Spectrum analysis is a tool to analyze the RF environment for interference. For monitoring and troubleshooting of wireless networks, you must be aware of the RF environment in which the  APs operate.

This document describes the support for performing SSH authentication with X.509 certificates. Authentication to SSH can be completed using a number of different methods. Public key, password and keyboard interactive are supported in EOS. Certificate login is a type of public key authentication in which the public key does not have to be stored on the server. Instead trusted certificate authorities are installed. A presented certificate must be signed either directly or indirectly by one of these trusted certificate authorities to allow authentication to the device. Support for OpenSSH certificates (also known as SSH Certificates) was added in 4.22.1F.

This is an infrastructure that provides management of SSL certificates, keys and profiles. SSL/TLS is an application-layer protocol that provides secure transport between client and server through a combination of authentication, encryption and data integrity. SSL/TLS uses certificates and private-public key pairs to provide this security.

Stateful switchover is a redundancy mode available on systems with 2 supervisor cards. One supervisor card is active

TOI 4.20.6F

Static ARP inspection is a security feature that verifies the source IP and the source MAC addresses of each received

The Static Configuration Studio is used to manage static configuration for devices, provide configuration not created by any other studio, and reconcile differences between CloudVision’s designed configuration and device running configuration. Devices are assigned to containers using tags that can identify one or more devices by hostname, role, or location in the network. Each container has configlets of EOS configuration, which are pushed to the EOS devices.

This feature enables configuring static IPv4 routes that specify the next hop by using an IPv6 address instead of an

Static multicast feature brings in capability to statically configure multicast routes on any Arista platform

A number of L4 7 appliances use the same MAC address to load balance services across two or more appliances that form the

Packet counters for Static and Twice NAT connections are now supported on the DCS 7150 series. This is a debug

The existing storm control interface configuration mode CLI commands have been extended to support the new

A traffic storm is a flood of packets entering a network, resulting in excessive traffic and degraded performance.

This feature introduces a new type of action that can be created and configured under Provisioning > Actions. These actions automate the process of assigning values to inputs in a studio and allow users to input data that originates from outside a studio.

These updates improve the layout of the Studios landing page by emphasizing essential studios and structuring all other studios in a more comprehensive, user-friendly way.

This feature enables ACL functionality on subinterfaces. ACLs on subinterfaces are configured using the

TOI 4.17.0F

Subinterfaces are logical L3 interfaces that enable the division of a single Ethernet or Port channel interface into

The guaranteed bandwidth feature ensures minimum bandwidth for outgoing lower priority traffic from a

TOI 4.17.0F

This feature adds support for CPU traffic policy capable of matching and acting on IP traffic which would otherwise

Prior to 4.32.2F, the “reset system storage secure” CLI command can be used to perform a best-effort storage device wipe of all sensitive data. However, this command has the limitation that it wipes EOS from the storage device, leaving the system “stuck” in Aboot. The “reset system storage secure rollback” command provides the same secure erase functionality, but additionally allows the user to preserve a subset of files on the main flash device by copying them into RAM during the secure erase procedure. The set of files that are preserved is configurable. After a successful wipe, the system will return to EOS after the erase is complete if the EOS SWI image and adequate configuration files are preserved (such as boot-config and startup-config).

IS-IS SR Stateful Switchover (SSO) support allows for a switchover from an active supervisor to a standby supervisor where MPLS traffic remains undisrupted during switchover. This involves reconciliation of all Segment Routing related information in the network using IS-IS Graceful Restart procedures. And also installing the same in forwarding hardware in a manner that does not disrupt the ongoing traffic.

This feature enables the user to configure PBR policy on an interface in any VRF, to match and forward incoming packets

TOI 4.20.6F

In order to support PIM/IPv4 multicast routing on EOS switches with Broadcom Tomahawk4 ASICs, multicast support using ALPM is required. This works in both 3-level Algorithmic Longest Prefix Match (ALPM) capabilities and 2-level ALPM.

