• Author : Ziqian XU

 
 

AES-GCM Encryption of EOS Secret Configuration

Description Support for AES-GCM has been added as a method for storing symmetric secrets in EOS. This applies to secrets that must be used to remote systems, as found in NTP, TACACS+, and other places. Using this, the configuration can be secured since the secrets cannot be easily reversed or decrypted by copying the configuration out of the box. Platform Compatibility Configuring AES-GCM encrypted secrets works on all EOS platforms. Configuration Configure AES-256-GCM encrypted secret To configure AES-GCM encrypted secret on the switch, a new secret type “8a”, which stands for AES-256-GCM encryption type, has been introduced. Secrets can either...
Continue reading →

Dynamic ACL Rules

Description A dynamic ACL is dynamically created on a switch based on the contents of NAS-Filter-Rule AVP attributes sent from a RADIUS server. The attributes are included in an ACCESS-ACCEPT or a COA message sent from the RADIUS server during 802.1X/MAC authentication. The dynamic ACL filters traffic entering the switch from the authenticated client. NAS-Filter-Rule AVP in ACCESS-ACCEPT message is supported starting from EOS 4.23.2. NAS-Filter-Rule AVP in COA message is supported starting from EOS 4.24.3. Platform compatibility This is currently supported in all platforms that support 802.1X. Configuration The format of NAS-Filter-Rule Attribute Value Pairs (AVP) is the same...
Continue reading →

EAPI configurable in multiple VRFs

This feature allows eAPI to run in multiple non-default VRFs on the same physical router. In this way, users can configure Arista switch through eAPI from both default and management VRF. Platform compatibility This feature is supported on all platforms Configuration To run eAPI in more than one VRFs, from “management api http-commands” mode, you can enter each VRF mode by command “vrf <vrfName>”. In this submode, you can enable or disable eAPI running in each VRF, including the default VRF, by typing “[no|default] shutdown”. If no VRF is configured and eAPI is enabled then it will run in default VRF. Note: for backward compatibility, when...
Continue reading →

Config Checkpoint

  Config checkpoint mechanism provides a shortcut to copy the current running-config into a file stored in checkpoint directory. Checkpoint can be made specifically by the user or it will be generated automatically before session commit or configure replace. Checkpoint allows user to preserve a series of snapshots of running-config in the flash and reload later. It can be used as a backup to rollback to previous config, or it can be saved as a configuration template to be operated multiple time in the future. Platform compatibility Config checkpoint works on all EOS platforms. Configuration To make a checkpoint: Arista#configure...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: