config-flag
    ipv6 nd prefix 2001:db8:20::/64 infinite infinite no-autoconfig
 !
+ipv6 access-list TEST1
+   5 deny ipv6 fe80::/64 any
+   10 permit ipv6 fe90::/64 any
+!
+ipv6 access-list TEST2
+   counters per-entry
+   5 permit ipv6 2001:db8::/64 any
+   10 deny ipv6 2001:db8::/32 any
+!
+ipv6 access-list TEST3
+   5 deny ipv6 2001:db8:1000::/64 any
+   10 permit ipv6 2001:db8::/32 any
+!
+ipv6 access-list acl_qos_tc0_v6
+   10 permit ipv6 any any dscp cs1
+!
+ipv6 access-list acl_qos_tc5_v6
+   10 permit ipv6 any 2001:db8::/48
+!
 ip access-list 4
    10 remark ACL to restrict access RFC1918 addresses
    20 deny ip 10.0.0.0/8 any