This document describes the configuration and behavior of physical interfaces on the 7388-series switches and Linecards (LC)

802.1X is an IEEE standard protocol that prevents unauthorized devices from gaining access to the network.

AAA accounting records can be enabled for OpenConfig gNMI/gNOI RPCs. Accounting records can be logged to the TACACS+ server, RADIUS server, or to syslog.

This feature adds support for sending and receiving BGP IPv6 labeled-unicast routes with IPv4-mapped IPv6 next hops. With this feature enabled, when a BGP speaker receives a next hop with IPv4-mapped IPv6 address,

BGP Non Stop Forwarding (NSF) aims to minimize the traffic loss when the the following scenarios occur:

Cable diagnostics is a feature to detect faults with twisted pair copper cables and measure the cable length.

EOS supports the DHCP Relay feature, which relays DHCP Requests/Responses between DHCP clients and DHCP servers in different subnets. 

DHCPv6 Prefix Delegation support enables a DHCP relay agent to program routes for addresses assigned by a DHCP server. The assigned prefixes could either be DHCPv6 IA_PD prefix delegation addresses, or DHCPv6 IA_NA global /128 addresses.

DirectFlow runs alongside the existing layer 2/3 forwarding plane, enabling a network architecture that incorporates new capabilities, such as TAP aggregation and custom traffic engineering, alongside traditional forwarding models. DirectFlow allows users to define flows that consist of match conditions and actions to perform that are a superset of the OpenFlow 1.0 specification. DirectFlow does not require a controller or any third party integration as flows can be installed via the CLI.

Multiprotocol Label Switching (MPLS) is a networking process that replaces complete network addresses with shortest path labels for directing data packets to network nodes.

A variety of dynamic counter features, primarily configured by the [no] hardware counter feature [feature] CLI commands, may be enabled simultaneously. Compatibility of these features has been enhanced to allow for greater flexibility in simultaneously enabled counter features. 

Interfaceful IP-VRF to IP-VRF communication uses a pair of routes to distribute IP subnet information, rather than a single EVPN type-5 route. 

Forwarding destination prediction enables visibility into how a packet is forwarded through the switch, allowing you to determine which interfaces a packet would egress out of. Typical use cases include, but are not limited to, determining egress members for Port-Channels and ECMPs. Note that ECMPs and Port-Channels are essentially the same in terms of forwarding destinations.

Forwarding destination prediction enables visibility into how a packet is forwarded through the switch, allowing you to determine which interface(s) a packet would egress out of. This feature has been expanded upon with support for packets specified as a byte stream, allowing you to fully specify the packet.

Forwarding destination prediction enables visibility into how a packet is forwarded through the switch and allows

This feature introduces hardware forwarding support for IPv4 over IPv4 GRE tunnel interfaces on selected Arista

For network monitoring and troubleshooting flow related issues, it is desirable to know the path, latency, queue and congestion information for flows at different times. The inband telemetry feature(INT), based on Inband Flow Analyzer RFC draft -IFA 2.0, is used to gather per flow telemetry information like path, per hop latency and congestion. INT is supported for both IPv4 and IPv6 traffic. 

In a typical switch deployment, multiple ports can have the same configuration, such as description and access VLAN.

This feature allows the user to match the 20 bit IPV6 flow label using the Qos Policy Map and allows to classify the flow-label controlled traffic.

This feature provides support for packet and byte ingress counters for IPv6 multicast routes.

This feature will allow the user to select whether port mirror destinations of type GRE tunnel include the optional key field in the GRE header on certain platforms.

A L2 sub-interface is a logical bridging endpoint associated with traffic on an interface distinguished by 802.1Q tags, where each <interface, 802.1q tag> tuple is treated as a first class bridging interface. Like other types of interfaces, a L2 sub-interface is a normal bridging endpoint in the bridging domain.

LANZ adds support for configuring global thresholds for Ethernet ports on DCS 7020, DCS 7050TX, DCS 7050X2, DCS

LANZ is the EOS Latency and congestion ANalyZer. On DCS-7280, DCS-7020, DCS-7500 and DCS-7800 series, it allows monitoring congestion and transmit latencies on both front panel and CPU ports.

LDP per-neighbor authentication provides greater flexibility in the authentication of LDP routers in a network. Individual routers or groups of routers may be configured with different passwords to enhance security and to ensure certain routers do not exchange MPLS

This TOI describes the MAC limit per VLAN feature which can be used to limit the number of locally learned MACs per VLAN.