This document describes the availability of VLAN ingress and egress counters on R Series platforms. VLAN counters provide the ability to count packets and bytes ingressing or egressing a bridge domain (VLAN).

This feature enables the user to configure PBR policy on an interface in the default VRF to match and forward

TOI 4.17.0F PBR

This feature adds support for standard BGP GSHUT (0xFFFF0000) community. GSHUT community is the community used in

When configuring or modifying a RACL applied to a VLAN interface, the VLAN will be blocked while applying the updated

VXLAN tunneling requires that the switch where the tunnel terminates is configured with a VTEP that matches the configuration on the AP. CV-CUE now provides an easier way to match configurations on both AP and the switch. By having the same VXLAN configuration for access points (APs) and switches, you can aggregate all wireless traffic from the same VXLAN to a single wired destination for better traffic management and visibility.

As a result of upgrading the Debian distribution to Bookworm, the original Python CLI (based on python2) was removed, as the interaction with the DANZ Monitoring Fabric (DMF) and CCF is performed mainly from the Controller. However, several customer operations involve some of the commands used on the switch. These commands are implemented in the new CLI (based on python3) in Switchlight in the Bookworm Debian distribution.

For modular systems operating under the SSO redundancy policy, if  the system database agent (Sysdb) on the

With the 13.0 release, CloudVision Cognitive Unified Edge (CV-CUE) introduces system backup and restore capability. You can back up the entire system or only the configuration files, and restore them when needed.

Role based access control (RBAC) is an approach to regulating access to network resources based on the roles of

The tag matcher is a new simple input in Studios that allows you to specify a list of devices to be passed as the value for another input field. It is similar to the resolver input in that it allows users to specify a set of devices or interfaces using tag queries, but unlike the resolver, the tag matcher doesn’t require a member input to be configured.

In TAP Aggregation mode, when receiving a packet whose Frame Check Sequence (FCS) is corrupted, the default behavior

This article describes the Tap Aggregation MPLS Pop feature. The purpose of this feature is to support tools that do not parse MPLS labels and therefore need the switch to remove (pop) the MPLS header.

The traffic steering policies used in tap aggregation mode allow steering traffic from tap to tool ports using ‘set

This article describes a new TAP Aggregation TCAM profile and a corresponding enhancement to the TAP Aggregation

This article describes the Tap Aggregation Traffic Steering on MPLS Labels feature. The purpose of this feature is to

TOI 4.20.1F

This TOI briefs the commands related to the traffic steering policies used in Tap Aggregation. These commands

As of EOS 4.15.0F, there are two general enhancements to Tap Aggregation on the 7500E platform in 4.15.0F:

As of 4.15.0F, tap aggregation can be configured in conjunction with other switching and routing features.  This

The Tap Aggregation Manager (TAM) is a GUI front end for configuring and monitoring Tap Aggregation features of

This article describes the addition of a show command to display the mapping between tap and tool ports on a per

Media Access Control Security (MACsec) is an industry standard security technology that provides secure

This document describes the truncation capability for Tap Aggregation, which allows tapped traffic to be truncated to a smaller size before being transmitted.

With the 13.0 release, you can enable Target Wake Time(TWT) from CloudVision Cognitive Unified Edge (CV-CUE). TWT is one of the advanced features of Wi-Fi 6. It enables access points (AP) and stations (STAs) to negotiate schedules for active and sleep durations.

This article describes the TAP Aggregation User Defined Fields feature. The purpose of the User Defined

This feature adds support for viewing the Digital Optical Monitoring (DOM) parameters for the optics that support

As of EOS 4.15.2F, the support for the tuning of tunable DWDM 10G SFP+ transceivers (10GBASE DWDM) is added.

The BGP labeled unicast (LU) RFC is used to advertise BGP routes with a stack of MPLS labels, thereby allowing

TOI 4.20.1F

Trident2 is a Switch on Chip (SoC) single chip with support for up to 1280Gbps of forwarding capacity (oversubscribed