updates

cumulusAnia · cumulusAnia · commit 97d2e4726391 · 2026-01-28T09:34:37.000-08:00
diff --git a/content/cumulus-linux-516/Layer-1-and-Switch-Ports/802.1X-Interfaces.md b/content/cumulus-linux-516/Layer-1-and-Switch-Ports/802.1X-Interfaces.md
@@ -435,10 +435,10 @@ Edit the `/etc/hostapd.conf` file to set the `eap_send_identity` option to 0, th
 Enabling or disabling dynamic VLAN assignment restarts `hostapd`, which forces existing, authorized users to reauthenticate.
 {{%/notice%}}
 
-## Dynamic VRF Assignments
+## Dynamic VRF Assignment
 
 {{%notice note%}}
-Tx squelch control is a Beta feature.
+Dynamic VRF assignment is a Beta feature.
 {{%/notice%}}
 
 Dynamic VRF assignment on 802.1X enables layer 3 ports to be authenticated and assigned to VRFs dynamically. When you enable 802.1x on an interface, the switch blocks all traffic except supplicant EAPOL messages. When RADIUS authenticates a supplicant, Radius includes a <span class="a-tooltip">[VSA](## "Vendor Specific Attribute")</span> that contains the VRF. The `hostapd` service parses this VSA, performs some validation and assigns the interface to the VRF.
diff --git a/content/cumulus-linux-516/Network-Virtualization/Ethernet-Virtual-Private-Network-EVPN/_index.md b/content/cumulus-linux-516/Network-Virtualization/Ethernet-Virtual-Private-Network-EVPN/_index.md
@@ -27,8 +27,11 @@ Cumulus Linux fully supports EVPN as the control plane for VXLAN, including for
 - IPv6 tenant routing.
 - <span class="a-tooltip">[ECMP](## "Equal Cost Multi Path")</span> for overlay networks on NVIDIA Spectrum-A1 ASICs. ECMP occurs in the overlay when there are multiple next hops.
 - Head end replication is on by default.
-- EVPN VXLAN over an IPv6 underlay on switches with Spectrum-2 and later (Beta). The network fabric supports either an IPv4 or IPv6 underlay network but not both at the same time. MLAG, MAC mobility, and interoperability with an IPv4-based VTEP are not supported.
-
+- EVPN VXLAN over an IPv6 underlay on switches with Spectrum-2 and later. The network fabric supports either an IPv4 or IPv6 underlay network but not both at the same time. MLAG, MAC mobility, and interoperability with an IPv4-based VTEP are not supported.
+  {{%notice note%}}
+  EVPN VXLAN over an IPv6 underlay is a Beta feature.
+  {{%/notice%}}
+  
 Cumulus Linux supports the EVPN address family with both <span class="a-tooltip">[eBGP](## "external BGP")</span> and <span class="a-tooltip">[iBGP](## "internal BGP")</span> peering. If you configure underlay routing with eBGP, you can use the same eBGP session to carry EVPN routes. In a typical 2-tier Clos network where the leafs are VTEPs, if you use eBGP sessions between the leafs and spines for underlay routing, the same sessions exchange EVPN routes. The spine switches act as *route forwarders* and do not install any forwarding state as they are not VTEPs. When the switch exchanges EVPN routes over iBGP peering, you can use OSPF as the IGP or resolve next hops using iBGP.
 
 {{%notice note%}}
diff --git a/content/cumulus-linux-516/System-Configuration/Access-Control-Lists/Access-Control-List-Configuration.md b/content/cumulus-linux-516/System-Configuration/Access-Control-Lists/Access-Control-List-Configuration.md
@@ -1309,11 +1309,9 @@ Cumulus Linux supports ACL matches based on inner packet headers inside encapsul
 - You cannot match on both inner and outer packet headers in the same ACL.
 - You cannot combine a VLAN match with inner packet matches.
 - Inner packet matches support hardware forwarded packets only.
+- You can configure matches on inner packet headers with NVUE commmands only. 
 {{%/notice%}}
 
-{{< tabs "TabID1309 ">}}
-{{< tab "NVUE Commands ">}}
-
 You can use the following inner packet matching options:
 
 | Option | Description|
@@ -1340,28 +1338,6 @@ cumulus@switch:~$ nv set interface swp1 acl example3 inbound
 cumulus@switch:~$ nv config apply
 ```
 
-{{< /tab >}}
-{{< tab "iptables rule ">}}
-
-Create a rules file in the `/etc/cumulus/acl/policy.d` directory and add a rule under `[iptables]`. The following example creates an ACL permit rule for inbound packets on swp1 that matches the inner header DSCP value 10, source IP address 10.10.10.10, destination IP address 20.20.20.20, UDP source port 1000, and UDP destination port 2000.
-
-```
-cumulus@switch:~$ sudo nano /etc/cumulus/acl/policy.d/10-inner-header.rules
-[iptables]
-## ACL example3 in dir inbound on interface swp1 ##
-# rule-id #10:  #
--t mangle -A PREROUTING -i swp1 -m comment --comment rule_id:10,acl_name:example3,dir:inbound,interface_id:swp1 -s 10.10.10.10 -d 20.20.20.20 -p udp --sport 1000 --dport 2000 -m dscp --dscp 10 -m mark --mark 100 -j ACCEPT
-```
-
-Apply the rule:
-
-```
-cumulus@switch:~$ sudo cl-acltool -i
-```
-
-{{< /tab >}}
-{{< /tabs >}}
-
 {{%notice note%}}
 With inner IP matches configured, any IPv4 or IPv6 `deny all` or `permit all` ACL rule must include an inner IP match (Source IP ANY, Destination IP ANY, or both). If the rule does not include an inner IP match, the switch interprets it as an outer rule, and does not evaluate the inner match. For Example:
 
@@ -1381,11 +1357,9 @@ Cumulus Linux supports ACL rule matches based on the packet offset.
 - You can configure offset matches only for ACL type ipv4 and ipv6.
 - The Spectrum1 switch does not support matches based on the packet offset.
 - Matches based on the packet offset support hardware forwarded packets only.
+- You can configure matches based on the packet offset with NVUE commmands only. 
 {{%/notice%}}
 
-{{< tabs "TabID1368 ">}}
-{{< tab "NVUE Commands">}}
-
 You can use the following packet offset matching options:
 
 | Option | Description|
@@ -1425,28 +1399,6 @@ cumulus@switch:~$ nv config apply
 - An offset match in the egress direction might not work if matched data is overwritten.
 {{%/notice%}}
 
-{{< /tab >}}
-{{< tab "iptables rule ">}}
-
-Create a rules file in the `/etc/cumulus/acl/policy.d` directory and add a rule under `[iptables]`. The following example creates an ACL permit rule for inbound packets on swp1 that matches the first bytes of inner ipv4 header as 0x64.
-
-```
-cumulus@switch:~$ sudo nano /etc/cumulus/acl/policy.d/10-offset-header.rules
-[iptables]
-## ACL OFFSET in dir inbound on interface swp1 ##
-# rule-id #10:  #
--t mangle -A PREROUTING -i swp1 -m comment --comment rule_id:10,acl_name:OFFSET,dir:inbound,interface_id:swp1 -m u32 --u32 "0x00010022 & 0xFF00 = 0x1200  &&  0x00010036 & 0xFFFF = 0xabcd" -j ACCEPT
-```
-
-Apply the rule:
-
-```
-cumulus@switch:~$ sudo cl-acltool -i
-```
-
-{{< /tab >}}
-{{< /tabs >}}
-
 ## Example Configuration
 
 The following example shows how Cumulus Linux applies several different rules.