This document explains how to configure and deploy Arista MSS-FW with Palo Alto Networks firewalls and Panorama in a Layer 3 deployment with HA (High Availability) support. The Panorama management server can be deployed as either a virtual or a hardware appliance.

Media Access Control Security (MACSec) is an industry standard encryption mechanism that protects all traffic flowing on the Ethernet links. MACSec is based on IEEE 802.1X and IEEE 802.1AE standards.

MAC security uses MACsec Key Agreement ( MKA ) protocol for negotiation between peers using pre-shared key or 802.1X based CAK/CKN and eventually derives Secure Association Key ( SAK ).

Multiprotocol Label Switching (MPLS) is a networking process that replaces complete network addresses with short

The TCP MSS clamping feature involves clamping the maximum segment size (MSS) in the TCP header of TCP SYN packets if it exceeds the configured MSS ceiling limit for the interface. Clamping MSS value helps in avoiding IP fragmentation in tunnel scenarios by ensuring that MSS is small enough to accommodate the extra overhead of GRE and tunnel outer IP headers.

This command configures the default speed on all of the OSFP and QSFP-DD ports on a system. It can be applied on ports without any transceivers inserted.

IPv4 routes of certain prefix lengths can be optimized for enhanced route scale on 7500R, 7280R, 7500R2 and 7280R2

IPv4 routes of certain prefix lengths can be optimized for enhanced route scale using this feature. This feature is ideally suited to achieve route scale when route distribution has a large number of routes concentrated across the prefix-lengths 24, 23 and 22. EOS 4.27.2F offers 8-to-1 compression of routes as an enhancement.

This feature adds support for making the various OSPFv3 counters accessible via CLI.

This document describes a new CLI command to help debug how and why policy permits and denies paths. The aim of this CLI command is for the user to debug a route map or RCF function by specifying as input a prefix for which BGP has reachability for, either via a BGP peer or a redistribute source.

Policy based routing (PBR) is a feature that is applied on routable ports, to preferentially route packets.

Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion.
This document serves as a reference guide for

Routing Control Functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion. This document covers Configurations of a RCF function for BGP points of application, CLI show commands to provide visibility into operational status, and the protocol attributes supported for BGP points of application.

Routing control functions (RCF) is a language that can be used to express route filtering and attribute modification logic in a powerful and programmatic fashion. 

RSVP-TE, the Resource Reservation Protocol (RSVP) for Traffic Engineering (TE), is used to distribute MPLS labels for steering traffic and reserving bandwidth. The Label Edge Router (LER) feature implements the headend functionality, i.e., RSVP-TE tunnels can originate at an LER which can steer traffic into the tunnel.

This feature adds support for a selected set of configured interfaces to collect egress flow samples. Egress sFlow can be configured on ethernet and port-channel interfaces.

An L2 sub-interface is a logical bridging endpoint associated with traffic on an interface distinguished by 802.1Q tags, where each <interface, 802.1Q tag> tuple is treated as a first-class bridging interface. 

This TOI supplements the Ingress Traffic Policy applied on ingress interfaces. Please refer to that document for a description of Traffic Policies and field-sets. This TOI explains the Traffic Policies as applied in the egress direction on interfaces

Access Control Lists (ACL) use packet classification to mark certain packets going through the packet processor pipeline and then take configured action against them. Rules are defined based on various fields of packets and usually TCAM is used to match packets to rules.

Several customers have expressed interest in using IPv6 addresses for VxLAN underlay in their Data Centers (DC). Prior to 4.27.2F, only IPv4 addresses are supported for VxLAN underlay, i.e VTEPs are reachable via IPv4 addresses only. This feature enables a VTEP to send VxLAN Encapsulated packets using IPv6 underlay.

This feature introduces hardware forwarding support of IPv4 multicast traffic over IPv4 GRE tunnel interfaces in

This article describes the Tap Aggregation MAC Address Replacement feature. This feature provides the ability to configure user-specific values to replace the destination and source MAC addresses of packets forwarded by Tap Aggregation.

The Transceiver test pattern cli can be used to check the quality of the physical layer links starting or ending at a given module. This is done by transmitting or receiving a ‘test pattern’, a pseudo-random sequence of bits that two pieces of hardware can simultaneously generate.

Virtual Private LAN Service (VPLS) appears in (almost) all respects as an Ethernet type service to customers of a Service Provider (SP). A VPLS glues together several individual LANs across a packet switched network to appear and function as a single bridged LAN.